U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

Putting an End to Account-Hijacking Identity Theft

NCJ Number
Date Published
December 2004
41 pages
This study addresses a subset of identity theft of concern to FDIC-insured financial institutions and their customers, i.e., unauthorized access to and misuse of existing asset accounts, called "account hijacking" in this report.
Recent studies indicate that unauthorized access to checking accounts is the fastest growing form of identity theft. The perpetrators are taking advantage of the reliance on single-factor authentication for remote access to online banking, along with the lack of e-mail and Web site authentication, to commit account hijacking. Since 1998, when identify theft first became a Federal crime, a number of statutes and regulations have clarified the impermissible use of personal information and offer greater tools for law enforcement; however, no law or regulation solely addresses account hijacking. Regarding legislative and regulatory responses to identity theft, this report discusses standards for protecting information, information to consumers, and increased penalties and tools for law enforcement. Financial institutions can help reduce identity theft, including account hijacking, by encouraging information-sharing on the nature of the offense and the methods used to perpetrate it. A number of information-sharing efforts are noteworthy, including those sponsored by the Financial Service Information Sharing and Analysis Center, the Anti-Phishing Working Group, the Identity Theft Assistance Corporation, and Infragard. Other suggestions for financial institutions and governments in countering account hijacking are as follows: upgrade existing password-based, single-factor ID systems to two-factor authentication and use scanning software to identify and defend against "phishing" (posing as a legitimate institution or company on the Internet to obtain critical personal information). 37 references