Online identity theft

Like in any activity, protecting people’s identity online is vital for the future of the Internet economy. What can be done?
OECD Directorate for Science, Technology and Industry

©David Rooney

Would you shop in a store if you knew the credit card machine at the till was likely to send your bank details to an organised gang somewhere abroad? Such incidents happen every day in the physical world. In fact, credit card fraud from all kinds of real world transactions is a major global crime, and whole government websites are dedicated to fighting it.

But it does not stop people from going out to shop with their credit cards. In general, the public trusts that shopping in a physical store is safe, and it generally is. The Internet is quite a safe place to do business too, and, as long as precautions are taken, keying in credit card details on an encrypted webpage is probably safer than, say, calling personal numbers out over the phone to some unknown sales clerk.

But it is a relatively new marketplace, and trust takes time to build up, particularly when transactions take place across borders and recourse in the event of fraud is unclear. This makes online ID theft particularly brutal on its victims, and makes the public that bit more sceptical.

Building online confidence is a key challenge not just for the future growth of the Internet economy, but for helping in the fight against all types of cyber fraud, including ID theft.

In the US, nearly a third of adults report that security fears compelled them to shop online less, or not at all, during the 2005- 2006 holiday season, according to a survey by the Identity Theft Task Force. In the EU there is a similar pattern of distrust, with three-quarters of people surveyed in an EU report saying that fear of ID theft stopped them purchasing goods or services online. Most of those that did shop online bought goods or services from within the relative safety and comfort of their own countries.

In recent years, a patchwork of public and private sector bodies, and the media, have alerted the public about the threat, at both domestic and international levels.

However, ID theft has been the subject of different legal characterisations in OECD countries, leading to different enforcement schemes. While the US and Canada consider it as a serious crime, EU member states classify it as fraud.

For the OECD, ID theft “occurs when a party acquires, transfers, possesses, or uses personal information of a natural or legal person in an unauthorised manner, with the intent to commit, or in connection with, fraud or other crimes.”

A problem for building confidence is that the thieves’ techniques keep evolving. Victims’ personal information can be mainly obtained through malicious software (“malware”) installed on a computer or by “phishing” e-mails and fake websites imitating well-known institutions. Phishing messages increasingly contain malware and are vehicled through spam. All are designed to fool people into disclosing their personal information.

Phishing itself is becoming more sophisticated and difficult to detect, and comes in many forms with somewhat foreboding names. There is “pharming” whereby users are redirected from an authentic to a fraudulent website that replicates the original in appearance. “Spearphishing” is another form, where the sender impersonates a company’s employee/employer to steal their colleagues’ passwords/usernames. Then there is “vishing,” when a spoofed e-mail invites recipients to call a telephone number, where in turn an automated attendant asks users to enter personal information as a security precaution. Clever users that feel they will not be duped by any of these tricks could still be caught out by “SMiShing,” where a short text message sent out onto their mobile phone confirms their signing up for a company’s services, indicating that they will be charged a fee unless they cancel their order at the company’s website. Such website is in fact compromised and used to steal personal information.

Like burglaries, most people believe cyber theft only happens to others. Yet ID theft has been qualified by many as the “fastest growing crime of the 21st century”. However, its true scale is difficult to measure. Available statistics are inconsistent from one country or authority to another, complicating cross-border comparisons; most data rely on consumer complaints, but many victims do not report their case to the authorities. Some security vendors even say that ID theft has declined in recent years. But most believe it has increased. According to the US Federal Trade Commission, in 2006, for the sixth year in a row, ID theft topped the list of consumer complaints, accounting for 246,035 of more than 674,354 fraud complaints filed with the agency.

ID theft has resulted in substantial economic losses for stakeholders, including individual victims, financial institutions, and even whole economies. In the UK, the Home Office estimates that ID fraud costs £1.7 billion (US$330 billion) to the UK economy, nearly 50% up on 2002. According to APACS, the UK payments association, online banking fraud doubled in the first half of 2006 compared with a year earlier.

What can be done to prevent online identity theft? One solution is education. Various member countries have taken initiatives, often in the form of websites, to alert consumers and users about ID theft risks. There are also videos, leaflets and general information kits. The aim is equally to educate businesses about the problem. In Canada, for example, the Consumer Measures Committee has developed an ID theft information kit informing companies on how to reduce the risk of compromising consumers’ information, and what to do when a thief strikes.

Another step is to take actions to enhance cross-border enforcement cooperation. The development of a globally accepted concept would help implement dissuasive sanctions. One idea is to impose an obligation on companies to disclose security breaches affecting customers’ sensitive personal information. The idea behind it is that if people do not know they are at risk, they are unable to protect themselves against ID theft. Such obligation of disclosure, which has, for example, been established under various US state laws, is under consideration in Australia in the context of the review of the country’s privacy laws, but does not yet exist in the EU.

ID management, and more specifically, electronic authentication tools-in short, technology-may also evolve as helpful means to combat online ID theft. In Korea, in 2006, an improved online identity system was introduced. The 13- digit citizen registration number, which contained people’s personal information and was used as an online ID verification tool, was replaced by a new “i-PIN” (Internet-only Personal Identification Number) with no personal data, which could be replaced if copied or misused, and which could not be used to trace other website registration information. Such techniques should reduce online ID theft as they do not contain the kind of sensitive information thieves look for.

As ever when it comes to building trust, multi-stakeholder co-operation is a vital part of the answer. In 2007, the UN Office on Drugs and Crime (UNODC), developed a set of recommendations on ID-related crimes (UN, 2007), calling on authorities, the private sector and civil society to join efforts to fight ID theft. The 2008 OECD Ministerial Conference on the Future of the Internet Economy is an opportunity to step up that co-operation and make real progress.



  • Identity Theft Task Force (2007), Combating Identity Theft: A Strategic Plan, 23 April 2007, at:
  • United Nations (2007), “Results of the second meeting of the Intergovernmental Expert Group To Prepare a Study on Fraud and the Criminal Misuse and Falsification of Identity”, Report of the Secretary-General, 2 April 2007, E/CN.15/2007/8.

©OECD Observer No 268 June 2008

Economic data


Stay up-to-date with the latest news from the OECD by signing up for our e-newsletter :

Twitter feed

Suscribe now

<b>Subscribe now!</b>

To receive your exclusive print editions delivered to you directly

Online edition
Previous editions

Don't miss

  • How sustainable is the ocean as a source of economic development? The Ocean Economy in 2030 examines the risks and uncertainties surrounding the future development of ocean industries, the innovations required in science and technology to support their progress, their potential contribution to green growth and some of the implications for ocean management.
  • OECD Environment Director Simon Upton presented a talk at Imperial College London on 21 April 2016. With the world awash in surplus oil and prices languishing around US$40 per barrel, how can governments step up efforts to transform the world’s energy systems in line with the Paris Agreement?
  • Happy 10th birthday to Twitter. This 2008 OECD Observer interview with Henry Copeland said you’d do well.
  • The OECD Gender Initiative examines existing barriers to gender equality in education, employment, and entrepreneurship. The gender portal monitors the progress made by governments to promote gender equality in both OECD and non-OECD countries and provides good practices based on analytical tools and reliable data.
  • Once migrants reach Europe, countries face integration challenge: OECD's Thomas Liebig speaks to NPR's Audie Cornish.
  • “Un Automne à Paris”: listen (and read) this sad yet uplifting new song by jazzman Ibrahim Maalouf and pop singer Louane that will be launched on 11 January in honour of the victims of the murderous attacks on the French capital in 2015 and as a tribute to love and liberty in this City of Light.

  • Secretary-General Angel Gurria on CNBC: Developed vs developing nations at COP21

  • Message from the International Space Station to COP21

  • COP21 Will Get Agreement With Teeth: OECD Secretary-General Angel Gurría on Bloomberg

  • The carbon clock is ticking: OECD’s Gurría on CNBC

  • If we want to reach zero net emissions by the end of the century, we must align our policies for a low-carbon economy, put a price on carbon everywhere, spend less subsidising fossil fuels and invest more in clean energy. OECD at #COP21 – OECD statement for #COP21
  • They are green and local --It’s a new generation of entrepreneurs in Kenya with big dreams of sustainable energy and the drive to see their innovative technologies throughout Africa.
  • Pole to Paris Project
  • Black carbon causes millions of deaths every year and contributes to the warming of the planet. The United Nations Environment Programme explains how reducing black carbon can save lives and help combat climate change.
  • In order to face global warming, Asia needs at least $40 billion per year, derived from both the public and private sector. Read how to bridge the climate financing gap on the Asian Bank of Development's website.
  • How can cities fight climate change?
    Discover projects in Denmark, Canada, Australia, Japan and Mexico.
  • Climate: What's changed, what hasn't, what we can do about it.
    Lecture by OECD Secretary-General Angel Gurría, hosted by the London School of Economics and Aviva Investors in association with ClimateWise, London, UK, 3 July 2015.
  • French Economy Minister Emmanuel Macron came to the OECD on 18 September for a webcast discussion on economic reforms, inequality and the outlook, with OECD Secretary-General Angel Gurría. You can watch the event by clicking on the photo.

  • Climate change: “We should not disagree when scientists tell us we have a window of opportunity–10-15 years–to turn this thing around” argues Senator Bernie Sanders.

  • In the long-run, the EU benefits from migration, says OECD Head of International Migration Division Jean-Christophe Dumont.
  • Is technological progress slowing down? Is it speeding up? At the OECD, we believe the research from our Future of ‪Productivity‬ project helps to resolve this paradox.
  • An employee prepares breakfast in front of the Eiffel tower at the Parisian luxury hotel Le Plaza Athenee. Nowhere in the world has more accommodation available on Airbnb than Paris. Now the home-sharing website that has transformed budget travel is giving super-deluxe hotels a fright too.
    ©REUTERS/Stephane Mahe
  • Is inequality bad for growth? That redistribution boosts economies is not established by the evidence says FT economics editor Chris Giles. Read more on
  • Low interest rates here to stay for half a century, says OECD director Adrian Blundell-Wignall.
  • Bill Gates visited the OECD on 26 June. He met with the Secretary-General Angel Gurría to discuss areas of collaboration with his foundation and participated at a briefing session on official development assistance modernisation with OECD experts.
  • The People’s Republic of China decided to enhance longstanding collaboration with the OECD and to join the OECD Development Centre, in a historic visit by Chinese Premier Li Keqiang on 1 July to the OECD in Paris.
    Read about it on
  • Catherine Mann, OECD Chief Economist, explains on Bloomberg why "too much bank lending can slow economic growth".
  • Interested in a career in Paris at the OECD? The OECD is a major international organisation, with a mission to build better policies for better lives. With our hub based in one of the world's global cities and offices across continents, find out more at .
  • Come va la vita in Italia? How's life in Italy? The OECD Better Life Index is an interactive online platform in seven languages that goes beyond GDP by offering important insights into measuring well-being and quality of life. Try it for yourself!

Most Popular Articles


What issue are you most concerned about in 2015?

Euro crisis
Global warming
International conflict

OECD Insights Blog

NOTE: All signed articles in the OECD Observer express the opinions of the authors
and do not necessarily represent the official views of OECD member countries.

All rights reserved. OECD 2016