ABSTRACT
Introduction Currently, identity fraud seems to be one of the fastest growing crime types (Benson, 2009), and therefore it is a topic of clear concern. Alongside this increase goes the digitalization of many public and commercial services. Nowadays, clientorganization interactions often involve authentication procedures that require online use of personal identification information, such as usernames, passwords, credit card numbers, social security numbers, et cetera (NCSC, 2014). The criminal misuse of such procedures first involves identity theft, which is the illegal capture of such identifying information. In the current digital age, this is oftentimes possible by hacking operations. A subsequent step is identity fraud, which is the act of using this information by pretending to be someone else (e.g. using someone else’s username and password or credit card information) and performing a financial transaction with it on behalf of the victim’s identity. Companies and government services that use (digital) authentication procedures have databases including these personal identifiers, and the increasing use of such procedures leads to a growth of client databases (Bijlsma et al., 2014). According to Schermer and Wagemans (2009), the average citizen in the Netherlands is registered in hundreds of databases. These databases are nowadays ‘hot products’ (Clarke, 1999) for hackers, because successful breaches of such data involve the theft of thousands or millions of people’s identifying information that can deliver considerable profit to sellers (Motoyama et al., 2011; Shulman, 2010; Soska & Christin, 2015). The Darkweb, a hidden part of the Internet that provides anonymity through encryption of digital user traces, hosts marketplaces for trade in bulk of credit card details and malware that can facilitate ID-fraud operations (Ablon et al., 2014).
