A PROBLEM THAT CONTINUES TO GROW
Identity theft has been a problem now for many years, but not until recently has the explosion of identity theft in our society become of epidemic proportion. Information technology has made personal and corporate identity information more readily accessible which has created growing difficulties for both individuals and for organizations. Lately the issue is gaining even more attention. The Canadian government recently introduced a new bill to help curb the growing problem of identity theft. While it is currently illegal to commit fraud with a stolen identity, it is not illegal to collect personal information on others. The new bill will soon change that, allowing law enforcement officials to go after individuals who collect the personal information of others in an attempt to commit fraud. It is an important step in the fight against a very serious problem in today’s society. In addition to the substantial financial effects, there are other outcomes from identity theft that can also be long lasting. It often takes years for an identity to be reclaimed, and the process can be long, tedious, and time consuming, not to mention costly.
The most commonly known form of identity theft is personal identity theft. Personal identity theft is defined as the act of stealing personal and financial information, such as a birth date, name, address, family information, Social Insurance Number, driver’s license number and bank account numbers, with the intent to commit a fraud by way of impersonating the victim. The financial frauds could include the fraudster taking out mortgages or other loans out in the victim’s name, credit card frauds, or passing bad cheques under the guise of the victim.
Although lesser known and less publicized, businesses also face problems with identity theft. Similar to personal identity theft, corporate identity theft occurs when a business has its identity stolen and used for fraudulent purposes. Corporate identity theft can affect companies to the same extent, if not more, than personal identity theft can affect an individual. Not only can the theft cause short-term financial losses as well as damage reputation and credibility, the theft weakens customer confidence, which can have long-lasting impact on the success of a company. What makes organizations especially vulnerable is the larger number of financial transactions undertaken compared with individuals, providing more opportunities for information to be stolen. In addition, organizations often have corporate entities spread throughout the world, having to adhere to different laws and control standards and they typically use more electronic communication than individuals which can make corporate identity theft easier.
What can you do to prevent identity theft? As an individual, the general safeguard against identity theft is to limit the availability of your personal information in the public domain. This means being careful when providing information in forms, surveys, over the phone and on the internet. Be wary of phishing scams where criminals attempt to acquire personal information over electronic communication and vishing scams where criminals attempt to gain information by way of deception over the phone. You should also consider the security of where you normally store your personal identity information. Keep in mind:
When carrying a wallet or a purse, are you only carrying identification information, credit and debit cards that are most frequently used?
Have you signed the back of your debit or credit cards?
Do you protect your PIN numbers and shield the PIN number when using it?
Do you properly dispose of all documents that could have your SIN number, credit cards receipts, bank statements, and personal information on it? (Shred it don’t throw it in the garbage)
Do you provide personal information only to organizations or internet sites you trust?
Is your computer and its internet connection secure?
When using ATM cards do you make sure that you cover the key pad while entering your PIN, no one is shoulder surfing, or that your card is being swiped out of your sight?
Do you change passwords and PIN numbers on a regular basis?
Do not provide your SIN number as personal identification.
Do not become a victim of “phishing” or “vishing”
Check your credit bureau reports regularly.
Businesses can also protect themselves in a variety of ways. Having strong data management policies for records storage and disposal can strengthen a company’s defense against identity theft. It is also important for a business to have good network controls such as firewalls, filters, and passwords. Also, a business should have the necessary internal controls such as basic segregation of duties and adequate training for staff.
Should the worst happen and you become a victim of identity theft, it is important to act quickly and notify the necessary authorities. If the fraud affected a particular credit or bank account you should notify the credit bureaus and contact the issuing financial institution to have the funds frozen and credit card(s) cancelled. You should also contact the following organizations as appropriate:
Your local police
Credit card companies
PhoneBusters – the Canadian Anti-fraud Call Center
Reporting Economic Crime Online (RECOL)
If you become a victim of identity theft, by acting fast you can minimize your problems in reclaiming your identity. Remember; safeguard your personal information and how you use it - by doing so you will less likely become a victim of identity theft.
David Malamed is Partner, and Eric Au is an Analyst, Financial Advisory Service, Grant Thornton LLP; they can be reached at (416) 366-0100.
1 CIPPIC Working Paper NO.1,
“Identity Theft; introduction
and background” March, 2007
2 Lesley Meall, “Technology:
Corporate Identity Fraud” Best
Practice, 21 Sep 2007