6321 Are there laws against identity theft?

Yes. In 1998 Congress passed the Identity Theft and Assumption Deterrence Act (918 U.S.C.1028), which makes it a federal felony to use another person's identification with the intent to commit unlawful activity. Federal agencies such as the Secret Service, the FBI, and the U.S. Postal Inspection Service investigate suspected violations of this law; the Department of Justice handles prosecutions. Visit the FTC's website to find out more about federal and state laws governing identity theft, consumer credit and privacy and information.

6316 What is a fraud alert?

A fraud alert is a warning that you can place on your credit report by contacting the three major credit bureaus. It signals to potential creditors that you may be, or are at risk of being, a victim of identity theft. A fraud alert can take one of three forms—an initial alert, an extended alert and a military fraud alert:

Initial Fraud Alert — An initial alert lasts for at least 90 days. It is a precaution that can be taken in situations where you think you are at heightened risk for identity theft or that someone is currently stealing your identity, e.g., if your purse has been stolen. Placing an initial alert on your credit report requires potential creditors to use "reasonable policies and procedures" to confirm the legitimacy of your identity when it is used for credit applications. These "reasonable policies and procedures" may not always adequately protect you, however, so be sure to monitor your credit report carefully even if you've placed an initial fraud alert.

Extended Fraud Alert — An extended alert remains on your credit report for seven years. You are eligible to place this type of alert on your account if you have been the victim of identity theft and provide the credit bureaus with an identity theft report such as the one found on the FTC website.

Active Duty Military Fraud Alert — An active duty alert helps protect military personnel from identity theft. If you are a member of the military and away from your usual duty station, you may place an "active duty alert" on your credit report to help minimize the risk of identity theft while you are deployed. If you place an active duty alert, businesses must verify your identity before issuing credit in your name, which makes it harder for identity thieves to use your information to apply for credit. Active duty alerts on your report last for one year unless you request that the alert be removed sooner. If your deployment lasts longer, you may place another alert on your report.

6311 What is identity theft?

Identity theft is the misuse of another person's identifying information. In true identity theft, an identity thief uses another person's Social Security number and other identifying information to fraudulently open new accounts for financial gain. Victims may be unaware of the fraud for an extended period of time, which can allow the criminal to continue the ruse for months or even years. The criminal can use the victim's identity to work, receive medical care and commit other types of fraud. Account-takeover and credit-related fraud are common problems associated with identity theft.

 

Some examples of the many ways criminals use stolen identity information are to:     

  • Obtain credit fraudulently from banks and retailers
  • Steal money from the victim's existing accounts
  • Apply for loans
  • Establish accounts with utility companies
  • Rent an apartment
  • Obtain a job
  • Receive medical care
  • Achieve other financial gain using the victim's name
6306 What is a data breach?

A data breach is a situation in which information is either lost by or stolen from an organization or individual. Financial information, medical records, customer information, and student data are all examples of information that has been accessed as a result of data breaches. The incidents can occur under a number of different scenarios. Hacked databases and stolen laptops, PDAs, USB flash drives containing sensitive information account for many breaches. More than 75% of states now legally require organizations to contact affected individuals when a data breach occurs. To stay abreast of recent data breaches, click here.

6301 What can I do to protect my identity?

To reduce your chance of becoming a victim, check out our Consumer Tips. Find out how to protect your Social Security card, mail, checks, passwords, online activities, and much more.

6296 How can I monitor my own credit?

You can monitor your credit by checking your credit report from all three agencies at least twice a year. Under FACTA, every consumer has the right to get a copy of his or her credit report free from each of the credit reporting agencies. Instead of getting a report from all three credit reporting agencies at once, get one from each bureau every four months (providing you with a different snapshot three times per year). To obtain your three free reports annually, do not contact the reporting agencies as you normally would. Instead, go to this website, which was set up specifically to allow consumers to receive free credit reports: www.annualcreditreport.com.

You can also monitor fraud in your medical files, on your Social Security statement, insurance claims, or in public records. To find out how to get these reports, see the links on our Resources section.

6291 What are credit and fraud monitoring?

Credit monitoring involves monitoring your credit history for suspicious activity. The three credit bureaus offer credit monitoring for a modest fee, providing services such as allowing you to check your credit files every day for any fraudulent usage of your identity. To find out more about this service, see links for the three credit bureaus on our Resources section.

Fraud monitoring allows you to monitor public record databases for suspicious activity. Public record databases can show if someone has broken the law using your identity.

Beware of companies that guarantee they can prevent identity theft. While you can mitigate your risk of becoming a victim and the damage after a compromise, no one can give you a 100% guarantee that you can escape. Even if you do everything right, you might still be on the wrong database at the wrong moment. Never forget, the bad guys are getting better and better at what they do and are often far ahead of the good guys.

6286 What can I do to protect my computer and data?

There are three main threats to the data on your computer: malicious software, network intrusion by hackers, and physical theft.

To protect your computer against viruses, spyware, worms, and Trojan Horse programs (which let hackers control your computer), you must use antivirus, anti-spyware and anti-malware software—and keep those applications up-to-date. To keep intruders out, connect to the Internet through a properly configured firewall, keep administrative names and passwords updated, set wireless networks to "no broadcast" and be sure to power down your computer when not in use. Never open an email spam or other emails from unknown sources and avoid using public computers for online banking, email account access, or other sensitive exchanges of information, as keystroke loggers, web "cookies," or cached pages may be capturing your data.

Limit access to your computer to those you truly trust, and use restrictive permission levels to protect sensitive files. Whenever possible, encrypt files containing sensitive information, including backup files. And don't forget to protect your computer against physical theft—"password protection" sounds daunting but is actually easy for a tech-savvy criminal to defeat.

Finally, beware of "phishing" and "pharming" scams, which use fake corporate email, redirected web addresses, and "cloned" corporate web pages to plant viruses and con users into providing sensitive information. Never provide identity or account information in response to an email or if you have doubts about a website's authenticity. To learn more, check out our Consumer Tips.

6281 What is account takeover?

Account takeover occurs when an identity thief acquires a person's existing credit or bank account information and either withdraws money or makes purchases. Victims usually learn of account takeover when they check their account statements online or receive their monthly credit card or bank account statements.

6276 What methods do identity thieves employ?

Theft of wallets and purses was once the most common way to obtain identity documents and account information. Today, identity thieves attack virtually every area of an individual's life, wherever personal information is stored or sent. An identity thief needs only a few strategic bits of your personal information to commit identity theft and fraud. The more accounts the criminals are able to open, the more "evidence" they have that your identity belongs to them. Some of the most common methods include:
 

  • Dumpster diving in trash bins for credit card statements, loan applications, and other documents containing names, addresses, account information, and SSNs
  • Stealing mail from unlocked mailboxes to get preapproved credit offers, credit cards, utility bills, bank and credit card statements, investment reports, insurance statements, benefits documents, and tax information
  • Impersonating a loan officer, employer, or landlord to obtain access to credit files
  • Taking advantage of "insider" access to names, addresses, birth dates, and SSNs in personnel or customer files
  • Shoulder surfing when people are using laptops in public places or watching ATM transactions and public phones to capture PINs
  • "Skimming" of credit and debit card information at point-of-sale by copying the card or using a small electronic "skimmer" device
  • Tapping online sources of personal data, such as public records, fee-based information sites, and personal networking sites
  • Hacking into an organization's database to steal sensitive information
  • Purchasing fraudulent identities on the Internet or through a secondary market
6271 What is debt tagging?

Debt Tagging is a term used to describe when collectors target the wrong person for a debt and append that debt to their credit files.

After years of trying to collect on a debt, collection agencies are often left with old outdated contact information. If you have a common name or one that is similar to who they are looking, your risk is higher and you could be tagged with another person’s debts.

If you are contacted and do not believe the debt is yours, ask for proof of the debt. Debt collection agencies are required under the Fair Debt Collection Practices Act to provide debtors with proof of the debt they are attempting to collect.

Next, check to see if you are covered with Identity Theft Protection by your homeowners, auto or other insurance policies. Also check with your bank, credit union or financial services or employee benefits. If you are covered, call their claims/customer service departments. 

6266 What is child identity theft?

Child identity theft is true identity theft in which the victim is a minor child. Because a child (or parent acting on behalf of the child) is unlikely to request credit reports or to try to obtain credit, the theft can go undetected for a long time. In fact, the theft may not be detected until the child becomes an adult and applies for credit. If no credit report exists in your child's name, that is a good indication that your child has not been a victim. However, if you receive collection calls, statements and/or pre-approved credit offers in your child's name, your child may be a victim of identity theft.

6261 What is medical identity theft?

Medical identity theft is the misuse of a person's identity to obtain health care goods and services. It is a growing crime as the trend towards electronic medical records gains momentum. Often the first time a victim gets wind of medical identity theft is when he or she receives a statement from an insurance company for services rendered. To help detect this type of theft, read all Explanation of Benefits statements you receive from your insurance company and contact the provider immediately if you see descriptions of services unrelated to your own health care. Also, watch for any unpaid medical claims on your credit report. 

6256 What is synthetic identity theft?

In synthetic identity theft, instead of stealing an actual person's identity, a thief creates a fictional identity by taking pieces of information from a number of people. The thief usually starts with one victim's Social Security number and then composes a fictional identity associated with that number. Synthetic identity theft is often harder to detect than true identity theft, because accounts and other credit that is falsely obtained typically do not show up on the credit report of the victim whose Social Security number has been stolen. Since the thieves have created fictional identities instead of stealing real consumers' identities, it is most often banks that are the real victims of this type of theft because they are stuck with the bills. Beware of so-called credit repair companies that use synthetic identity theft to "erase" your credit file and create a synthetic (or fictional) identity for you. While this tactic appears to solve your credit problem, it is illegal and could create new ones down the road.

3604 Qu’est-ce que l’usurpation d’identité?

L’usurpation d’identité est le mauvais usage de l’identité d’une autre personne. Dans une situation d’usurpation d’identité réelle, l’usurpateur d’identité utilise le numéro d’assurance sociale d’une autre personne et d’autres renseignements signalétiques pour ouvrir de nouveaux comptes frauduleusement afin de générer un gain financier. Les victimes peuvent ne pas être conscientes de la fraude pendant une longue période, ce qui peut permettre au criminel de continuer la ruse pendant des mois, voire des années. Le criminel peut utiliser l’identité de la victime pour travailler, recevoir des soins médicaux et commettre d’autres types de fraude. La prise de contrôle de comptes et la fraude liée au crédit sont des problèmes courants associés à l’usurpation d’identité. Voici quelques exemples des nombreuses raisons pour lesquels les criminels utilisent l’information obtenue au moyen de l’usurpation d’identité :

  • Obtenir frauduleusement du crédit auprès des banques et des détaillants
  • Voler de l’argent des comptes existants de la victime
  • Faire des demandes de prêts
  • Ouvrir des comptes auprès d’entreprises de services publics
  • Louer un appartement
  • Obtenir un emploi
  • Recevoir des soins médicaux
  • Obtenir d’autres gains financiers en utilisant le nom de la victime
3603 Qu’est-ce que la prise de contrôle de comptes?

La prise de contrôle de comptes se produit quand un usurpateur d’identité acquiert les données existantes de crédit ou de compte bancaire d’une personne pour retirer de l’argent ou faire des achats. Les victimes découvrent généralement la prise de contrôle de leur compte quand ils vérifient leurs relevés de compte en ligne ou reçoivent leurs relevés mensuels de carte de crédit ou de compte bancaire.

3602 Que puis-je faire pour protéger mon identité?

Pour réduire votre risque de devenir une victime, consultez notre section de conseils aux consommateurs. Découvrez la façon de protéger votre carte d’assurance sociale, votre courrier, vos chèques, vos mots de passe, vos activités en ligne, et bien plus encore.

3601 Que puis-je faire pour protéger mon ordinateur et mes données?

Il existe trois principales menaces aux données de votre ordinateur: logiciels malveillants, intrusion de réseau par des pirates et vol physique.

Pour protéger votre ordinateur contre les virus, les logiciels espions, les vers et les chevaux de Troie (qui permettent aux pirates de contrôler votre ordinateur), vous devez utiliser un antivirus, un anti-logiciel espion et un anti-logiciel malveillant, et maintenir ces applications à jour. Pour se protéger des intrus, connectez-vous à Internet par l’entremise d’un pare-feu correctement configuré, maintenez à jour vos noms d’utilisateur et vos mots de passe, configurez les réseaux sans fil à « aucune diffusion » et n’oubliez pas d’éteindre votre ordinateur lorsqu’il n’est pas utilisé. N’ouvrez jamais un pourriel ou d’autres courriels provenant de sources inconnues et évitez d’utiliser des ordinateurs publics pour des opérations bancaires en ligne, pour accéder à votre compte de courriel ou pour d’autres échanges d’information sensible, puisque des enregistreurs de frappe, des fichiers témoin ou des pages mises en cache peuvent capturer vos données.

Limitez l’accès à votre ordinateur à ceux auxquels vous faites vraiment confiance, et utilisez les niveaux d’autorisation restrictifs pour protéger les fichiers sensibles. Dans la mesure du possible, cryptez les fichiers contenant des renseignements sensibles, incluant les fichiers de sauvegarde. Et n’oubliez pas de protéger votre ordinateur contre le vol physique : la protection par mot de passe semble intimidante, mais il est facile pour un criminel astucieux de l’outrepasser.

Enfin, méfiez-vous des escroqueries d’hameçonnage et de dévoiement, qui utilisent de faux courriels d’entreprises, des adresses Web redirigées et des pages Web clonées d’entreprises pour planter des virus et tromper les utilisateurs pour qu’ils fournissent des renseignements sensibles. Ne donnez jamais de renseignements sur votre identité ou vos comptes en réponse à un courriel ou si vous avez des doutes sur l’authenticité d’un site Web. Pour en savoir plus à ce sujet, consultez notre section de conseils aux consommateurs.

3600 Quelles méthodes les usurpateurs d’identité utilisent-ils?

Le vol de porte-monnaie et de sacs à main était autrefois la façon la plus courante d’obtenir des pièces d’identité et des coordonnées de compte. Aujourd’hui, les usurpateurs d’identité attaquent presque toutes les facettes de la vie d’un individu, à tous les endroits où des renseignements personnels sont stockés ou transmis. Un usurpateur d’identité n’a besoin que de quelques pièces stratégiques de vos renseignements personnels pour commettre un vol d’identité et une ou des fraudes. En ouvrant un plus grand nombre de comptes, les criminels ont davantage de « preuves » que votre identité leur appartient. Voici certaines des méthodes les plus courantes :

  • La fouille de poubelles pour obtenir des relevés de cartes de crédit, des demandes de prêts et d’autres documents contenant des noms, des adresses, des coordonnées de compte, et des NAS
  • Le vol du courrier des boîtes aux lettres déverrouillées pour obtenir des offres de crédit préapprouvées, des cartes de crédit, des factures de services publics, des relevés bancaires et de cartes de crédit, des rapports d’investissement, des déclarations d’assurance, des documents de prestations et des renseignements fiscaux
  • L’usurpation de l’identité d’un agent de crédit, d’un employeur ou d’un propriétaire pour obtenir l’accès aux dossiers de crédit
  • L’exploitation de l’accès « d’initié » aux noms, adresses, dates de naissance et NAS dans les dossiers du personnel ou des clients
  • L’écorniflage quand les gens utilisent des ordinateurs portables dans les lieux publics ou l’observation des transactions aux guichets automatiques bancaires et aux téléphones publics pour saisir les NIP
  • L’interception des données de crédit et de carte de débit au point de vente en copiant la carte ou en utilisant un petit copieur de carte électronique
  • L’exploitation de sources de données personnelles en ligne, comme les dossiers publics, les sites d’information payants et les sites de réseautage personnel
  • Le piratage dans la base de données d’une organisation pour obtenir des renseignements sensibles
  • L’achat d’identités frauduleuses sur Internet ou par l’entremise d’un marché secondaire 
3599 Qu’est-ce que le marquage de la dette?

Le « marquage de la dette » est un terme utilisé pour décrire le moment où les agences de recouvrement ciblent la mauvaise personne pour une dette et ajoutent cette dette à son dossier de crédit.

Après des années à essayer de recouvrer une créance, les agences de recouvrement n’ont souvent que d’anciennes coordonnées périmées. Si vous avez un nom courant ou un nom similaire à celui de la personne recherchée, votre risque est plus élevé et vous pourriez être « marqué » des dettes d’une autre personne.

Si vous êtes contacté et si vous croyez que la dette n’est pas la vôtre, demandez une preuve de la dette. Les agences de recouvrement de créances sont tenues en vertu de la Loi sur la protection du consommateur provinciale de fournir aux débiteurs la preuve de la dette qu’ils tentent de recouvrer.

Ensuite, vérifiez si vous êtes couvert par une protection contre l’usurpation d’identité par vos polices d’assurance habitation, automobile ou autres. Vérifiez également auprès de votre banque, de votre caisse populaire et de vos fournisseurs de services financiers ou d’avantages sociaux. Si vous êtes couvert, contactez leur centre de service à la clientèle et de règlement des sinistres. 

3598 Qu’est-ce que l’usurpation d’identité d’un enfant?

L’usurpation d’identité d’un enfant est une usurpation d’identité réelle où la victime est un enfant mineur. Puisqu’il est peu probable qu’un enfant (ou qu’un parent agissant au nom de l’enfant) demande des rapports de solvabilité ou tente d’obtenir du crédit, l’usurpation peut passer inaperçue pendant longtemps. En fait, l’usurpation peut passer inaperçue jusqu’à ce que l’enfant devienne adulte et fait une demande de crédit. Si aucun rapport de solvabilité n’existe au nom de votre enfant, il est probable que votre enfant n’ait pas été victime d’une usurpation d’identité. Toutefois, si vous recevez des appels de recouvrement, des relevés ou des offres de crédit préapprouvées au nom de votre enfant, ce dernier peut être victime d’une telle usurpation.

3597 Qu’est-ce que l’usurpation d’identité médicale?

L’usurpation d’identité médicale est le mauvais usage de l’identité d’une personne pour obtenir des biens et des services de santé. Souvent, la première fois qu’une victime découvre l’usurpation de son identité médicale, elle reçoit une facture pour des services qu’elle n’a pas obtenus. D’autres signes incluent des notes médicales inhabituelles ou des erreurs dans le dossier médical. Si l’on vous dit que vous avez atteint la limite d’indemnité de votre régime d’assurance maladie ou si l’on vous refuse toute assurance invalidité, vous pourriez aussi être victime d’une telle usurpation. Pour vous aider à détecter ce type d’usurpation d’identité, vous devriez vérifier vos dossiers médicaux par l’entremise de votre médecin en cas d’activité frauduleuse au moins une fois par an. Vous pouvez également obtenir une copie de votre « état des prestations » de votre ministère provincial ou territorial de la santé, pour obtenir un résumé ou une liste de tous les services reçus par l’entremise de votre carte d’assurance maladie. Contactez le fournisseur immédiatement si vous voyez la description de services qui ne sont pas liés à vos soins de santé. Les conséquences de l’usurpation d’identité médicale peuvent être potentiellement désastreuses pour la victime.

3596 Qu’est-ce que l’usurpation d’identité synthétique?

Dans un cas d’usurpation d’identité synthétique, au lieu d’usurper l’identité d’une personne réelle, l’usurpateur crée une identité fictive en prenant des éléments d’information provenant de plusieurs personnes. L’usurpateur commence généralement par le numéro d’assurance sociale de l’une des victimes, puis créé une identité fictive associée à ce numéro. L’usurpation d’identité synthétique est souvent plus difficile à détecter que la vraie usurpation d’identité, parce que les comptes et les autres produits de crédit qui ont été faussement obtenus n’apparaissent généralement pas sur le rapport de solvabilité de la victime dont le numéro d’assurance sociale a été usurpé. Puisque les usurpateurs ont créé des identités fictives au lieu d’usurper l’identité de véritables consommateurs, les banques sont le plus souvent les véritables victimes de ce type d’usurpation parce qu’elles sont aux prises avec les factures. Méfiez-vous des soi-disant entreprises de réhabilitation de crédit qui utilisent l’usurpation d’identité synthétique pour « effacer » votre dossier de crédit et vous créer une identité synthétique (ou fictive). Bien que cette tactique semble résoudre votre problème de crédit, elle est illégale et pourrait poser de nouveaux problèmes plus tard.

3595 Qu’est-ce qu’une violation de données?

Une violation de données est une situation dans laquelle l’information est soit perdue ou volée par une organisation ou un particulier. L’information financière, les dossiers médicaux, l’information de la clientèle et les données des étudiants sont tous des exemples de renseignements qui ont été accessibles à la suite de violations de données. Les incidents peuvent se produire dans plusieurs scénarios différents. Le piratage de bases de données et le vol d’ordinateurs portables, d’assistants numériques et de clés USB contenant des renseignements sensibles figurent parmi ces infractions.

3594 Qu’est-ce que la surveillance du crédit et de la fraude?

La surveillance du crédit et de la fraude consiste à surveiller votre historique de crédit pour toute activité suspecte. Les deux agences d’évaluation du crédit offrent la surveillance du crédit pour une somme modique, fournissant des services vous permettant de vérifier votre dossier de crédit chaque jour pour toute utilisation frauduleuse de votre identité. Pour en savoir plus sur ce service, consultez les liens des deux agences d’évaluation du crédit dans notre section « Ressources ».

Méfiez-vous des entreprises qui garantissent la prévention de l’usurpation d’identité. Bien que vous puissiez atténuer le risque de devenir une victime et les dégâts après une violation de vos données, personne ne peut vous garantir à 100 % que vous pouvez y échapper. Même si vous faites tout correctement, vous pourriez encore être sur la mauvaise base de données au mauvais moment. N’oubliez jamais que les malfaiteurs sont de plus en plus efficaces et ont souvent plusieurs longueurs d’avance sur les gens honnêtes.

3593 Qu’est-ce qu’une alerte de fraude ou un avertissement de fraude?

Une alerte de fraude ou un avertissement de fraude est une déclaration que vous pouvez placer sur votre rapport de solvabilité en communiquant avec les deux principales agences d’évaluation du crédit. Il signale aux créanciers potentiels que vous pouvez être ou êtes à risque d’être une victime d’usurpation d’identité. Une alerte ou un avertissement de fraude peut être mis en place ainsi :

Auprès de TransUnion et Equifax

  1. Si vous êtes victime d’une fraude ou d’une usurpation d’identité, vous pouvez demander l’affichage d’une alerte de fraude, sans frais. Cet avertissement restera également sur votre dossier de crédit pendant 6 ans.
  2. S’il n’y a pas de preuve de fraude, vous pouvez tout de même mettre en place une alerte à la fraude, qui reste sur votre dossier de solvabilité pendant 6 ans. Il y a des frais de 5 $, taxes provinciales en sus, pour l’affichage de cet avertissement.
3592 Comment puis-je surveiller mon propre crédit?

Vous pouvez surveiller votre crédit en vérifiant votre rapport de solvabilité auprès des deux agences au moins deux fois par an. En vertu de la Loi sur la protection du consommateur, chaque consommateur a le droit d’obtenir une copie de son rapport de solvabilité de chacune des agences d’évaluation du crédit. Ces agences ne partagent pas les renseignements; il est donc important de commander votre rapport de solvabilité de chacune d’elle afin d’obtenir une image complète de votre degré de solvabilité actuel.

Il y a plusieurs façons d’obtenir des copies de vos rapports de solvabilité. Consultez notre guide « Comment commander votre rapport de solvabilité » en cliquant ici.

3591 Y a-t-il des lois contre l’usurpation d’identité?

Oui. En 2010, le gouvernement fédéral a adopté le projet de loi S-4, qui a créé trois nouvelles infractions au Code criminel liées au vol d’identité, incluant les suivantes :

  • L’obtention et la possession de renseignements d’identité avec l’intention de les utiliser de façon trompeuse, malhonnête ou frauduleuse pour la perpétration d’un crime.
  • La traite de renseignements liés à l’identité, une infraction ciblant ceux qui cèdent ou vendent des renseignements à une autre personne en ayant connaissance de l’utilisation criminelle possible de l’information ou sans s’en soucier.
  • La possession illégale ou le trafic de documents d’identité émis par le gouvernement qui contiennent les renseignements d’un tiers.

Ces trois infractions entraînent des peines d’emprisonnement maximal de cinq ans. En outre, la législation donne aux tribunaux le pouvoir d’ordonner aux délinquants de dédommager la victime de l’usurpation d’identité dans le cadre de leur peine.

3568 What is identity theft?

Identity theft is the misuse of another person's identifying information. In true identity theft, an identity thief uses another person's Social Insurance number and other identifying information to fraudulently open new accounts for financial gain. Victims may be unaware of the fraud for an extended period of time, which can allow the criminal to continue the ruse for months or even years. The criminal can use the victim's identity to work, receive medical care and commit other types of fraud. Account-takeover and credit-related fraud are common problems associated with identity theft. Some examples of the many ways criminals use stolen identity information are to:

  • Obtain credit fraudulently from banks and retailers
  • Steal money from the victim's existing accounts 
  • Apply for loans
  • Establish accounts with utility companies
  • Rent an apartment
  • Obtain a job
  • Receive medical care
  • Achieve other financial gain using the victim's name
3589 What is account takeover?

Account takeover occurs when an identity thief acquires a person's existing credit or bank account information and either withdraws money or makes purchases. Victims usually learn of account takeover when they check their account statements online or receive their monthly credit card or bank account statements.

3588 What can I do to protect my identity?

To reduce your chance of becoming a victim, check out our Consumer Tips. Find out how to protect your Social Insurance card, mail, checks, passwords, online activities, and much more.

3587 What can I do to protect my computer and data?

There are three main threats to the data on your computer: malicious software, network intrusion by hackers, and physical theft.

To protect your computer against viruses, spyware, worms, and Trojan Horse programs (which let hackers control your computer), you must use antivirus, anti-spyware and anti-malware software—and keep those applications up-to-date. To keep intruders out, connect to the Internet through a properly configured firewall, keep administrative names and passwords updated, set wireless networks to "no broadcast" and be sure to power down your computer when not in use. Never open an email spam or other emails from unknown sources and avoid using public computers for online banking, email account access, or other sensitive exchanges of information, as keystroke loggers, web "cookies," or cached pages may be capturing your data.

Limit access to your computer to those you truly trust, and use restrictive permission levels to protect sensitive files. Whenever possible, encrypt files containing sensitive information, including backup files. And don't forget to protect your computer against physical theft—"password protection" sounds daunting but is actually easy for a tech-savvy criminal to defeat.

Finally, beware of "phishing" and "pharming" scams, which use fake corporate email, redirected web addresses, and "cloned" corporate web pages to plant viruses and con users into providing sensitive information. Never provide identity or account information in response to an email or if you have doubts about a website's authenticity. To learn more, check out our Consumer Tips.

3586 What methods do identity thieves employ?

Theft of wallets and purses was once the most common way to obtain identity documents and account information. Today, identity thieves attack virtually every area of an individual's life, wherever personal information is stored or sent. An identity thief needs only a few strategic bits of your personal information to commit identity theft and fraud. The more accounts the criminals are able to open, the more "evidence" they have that your identity belongs to them. Some of the most common methods include:

  • Dumpster diving in trash bins for credit card statements, loan applications, and other documents containing names, addresses, account information, and SINs
  • Stealing mail from unlocked mailboxes to get preapproved credit offers, credit cards, utility bills, bank and credit card statements, investment reports, insurance statements, benefits documents, and tax information
  • Impersonating a loan officer, employer, or landlord to obtain access to credit files
  • Taking advantage of "insider" access to names, addresses, birth dates, and SINs in personnel or customer files
  • Shoulder surfing when people are using laptops in public places or watching ATM transactions and public phones to capture PINs
  • "Skimming" of credit and debit card information at point-of-sale by copying the card or using a small electronic "skimmer" device
  • Tapping online sources of personal data, such as public records, fee-based information sites, and personal networking sites
  • Hacking into an organization's database to steal sensitive information
  • Purchasing fraudulent identities on the Internet or through a secondary market
3585 What is debt tagging?

Debt Tagging is a term used to describe when collectors target the wrong person for a debt and append that debt to their credit files.

After years of trying to collect on a debt, collection agencies are often left with old outdated contact information. If you have a common name or one that is similar to who they are looking, your risk is higher and you could be tagged with another person’s debts.

If you are contacted and do not believe the debt is yours, ask for proof of the debt. Debt collection agencies are required under provincial Consumer Protection legislation to provide debtors with proof of the debt they are attempting to collect.

Next, check to see if you are covered with Identity Theft Protection by your homeowners, auto or other insurance policies. Also check with your bank, credit union or financial services or employee benefits. If you are covered, call their claims/customer service departments. 

3584 What is child identity theft?

Child identity theft is true identity theft in which the victim is a minor child. Because a child (or parent acting on behalf of the child) is unlikely to request credit reports or to try to obtain credit, the theft can go undetected for a long time. In fact, the theft may not be detected until the child becomes an adult and applies for credit. If no credit report exists in your child's name, that is a good indication that your child has not been a victim. However, if you receive collection calls, statements and/or pre-approved credit offers in your child's name, your child may be a victim of identity theft.

3590 What is medical identity theft?

Medical identity theft is the misuse of a person's identity to obtain health care goods and services. Often the first time a victim gets wind of medical identity theft is when he or she receives a bill for services they did not receive. Other signs include non-familiar medical notes or mistakes in your medical record. If you are told that you have reached your benefit limit on your health insurance plan or you are denied disability insurance, you could also be a victim.To help detect this type of theft, you should check your medical files, through your physician, for fraudulent activity at least once a year. You can also obtain a copy of your “Statement of Benefits” from your provincial or territorial ministry of health, which would provide a summary or listing of all services received through your health card. Contact the provider immediately if you see descriptions of services unrelated to your own health care. The consequences of medical identity theft can potentially be disastrous for the victim of identity theft.

3582 What is synthetic identity theft?

In synthetic identity theft, instead of stealing an actual person's identity, a thief creates a fictional identity by taking pieces of information from a number of people. The thief usually starts with one victim's Social Insurance number and then composes a fictional identity associated with that number. Synthetic identity theft is often harder to detect than true identity theft, because accounts and other credit that is falsely obtained typically do not show up on the credit report of the victim whose Social Insurance number has been stolen. Since the thieves have created fictional identities instead of stealing real consumers' identities, it is most often banks that are the real victims of this type of theft because they are stuck with the bills. Beware of so-called credit repair companies that use synthetic identity theft to "erase" your credit file and create a synthetic (or fictional) identity for you. While this tactic appears to solve your credit problem, it is illegal and could create new ones down the road.

3580 What is a data breach?

A data breach is a situation in which information is either lost by or stolen from an organization or individual. Financial information, medical records, customer information, and student data are all examples of information that has been accessed as a result of data breaches. The incidents can occur under a number of different scenarios. Hacked databases and stolen laptops, PDAs, USB flash drives containing sensitive information account for many breaches.

3578 What is credit and fraud monitoring?

Credit and fraud monitoring involves monitoring your credit history for suspicious activity. Both credit bureaus offer credit monitoring for a modest fee, providing services such as allowing you to check your credit files every day for any fraudulent usage of your identity. To find out more about this service, see links for both credit bureaus on our Resources section.

Beware of companies that guarantee they can prevent identity theft. While you can mitigate your risk of becoming a victim and the damage after a compromise, no one can give you a 100% guarantee that you can escape. Even if you do everything right, you might still be on the wrong database at the wrong moment. Never forget, the bad guys are getting better and better at what they do and are often far ahead of the good guys.

3576 What is a fraud alert or fraud warning?

A fraud alert or fraud warning is a statement that you can place on your credit report by contacting the two major credit bureaus. It signals to potential creditors that you may be, or are at risk of being, a victim of identity theft. What you should know to place a fraud alert or warning:

With TransUnion and Equifax

  1. If you have become the victim of fraud or identity theft, you may place a Fraud Warning free of charge. This warning will also remain on your credit file for 6 years.
  2. If there is no evidence of fraud, you can still put in place a Fraud Warning, which stays on your credit file for 6 years. There is a fee of $5.00, plus additional provincial taxes, for the placement of this warning.
 
3574 How can I monitor my own credit?

You can monitor your credit by checking your credit report from both agencies at least twice a year. Under “consumer legislation”, every consumer has the right to get a copy of his or her credit report free from each of the credit reporting agencies. These agencies do not share information, so it is important to order your credit report from both in order to give you a complete picture of your current credit standing.

There are several ways for you to obtain copies of your credit reports. Refer to our “How to Order Your Credit Report” guide by clicking here.

3572 Are there laws against identity theft?

Yes. In 2010 the federal government passed Bill S-4, which created three new Criminal Code offences related to identity theft including,

  • Obtaining and possessing identity information with the intent to use the information deceptively, dishonestly or fraudulently in the commission of a crime.
  • Trafficking in identity information, an offence that targets those who transfer or sell information to another person with knowledge of, or recklessness as to, the possible criminal use of the information.
  • Unlawfully possessing or trafficking in government-issued identity documents that contain the information of another person.

All three offences carry five-year maximum prison sentences. In addition, the legislation gives courts the power to order offenders to pay restitution to a victim of identity theft as part of their sentence.

 

50 What is identity theft?

Identity theft is the misuse of another person's identifying information. In true identity theft, an identity thief uses another person's Social Security number and other identifying information to fraudulently open new accounts for financial gain. Victims may be unaware of the fraud for an extended period of time, which can allow the criminal to continue the ruse for months or even years. The criminal can use the victim's identity to work, receive medical care and commit other types of fraud. Account-takeover and credit-related fraud are common problems associated with identity theft.

 

Some examples of the many ways criminals use stolen identity information are to:     

  • Obtain credit fraudulently from banks and retailers
  • Steal money from the victim's existing accounts
  • Apply for loans
  • Establish accounts with utility companies
  • Rent an apartment
  • Obtain a job
  • Receive medical care
  • Achieve other financial gain using the victim's name
80 What is account takeover?

Account takeover occurs when an identity thief acquires a person's existing credit or bank account information and either withdraws money or makes purchases. Victims usually learn of account takeover when they check their account statements online or receive their monthly credit card or bank account statements.

79 What can I do to protect my identity?

To reduce your chance of becoming a victim, check out our Consumer Tips. Find out how to protect your Social Security card, mail, checks, passwords, online activities, and much more.

78 What can I do to protect my computer and data?

There are three main threats to the data on your computer: malicious software, network intrusion by hackers, and physical theft.

To protect your computer against viruses, spyware, worms, and Trojan Horse programs (which let hackers control your computer), you must use antivirus, anti-spyware and anti-malware software—and keep those applications up-to-date. To keep intruders out, connect to the Internet through a properly configured firewall, keep administrative names and passwords updated, set wireless networks to "no broadcast" and be sure to power down your computer when not in use. Never open an email spam or other emails from unknown sources and avoid using public computers for online banking, email account access, or other sensitive exchanges of information, as keystroke loggers, web "cookies," or cached pages may be capturing your data.

Limit access to your computer to those you truly trust, and use restrictive permission levels to protect sensitive files. Whenever possible, encrypt files containing sensitive information, including backup files. And don't forget to protect your computer against physical theft—"password protection" sounds daunting but is actually easy for a tech-savvy criminal to defeat.

Finally, beware of "phishing" and "pharming" scams, which use fake corporate email, redirected web addresses, and "cloned" corporate web pages to plant viruses and con users into providing sensitive information. Never provide identity or account information in response to an email or if you have doubts about a website's authenticity. To learn more, check out our Consumer Tips.

77 What methods do identity thieves employ?

Theft of wallets and purses was once the most common way to obtain identity documents and account information. Today, identity thieves attack virtually every area of an individual's life, wherever personal information is stored or sent. An identity thief needs only a few strategic bits of your personal information to commit identity theft and fraud. The more accounts the criminals are able to open, the more "evidence" they have that your identity belongs to them. Some of the most common methods include:
 

  • Dumpster diving in trash bins for credit card statements, loan applications, and other documents containing names, addresses, account information, and SSNs
  • Stealing mail from unlocked mailboxes to get preapproved credit offers, credit cards, utility bills, bank and credit card statements, investment reports, insurance statements, benefits documents, and tax information
  • Impersonating a loan officer, employer, or landlord to obtain access to credit files
  • Taking advantage of "insider" access to names, addresses, birth dates, and SSNs in personnel or customer files
  • Shoulder surfing when people are using laptops in public places or watching ATM transactions and public phones to capture PINs
  • "Skimming" of credit and debit card information at point-of-sale by copying the card or using a small electronic "skimmer" device
  • Tapping online sources of personal data, such as public records, fee-based information sites, and personal networking sites
  • Hacking into an organization's database to steal sensitive information
  • Purchasing fraudulent identities on the Internet or through a secondary market
76 What is debt tagging?

Debt Tagging is a term used to describe when collectors target the wrong person for a debt and append that debt to their credit files.

After years of trying to collect on a debt, collection agencies are often left with old outdated contact information. If you have a common name or one that is similar to who they are looking, your risk is higher and you could be tagged with another person’s debts.

If you are contacted and do not believe the debt is yours, ask for proof of the debt. Debt collection agencies are required under the Fair Debt Collection Practices Act to provide debtors with proof of the debt they are attempting to collect.

Next, check to see if you are covered with Identity Theft Protection by your homeowners, auto or other insurance policies. Also check with your bank, credit union or financial services or employee benefits. If you are covered, call their claims/customer service departments. 

75 What is child identity theft?

Child identity theft is true identity theft in which the victim is a minor child. Because a child (or parent acting on behalf of the child) is unlikely to request credit reports or to try to obtain credit, the theft can go undetected for a long time. In fact, the theft may not be detected until the child becomes an adult and applies for credit. If no credit report exists in your child's name, that is a good indication that your child has not been a victim. However, if you receive collection calls, statements and/or pre-approved credit offers in your child's name, your child may be a victim of identity theft.

74 What is medical identity theft?

Medical identity theft is the misuse of a person's identity to obtain health care goods and services. It is a growing crime as the trend towards electronic medical records gains momentum. Often the first time a victim gets wind of medical identity theft is when he or she receives a statement from an insurance company for services rendered. To help detect this type of theft, read all Explanation of Benefits statements you receive from your insurance company and contact the provider immediately if you see descriptions of services unrelated to your own health care. Also, watch for any unpaid medical claims on your credit report. 

73 What is synthetic identity theft?

In synthetic identity theft, instead of stealing an actual person's identity, a thief creates a fictional identity by taking pieces of information from a number of people. The thief usually starts with one victim's Social Security number and then composes a fictional identity associated with that number. Synthetic identity theft is often harder to detect than true identity theft, because accounts and other credit that is falsely obtained typically do not show up on the credit report of the victim whose Social Security number has been stolen. Since the thieves have created fictional identities instead of stealing real consumers' identities, it is most often banks that are the real victims of this type of theft because they are stuck with the bills. Beware of so-called credit repair companies that use synthetic identity theft to "erase" your credit file and create a synthetic (or fictional) identity for you. While this tactic appears to solve your credit problem, it is illegal and could create new ones down the road.

72 What is a data breach?

A data breach is a situation in which information is either lost by or stolen from an organization or individual. Financial information, medical records, customer information, and student data are all examples of information that has been accessed as a result of data breaches. The incidents can occur under a number of different scenarios. Hacked databases and stolen laptops, PDAs, USB flash drives containing sensitive information account for many breaches. More than 75% of states now legally require organizations to contact affected individuals when a data breach occurs. To stay abreast of recent data breaches, click here.

71 What are credit and fraud monitoring?

Credit monitoring involves monitoring your credit history for suspicious activity. The three credit bureaus offer credit monitoring for a modest fee, providing services such as allowing you to check your credit files every day for any fraudulent usage of your identity. To find out more about this service, see links for the three credit bureaus on our Resources section.

Fraud monitoring allows you to monitor public record databases for suspicious activity. Public record databases can show if someone has broken the law using your identity.

Beware of companies that guarantee they can prevent identity theft. While you can mitigate your risk of becoming a victim and the damage after a compromise, no one can give you a 100% guarantee that you can escape. Even if you do everything right, you might still be on the wrong database at the wrong moment. Never forget, the bad guys are getting better and better at what they do and are often far ahead of the good guys.

70 What is a fraud alert?

A fraud alert is a warning that you can place on your credit report by contacting the three major credit bureaus. It signals to potential creditors that you may be, or are at risk of being, a victim of identity theft. A fraud alert can take one of three forms—an initial alert, an extended alert and a military fraud alert:

Initial Fraud Alert — An initial alert lasts for at least 90 days. It is a precaution that can be taken in situations where you think you are at heightened risk for identity theft or that someone is currently stealing your identity, e.g., if your purse has been stolen. Placing an initial alert on your credit report requires potential creditors to use "reasonable policies and procedures" to confirm the legitimacy of your identity when it is used for credit applications. These "reasonable policies and procedures" may not always adequately protect you, however, so be sure to monitor your credit report carefully even if you've placed an initial fraud alert.

Extended Fraud Alert — An extended alert remains on your credit report for seven years. You are eligible to place this type of alert on your account if you have been the victim of identity theft and provide the credit bureaus with an identity theft report such as the one found on the FTC website.

Active Duty Military Fraud Alert — An active duty alert helps protect military personnel from identity theft. If you are a member of the military and away from your usual duty station, you may place an "active duty alert" on your credit report to help minimize the risk of identity theft while you are deployed. If you place an active duty alert, businesses must verify your identity before issuing credit in your name, which makes it harder for identity thieves to use your information to apply for credit. Active duty alerts on your report last for one year unless you request that the alert be removed sooner. If your deployment lasts longer, you may place another alert on your report.

69 What is a security freeze? Is it right for me?

A security freeze (or credit freeze) gives consumers the option to "freeze" or lock access to their credit file against anyone trying to open up a new account or to get new credit in their name. When a security freeze is in place at all three major credit bureaus, an identity thief cannot open a new account because the potential creditor will not be able to check the credit file (this is only the case if the creditor checks the credit file before extending credit). When the consumer is applying for credit, he or she can lift the freeze temporarily using a PIN so legitimate applications for credit or services can be processed. Currently 47 states and the District of Columbia have joined the legislative surge against identity theft, enacting laws that empower consumers to freeze their files.

A security freeze shouldn't be enacted without careful consideration. Before ordering a security freeze, first make sure no legitimate parties are going to require timely access to your credit (these could include cell phone companies, utility providers, or landlords, to name a few examples). Additionally, if any change is made to your personal information during a security freeze, e.g., if your address changes, the companies that would normally report this to the credit bureaus will not be able to do this—you are responsible for contacting the credit bureau and conveying any changes to your personal information. So, if you are in immediate need of credit, e.g., you are about to apply for a mortgage or need to apply for a car loan, first determine whether you will be able to handle delays resulting from the security freeze. For additional information on security freezes, visit the Consumers Union’s Guide to Security Freeze Protection.

68 How can I monitor my own credit?

You can monitor your credit by checking your credit report from all three agencies at least twice a year. Under FACTA, every consumer has the right to get a copy of his or her credit report free from each of the credit reporting agencies. Instead of getting a report from all three credit reporting agencies at once, get one from each bureau every four months (providing you with a different snapshot three times per year). To obtain your three free reports annually, do not contact the reporting agencies as you normally would. Instead, go to this website, which was set up specifically to allow consumers to receive free credit reports: www.annualcreditreport.com.

You can also monitor fraud in your medical files, on your Social Security statement, insurance claims, or in public records. To find out how to get these reports, see the links on our Resources section.

67 Are there laws against identity theft?

Yes. In 1998 Congress passed the Identity Theft and Assumption Deterrence Act (918 U.S.C.1028), which makes it a federal felony to use another person's identification with the intent to commit unlawful activity. Federal agencies such as the Secret Service, the FBI, and the U.S. Postal Inspection Service investigate suspected violations of this law; the Department of Justice handles prosecutions. Visit the FTC's website to find out more about federal and state laws governing identity theft, consumer credit and privacy and information.