According to Smith (2005), customer loyalty, a key element of customer relation management, is a instrument used by organizations to be profitable online. But today, it is under attacks of the constantly growing number of identity thieves. Over the past several years, identity theft has stolen over 35 billion dollars from US consumers and businesses.
According to the official statistics, the number of victims of stolen personal information is gradually decreasing, and by 2010 it has fallen by 28% making 8.1 million people, which is about 3 million less than in 2009 (Gates, 2010; The Scope of Online Identity Theft, 2009). According to Javelin Strategy’s study “2011 Identity Fraud Survey Report”, a total “revenue” of hacker thieves last year was 37 billion dollars, which is 19 billion less than in 2009. And the 2010 “revenue” is the lowest over the past eight years (Gates, 2010). But meanwhile, victims themselves have lost more money than in previous years, because hackers changed the strategy using more severe and threatening methods of attacking the accounts (Smith, 2005).
In his research, Smith (2005) marks that instead of simply stealing credit card numbers and making a one-time operation, the criminals create new accounts for processing loans, credit cards and other services, and this type of fraud is much more expensive and harder to detect. Statistics shows that over the last year the so-called average loss of users, implying, besides direct losses, the damage from transactions with legal payments conducted by hackers, increased by 63% (Gates, 2005). In the same year, the losses, which amounted 387 dollars per one case in 2009, rose to 631 dollars. Due to the use of new methods of stealing data from user accounts the hackers got a total of 17 billion dollars. At the same time, credit cards attacks have become much less profitable for Internet thieves: last year they “earned” 14 billion dollars this way, whereas in 2009 they managed to steal 23 billion dollars (Gates, 2010; The Scope of Online Identity Theft, 2009).
Smith (2005) stresses that identity theft threatens everyone from consumers to businesses, including government institutions. In his study, using conceptual modeling and a range of statistical methods, like factor analysis and principal-components analysis, a number of hypotheses were checked on a sample of 107 working specialists in the metropolitan area of Pittsburgh, PA. There were the following six independent variable theories in order of increasing variance: Employment Experience, Anti-Virus Protection, Poor Experiences, Security Priorities, Online Invasion and Passwords and Security. The results show that separate customers should bear the most of the responsibility to work out prevention techniques when fighting against identity thieves.
In addition, according to the survey, with the growth of retail sales decline is observed in the level of criminal activities on the Internet (Smith, 2005). When these sales fall, the fraud level grows. Nowadays, experts attribute this fact to the influence of the economic crisis, since it is this negative phenomenon, in their opinion, that stimulates speculators to the theft of personal information (Gates, 2010).
In our opinion, identity theft is really a big problem, but the extent of its significance is still debated among experts. Despite the serious crimes committed in recent years, many other experts point out that the true identity thefts do not occur very often. For instance, a study conducted by the U.S. Department of Justice, showed that such crimes have affected about 3.6 million American citizens, which is about one-third of the number marked by previous studies (11 million Americans, according Javelin Strategy & Research) (The Scope of Online Identity Theft, 2009).
It is also believed that the theft of personal data always has to do with illegal financial operations on credit cards registered for payments in e-commerce. However, it is not the whole truth, though credit cards are really put in the first place on the threat list. According to the Federal Trade Commission, criminals also use stolen information to find a job, buy drugs at a nominal recipe, go through medical procedures and even to avoid punishment for crime (White, 2008). Criminals sometimes do not even need a credit data, but just the social insurance card number, which is not always marked in e-commerce services, so has no relation to customer loyalty to these services.
Still, one cannot help agreeing that the main channels of personal data leakage are the Internet and mobile media. This channel includes all the leakage through the file storage on web sites (e.g. in case of tampering or inadvertent public access), email, ICQ, etc. However, compared to last year, the share of leakage through the web declined from 25% to 21%. The second channel involves leakage, associated with loss or theft of mobile computers or external storage media, such as flash drives, CD/DVD drives, hard drives, etc. The cumulative percentage of leakage through this channel also decreased – from 39% to 25% in the previous year, which is quite significant (The Scope of Online Identity Theft, 2009).
In addition, the most popular channels of leaks are archival media, paper documents, as well as, if not strange, the ordinary desktop computers, which are often stolen along with valuable data. Not the last channel of theft includes cases where the authorized employee steals confidential information bringing it in his/her own head (The Scope of Online Identity Theft, 2009). And at last, nowadays, the Internet often appears as a channel for accidental leakage of information, rather than deliberate one, which makes us think, that the issues of security deservedly stand in the first place in the contemporary records management.
In general, the number of personal data of citizens of developed countries, which is in circulation on the black market, is comparable to the total population in these countries (The Scope of Online Identity Theft, 2009). The probability to suffer from such a leak is high enough for every resident, whether one uses e-commerce service or not. No guarantee of personal data confidentiality is possible. However, there are good practices to combat the effects of leakage, to minimize the damage from them.
In our opinion, compulsory encryption of mobile carriers can protect from both types of leaks. While the main channels of leaks are the Internet and mobile carriers, both channels can be successfully blocked by existing DLP-solutions (White, 2008). The first of them is the introduction of filtering of outgoing traffic at the Internet gateway, and the second is the introduction of controls over connecting external devices and compulsory encryption of mobile carriers and laptops in case of their theft or loss. State regulation in this area is on the way of combating the effects of leakage. The main method is informing potential victims and introducing financial monitoring for them.