Home > Store

Identity Theft

Register your product to gain access to bonus material or receive a coupon.

Identity Theft


  • Sorry, this book is no longer in print.
Not for Sale


  • Copyright 2003
  • Dimensions: K
  • Pages: 512
  • Edition: 1st
  • Book
  • ISBN-10: 0-13-008275-9
  • ISBN-13: 978-0-13-008275-6

  • Protect yourself against the fastest growing crime in America
  • Practical solutions for businesses, organizations, and individuals
  • Planning, designing, testing, and deploying effective anti-ID theft systems
  • Identifying, investigating, and recovering from identity theft
  • Biometrics and other emerging technological solutions

Protect yourself against the fastest growing crime in America: identity theft!

This year, nearly one million people will become victims of the fastest growing crime in America: identity theft. Now, there's a complete guide to preventing it, detecting it, and recovering from it. Written for technology professionals, security specialists, law enforcement professionals, and technology-aware laypeople, Identity Theft covers every facet of the problem—and every countermeasure. It's an indispensable resource—whether you want to protect yourself, your customers, or your citizens.

  • Practical solutions for individuals, corporations, non-profit institutions, and Internet Service Providers
  • Multifaceted responses that involve businesses, consumers, and public policy
  • How to analyze risks to your system on an end-to-end basis
  • How to plan, design, test, and deploy effective anti-ID theft policies, systems, and technologies
  • Emerging anti-ID theft planning and development technologies and solutions
  • Extensive case studies and hands-on examples, as well as the latest field and trial experiments
  • Identifying, investigating, and recovering from identity theft

From simple personal steps you can take right now, to state-of-the-art biometrics and encryption solutions, John R. Vacca covers everything you need to know to fight identity theft—and win.

Sample Content

Downloadable Sample Chapter

Click here for a sample chapter for this book: 0130082759.pdf

Table of Contents





1. Identity Theft Defined.

What Is Identity Theft? How Identity Theft Is Done. Where There's Help. Getting Serious About Identity Theft. An Age of Betrayal.

2. Minimizing Your Risk of Identity Theft. Guarding Against Identity Theft to Minimize Your Risk. Basic Security Precautions. Identifying Documents. End Notes.
3. Detecting, Reporting, and Recovering From Identity Theft.

Detecting Your Misappropriated Identity. Reporting ID Theft. Recovering From Identity Theft. When All Else Fails, Sue! Endnotes.


4. Identity Theft on the Internet.

Understanding Internet Identity Theft. Types of Associated Internet Identity Theft Crimes. Role of Privacy And Security Policies. Government Action and Public Policy. Endnotes.

5. Prevention Methods for Internet Site Operators.

Inadequate Protection. Identity Theft Is Easy. Battening Down The Hatches. Not Just ISPs. Online Identity Theft and Fraud Prevention. ID Theft and Fraud Protection Plan for E-Business. Preparing Your Site for Any Holiday. Insurance and E-Commerce: Cyberliabilities. International Addresses and AVSs. The Future Benefits. Endnotes.

6. Protecting the Identity Information of Customers.

The Internet Itself. Consumer and Corporate Identity Theft Protection Implementation and Deployment. Identity-Theft-Related Risks and Threats. Web Site Identity Theft Provisions. Web Identity Theft Protection Verification. Endnotes.

7. Internet Site Operator Testing and Performance of Identity Theft Protection Techniques.

Identity Theft Protection Principles. Design and Testing Techniques. Identity Theft and Your Web Site. Endnotes.


8. Protecting the Identity Information of Customers and Employees.

Identity Theft Crimes. Identity Theft Offenders. Which Customers Are at Risk? Internal and External Identity Theft Offenders. Identity Theft Information Protection Measures. Planning for Identity Theft Liability. Endnotes.

9. Guidelines for Protecting the Identity and Confidentiality of Personal Information When Working Outside the Corporate Office.

Other Sensitive Information. Identity Theft Legislation. Removing Records From the Office. Paper Records. Electronic Records. Laptop and Home Computers. Wireless Technology. Telephones and Voice Mail. Email, Faxes, and Photocopies. Conversations Outside the Office. Reporting Requirements.

10. Management of Ongoing Identity Theft Prevention and Protection Techniques.

Management of Electronic Records. Neural Networks. Postfraud. Processing Internet Charges. Rerouting Shipments. Internet Privacy Policies. Endnotes.


11. Biometrics.

How Biometric Systems Work. Types of Biometrics. Privacy-Enhanced Biometrics-Based Authentication. Biometrics and DNA at Work: Are They Cost Prohibitive for Identity Theft Protection? Benefits. Some Final Thoughts. Endnotes.

12. Digital Signatures: Smart, Optical, and Other Advanced Cards.

Three Levels of Security. A Few Kinks to Work out. Smart, Optical, and Other Advanced Cards. Using Smart Cards to Secure E-Business Applications. Using Biometrics in Smart Card Information and Operations. Optical Memory Cards. The National ID Card: Is Big Brother Watching? Endnotes.

13. Encryption.

What Is Email Encryption and How Does It Work? Symmetric Key Encryption. Asymmetric Encryption. Digital Signatures. Types of Email Encryption Products. Next Steps. Endnotes.

14. E-Commerce Security.

The Vulnerability of Open Networks. Inadequate Privacy Laws, Policies, and Technologies. Privacy Solutions. E-Commerce Fraud Detection Solutions. Endnote.

15. Data Mining.

Information Storage. What Is Data Mining? Examples of Data Mining. The Implications of Data Mining in the Context of Fair. Information Practices. Consumers and Businesses: Choices to Consider. Endnote.

16. Summary, Conclusions, and Recommendations.

Summary. Recommendations. Final Words. Endnotes.


Appendix A. Identity Theft Federal Laws Listing.

Identity Theft and Assumption Deterrence Act. Credit Laws.

Appendix B. Identity Theft State Laws Listing.
Appendix C. Identity Theft Reports, Testimony, and Comments Listing.

Reports. Testimony. Comments.

Appendix D. Identity Theft Cases and Scams Listing.

Cases. Scams.

Appendix E. Identity Theft Affidavit.
Appendix F. Glossary.



Identity theft is the fastest growing crime in America. Based on credit bureau statistics, the Privacy Rights Clearinghouse estimates that between 700,000 and 900,000 Americans were victims of identity theft in 2001. According to a study of identity theft crimes performed by the Federal Trade Commission (FTC), the majority of cases relate to credit card fraud.

Usually, the first notice that consumers get that someone has fraudulently assumed their identity is either a call from a collection agency demanding payment on an overdue credit account that they never opened or when their own monthly billing statements do not arrive in the mail because the address on their account had been changed by an identity thief. Most victims never learn how the identity thieves accessed their personal information, although according to the FTC's study of reported cases, 48% resulted from a stolen wallet or purse.

The 1990s spawned this new variety of crooks whose stock in trade is the personal information available in your everyday transactions. Almost every transaction you make requires you to share some kind of personal information: getting money from your bank, charging to your credit card, making a long-distance phone call, or even getting your mail. An identity thief co-opts some piece of your personal information and appropriates it without your knowledge to commit fraud or theft. It can be as simple as a waiter or a clerk stealing your credit card number.

ID Fraud

You might think your good name is invaluable, but on the street it sells for about $25-like the fake Michigan driver's license that bore Jane Sprayberry's name, but another woman's photo. With it, the impersonator walked into an American Express office, claimed she'd lost her credit card, and asked for a replacement. The helpful customer representative handed one over, and the thief's shopping spree began. The binge included stops at a jewelry shop, two appliance stores, and Saks Fifth Avenue. The impersonator even bought Versace underwear, according to Sprayberry, who is more of the T.J. Maxx type.

It was deja vu for Sprayberry: Her husband, Mark Sutton, had been the target of the same crime just one week before-but in addition to a retail blowout, the crook also drained his checking account. In all, Sprayberry and Sutton estimate that their impersonators stole $90,000 in merchandise and cash.

Does this sound like something that's happened to a friend or family member-or to you? It's no surprise. Identity fraud is the fastest growing white-collar crime in the country. The Identity Theft Resource Center in San Diego, California, estimates that more than 900,000 Americans had their personal information used illegally in 2001.

Sprayberry and Sutton were not casualties of a solitary street tough who lifted their wallets and ran up their credit card balances. Stolen wallets do still lead to identity theft, but old-fashioned pickpocketing is only a fragment of today's identity fraud scene. Sprayberry and Sutton were among hundreds of victims of what investigators say was a large crime ring centered in Detroit-one that is typical of well-oiled criminal machines that operate in major cities throughout the country. These rings are behind the nationwide explosion of identity fraud. Their leaders have expertly honed the skills needed to steal identities en masse and use them in every conceivable way to steal money from financial institutions and retailers, tainting the financial lives of millions of consumers in the process.


For Sutton and Sprayberry, mopping up the damage took about six months.

In still another case, a young man (let's call him Roger) tells the story about the time one of his coworkers at a drug store (call him Stephen) asked Roger for permission to have a piece of merchandise delivered to Roger's home. Stephen explained to Roger that he was buying a present for his wife and didn't want her to see it before he could wrap it and give it to her. Roger gladly agreed. A week later, Stephen asked again and Roger began to smell a rat. Realizing that he could be implicated by the use of his address if there was something illegal going on, Roger confronted Stephen, who admitted he had stolen some credit card numbers from customers at the drug store. Roger immediately reported the facts to the store's management, thereby saving himself from being accused of the crime (after all, the merchandise was being delivered to his address).


For the protection of the people in this book, real names are not used.

An all-too-common example is when an identity thief steals a wallet or purse and uses the victim's personal information to open a credit card account in that name. A clever thief might be able to rapidly obtain thousands of dollars of credit in the victim's name. Many luxury or exclusive chain stores are willing to quickly open credit accounts with the proper identification. Identity thieves can then have a buy now, pay never shopping spree, racking up thousands of dollars in bills at their victim's expense. Even before the victim knows what's going on, a quick-acting thief can make hundreds of dollars in charges.

Now, consider the case of Babygear.com (based on a real case), which was targeted as a source of credit card numbers by an unknown identity thief in Eastern Europe. In December 2000, Ellen of Gilbert, Arizona, got a telephone call from an employee of The Boeing Co. in Seattle telling her the credit card she had used to buy a Boeing leather jacket had been declined. The employee asked if she wanted to use another card to make the purchase. Ellen told them she didn't try to buy a jacket, and she asked them what the shipping address was. They told her Yugoslavia.

Ellen wasn't surprised by the call because she had already canceled the card after being alerted by an employee of online auction site eBay that someone had tried to use her card to make almost $700 in purchases and have them shipped to Yugoslavia. Ellen was one of 240 customers of online baby products retailer Babygear.com whose credit card data was apparently stolen from the site in September 2000 and traced to a hacker in Yugoslavia. Babygear.com has since filed for bankruptcy protection.

The former Babygear.com CEO indicated he was unaware of any widespread security breaches at the site, which was shut down in early December 2000. Meanwhile, other Babygear customers recounted what happened after their credit card data was snatched.

In still another case, Diane of River Falls, Wisconsin, was lucky, because she found out her credit card information had been stolen before any charges were made to her card. Around Thanksgiving 2000, she got a call from someone at a computer company in Florida asking if she was charging computer equipment to send to Yugoslavia. Thus warned, she was able to cancel her card before any charges were made to it. However, unlike Ellen, who indicated she still uses her new card to make online purchases, Diane said she's had it with buying on the Internet. She hasn't used her new card online since then.

In the case of Irene of Coeburn, Virginia, it was debit card data that was stolen from the Babygear.com site. She didn't notice any charges until January 2001, but then she noticed that someone had taken out $700 cash on January 2, 2001, and put it back in again on the same day. On January 3, 2001, there were two charges for $300 and $400 from an online payment service. Irene indicated that although she was lucky that her bank reimbursed her for the money taken out of her account, the entire episode was a nightmare. As a result of someone draining her account unbeknownst to her, the checks she had been writing bounced.

Silvia of San Ramon, California, found out that she was a victim of credit card fraud while making a small purchase at a drugstore. She found out during January 2001 that something was wrong when she was at the drugstore with her two young children and was told her credit card was declined for a $14 purchase. Silvia didn't realize what had happened until she got a call from an employee of Gap.com who said the jeans she ordered were returned because the shipping address was incorrect.

Teresa of Redwood City, California, indicated someone charged a total of $700 to her card before she discovered there was a problem. The only time she used her card online was at Babygear.com, and there is no way she'll use it online again.

Quick Tips From the Trenches

As you can see from the preceding examples, identity theft is epidemic, with an estimated more than 1,700 people losing their identity everyday in the United States alone. Obviously everyone is at risk.

With the preceding in mind, you already know the standard advice for minimizing the odds that your identity will be stolen: Don't keep your Social Security card in your wallet and give out your number as seldom as possible. Shred financial documents. Use a mail slot or locked mailbox. However, investigators and prosecutors who see firsthand how identity thieves ply their trade have some less conventional ideas for protecting yourself. In many cases, these are precautions they themselves have taken.

You should tell your credit card issuers to stop sending you unsolicited convenience checks, which are a favorite of credit fraudsters, because the account holder isn't likely to spot the charge for at least 30 days. Often these checks are stolen from residential mailboxes. In one New York case involving stolen mail, a fraud ring wrote $850,000 worth of convenience checks.

You should also switch to using gas-company credit cards, rather than an all-purpose Visa or MasterCard, at the pump. The reason? Gas-station attendants and other employees have access to customers' names and account numbers, even if the card is only swiped at the pump. A gas-only card has far less appeal to an identity thief. A gas station attendant can get paid $25 for each good credit card number he or she gets. It's the same with restaurant workers, but there's no restaurant-only alternative to Visa and MasterCard.

Such precautions may reduce the odds of you becoming an identity-theft victim, but there's no magic bullet. Just by having a job and health insurance, applying for credit, or making routine transactions, you inherently put your personal information at risk. There's no way to protect yourself, other than having bad credit.

Who This Book Is For

This book can be used by domestic and international system administrators, government computer security officials, network administrators, senior managers, engineers, sales engineers, marketing staff, Web developers, military top brass, network designers, and technicians. With regard to identity theft, the book is primarily targeted at those in government and law enforcement who require the fundamental skills to develop and implement security schemes designed to protect their organizations' information from attacks, including managers, network and systems administrators, technical staff, and support personnel. This also includes those involved in securing Web sites, including Web developers; Webmasters; and systems, network, and security administrators.

This book is also valuable for systems analysts, design engineers, programmers, technical managers, and all data processing, telecommunications, and office automation professionals involved in designing, configuring, or implementing ID theft prevention and protection techniques. In short, the book is targeted toward all types of people and organizations around the globe who have responsibility for managing and maintaining the Web site service continuity of organizational systems including line and project managers, team members, consultants, software and security engineers, and other information technology (IT) professionals who manage Web site cost justification, investments, and standards. Others who might find it useful are scientists, engineers, educators, top-level executives, IT and department managers, technical staff, and the more than 1 billion Internet, intranet, and extranet users around the world.

What's So Special About This Book?

Identity Theft shows experienced (intermediate to advanced) security and law enforcement professionals how to protect corporations, Web sites, and individuals and detect ID theft, and report the findings that will lead to the incarceration of the perpetrators. This book also provides the fundamental knowledge you need to analyze risks to your system and implement a workable security and antifraud policy that protects your information assets from potential intrusion, damage, or theft. Through extensive hands-on examples (field and trial experiments) and case studies, you will gain the knowledge and skills required to master the deployment of ID theft countermeasures to thwart potential attacks.

Throughout the book, extensive hands-on examples provide individuals with practical experience in ID theft detection, analysis, and reporting, as well as countermeasures and future directions. In addition to future ID theft detection, prevention, and protection solutions in personal, commercial organizations and governments, the book addresses, but is not limited to, the following key features:

  • You will learn how to detect and analyze your exposure to security threats and protect your organization's systems and data; manage risks emanating from inside the organization and from the Internet and extranets; protect network users from hostile applications and viruses; reduce your susceptibility to an attack by deploying firewalls, data encryption, decryption, and other ID theft countermeasures; and identify the security risks that need to be addressed in security and antifraud policies.
  • Chapters on how to gain practical experience in analyzing the security risks and ID theft countermeasures that need to be addressed in your organization also include maintaining strong authentication and authenticity, preventing eavesdropping, retaining integrity of information, evaluating the strength of user passwords, selecting a firewall topology, and evaluating computer and hacker ethics.

This book leaves little doubt that the new and emerging field of ID theft detection, prevention, and protection techniques is about to evolve. This new area of knowledge is now being researched, organized, and taught. This book will certainly benefit organizations and governments, as well as their antifraud and security professionals.

The book is organized into five parts and includes appendices as well as an extensive glossary of fraud and ID theft terms and acronyms. It provides a step-by-step approach to everything you need to know about preventing and protecting ID theft, as well as information about many topics relevant to the planning, design, and implementation of them. The book gives an in-depth overview of the latest ID fraud and theft countermeasures. It discusses what background work needs to be done, such as developing an anti-ID-fraud plan, and shows how to develop anti-ID-theft plans for individuals, organizations, and educational institutions. More important, this book shows how to install an anti-ID-fraud system, along with the detection techniques used to test the system. The book concludes with a discussion about future anti-ID-theft planning and development solutions and technologies.

Part I: Identity Theft Fundamentals

This part of the book covers the process of guarding against and recovering from identity theft and sets the stage for the rest of the book. Next, it discusses in specific detail how to minimize your risk of identity theft. Remember, you ultimately cannot prevent identity theft from happening, but you can reduce the odds. Finally, this part helps you begin the process of detecting, reporting, and recovering from identity theft.

Part II: Identity Theft Protection on the Internet

Part II begins by giving you an overview of how the issues related to identity theft require a multifaceted response that involves e-businesses, consumer education, and public policy. Only through this level of cooperation and action will the issues and victims of identity theft be addressed. Businesses (or any entity on the Net) must prevent the illicit use of an identity and protect private information. Other types of e-business, like service bureaus and marketing companies, need to take steps to ensure that private information is correctly stored and unavailable for abuse. Additionally, e-businesses involved with the issuance of online credit or online revolving credit need to take steps that verify information and use technology to reduce the ability for a stolen identity to be used to create a new account. Consumers can't expect that some big brother will watch out for their privacy or verify that information is not used without their authorization. Furthermore, consumers need to know where to report identity theft issues, what action e-businesses can take, and to what extent business will protect their privacy. Governments need to provide mechanisms for consumers to report crimes to the appropriate law enforcement agencies, provide training and education to law enforcement, and capture statistical information about the use and abuse of stolen identities and make this information available to both public and private-sector groups.

Next, Part II shows Internet service providers (ISPs) how to prevent identity theft by looking at types of identity theft prevention techniques and technologies. In spite of the ease of committing this crime, there are steps ISPs can take to reduce customers' exposure to the consequences. This part also shows you how to protect the identity information of customers. Finally, Part II discusses ISP testing and performance of identity theft protection techniques.

Part III: Identity Theft Protection for Corporations

Part III begins by showing you how companies can protect their customers and employees from identity theft. The nature of identity theft fraud is changing, not so much in the types of offenses being committed, but rather in the means by which those offenses are being perpetrated. Traditional fraud offenses are increasingly being facilitated by and perpetrated using the new electronic technology. Electronic systems have increased the opportunity for fraud by providing increased access to opportunities and also increasing the ease, speed, and anonymity of criminal activity. This provides challenges to law enforcement and business in terms of prevention, detection, and investigation. Solutions to the problems of identity theft protection lie in increased awareness of the changing risks, especially the increased risk of external attacks through connection to external electronic systems; in prevention, including the widespread use of effective electronic security and identity verification systems; and in international cooperation in regulation, information sharing, and enforcement. These measures should be supported by accountability, transparency, and effective risk management strategies in both the public and private sectors. Many of the most effective solutions need to be built into business systems and organizational practice.

This part also discusses guidelines for protecting the identity and confidentiality of personal information when working outside the corporate office. Finally, it examines the management of ongoing identity theft prevention and protection techniques.

Part IV: Identity Theft Future Solutions and Technologies

Part IV opens with a discussion of the use of enhancing security and privacy in biometrics-based authentication systems, biometrics at work, voice identity and electronic addressing, fingerprint scanning, facial scanning, and DNA scanning. Biometrics-based authentication to prevent ID theft has many usability advantages over traditional systems such as passwords. Specifically, users can never lose their biometrics, and the biometric signal is difficult to steal or forge. This part also shows that the intrinsic bit strength of a biometric signal can be quite good, especially for fingerprints, when compared to conventional passwords. Yet, any system, including a biometric system, is vulnerable when attacked by determined hackers. This part highlights eight points of vulnerability in a generic biometric system and discusses possible attacks. Several recommendations are made to alleviate some of these security threats. Replay attacks are addressed using data-hiding techniques to secretly embed a telltale mark directly in the compressed fingerprint image. A challenge/response method is proposed to check the liveliness of the signal acquired from an intelligent sensor. This part also touches on the often-neglected problems of privacy and revocation of biometrics. It is somewhat ironic that the greatest strength of biometrics-that they do not change over time-is at the same time its greatest liability. Once a set of biometric data has been compromised, it is compromised forever. To address this issue, I propose applying repeatable noninvertible distortions to the biometric signal. Cancellation simply requires the specification of a new distortion transform. Privacy is enhanced because different distortions can be used for different services and the true biometrics are never stored or revealed to the authentication server. In addition, such intentionally distorted biometrics cannot be used for searching legacy databases and thus alleviate some privacy violation concerns.

In this part, I hope that throughout this process you, the reader, have thought about your own personal information and how important it is that no company misuse it. After all, we are all individuals with some level of concern about our own information. At the same time that you might be the developer of one application, you are the customer of other applications. Just as you want to provide good customer service, you also want to receive good customer service. In the information economy, customer service is taking on a new look-privacy. As an example of what can go wrong, when caller identification applications were first introduced, many companies assumed that responding to customers by name when they called would be seen as good customer service. They soon found that people often did not take kindly to that approach. "How do you know my name?" expressed in angry tones, was frequently heard. We all value our privacy in a general sense and we are becoming more sensitive about the protection of our personal information. This part also presents examples of applications that require user authentication and transaction authorization with a very high level of security. More and more, Web applications with similar security requirements will emerge as the volume of financial transactions conducted via the Internet increases steadily. The pure Java architecture presented in this part allows such applications to be secured in an elegant and flexible way, using smart cards to provide a higher level of security. A prototype for performing biometric authentications inside a smart card is also presented. Three biometric techniques are studied to analyze their viability: speaker recognition, hand geometry, and iris identification. The results show the possibility of integrating biometrics as a card holder verification method, therefore improving user authentication in smart-card-based applications. Better results can be obtained building a new smart card mask, instead of using an open operating system card, such as the Java-Cards used in the prototypes developed. If this last option is not possible, results with the RISC-based JavaCard are good enough for a commercial product. Further efforts will be applied to integrate other biometric techniques in the prototypes developed, such as fingerprint or facial recognition.

Email encryption is a powerful tool in helping to protect an individual's privacy. In this part, I map out the basic concepts. You should put this new knowledge into practice and actively investigate use of email encryption software. Because I provide only a brief overview of the topic, you should follow the links previously cited to gain an even better understanding of email encryption. It is always useful to start with a list of your requirements that can be used to assess any potential products. If possible, test some products yourself. Soon, using encryption software will become second nature. If you don't protect your privacy with tools like email encryption, you may well lose it. That could result in anything from a minor annoyance, to a gut-wrenching feeling of violation, to the loss of significant amounts of money. Guard your privacy and identity well; the tools are out there for you to do so.

Next, Part IV discusses how, in an era of networked information technologies, personal information has acquired intrinsic commercial value, whether collected directly or indirectly, to serve a variety of commercial purposes. However, an open networked system such as the Internet remains at present an uncertain environment, particularly for the conduct of commercial transactions. Such transactions in the "real" world are enveloped in a framework of laws, customs, and practices that create the necessary trust and confidence to ensure wide public participation. In the unstructured framework of the virtual world, however, the traditional ways of conducting business are not always appropriate or adequate. To a much greater extent, the virtual world, a creation of technology, will be dependent on technology for many of its solutions. The challenge is to transport the basic principles that exist in the physical world through laws, customs, and practices into the virtual world-in effect, to create a parallel process. This is the case to be made for privacy and the principles that protect our personal information in the world of e-commerce. Specifically, fair information practices provide a framework by which to assess technology-based solutions and to serve as a benchmark in creating those solutions. The combined efforts of technology experts, cryptographers, lawyers, policymakers, privacy advocates, and ultimately the public will be needed to create acceptable solutions to the privacy dilemmas arising out of a networked world. Given the broad public apprehension about using the Internet to conduct commercial transactions and consumers' concerns over the prospect of losing their privacy, it is incumbent on all of us who wish to make electronic commerce a viable form of transacting business to inform the public about these issues. It is particularly important that the public understand the different options being considered and the choices available to them. Throughout the 21st century, all indications suggest that privacy will continue to resonate as a significant public issue. The challenge will be to develop and advance information technologies, supported by appropriate legal and policy frameworks, that can minimize the public's apprehensions about technology, and, in the process, enhance personal privacy.

The need to protect and manage personal information has been likened to the management of natural resources. Personal information is a resource, exploited commercially, but valued as an element of human dignity and enjoyment of one's private life. It is therefore to be protected and managed, not unlike the protection and management of other resources. As with early efforts to protect the environment in the absence of legislation, privacy protection currently relies on ancient common law principles that continue to adapt to new technological challenges to personal integrity, happiness, and freedom. These principles have now found legislative expression in various statutes relating to environmental protection. Information, however, has some unique qualities in need of special regulatory and judicial attention. Looking ahead, consumers will not only want goods and services, but assurances that the information they provide to a business is, from a privacy perspective, protected. To deal with this need, a shared responsibility for the management of personal information will be essential, involving government, the business community, and consumers. Only through shared responsibility, sustained by the business community through a culture of privacy, and strengthened by the voice of consumers, can personal information become a protected, managed, and valued resource. This part gives all three parties (consumers, businesses, and government) incentives for action toward protecting personal information in the marketplace. The tension between technology and privacy can be minimized if privacy safeguards are made a key consideration up front, rather than an afterthought. Although current data-mining practices are somewhat beyond the up-front stage, there is still time to ease this tension before applications become commonplace. One short-term approach might be for businesses to provide consumers with choices in the form of multiple selection opt-outs. The final chapter of this book provides a summary of identity theft, conclusions, and recommendations.

Part V: Appendices

Five appendices provide direction to additional resources available about IDtheft. Appendix A is a listing of Federal ID theft laws. Appendix B is a listing of state ID theft laws. Appendix C contains a listing of reports, testimony, and comments relating to ID theft. Appendix D consists of a listing of ID theft cases and scams. Appendix E contains an ID theft affidavit and corresponding information. Appendix F is a glossary of ID fraud and theft terms and acronyms.


Submit Errata

More Information

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.


Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.


If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.


This site is not directed to children under the age of 13.


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020