Prevention

credit card locked up

What is true for health problems also holds true for identity problems – prevention is always better than cure. Victims of identity fraud often spend weeks or months and thousands of dollars undoing damage done by an identity fraudster. Often it is not until fraud has been committed that it becomes apparent that identity theft has occurred.

Identity theft prevention

Identity thieves can be very inventive and are generally hard to recognize. Constant vigilance is required to safeguard one’s personal identification. The following tables describe some methods of guarding against identity theft.

Verbal data insecurity 
Risk
Security measures
Telephone caller claiming o be a bank, government or other "official" who needs your personal informationTell the caller you will call them back via their publicly-listed phone number. Even then, do not give credit card, bank or social insurance details over the phone unless there is no doubt that it is legitimately required. Not that government officials will rarely ever require such information via telephone
Door-to-door corporate promoter who asks for your personal information to enter you in a prize draw for their company's product if you answer some questions (which will include your personal information)Decline to enter the competition. You odds of winning (if the promotion is legitimate) are infinitely smaller than the odds that your personal information will be misused
Survey taker- in person, online or on the phoneThe simplest security measure is to never do surveys of any kind
Cashier- asks for your phone number and postal code for "customer statistics"Simply decline to release any personal information. Remember that even fragments of your personal information can be collated and then used fraudulently

Physical data insecurity 
RiskSecurity measures
Unnecessary voluntary releaseDo not release more personal information than required by law. A landlord interviewing potential tenants has no legal right to require a social insurance number. Do not include your SIN on your resume
Credit card theftDon't let your credit card leave your sight when making a purchase. Do not sign your credit card. Instead, write on the back "Request Photo ID"
Mail theftUse a lockable mailbox
Dumpster diving- searching garbage for old credit cards, financial statements, bills, credit card offers, surplus cheques from closed accounts, or items containing personal informationDestroy documents containing personal information before discarding. Use a cross-cut shredder is possible
Theft of items targeted by fraudstersNever leave your wallet or purse unattended. Store cheque books, passports and "high value" identity items in a lock box or, ideally, in a fireproof safe
Theft from vehiclesOne out of every three stolen identity documents used to create a fraudulent ID can be traced back to auto thefts crimes. Do not leave anything containing personal information in your vehicle. For registration and insurance documents, store them in a locked glove compartment or preferably by a tethered lock-box
Emplyment scams- advertising a fictitious job to collect the personal information of unsuspecting applicants. Before mailing, faxing or emailing a resume in response to a job posting, research the company to ensure that it is legitimate. If there is any doubt, do not apply for the job.

Digital data insecurity 
RiskSecurity measures
Voluntary release onlineDo not disclose personal details such as your date of birth or your residential address on social media
Voluntary release on public WiFiDo not make purchases or financial transactions using free WiFi hotspots. If you must do so, use the Virtual Private Netwrok ("VPN") option on your computer to encrypt your information
Data retrieval- downloading data from discarded hard drives.Remove and physically destroy hard drives before discarding computers and devices with digital storage (this includes most large photocopiers), or have them professionally erased
Theft of electronic device (computer, laptop, tablet, smart phone)Do not leave electronic devices unattended- especially not in a vehicle. Password or PIN protect all devices containing personal information
Skimming- use of an illegal device attached to an ATM which can read the magnetic strip on the card.Inspect the card entry slot for sign of tampering such as traces of glue or the access slot itself protruding unusually. Cover the keypad with one hand while entering your PIN as wireless spy-cameras are often used in concert with the skimming device
Phishing- spam or pop-up messages purporting to be from a legitimate company or financial institution requiring that you "confirm your identity" or provide your personal informationLegitimate businesses will typically advise you to log into your account if here is a real issue. Never click on any link in spam email or in pop-up messages. Simply moving your cursor to the l ink (without clicking it) should reveal the true destination of the l ink. Ensure your anti-virus software is up to date and your firewall is turned on.
Computer identity theft & internet fraud- Hacking, viruses, spyware, zero-day attacks used to access information stored on a computerEnsure your computer's firewall is turned on and your anti-virus software is up to date.
Remote theft- cards containing RFID chips can be read remotely with a RFID reading deviceKeep cards with RFID chips in a shielded wallet or sleeve at all times except when being used.

Identifying problems

The following are some of the signs that personal information has already been stolen and misused:

– Transactions not involving you show up on your credit card or bank statement.

– Your financial institution advises you of suspicious transactions.

– More credit appears on your credit report than you applied for.

– You receive bills on accounts that you don’t own.

– A collection agency or creditor contacts you about an unknown debt.

– Financial statements or credit card bills no longer arrive.

– A credit application is denied despite your financial responsibility.

– A mortgage or a lien appears on your property.

Identity Fraud Prevention

The following procedures are good practice for avoiding or minimizing problems from identity fraud:

– Carefully review your monthly statements for credit cards, utility bill and subscriptions. Immediately investigate any unrecognized charges.

– Review your consumer credit report periodically. Legislation obligates the two credit bureaus in Canada to provide a free credit report to each Canadian consumer once per year. Therefore, every consumer should request their free credit report (called a ‘Consumer Disclosure’) at six-monthly intervals alternately from Equifax and TransUnion. If you notice any questionable or suspicious information on your Consumer Disclosure, contact the relevant creditor immediately to obtain all details.

– Privacy is a human right (see Article 12 of the Universal Declaration of Human Rights). You should not only limit the release of your personal information, but also limit the very existence of your personal information. Have no more than two credit cards in total – a primary and a back-up. Cancel inactive credit accounts. Do not carry around more identity information than needed (such as passport, SIN card, birth certificate, Nexus card, etc.). Store hard copy identity information in a fireproof safe at home, or at least in a secured lock box.

– Ensure your anti-virus software is up to date and periodically run a scan of your computer for threats. Ensure the firewall on your computer is turned on.

– Shred any document containing personal information before discarding.

– Memorize passwords and PINs rather than recording them anywhere. Realistically, however, life requires too many log-in details to remember all of them. If you do create a list of your log-in details, do not store it insecurely, and certainly not on any hard drive. If you store them on a flash drive, ensure that it is encrypted and disconnected from the internet when you access the file. Even on a secure flash drive it is better to store a list of password hints rather than your actual passwords.

If you believe your personal information has been accessed and misused, see the restoration page to learn what you can do to set things right.