View of Identity Theft Protection Strategies: A Literature Review

(1)

1. Introduction

Identity Theft (IT) is on the rise and is perpetuated in many creative ways. This is so because of the increase reliance towards electronic transactions. As data gathering becomes more automated and ever-present, hacking incidence becomes more and more intense. Since the advent of electronic transactions, IT has become a significant problem in today’s modern society (Kristof, 2018; Portland State University, 2011).

Thieves use technology to steal personal data from someone else's data, such as name, age, birthday, social security number, etc. This personal information is very much available through social-media or other accounts where personal data are stored digitally. Today, computers and

smartphones synchronized many of users’

electronic accounts such as emails, bank, social media, and other

smartphones/computer applications. This volume of information in everyone’s smartphones makes it a very good target to

many IT attacks (Alsaleh et al. 2017).

Facebook, one of the most popular social media platforms, contains so much

information that it too, is subjected to many forms of ITs. Despite the awareness of the risk, many social media users such as in Facebook expose themselves to possible IT (Calbalhin, 2018). The benefit of using the social media and the internet has given rise to attacks on identity embezzlement.

Identity thieves utilized the data to purchase almost anything, acquire for a car loan, open a different bank account, and other crimes. The 2018 Identity Fraud Study released by Javelin Strategy & Research discovered that 16.7 million people in the U.S. were victims of IT in 2017, up from 15.4 million in 2016, with a total of $ 16.8 billion stolen. A press release from the PNP Anti-Cybercrime Group reported a total of 1,211 complaints from 2013-2015 on

cybercrime in the Philippines. There are 366 online victims of the scam, 240 online libel victims, and 129 victims of an online threat, Abstract: This paper examines the recent identity theft phenomenon in the world today with significant economic harm to victims. Identity-theft-based crimes are considered one of the most significant and growing problems of the last two decades. A systematic review of literature described identity theft in detail and issues and control strategies were presented. Types of online-identity theft which have economic risks include financial, insurance, medical, debit/credit card, e-commerce and IOT theft. Most

vulnerable to identity theft are the financially impulsive people. Identity theft is not only directed towards individuals but companies in forms of data leaks or hacking incidence with ASEAN region as the primary targets. Education and awareness is the best tool consumers need to protect themselves from identity theft and the consequences which includes financial difficulties, emotional/psychological and strong physical reactions among others.

Keywords: cyber-attack, phishing, hacking, cybercrime, ICT risks

Identity Theft Protection Strategies: A Literature Review

Ronel C. Labong

Department of Education, Samar Division, Philippines

(2)

127 victims of IT and 89 victims of video voyeurism (GMA News Online, 2015).

Information has become the life blood of many organizations. These organizations made it as essential part of the information system and its security should be strongly provided as their workers daily lives have become more dependent on computer systems (Atefeh Tajpour, 2015). Increasing volumes of confidential information, such as personal and financial data are usually stored electronically at locations that are accessible via electronic networks such as the Internet (Emigh et al., 2011) making it vulnerable to unauthorized access. Current email and web browser technology does not provide adequate information compromise defenses.

Technological advances made offenders often turn to new ways of accessing information and using it for financial gain or hiding their true identity (Portland State University, 2011). Together with the methods they developed, the competence level of professional ITs involved in organized crime continues to increase. From individualized phishing and vishing frauds to ever more successful state and corporate database hacks (Douglas, 2017). What are the many forms of ITs and how these attacks can be minimize or prevented is the main purpose of this literature review.

2. Objectives

This review of the literature focuses on understanding IT – its issues and control strategies. This study will reveal internet users ' global perceptions of IT and what are some of the effects to the victims. It will likewise aid as input for policy mindfulness and methods to security to avoid IT.

3. Methodology

To achieve the goal of answering research questions, the researchers have carried out the Systematic Literature Review (SLR) according to the guidelines published by Kitchenham and Charters (2007). The researchers solicited a thorough evaluation of the SLR by way of the planning, conduct, and reporting phases of the review.

3.1. Selection of Primary Studies

Primary studies were highlighted to select the publications or search engines using passing keywords to the search facility. The keywords were chosen to encourage the development of research to help answer the research questions. The Boolean operators used were restricted to AND and OR. The search strings were:

(”Identity Theft” OR “identity- theft”) AND “protection”

(”Identity Theft” OR “identity- theft”) AND (“cyber protection”

OR “cyber- protection”)

The free platforms searched were:

- Oxford Academic Journals - Google Scholar

- ERIC (Education Resources Information Center)

- JURN

The search results were conducted towards the title, search terms, and abstract, based onto the search channels where possible. The searches were carried out on 30 March 2019 and all studies published from 2008 to this date were reviewed by the author. The results of the searches were filtered through section 2 criteria for inclusion and exclusion, letting the

researcher generate many results that could

(3)

be conducted throughout the snowballing process as described by Wohlin (2014).

Iterations were carried out in the forward and backward snowballing until no further documents fulfilling the inclusion criteria were detected.

3.2. Criteria for Inclusion and Exclusion Inclusion studies in this SLR are required to report empirical findings and may be case studies papers. Papers must be written in English. Google Scholar's results will be checked for compliance with this, as Google Scholar may return papers of lower grade. This SLR will only be fed in the latest version of a study. Table 2 shows the critical criteria for inclusion and exclusion.

Table 1: Inclusion and Exclusion Criteria

Criteria for Inclusion Criteria for Exclusion The document must present

empirical evidence on protection and strategies related to IT.

Papers

concentrating on offline IT protection Preferably a peer-reviewed

article. Essays, commentary from authors who have track record/knowledgeable in the topic were considered.

Publication of authorities such as government agencies was also included.

News articles or blogs from authors who are not experts/

knowledgeable in the topics.

The paper includes articles starting from the year 2008 to present

Non-English language papers.

3.3. Selection Results

A total of 429 studies were identified against the selected platforms from the initial keyword searches. After removing duplicate studies, this was reduced to 121.

The number of papers left for reading after running the studies through the

inclusion/exclusion criteria was 53. The 53

papers were read in their entirety and the criteria for inclusion/exclusion were re- applied, leaving 29 articles. Forward and backward snowballing respectively identified an additional 3 and 5 papers, giving a final figure for the number of papers to be included as 37 in this SLR.

3.4. Quality Assessment

An evaluation of the determined quality of primary studies was conducted in accordance with the guidance provided by Kitchenham and Charters (2007). This enabled an assessment of the papers ' relevance to research questions, taking into account any signs of research bias and experimental data validity. The evaluation process was based on the Hosseini et al.

(2017) process.

3.5. Data Extraction

Figure 1 represents the number of papers shortlisted from initial search terms of each platform to the selection process of primary research studies at each stage of the process and the attrition rate of articles.

Figure 1: Attrition of Papers through Processing

(4)

All documents that passed quality evaluation had data obtained to evaluate the accuracy of the data to test the correct recording of the information provided in the papers. Before extending to include the full set of studies that passed the quality

evaluation phase, the data extraction method was tested on an initial five (5) studies.

3.6. Data Analysis

The researcher collected the information held in the qualitative and quantitative data classifications to meet the goal of answering the research questions.

Also, the researcher has initiated a meta- analysis of the documents subjected to the process of final data extraction.

In this method, in addition to extracting data to answer predefined

questions, a review protocol is developed to guide the search and selection of relevant studies. The scope of the review was limited to the 2008-2019 timeline as we believe this timeline provides a fair representation of existing identity fraud research. Electronic libraries have been selected as sources of data.

4. Results and Discussion

Theft of identities here refers to the misuse of any private information, such as identity-related information. Private details include a user name, a password, a currency identification, e.g., bank number, the SS number, number of driver's license, health information and private information such as mother’s name, birthday or place of birth.

(Emigh et al., 2011). Theft of identity takes place when someone illegally obtains personal information of someone else and uses it for stealing or fraud (Vasquez, nd).

Some of these crimes have long been undetected. In the past, IT was confined

merely to creating and maxing credit cards by the thefts that left you with a heap of debts you don't even know about. Criminals, however, have changed over the years (Testa, 2017).

In the Philippines, computer-related IT includes the intentional acquisition, use, misuse, transfer, possession, alteration or deletion of identifying information belonging to another, whether natural or juridical, without right (Congress of the Philippines, 2012). In this paper, it will focus more on the IT that resulted in economic effects on the victim.

4.1 Types and Outcomes of Identity Theft Stroup (2019) states that there are several types of IT exist. Knowing what to do when you're a victim of IT begins with knowing what kind of IT you're dealing with.

4.1.1 Financial Identity Theft

Theft of financial identity is the result of IT instead of a type of IT. The theft happens after the victim’s personal

information has already been accessed by a thief. When the fraudster has the victim’s data, it can now be used to open or assume control over a current account, and their definitive objective is to get paid by getting new credit in your name or siphoning cash out of the record (Siciliano, 2018).

4.1.2 Insurance Identity Theft

Insurance IT was identified as a

"new" form IT. Although the problem has always existed, it presents the victim with specific problems that need to be addressed independently of other IT types. All IT types have the potential (or even the likelihood) to bleed into other types. In general Theft of

(5)

Identity Insurance tends to be a concern when one is a victim of Theft of Medical Identity as well as Theft of Financial Identity.

4.1.3 Medical Identity Theft

The World Health Organization said that this is "the crime of information that would kill you." Not only is it the most dangerous form of IT, but also the most difficult to fix. In 2015, one in three Americans were affected by breaches of health care. The Department of Health and Human Services of the USA reported 253 breaches of health care that affected 500 or more people in 2015 with a combined loss of more than 112 million records (Fraud.org, nd).

4.1.4 Mail- Identity Theft

Theft of mail identity is among the oldest way of stealing a person's data by criminals. When your e-mail is taken, a thief might obtain your information about your banking account to create purchases or secure other credit cards. On your payments or bills, they might also alter your address.

In 2016, it established over 60,000 mail theft complaints resulting in excess of 2,000 convictions, based in the annual report of the U.S. Postal Service.

Electronic mail (Email) hacking may lead into leakage of the victims private information opening up other private information such as passwords and other personal data. Figure 2 shows an example of collecting private information through phishing. For an unsuspecting victim, the email requires immediate action (like

“verify now” or else your account will be closed or update or verify your password, etc.) that when the victim clicks it, access information is collected.

Figure 2: Email with intention to steal access information

In the same manner, data are also collected through downloading of games, applications or online quizzes such as those in Facebook (Calbalhin, 2018)

4.1.5 Debit or Credit Card Fraud

Debit or credit card fraud happens when someone makes a purchase using your credit card you have not authorized. In making illegal transactions, fraudsters can also take victims account number, Personal Identification Number, and security

passcode without your credit card. Illegal transactions such as these are known as fraud involving cards that are not present.

According to the Banko Sentral ng Pilipinas (nd), some card theft includes skimming, phishing, card replacement techniques, or physical theft of cards. The magnetic strips in electronic cards make copying easy, and from it, counterfeit cards

(6)

are used for a various illegal forms of transactions.

4.1. 6 E-commerce Fraud

E-commerce fraud happens once a criminal controls were stolen expense information or banking accounts that have been acquired fraudulently to try selling transactions lacking the knowledge of the account owner. According to Experian, e- commerce fraud augmented over 30% in the leading six months of 2017.

4.1.7 Internet of Things Identity Theft Internet of Things (IoT) IT happens when your cell phones or gadgets are paired using consumer products for example cars, heart monitors and Internet-connected household appliances, creating a chance for fraudsters to steal your information. These connected products can sometimes have security errors, creating weakness around the personal data of the victim that leads to IoT scheme.

According to Vasquez (nd), there are three common forms of IT in the

Philippines, which are fraudulent:

a. Debit/credit card fraud-which occurs via skimming when your information stored on a magnetic streak of your card is stolen if the card is swiped on a transaction. Once the thieves receive this information, a

counterfeit card with the information of the victim is reproduced and can be used for crime.

b. Internet Scams - One of the largest social media users in the world is the Philippines. This literally allows anyone to be anybody. Criminals can only offer monetary assistance by

creating a new count as sellers, purchasers, family members.

Anything can be done.

c. Electronic scams - Ever received an e-mail from a monetary institution or any other lawful company? This emails may include messages informing a receiver that their particular online account needs to be updated, so it is necessary to log into a realistic site. By logging in certain websites, personal data of the

recipient is now waiting for stealing.

Information such as birthdates, government numbers, contact information, etc. are just some examples of what the criminals seek.

4.2 Identity Theft Issues

Theft of identity is not just a personal matter. Big companies sometimes have infringements of data, meaning that client or consumer information is made public or stolen. IT may arise using information obtained from any of these infringements (Henshaw, 2019). The Global Risk Report of the World Economic Forum 2019 identified cyber-attacks as well as data leaks as the world's fourth and fifth most critical risks today (Lago, 2019). The

ASEAN region becomes a primary target for cyber-attacks because of its diverse role as among the fastest growing digital economies of the world. There were 900,000 customers of Philippine-based pawnshop Cebuana Lhuillier have been affected by such data leak on January 19, 2019, by Cebuana's marketing server in the Philippines. The figure shows only 3 percent of its total client base, according to the financial institution.

Figure 3 displays the number of global IT data breaches from the 1st quarter of 2013 to the 1st quarter of 2018. The

(7)

statistics portray a timetable of the number of global data breaches year 2013 to 2018 relative to cyber IT. Recently, the source stated 609 cyber IT occurrences worldwide (Statista, 2019).

Figure 3: Identity Theft Data Breaches Worldwide 2013-2018 (Statista, 2019)

Figure 4: Number of Data Breaches and Records Exposed from 2008-2017 (Source: IT Resource Center)

4.3 Cybercrime

Insurance Information Institute, Inc.

(2019) highlight that cyber insurance and cyber risk interests continue to increase resulting of high-profile data breaches as well as knowledge of the nearly endless scope of exposures that businesses are facing. Through November 2018, marketing firm Exactis exposed 340 million of records

in June; Under Armour exposed 150 million;

genealogy firm MyHeritage, exposed 92 million; and Facebook records of 87 million records. In 2017, Equifax, the largest U.S.

credit office, experienced a breach which exposed 145 million people's personal data, including numbers of social security.

Because of the number of confidential information stolen, it became one of the worst breaches on the record.

The charges of unlawful cybercrime are fast growing. The average cost of a data breach globally was $3.86 million in 2018, up 6.4 percent from $3.62 million in 2017, according to a study from IBM and the Ponemon Institute. Meanwhile, some studies in the Philippines estimate loss from fraud credit card payments or transactions alone increased to Php 506 million in 2016, while online scam incidents reached more than 500 (Dulay, 2018).

Figure 5: Cybercrime Complaints from 2013- 2017 (Source: ICCC, 2017)

As shown in Figure 5, around 301,580 complaints were received and processed by the Internet Crime Complaint Center (ICCC) in 2017 alone. Most of the victims are older than 20 years (96.12%), around 21.18% was over 60 years old, the highest percentage by age bracket. In the last five years, a total of about 4 million

(8)

complaints were recorded or around 284,000 complaints per month or over 800 daily on average. Losses from victims amounted to

$1.42 billion. The most common complaints received in 2017 were non-payment or non- delivery of goods or services, affecting approximately 84,000 victims. Top 10 foreign countries (excluding USA) by number of victims include Canada, India, UK, Australia, Mexico, Russian Federation, Brazil, Germany, Philippines and Japan (ICCC, 2018).

In a literature review conducted by the ITRC (2018) revealed that victims’

actions following IT included (a) selling possessions to pay for expenses and closing financial and online accounts; (b) will continue to experience significant ways to which victims are impacted financially; (c) victims relationships with others are also affected; (d) will experience severe distress due to attempted use and misuse of personal information; (e) feel strong emotions as a result of their victimization such as feeling betrayed, violated, suicidal and embarrassed;

(f) strong physical reactions such as inability to concentrate, and relapse into unhealthy or addictive behaviours; (g) the need to clear up their issues and not yet resolved; (h) and have felt paranoid about themselves being attacked again such as locking mailboxes, regular checking of credit reports, auto delete spam mails without checking, and avoiding use of public Wi-Fi.

Table 2 shows that nearly 60 million Americans were affected by IT in the last six years. Identity fraud victims have increased by about 8% rising to almost 17 million in 2017. Fraudster adapted to net 1.3 million more victims in 2017 stealing about 17 billion US consumers. The same research by Javelin (2018) reported that about 6.64% of consumers became victims of identity fraud in 2017. It was also noted that online

shopping presents the greatest fraud risk with 81% more prevalent than point-of-sale fraud. More than ever, fraudsters are getting more sophisticated using stealthier and more complex monetization schemes (ibid).

Fraudsters are blurring lines between frauds types with 1.5 million victims of existing account fraud also had a fraudulent

intermediary account opened in their name (ibid).

Table 2: Number of Victims of Identity Theft and Quantity Stolen

Year

Entities Impacted (millions)

Quantity stolen (billions)

2017 16.7 $ 16.8

2016 15.4 $ 16.2

2015 13.1 $ 15.5

2014 12.7 $ 16.4

2013 13.1 $ 19.3

2012 12.6 $ 22.1

(Source: Javelin Strategy & Research, 2018)

Financial gains (in various forms) are one of the most obvious reasons for IT (Henshaw, 2019). One might discover their bank balances drained, or bank cards run up or left the victim huge debts and his/her credit rating ruined. This may further result ainto the victim finding it hard to qualify for contracts, mortgages, loans, and new credit cards. Still, there can be different results.

Now and then, especially in the US, hoodlums have assumed the personality of an honest individual and proceeded to perpetrate violations that the guiltless individual has then cbeen captured tfor.

Results may likewise be an issue of

notoriety, especially on the off chance that somebody has assumed control over your email records or online networking accounts and posted things in your name.

(9)

The results of data fraud can take months or even a long time to reveal and deal with, and demonstrating your innocence (and credit report) totally may not be

conceivable.

4.4 Identity Theft Awareness

Theft of identities involves at least two victims: the person whose identity is taken and the financial institution conned by the use of the stolen identity of the victim.

A vital component of a national strategy is a sustained and comprehensive national public awareness program that centers on averting IT along with reporting and responding to incidents when they occur. The optimum tactic to combat IT is for individuals, public agencies, and private enterprise to safeguard personal information to prevent IT from occurring in the first place. To that end, safeguarding personal information should be everyone’s highest priority. Doing everything in one’s own power to prevent information from being taken by identity thieves as it flows through the various information channels is the most effective safeguard people and organizations can take in the face of such a serious threat.

Yet prevention is only a single-dimension approach to stemming the tide of IT. Even with robust preventive measures and

increased public awareness in place, identity thieves are resourceful and are able to shift tactics quickly; therefore, a corresponding reporting and response portion of the awareness program to inform the public of how the crime occurs must also be created and distributed. An awareness program of this magnitude and importance requires an imaginative, innovative, and widely

disseminated series of messages that prompt citizens to protect their identity and report incidents if they occur.

4.5 Prevention Strategies

To develop strategies to prevent IT, it is important to understand how and why people are being victimized. Reisig et al., (2009) analyzed whether consumers, who were perceived as socially vulnerable, such as lower socioeconomic status (SES)

consumers and financially impulsive people, were more at-risk for IT than others. They found people with lower SES used more caution and spent less time on the internet, which contributed to decreased risk for IT.

By contrast, financially impulsive users had higher rates of victimization, possibly due to their inability to constrain their online behaviors (Reisig et al., 2009). One might conclude exercising restraint in the number of internet purchases one make could reduce IT.

Wang et al. (2008) say educating the public is an effective way to prevent identity exposure and subsequent theft. Informed consumers may be more motivated to

protect their personal information. They also advise avoiding providing personal

information to strangers through phone or via email, having a separate bank account with a low credit limit for online

transactions, and immediately informing the police and the credit agencies when

victimized by IT.

As the studies demonstrate, to prevent IT, it is recommended individuals take proactive stances with their personal information and business transactions. Smart identification cards can assist in protecting personal data, but this is only part of the solution. It is suggested individuals need to be aware of how they conduct business and dispose of or share personal information.

The articles suggest prevention can be as simple as taking protective measures when

(10)

making transactions or as complex as the use of biometric identification.

5. Conclusion and Recommendation With increased online transactions and activities like online shopping, social media interaction, and the general use of the internet as common day-to-day activities, a new global lifestyle has emerged. Offenders, including identity thieves, have adapted to this new lifestyle by developing innovative methods of committing crimes. Offenders are not only interested in financial gains, but also means of hiding their identities in order to evade the law, participate in federally funded social programs, obtain work permits, or participate in terrorist plots. The challenge in preventing such crimes is in the high costs of researching and apprehending offenders at a time when budget cuts are commonplace. The problems are made even more difficult because victims often do not realize they have been victimized until months, or even years after the crimes have been committed.

Recommended manner to reduce number of victims and intensity of impact of IT is improved awareness everything about cybercrimes. Other methods for decreasing IT include the discontinuation of social security numbers as a means of

identification and the education of businesses better to secure the personal information of their customers. More costly prevention methods include the use of biometrics (body measurement and monitoring) as a means of identifying the individual who is using personal

information. As new technologies emerge and become more viable options for everyone, the use of biometrics or other similar technologies could play major roles in the reduction of IT. In the meantime, it is up to every person, business (public or

private), and government entity to be vigilant on protecting personal information by decreasing its availability and

accessibility.

6. Bibliography

Alsaleh, M., Alomar, N., & Alarifi, A. (2017).

Smartphone Users: Understanding How Security Mechanisms are Perceived and New Persuasive Methods. Plos One, 12(3).

https://www.ncbi.nlm.nih.gov/pmc/articles/

PMC5352308/ Accessed May 5, 2019.

Anderson, KB., Durbin, E. & Salinger, MA.

(2008). Identity Theft. Journal of Economic Perspectives, 22 (2)

Banko Sentral ng Pilipinas (nd). Facts About Credit Card Frauds & Scams, Series 4.

http://bsp.gov.ph/downloads/primers/CCS4 .pdf Accessed May 3, 2019

Calbalhin, JP. (2018). Facebool User’s Data Security and Awareness: A Literature Review. Journal of Academic Research, 3(2).

http://ojs.ssu.edu.ph/index.php/JAR/article/

view/214/129 Accessed May 3, 2019

Cassim, F. (2015). Protecting personal information in the era of Identity Theft:

Just how Safe is our Personal Information from Identity Thieves?. PER:

Potchefstroomse Elektroniese Regsblad, 18(2),

https://dx.doi.org/10.4314/PELJ.V18I2.02 Accessed March 30, 2019.

Chad A., Conan A., Shay T. (2011). How to Protect and Minimize Consumer Risk to Identity Theft, Journal of Financial Crime, 18(4).

https://doi.org/10.1108/1359079111117372 2 Accessed March 30, 2019.

Congress of the Philippines (2012). Cybercrime Prevention Act of 2012 or RA No 10175.

https://www.lawphil.net/statutes/repacts/ra

(11)

2012/ra_10175_2012.html Accessed May 13, 2019

Douglas, R. (2017). Identity Theft Victim Statistics.

http://www.identitytheft.info/victims.aspx.

Accessed March 30, 2019.

Dulay, D. (2018). Cyber Fraud Threatens Integrity of PH Banking System.

https://www.manilatimes.net/cyber-fraud- threatens-integrity-ph-banking-

system/375918/. Accessed March 30, 2019.

Emigh, Aaron T., & Roskind, James A. (2011).

Identity Theft Countermeasures. United States Patent. US 7,971,246 B1.

Finklea, Kristin M. (2014). Identity Theft:

Trends and Issues.

https://fas.org/sgp/crs/misc/R40599.pdf.

Fraud.org (nd). National Consumers League.

Medical ID theft.

https://www.fraud.org/medical_id_theft.

Funcion, Devine Grace D. (2017). Content Analysis of Online Documents on Identity Theft Using Latent Dirichlet Allocation Algorithm. Journal of Science, Engineering and Technology, 5.

GMA News Online. (2015). Top 5 Cybercrimes Complaints in the Philippines According to PNP.

https://www.gmanetwork.com/news/scitech /technology/534597/top-5-cybercrimes- complaints-in-the-philippines-according-to- pnp/story/. Accessed March 30, 2019.

Henshaw, S. (2019). Identity Theft Statistics:

UK & Worldwide Cyber Crime by the Numbers.

https://www.tigermobiles.com/faq/identity- theft-statistics/. Accessed March 30, 2019.

Hosseini, S., et. Al. (2017). “A Systematic Literature Review and Meta-Analysis on

Cross Project Defect Prediction,” IEEE Transactions on Software Engineering.

ICCC (2018). 2017 Internet Crime Report.

Internet Crime Complaint Center, Federal Bureau of Investigation.

https://pdf.ic3.gov/2017_IC3Report.pdf Accessed March 30, 2019.

Insurance Information Institute, Inc. (2019).

Facts + Statistics: Identity Theft and cybercrime. https://www.iii.org/fact- statistic/facts-statistics-identity-theft-and- cybercrime. Accessed March 30, 2019.

ITRC (2018). Identity Theft: The Aftermath 2017. Identity Theft Resource Center.

https://www.ncjrs.gov/pdffiles1/nij/grants/2 10459.pdf . Accessed March 30, 2019

Javelin Strategy & Research (2018). 2018 Identity Fraud Study.

https://www.javelinstrategy.com/coverage- area/2018-identity-fraud-fraud-enters-new- era-complexity Accessed March 30, 2019.

Kitchenham, B., & Charters, S. (2007)

“Guidelines for Performing Systematic Literature Reviews in Software

Engineering,” Engineering, 2.

Kristof, K. (2018). Identity Theft has Never Been More Rampant. CBS News.

https://www.cbsnews.com/news/identity- theft-hits-record-high/ on May 5, 2019

Lago, C. (2019). The Biggest Data Breaches in the ASEAN Region.

https://www.cio.com/article/3293060/the- biggest-data-breaches-in-the-asean- region.html. Accessed March 30, 2019.

Moir, Iain & Weir, George. (2008). Identity Theft: A Study in Contact Centres.

10.1007/978-3-540-69403-8_3.

Portland State University. (2011). Criminology and Criminal Justice Senior Capstone,

"Prevention of Identity Theft: A Review of the Literature". Criminology and Criminal Justice Senior Capstone Project. Paper 10.

(12)

P.J. Taylor, T. Dargahi, A. Dehghantanha, R.M.

Parizi, K.-K.R. Choo. (2019). A Systematic Literature Review of Blockchain Cyber Security, Digital Communications and Networks, doi:

https://doi.org/10.1016/j.dcan.2019.01.005.

Reisig, M. D., Pratt, T. C., & Holtfreter, K.

(2009). Perceived Risk of Internet Theft Victimization: Examining the Effects of Social Vulnerability and Financial

Impulsivity. Criminal Justice and Behavior, 36(4).

Shah, M.H., Ahmed, D.E., & Soomro, M.Z.

(2016). Investigating the Identity Theft Prevention Strategies in M-Commerce.

International Conferences ITS, ICEduTech and STE. ISBN: 978-989-8533-58-6.

Siciliano, R. (2018). Financial Identity Theft.

https://www.thebalance.com/financial- identity-theft-what-is-it-3577289. Accessed March 30, 2019.

Soomro, Zahoor Ahmed, Ahmed, Javed, Shah, Mahmood Hussain and Khoumbati, Khalil (2019) Investigating Identity Fraud Management Practices in E-tail sector: A Systematic Review. Journal of Enterprise Information Management, 32 (2).

Statista (2019). Number of Global Data

Breaches Pertaining to Identity Theft from First Half 2013 to First Half 2018. Identity Theft Data Breaches Worldwide 2013- 2018.

https://www.statista.com/statistics/215794/i dentity-theft-data-breaches-worldwide/

Stroup, J. (2019). The Many Different Types of Identity Theft.

https://www.thebalance.com/the-8-types- of-identity-theft-1947176. Accessed March 30, 2019.

Sun, Y., Zhang, J., Xiong, Y., & Zhu, G. (2014).

Data Security and Privacy in Cloud

Computing. International Journal of Distributed Sensor Networks.

https://doi.org/10.1155/2014/190903

Tajpour, Atefeh. (2013). Identity Theft and Fraud Type. International Journal of Information Processing and Management (IJIPM).

Taylor, P., Dargahi, T., Dehghantanha, A., Parizi, R., Choo, KKR. (2019). A Systematic Literature Review of Blockchain Cyber Security. Digital Communications and Networks.

Testa, D. (2017). Identity Theft Cases In The Philippines On The Rise – Protect Yourself.

https://www.ecomparemo.com/info/identity -theft-cases-in-the-philippines-on-the-rise- protect-yourself/. Accessed March 30, 2019.

Vasquez, B. (nd). Identity Theft: Knowing More About It and How Not To Be A Victim.

https://careersph.sykes.com/Articles/Previe w/9. Accessed March 30, 2019.

Wang, W., Yuan, Y., & Archer, N. (2008). A Contextual Framework for Combating Identity Theft. IEEE Security & Privacy.

Wohlin, C. (2014). “Guidelines for Snowballing in Systematic Literature Studies and a Replication in Software Engineering,”

Proc. 18th Int. Conf. Eval. Assess. Softw.

Eng. - EASE ’14.