In recent times, identity-related crime has received considerable public attention. In the news media, reports regularly appear of credit card numbers and other personal information being taken from databases and misused. In the United States in May 2005, for example, the processor of payment card data, CardSystems Solutions Inc., had its database breached and credit card account information including magnetic stripe data and cardholder names relating to over 40 million accounts were stolen (Krim and Barbaro, 2005). Between January and December 2005, Consumer Sentinel, the US complaints database developed and maintained by the Federal Trade Commission, received over 685,000 consumer fraud and identity theft complaints, 37 per cent of which concerned identity theft (see Finch, this volume). Consumers reported losses from fraud of more than US$680 million in 2005 (Federal Trade Commission, 2006). Cases involving identity-related cybercrime continue to come before the courts with most instances facilitated through the misuse of computer passwords.