{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,31]],"date-time":"2026-01-31T16:15:41Z","timestamp":1769876141059,"version":"3.49.0"},"reference-count":69,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2018,9,30]],"date-time":"2018-09-30T00:00:00Z","timestamp":1538265600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"DHS","award":["N66001-13-C-0131"],"award-info":[{"award-number":["N66001-13-C-0131"]}]},{"name":"NSF IGERT","award":["DGE-0903659"],"award-info":[{"award-number":["DGE-0903659"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Internet Technol."],"published-print":{"date-parts":[[2018,11,30]]},"abstract":"When card data is exposed in a data breach but has not yet been used to attempt fraud, the overall social costs of that breach depend on whether the financial institutions that issued those cards immediately cancel them and issue new cards or instead wait until fraud is attempted. This article empirically investigates the social costs and benefits of those options. We use a parameterized model and Monte Carlo simulation to compare the cost of reissuing cards to the total expected cost of fraud if cards are not reissued. The ranges and distributions in our model are informed by publicly available information, from which we extrapolate estimates of the number of credit card records historically exposed in data breaches, the probability that a card exposed in a breach will be used for fraud, and the associated expected cost of existing-account credit card fraud. We find that automatically reissuing cards may have lower social costs than the costs of waiting until fraud is attempted, although the range of results is considerably broad.<\/jats:p>","DOI":"10.1145\/3122983","type":"journal-article","created":{"date-parts":[[2018,10,1]],"date-time":"2018-10-01T12:15:55Z","timestamp":1538396155000},"page":"1-19","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["Should Credit Card Issuers Reissue Cards in Response to a Data Breach?"],"prefix":"10.1145","volume":"18","author":[{"given":"James T.","family":"Graves","sequence":"first","affiliation":[{"name":"Georgetown University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Alessandro","family":"Acquisti","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, Pittsburgh, PA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nicolas","family":"Christin","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, Pittsburgh, PA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2018,9,30]]},"reference":[{"key":"e_1_2_1_1_1","volume-title":"Proceedings of the 27th International Conference on Information Systems.","author":"Acquisti Alessandro","year":"2006","unstructured":"Alessandro Acquisti , Allan Friedman , and Rahul Telang . 2006 . Is there a cost to privacy breaches? An event study . In Proceedings of the 27th International Conference on Information Systems. Alessandro Acquisti, Allan Friedman, and Rahul Telang. 2006. Is there a cost to privacy breaches? An event study. In Proceedings of the 27th International Conference on Information Systems."},{"key":"e_1_2_1_2_1","first-page":"23","article-title":"Overview of recent developments in the credit card industry","volume":"17","author":"Akers Douglas","year":"2005","unstructured":"Douglas Akers , Brian Lamm , Jay Golter , and Martha Solt . 2005 . Overview of recent developments in the credit card industry . FDIC Banking Review 17 , 3 (2005), 23 -- 35 . Retrieved from http:\/\/papers.ssrn.com\/sol3\/papers.cfm?abstract_id=882103. Douglas Akers, Brian Lamm, Jay Golter, and Martha Solt. 2005. Overview of recent developments in the credit card industry. FDIC Banking Review 17, 3 (2005), 23--35. Retrieved from http:\/\/papers.ssrn.com\/sol3\/papers.cfm?abstract_id=882103.","journal-title":"FDIC Banking Review"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2017.27"},{"key":"e_1_2_1_4_1","unstructured":"America\u2019s Community Bankers. 2007. ACB data breach survey highlights need for action by card networks and Congress. Retrieved from http:\/\/www.prnewswire.com\/news-releases\/acb-data-breach-survey-highlights-need-for-action-by-card-networks-and-congress-54632297.html. America\u2019s Community Bankers. 2007. ACB data breach survey highlights need for action by card networks and Congress. Retrieved from http:\/\/www.prnewswire.com\/news-releases\/acb-data-breach-survey-highlights-need-for-action-by-card-networks-and-congress-54632297.html."},{"key":"e_1_2_1_5_1","unstructured":"Maria Aspan and Clare Baldwin. 2011. Sony breach could cost card lenders $300 mln. Retrieved from http:\/\/www.reuters.com\/article\/2011\/04\/29\/sony-creditcards-cost-idUSN2826485220110429. Maria Aspan and Clare Baldwin. 2011. Sony breach could cost card lenders $300 mln. Retrieved from http:\/\/www.reuters.com\/article\/2011\/04\/29\/sony-creditcards-cost-idUSN2826485220110429."},{"key":"e_1_2_1_6_1","unstructured":"Authorize.Net. 2016. Pricing. Retrieved November 2 2016 from http:\/\/www.authorize.net\/solutions\/merchantsolutions\/pricing\/. Authorize.Net. 2016. Pricing. Retrieved November 2 2016 from http:\/\/www.authorize.net\/solutions\/merchantsolutions\/pricing\/."},{"key":"e_1_2_1_7_1","volume-title":"National Crime Victimization Survey: Identity Theft Supplement","author":"Bureau of Justice Statistics. 2014.","year":"2012","unstructured":"Bureau of Justice Statistics. 2014. National Crime Victimization Survey: Identity Theft Supplement , 2012 . Retrieved from Bureau of Justice Statistics. 2014. National Crime Victimization Survey: Identity Theft Supplement, 2012. Retrieved from"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.5555\/876661.876669"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1080\/10864415.2004.11044320"},{"key":"e_1_2_1_10_1","volume-title":"Insights: Authorization fee. Retrieved","year":"2010","unstructured":"Cayan. 2010 . Insights: Authorization fee. Retrieved November 2, 2016, from https:\/\/cayan.com\/glossary\/authorization-fee. Cayan. 2010. Insights: Authorization fee. Retrieved November 2, 2016, from https:\/\/cayan.com\/glossary\/authorization-fee."},{"key":"e_1_2_1_11_1","volume-title":"Identity theft: The aftermath","author":"Identity Theft Resource Center","year":"2009","unstructured":"Identity Theft Resource Center . 2010. Identity theft: The aftermath 2009 . Retrieved from http:\/\/www.idtheftcenter.org\/ITRC-Surveys-Studies\/aftermathstudies.html. Identity Theft Resource Center. 2010. Identity theft: The aftermath 2009. Retrieved from http:\/\/www.idtheftcenter.org\/ITRC-Surveys-Studies\/aftermathstudies.html."},{"key":"e_1_2_1_12_1","volume-title":"National Cyber Leap Year Summit 2009: Co-chairs","author":"Chong Fred","year":"2009","unstructured":"Fred Chong , Ruby B. Lee , Claire Vishik , Alessandro Acquisti , William Horne , Charles Palmer , Anup K. Ghosh , Dimitrios Pendarakis , William H. Sanders , Eric Fleischman , Hugo Teufel , III , Gene Tsudik , Dipankar Dasgupta , Steven Hofmeyr , and Leor Weinberger . 2009. National Cyber Leap Year Summit 2009: Co-chairs \u2019 report. Retrieved from https:\/\/www.nitrd.gov\/nitrdgroups\/index.php?title=National_Cyber_Leap_Year_Summit_ 2009 . Fred Chong, Ruby B. Lee, Claire Vishik, Alessandro Acquisti, William Horne, Charles Palmer, Anup K. Ghosh, Dimitrios Pendarakis, William H. Sanders, Eric Fleischman, Hugo Teufel, III, Gene Tsudik, Dipankar Dasgupta, Steven Hofmeyr, and Leor Weinberger. 2009. National Cyber Leap Year Summit 2009: Co-chairs\u2019 report. Retrieved from https:\/\/www.nitrd.gov\/nitrdgroups\/index.php?title=National_Cyber_Leap_Year_Summit_2009."},{"key":"e_1_2_1_13_1","volume-title":"TJX reacts to bank lawsuit","author":"Churchill Chris","year":"2008","unstructured":"Chris Churchill . 2008. TJX reacts to bank lawsuit . Times Union (Aug . 2008 ). Chris Churchill. 2008. TJX reacts to bank lawsuit. Times Union (Aug. 2008)."},{"key":"e_1_2_1_14_1","volume-title":"Computer Security - Issues and Trends (Spring","author":"Computer Security Institute","year":"1997","unstructured":"Computer Security Institute . 1997. 1997 CSI\/ FBI computer crime and security survey. Computer Security - Issues and Trends (Spring 1997 ). Computer Security Institute. 1997. 1997 CSI\/FBI computer crime and security survey. Computer Security - Issues and Trends (Spring 1997)."},{"key":"e_1_2_1_15_1","volume-title":"2015 Workshop of the Economics of Information Security (WEIS\u201915)","author":"Edwards Benjamin","year":"2015","unstructured":"Benjamin Edwards , Steven Hofmeyr , and Stephanie Forrest . 2015 . Hype and heavy tails: A closer look at data breaches . In 2015 Workshop of the Economics of Information Security (WEIS\u201915) . Retrieved from http:\/\/www.cs.unm.edu\/∼forrest\/publications\/weis-data-breaches-15.pdf. Benjamin Edwards, Steven Hofmeyr, and Stephanie Forrest. 2015. Hype and heavy tails: A closer look at data breaches. In 2015 Workshop of the Economics of Information Security (WEIS\u201915). Retrieved from http:\/\/www.cs.unm.edu\/∼forrest\/publications\/weis-data-breaches-15.pdf."},{"key":"e_1_2_1_16_1","unstructured":"Gaby Friedlander. 2014. Why 85% of data breaches are undetected. Retrieved from http:\/\/www.observeit.com\/blog\/why-85-percent-data-breaches-undetected. Gaby Friedlander. 2014. Why 85% of data breaches are undetected. Retrieved from http:\/\/www.observeit.com\/blog\/why-85-percent-data-breaches-undetected."},{"key":"e_1_2_1_17_1","volume-title":"Quantifying the financial impact of IT security breaches. Information Management 8 Computer Security 11, 2 (May","author":"Garg Ashish","year":"2003","unstructured":"Ashish Garg , Jeffrey Curtis , and Hilary Halper . 2003. Quantifying the financial impact of IT security breaches. Information Management 8 Computer Security 11, 2 (May 2003 ), 74--83. Ashish Garg, Jeffrey Curtis, and Hilary Halper. 2003. Quantifying the financial impact of IT security breaches. Information Management 8 Computer Security 11, 2 (May 2003), 74--83."},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1111\/j.1540-6296.2010.01178.x"},{"key":"e_1_2_1_19_1","volume-title":"2012 Workshop on the Economics of Information Security (WEIS\u201912)","author":"Gaynor Martin S.","year":"2012","unstructured":"Martin S. Gaynor , Muhammad Zia Hydari , and Rahul Telang . 2012 . Is patient data better protected in competitive healthcare markets? In 2012 Workshop on the Economics of Information Security (WEIS\u201912) . Retrieved from http:\/\/weis 2012.econinfosec.org\/papers\/Gaynor_WEIS2012.pdf. Martin S. Gaynor, Muhammad Zia Hydari, and Rahul Telang. 2012. Is patient data better protected in competitive healthcare markets? In 2012 Workshop on the Economics of Information Security (WEIS\u201912). Retrieved from http:\/\/weis2012.econinfosec.org\/papers\/Gaynor_WEIS2012.pdf."},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.im.2009.06.005"},{"key":"e_1_2_1_21_1","unstructured":"Steve Gold. 2014. Home Depot card data breach undetected for four months. Retrieved from http:\/\/www.scmagazineuk.com\/news\/home-depot-card-data-breach-undetected-for-four-months\/article\/372794\/. Steve Gold. 2014. Home Depot card data breach undetected for four months. Retrieved from http:\/\/www.scmagazineuk.com\/news\/home-depot-card-data-breach-undetected-for-four-months\/article\/372794\/."},{"key":"e_1_2_1_22_1","volume-title":"Gordon","author":"Gordon Gary","year":"2007","unstructured":"Gary Gordon , Donald J. Rebovich , Kyung-Seok Choo , and Judith B . Gordon . 2007 . Identity Fraud Trends and Patterns: Building a Data-Based Foundation for Proactive Enforcement. Technical Report. Center for Identity Management and Protection, Utica College . Retrieved from http:\/\/www.utica.edu\/academic\/institutes\/cimip\/publications\/index.cfm. Gary Gordon, Donald J. Rebovich, Kyung-Seok Choo, and Judith B. Gordon. 2007. Identity Fraud Trends and Patterns: Building a Data-Based Foundation for Proactive Enforcement. Technical Report. Center for Identity Management and Protection, Utica College. Retrieved from http:\/\/www.utica.edu\/academic\/institutes\/cimip\/publications\/index.cfm."},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.5555\/1971852.1971854"},{"key":"e_1_2_1_24_1","first-page":"117","article-title":"Big data and bad data: On the sensitivity of security policy to imperfect information","volume":"83","author":"Graves James T.","year":"2016","unstructured":"James T. Graves , Alessandro Acquisti , and Nicholas Christin . 2016 . Big data and bad data: On the sensitivity of security policy to imperfect information . Chicago Law Review 83 , 1 (2016), 117 -- 137 . James T. Graves, Alessandro Acquisti, and Nicholas Christin. 2016. Big data and bad data: On the sensitivity of security policy to imperfect information. Chicago Law Review 83, 1 (2016), 117--137.","journal-title":"Chicago Law Review"},{"key":"e_1_2_1_25_1","volume-title":"Pacific Asia Conference on Information Systems (PACIS'14)","author":"Gwebu Kholekile L.","year":"2014","unstructured":"Kholekile L. Gwebu , Jing Wang , and Wenjuan Xie . 2014 . Understanding the cost associated with data security breaches . In Pacific Asia Conference on Information Systems (PACIS'14) . 386. Retrieved from http:\/\/aisel.aisnet.org\/cgi\/viewcontent.cgi?article=13918context=pacis 2014. Kholekile L. Gwebu, Jing Wang, and Wenjuan Xie. 2014. Understanding the cost associated with data security breaches. In Pacific Asia Conference on Information Systems (PACIS'14). 386. Retrieved from http:\/\/aisel.aisnet.org\/cgi\/viewcontent.cgi?article=13918context=pacis2014."},{"key":"e_1_2_1_26_1","volume-title":"The hotly disputed black magic of data breach cost estimates. Fortune (April","author":"Hackett Robert","year":"2015","unstructured":"Robert Hackett . 2015. The hotly disputed black magic of data breach cost estimates. Fortune (April 2015 ). Retrieved from http:\/\/fortune.com\/2015\/04\/24\/data-breach-cost-estimate-dispute\/. Robert Hackett. 2015. The hotly disputed black magic of data breach cost estimates. Fortune (April 2015). Retrieved from http:\/\/fortune.com\/2015\/04\/24\/data-breach-cost-estimate-dispute\/."},{"key":"e_1_2_1_27_1","volume-title":"Victims of Identity Theft","author":"Harrell Erika","year":"2014","unstructured":"Erika Harrell . 2015. Victims of Identity Theft , 2014 . Technical Report NCJ 248991. Bureau of Justice Statistics . Retrieved from http:\/\/www.bjs.gov\/content\/pub\/pdf\/vit14.pdf. Erika Harrell. 2015. Victims of Identity Theft, 2014. Technical Report NCJ 248991. Bureau of Justice Statistics. Retrieved from http:\/\/www.bjs.gov\/content\/pub\/pdf\/vit14.pdf."},{"key":"e_1_2_1_28_1","volume-title":"Victims of Identity Theft","author":"Harrell Erika","year":"2012","unstructured":"Erika Harrell and Lynn Langton . 2013. Victims of Identity Theft , 2012 . Technical Report NCJ 243779. Bureau of Justice Statistics . Retrieved from http:\/\/www.bjs.gov\/index.cfm?ty=pbdetail8iid=5408. Erika Harrell and Lynn Langton. 2013. Victims of Identity Theft, 2012. Technical Report NCJ 243779. Bureau of Justice Statistics. Retrieved from http:\/\/www.bjs.gov\/index.cfm?ty=pbdetail8iid=5408."},{"key":"e_1_2_1_29_1","unstructured":"Jay Heiser. 2002. Can information security surveys be trusted? Retrieved from http:\/\/searchsecurity.techtarget.com\/feature\/Can-information-security-surveys-be-trusted. Jay Heiser. 2002. Can information security surveys be trusted? Retrieved from http:\/\/searchsecurity.techtarget.com\/feature\/Can-information-security-surveys-be-trusted."},{"key":"e_1_2_1_30_1","unstructured":"Tamara E. Holmes. 2015. Credit card fraud and ID theft statistics. Retrieved from http:\/\/www.creditcards.com\/credit-card-news\/credit-card-security-id-theft-fraud-statistics-1276.php. Tamara E. Holmes. 2015. Credit card fraud and ID theft statistics. Retrieved from http:\/\/www.creditcards.com\/credit-card-news\/credit-card-security-id-theft-fraud-statistics-1276.php."},{"key":"e_1_2_1_31_1","volume-title":"Data breaches. Retrieved","author":"Identity Theft Resource Center","year":"2016","unstructured":"Identity Theft Resource Center . 2016. Data breaches. Retrieved November 2, 2016 , from http:\/\/www.idtheftcenter.org\/id-theft\/data-breaches.html. Identity Theft Resource Center. 2016. Data breaches. Retrieved November 2, 2016, from http:\/\/www.idtheftcenter.org\/id-theft\/data-breaches.html."},{"key":"e_1_2_1_33_1","unstructured":"Jay Jacobs. 2014. Analyzing Ponemon cost of data breach. Retrieved from http:\/\/datadrivensecurity.info\/blog\/posts\/2014\/Dec\/ponemon\/. Jay Jacobs. 2014. Analyzing Ponemon cost of data breach. Retrieved from http:\/\/datadrivensecurity.info\/blog\/posts\/2014\/Dec\/ponemon\/."},{"key":"e_1_2_1_35_1","volume-title":"IDs are a steal","author":"Jewell Mark","year":"2004","unstructured":"Mark Jewell . 2004. IDs are a steal ; thieves looking for credit numbers set their sights on big targets. Columbian ( Aug. 2004 ), E. Mark Jewell. 2004. IDs are a steal; thieves looking for credit numbers set their sights on big targets. Columbian (Aug. 2004), E."},{"key":"e_1_2_1_36_1","volume-title":"Card fraud risk low from breach at Citi. American Banker (June","author":"Johnson Andrew","year":"2011","unstructured":"Andrew Johnson . 2011. Card fraud risk low from breach at Citi. American Banker (June 2011 ), 10. Andrew Johnson. 2011. Card fraud risk low from breach at Citi. American Banker (June 2011), 10."},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.2753\/JEC1086-4415120103"},{"key":"e_1_2_1_38_1","unstructured":"Sean Micheal Kerner. 2014. UPS discloses data breach that went undetected for months. Retrieved from http:\/\/www.eweek.com\/blogs\/security-watch\/ups-discloses-data-breach-that-went-undetected-for-months.html. Sean Micheal Kerner. 2014. UPS discloses data breach that went undetected for months. Retrieved from http:\/\/www.eweek.com\/blogs\/security-watch\/ups-discloses-data-breach-that-went-undetected-for-months.html."},{"key":"e_1_2_1_39_1","volume-title":"2011 Workshop on the Economics of Information Security (WEIS\u201911)","author":"Kwon Juhee","unstructured":"Juhee Kwon and M. Eric Johnson . 2011. An organizational learning perspective on proactive vs. reactive investment in information security . In 2011 Workshop on the Economics of Information Security (WEIS\u201911) . Citeseer. Retrieved from http:\/\/citeseerx.ist.psu.edu\/viewdoc\/download?doi=10.1.1.309.12978rep=rep1&type===pdf. Juhee Kwon and M. Eric Johnson. 2011. An organizational learning perspective on proactive vs. reactive investment in information security. In 2011 Workshop on the Economics of Information Security (WEIS\u201911). Citeseer. Retrieved from http:\/\/citeseerx.ist.psu.edu\/viewdoc\/download?doi=10.1.1.309.12978rep=rep1&type===pdf."},{"key":"e_1_2_1_40_1","volume-title":"Identity Theft Reported by Households","author":"Langton Lynn","year":"2005","unstructured":"Lynn Langton . 2011. Identity Theft Reported by Households , 2005 -2010. Technical Report NCJ 236245. Bureau of Justice Statistics . Retrieved from http:\/\/www.bjs.gov\/index.cfm?ty=pbdetail8iid=2207. Lynn Langton. 2011. Identity Theft Reported by Households, 2005-2010. Technical Report NCJ 236245. Bureau of Justice Statistics. Retrieved from http:\/\/www.bjs.gov\/index.cfm?ty=pbdetail8iid=2207."},{"key":"e_1_2_1_41_1","volume-title":"Victims of Identity Theft","author":"Langton Lynn","year":"2008","unstructured":"Lynn Langton and Michael Planty . 2010. Victims of Identity Theft , 2008 . Special Report NJC 231680. Bureau of Justice Statistics . Retrieved from https:\/\/www.bjs.gov\/index.cfm?ty=pbdetail8iid=2222. Lynn Langton and Michael Planty. 2010. Victims of Identity Theft, 2008. Special Report NJC 231680. Bureau of Justice Statistics. Retrieved from https:\/\/www.bjs.gov\/index.cfm?ty=pbdetail8iid=2222."},{"key":"e_1_2_1_42_1","volume-title":"Rubin","author":"Lenard Thomas M.","year":"2005","unstructured":"Thomas M. Lenard and Paul H . Rubin . 2005 . An economic analysis of notification requirements for data security breaches. Emory Law and Economics Research Paper 05-12. Retrieved from http:\/\/papers.ssrn.com\/sol3\/papers.cfm?abstract_id=765845. Thomas M. Lenard and Paul H. Rubin. 2005. An economic analysis of notification requirements for data security breaches. Emory Law and Economics Research Paper 05-12. Retrieved from http:\/\/papers.ssrn.com\/sol3\/papers.cfm?abstract_id=765845."},{"key":"e_1_2_1_43_1","first-page":"1","article-title":"Private disordering: Payment card fraud liability rules","volume":"5","author":"Levitin Adam J.","year":"2010","unstructured":"Adam J. Levitin . 2010 . Private disordering: Payment card fraud liability rules . Brooklyn Journal of Corporate, Financial, and Commercial Law 5 , 1 (2010), 1 -- 48 . Retrieved from http:\/\/papers.ssrn.com\/sol3\/papers.cfm?abstract_id=1570867. Adam J. Levitin. 2010. Private disordering: Payment card fraud liability rules. Brooklyn Journal of Corporate, Financial, and Commercial Law 5, 1 (2010), 1--48. Retrieved from http:\/\/papers.ssrn.com\/sol3\/papers.cfm?abstract_id=1570867.","journal-title":"Brooklyn Journal of Corporate, Financial, and Commercial Law"},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1140\/epjb\/e2010-00120-8"},{"key":"e_1_2_1_45_1","volume-title":"identity theft and data security breaches. Retrieved","author":"General Maine Attorney","year":"2016","unstructured":"Maine Attorney General . 2014. Privacy , identity theft and data security breaches. Retrieved November 2, 2016 , from http:\/\/www.state.me.us\/ag\/consumer\/identity_theft\/index.shtml. Maine Attorney General. 2014. Privacy, identity theft and data security breaches. Retrieved November 2, 2016, from http:\/\/www.state.me.us\/ag\/consumer\/identity_theft\/index.shtml."},{"key":"e_1_2_1_46_1","unstructured":"Maine Bureau of Financial Institutions. 2008. Maine data breach study. Retrieved from http:\/\/www.state.me.us\/pfr\/financialinstitutions\/reports\/index.htm. Maine Bureau of Financial Institutions. 2008. Maine data breach study. Retrieved from http:\/\/www.state.me.us\/pfr\/financialinstitutions\/reports\/index.htm."},{"key":"e_1_2_1_47_1","volume-title":"n.d. Maryland information security breach notices. Retrieved","author":"General Maryland Attorney","year":"2016","unstructured":"Maryland Attorney General . n.d. Maryland information security breach notices. Retrieved November 2, 2016 , from http:\/\/www.marylandattorneygeneral.gov\/Pages\/IdentityTheft\/breachnotices.aspx. Maryland Attorney General. n.d. Maryland information security breach notices. Retrieved November 2, 2016, from http:\/\/www.marylandattorneygeneral.gov\/Pages\/IdentityTheft\/breachnotices.aspx."},{"key":"e_1_2_1_48_1","volume-title":"2010 Workshop on the Economics of Information Security (WEIS'10)","author":"Amalia","year":"2010","unstructured":"Amalia R. Miller and Catherine Tucker. 2010. Encryption and data loss . In 2010 Workshop on the Economics of Information Security (WEIS'10) . Retrieved from http:\/\/weis 2010 .econinfosec.org\/papers\/session1\/weis2010_tucker.pdf. Amalia R. Miller and Catherine Tucker. 2010. Encryption and data loss. In 2010 Workshop on the Economics of Information Security (WEIS'10). Retrieved from http:\/\/weis2010.econinfosec.org\/papers\/session1\/weis2010_tucker.pdf."},{"key":"e_1_2_1_49_1","volume-title":"n.d. Security breach notifications. Retrieved","author":"Attorney General New Hampshire","year":"2016","unstructured":"New Hampshire Office of the Attorney General . n.d. Security breach notifications. Retrieved November 2, 2016 , from http:\/\/doj.nh.gov\/consumer\/security-breaches\/. New Hampshire Office of the Attorney General. n.d. Security breach notifications. Retrieved November 2, 2016, from http:\/\/doj.nh.gov\/consumer\/security-breaches\/."},{"key":"e_1_2_1_50_1","volume-title":"Fiscal Year 2012 Report to Congress on the Implementation of The Federal Information Security Management Act of","author":"Management Office","year":"2002","unstructured":"Office of Management and Budget. 2013. Fiscal Year 2012 Report to Congress on the Implementation of The Federal Information Security Management Act of 2002 . Office of Management and Budget. 2013. Fiscal Year 2012 Report to Congress on the Implementation of The Federal Information Security Management Act of 2002."},{"key":"e_1_2_1_51_1","unstructured":"Office of Management and Budget. 2014. Annual Report to Congress: Federal Information Security Management Act. Office of Management and Budget. 2014. Annual Report to Congress: Federal Information Security Management Act."},{"key":"e_1_2_1_52_1","unstructured":"Open Security Foundation. 2016. DataLossDB. Retrieved November 2 2016 from http:\/\/datalossdb.org\/. Open Security Foundation. 2016. DataLossDB. Retrieved November 2 2016 from http:\/\/datalossdb.org\/."},{"key":"e_1_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.4018\/irmj.2012010102"},{"key":"e_1_2_1_54_1","volume-title":"Fifth Third Bank","author":"Employees Credit Pennsyvania State","year":"2005","unstructured":"Pennsyvania State Employees Credit Union v. Fifth Third Bank . 2005 . 317 F. Supp. 2d. 398. (E.D. Pa . 2005). Pennsyvania State Employees Credit Union v. Fifth Third Bank. 2005. 317 F. Supp. 2d. 398. (E.D. Pa. 2005)."},{"key":"e_1_2_1_56_1","volume-title":"Breach at Neiman Marcus went undetected from July to December. New York Times (Jan","author":"Popper Nathaniel","year":"2014","unstructured":"Nathaniel Popper . 2014. Breach at Neiman Marcus went undetected from July to December. New York Times (Jan . 2014 ). Retrieved from http:\/\/www.nytimes.com\/2014\/01\/17\/business\/breach-at-neiman-marcus-went-undetected-from-july-to-december.html. Nathaniel Popper. 2014. Breach at Neiman Marcus went undetected from July to December. New York Times (Jan. 2014). Retrieved from http:\/\/www.nytimes.com\/2014\/01\/17\/business\/breach-at-neiman-marcus-went-undetected-from-july-to-december.html."},{"key":"e_1_2_1_57_1","unstructured":"Privacy Rights Clearinghouse. 2016a. Chronology of data breaches: FAQ. Retrieved from https:\/\/www.privacyrights.org\/chronology-data-breaches-faq. Privacy Rights Clearinghouse. 2016a. Chronology of data breaches: FAQ. Retrieved from https:\/\/www.privacyrights.org\/chronology-data-breaches-faq."},{"key":"e_1_2_1_58_1","volume-title":"Data breaches. Retrieved","author":"Clearinghouse Privacy Rights","year":"2016","unstructured":"Privacy Rights Clearinghouse . 2016b. Data breaches. Retrieved November 2, 2016 , from https:\/\/www.privacyrights.org\/data-breaches. Privacy Rights Clearinghouse. 2016b. Data breaches. Retrieved November 2, 2016, from https:\/\/www.privacyrights.org\/data-breaches."},{"key":"e_1_2_1_59_1","unstructured":"PYMNTS. 2015. OPM data breach undetected for a year. Retrieved from http:\/\/www.pymnts.com\/news\/2015\/opm-data-breach-undetected-for-a-year\/. PYMNTS. 2015. OPM data breach undetected for a year. Retrieved from http:\/\/www.pymnts.com\/news\/2015\/opm-data-breach-undetected-for-a-year\/."},{"key":"e_1_2_1_60_1","volume-title":"Banks start credit card reissue. Bangor Daily News (Feb","author":"Ravana Ann","year":"2007","unstructured":"Ann Ravana . 2007. Banks start credit card reissue. Bangor Daily News (Feb . 2007 ), 4. Ann Ravana. 2007. Banks start credit card reissue. Bangor Daily News (Feb. 2007), 4."},{"key":"e_1_2_1_61_1","volume-title":"The New Face of Identity Theft: An Analysis of Federal Case Data for the Years 2008 through","author":"Rebovich Donald J.","year":"2013","unstructured":"Donald J. Rebovich , Kristy Allen , and Jared Platt . 2015. The New Face of Identity Theft: An Analysis of Federal Case Data for the Years 2008 through 2013 . Technical Report. Center for Identity Management and Protection, Utica College . Retrieved from https:\/\/www.utica.edu\/academic\/institutes\/cimip\/New_Face_of_Identity_Theft.pdf. Donald J. Rebovich, Kristy Allen, and Jared Platt. 2015. The New Face of Identity Theft: An Analysis of Federal Case Data for the Years 2008 through 2013. Technical Report. Center for Identity Management and Protection, Utica College. Retrieved from https:\/\/www.utica.edu\/academic\/institutes\/cimip\/New_Face_of_Identity_Theft.pdf."},{"key":"e_1_2_1_62_1","unstructured":"Sasha Romanosky Alessandro Acquisti and Richard Sharp. 2010. Data breaches and identity theft: When is mandatory disclosure optimal? TPRC. Retrieved from http:\/\/papers.ssrn.com\/sol3\/papers.cfm?abstract_id=1989594. Sasha Romanosky Alessandro Acquisti and Richard Sharp. 2010. Data breaches and identity theft: When is mandatory disclosure optimal? TPRC. Retrieved from http:\/\/papers.ssrn.com\/sol3\/papers.cfm?abstract_id=1989594."},{"key":"e_1_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1002\/pam.20567"},{"key":"e_1_2_1_64_1","volume-title":"Proceedings of the 24th Annual National ASEM.","author":"Julie J. C.","unstructured":"Julie J. C. H. Ryan and Theresa I. Jefferson. 2003. The use, misuse, and abuse of statistics in information security research . In Proceedings of the 24th Annual National ASEM. Julie J. C. H. Ryan and Theresa I. Jefferson. 2003. The use, misuse, and abuse of statistics in information security research. In Proceedings of the 24th Annual National ASEM."},{"key":"e_1_2_1_65_1","first-page":"14","article-title":"The 2011 and 2012 surveys of consumer payment choice","author":"Schuh Scott D.","year":"2014","unstructured":"Scott D. Schuh and Joanna Stavins . 2014 . The 2011 and 2012 surveys of consumer payment choice . Federal Reserve Bank of Boston Research Paper Series Research Data Reports 14 - 11 . Retrieved from http:\/\/papers.ssrn.com\/sol3\/papers.cfm?abstract_id=2564165. Scott D. Schuh and Joanna Stavins. 2014. The 2011 and 2012 surveys of consumer payment choice. Federal Reserve Bank of Boston Research Paper Series Research Data Reports 14-1. Retrieved from http:\/\/papers.ssrn.com\/sol3\/papers.cfm?abstract_id=2564165.","journal-title":"Federal Reserve Bank of Boston Research Paper Series Research Data Reports"},{"key":"e_1_2_1_66_1","unstructured":"Adam Shostack and Andrew Stewart. 2008. The New School of Information Security. Pearson Education. Retrieved from https:\/\/books.google.com\/books?id=TWvC32p5M5YC. Adam Shostack and Andrew Stewart. 2008. The New School of Information Security. Pearson Education. Retrieved from https:\/\/books.google.com\/books?id=TWvC32p5M5YC."},{"key":"e_1_2_1_67_1","unstructured":"Adam Shostak. 2011. A critique of Ponemon Institute methodology for \u201cchurn.\u201d Retrieved from http:\/\/newschoolsecurity.com\/2011\/01\/a-critique-of-ponemon-institute-methodology-for-churn\/. Adam Shostak. 2011. A critique of Ponemon Institute methodology for \u201cchurn.\u201d Retrieved from http:\/\/newschoolsecurity.com\/2011\/01\/a-critique-of-ponemon-institute-methodology-for-churn\/."},{"key":"e_1_2_1_68_1","volume-title":"Computer hackers are stealing bank card information, but there is protection and some banks have been aggressive. Sunday News (July","author":"Stark Eric","year":"2004","unstructured":"Eric Stark . 2004. Computer hackers are stealing bank card information, but there is protection and some banks have been aggressive. Sunday News (July 2004 ), 1. Eric Stark. 2004. Computer hackers are stealing bank card information, but there is protection and some banks have been aggressive. Sunday News (July 2004), 1."},{"key":"e_1_2_1_69_1","unstructured":"Art Swift. 2014. Americans rely less on credit cards than in previous years. Retrieved from http:\/\/www.gallup.com\/poll\/168668\/americans-rely-less-credit-cards-previous-years.aspx. Art Swift. 2014. Americans rely less on credit cards than in previous years. Retrieved from http:\/\/www.gallup.com\/poll\/168668\/americans-rely-less-credit-cards-previous-years.aspx."},{"key":"e_1_2_1_70_1","unstructured":"Synovate. 2007. Federal Trade Commission\u20142006 Identity Theft Survey Report. Retrieved from https:\/\/www.ftc.gov\/reports\/federal-trade-commission-2006-identity-theft-survey-report-prepared-commission-synovate. Synovate. 2007. Federal Trade Commission\u20142006 Identity Theft Survey Report. Retrieved from https:\/\/www.ftc.gov\/reports\/federal-trade-commission-2006-identity-theft-survey-report-prepared-commission-synovate."},{"key":"e_1_2_1_71_1","unstructured":"ThreatTrack Security. 2014. Malware analysts have the tools they need but challenges remain. Retrieved from http:\/\/www.bankinfosecurity.com\/whitepapers\/malware-analysts-have-tools-they-need-but-challenges-remain-w-1026. ThreatTrack Security. 2014. Malware analysts have the tools they need but challenges remain. Retrieved from http:\/\/www.bankinfosecurity.com\/whitepapers\/malware-analysts-have-tools-they-need-but-challenges-remain-w-1026."},{"key":"e_1_2_1_72_1","unstructured":"U.S. Census. 2012. 2012 Statistical Abstract of the United States. U.S. Census. 2012. 2012 Statistical Abstract of the United States."}],"container-title":["ACM Transactions on Internet Technology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3122983","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3122983","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:11:04Z","timestamp":1750212664000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3122983"}},"subtitle":["Uncertainty and Transparency in Metrics for Data Security Policymaking"],"short-title":[],"issued":{"date-parts":[[2018,9,30]]},"references-count":69,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2018,11,30]]}},"alternative-id":["10.1145\/3122983"],"URL":"https:\/\/doi.org\/10.1145\/3122983","relation":{},"ISSN":["1533-5399","1557-6051"],"issn-type":[{"value":"1533-5399","type":"print"},{"value":"1557-6051","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,9,30]]},"assertion":[{"value":"2016-11-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2017-07-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2018-09-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}