Identity theft defeats credit card authorization

Article by: Alisdair Faulkner, VP Products
Date: 29 May 2008
Last Update: 30th April 2008

Identity theft is the deliberate theft of an individual's personal information to impersonate that person in a legal or financial sense. Stealing someone's identity enables a fraudster to make financial and personal transactions in someone else's name, leaving the victim, their bank, their credit provider or a defrauded merchant responsible for the results.


The most common uses of stolen identities are credit card fraud, communications services fraud, bank fraud and loan fraud. For years, the primary method of identity theft has been good old-fashioned or low-tech analog crime – rummaging though mailboxes, snatching purses or searching the garbage for discarded bank statements or credit card receipts.

Now email phishing attacks, keystroke logging malware and botnet proxies are the methods of choice for financial identity theft via the Internet. Statistics on identity theft vary wildly, and can be quite unbelievable – one web site reported more than 42 billion people have been victims – seven times the planet's population! Nevertheless the US Federal Trade Commission (FTC) reports that close to 27 million people in the USA have been victims of identity theft over the last five years, of which approximately 30% occurs via the Internet. Moreover, about 30% of the victims discover the theft by missing money or unknown account charges.

Common e-commerce security techniques that rely on credit card identity verification techniques are therefore unreliable where identity theft has occurred. Combining identity theft with sophisticated botnet proxy technology, fraudsters can successfully circumvent today's fraud scrubbing methodologies to make fraudulent transactions appear legitimate. Effective fraud control requires the use of unique device intelligence data, and true IP and device fingerprinting to identify transaction anomalies.