Would you trade your sensitive personal information for a cookie? Probably not? Well, that’s just what 380 New Yorkers did in a ‘Please Enable Cookies’ experiment conducted at an arts festival in Brooklyn in 2014. In a twist on the concept of web ‘cookies’ an artist asked passersby to provide personally identifiable information such as their mother’s maiden name, the last four digits of their social security number, and their fingerprints in exchange for gourmet cookies including flavors such as pink pistachio peppercorn and chocolate chili fleur de sel. It’s possible that the participants felt assured that the information would not be used for any objectionable activity, such as identity fraud, but increasingly we see consumers trading privacy in exchange for convenience, or cookies.1
While consumers reportedly worry about security and value their privacy, they continue to freely give up their personal information. This disparity in what consumers say compared to what they actually do has been highlighted in a number of experiments showing that individuals are often willing to give up private or sensitive personal information for small rewards, as demonstrated by the ‘Please Enable Cookies’ study. Online services and social media accounts are a goldmine of information for those with malicious intent because personal information such as your name, your first school and mother’s maiden name may be just a few clicks away2. Does continuing to expose personal information online in this way put an individual at greater risk of having their identity stolen?
The ID:A Labs team conducted a study to determine if a person’s online exposure – the degree to which they share personal information online – might be a predictive measure of whether they are at greater risk of identity fraud. In the study, we created an “exposure-fraud score” aimed at using an individual’s level of online exposure to predict the likelihood of the consumer becoming a victim of identity fraud. The score had some success, which suggests a correlation between the degree of privacy an individual uses online and their likelihood of being a victim of identity theft.
The above figure shows that an individual with a higher exposure-fraud score has a higher likelihood of becoming an identity theft victim and the below chart shows that the score was able to effectively rank order the fraud victims. And more surprisingly is the highest risk decile have a fraud victimization rate that is 4x higher than the lowest risk decile.
So why does this matter? As online interactions increase and the demand for more customized services grows, consumers will be asked to share personal information with a diverse group of organizations. These individuals will be at greater risk for identity fraud, creating a need for tools to combat increasingly sophisticated threats. It’s a trend that ID:A Labs will continue to explore to better understand how broader access to personal information impacts fraud rates.
To learn more download our Online Privacy vs. Security executive summary.
Dr. Stephen Coggeshall is the Chief Analytics and Science Officer at ID Analytics, LLC
1 Beckett, Lois. ProPublica. (1 October 2014) How Much of Your Data Would You Trade for a Free Cookie? An artist tests whether New Yorkers will give away their mother’s maiden name or part of their Social Security number for a homemade cookie. https://www.propublica.org/article/how-much-of-your-data-would-you-trade-for-a-free-cookie
2 The Fraud Practice. (3 April 2014) Social Media is a gold mine for fraudsters http://fraudpractice.com/fraudblog/?page_id=1641