Identity Theft Protection - How do you protect yourself ? | General financial discussion | Discussion forum

AlainJF said
I am looking for suggestions regarding proactive "Identity Theft Protection".  

I watched a recent episode of CBC Marketplace that described a credit card scam, then they tested several fraud alert services from the credit monitoring companies from which the results for alert monitoring was not impressive.

You can watch the Marketplace episode Online HERE

What has triggered your interest in exploring this important topic?

Stephen

We looked into one of those services a while ago. I don't remember which one or who offered it but it dind't seem like they offered much for the price, so we forgot about it.

Other ideas:

When you are signing in somewhere and it asks if you want them to "remember" you, say "no '".
Similarly, when online shopping, don't keep an account.

When asked for security questions such as mother's maiden name, where married, name of pet etc., give a different answer than the real one. Too many people know the real answer. Only problem is, you have to remember it. This was suggested to me bt a credit union mgr.

Don't post your birthdate on social media. Forego all those e-cards!
Personally, I avoid social media entirely, and consider it a precaution, but i realize that is difficult for many people for various reasons. Use it at a minimum, for professional purposes only as required.

When answering the phone to unknown callers, assume the worst. Say nothing, or as little as possible in order to ascertain the nature of the call. Your words and voice can be spliced to give the impression you gave consent for something you didn't. Avoid, in particular, the word "yes", remembering that the first question they may ask you is to affirm your identity.

When upgrading computers, smartphones, etc., make sure you have thoroughly wiped them clean before discarding.

Basically, there aren’t any ways in Canada to protect you from ID thefts, because we still cannot freeze credit in Canada. Our system is purposely design for this:-)

If our voters are knowledgeable, then this should be an election issue.

The following has been online for so long, but nobody in mainstream wants to talk about.

https://www.change.org/p/equifax-mandate-free-and-on-demand-credit-freeze-in-canada

Your last comment reminds me to note that my DIL had all cards compromised about 2 months ago. She remembers a creepy guy being too close to her in the supermarket. Within an hour of getting home, she got called by all of her CC issuers about irregular purchases. Her cards had been read. Now we all have our cards in protective sleeves in our wallets.

Briguy, thanks for the heads up re the texting a code to my phone set up, though I don't have a smartphone (mine even pre-dates flip phones) and there's no personal info stored on it so I'm guessing (more like hoping) I'm ok.

Loonie said
I've heard different stories about those wallets, as to whether they really work. Can anyone add more? Cynic that I am, I would have thought that if they really worked well, the CC companies would be selling them to us, or at least offering them as incentives or something you could redeem points for.

Scary story from AltaRed. Not all scammers will look shifty. As I recall, you have a couple of bankers in your family, probably including the husband of DIL. Are they receiving any reliable info from their employers about this? Or is everyone just hoping for the best with RFID?

Good follow-up though from DIL's CC companies.  

Well, to DIL, she says 'creepy' but I think it just means invading her personal space which I understand, especially for females, is an uncomfortable feeling. And no, she is the DIL of spouse's side in our blended family. I've not asked my sons about RFID resisting wallets (or sleeves) but I've read about this issue before, so for the heck of it, DIL bought a gross of protective sleeves (like metallic coated paper sleeves) that she has distributed to all of us. Really doesn't add any noticeable bulk but a bit of inconvenience to pull the card out of the sleeve. As I understand it, my Exxon Speedpass buttons work the same (RFID) way.

I think RFID wallets (or facsimile) really do work. The signal is very low so any metallic coating will block the signal, unless there is physical contact perhaps, and I am not about to let anyone dig into my pocket.

Identity theft really can't be avoided. Other than practicing good online habits, databases are getting hacked, or fraudulently used by insiders, on an ongoing basis. You'd think that all companies would encrypt these databases but there is always some sloppy usage by employees or contractors. I used to subscribe to the Equifax credit (and identity) monitoring service post HD database breach but gave it up recently as a 'too expensive' option at $16/month. Equifax offered me a lower price when I told them I was walking but that kind of crap doesn't sit well with me. Simply means they were gouging in the first place.

From the various reviews online, almost all of the credit/identity monitoring offerings out there leave much to be desired. One complaint is that they don't prevent identity theft, but that should be understood anyway. The reason to use them is to know WHEN one's personal data, including things like email addresses, passwords, SIS, etc. have been compromised so that one can quickly get into damage control mode. These offerings just need to get a lot more cost effective into the single digit/month subscription rates. As someone mentioned, it would behoove Visa or MC or similar to team up and offer something on a planetary scale at a very low subscription rate.

Until then, I simply use good practices like: 1) a password manager to manage all my passwords, 2) not using public wi-fi for any sensitive, indeed, almost ANY transactions at all, 3) 2FA in some cases (text SMS or email despite some weaknesses there), 4) limiting sites where I have CC credentials on file, etc. But beyond that, I am not going to give up PayPass, my SpeedPass token, or Android Pay. The tech world is moving with lightening speed and I have no intention of being left behind. I have seen too many folk 10-20 years my senior who have not stayed current and are already dinosaurs. Another 10 years and they will be hopelessly unable to conduct much, if any, day to day transactional business.

My sons both say the big banks would like to rid themselves of brick and mortar transactions, but are likely to never be able to do so completely. As oligarchies, the regulator will probably force them to have to provide a limited teller service for the limited few who refuse, or don't have the resources, to be fully digital. The best FIs can likely do is to reduce physical locations, reduce teller stations and reduce hours for selected services such as changing currency, and issuing bank drafts.

AltaRed said
Your last comment reminds me to note that my DIL had all cards compromised about 2 months ago. She remembers a creepy guy being too close to her in the supermarket. Within an hour of getting home, she got called by all of her CC issuers about irregular purchases. Her cards had been read. Now we all have our cards in protective sleeves in our wallets.

I don't think her theory about what happened is accurate.

It is not in the protocol for the cards to answer in sequence. So, it would be a challenge to decipher the individual transmissions in the cacophony of all the cards in her purse responding at the same time.

One actually can't "read" the cards like that. The contactless response has enough information for up to one successful fraudulent tap before the next tap with the card. By design, part of the response changes with each tap. The card issuer will be able to tell that the response is a duplicate or is a predecessor to the latest response.

According to Canadian Bankers Association: "Tap to pay" card security - An FAQ, the cardholder name and CVV printed on the back of the card are not part of the contactless transmission:

Should I be concerned about security of tap to pay cards?
…
Limited information – The information transmitted during a tap to pay transaction is very limited and includes things like language preference, card number and other coding. The customer’s name, bank account number and the three-digit security code on the back of the credit card are not transmitted during a transaction.

So, it is not possible to clone the card or use the information for a purchase over the Internet.

For sure, someone got at least her credit card numbers. How that was accomplished is an open question.

I did a Google search and found reports of "card clash" ocurring when people present their wallet or purse with both their contactless transit card and their contactless credit and debit cards.

Sometimes, the wrong card is charged and sometimes two cards end up being charged! I guess if one is lucky, one could pick out a card or two out of the cacophony.

Nevertheless, there wouldn't be much one could do with the info. One tap for each card. I don't think many online sites would accept just a card number without the correct CVV.