EVALUATING RESEARCH QUESTIONS

dentity theft and university students: do they know, do they

care? Ludek Seda

Flinders Business School, Flinders University, Adelaide, Australia

Abstract Purpose – This study aims to explain what factors influence the relationship between the university students’ knowledge of the risk of identity theft and the preventive measures they take. Design/methodology/approach – A series of semi-structured interviews was used as the primary data collection tool. The sample for this study comprised 12 undergraduate students (six males and six females) from the Flinders Business School. The interviews were designed as face-to-face interviews. Findings – The current findings indicate that, despite the fact that students were reasonably knowledgeable regarding the general risk of identity theft, many of the students had only limited knowledge about specific issues related to identity theft. It was found that the limited knowledge or misunderstanding of specific issues prevented students from using appropriate measures that could reduce the risk of identity theft. The students demonstrated a significant misunderstanding of who perpetrators typically were targeting when stealing personal information or what perpetrators of identity theft were looking for. Originality/value – The results of the study contribute to a better understanding of the students’ knowledge about the risks associated with identity crime. They may also assist governments and other stakeholders with vested interests, such as financial institutions and educational providers, to educate individuals about the circumstances where they are potentially vulnerable to identity theft.

Keywords University students, Identity crime, Identity fraud, Identity theft

Paper type Research-paper

1. Introduction Identity crime can take many different forms. Offenders may obtain identification information, and use it to obtain loans, make contracts with utility providers, borrow a rental car and never return it or the information can be sold to other offenders. Victims then may end up with an empty bank account, and may be held responsible for the credit card debt or other unpaid bills. Furthermore, victims may be accused of damages that were caused by an offender when using their name. The offenders may also be motivated to steal identification information for reasons other than for direct financial gain. Stolen information can be used to support human trafficking, terrorist actions or to obtain unauthorised access to other information that is of critical importance. The seriousness of the crime is further highlighted by the fact that victims may not know that their identity has been stolen, and therefore, their identity can be misused by criminals. It may take weeks, months or even years until the theft is uncovered. The problem of identity crime is becoming increasingly common, especially in technologically advanced countries, such as Australia, and this phenomenon deservedly attracts media attention.

The current issue and full text archive of this journal is available at www.emeraldinsight.com/1359-0790.htm

Identity theft and university

students

461

Journal of Financial Crime Vol. 21 No. 4, 2014

pp. 461-483 © Emerald Group Publishing Limited

1359-0790 DOI 10.1108/JFC-05-2013-0032

Lozusic (2003) describes identity fraud as one of the fastest growing crimes around the world, with estimated costs to the individual, the community and organisations running at several billion dollars a year in Australia. An extensive examination of fraud in Australia and New Zealand was conducted by the Australian Institute of Criminology and PriceWaterHouseCoopers (2003). The study examines more than 150 cases of fraud that the police and prosecution services dealt with. The study revealed that the most common type of fraud involved obtaining finance or credit by deception. False documents were used in 69 per cent of cases, and were used to provide evidence of false or stolen identity. Therefore, the increase in reports recognising identity theft and identity fraud as a serious problem for individuals, organisations and for society as a whole is expected with the growing recognition of this crime. Identity fraud is also an essential component of many organised-crime activities (Australian Crime Commission, 2011). The number of reported identity fraud cases goes beyond the investigative potential of many law enforcement agencies (Newman and McNally, 2005). Identity crime also presents complex jurisdictional and law enforcement issues due to its cross-national nature (Higgins et al., 2005). Many police departments are not adequately equipped to deal with the multi-jurisdictional nature of identity crime (White and Fisher, 2008). This indicates that there are many issues that make reactive response impracticable or very ineffective.

There are various definitions of identity theft and identity fraud, and, as such, there is no clear distinction between them in the literature (Sproule and Archer, 2006; White and Fisher, 2008). The offenders are interested in not only individuals’ but also organisations’ identification information. The following definition of identification information will be used in this paper.

“Identification information” means information relating to a person (whether living or dead, real or fictitious, or an individual, or a body corporate) that is capable of being used (whether alone or in conjunction with other information) to identify or purportedly identify the person […] (Commonwealth of Australia & Model Criminal Law Officers’ Committee of the Standing Committee of Attorneys-General, 2008, p. 25).

Two major phases of identity crime can be distinguished. First, identification information must be stolen; and second, an offender then uses that identification information to obtain money, goods, services or other benefits. This distinction is important because different preventive techniques should be used against the crime. This paper focusses only on the first phase, that is, the theft of identification information.

The Council of Australian Governments issued an Agreement on a National Identity Security Strategy in 2007, which includes the following definitions (The Council of Australian Governments, 2007, p. 3):

“Identity theft” is the theft or assumption of a pre-existing identity (or a significant part thereof), with, or without consent, and whether, in the case of an individual, the person is living or deceased.

“Identity fraud” is the gaining of money, goods, services or other benefits or the avoidance of obligations through the use of a fabricated identity, a manipulated identity, or a stolen/assumed identity.

JFC 21,4

462

The two, aforementioned definitions of identity theft and identity fraud, clearly distinguish between both phases, and their meaning is therefore used for the purpose of this paper. Further, the term “identity crime” is used when referring to both identity theft and identity fraud, as they are closely related.

While there is a significant amount of literature of a descriptive nature about identity theft and identity fraud, less information is available regarding people’s knowledge and attitude towards this problem. As such, there is also a limited number of research projects that have investigated the level of students’ awareness and knowledge of the risk of identity theft and fraud and of the preventive measures that they have taken (Higgins et al., 2005; Winterdyk et al., 2007; Winterdyk and Thompson, 2008; Winterdyk and Filipuzzi, 2009). Findings indicate that students are less knowledgeable than anticipated, and as far as is known, none have investigated how the level of individuals’ knowledge of the risk of identity theft influences the type and level of preventive techniques and tools applied.

There are several reasons why students may be exposed to have a higher-level risk of identity theft. First, students have a tendency to use information technology and the Internet more than the general public do. Additionally, frequent solicitation of university students, as new customers, by financial institutions, provides increased exposure to identity theft. In addition, the university students may have limited experience with financial transactions and are likely to be more trusting to others (Higgins et al., 2005).

The increasing risk of crime therefore evokes discussion about other ways of responding. Due to the nature of identity crime, the responsibility for the prevention of identity theft and identity fraud depends on combined responses from individuals, the private sector, law enforcement agencies and government.

Reflecting on the existing studies, this paper aims to contribute to the knowledge about identity crime in relation to students by answering the following research question:

RQ1. To what extent does knowledge of the risk about identity theft influence the use of preventive measures taken by university students?

The following three sub-questions also form the data-collection process:

(1) To what extent are university students knowledgeable of the ways identity theft is committed and of its consequences?

(2) How do university students protect themselves against the risk of identity theft? (3) What is the relationship between the knowledge of the risk of identity theft and

preventive measures taken by university students and how can the relationship be explained?

A gap in the literature has been found, which this paper seeks to address. The results of the study will help to provide an enhanced direction for government and the private sector to combat the risk of identity crime. An increased level of knowledge and preventive measures taken against identity theft will also be beneficial to students who will be exposed to the increased risk of identity crime during their professional working lives, for example, in business fields.

463

Identity theft and university

students

2. Theoretical framework There are several existing studies on identity crime that draw on a situational crime-prevention (SCP) framework that helps to understand and explain issues surrounding identity crime (Newman and McNally, 2005; Berg, 2008; Newman, 2008; White and Fisher, 2008; Willison, 2008). SCP emerged from approaches that emphasise that one of the functions of crime is the existence of the opportunity to commit a crime. More specifically, SCP is based on routine activity theory developed by Cohen and Felson (1979). Routine activity theory explains that certain factors increase the likelihood of committing a crime. The discussed factors are a motivated offender, a suitable target and the absence of capable guardians (Cohen and Felson, 1979). SCP focusses on the opportunity to commit a crime as the key factor that helps to explain why crime is committed, with SCP’s overall intention being one of reducing the occurrence of crime. This approach, therefore, focusses on techniques that make committing crimes less attractive rather than on sanctioning or detecting offenders (Clarke, 1997). As an existence of opportunity is also considered by various theories, SCP is closely linked to other theories such as rational choice theory (Clarke and Cornish, 1985), routine activities theory, crime pattern theory (Brantingham and Brantingham, 1999) or hot spots theory (Sherman et al., 1989; Sherman, 1995).

Clarke (1997) offered four components for an SCP framework: (1) a theoretical foundation, which builds on the principles of routine activity theory

and rational choice theory; (2) a standard methodology for combating specific crime issues; (3) a set of techniques that reduce crime problems; and (4) a body of evaluated practice.

SCP can be defined as:

[…] comprising measures directed at highly specific forms of crime that involve the management, design, or manipulation of the immediate environment in as systematic and permanent a way as possible so as to reduce the opportunities for crime and increase its risks as perceived by a wide range of offenders’ (Clarke, 1983, p. 25).

An opportunity to commit a crime is therefore reduced if individuals are informed about the risk of crime and are able to change the environment to make the crime less attractive to potential perpetrators (Clarke, 1983, 1995). In other words, SCP is based on the idea that criminal activities can be minimised if offenders’ opportunity to commit crime is limited. Clarke (1992) initially offered 12 techniques of situational prevention, which were divided into three strategic categories. The model was revised by Clarke and Homel (1997); Cornish and Clarke (2003), resulting in five categories, offering 25 techniques of situational prevention. The latest revision of the SCP model includes:

• techniques that increase the effort to commit a crime; • techniques that increase the risk associated with committing a crime; • techniques that reduce the rewards acquired from crime; • techniques that reduce provocation that may encourage offenders; and • techniques that remove excuses that offenders may use to justify committing a

crime (Cornish and Clarke, 2003).

JFC 21,4

464

Such techniques then, for example, include the hardening of suitable targets, extending guardianship, improving natural or formal surveillance and concealing targets of crime (Cornish and Clarke, 2003). Newman and McNally (2005) adapted the model introduced by Cornish and Clarke (2003) and presented an SCP model that offers numerous techniques specifically related to the problem of identity crime.

Winterdyk and Filipuzzi (2009) draw attention to the fact that university students may have limited experience with using their personal identification items while engaging in numerous personal or financial dealings. This makes university students a suitable target in relation to identity crime. Avoidance of crime can be stimulated by the increased existence of capable guardians, which would lead to the increased protection of suitable targets. Because this paper examines preventive measures that are taken by university students to reduce the opportunity to commit identity theft, a theoretical framework of SCP is appropriate.

3. Literature review There is a considerable amount of existing literature that has examined the various issues related to identity crime such as its definition and legislative issues (Perl, 2003; Gerard et al., 2004; Dixon, 2005; Newman and McNally, 2005; Sproule and Archer, 2006; Commonwealth of Australia & Model Criminal Law Officers’ Committee of the Standing Committee of Attorneys-General, 2008; Organisation for Economic Co-operation and Development, 2008); the extent of, and cost of the crime (Dixon, 2005; Newman and McNally, 2005); types of identity theft and fraud (Foley and Foley, 2003; Lozusic, 2003; Towle, 2004; Newman and McNally, 2005; Organisation for Economic Co-operation and Development, 2008); victims (Slosarik, 2002; Foley and Foley, 2003; Sharp et al., 2004; Towle, 2004; Allison et al., 2005; Newman and McNally, 2005; Organisation for Economic Co-operation and Development, 2008); offenders (Towle, 2004; Allison et al., 2005; Newman and McNally, 2005; Copes and Vieraitis, 2007, 2009); and responses to identity crime (Slosarik, 2002; Foley and Foley, 2003; Lozusic, 2003; Towle, 2004; Newman and McNally, 2005).

Only a few studies can be found that focus on students’ knowledge of different types of identity theft and identity fraud, students’ knowledge of how identity theft and identity fraud is perpetrated and the ways in which students need to protect themselves against identity theft and identity fraud.

One of the first studies that focussed on students’ knowledge of identity theft and fraud was undertaken by Milne, 2003. Milne (2003) conducted an exploratory study that measured the self-reported behaviour of 61 college students and 59 non-students in the USA. The questions provided in a questionnaire were based on identity theft preventive activities that were recommended by the Federal Trade Commission. Milne found that 36 per cent of students and 49 per cent of non-students use their mother’s maiden name, their pet’s name or their birth date, or the last four digits of their social security number[1], or a series of consecutive numbers as a password. It is obvious that both cohorts failed to recognise the importance of non-obvious passwords. In addition, 82 per cent of students and 43 per cent of non-students were willing to reveal their personal identifying information to marketers without finding out how their personal information would be used. Further, 30 per cent of students and 33 per cent of non-students did not check their billing statements for mistakes or report these immediately, and 44 per cent of students and 25 per cent of non-students left their mail

465

Identity theft and university

students

in their home mailbox for a day or two before they picked it up. Only 22 per cent of students and 23 per cent of non-students who owned a credit card had ordered a copy of their credit report within the last year (Milne, 2003). The results of the study indicate that both students and non-students need to be encouraged to use simple but effective techniques to minimise the risk of identity theft and identity fraud.

A more representational study was conducted by Higgins et al. (2005), in which 234 university students from the USA were the sample, containing 152 females and 82 males, who were, on average, 21 years old. In this study, students were asked to report their knowledge of five different forms of identity fraud (credit card fraud, telecommunication fraud, utility fraud, bank fraud and fraudulent loans), their self-protective behaviour and their ability to estimate the percentage of victimisations associated with identity theft, by using a five-point Likert scale survey. Only 5.1 per cent of students indicated that they knew very little, and 20.5 per cent of students knew little about credit card fraud. The majority of students (66.7 per cent) indicated that they had some, or a lot of knowledge about credit card fraud. In contrast, 78.2 per cent of students reported that they knew very little, or little about utility fraud, 70.1 per cent of students reported that they knew very little or little about fraudulent loans and 60.3 per cent of students indicated that they knew very little or little about telecommunications fraud. In terms of students’ self-protective behaviours, the study found that 12 per cent of students reviewed bank statements just a few times a year, and only 3.4 per cent of students did not review bank statements, which is a different result from Milne (2003), who reported that 30 per cent of students and 33 per cent of non-students did not check their billing statements for mistakes (Higgins et al., 2005).

Several studies were conducted by Winterdyk. Winterdyk et al. (2007) measured the self-reported perception and awareness about the nature, extent, risk and effects of identity theft, and a variety of fraudulent behaviours among 360 Canadian and 200 British students. Their study replicated Higgins et al.’s (2005) study, but they considered other issues as well, and thus their study focussed on six categories:

(1) knowledge of identity theft; (2) participation in financial transactions; (3) the perception of identity as a problem; (4) the perception of identity theft reporting; (5) risky practices; and (6) respondents’ self-reported identity theft victimisation.

The findings about students’ knowledge of identity theft are somewhat consistent with the results of Higgins et al. (2005). Students reported the best knowledge about credit card fraud, but much less knowledge about telecommunications fraud and utility fraud. For example, 61 per cent of British students reported to have some or a lot of knowledge about credit card fraud compared to 59.3 per cent of Canadian students. On the other hand, 72 per cent of British and 82.3 per cent of Canadian students indicated that they had very little or a little knowledge about utility fraud, and 70 per cent of British students and 75.3 per cent of Canadian students had very little or a little knowledge about fraudulent loans. From the results, it seems that Canadian students reported that they had less knowledge about the different types of identity theft than the British students (Winterdyk et al., 2007). One of the preventive measures that can be taken is

JFC 21,4

466

therefore to make students aware of the risks of identity crime and the way in which they can protect themselves from such crimes.

Winterdyk et al.’s (2007) findings indicated that students, internationally, do not have sufficient knowledge about identity theft and fraud, and this is consistent with Higgins et al.’s (2005) study. The results are also consistent with other studies focussing on students’ awareness and knowledge about criminal justice issues (Giacopassi and Vandiver, 1999; Hensley et al., Roberts et al., 2003 cited in Winterdyk et al., 2007).

Winterdyk and Thompson (2008) compared a sample of 360 Canadian students used in the previous study with a sample of 106 non-students. The study again focussed on the self-reported perception and awareness of identity theft issues. The findings indicated that non-students are generally better informed about identity theft and identity fraud than college/university students. Despite this result, it is noted that a worrying 63.8 per cent of the non-students indicated that they knew very little or little about telecommunication fraud, 67 per cent of the non-students indicated that they knew very little or little about utility fraud and 65.7 per cent of the non-students indicated that they knew very little or little about fraudulent loans (Winterdyk and Thompson, 2008).

The study provides us with another interesting finding. Both groups were asked if they thought any of the five categories of identity fraud included in the survey represented a problem in terms of where they lived or worked. Both students’ and non-students’ primary answer about all five types of identity fraud was “to a very small extent” (Winterdyk and Thompson, 2008). This attitude indicated that both categories are unaware of the fact that the risk of identity theft and identity fraud is a serious problem. Winterdyk and Thompson (2008) conclude that students appear to be somewhat more naive about the risk associated with identity theft and identity fraud.

Winterdyk and Filipuzzi (2009) also compared a sample of 360 Canadian students used in the previous study with a sample of 104 Mexican students. The findings are similar to the other studies. The results showed that the Mexican students appeared to be slightly more informed about identity theft than the Canadian students. Further, consistent with previous reports, 76.5 per cent of Mexican students who reported being a victim of identity theft indicated that the incident took on the form of credit card fraud. Winterdyk and Filipuzzi (2009) concluded that neither of the two groups of students were well informed about the risks associated with identity theft. Furthermore, they stated that the students were only reasonably vigilant in terms of protecting their personal information.

Higgins et al. (2010) conducted a recent study that utilised the sample of students from their previous study, but in this study, they used the Rasch model analysis to conduct the scaling of individual responses. The results of their analysis did not differ from the other studies and supported other findings in that some students protect themselves against the risk of identity theft, while other students do not. This indicates that some students are not aware or knowledgeable enough about the risk of identity crime.

Finally, Norum and Weagley (2006) researched the self-reported perception of students’ ability to identify a secure Internet site, and the frequency with which students used secure websites compared to unsecured websites for personal purchases. They found that college students can be considered to be reasonably computer savvy. Norum and Weagley (2006) also expressed an opinion that it is disconcerting that nearly 30 per cent of students do not know how to recognise a secure site. However, because the ability

467

Identity theft and university

students

of fraudsters to create sites that appear to be legitimate and secure is increasing, the actual risk can rather be seen in students’ overconfidence. As students only self-reported their ability to identify a secure site, it would be interesting to test how many of the 70 per cent of students who reported that they were capable of making such a recognition, are actually able to do so when faced with actual examples of unsecured sites.

Although the reviewed studies above reported on the level of students’ knowledge, none of the studies explained to what extent knowledge leads to the use of preventive measures, or what the factors are which may explain the relationship. Therefore, this gap in the literature is addressed in this paper.

4. Research methods The research is designed as a qualitative exploratory study with the aim to expand the body of empirical literature on the awareness of, knowledge about and preventive measures taken against the risk of identity theft.

A series of semi-structured interviews are used as the research method to collect data from university students. The interviews are designed as face-to-face interviews. The interview schedule contains a list of predetermined, close-ended questions and various open-ended questions for additional information to be gained.

4.1 Sample Non-probability, convenience sampling is used for this study. A convenience sample was chosen, as it is one that is easily accessible to the researcher, and supports the time restraints of the study, as student availability is subject to semester schedule. The research sample consists of undergraduate business, finance and accounting university students. The sample was obtained from business (BBus), finance (BCom (Fin)) and accounting (BCom (Acc)) Flinders Business School students who are at least 18 years old. The sample comprised 12 students (six males and six females). An appropriate sample size in qualitative research is discussed by many authors (Guest et al., 2006; Mason, 2010; Bryman, 2012; Rowley, 2012). Rowley (2012) states that a smaller amount of interviews may generate enough useful data, provided the research has been appropriately designed. This study was designed to gather high-quality data through in-depth interviews. Rowley (2012) further argues, that even 12 interviews of the approximate length of 30 minutes may generate sufficient interesting findings. Each interview in this study lasted 30 to 45 minutes, and the transcript of all interviews was 60,038 words long. The collected data from these interviews provided several insights and generated understanding of the researched field.

Both identity theft and identity fraud are often committed in the context of business activities (e-commerce trading, emails to consumers, using credit cards, etc.), and therefore, it was expected that business, finance and accounting students are more aware of the risk than other non-business students (the only exceptions to this assumption are information technology students). Research ethics approval for this study was obtained by the relevant university research committee.

4.2 Analysis Qualitative Data Analysis (QDA) is used to organise and analyse the collected data. This analysis method is commonly used in social science research. Dey (1993) describes QDA in several steps as shown in Table I.

JFC 21,4

468

5. Results Twelve business students (Flinders University) agreed to take part in the research. Table II shows the demographic details of the respondents.

5.1 Protection of identifying information Part of the research was to examine and understand how university students protect themselves against different types of identity theft. A key theme was therefore related to preventive measures taken by respondents to protect their private identifying information.

5.1.1 Documents and identity cards. Respondents were asked how they protect their documents and identity cards, as the majority of respondents considered theft of documents or identity cards as one of the ways of losing identifying information. The majority of respondents said that they used a filing cabinet to store their

Table I. Qualitative Data Analysis – steps

Finding a focus Finding a focus is the first step in the data analysis process, but must be continually re-evaluated throughout the whole period of research

An extensive literature review was undertaken to obtain a comprehensive understanding of current knowledge in the field of awareness of the risk of identity theft/fraud and preventive measures taken to protect against the identity theft/fraud

Managing data This step ensures that the data are accurately recorded and referenced for each interview

All interviews were audio recorded. In addition, written notes were taken during all interviews. Upon completion of each interview, the written notes and audio recording will be used to transcribe the interview. The transcriptions will then be used to analyse the information obtained

Creating categories Criteria that allow the researcher to distinguish between bits of individual observations must be established

For that purpose, categories were developed to create an appropriate analytic context

Assigning categories The researcher must be able to identify and assign data to individual categories to allow analysis

Data were broken up into individual “databits” based on meanings rather than the number of words. This is consistent with Dey’s view of databits, which are considered as “units of meaning” (Dey, 1993, p. 117)

Making connections, linking data Involves identifying relationships between data

Connections were identified through linked data, and confirmed through repeated association between databits. Similarities, singularities and patterns were identified

Producing an account The final step in the qualitative data-analysis process is to produce an accessible, reliable, valid and representative account

A representative account of all the interviews was produced

469

Identity theft and university

students

documents containing their identifying information or their identity cards. A common pattern could be identified from the data collected, as most of the respondents further stated that they did not lock their filing cabinets, despite the fact that the option of locking the filing cabinet was available to them. Several respondents stated that they did not feel that they needed to protect their documents and offered their explanation. The most common explanation was that they did not have many funds to protect, but that they might change the way they in which they protected their documents once they started receiving regular income. This view can be demonstrated by statements given by two respondents:

Possibly later, when I have more cash flow then I would invest in more protection and at the moment is not that much (Respondent 4).

Because I am a student, so I have got a few dollars (Respondent 6).

This indicates an obvious misunderstanding of the risk associated with identity crime. This is because offenders may use stolen identifying information to commit other fraud, such as obtaining a loan or other credit facility, or obtaining non-financial benefits. This could happen regardless of the actual funds held by the identity theft victims.

Respondents were further asked how they disposed of documents that contained identifying information such as bank statements or utility bills. A common theme regarding preventive measures was observed when respondents stated that they possessed a shredder, but only two of the respondents used it on a regular basis. Many respondents stated that they kept a pile of documents for a longer period of time before the documents were shredded, as evidenced by one respondent, who stated:

I have got a shredder but I have not used it much. So, I have actually a bin of the stuff I am supposed to shred that I have not shredded because I have not got around those (Respondent 1).

Table II. The demographic details of the respondents

Category Subcategory Number of respondents

Gender Male 6 Female 6

Age (years) � 20 1 20-29 5 30-39 1 40-49 3 50 � 2

Study program BCom 10 BBus 2

Working experience Accounting, finance or business-related area

5

In other area 5 No working experience 2

Living With parents 4 On their own 8

Residency Australian 11 International 1

JFC 21,4

470

From the data collected, it was evident that some respondents were not cautious when disposing of documents at all. Several respondents stated that they put various documents directly into a rubbish bin. For example two respondents stated that they put bank statements directly in the trash bin. Interestingly, many of the same respondents previously acknowledged a rubbish bin as a way of stealing identifying information.

Explanation was therefore needed from the respondents who put their documents directly into a rubbish bin, and various answers were obtained, for example:

It is good thing I do not have much in my bank account (Respondent 10).

From personal point of view, I just do not feel I have anything of use to anybody, except for a few students’ dollars (Respondent 5).

Similarly, with statements mentioned previously, this shows that respondents do not understand the risk associated with theft of identifying information. As explained previously, offenders may use the stolen identifying information for other fraudulent transactions rather than just for a withdrawal of funds.

Respondents were further asked whether, in their opinion, they carried more identity cards than they needed. Carrying the minimum number of identity cards prevents the risk of having them stolen or lost. More than half of the respondents stated that they carried more identity cards than needed. Many of them justified that by stating that is the way they had control over their identity cards, and this sentiment is expressed by the following statement:

I think that the things are safer being on my person rather than leaving them at home (Respondent 7).

It could be argued that respondents are more cautious when it comes to protecting their identity cards, but it is questionable whether carrying all identity cards at all times is a solution in case of their theft or loss.

5.1.2 Mailboxes. The preventive measure theme was further explored by examining respondents’ preventive measures in relation to mailboxes. This section of the results reflects on the fact that nearly all respondents considered mailboxes as one of the main sources of losing identifying information. Despite the respondents’ awareness, the data illustrate that respondents did not protect themselves against the risk of identity theft in relation to mailboxes. A common theme was therefore identified, because the majority of the respondents stated that they did not lock their mailboxes. As respondent one states:

It’s not locked, I can’t be bothered having to unlock and lock the letterbox every day (Respondent 1).

On the other hand, it was found that respondents did collect received mail from their mailboxes on a daily basis. Respondents were asked to provide an explanation as to why they did not lock their mailboxes. The most common response was that it was very inconvenient to unlock and lock the mailboxes every day and therefore respondents left them unlocked all the time. Similar to previous responses, some respondents demonstrated that they did not understand the risk of identity crime. For example:

I do not worry about that because most things, not many very important things come through the mail […] usually they are just notices of bills […] no one sends me hundred dollar bills through the post (Respondent 1).

471

Identity theft and university

students

The respondent further stated that she received bills from utility providers and mail from the bank. The information stated in these documents certainly contains some identifying information that can be, in itself, or in combination with other information, used to commit fraud.

5.1.3 Computers, mobile phones, internet connections. This part of the research examines respondents’ preventive behaviour themes in relation to their computers and mobile phones. A common theme could be observed, as the majority of the respondents stated that their computer was password protected. In addition, the majority of the respondents stated they had installed anti-virus software on their computers. More than half of these respondents stated that they had paid for anti-virus software as compared to free versions. Respondents provided different reasons as to why they used a paid for or free version of anti-virus software. For example, Respondent 6, who used a paid for version, stated:

I don’t trust the free ones because I think the free ones put viruses on your computer so they put a virus on your computer and say hey we found a virus would you like to pay for a subscription. So I don’t really like that, I would rather go without anti-virus than have a free one (Respondent 6).

On the other hand, one respondent paid for anti-virus software, and nevertheless, was still using a free version:

I did actually, when I bought the laptop, I bought the Norton anti-virus, but I never installed it, because I had the free one and I thought that will be enough (Respondent 9).

The respondents who acknowledged that they did not have any anti-virus software on their computers stated that they used Mac computers. These respondents believed that Mac computers were not threatened by computer viruses. For example:

I’ve got a Mac, so I don’t have a lot of virus protection on there, because I had it for three years and I have not had any viruses on that (Respondent 3).

It is perhaps quite naive to think that a Mac computer is not infected without having software that would indicate such an event had or had not taken place.

Further, two opposing themes emerged when the respondents were asked what other components of computer security they used, such as malware, anti-phishing software or firewalls, etc.

Some respondents indicated that they went beyond the usual protection of having only anti-virus software, or that they had thought about issues related to the security of their computers. For example:

[…] it (notebook) has got a facial recognition on it to get me access […] I’ve got AVG and McAfee (anti-virus software), spyware and firewall […] I use the Gmail, they filter (anti-spam), seems to be pretty good (Respondent 5).

However, there were some respondents who stated that they did not know what or whether there was other security software installed on their computers:

I’ve got anti-virus software […] but I could not tell you any more than that (Respondent 8).

This indicates that some respondents are not paying attention to the risk associated with the use of computers or notebooks, and that their personal information may be at risk.

JFC 21,4

472

Respondents were further asked whether they considered the appropriate level of security needed for their computers, and whether they changed the setting of their anti-virus software accordingly. A common theme was that many respondents indicated that they did not change the configuration of their anti-virus software based on their needs, and rather left it at a default level, or they that did not know that they could change the configuration of their anti-virus software.

Another question was related to prevention measures taken by respondents to protect their smartphones or tablets. A regular pattern was observed, as most respondents did not protect access to their smartphones or tablets by passwords or codes. The majority of respondents stated that they did not have any anti-virus or other security software installed on their smartphones or tablets. They also stated that they did not know that anti-virus or other security software for these devices existed. For example:

It’s technology but I am not sure how to use it […] No, I did not know you could (have anti-virus software installed on a mobile device) (Respondent 1).

5.1.4 Passwords, PINs. Three sub-themes emerged when respondents were asked how they stored passwords or PINs. The first sub-theme was identified when respondents stated that they memorised their passwords. Respondents who memorised their passwords stated that they had a limited number of one to six passwords because it was difficult to memorise them. For example, one respondent stated:

I have five different passwords that I use in motions, so change them every month or so, and I adjust them slightly […] but sometimes it’s annoying because you got to type the password and remember that you have changed it and then you have to type different passwords (Respondent 6).

The data further illustrated that respondents use some of their passwords for more than one login. A second sub-theme emerged when respondents stated that they had their passwords written down in a book, on a computer or on their phone. Respondents who had their passwords written down stated that they did so only because they could not memorise all the passwords and that it had already happened to them that they had had difficulty in retrieving forgotten passwords. For example, one respondent stated:

I have them all written down in a book next to my computer, in a cupboard next to my computer […] Because it is easier […] Yes, I am aware of that (the risk) and used to have all my passwords written in different spots […] and just ended up with so many, that I did not know where to look for it and it just got a bit of pain so I ended up writing them down in one book […] I know it is risky but I just did it because it is easier (Respondent 9).

A third sub-theme emerged as none of the respondents considered using computer software to secure their passwords. Respondents expressed a view that they had either never heard about it or they would not trust such a software tool. This is illustrated by a respondent, who stated:

No, I would become too paranoid […] in case someone hacks in (Respondent 7).

5.1.5 Internet transactions, ATM transactions and EFPOST transactions. The interview further focussed on preventive measures taken by respondents in relation to financial transactions. A common theme was identified when many respondents, who make Internet purchases, used the PayPal facility as a way of secure payment and

473

Identity theft and university

students

protection of their bank card details. A regular, common pattern was identified, as most respondents cover the keypad on the ATM, but do not observe the ATM itself for any irregularities. In addition, many respondents stated that they did not always watch their bank card during an EFTPOST transaction.

5.1.6 Social networking websites. Another theme emerged in relation to disclosing private information on social networking websites, such as Facebook. The majority of respondents stated that they had a Facebook account. The majority of the respondents stated that they used the privacy setting available at Facebook to limit other people’s access to the information posted on their Facebook page. For example, a respondent stated:

I only ever add people that I know and my profile is set completely on private (Respondent 3).

In addition, some respondents said that they used false personal information to protect themselves, such as:

No I would lie […] I would lie about everything. I consider that anything you put on FaceBook, it’s like you standing on some street corner and shout it loud to the whole universe, and everybody knows it. I would not put anything that is not public anyway (Respondent 1).

5.1.7 Scam fraudulent systems. The data also illustrate how respondents reply to various requests to provide personal identifying information. Such requests are usually in the form of emails or phone calls. A common pattern identified was that most of the respondents indicated that they did not provide any personal information over emails. This can be illustrated by the following:

I don’t normally open anything like that and normally delete it straight away, if I don’t know who the sender is, I normally delete it (Respondent 3).

However, the data also indicate that respondents might provide some of the personal identifying information (including credit card details) over the phone. For example:

[…] it depends on the call […] recently charity rang me up, they wanted only 20 bucks […] It depends. Sometimes, they catch you in a weak moment and you go […] Yes, you don’t think about the credit card (Respondent 2).

I probably would, I am bit ashamed to say, but I probably would (Respondent 8).

5.1.8 Voluntary disclosure. The final part of the interview reflected on the fact that there are many situations when people are asked to provide personal identifying information, for example, when signing contracts, subscribing for online services or just as a part of product promotion sales. Respondents were asked whether they ever questioned how their personal identifying data would be stored and who might have access to that data. A theme emerged when several respondents indicated that if the option existed, they did not provide their personal information or they did not give consent for their information to be given to third parties; however, if the option did not exist, they simply agreed without further questioning of what would happen to the data, and they never questioned how their personal identifying data would be stored and who else might have access to that data. For example:

No, never (questioned how the information would be stored and who would have access to the information) […] Yes (usually ticking the box) and hope for the best (Respondent 7).

JFC 21,4

474

5.2 Relationship between knowledge of the risk of identity theft and preventive measures taken by university students This paper seeks to understand the different factors that influence the relationship between knowledge of the risk of identity theft and preventive measures taken by university students. It would be expected that if individuals were aware and knowledgeable about the risk of identity theft, they would take appropriate preventive measures. From the data collected, several factors, that have important influence over the relationship between knowledge of the risk of identity theft and preventive measures taken by university students, are identified.

Overall, respondents are reasonably knowledgeable of the general issues related to the risk of identity theft. It seems that several factors, such as increased attention of the media to the problem of identity crime and government initiatives, for instance, awareness campaigns or information booklets, positively influence individuals’ general knowledge about the risk of identity crime.

However, the results show that it is necessary to distinguish between knowledge of general or basic issues related to the risk of identity theft and more specific or detailed knowledge of those issues. The study finds that there is a considerable gap between respondents’ general knowledge and more detailed knowledge, and this consequently results in inadequate preventive measures being taken by the respondents.

Despite the fact that one respondent was not able to make clear what identity crime, identity theft or identity fraud is, the majority of respondents demonstrated that they were able to explain what the terms mean and were able to demonstrate their general knowledge about identity theft. Further, they were able to discuss the consequences of being a victim of identity theft in general terms. The majority were also able to acknowledge an awareness of direct financial consequences which would indicate that appropriate preventive measures are applied by them to reduce the risk of identity theft. However, the data illustrate that respondents do not really understand what the potential consequences of identity theft might be. This can be evidenced by several statements:

• I have not really much worth stealing (Respondent 1). • Possibly later, when I have more cash flow then I would invest in more protection

and at the moment is not that much (Respondent 6). • Because I am a student, so I have got a few dollars (Respondent 6). • It is good thing I do not have much in my bank account (Respondent 10).

There is no doubt that identity fraud is often committed against an existing asset. However, identity fraud takes many other forms. Perpetrators can use stolen identifying information to obtain new credit facilities, such as personal loans or mortgages. Further, perpetrators can enter into various contracts that also have financial implications such as mobile phone services, utility services or any rental services. Increasingly, identifying information is used by organised criminal groups, for example, to support human trafficking, money laundering or terrorism (Lozusic, 2003). Therefore, individuals should be cautious about their identifying information regardless of the financial assets they hold.

475

Identity theft and university

students

Second, it can also be concluded that some respondents do not understand what perpetrators of identity theft are looking for and therefore what should be protected. This can be illustrated by the following responses:

I do not worry about that because most things, not many very important things come through the mail […] usually they are just notices of bills […] no one sends me hundred dollar bills through the post (Respondent 1).

I have nothing of use to anybody, except for a few students’ dollars (Respondent 5).

These respondents demonstrated that they did not understand that the perpetrators are targeting any identifying information such as a name or address, date of birth, driver licence number, credit or debit card number or financial account number, even though this information may not be associated with the possession of a significant financial amount, if any at all. Certainly, notices of bills contain much identifying information.

Third, several respondents stated that they felt safe and therefore that they did not take extra security measures. This can be illustrated by the following statements:

I suppose, I think what is the chance of us being broken into (Respondent 9).

I guess I am just a small target, there are so many bigger people out there you could get (Respondent 7).

I have not been really worried, I have taken only the minimum, and it is, I suppose, because nothing much really happened […] I don’t worry about security (Respondent 1).

If I were acting in another culture environment, like a bigger social Mecca, like London, New York, or Paris, but I do not feel that Adelaide has the real requirements for people to go those extra lengths (Respondent 5).

Although many forms of identity theft are physical in nature, other forms are not linked to the physical location of the victim, for example, an email scam or phishing. Therefore, individuals should be alert to the risk of identity theft, regardless of their place of residence.

Moreover, several respondents stated that they were aware of the risk, but cited lack of time or inconvenience as a factor that reduced the way they protected themselves:

It’s not locked, I can’t be bothered having to unlock and lock the letterbox every day (Respondent 1).

I tried but it took too long (Respondent 2).

I have got lots of locks; it’s the inconvenience (Respondent 7).

I know it is risky but I just did it because it is easier (Respondent 9).

6. Discussion 6.1 Re-theorising of identity theft As discussed earlier, several existing studies that focussed on identity crime use an SCP framework to explain issues related to identity crime (Newman and McNally, 2005; Berg, 2008; Newman, 2008; White and Fisher, 2008; Willison, 2008). This framework

JFC 21,4

476

reflects on the fact that, in relation to crime prevention, an opportunity to commit a crime is a significant contributory factor that needs to be eliminated or reduced by informing the individuals about the risks associated with the crime. Applying this theory, an opportunity to commit a crime is therefore reduced if individuals are knowledgeable about the risk of identity crime and are able to change their environment by applying the appropriate preventive measures to make the crime less attractive to criminals. This study found that the participants were reasonably knowledgeable regarding the general issues about the risk of identity theft; however, many participants were found to have a limited knowledge of, or they misunderstood, the specific issues. As a result, the research found that students possessing knowledge about specific issues, as opposed to knowledge about general issues associated with the risk of identity theft, were able to apply those measures that are able to prevent or reduce the risk of them becoming a victim of identity theft. Applying the findings to the situational crime-prevention framework, the view is that knowledgeable individuals are in a better position to consider the use of appropriate preventive measures, and thus are able to reduce the chances of becoming victims of identity crime. As such, the findings indicate support for the framework.

Moreover, the findings further contribute to the current knowledge system in relation to identity theft, indicating that the extent of an individual’s knowledge plays an important role in the individual’s decisions to use, or not to use, preventive measures. For example, despite the fact that a respondent was aware of the fact that identification information could be stolen via a mailbox, this knowledge of the risk did not lead to one respondent securing their mailbox. This is because the respondent did not know what the perpetrators were looking for, and believed that the mail she received did not contain any identifying information. When the respondent was asked to state what type of mail she received, it was found that much of her incoming mail actually did contain highly sensitive identifying information.

Milne (2003) recommended that students needed to be better informed about the risk of identity theft. When considered in light of the data from this study, this view is supported, but the study further indicates that general information about the risk of identity theft is not sufficient. Therefore, students need to receive more specific information for them to effectively use preventive measures and thus reduce the risk of becoming victims of identity crime. This finding is of importance to individuals and to institutions that provide information to educate individuals about the risk of identity crime, and thus to prevent or minimise its occurrence.

This study also differs from previous studies in terms of the data collection method. Previous studies related to students’ knowledge about identity crime mostly used self-reporting questionnaires. There is a constraint with these studies because such an approach limits the possibility of validating to what extent these statements are true. As indicated previously, respondents can be of a mistaken view that they possess knowledge about identity crime. As this study used interviews as a primary data collection tool, this enabled the verification of the validity of respondents’ claims about their knowledge of identity theft. The study shows that respondents might indicate that they possess knowledge related to identity theft; however, through the process of follow-up questions, it was found that respondents may not have an appropriate understanding. As a result, the study indicates that the choice of an appropriate, primary data collection method plays a very important role in research on identity

477

Identity theft and university

students

crime. In addition, the study highlights the importance of validating self-reported responses to corroborate the credibility of the data.

In addition to the cases where respondents did not apply the appropriate preventive measures due to their limited knowledge about the risk of identity theft, other factors were also identified. Although some respondents demonstrated sufficient knowledge of the issues related to identity theft, they indicated that a lack of time or inconvenience were the key reasons that prevented them from using the preventive measures. In addition, some respondents did not take preventive measures, as they believed that they lived in a safe environment. Winterdyk and Thompson (2008) expressed an opinion that students appear to be somewhat more naive about the risks associated with identity theft, and this study indicates that the students’ naivety may stem from a lack of understanding of the consequences that follow on from identity theft.

6.2 Preventive measures and identity theft Avoidance of identity theft can be stimulated by the existence of capable guardians (Clarke and Homel, 1997). The data in this study indicate that respondents are not careful when disposing of documents that contain their identification information. Common themes are observed that indicate that respondents did not use shredders on a regular basis or that they put the documents directly into a rubbish bin. Further, the respondents indicated that they did not lock their mailboxes. These results support existing literature about this issue, for example, the studies by Towle (2004), Synovate (2007) and Dixon (2005), indicating that perpetrators may use trash bins and unlocked mailboxes as a common way of stealing identifying information. Copes and Vieraitis (2009) and White and Fisher (2008) go even further, claiming the theft from mailboxes is a major source for obtaining identification information. This study shows that respondents, by not using appropriate preventive measures, provide an opportunity to perpetrators for easy access to a range of identifying information. As such, the study provides support to previous studies. Preventive measures, which can be applied to reduce the risk of identity theft in relation to the disposing of documents and mail are quite simple and inexpensive and, therefore, should always be used. The view that evolves from the results of this study also supports the results of Milne (2003), who indicates that students need to be encouraged to use simple but effective techniques to minimise the risk of identity theft.

The process of scanning payment cards, as a common method of identity theft, is described by several authors (Lozusic, 2003; Dixon, 2005). The study data indicate that not many respondents observe the ATM for any irregularities and that they also do not always watch their payment card during an EFTPOST transaction. This behaviour enables to perpetrators to scan the victim’s payment cards and thus to steal their personal information. As such, the findings support the existing literature in that the scanning of payment cards is a popular method of stealing identity information. As financial institutions provide a great deal of information about this type of risk for identity theft, it seems that individuals voluntarily choose not to be informed, or not to follow the advice.

Milne (2003) expressed an opinion that the majority of students are willing to disclose their personal information to marketers without even asking how this information will be stored. A common theme emerged in this study when students indicated that they agreed to disclose their personal information when signing

JFC 21,4

478

contracts, subscribing for online services or as a part of a product-promotion sale, without questioning how their personal information would be stored or asking who else might have access to their data.

The study also supports Milne’s view concerning the extent to which requests to provide personal identifying information made over the phone are responded to. However, most of the respondents stated that they did not provide personal information over emails. The study indicates that individuals are more vulnerable to provide their information when human interaction is involved in the request (phone call, face to face etc.), but they are able to resist to requests made via email or mail. This is a new contribution to current knowledge about identity theft.

Grimmelmann (2009) and Wallbridge (2009) are also of the opinion that many people voluntarily disclose their personal information through social networks. However, this view is not supported by the data in this study. Several common themes were observed in relation to disclosing private information through social networks. First, the majority of the respondents stated that they used the privacy setting that is available on Facebook. They explained that they used this to reduce the amount of private information that could be accessed by other people. In addition, several respondents alleged that they would rather use false personal information to limit the risk of theft of their private information. The findings would indicate that these existing studies were carried out during the stage when individuals were unaware of the risks associated with social network use. Most likely, the media focus on the problem of privacy in social networks significantly increases individuals’ awareness of the problem. The study therefore challenges current thinking in the literature.

Existing literature also describes the theft of identifying information through computer methods, especially through phishing and malware (Dixon, 2005; Organisation for Economic Co-operation and Development, 2008). Several respondents indicated that they did not use any anti-virus software. The results also demonstrate that although some respondents went beyond the usual protection method of using only anti-virus software, there were also respondents who indicated that they had a limited knowledge of what, or whether, security software other than anti-virus software was installed on their computer. Further, a common theme was that several respondents stated that they did not change the configuration of their anti-virus software based on their consumer needs. Therefore, individuals provide an opportunity to offenders to commit identity theft and thus increase the risk of becoming a victim.

Choo et al. (2007) and the Organisation for Economic Co-operation and Development (2008) reported that despite an increased use of mobile devices to access the Internet, including using Internet banking, users in their study did not use security software applications to reduce or eliminate the risk of identity theft. When considered in light of the data from this study, this view is supported, as a common theme was observed when the majority of respondents indicated that they did not use any security software installed on their smartphones or tablets. In addition, the study also enhances the existing knowledge about identity theft, as another common theme was that respondents acknowledged that they did not know that anti-virus or other security software for these devices was available to use. This finding is important, as it indicates that users of electronic devices need to be better informed about the possibility of having their devices protected by security software.

479

Identity theft and university

students

7. Summary of the study Identity crime has been recognised as a serious problem for individuals, organisations and for society as a whole. Due to the fact that the estimates regarding financial loss and the number of victims are significant, it seems that it is difficult to effectively combat this type of crime. Students are described in the literature as a category that do not have sufficient knowledge about crime-related issues in general and therefore can be considered as a suitable target for criminals (Giacopassi and Vandiver, 1999; Hensley et al., Roberts et al., 2003 cited in Winterdyk et al., 2007). Only a few studies consider students’ knowledge in relation to identity crime. Therefore, the main focus of the paper was on university students’ knowledge of the risk of identity theft and what measures they typically apply to protect themselves against the risk of identity theft. Further, this study explained the factors that influence the relationship between the knowledge of the risk of identity theft and preventive measures taken by university students, using a SCP Framework.

The study found that the students were able to discuss what identity crime, identity theft or identity fraud meant, and were also able to discuss the consequences of being a victim of identity theft. However, the current research findings indicate that, despite that students were reasonably knowledgeable regarding the general issues about the risks of identity theft, many of the students only had limited knowledge once it came down to specific issues about the risks of identity theft. This limited knowledge or misunderstanding of specific issues prevented them from applying the appropriate measures that could reduce the risk of identity theft. When students discussed the preventive measures taken by them to minimise the risk of becoming victims of identity theft, they demonstrated that there were several other factors that negatively influenced the way the preventive measures were applied. The main misunderstanding lay in the notion that the perpetrators were only targeting victims possessing significant financial assets. In addition, the study demonstrated that some students did not understand what perpetrators of identity theft were looking for and thus what needed to be secured to prevent the theft. Further, several respondents did not take preventive measures, as they felt safe in the environment that they lived in. In addition, some students stated that they were aware of the risk, but the lack of time or inconvenience were the factors that prevented them from using the appropriate measures to reduce the risk of identity theft. The outcomes of the research findings may assist governments and other stakeholders with vested interests in combating identity crime to educate individuals about the circumstances where they are potentially vulnerable to identity theft.

7.1 Limitations of the study The study had several limitations. To begin with, owing to time and scope constraints, the study results are drawn upon a smaller sample of participants from one university business school only. Furthermore, data were collected only from business, accounting and finance students. Therefore, the generalisation of the results from the study may be limited to any theoretical hypotheses that emanate from the data, rather than to the population of all Australian university students.

7.2 Recommendations for further research The study focussed on university students’ knowledge in relation to identity theft. Several directions can be followed for further research in this field. Considering the limitations

JFC 21,4

480

related to this study, a further empirical study could be carried out that would expand its scope to different universities. Additionally, extending the sample of participants to students from other degree courses would be helpful to further evaluate the extent of students’ knowledge about identity theft. The results of such research could assist in further suggestions for the government, private sector and education sector.

Second, to increase the research scope regarding identity crime, a further study that focussed on identity fraud, as a second phase of identity crime, in relation to university students could be undertaken. Another study therefore might focus on the issues related to understanding the methods that prevent identity fraud, or that detect identity fraud in its early stages and, as a result, reduce the impact of the crime. Although several studies have been conducted, these studies used a self-reporting research instrument. It would be helpful to extend the existing research through interviews that would evaluate students’ real understanding of the issues related to preventive measures used to combat identity fraud.

Note 1. A social security number (SSN) is a nine-digit number issued to US citizens, permanent

residents and temporary residents with working permission.

References Allison, S.F.H., Schuck, A.M. and Lersch, K.M. (2005), “Exploring the crime of identity theft:

prevalence, clearance rates, and victim/offender characteristics”, Journal of Criminal Justice, Vol. 33 No. 1, pp. 19-29.

Australian Crime Commission (2011), Organised Crime in Australia, Australian Crime Commission, Australia.

Australian Institute of Criminology, and PriceWaterHouseCoopers (2003), “Serious fraud in Australia and New Zealand”, Research and Public Policy Series No. 48, Australian Institute of Criminology, and PriceWaterHouseCoopers, Canberra.

Berg, S. (2008), “Preventing identity theft through information technology”, in McNally, M.M. and Newman, G.R. (Eds), Perspectives on Identity Theft, Vol. 23, Crime Prevention Studies, Criminal Justice Press, Monsey, New York, NY.

Brantingham, P.L. and Brantingham, P.J. (1999), “A theoretical model of crime hot spot generation”, Studies on Crime & Crime Prevention, Vol. 8 No. 1, pp. 7-26.

Bryman, A. (2012), Social Research Methods, 4th ed., Oxford University Press, Oxford. Choo, K.K.R., Smith, R.G. and McCusker, R. (2007), “The future of technology-enabled crime in

Australia”, Trends and Issues in Crime and Criminal Justice, No. 341. Clarke, R.V. (1983), “Situational crime prevention: its theoretical basis and practical scope”, Crime

and Justice, Vol. 4 No. 4, pp. 225-226. Clarke, R.V. (1992), Situational Crime Prevention: Successful Case Studies, Harrow and Heston,

Albany, New York, NY. Clarke, R.V. (1995), “Situational crime prevention”, Crime and Justice, Vol. 19, pp. 91-150. Clarke, R.V., (Ed) (1997), Situational Crime Prevention: Successful Case Studies, 2nd ed., Harrow

and Heston, Albany, New York, NY. Clarke, R.V. and Cornish, D.B. (1985), “Modeling offenders’ decisions: a framework for research

and policy”, Crime and Justice, Vol. 6 No. 1, pp. 147-185. Clarke, R.V. and Homel, R. (1997), “A revised classification of situational crime prevention

techniques”, in Lab, S.P. (Ed), Crime Prevention a Crossroads, Anderson, Cincinnati.

481

Identity theft and university

students

Cohen, L.E. and Felson, M. (1979), “Social change and crime rate trends: a routine activity approach”, American Sociological Review, Vol. 44 No. 4, pp. 588-608.

Commonwealth of Australia, and Model Criminal Law Officers’ Committee of the Standing Committee of Attorneys-General (2008), “Final report: identity crime”, Commonwealth of Australia, and Model Criminal Law Officers’ Committee of the Standing Committee of Attorneys-General, Australia.

Copes, H., and Vieraitis, L.M. (2007), Identity Theft: Assessing Offenders’ Strategies and Perceptions of Risk, Department of Justice Sciences, University of Alabama at Birmingham.

Copes, H. and Vieraitis, L.M. (2009), “Understanding identity theft: offenders’ accounts of their lives and crimes”, Criminal Justice Review, Vol. 34 No. 3, pp. 329-349.

Cornish, D.B. and Clarke, R.V. (2003), “Opportunities, precipitators and criminal decisions: a reply to wortley’s critique of situational crime prevention”, Crime Prevention Studies, Vol. 16, pp. 41-96.

Dey, I. (1993), Qualitative Data Analysis: A User-Friendly Guide for Social Scientists, Routledge, London.

Dixon, N. (2005), “Identity fraud”, Research Brief No 2005/03, Queensland Parliamentary Library, Australia.

Foley, L. and Foley, J. (2003), Identity Theft: The Aftermath 2003, Identity Theft Resource Center, California.

Gerard, G.J., Hillison, W. and Pacini, C. (2004), “Identity theft: the US legal environment and organisations’ related responsibilities”, Journal of Financial Crime, Vol. 12 No. 1, pp. 33-43.

Grimmelmann, J. (2009), “Saving Facebook”, Iowa Law Review, Vol. 94 No. 4, pp. 1137-1206. Guest, G., Bunce, A. and Johnson, L. (2006), “How many interviews are enough? An experiment

with data saturation and variability”, Field Methods, Vol. 18 No. 1, pp. 59-82. Higgins, G.E., Hughes, T., Ricketts, M. and Fell, B. (2005), “Student perception and understanding

of identity theft: we’re just dancing in the dark£”, Law Enforcement Executive Forum, Vol. 9 No. 5, pp. 163-178.

Higgins, G.E., Hughes, T., Ricketts, M. and Fell, B. (2010), “Self-protective identity theft behaviors of college students: an exploration using the rasch person-item map”, The Southwest Journal of Criminal Justice, Vol. 7 No. 1, pp. 24-46.

Lozusic, R. (2003), “Fraud and identity Theft”, Briefing Paper No. 8/3, New South Wales Parliamentary Library, Australia.

Mason, M. (2010), “Sample size and saturation in Phd studies using qualitative interviews”, Forum Qualitative Sozialforschung/Forum: Qualitative Social Research, Vol. 11 No. 3, Art. 8, available at: http://nbn-resolving.de/urn:nbn:de:0114-fqs100387

Milne, G.R. (2003), “How well do consumers protect themselves from identity theft?”, Journal of Consumer Affairs, Vol. 37 No. 2, pp. 388-402.

Newman, G.R. (2008), “Identity theft and opportunity”, in McNally, M.M. and Newman, G.R. (Eds), Perspectives on Identity Theft, Crime Prevention Studies, Vol. 23, Criminal Justice Press, Monsey, New York, NY.

Newman, G.R. and McNally, M.M. (2005), Identity Theft Literature Review, 2005-TO-008, The US Department Justice, USA.

Norum, P.S. and Weagley, R.O. (2006), “College students, internet use, and protection from online identity theft”, Educational Technology Systems, Vol. 35 No. 1, pp. 45-59.

JFC 21,4

482

Organisation for Economic Co-operation and Development (2008), “Scoping paper on online identity theft”, DSTI/CP(2007)3/FINAL, Organisation for Economic Co-operation and Development.

Perl, M.W. (2003), “It’s not always about the money: why the state identity theft laws fail to adequately address criminal record identity theft”, Journal of Criminal Law & Criminology, Vol. 94 No. 1.

Rowley, J. (2012), “Conducting research interviews”, Management Research Review, Vol. 35 Nos 3/4, pp. 260-271.

Sharp, T., Shreve-Neiger, A., Fremouw, W., Kane, J. and Hutton, S. (2004), “Exploring the psychological and somatic impact of identity theft”, Journal of Forensic Science, Vol. 49 No. 1.

Sherman, L. (1995), “Hot spots of crime and criminal careers of places”, in Eck, J. and Weisburd, D. (Eds), Crime and Place, Crime Prevention Studies, Vol. 4, Criminal Justice Press, Monsey, New York, NY.

Sherman, L., Gartin, P. and Buerger, M. (1989), “Hot spots of predatory crime”, Criminology, Vol. 27 No. 1, pp. 27-55.

Slosarik, K. (2002), “Identity theft: an overview of the problem”, The Justice Professional, Vol. 15 No. 4, pp. 329-343.

Sproule, S. and Archer, N. (2006), Defining Identity Theft – a Discussion Paper, McMaster eBusiness Research Centre, Ontario.

Synovate (2007), “Federal trade commission – 2006 identity theft survey report”, Synovate, Virgina.

The Council of Australian Governments (2007), An Agreement to a National Identity Security Strategy, The Council of Australian Governments, Australia.

Towle, H.K. (2004), “Identity theft: myths, methods, and new law”, Rutgers Computer and Technology Law Journal, Vol. 30 No. 2, pp. 237-325.

Wallbridge, R. (2009), “How safe if your Facebook profile? Privacy issues of online social networks”, ANU Undegraduate Research Journal, Vol. 1, pp. 85-92.

White, M.D. and Fisher, C. (2008), “Assessing our knowledge of identity theft”, Criminal Justice Policy Review, Vol. 19 No. 1, pp. 3-24.

Willison, R. (2008), “Applying situational crime prevention to the information systems security context”, in McNally, M.M. and Newman, G.R. (Eds), Perspectives on Identity Theft, Crime Prevention Studies, Vol. 23, Criminal Justice Press, Monsey, New York, NY.

Winterdyk, J. and Filipuzzi, N. (2009), “Identity theft: comparing Canadian and Mexican students perception and awareness and risk of victimization”, International Review of Victimology, Vol. 16 No. 3, pp. 312-338.

Winterdyk, J. and Thompson, N. (2008), “Student and non-student perceptions and awareness of identity theft”, Canadian Journal of Criminology and Criminal Justice, Vol. 50 No. 2, pp. 153-186.

Winterdyk, J., Thompson, N. and Antonopoulos, G. (2007), “Identity theft: a comparative study of students awareness”, Canadian Journal of Police and Security Services, Vol. 5 No. 1, pp. 23-29.

Corresponding author Ludek Seda can be contacted at: ludek.seda@flinders.edu.au

To purchase reprints of this article please e-mail: reprints@emeraldinsight.com Or visit our web site for further details: www.emeraldinsight.com/reprints

483

Identity theft and university

students