Center Project Reports

2018 ITAP Report

Published on Aug 8, 2018
Download Report as PDF

The Identity Threat Assessment and Prediction (ITAP) model provides unique, research-based insights into the habits and methods of identity threats, and to the various factors associated with higher levels of risk for PII compromise and abuse. ITAP uncovers the identity attributes most vulnerable to theft, assesses their importance, and determines the personally identifiable information (PII) most frequently targeted by thieves and fraudsters.

Understanding Victim-enabled Identity Theft: Perpetrator and Victim Perspectives

Author(s): David Lacey , K. Suzanne Barber, James Zaiss
Published on May 4, 2018
Download Report as PDF

Victim-enabled identity theft is a crime in which an individual victim is deceived into providing their personally identifying information (PII) to a criminal to facilitate its theft and/or misuse.  In this paper we analyze a particular victim-enabled tax-related identity theft scheme recently reported in Australia, which has also been reported, in a slightly different guise, in the US.  We find that this scheme, and others like it, are best understood when studied from both the perpetrator’s and the victim’s points of view.  The criminal perspective and business practices have been captured and analyzed in the Identity Threat Assessment and Prediction (ITAP) model developed by the Center for Identity at The University of Texas (UT CID).  The victim perspective has been captured from multiple victim case files captured by IDCARE. The research findings support the view that combining perspectives enhances the analytical value of a threat assessment and prediction model. The multi-actor nature of victim-enabled identity theft complements the methodological approach adopted in the paper, and provides new insights on a growing form of identity theft that can inform future prevention and detection response strategies. 

Consumer Attitudes About Biometric Authentication

Author(s): Rachel German, K. Suzanne Barber
Published on May 1, 2018
Download Report as PDF

Less than a decade ago, consumers largely viewed biometric applications as clandestine extensions of government and law enforcement. Business initiatives relying on biometric applications once failed across market sectors, for a variety of reasons, but that trend appears to be changing as younger consumer generations are now surrounded by smartphones, selfies, mobile payments, and wearables. The advantages of using biometrics for authentication and verification of identity, such as stability and uniqueness, make it a promising avenue for the marketplace. However, consumers overall have still been slow to embrace the widespread use of biometric technology.

Researchers have cited several reasons for reluctance to use biometric authentication technology, including lack of confidence in their reliability (for organizations) and user apprehension. These user concerns could inhibit the mass acceptance of biometric authentication and lead to lack of trust in business applications utilizing biometrics for authenticating clients and customers. This report presents the findings from a survey of 1000 respondents about their familiarity and comfort with biometric authentication. 
We examine the trend of consumer biometric acceptance and adoption and analyze the factors affecting consumer comfort with biometrics.

Current Biometric Adoption and Trends

Author(s): Rachel German, K. Suzanne Barber
Published on May 1, 2018
Download Report as PDF

In today’s technology-driven marketplace, staying aware of the latest trends in identity authentication is essential. Customers can be courted with convenient and trusted identity verification procedures or driven away by burdensome and unreliable systems. Confidence in the identity of your users is not only a best business practice, but a legal requirement in many cases. In order to both protect customers’ data and provide them with a streamlined experience, companies must carefully consider all of the authentication options available to them. The following trends in biometric adoption can help a business to gain insights into emerging usage and acceptance rates of biometrics across a wide range of applications and markets.

A Study of Web Privacy Policies Across Industries

Author(s): Razieh Nokhbeh Zaeem, K. Suzanne Barber
Published on Apr 13, 2018
Download Report as PDF

Today, more than ever, companies collect their customers’ Personally Identifiable Information (PII) over the Internet. The alarming rate of PII misuse drives the need for improving companies’ privacy practices. We thoroughly study privacy policies of 600 companies (10% of all listings on NYSE, Nasdaq, and AMEX stock markets) across industries and investigate ten different privacy pertinent factors in them. The study reveals interesting trends: for example, more than 30% of the companies still lack privacy policies, and the rest tend to collect users’ information but claim to use it only for the intended purpose. Furthermore, almost one out of every two companies provides the collected information to law enforcement without asking for a warrant or subpoena. We found that the majority of the companies do not collect children’s PII, one out of every three companies let users correct their PII but do not allow complete deletion, and the majority post new policies online and expect the user to check the privacy policy frequently. The findings of this study can help companies improve their privacy policies, enable lawmakers to create better regulations and evaluate their effectiveness, and finally educate users with respect to the current state of privacy practices in an industry.

2017 ITAP Report

Author(s): The Center for Identity
Published on Apr 20, 2017
Download Report as PDF

The Identity Threat Assessment and Prediction (ITAP) model provides unique, research-based insights into the habits and methods of identity threats, and to the various factors associated with higher levels of risk for PII compromise and abuse. ITAP uncovers the identity attributes most vulnerable to theft, assesses their importance, and determines the personally identifiable information (PII) most frequently targeted by thieves and fraudsters.

An Empirical Study of the Level Of Agreement Between Social Media Users' Perceived and Actual Privacy Settings

Author(s): Randolph G Bias
Published on Nov 1, 2016
Download Report as PDF

Motivated by popular press and research literature assertions about social media applications’ intentional or unintentional obfuscation of their privacy settings, we intended to investigate empirically the level of match between users’ actual and perceived privacy settings.  In our study 1, a crowd-sourced survey asked 700 people about their use of five social media applications (Facebook, Twitter, Google+, Instagram, and Pinterest).  Respondents claimed to affect their privacy settings on most of these “occasionally.”  Except for in Pinterest, the privacy settings for which people tended not to change, respondents were confident they knew where the privacy settings were (between 76% and 87% saying they were “confident” or “strongly confident”), and confident that their own settings matched their intentions (with between 68% and 81% saying they were “confident” or “strongly confident”). 

Modelling and Analysis of Identity Personally Identifiable Information and Human Values in Patient Portals: A Systematic Review of Older Adult-Oriented Studies

Author(s): Kenneth R. Fleischmann,
Published on Sep 6, 2016
Download Report as PDF

This paper reports preliminary findings from a systematic literature review on patient portals, focusing on the values invoked in those papers. We used content analysis to identify values, building on an earlier thematic analysis of a related (but distinct) corpus. We found that each of the 52 articles in the corpus included invocations of at least one value, with security being the most frequently invoked value and confidentiality being the least frequently invoked value. We discuss the implications and future directions.

“Your privacy is very important to us” - Mobile Ventures’ Identity and Privacy Management

Author(s): Wenhong Chen
Published on Aug 15, 2016
Download Report as PDF

This report examines privacy practices in the mobile technology and media industry. Research questions include 1) factors that contribute to the problematic status of identity and privacy issues, 2) approaches entrepreneurs use to develop their privacy policies and privacy practices, 3) how their privacy policies and practices fare in terms of accessibility, transparency and accountability, and 4) whether and how entrepreneurs leverage identity and privacy management as a competitive advantage for starting up, developing products, and innovation. Offering a better understanding of privacy management as part of the mobile entrepreneurship process, a producer’s perspective enriches the existing literature dominated by the consumer side of the story. This report draws on a systematic literature review and in-depth interviews with 27 entrepreneurs and advocates. Insights gained have policy and practical implications for entrepreneurship, consumer protection, and citizen empowerment. 

PrivacyCheck: Automatic Summarization of Privacy Policies Using Data Mining

Author(s): Razieh Nokhbeh Zaeem, Rachel German, K. Suzanne Barber
Published on Aug 14, 2016
Download Report as PDF

Research shows that only a tiny percentage of users actually read the online privacy policies we all implicitly agree to when using a website. It also suggests that users ignore privacy policies because they are lengthy and, on average, require two years of college education to comprehend. We propose a novel technique that tackles this problem by automatically extracting graphical summaries of online privacy policies. We use data mining models to analyze the text of privacy policies and answer ten basic questions concerning the privacy and security of user data, what information is gathered from them, and how this information is used.

In order to train the data mining models, we thoroughly study privacy policies of 400 companies (7% of all listings on NYSE, Nasdaq, and AMEX stock markets) across industries. Our free Chrome browser extension,PrivacyCheck, utilizes the data mining models to summarize any HTML page that contains a privacy policy. PrivacyCheck stands out from currently available counterparts because it is readily applicable on any online privacy policy. Experimental results show that PrivacyCheck summaries are accurate 60% of the time. Over 350 independent Chrome users are currently using PrivacyCheck.

Next Page

Sign Up for CID News