1. Technical Field
The present invention relates generally to the field of identity theft and more specifically, but not by way of limitation, to data mining of personally-identifying information found on the Internet.
2. History of Related Art
Identity theft is a mounting concern in commercial transactions. This is particularly true in remote commercial transactions such as, for example, Internet-shopping transactions, that involve little or no direct personal contact between a consumer and a goods or services provider (GSP). It is commonplace for personally-identifying information (PII) to be compromised and utilized for identity theft such as, for example, in a remote commercial transaction. PII, as used herein, refers to information that can be used to uniquely identify, contact, or locate an individual person or can be used with other sources to uniquely identify, contact, or locate an individual person. PII may include, but is not limited to, social security numbers (SSN), bank or credit card account numbers, passwords, birth dates, and addresses. PII that has been obtained by or made available to a third party without proper authorization is referred to herein as compromised PII.
PII can be compromised in a myriad of ways. For example, record keeping for entities such as, for example, healthcare, governmental, financial, and educational institutions, is increasingly and sometimes exclusively electronic. Electronic record keeping introduces new risks for which the entities are frequently ill-equipped to handle. For example, PII is often compromised via stolen hardware, inadequate security procedures, security breaches, or employee carelessness or misconduct.
Another way that PII is frequently compromised is via “phishing.” Phishing is the process of attempting to acquire PII by masquerading as a trustworthy entity in an electronic communication. A common example of phishing is a fraudulent email that is made to appear as though it originates from a valid source such as, for example, a national bank. The fraudulent email may incorporate a uniform resource locator (URL) that re-directs its audience to a false website that appears to be a legitimate website for the valid source. In actuality, the false website may be a front for stealing PII as part of a spurious transaction. For example, the false website may request “confirmation” of PII such as, for example, a credit card number or a username and password. The PII may then be stored for later improper use such as, for example, identity theft in a remote commercial transaction.
At least 182,395 instances of phishing were recorded during 2009, as reported by antiphishing.org. This is a forty-two percent increase over a number recorded in 2008. More than 10,745 malicious domains were registered in 2009, which is an increase of fifty-two percent over 2008. Sometimes, a misleading link such as, for example, the URL for the false website described above, may actually originate from a legitimate website but cause traffic to be redirected to an illegitimate website. This type of scam is known as “pharming.”
Legislation to curb efforts to compromise PII are largely ineffective. For example, phishing and pharming activities originate from areas around the globe and are thus often protected from prosecution by a particular jurisdiction. Additionally, once PII is compromised, distribution of the compromised PII may be difficult or impossible to prevent. Web sites and forums dedicated to exchanging compromised PII are increasing rapidly in number. Some of these web sites and forums exchange compromised PII though email or secure direct uploads and downloads.
Identity theft resulting from compromised PII is costly to victims and companies alike. The Identity Fraud Survey Report created by Javelin Strategy & Research reported that in 2009 victims averaged a personal cost of $373 and 21 hours of time to resolve identity-theft issues. The annual cost of identity theft currently exceeds $200 billion worldwide. In addition, as a result of new legislation and litigation resulting from compromised PII, companies stand to suffer from lower profit margins, damaged credibility due to negative customer experiences, and eroded brand value. Identity theft also looms as a threat to the advancement of promising consumer-driven, self-service, and cost-savings technologies.