Essays on digital and physical channels and mitigation mechanisms of identity frauds
This dissertation includes two essays on identity theft. we developed a modified routine activity theory (RAT) in the first essay to explain the channels of identity frauds occurrence. This study aims to understand the antecedents of identity theft victimization at the individual level, which is important for the law enforcement agency to understand how identity theft occur and design effective deterrence measures. Different from existing studies that examine the antecedents of identity theft using the online proximity approach, we propose the novel concept of recognitive proximity. Recognitive proximity measures how closely a criminal impersonates a victim’s identity by exploiting personal information in four identity dimensions, including symbolic representation, personal identity, role identity and social identity. We hypothesize that online proximity and physical proximity created by individual and organizational leakage of personal information in both digital and physical channels may result in different levels of recognitive proximity, thus generating distinct influence on the risk of identity fraud victimizations. We test our hypotheses using a representative sample of 12,376 U.S. citizens. Our hypotheses are supported by the empirical results. In the second essay, we develop a theory to explain whether, how, and when individuals can protect themselves against the heightened identity theft (IDT) risks following a data breach. We conceptualize IDT as a multi-stage process where criminals first unlawfully obtain a person’s identifying information (PII) through a data breach, then misuse the PII to assume the identity of the person, and ultimately, imposter as the person to commit the IDT crime. We distinguish if the person’s PII leaks to criminals through a personal data breach or an organizational data breach. We hypothesize that preventive protections can reduce the PII leakage through personal data breaches but they can increase the PII leakage through organizational data breaches. We further hypothesize that detective protections can mitigate the heightened IDT risks following a data breach. Finally, we hypothesize that proactive protections are likely to be more effective than reactive protections in reducing IDT. We find support for these ideas in a representative sample of 66,224 citizens in the U.S.A.