and Delinquency Journal of Research in Crime

Journal of Research in Crime andhttp://jrc.sagepub.com/ Delinquency

Online Routines and Identity Theft Victimization : Further Expanding Routine Activity Theory beyond Direct-Contact Offenses Bradford W. Reyns Journal of Research in Crime and Delinquency 2013 50: 216 originally published online 8 November 2011 DOI: 10.1177/0022427811425539 The online version of this article can be found at: http://jrc.sagepub.com/content/50/2/216

Published by: http://www.sagepublications.com

On behalf of: John Jay College of Criminal Justice, City University of New York

Additional services and information for Journal of Research in Crime and Delinquency can be found at: Email Alerts: http://jrc.sagepub.com/cgi/alerts Subscriptions: http://jrc.sagepub.com/subscriptions Reprints: http://www.sagepub.com/journalsReprints.nav Permissions: http://www.sagepub.com/journalsPermissions.nav Citations: http://jrc.sagepub.com/content/50/2/216.refs.html

>> Version of Record - May 6, 2013 OnlineFirst Version of Record - Nov 8, 2011 Downloaded from jrc.sagepub.com at WEBER STATE UNIV on June 1, 2013

What is This?

Article Journal of Research in Crime and Delinquency 50(2) 216-238 ª The Author(s) 2013 Reprints and permission: sagepub.com/journalsPermissions.nav DOI: 10.1177/0022427811425539 jrcd.sagepub.com

Online Routines and Identity Theft Victimization: Further Expanding Routine Activity Theory beyond Direct-Contact Offenses Bradford W. Reyns1

Abstract Objectives: The purpose of the current study was to extend recent work aimed at applying routine activity theory to crimes in which the victim and offender never come into physical proximity. To that end, relationships between individuals’ online routines and identity theft victimization were examined. Method: Data from a subsample of 5,985 respondents from the 2008 to 2009 British Crime Survey were analyzed. Utilizing binary logistic regression, the relationships between individuals’ online routine activities (e.g., banking, shopping, downloading), individual characteristics (e.g., gender, age, employment), and perceived risk of victimization on identity theft victimization were assessed. Results: The results suggest that individuals who use the Internet for banking and/or e-mailing/instant messaging are

1

Department of Criminal Justice, Weber State University, Ogden, UT, USA

Corresponding Author: Bradford W. Reyns, Department of Criminal Justice, Weber State University, 1206 University Circle, Ogden, UT 84408, USA. Email: [email protected]

Downloaded from jrc.sagepub.com at WEBER STATE UNIV on June 1, 2013

Reyns

217

about 50 percent more likely to be victims of identity theft than others. Similarly, online shopping and downloading behaviors increased victimization risk by about 30 percent. Males, older persons, and those with higher incomes were also more likely to experience victimization, as were those who perceived themselves to be at greater risk of victimization. Conclusions: Although the routine activity approach was originally written to account for direct-contact offenses, it appears that the perspective also has utility in explaining crimes at a distance. Further research should continue to explore the online and offline routines that increase individuals’ risks of identity theft victimization. Keywords identity theft, identity fraud, routine activity theory, victimization Identity theft is a term used to categorize several offenses involving the fraudulent use of an individual’s personal information for criminal purposes and without their consent. Crimes typically associated with identity theft include credit card fraud, banking fraud, and document fraud, among others. Few empirical studies of identity theft victimization have been published, but available evidence suggests that identity theft is becoming a growing problem (Baum 2007; Langton and Baum 2010; Levi 2008; Smith 2010). For instance, according to the Federal Trade Commission (FTC 2010), as many as 9 million Americans have their identities stolen each year, with a median cost to victims of $500. A recent National Crime Victimization Survey (NCVS) report indicates that 6.6 percent of all households in the United States included a victim of one or more types of identity theft, an increase of 23 percent since 2005 (Langton and Baum 2010). Citizens of the United States are not the only ones at risk of identity theft victimization. For example, a recent report by Britain’s National Fraud Authority (NFA 2010) estimated that each year identity crimes affect 1.8 million British citizens and cost the United Kingdom approximately £2.7 billion. This equates to over £1,000 in financial gain from every stolen identity. Further, Levi (2008) reported that in 2006 £212.6 million in card-not-present fraud (phone/Internet/e-mail) was committed on U.K.-issued credit cards, an increase of 16 percent since 2005. These high stakes underscore the importance of identifying risk factors for identity theft victimization, many of which could be avoidable given the utility of the routine activities perspective in preventing crime. The routine activities perspective has demonstrated its usefulness in accounting for a variety of types of criminal victimization (e.g., burglary,


218

Journal of Research in Crime and Delinquency 50(2)

larceny, stalking; Spano and Freilich 2009). Originally developed to explain changes in crime rates following World War II, the theory has since been extensively tested and strongly supported (e.g., Cohen and Felson 1979; Cohen, Felson, and Land 1980; Cohen, Kluegel, and Land 1981; Kennedy and Forde 1990; Messner and Blau 1987; Sampson and Wooldredge 1987; Wilcox Rountree, Land, and Miethe 1994). At the societal level, routine activity theory stipulates that changes in aggregate routine activities (e.g., a greater tendency to be away from the home) can create opportunities for crime. At the individual level, empirical research has also highlighted the importance of individuals’ routine activities in creating criminal opportunities (e.g., Fisher, Daigle, and Cullen 2010; Fisher et al. 1998; Henson et al. 2010; Miethe and Meier 1990; Mustaine and Tewksbury 1998, 1999; Wilcox, Tillyer, and Fisher 2009). According to the theory, criminal opportunities emerge when motivated offenders converge in time and space with suitable targets in environments lacking capable guardianship. The theoretical propositions of routine activity theory (i.e., exposure and proximity to motivated offenders, target attractiveness, and a lack of guardianship) have become the primary explanations for what puts individuals at risk of victimization. Indeed, the continued popularity of the theory in explaining direct-contact offenses (those offenses in which victims and offenders intersect in the same physical location) has prompted researchers to begin to explore the possibility of using the theory to explain opportunities for crimes occurring at a distance (those offenses in which the victim and offender never meet in the same place; e.g., Eck and Clarke 2003; Holtfreter, Reisig, and Pratt 2008; Pratt, Holtfreter, and Reisig 2010). As Tillyer and Eck (2009) have pointed out, the theory has primarily been focused upon offenders who make contact with their targets at places. However, many crimes do not require direct contact at a physical location. This has prompted Tillyer and Eck to conclude that ‘‘Either routine activities theory is limited to place-based crimes or it needs revision’’ (2009:286). Early efforts to apply routine activity theory to crimes in which the victim and offender do not intersect in time and space have yielded mixed, but encouraging results (e.g., Choi 2008; Holt and Bossler 2009; Holtfreter et al. 2008; Marcum, Higgins, and Ricketts 2010; Pratt et al. 2010). These studies have focused upon online forms of victimization such as harassment, computer virus infection, and fraud victimization, and suggest that more work is needed both in identifying online routine activities that might place Internet users at greater risk of different types of online victimization, and in applying the theory to explain crimes at a distance. The current study


Reyns

219

addresses both of these issues by examining identity theft victimization from a routine activities perspective.

Identity Theft Victimization Although the extant routine activities literature has explored many different types of victimization, it has not yet been empirically tested on identity theft victimization. Identity theft became a federal crime in the United States in 1998 with the passage of the Identity Theft Assumption and Deterrence Act. According to this act, identity theft occurs when, knowingly and without legal authority, an individual’s identity is appropriated with the intent to aid or engage in unlawful activity. Although identity theft is a complex concept that has assumed a variety of ambiguous meanings, this definition is consistent with that provided by Koops and Leenes (2006:556) who defined it as ‘‘ . . . fraud or another unlawful activity where the identity of an existing person is used as a target or principal tool without that person’s consent.’’ Examples of identity theft based on these definitions include bank fraud, credit card fraud, and document fraud. As Koops and Leenes (2006) pointed out, the identity theft label is further complicated when the term is used synonymously with identity fraud (Finch 2007; McNally and Newman 2008). According to the authors, identity fraud is ‘‘ . . . fraud committed with identity as a target or principal tool’’ (Koops and Leenes 2006:556). As an example, a secretary may be instructed by his or her employer to sign documents that he or she is not authorized to sign, thereby committing identity fraud. It follows then that identity theft is a category of identity fraud, but incidents of identity fraud do not necessarily constitute identity theft. The key differences between these two terms are consent and whether the identity belongs to someone. Identity theft is a crime in which the victim and offender seldom meet face-to-face. Common methods of obtaining the victim’s identity include phishing, skimming, hacking, or theft of actual identification documents (e.g., driver’s license, social security card). Recent estimates of identity theft indicate that it is a growing problem and that an increasing number of cases of identity theft involve the theft of personal information via the Internet (Finch 2007; see also Levi 2008 for a discussion of card not present frauds). These cases of Internet fraud take many forms, and involve various aspects of Internet use (e.g., e-mail, banking), with offenders increasingly finding inventive ways to access their targets—the victim’s personal information (Finch 2003; Newman and Clarke 2003; Smith 2010). Once the thief has the victim’s stolen information, it is possible to apply for credit cards or


220


loans using the victim’s identity, acquire a driver’s license with the victim’s name (but the offender’s picture), or apply for government benefits using the victim’s identity (FTC 2010). Little empirical criminological research has examined identity theft victimization or investigated the factors that place individuals at risk for this type of victimization. However, recent fraud victimization studies have identified low self-control, routine activities, and victim characteristics as important correlates of fraud victimization (e.g., Holtfreter et al. 2008, 2010; Titus, Heinzelmann, and Boyle 1995; van Wilsem 2011), underscoring the need for similar work with identity theft victimization. An examination of identity theft from a routine activities perspective is far overdue, and will contribute both to the identity theft victimization literature and to the routine activities literature.

Routine Activities, Crimes at a Distance, and Identity Theft Victimization Criminologists have long recognized that technological changes can create new opportunities for crime and victimization (e.g., Clarke 2004; Cohen and Felson 1979; Newman and Clarke 2003). For instance, Clarke (2004:55) has argued that ‘‘The Internet has created a completely new environment in which traditional crimes—fraud, identity theft and child pornography—can take new forms and prosper.’’ Indeed, few technological innovations have had the immense impact upon societal routine activities as the advent of the Internet. According to some sources, nearly 2 billion individuals use the Internet, and in some regions of the world, a substantial portion of the population routinely accesses the Internet (Internet World Stats 2010). Recent estimates suggest that approximately 77 percent of residents of North America are online, an increase of 146 percent since the year 2000. In Europe, 58 percent of residents use the Internet, which is an increase of over 350 percent since 2000 (Internet World Stats 2010). Online criminal opportunities have kept pace with these societal changes in routine activities (Clarke 2004; Newman and Clarke 2003; Reyns 2010). Routine activity theory explains the circumstances under which opportunities for criminal victimization occur. Originally, Cohen and Felson (1979) focused upon societal routine activities, especially a greater propensity for women to be away from the home (leaving the home unguarded), as an explanation for increased crime rates in the United States following World War II. At the time routine activity theory was introduced by Cohen and Felson (1979), the Internet did not exist, and the assumption was that most


Reyns

221

offenses would transpire between a motivated offender and a suitable target at a physical location in the absence of capable guardians. Similar to the changes that occurred following World War II, our global society may be experiencing a shift in its routine activities—not a shift in activities away from the home per se, but a shift toward greater participation in remote activities. That is, activities that formerly required one to be physically present at a specific location, often at a specific time, can now be undertaken regardless of the individual’s physical location or time of day (e.g., online classes, online shopping). Further, as such technologies continue to advance, access to the Internet and the capability to participate in these remote activities continue to grow. This growth in remote, Internet-based routine activities and the subsequent profusion of criminal opportunities has necessitated an adaptation of the theory to crimes in which the offender and target do not physically meet. Eck and Clarke (2003:34) have suggested that routine activity theory can be expanded to explain crimes in which the victim and offender do not interact at the same physical location: Routine activity theory can be expanded to accommodate action at a distance by making one modification. If the target and the offender are part of the same geographically dispersed network, then the offender may be able to reach the target through the network.

In other words, although the victim and offender may not occupy or interact within the same physical location, the integrity of theory is maintained by an interaction of the victim and offender within a network. It is the convergence of motivated offenders and suitable targets within unguarded systems or networks that creates circumstances conducive to victimization. This expanded conceptualization of routine activity theory in which the network facilitates interaction between victim and offender is useful in applying the theory to identity theft victimization, as well as to other crimes in which the victim and offender never interact in the same place. A growing body of research has investigated the role of online routine activities in explaining online forms of victimization (e.g., Choi 2008; Holt and Bossler 2009; Holtfreter et al. 2008; Marcum et al. 2010; Pratt et al. 2010). However, no study to date has empirically examined identity theft victimization from a routine activities perspective. Still, those studies examining fraud victimization, a related crime, shed light on the potential correlates of identity theft victimization. For instance, Pratt and his colleagues (2010) utilized routine activity theory to explain fraud targeting among a representative sample of Florida residents. The authors reported that both


222


of their measures of online routine activities, hours spent online and whether the respondent made an Internet purchase, were predictive of Internet fraud targeting. Using the same data as Pratt et al. (2010), Holtfreter and her colleagues (2008) examined the fraud targeting and victimization of Florida residents, highlighting the importance of remote purchasing behaviors (e.g., Internet purchase, telephone purchase) in both fraud targeting and fraud victimization. Further, Reisig, Pratt, and Holtfreter (2009) identified perceived risk of Internet theft victimization as an important influence on online behaviors, reporting that consumers who perceived their risk of victimization to be higher spent less time online and made fewer purchases while online. Considering the prevalence and seriousness of identity theft, as well as the trend in criminology and victimology toward further developing and refining routine activity theory for application beyond direct-contact offenses, the current study examines identity theft victimization from a routine activities perspective. Identifying risk factors for identity theft victimization will be useful in designing situational strategies to combat this type of crime (Levi 2008; Mann and Sutton 1998; Newman 2008).

Method Data Data for the current study were collected in 2008 to 2009 as part of the British Crime Survey (BCS). The survey began in 1982 and is the second longest running national victimization survey in the world, behind the NCVS. Like the NCVS, data from the BCS represent both reported and unreported crimes, but unlike the NCVS, the BCS also includes a host of social, demographic, and lifestyle information about respondents (Mayhew 2010). The breadth and quality of these data has made the BCS an important source of data for criminologists and victimologists interested in testing victimization theories, particularly the lifestyle-routine activities perspective (e.g., Maxfield 1987; Sampson and Lauritsen 1990; Sampson and Wooldredge 1987). The BCS uses a complex stratified cluster sampling design in which Postcode Address Files (PAF) are used as a sampling frame, postcode sectors are used as primary sampling units, and population density and the proportion of household reference persons in nonmanual occupations are used as stratifiers (for more detail on sampling and additional procedures, see Bolling, Grant, and Donovan 2009). Once a household is selected,


Reyns

223

individuals within selected households are listed alphabetically by first name, and a single respondent over 16 years old is randomly chosen to represent the household. Data are collected via face-to-face interviews that are facilitated by computer-assisted personal interviewing. The sample size for the 2008 to 2009 BCS includes 46,286 residents of England and Wales, and has a response rate of 76 percent. A weighting process to adjust for nonresponse bias ensures that the sample is representative. As Table 1 illustrates, the sample utilized in the current study includes 5,985 of these individuals.1 This group is representative of the larger BCS sample and has the following characteristics: 53 percent female, 93 percent White, 51 percent unmarried, with a mean age of approximately 43 years old.

Measures The primary purpose of the current study was to identify risk factors for identity theft victimization by examining specific online routine activities of respondents, their individual characteristics, and their perceptions of risk of victimization. To that end, multiple measures of these concepts were chosen from the BCS data. Table 1 provides the scales and descriptive statistics for these variables. Dependent variable. Identity theft involves the fraudulent use of the victim’s identity for the personal benefit of the thief. Two survey items were used to create a measure of identity theft. First, respondents were asked: Have any of your cards been used without your permission or prior knowledge? Responses to this survey item were dichotomized (0 ¼ No, 1 ¼ Yes). Affirmative answers indicated that the respondent had been a victim of credit card fraud, the most common form of identity theft (Baum 2007; Langton and Baum 2010). Respondents were also asked: Have you had money taken from your bank or building society accounts in some way? This survey item reflects whether respondents had been victims of bank or account fraud. Again, responses were dichotomized (0 ¼ No, 1 ¼ Yes). Based on responses to these two survey items, the respondent was identified as a victim of identity theft, meaning that he or she had experienced either credit card fraud or bank/other financial fraud. This measure of identity theft is similar to that utilized in recent administrations of the NCVS (Baum 2007; Langton and Baum 2010). It is important to point out, however, that these two survey items are not online-specific, nor do they necessarily reflect victimization within an online context. This presents a potential limitation to the results of the current study.


224


Table 1. Scales and Descriptive Statistics. Variable

Scale

Dependent variable Identity theft Online routine activities Banking Shopping E-mail or IM Watch TV/radio News Chat rooms/forums Reading/writing blogs Downloading Social networking Work or study Individual characteristics Sex Age Non-White Married Income Employed Away home

Perceived risk Perceived risk

Range

M (SD)

0–1

.08 (.27)

0–1 0–1 0–1 0–1 0–1 0–1 0–1 0–1 0–1 0–1

.49 (.50) .65 (.47) .83 (.37) .21 (.40) .32 (.46) .10 (.30) .07 (.26) .26 (.43) .28 (.45) .59 (.49)

(0 ¼ Female, 1 ¼ Male) (Age in Years) (0 ¼ White, 1 ¼ Non-White) (0 ¼ Not married, 1 ¼ Married) (0 ¼ Less than £50,000, 1 ¼ More than £50,000 (0 ¼ Unemployed, 1 ¼ Employed) (0 ¼ Home Occupied During Day, 1 ¼ Home Unoccupied During Day)

0–1 16–91 0–1

.47 (.49) 43.36 (15.32) .07 (.26)

0–1

.49 (.50)

0–1

.23 (.42)

0–1

.69 (.46)

0–1

.91 (.28)

(1 ¼ Very Unlikely, 2 ¼ Fairly Unlikely, 3 ¼ Fairly Likely, 4 ¼ Very Likely)

1–4

2.33 (.77)

(0 ¼ nonvictim, 1 ¼ victim) (0 (0 (0 (0 (0 (0 (0 (0 (0 (0

¼ No, ¼ No, ¼ No, ¼ No, ¼ No, ¼ No, ¼ No, ¼ No, ¼ No, ¼ No,

1¼ 1¼ 1¼ 1¼ 1¼ 1¼ 1¼ 1¼ 1¼ 1¼

Yes) Yes) Yes) Yes) Yes) Yes) Yes) Yes) Yes) Yes)

Note. IM ¼ instant messaging; TV ¼ television. N ¼ 5,985.

Online routine activities. As Mustaine and Tewksbury (1998) have pointed out, routine activities research has often relied on indirect or proxy measures of individuals’ lifestyles and routine activities (e.g., demographics) in assessing victimization risks (e.g., Cohen and Cantor 1980; Cohen et al. 1981; Hindelang et al. 1978; Messner and Tardiff 1985). Further, recent work examining crimes in which the victim and offender are


Reyns

225

physically separated (e.g., Internet crimes) has utilized somewhat rudimentary measures of online routine activities (e.g., time spent online) without fully exploring the activities that individuals engage in while online (i.e., direct measures of routine activities). By way of comparison to Mustaine and Tewksbury’s (1998) work, the critical element in explaining victimization may not be time online (or time away from the home in Mustaine and Tewksbury’s case), but unguarded online activities that expose Internet users to identity theft targeting. In an effort to examine Internet specific routine activities, 10 online routine activities measured in the BCS were identified as potential correlates of identity theft. These include using the Internet for the following purposes: (1) online banking or managing finances, (2) buying goods or services (shopping), (3) e-mail or instant messaging (IM), (4) watching television or listening to the radio, (5) reading online newspapers or news Web sites, (6) participating in chat rooms or other forums, (7) reading or writing blogs, (8) downloading music, films, or podcasts, (9) social networking (e.g., Facebook, Myspace, Bebo), or (10) for work or study. Respondents were asked: Which, if any, of the following things do you use the Internet for? Responses were dichotomized (0 ¼ No, 1 ¼ Yes). Offline routine activities. A final routine activities measure based on guardianship of the home was included in the analyses, as prior research suggests that this is a variable of theoretical importance (Cohen and Felson 1979; Cohen et al. 1981; Messner and Blau 1987). In the case of identity theft, important information about the victim’s identity could be gained by entering the home and physically retrieving it; however, the existing research on identity crimes suggests that thieves are increasingly turning to the Internet as a means of reaching their targets (Holtfreter, Van Slyke, Blomberg 2005). This measure of home guardianship is based on the following survey item: Is your home ever left unoccupied during weekdays? Responses were dummy-coded (0 ¼ No, 1 ¼ Yes). Individual characteristics. Individuals’ personal characteristics may influence their risks of identity theft victimization inasmuch as these characteristics are linked to patterns of Internet use and victimization. For example, individual characteristics are linked to the amount of time spent online, which in turn increases likelihood of exposure to risky situations. Pratt et al. (2010) reported that the amount of time respondents spent online was a function of age, gender, and race, with males spending more time online and older persons and Blacks spending less time online. Further, Holtfreter


226


et al. (2008) reported that these characteristics were significant predictors of fraud victimization. Considering the connections between individuals’ personal characteristics, their online routines, and victimization, six of these individual characteristics of respondents were included in the analyses: (1) sex (0 ¼ female, 1 ¼ male), (2) race (0 ¼ White, 1 ¼ non-White), (3) age (in years), (4) marital status (0 ¼ not currently married, 1 ¼ married), (5) income (0 ¼ less than £50,000, 1 ¼ more than £50,000), and (6) employment status (0 ¼ unemployed, 1 ¼ employed). Perceived risk of victimization. The fear of crime literature suggests that perceived risk of victimization may constrain individuals’ behavior, altering their routine activities (Reisig et al. 2009; Warr 2000). It therefore becomes important to consider the role of perceived risk in conjunction with respondents’ online routine activities in influencing identity theft victimization. Theoretically, those perceiving their risk of victimization to be higher will expose themselves to fewer risky situations and have a lower likelihood of actual victimization. At the same time, individuals who have previously been victimized may consider themselves at greater risk of victimization and adjust their routines accordingly. To measure perceived risk, respondents were asked the following question: How likely do you think you are to be a victim of bank or credit card fraud in the next year? Answer choices included: (1 ¼ very likely, 2 ¼ fairly likely, 3 ¼ fairly unlikely, and 4 ¼ very unlikely). Respondents’ answers were reverse coded for the analyses, with higher scores indicating a greater perceived risk of identity theft victimization.

Analytic Strategy Prior to modeling the relationships between respondents’ individual characteristics, online routines, perceived risk of victimization, and identity theft victimization, the possibility of multicollinearity among the predictor variables was explored. Tolerance and variance inflation factor statistics indicate that multicollinearity is not a statistical threat to the results of the study. Thus, the analyses proceeded in three stages. First, Pearson’s r statistics were calculated in order to examine the bivariate relationships between the study variables. Second, a baseline binary logistic regression model was estimated including only respondents’ individual characteristics on their victimization. Third, a full binary logistic regression model was estimated that included respondents’ individual characteristics as well as their routine activities and perceived risk variables. Since prior research and theory


Reyns

227

suggests that lifestyles and routine activities mediate the relationship between individual characteristics and victimization, this two-step modeling process allows for an evaluation of this proposition.

Results Bivariate Relationships Bivariate relationships between the study variables were initially calculated to explore the associations between the variables and to inform the multivariate analyses. As Table 2 illustrates, all of the online routine activities except for social networking were positively and significantly related to identity theft victimization. However, most of the associations between the study variables, although statistically significant, tend to be rather modest. Those relationships that can be characterized as moderately strong (r ¼ .30) or better include the associations between: online banking and online shopping behaviors (r ¼ .39), watching TV or listening to the radio online and getting news online (r ¼ .33), watching TV or listening to the radio online and downloading media (r ¼ .30), visiting chat rooms or other forums and reading and/or writing blogs (r ¼ .32), age and online social networking (r ¼ .47), and age and marital status (r ¼ .31). The bivariate associations between the dependent and independent variables suggest possible risk factors for identity theft victimization, including online routine activities, certain individual characteristics, and perceived risk of victimization.

Binary Logistic Regression Analysis As model 1 in Table 3 illustrates, four individual characteristics of respondents were statistically significant indicators of victimization. Age was positively and significantly related to victimization, and although the effect was modest, older persons were at an increased likelihood of experiencing identity theft. Also, married persons were about 25 percent more likely to be victims of identity theft compared to unmarried persons. Additionally, those with higher incomes (more than £50,000) were nearly 60 percent more likely to be victimized compared to those making less than £50,000. Finally, being employed increased victimization risk about 25 percent compared to being unemployed. According to model 2 in Table 3, two of these effects remained after the theoretical variables were added to the model, suggesting as hypothesized that lifestyles and routine activities mediate the effects of individual characteristics on victimization. However, the effects


228


1.00 .10* .07* .06* .02* .04* .02* .01 .04* .00 .04* .02* .02* .00 .06* .07* .03* .00 .02*

1

1.00 .39* .27* .21* .23* .09* .10* .19* .11* .16* .04* .06* .04* .06* .17* .14* .04* .11*

2

1.00 .25* .19* .18* .09* .08* .18* .07* .12* .06* .03* .11* .08* .18* .14* .05* .10*

3

1.00 .15* .19* .09* .08* .14* .11* .16* .01 .01 .01 .03* .12* .04* .04* .08*

4

Note. IM ¼ instant messaging; TV ¼ television. N ¼ 5,985. *p < .05 (two-tailed test).

Identity theft Banking Shopping E-mail/IM Watch TV/Radio News Chat Rooms/Forums Read/Write Blogs Downloading Social networking Work or study Sex Age Non-White Married Income Employed Away home Perceived risk

Variables

1.00 .33* .23* .26* .30* .18* .17* .10* .15* .06* .03* .08* .07* .00 .02

5

1.00 .15* .19* .19* .14* .23* .11* .12* .10* .00 .17* .11* .00 .03*

6

7

1.00 .32* .24* .28* .08* .06* .20* .02 .10* .01 .01 .00 .02*

Table 2. Bivariate Relationships Between Study Variables.

1.00 .21* .21* .13* .05* .13* .03* .07* .04* .03* .03* .00

8

1.00 .29* .14* .09* .28* .00 .12* .09* .07* .00 .00

9

1.00 .07* .05* .47* .02* .26* .01 .03* .00 .l04*

10

1.00 .04* .00* .04* .02* .19* .18* .02 .05*

11

1.00 .05* .00 .07* .08* .09* .06* .05*

12

1.00 .14* .31* .06* .24* .04* .06*

13

1.00 .02 .01 .01 .05* .03*

14

1.00 .20* .04* .04* .09*

15

1.00 .18* .03* .07*

16

1.00 .00 .10*

17

1.00 .02*

18

1.00

19

Reyns

229

Table 3. Binary Logistic Regression Coefficients, Standard Errors, and Exponentiated Coefficients for Identity Theft Victimization. Model 1 Variables

Coefficient

Individual characteristics Sex Age Non-White Married Income Employed Online routine activities Banking Shopping E-mail or IM Watch TV/radio News Chat Rooms/Forums Reading/Writing blogs Downloading Social networking Work or study Offline routine activities Away home Perceived risk Perceived risk Constant 2 Log likelihood Model w2 Nagelkerke R2 N

.10 .008* .25 .21* .45* .24*

SE

Model 2 Exp(B) Coefficient

SE

Exp(B)

.08 .004 .17 .10 .10 .11

1.10 1.01 1.29 1.24 1.58 1.24

.19* .01** .12 .17 .24* .04

.10 .004 .18 .10 .11 .12

1.22 1.01 1.12 1.19 1.27 1.05

— — — — — — — — — —

— — — — — — — — — —

— — — — — — — — — —

.42*** .27* .43** .12 .06 .28 .01 .24* .09 .02

.11 .12 .17 .12 .11 .16 .18 .11 .13 .11

1.52 1.31 1.54 .88 1.06 1.32 1.02 1.27 .91 1.02

— — — 3.19***

— — — .20

— — — .04

.04

.18

1.04

1.05*** 6.08***

.06 .39

2.86 .001

3,517.04 50.15*** .03 5,985

3,156.81 410.37*** .15 5,985

*p < .05. **p < .01. ***p < .001.

of age and income remained. Additionally, as model 2 indicates, males were more likely to experience identity theft victimization compared to females. As model 2 illustrates, four of the online routine activity variables were associated with statistically significant increases in the likelihood of identity theft victimization. First, those respondents who used the Internet for banking and managing their finances were significantly more likely to be


230


victims of identity theft. These individuals were about 50 percent more likely to experience identity theft than those who did not do any online banking. Second, consistent with prior research, those who indicated that they shopped online were about 30 percent more likely than those who did not shop online to be victimized (Holtfreter et al. 2008; Pratt et al. 2010). Third, e-mailing and using instant messengers (IM) increased individuals’ risks of victimization by over 50 percent. Fourth, respondents who indicated they downloaded music, movies, or other media while online were at increased victimization risk compared to those who did not download these materials. This is not surprising given that research has identified downloading materials off of the Internet as a risk factor for other types of online victimization (Choi 2008). The final relationship of theoretical importance is the relationship between perceived risk of identity theft victimization and actual victimization. Those identifying themselves as at risk of victimization were nearly three times more likely to experience identity theft. It is not clear why this is the case. It may be that some perceive their risk to be higher because they have previously been victimized. Supplemental analyses support this hypothesis, with victims having higher mean perceptions of risk than nonvictims (2.91 compared to 2.28). It may also be, as Reisig et al. (2009) reported, that financially impulsive respondents perceive their risks of victimization to be higher. Explaining the relationship between perceptions of risk and actual identity theft victimization remains an open empirical question.

Discussion The current study makes three important contributions to the criminology and victimology literatures. First, this is among the first studies to empirically examine identity theft from a victimization perspective. The results suggest that online banking, shopping, communicating (e-mail, IM), and downloading can be considered risky online routines that expose users to the threat of identity theft. However, the question that remains is why this is the case. Although individuals who use the Internet for these purposes may be at greater risk of victimization, avoiding these activities altogether would be an unnecessary restriction on users’ behavior. Instead, the results underscore the importance of network security, target hardening, and educated use of the Internet. One plausible explanation for these results is that, as routine activity theory would suggest, identity theft victimization occurs when a motivated offender and suitable target intersect within a network


Reyns

231

characterized as having low levels of guardianship. Therefore, it may be that online banking is risky only within unguarded networks or those that are susceptible to access by motivated offenders. An example may be accessing the Internet wirelessly from a laptop using a public Wi-Fi connection, such as those available in airports, hotels, and restaurants. Typing sensitive information such as passwords, credit card, or bank account numbers while connected to a public Wi-Fi network allows motivated hackers who are on the same network to access that information. While data on the type of Internet connection used by respondents were not available in the BCS, future research should consider the effect of type of network connection and other security features on the likelihood of identity theft victimization. Certain respondent characteristics also increased individuals’ odds of victimization. Males, older individuals, and those with higher incomes were more likely to experience identity theft compared to females, young people, and those earning less than £50,000 per year. According to routine activity theory, the effects of these characteristics should be mediated by individuals’ routine activities, suggesting that there may be lifestyle differences or differences in online routine activities that were not considered herein. It may also be that frequency and/or duration of certain online activities varies by gender, age, or income. For example, perhaps individuals with higher incomes make a greater number of purchases online and therefore provide more opportunities for their information to be stolen. Or maybe males download more media and for longer periods of time than females. These hypotheses could not be explored, but future research should consider the influence of frequency and duration of online routines on victimization risk. Second, perceived risk was identified as a strong indicator of identity theft victimization, with those identifying themselves as at risk being almost three times more likely to be victimized. Yet, there has been little work exploring the nature of fear of crime within systems such as the Internet, so the current study adds to this small body of work and points toward directions for future research. Further, the effect of perceived risk observed in the present study may be the result of previous victimization, with those believing themselves to be at risk being repeat victims. Again, delving into this issue was beyond the scope of this study, but it does raise possibilities for future research. Third, this study adds to a growing body of work applying routine activity theory to crimes at a distance. The Internet connects billions of people, and criminologists and victimologists cannot ignore the fact that these connections provide opportunities for victimization that until recently did not exist (Clarke 2004). The extension of routine activity theory advocated


232


by Eck and Clarke (2003) provides a way to apply the theory to Internet crimes while acknowledging that our conceptions of ‘‘place’’ may need rethinking. The BCS provides a data set capable of testing and applying the theory to identity theft, but cybercrime data of this quality are in short supply. If the field is going to continue to advance in this arena, it is incumbent upon researchers to collect data from different populations and focus on multiple types of online victimization. Thus far, cybercrime research utilizing routine activity theory has yielded mixed results in terms of identifying routine activities that increase victimization risk, but this may be due to differences in methodologies and dependent variables under study. Overall then, more work is needed with respect to applying the theory to cybercrimes and in collecting data that make it possible to do so. The present study has four potential limitations to consider. First, the two survey items used to construct the dependent variable do not distinguish between online and offline victimization. This allows for the possibility that the significant relationships observed between online routines and victimization may be spurious. Ideally, identity theft victimization measures specific to an online context are required to guard against this problem. Second, this study was limited in the types of online routine activities that could be considered as predictors of identity theft victimization. Further, a thorough test of routine activity theory would require operationalization of all key components of the theory—namely, exposure to motivated offenders, proximity to motivated offenders, target attractiveness, and guardianship. Measures of all of these concepts were not available in the BCS. Third, research has identified low self-control as an important correlate of victimization (e.g., Schreck 1999), particularly in tandem with individuals’ routine activities (e.g., Holtfreter et al. 2008; Schreck, Wright, and Miller 2002; van Wilsem 2011). Unfortunately, measures of low self-control were not available in the current study. Addressing these three measurement issues is a necessary next step in conducting a comprehensive test of routine activity theory on online victimization (i.e., online identity theft). Fourth, the data utilized in this study are cross-sectional, thus causal relationships cannot be established. While previous routine activities research has also utilized cross-sectional survey data (e.g., Fisher et al. 1998; Mustaine and Tewksbury 1998; Pratt et al. 2010), longitudinal data are necessary for establishing time order. Despite these methodological limitations, this study suggests several avenues for future research. First, key theoretical concepts such as guardianship and target attractiveness take on new meanings in cyberspace, which necessitates adapting the concepts to online environments. For


Reyns

233

example, visual cues may alert offenders to suitable targets, but these cues may not be present if the victim and offender are physically separate. Second, Hindelang et al.’s (1978) lifestyle-exposure theory hypothesizes that demographic characteristics are antecedents to lifestyle. If this is the case, further research is needed to assess whether demographics are also precursors to online lifestyles as these results seem to suggest. Third, few studies have examined the nature or extent of fear of online victimization, perceptions of risk, or how these factors influence actual victimization risk. The current study highlights the need for more work in this area given the finding that perceived risk was a strong predictor of identity theft victimization. These results also have implications for preventing identity theft victimization, especially given the emphasis on opportunity-reducing strategies shared by routine activity theory and situational crime prevention (Clarke 1995). Situational crime prevention advocates crime- and situation-specific prevention techniques based on manipulating the effort, risks, rewards, provocations, and excuses accompanying criminal behaviors (Cornish and Clarke 2003). The results suggest that these techniques should be focused upon Internet-based banking, shopping, communicating, and downloading activities. Further, Newman and Clarke (2003) have explained that preventing e-commerce crime requires concentrating on online environments or systems characterized by the acronym SCAREM (i.e., Stealth, Challenge, Anonymity, Reconnaissance, Escape, and Multiplicity). Therefore, a focus on systems possessing the qualities of SCAREM that facilitate banking, shopping, communications, and downloading is needed. Sampson, Eck, and Dunham’s (2010) discussion of super controllers can also inform these efforts. For instance, online place managers such as Web designers have the capability of manipulating online environments in the interest of crime prevention, but super controllers (e.g., corporate executives) provide incentives for them to do so, making them an important element in crime prevention strategy. In short, criminal opportunities are quickly evolving, and crime prevention theory, research, and practice must continue to develop to keep pace with the coming changes in technologies. Acknowledgment The data analyzed in this study were provided by the Economic and Social Data Service and the Home Office.

Declaration of Conflicting Interests The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.


234


Funding The author(s) received no financial support for the research, authorship, and/or publication of this article.

Note 1. While the British Crime Survey (BCS) includes information on over 46,000 respondents, only a subsample of this group was examined in the current study. Respondents who were randomly selected to answer module d of the survey were selected for inclusion in the current analyses (this module included data on perceived risk of victimization). Of these, complete data were available for 5,985 respondents.

References Baum, Katrina. 2007. Identity Theft, 2005. Washington, DC: US Department of Justice. Bolling, Keith, Catherine Grant, and Jeri-Lee Donovan. 2009. 2008-2009 British Crime Survey (England and Wales) Technical Report Volume 1. UK Data Archive Study Number 6367. Retrieved December 1, 2010 (http://homeoffice. gov.uk/science-research/research-statistics/). Choi, Kyung-shick. 2008. ‘‘Computer Crime Victimization and Integrated Theory: An Empirical Assessment,’’ International Journal of Cyber Criminology 2:308-33. Clarke, Ronald V. 1995. ‘‘Situational Crime Prevention.’’ Pp. 91-150 in Building a Safer Society: Strategic Approaches to Crime Prevention, edited by M. Tonry and D. P. Farrington. Chicago, IL: University of Chicago Press. Clarke, Ronald V. 2004. ‘‘Technology, Criminology and Crime Science.’’ European Journal on Criminal Policy and Research 10:55-63. Cohen, Lawrence E. and David Cantor. 1980. ‘‘The Determinants of Larceny: An Empirical and Theoretical Study.’’ Journal of Research in Crime and Delinquency 17:140-59. Cohen, Lawrence E. and Marcus Felson. 1979. ‘‘Social Change and Crime Rate Trends: A Routine Activity Approach.’’ American Sociological Review 52:170-83. Cohen, Lawrence E., James R. Kluegel, and Kenneth C. Land. 1981. ‘‘Social Inequality and Predatory Criminal Victimization: An Exposition and Test of a Formal Theory.’’ American Sociological Review 46:505-24. Cornish, Derek B. and Ronald V. Clarke. 2003. ‘‘Opportunities, Precipitators, and Criminal Decisions: A Reply to Wortley’s Critique of Situational Crime Prevention.’’ Crime Prevention Studies 16:41-96.


Reyns

235

Eck, John E. and Ronald V. Clarke. 2003. ‘‘Classifying Common Police Problems: A Routine Activity Approach.’’ Crime Prevention Studies 16:7-39. Federal Trade Commission (FTC). 2010. ‘‘About Identity Theft.’’ Retrieved December 14, 2010 (http://www.ftc.gov/bcp/edu/microsites/idtheft/index.html). Finch, Emily. 2003. ‘‘What a Tangled Web We Weave: Identity Theft and the Internet.’’ Pp. 86-104 in Dot.Cons: Crime, Deviance and Identity on the Internet, edited by Y. Jewkes. Devon, UK: Willan. Finch, Emily. 2007. ‘‘The Problem of Stolen Identity and the Internet.’’ Pp. 29-43 in Crime Online, edited by Y. Jewkes. Devon, UK: Willan. Fisher, Bonnie S., John J. Sloan, Francis T. Cullen, and Chunmeng Lu. 1998. ‘‘Crime in the Ivory Tower: The Level and Sources of Student Victimization.’’ Criminology 36:671-710. Fisher, Bonnie S., Leah E. Daigle, and Francis T. Cullen. 2010. ‘‘What Distinguishes Single from Recurrent Sexual Victims? The Role of LifestyleRoutine Activities and First-Incident Characteristics.’’ Justice Quarterly 37:202-29. Henson, Billy, Pamela Wilcox, Bradford W. Reyns, and Francis T. Cullen. 2010. ‘‘Gender, Adolescent Lifestyles, and Violent Victimization: Implications for Routine Activity Theory.’’ Victims and Offenders 5:308-28. Hindelang, Michael J., Michael R. Gottfredson, and James Garofalo. 1978. Victims of Personal Crime: An Empirical Foundation for a Theory of Personal Victimization. Cambridge, MA: Ballinger. Holt, Thomas J. and Adam M. Bossler. 2009. ‘‘Examining the Applicability of Lifestyle-Routine Activities Theory for Cybercrime Victimization.’’ Deviant Behavior 30:1-25. Holtfreter, Kristy, Shanna Van Slyke, and Thomas G. Blomberg. 2005. ‘‘Sociolegal Change in Consumer Fraud: From Victim-Offender Interactions to Global Networks.’’ Crime, Law and Social Change 44:251-75. Holtfreter, Kristy, Michael D. Reisig, Nicole Leeper Piquero, and Alex R. Piquero. 2010. ‘‘Low Self-Conrol and Fraud: Offending, Victimization, and Their Overlap.’’ Criminal Justice and Behavior 37:188-203. Holtfreter, Kristy, Michael D. Reisig, and Travis C. Pratt. 2008. ‘‘Low Self-Control, Routine Activities, and Fraud Victimization.’’ Criminology 46:189-220. Internet World Stats. 2010. ‘‘Usage and Population Statistics.’’ Retrieved December 14, 2010 (http://www.internetworldstats.com/stats.htm). Kennedy, Leslie W. and David R. Forde. 1990. ‘‘Routine Activities and Crime: An Analysis of Victimization in Canada.’’ Criminology 28:137-52. Koops, Bert-Jaap and Ronald Leenes. 2006. ‘‘Identity Theft, Identity Fraud and/or Identity-Related Crime: Definitions Matter.’’ Datenschutz und Datensicherheit 30: 553-56.


236


Langton, Lynn and Katrina Baum. 2010. Identity Theft Reported by Households, 2007. Washington, DC: US Department of Justice. Levi, Michael. 2008. ‘‘Combating Identity and Other Forms of Payment Fraud in the UK: An Analytical History.’’ Pp. 111-31 in Perspectives on Identity Theft, edited by M. M. McNally and G. R. Newman. Monsey, NY: Criminal Justice Press. Mann, David and Mike Sutton. 1998. ‘‘Netcrime: More Changes in the Organization of Thieving.’’ British Journal of Criminology 38:201-29. Marcum, Catherine D., George E. Higgins, and Melissa L. Ricketts. 2010. ‘‘Potential Factors of Online Victimization of Youth: An Examination of Adolescent Online Behaviors Utilizing Routine Activity Theory.’’ Deviant Behavior 31:381-410. Maxfield, Michael G. 1987. ‘‘Household Composition, Routine Activity, and Victimization: A Comparative Analysis.’’ Journal of Quantitative Criminology 3:301-20. Mayhew, Pat. 2010. ‘‘British Crime Survey (BCS).’’ Pp. 36-39 in Encyclopedia of Victimology and Crime Prevention, edited by B. S. Fisher and S. P. Lab. Thousand Oaks, CA: SAGE. McNally, Megan M. and Graeme R. Newman. 2008. ‘‘Editors’ Introduction.’’ Pp. 18 in Perspectives on Identity Theft, edited by M. M. McNally and G. R. Newman. Monsey, NY: Criminal Justice Press. Messner, Steven F. and Kenneth Tardiff. 1985. ‘‘The Social Ecology of Urban Homicide: An Application of the ‘Routine Activities’ Approach.’’ Criminology 23:241-67. Messner, Steven F. and Judith R. Blau. 1987. ‘‘Routine Leisure Activities and Rates of Crime: A Macro-Level Analysis.’’ Social Forces 64:1035-52. Miethe, Terance D. and Robert F. Meier. 1990. ‘‘Opportunity, Choice, and CriminalVictimization: A Test of a Theoretical Model.’’ Journal of Research in Crime and Delinquency 27:243-66. Mustaine, Elizabeth E. and Richard Tewksbury. 1998. ‘‘Predicting Risks of Larceny Theft Victimization: A Routine Activity Analysis Using Refined Lifestyle Measures.’’ Criminology 36:829-57. Mustaine, Elizabeth E. and Richard Tewksbury. 1999. ‘‘A Routine Activity Theory Explanation for Women’s Stalking Victimizations.’’ Violence Against Women 5:43-62. National Fraud Authority (NFA). 2010. ‘‘Identity Fraud Costs UK £2.7 Billion Every Year.’’ Retrieved December 14, 2010 (http://www.attorneygeneral. gov.uk). Newman, Graeme R. 2008. ‘‘Identity Theft and Opportunity.’’ Pp. 9-31 in Perspectives on Identity Theft, edited by M. M. McNally and G. R. Newman. Monsey, NY: Criminal Justice Press.


Reyns

237

Newman, Graeme R. and Ronald V. Clarke. 2003. Superhighway Robbery: Preventing E-Commerce Crime. Devon, UK: Willan. Pratt, Travis C., Kristy Holtfreter, and Michael D. Reisig. 2010. ‘‘Routine Online Activity and Internet Fraud Targeting: Extending the Generality of Routine Activity Theory.’’ Journal of Research in Crime and Delinquency 47:267-96. Reisig, Michael D., Travis C. Pratt, and Kristy Holtfreter. 2009. ‘‘Perceived Risk of Internet Theft Victimization: Examining the Effects of Social Vulnerability and Financial Impulsivity.’’ Criminal Justice and Behavior 36:369-84. Reyns, Bradford W. 2010. ‘‘A Situational Crime Prevention Approach to Cyberstalking Victimization: Preventive Tactics for Internet Users and Online Place Managers.’’ Crime Prevention and Community Safety 12:99-118. Sampson, Rana, John E. Eck, and Jessica Dunham. 2010. ‘‘Super Controllers and Crime Prevention: A Routine Activity Explanation of Crime Prevention Success and Failure.’’ Security Journal 23:37-51. Sampson, Robert J. and Janet L. Lauritsen. 1990. ‘‘Deviant Lifestyles, Proximity to Crime, and the Offender-Victim Link in Personal Violence.’’ Journal of Research in Crime and Delinquency 27:110-39. Sampson, Robert J. and John D. Wooldredge. 1987. ‘‘Linking the Micro- and Macro-Level Dimensions of Lifestyle-Routine Activity and Opportunity Models of Predatory Victimization.’’ Journal of Quantitative Criminology 3:371-93. Schreck, Christopher J. 1999. ‘‘Criminal Victimization and Low Self-Control: An Extension and Test of a General Theory of Crime.’’ Justice Quarterly 16:633-54. Schreck, Christopher J., Richard A. Wright, and J. Mitchell Miller. 2002. ‘‘A Study of Individual and Situational Antecedents of Violent Victimization.’’ Justice Quarterly 19:159-80. Smith, Russell G. 2010. ‘‘Identity Theft and Fraud.’’ Pp. 273-301 in Handbook of Internet Crime, edited by Y. Jewkes and M. Yar. Devon, UK: Willan. Spano, Richard and Joshua D. Freilich. 2009. ‘‘An Assessment of the Empirical Validity and Conceptualization of Individual Level Multivariate Studies of Lifestyle/Routine Activities Theory Published from 1995 to 2005.’’ Journal of Criminal Justice 37:305-14. Tillyer, Marie S. and John E. Eck. 2009. ‘‘Routine Activities.’’ Pp. 279-87 in 21st Century Criminology: A Reference Handbook, edited by J. M. Miller. Thousand Oaks, CA: SAGE. Titus, Richard M., Fred Heinzelmann, and John M. Boyle. 1995. ‘‘Victimization of Persons by Fraud.’’ Crime and Delinquency 41:54-72. van Wilsem, Jonah. 2011, online first. ‘‘‘Bought it, but Never Got it’: Assessing Risk Factors for Online Consumer Fraud Victimization.’’ European Sociological Review. doi: 10.1093/esr/jcr053


238


Warr, Mark. 2000. Fear of Crime in the United States: Avenues for Research and Policy. Rockville, MD: National Institute of Justice. Wilcox Rountree, Pamela, Kenneth C. Land, and Terance D. Miethe. 1994. ‘‘MacroMicro Integration in the Study of Victimization: A Hierarchical Logistic Model Across Seattle Neighborhoods.’’ Criminology 32:387-414. Wilcox, Pamela, Marie Shubak Tillyer, and Bonnie S. Fisher. 2009. ‘‘Gendered Opportunity? School-Based Adolescent Victimization.’’ Journal of Research in Crime and Delinquency 46:245-69.

Author Biography Bradford W. Reyns is an assistant professor in the Department of Criminal Justice at Weber State University and the book review editor for Security Journal. In 2010, he received his PhD in criminal justice from the University of Cincinnati. His research focuses on victims of crime, especially the intersection of technology and victimization, and opportunities for victimization.
