While ID theft is rapidly growing, most Canadians are unaware of the seriousness of the threat and are taking only the most basic steps against preventing this menace, a new survey indicates.
Almost half of Canadians don’t realize that identity theft can damage their line of credit, and more than half carry their Social Insurance Number (SIN) in their wallet unnecessarily, according to the Sigma Assistel identity theft survey released March 18.
This criminal threat has grown in magnitude over the past five years, and Canadians need to become more aware of the tremendous harm it can do, says Pierre Julien, director of business development at Sigma Assistel.
So far about one in 10 Canadians has been a victim of identity theft.
Even victims haven’t realized the full import of the menace, Julien says. “The most disturbing fact is 74 per cent have never even asked for a credit report.”
Every Canadian can ask for a free credit report once a year from TransUnion LLC or Equifax Inc. – or pay a fee to monitor it online. Keeping close tabs on your credit score is a good idea in an era when sensitive data can be obtained over the Internet.
“Internet fraud is a vast problem now,” says corporal Louis Robertson, with the Royal Canadian Mounted Police’s (RCMP) criminal intelligence unit. “Online shopping and online business are part of our day to day habits now.”
Identity theft – a growing problem
Such habits leave Canadians open to identity theft, he adds. There were 14,242 victims of ID theft in 2006, and collective losses totalled about $15.8 million – almost twice the 2005 loss of $8.6 million. Data for 2007 is not yet completely tabulated.
“The stats speak for themselves,” Robertson says. “People are losing money because they are not careful enough.”
He cites the example of a typical e-mail scam, where people are asked to provide personal information for a chance to win a big international lottery prize.
“Joe Citizen is not careful enough, sees that big lottery prize at the end of the line, and sends all of his information,” Robertson says.
Criminals are turning to invading home and office PCs because they can extract information from hapless consumers, and then successfully use that for profit, says Avivah Litan, a vice-president at Stamford, Ct.-based analyst firm Gartner Inc.
“It’s much harder to go into a bank and hold up tellers, while it is much easier to put a piece of software on a computer the user isn’t even aware of.”
The black market for stolen personal information is thriving, Litan adds.
Criminals looking to sell bank account information will get $30 – $400, credit card numbers go for as little as 50 cents, e-mail addresses for $2 – $4 and e-mail passwords for up to $350.
SIN information can be purchased for only $5 – $7.
What criminals are really want is bank account information, Litan says. “That’s where the money is.”
Despite most Canadians not being completely aware of the risks posed by identity theft, many display some common sense when it comes to guarding their personal information, the survey shows.
Nine in 10 Canadians check their bank statements for accuracy, and more than eight in 10 do the same for credit card statements. Almost nine in 10 rarely dispose of banking statements before destroying them and almost everyone (95 per cent) never clean out their wallets in a public place.
Common sense on and offline
Now individuals must take that common sense and apply it to their online behaviours to help prevent becoming a identity theft victim, Julien says.
Particularly with online shopping.
“Make sure you have a secure Web site when doing a transaction,” he advises. “Don’t send a credit card number in an e-mail.”
Commonsense and a thoughtful approach goes a long way to preventing your information from falling into the wrong hands, RCMP’s Robertson says.
“Just take your time, for crying out loud. The more [valuable] the information you give online, the more you are playing with your personal life.”
He urges Canadians to be especially wary of any messages asking for financial information.
If you get what appears to be a message from your bank asking you for information, don’t respond but instead phone your bank to check, the RCMP official says.
Litian Gartner advocates many of the same common sense practices – and, in addition says Canadians should have the basic software needed to keep your computer secure.
Most people don’t even have basic firewall or anti-virus software, and those who install it don’t keep it updated.
There are also security software vendors that have toolbars you can add on to your browser to help you judge a Web site’s security.
“Be careful about click-through advertising,” she says. “A lot of spyware is distributed through advertising.”
Ever so often, criminals are go after large databases of customer information found on corporate hard drives in addition to skimming it from individual Web surfers.
Corporate data plunder
“Large corporations could be a target of identity fraud,” Robertson warns. Scammers infiltrate their large databases and look for information.
Bell Canada Enterprises worked with Montreal Police to recover the stolen data of more than 3.4 million customers from Ontario and Quebec Feb. 12.
The man arrested had planned to sell the information – even though most of it was available in phone books (names, addresses, phone numbers, and so on).
Canadian shoppers who frequented Winners and HomeSense were worried when parent firm Framingham, Mass.-based TJX Cos. announced that millions of credit card numbers were stolen from their databases by a hacker.
Most companies who collect customer data don’t keep it well secured unless forced by regulation to do so, Litan says.
“Most companies are driven by regulation and compliance,” she says. “You won’t find many companies spending money to protect customer data.”
Robertson concurs and says Canadian companies need to wake up and ensure the right protections are in place on their network.
“They have to realize we’re not in the 1970s any more,” he says. “Because of this major problem, they will definitely have to limit the flexibility of their database.”
Using the IT department to implement Network Access Control and an auditing system for your database are key to keeping on top of sensitive information, Litan says.
Encrypt the data you need to keep from customers and give strong access codes only to those that need to see it.
While hackers pose a threat, companies should be aware that many data theft cases are inside jobs, according to Websense’s Julien.
His advice: screen those you hire with a criminal record check, at least.
“Look at what your employee is doing,” he says, “is he driving a Mercedes Benz when he’s earning $35,000 a year?”
But if you find it is too late – that you’re already a victim of identity theft – there are some avenues to turn too.
Check and see if your financial institution offers the Websense service of re-claiming your identity for you.
“We can write letters to your creditors and the federal government [on your behalf],” Julien says.
If the risk of being robbed isn’t enough of a reason to guard your personal information – the bureaucratic nightmare of re-claiming your identity once it has been compromised is another thing to consider.