Identity Theft Protection - How do you protect yourself ? | General financial discussion | Discussion forum

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

No permission to create posts
sp_Feed Topic RSS sp_TopicIcon
Identity Theft Protection - How do you protect yourself ?
July 1, 2019
9:08 am
AlainJF
Member
Members
Forum Posts: 191
Member Since:
January 16, 2017
sp_UserOfflineSmall Offline

I am looking for suggestions regarding proactive "Identity Theft Protection".

If anyone on this forum has experiences to share, or recommendations to make around proactive Services you use or Best Practices you do, that would be appreciated.

While not directly related to the subject of HISA, with the level of money movement activities being discussed on this forum, I imagine that I am not the only one interested by this topic...

July 1, 2019
12:42 pm
Saver-Mom
Member
Members
Forum Posts: 314
Member Since:
December 12, 2015
sp_UserOfflineSmall Offline

Getting copies of your credit reports from Equifax and Transunion yearly has been recommended. Change your banking passwords often, clear your history after each online session, make sure your internet security is up to date. Avoid giving out any personal information over the telephone unless you've placed the call yourself.
Shred documents and items with personal information once you no longer need them (credit card offers, financial statements etc).

July 1, 2019
12:52 pm
Nehpets
Ontario
Member
Members
Forum Posts: 994
Member Since:
December 20, 2016
sp_UserOfflineSmall Offline

AlainJF said
I am looking for suggestions regarding proactive "Identity Theft Protection".  

I watched a recent episode of CBC Marketplace that described a credit card scam, then they tested several fraud alert services from the credit monitoring companies from which the results for alert monitoring was not impressive.

You can watch the Marketplace episode Online HERE

What has triggered your interest in exploring this important topic?

Stephen

July 1, 2019
1:06 pm
Briguy
Member
Members
Forum Posts: 730
Member Since:
March 17, 2018
sp_UserOfflineSmall Offline

Having 2 factor authorization for FIs and other web sites that sends codes to your mobile phone to prove your identity is also not a good thing, since thieves can call your mobile service provider first and do a sim swap and steal your phone number, so they can then authorize the access to your accounts.
https://www.nbcbayarea.com/news/local/Mans-1M-Life-Savings-Stolen-In-Cell-Phone-Scam-509097961.html

July 1, 2019
4:18 pm
AlainJF
Member
Members
Forum Posts: 191
Member Since:
January 16, 2017
sp_UserOfflineSmall Offline

Nehpets said

AlainJF said
I am looking for suggestions regarding proactive "Identity Theft Protection".  

I watched a recent episode of CBC Marketplace that described a credit card scam, then they tested several fraud alert services from the credit monitoring companies from which the results for alert monitoring was not impressive.

You can watch the Marketplace episode Online HERE

What has triggered your interest in exploring this important topic?

Stephen  

Thanks for the Marketplace link. Very interesting episode, but quite disappointing from a proactive perspective.

Also, them proving that you need to use both, TransUnion and Equifax, to get complete coverage just for reactive alerts is quite concerning...

The exploration for best options continues...

July 1, 2019
7:08 pm
GICinvestor
Member
Members
Forum Posts: 670
Member Since:
April 26, 2019
sp_UserOfflineSmall Offline

AlainJF said

Thanks for the Marketplace link. Very interesting episode, but quite disappointing from a proactive perspective.

Also, them proving that you need to use both, TransUnion and Equifax, to get complete coverage just for reactive alerts is quite concerning...

The exploration for best options continues...  

Hi. I worked for a major retailer that had an in house credit card. We used put stuffers in the envelope when the statements were delivered. One was for such a service. The guys in the credit department that I used to coffee and lunch with in the same building said they, the third party service to us, botched very often.

So best thing to do, is to always have safe practices. Make sure passwords, if documented, are never left on paper and are in a password protected file. And if you do print......felt pen it, then shred it. Put your cheques and cheque registers in a safe...not in your desk drawer. Turn on all alerts you can from any one that offers them.

I am at the point of no longer writing a personal cheque other than to move funds to another bank.

Get your spouse on the program. The latter may be a daunting task. 🙂

Why would you give a company all that information? Think.....dishonest workers........stationed over seas........system hack.

July 1, 2019
7:45 pm
Loonie
Member
Members
Forum Posts: 9398
Member Since:
October 21, 2013
sp_UserOfflineSmall Offline

We looked into one of those services a while ago. I don't remember which one or who offered it but it dind't seem like they offered much for the price, so we forgot about it.

Other ideas:

When you are signing in somewhere and it asks if you want them to "remember" you, say "no '".
Similarly, when online shopping, don't keep an account.

When asked for security questions such as mother's maiden name, where married, name of pet etc., give a different answer than the real one. Too many people know the real answer. Only problem is, you have to remember it. This was suggested to me bt a credit union mgr.

Don't post your birthdate on social media. Forego all those e-cards!
Personally, I avoid social media entirely, and consider it a precaution, but i realize that is difficult for many people for various reasons. Use it at a minimum, for professional purposes only as required.

When answering the phone to unknown callers, assume the worst. Say nothing, or as little as possible in order to ascertain the nature of the call. Your words and voice can be spliced to give the impression you gave consent for something you didn't. Avoid, in particular, the word "yes", remembering that the first question they may ask you is to affirm your identity.

When upgrading computers, smartphones, etc., make sure you have thoroughly wiped them clean before discarding.

July 1, 2019
8:12 pm
GICinvestor
Member
Members
Forum Posts: 670
Member Since:
April 26, 2019
sp_UserOfflineSmall Offline

And two factor response.....Where were you born?
Don’t say.......are you ready.......HOSPITAL

July 1, 2019
8:24 pm
Brimleychen
Member
Members
Forum Posts: 258
Member Since:
September 5, 2013
sp_UserOfflineSmall Offline

Basically, there aren’t any ways in Canada to protect you from ID thefts, because we still cannot freeze credit in Canada. Our system is purposely design for this:-)

If our voters are knowledgeable, then this should be an election issue.

The following has been online for so long, but nobody in mainstream wants to talk about.

https://www.change.org/p/equifax-mandate-free-and-on-demand-credit-freeze-in-canada

July 1, 2019
9:34 pm
Rick
Member
Members
Forum Posts: 1110
Member Since:
February 17, 2013
sp_UserOfflineSmall Offline

Loonie said

When you are signing in somewhere and it asks if you want them to "remember" you, say "no '".
Similarly, when online shopping, don't keep an account.

When asked for security questions such as mother's maiden name, where married, name of pet etc., give a different answer than the real one. Too many people know the real answer. Only problem is, you have to remember it. This was suggested to me bt a credit union mgr.

I do that. Course, I can't even spell my mother's maiden name correctly, so no worries there.

Don't post your birthdate on social media. Forego all those e-cards!
Personally, I avoid social media entirely, and consider it a precaution, but i realize that is difficult for many people for various reasons. Use it at a minimum, for professional purposes only as required.

not on social media at all. Even happier I closed my Facebook account with all the continuing issues they seem to have.

When answering the phone to unknown callers, assume the worst. Say nothing, or as little as possible in order to ascertain the nature of the call. Your words and voice can be spliced to give the impression you gave consent for something you didn't. Avoid, in particular, the word "yes", remembering that the first question they may ask you is to affirm your identity.
Never ceases to amaze me the questions people will answer to a stranger on the phone that claims to be "taking a survey". I just say "Sorry..I don't give personal information to strangers on the phone" and hang up.

When upgrading computers, smartphones, etc., make sure you have thoroughly wiped them clean before discarding.  

Just did that with 3 old phones I had laying around.

I use the MOGO app to keep watch on my credit score. Updates the first of every month. I know it's not as good as your credit report, but is a good way to keep an eye on any credit activity. Tang did a hard check to increase my credit card limit and I took a 16 point hit. That's another story.

Don't forget the RFID scan proof wallet....just in case.

July 1, 2019
9:48 pm
AltaRed
BC Interior
Member
Members
Forum Posts: 3145
Member Since:
October 27, 2013
sp_UserOfflineSmall Offline

Your last comment reminds me to note that my DIL had all cards compromised about 2 months ago. She remembers a creepy guy being too close to her in the supermarket. Within an hour of getting home, she got called by all of her CC issuers about irregular purchases. Her cards had been read. Now we all have our cards in protective sleeves in our wallets.

July 1, 2019
11:19 pm
Loonie
Member
Members
Forum Posts: 9398
Member Since:
October 21, 2013
sp_UserOfflineSmall Offline

I've heard different stories about those wallets, as to whether they really work. Can anyone add more? Cynic that I am, I would have thought that if they really worked well, the CC companies would be selling them to us, or at least offering them as incentives or something you could redeem points for.

Scary story from AltaRed. Not all scammers will look shifty. As I recall, you have a couple of bankers in your family, probably including the husband of DIL. Are they receiving any reliable info from their employers about this? Or is everyone just hoping for the best with RFID?

Good follow-up though from DIL's CC companies.sf-cool

July 2, 2019
6:05 am
Bill
Member
Members
Forum Posts: 4024
Member Since:
September 11, 2013
sp_UserOfflineSmall Offline

Briguy, thanks for the heads up re the texting a code to my phone set up, though I don't have a smartphone (mine even pre-dates flip phones) and there's no personal info stored on it so I'm guessing (more like hoping) I'm ok.

July 2, 2019
6:38 am
pooreva
Member
Banned
Forum Posts: 440
Member Since:
April 2, 2018
sp_UserOfflineSmall Offline

Loonie said
When answering the phone to unknown callers, assume the worst. Say nothing, or as little ...

WHY are are doing this at all????
In era of cheap 'land lines' (VOIP) with call display included for free, you can always see who is calling. If you do not recognize the number, do not pick up, let it go to voice-mail. Simple as that.
Even though if you have an itchy fingers or just want to hear human voice if you are depressed, alone, whatever... and somebody starts 'How are you today...', or there is a delay for other party to start talking (call goes to India and back), you know it is somebody you do NOT want to talk. Swearing does not work as they are immune so just hang up.

Beside your mistakes providing too much info, you can count on dishonest retailers to screw your life. Few years ago I started receiving rogers mobile bill having my full address but some Chines name. Meaning somebody got a phone service from a retailer selling rogers services who did not want or did not care to check valid ID. Took me few months to get collection guys from my back and few calls to rogers to stop them pestering me. Solution was to tape a note to an unopened envelope with bill - ''xx' region police has been notified, stop pestering me' and return mail...

July 2, 2019
7:40 am
AltaRed
BC Interior
Member
Members
Forum Posts: 3145
Member Since:
October 27, 2013
sp_UserOfflineSmall Offline

Loonie said
I've heard different stories about those wallets, as to whether they really work. Can anyone add more? Cynic that I am, I would have thought that if they really worked well, the CC companies would be selling them to us, or at least offering them as incentives or something you could redeem points for.

Scary story from AltaRed. Not all scammers will look shifty. As I recall, you have a couple of bankers in your family, probably including the husband of DIL. Are they receiving any reliable info from their employers about this? Or is everyone just hoping for the best with RFID?

Good follow-up though from DIL's CC companies.sf-cool  

Well, to DIL, she says 'creepy' but I think it just means invading her personal space which I understand, especially for females, is an uncomfortable feeling. And no, she is the DIL of spouse's side in our blended family. I've not asked my sons about RFID resisting wallets (or sleeves) but I've read about this issue before, so for the heck of it, DIL bought a gross of protective sleeves (like metallic coated paper sleeves) that she has distributed to all of us. Really doesn't add any noticeable bulk but a bit of inconvenience to pull the card out of the sleeve. As I understand it, my Exxon Speedpass buttons work the same (RFID) way.

I think RFID wallets (or facsimile) really do work. The signal is very low so any metallic coating will block the signal, unless there is physical contact perhaps, and I am not about to let anyone dig into my pocket.

Identity theft really can't be avoided. Other than practicing good online habits, databases are getting hacked, or fraudulently used by insiders, on an ongoing basis. You'd think that all companies would encrypt these databases but there is always some sloppy usage by employees or contractors. I used to subscribe to the Equifax credit (and identity) monitoring service post HD database breach but gave it up recently as a 'too expensive' option at $16/month. Equifax offered me a lower price when I told them I was walking but that kind of crap doesn't sit well with me. Simply means they were gouging in the first place.

From the various reviews online, almost all of the credit/identity monitoring offerings out there leave much to be desired. One complaint is that they don't prevent identity theft, but that should be understood anyway. The reason to use them is to know WHEN one's personal data, including things like email addresses, passwords, SIS, etc. have been compromised so that one can quickly get into damage control mode. These offerings just need to get a lot more cost effective into the single digit/month subscription rates. As someone mentioned, it would behoove Visa or MC or similar to team up and offer something on a planetary scale at a very low subscription rate.

Until then, I simply use good practices like: 1) a password manager to manage all my passwords, 2) not using public wi-fi for any sensitive, indeed, almost ANY transactions at all, 3) 2FA in some cases (text SMS or email despite some weaknesses there), 4) limiting sites where I have CC credentials on file, etc. But beyond that, I am not going to give up PayPass, my SpeedPass token, or Android Pay. The tech world is moving with lightening speed and I have no intention of being left behind. I have seen too many folk 10-20 years my senior who have not stayed current and are already dinosaurs. Another 10 years and they will be hopelessly unable to conduct much, if any, day to day transactional business.

My sons both say the big banks would like to rid themselves of brick and mortar transactions, but are likely to never be able to do so completely. As oligarchies, the regulator will probably force them to have to provide a limited teller service for the limited few who refuse, or don't have the resources, to be fully digital. The best FIs can likely do is to reduce physical locations, reduce teller stations and reduce hours for selected services such as changing currency, and issuing bank drafts.

July 2, 2019
3:20 pm
Loonie
Member
Members
Forum Posts: 9398
Member Since:
October 21, 2013
sp_UserOfflineSmall Offline

pooreva said

Loonie said
When answering the phone to unknown callers, assume the worst. Say nothing, or as little ...

WHY are are doing this at all????
In era of cheap 'land lines' (VOIP) with call display included for free, you can always see who is calling. If you do not recognize the number, do not pick up, let it go to voice-mail. Simple as that.

  

I agree in theory, but there are many people who just automatically answer the phone and cannot be dissuaded from doing so.
My brother-in-law, who is a higher profile guy than me, deliberately has his phone rigged so that it will not display his number in order to prevent people accessing him. It's hard on family dynamics if you don't pick up when he calls.
There are always going to be situations where people pick up the phone and get someone they don't want to hear from.

July 2, 2019
5:16 pm
Norman1
Member
Members
Forum Posts: 7202
Member Since:
April 6, 2013
sp_UserOfflineSmall Offline

AltaRed said
Your last comment reminds me to note that my DIL had all cards compromised about 2 months ago. She remembers a creepy guy being too close to her in the supermarket. Within an hour of getting home, she got called by all of her CC issuers about irregular purchases. Her cards had been read. Now we all have our cards in protective sleeves in our wallets.

I don't think her theory about what happened is accurate.

It is not in the protocol for the cards to answer in sequence. So, it would be a challenge to decipher the individual transmissions in the cacophony of all the cards in her purse responding at the same time.

One actually can't "read" the cards like that. The contactless response has enough information for up to one successful fraudulent tap before the next tap with the card. By design, part of the response changes with each tap. The card issuer will be able to tell that the response is a duplicate or is a predecessor to the latest response.

According to Canadian Bankers Association: "Tap to pay" card security - An FAQ, the cardholder name and CVV printed on the back of the card are not part of the contactless transmission:

Should I be concerned about security of tap to pay cards?

Limited information – The information transmitted during a tap to pay transaction is very limited and includes things like language preference, card number and other coding. The customer’s name, bank account number and the three-digit security code on the back of the credit card are not transmitted during a transaction.

So, it is not possible to clone the card or use the information for a purchase over the Internet.

July 2, 2019
5:21 pm
AltaRed
BC Interior
Member
Members
Forum Posts: 3145
Member Since:
October 27, 2013
sp_UserOfflineSmall Offline

Okay.... but how would the CC companies know to contact her about abnormal transactions?

July 2, 2019
7:00 pm
Norman1
Member
Members
Forum Posts: 7202
Member Since:
April 6, 2013
sp_UserOfflineSmall Offline

For sure, someone got at least her credit card numbers. How that was accomplished is an open question.

I did a Google search and found reports of "card clash" ocurring when people present their wallet or purse with both their contactless transit card and their contactless credit and debit cards.

Sometimes, the wrong card is charged and sometimes two cards end up being charged! I guess if one is lucky, one could pick out a card or two out of the cacophony.

Nevertheless, there wouldn't be much one could do with the info. One tap for each card. I don't think many online sites would accept just a card number without the correct CVV.

July 3, 2019
9:46 am
jtfrogger
Member
Members
Forum Posts: 13
Member Since:
January 3, 2019
sp_UserOfflineSmall Offline

I do a number of things.

1) I am very protective of my personal information. No one gets my SIN unless they will generate a T-slip. My drivers license number is another thing that I don't hand out. I'll question any piece of data a company wants to collect from me. I've challenged a number of organizations on what they want to collect. I'll even challenge a company on collecting my phone number, even though my land line is easily found online. (I probably should make it unlisted, but it's been out there for a long time. Making it unlisted would only work if I get a new number.) When a business won't budge on inappropriate collection of personal information, I follow up with the provincial privacy office. They have been awesome to deal with.

2) For online accounts, I use a different email address for each one. I have my own domain, so it is easy. If one email address is made public, it is a single use address. If I start getting spam, I generally know where the leak happened. With the unique email addresses, I am less concerned about reusing passwords on lower risk sites. I then can reuse strong passwords without too much concern for it being compromised. I'll probably move to a password service like LastPass, but I have not gotten around to it.

3) I monitor my credit report through Credit Karma (Transunion) & Borrowell (Equifax). I would notice a new account very quickly. This doesn't prevent a breach, but limits the impact should one happen.

4) I monitor all my bank & credit card accounts at least weekly. When I am really busy, I will at least review the monthly details. But it is a lot easier to remember transaction details when done more often. I'm not too concerned about protecting credit card data beyond this. Fraudulent charges are quickly reversed. So, I don't use RFID-blocking wallets/sleeves. The ramification of a card being compromised is only a two minute phone call and using an alternate card for about a week.

No permission to create posts

Please write your comments in the forum.