(From http://www.itbusiness.ca/it/client/en/home/News.asp?id=50652 ) Top five ways Canadians can protect against credit fraud To avoid being victims of credit fraud, Canadians need to strengthen their defenses, ensuring fraudsters aren't taking advantage of forgotten bank statements, lousy passwords or convincing telemarketing scams. 11/6/2008 6:00:00 AM by Michelle MacLeod Each year thousands of Canadians fall victim to identity theft, and in a variety of ways. It could be by them misplacing personal information, having their wallets stolen, mistakenly giving out credit card numbers over the phone or Internet, or having their data stolen through a "safe" source, such as a bank or hospital. According to Phone Busters, the Canadian anti-fraud centre's monthly summary report, there have been 9,147 victim of identity theft in Canada from Jan. 1 to Oct. 31 of 2008. Identity theft is one of Canada's fastest growing crimes and costs financial institutions more than 10 million dollars annually. Fraudsters can steal your identity by swiping your wallet or mail, and filling out a change of address form, having your credit card and banking info re-directed to a new mail box, and applying for a new credit card. TransUnion Canada, a consumer credit reporting agency in Hamilton Ont., said the number of data breaches on company Web sites is also expanding. Hackers target Web banking and auto-dealer sites to collect personal, and financial information contained on these sites. Despite these grim realities, Tom Reid, director of product evaluation and consumer relations at TransUnion, says there is no need to panic. There are many different ways people can protect their personal information and ensure they don't get targeted in today's treacherous environment. "The best defense is becoming a harder target," he said. Canadians can minimize their risks by reducing being more vigilant and reducing opportunities for fraud. Reid offers up five key steps everyone can take to protect their credit. 1. Sign up for a credit monitoring system The first thing Canadians can and should do is sign up for a credit monitoring program at any consumer credit reporting agency, such as TransUnion.ca. The credit monitoring system is a strong tool for tracking your own credit history and recognizing any unauthorized activity. Essentially these companies have taken the credit profile, primarily used by businesses, and turned it on its head – making the information available to credit card holders. "We are allowing Canadians to achieve more in terms of identity theft protection and avoid the surveillance period by officials," Reid said. What many consumers don't know is that there could be a fairly big time lapse between the theft or data breach and when the identity fraud (use of stolen information) is committed. Six to 12 months after your wallet or purse has been stolen, you might assume you are safe, but a fraudster could re-emerge to access new credit or take over existing credit. Not only are your credit cards at risk, but fraudsters can establish a phone or wireless service, open checking accounts or file for bankruptcy under your name to avoid debts while impersonating you. If someone is using your personal information, you may not find out about it until some point down the road when a collection agency calls asking when you will pay your debts, Reid said. But a credit monitoring user will be notified immediately. "TransUnion will notify you by sending e-mail alerts if there are key changes to your credit profile," Reid said, "and take appropriate [steps] to report activities as fraudulent or inaccurate if you don't recognize them." 2. Place fraud alert flags on your file if necessary In conjunction with a credit monitoring system, Canadians should also protect their credit by initiating fraud alert flags. A fraud alert can make it more difficult for someone to apply for credit in your name, said Reid, because it tells creditors you have lost information and are vulnerable to an attack. Anyone can put a flag on their profile by calling any credit reporting company, who will then mark your file. The alert will not affect your existing credit cards or loans; it will only affect future requests for new credit cards or lines of credit. 3. Keep a tight rein on your personal information There are many ways someone can steal your identity in order to access your credit and most of them are "old school," Reid said, meaning information is taken from the trash or a purse rather than a new computer-hacking scheme. All personal data should also be shredded before disposal, he said. "Shred receipts, new credit card offers and bank statements." The easiest way to keep personal documents safe is to not carry them with you unless they are needed, Reid said, specially your Social Insurance Number (SIN) card. He said SIN card abuse is becoming a major problem for young people who may have that card but not possess a credit card or credit file. Their credit file could be compromised even before they even apply for credit ~V and they only realize the fraud years later. Another way Reid has seen abuse is fraudsters going through postal mail, looking for bank and credit card statements and tax information. A simple way to protect your mail box is to ensure you are checking it often or adding a lock to the container. Reid also suggests picking up new banking documents at the bank branch. "Our recommendation for reducing potential risk is to have the bank call you rather than have them mail new checks so that you can go to the branch and pick them up; because if they are stolen they can be altered and cashed." 4. Avoid offering personal information over the phone or e-mail Telemarketing scams have been around for years, but many Canadians are still falling for the same old tricks ~V donating money to phony charities, giving out banking information to individuals posing as their bank and more. The rule of thumb for avoiding phone scams or falling for fake emails is to not provide any personal information if the institution is pursuing you. It is okay to give out your personal information if you are calling the bank to check up on your account, but a red flag should pop up if they are calling you out of the blue, Reid said. Users of online banking should also learn what a real URL should look like in order to avoid links to phishing sites ~V fake, copycat bank sites designed to store and sell your personal information, such as credit card numbers and banking passwords. Additionally, Phone Busters encourages users to ensure their online passwords are obscure, and avoid using their mother's maiden name, pet's name, or digits of their phone number or birth date – all of which can be easily found by hackers. 5. Ask companies how they will use your personal information The fifth way to protect your data considers the other side of the equation – namely, reviewing how legitimate holders of your information can lose your personal data – and acting to prevent that. "I talk from time to time about information lost or shared by employers, landlords, bankers, retailers," Reid said. "They all have access to your data and you need to understand how their records are being kept and what solutions they would offer in case of a data breach. Because there are many solutions that businesses can provide at no cost to the consumer in the event that there's been a data breach by that organization." Even the most advanced systems can be compromised, as no company is fool-proof, Reid said, so companies should be proactively providing telephone support, fraud victim assistance as well as educational resources to their consumers to help them understand how identity theft occurs, what the risks are and what they can do to further protect themselves." And, organizations need to be prepared to act quickly, he said. In cases where an organization has database hacked or laptops stolen, the act could have been done by insiders, who sought employment there solely to perpetrate fraudulent activity. Businesses that don't have these proactive measures in place risk their reputation, high legal fees and financial risks from customers frustrated with their level of service. "So really, in some cases the onus is on the business that has that breach to look for ways to protect that consumer from downstream risk," Reid said. "All companies should be looking to provide assistance if you ask, because the most important asset to any business is their customer base."