Identity Theft FAQ

Identity theft is the misuse of another person's identifying information. In true identity theft, an identity thief uses another person's Social Insurance number and other identifying information to fraudulently open new accounts for financial gain. Victims may be unaware of the fraud for an extended period of time, which can allow the criminal to continue the ruse for months or even years. The criminal can use the victim's identity to work, receive medical care and commit other types of fraud. Account-takeover and credit-related fraud are common problems associated with identity theft. Some examples of the many ways criminals use stolen identity information are to:

• Obtain credit fraudulently from banks and retailers
• Steal money from the victim's existing accounts 
• Apply for loans
• Establish accounts with utility companies
• Rent an apartment
• Obtain a job
• Receive medical care
• Achieve other financial gain using the victim's name

Account takeover occurs when an identity thief acquires a person's existing credit or bank account information and either withdraws money or makes purchases. Victims usually learn of account takeover when they check their account statements online or receive their monthly credit card or bank account statements.

To reduce your chance of becoming a victim, check out our Consumer Tips. Find out how to protect your Social Insurance card, mail, checks, passwords, online activities, and much more.

There are three main threats to the data on your computer: malicious software, network intrusion by hackers, and physical theft.

To protect your computer against viruses, spyware, worms, and Trojan Horse programs (which let hackers control your computer), you must use antivirus, anti-spyware and anti-malware software—and keep those applications up-to-date. To keep intruders out, connect to the Internet through a properly configured firewall, keep administrative names and passwords updated, set wireless networks to "no broadcast" and be sure to power down your computer when not in use. Never open an email spam or other emails from unknown sources and avoid using public computers for online banking, email account access, or other sensitive exchanges of information, as keystroke loggers, web "cookies," or cached pages may be capturing your data.

Limit access to your computer to those you truly trust, and use restrictive permission levels to protect sensitive files. Whenever possible, encrypt files containing sensitive information, including backup files. And don't forget to protect your computer against physical theft—"password protection" sounds daunting but is actually easy for a tech-savvy criminal to defeat.

Finally, beware of "phishing" and "pharming" scams, which use fake corporate email, redirected web addresses, and "cloned" corporate web pages to plant viruses and con users into providing sensitive information. Never provide identity or account information in response to an email or if you have doubts about a website's authenticity. To learn more, check out our Consumer Tips.

Theft of wallets and purses was once the most common way to obtain identity documents and account information. Today, identity thieves attack virtually every area of an individual's life, wherever personal information is stored or sent. An identity thief needs only a few strategic bits of your personal information to commit identity theft and fraud. The more accounts the criminals are able to open, the more "evidence" they have that your identity belongs to them. Some of the most common methods include:

• Dumpster diving in trash bins for credit card statements, loan applications, and other documents containing names, addresses, account information, and SINs
• Stealing mail from unlocked mailboxes to get preapproved credit offers, credit cards, utility bills, bank and credit card statements, investment reports, insurance statements, benefits documents, and tax information
• Impersonating a loan officer, employer, or landlord to obtain access to credit files
• Taking advantage of "insider" access to names, addresses, birth dates, and SINs in personnel or customer files
• Shoulder surfing when people are using laptops in public places or watching ATM transactions and public phones to capture PINs
• "Skimming" of credit and debit card information at point-of-sale by copying the card or using a small electronic "skimmer" device
• Tapping online sources of personal data, such as public records, fee-based information sites, and personal networking sites
• Hacking into an organization's database to steal sensitive information
• Purchasing fraudulent identities on the Internet or through a secondary market

Debt Tagging is a term used to describe when collectors target the wrong person for a debt and append that debt to their credit files.

After years of trying to collect on a debt, collection agencies are often left with old outdated contact information. If you have a common name or one that is similar to who they are looking, your risk is higher and you could be tagged with another person’s debts.

If you are contacted and do not believe the debt is yours, ask for proof of the debt. Debt collection agencies are required under provincial Consumer Protection legislation to provide debtors with proof of the debt they are attempting to collect.

Next, check to see if you are covered with Identity Theft Protection by your homeowners, auto or other insurance policies. Also check with your bank, credit union or financial services or employee benefits. If you are covered, call their claims/customer service departments. 

Child identity theft is true identity theft in which the victim is a minor child. Because a child (or parent acting on behalf of the child) is unlikely to request credit reports or to try to obtain credit, the theft can go undetected for a long time. In fact, the theft may not be detected until the child becomes an adult and applies for credit. If no credit report exists in your child's name, that is a good indication that your child has not been a victim. However, if you receive collection calls, statements and/or pre-approved credit offers in your child's name, your child may be a victim of identity theft.

Medical identity theft is the misuse of a person's identity to obtain health care goods and services. Often the first time a victim gets wind of medical identity theft is when he or she receives a bill for services they did not receive. Other signs include non-familiar medical notes or mistakes in your medical record. If you are told that you have reached your benefit limit on your health insurance plan or you are denied disability insurance, you could also be a victim.To help detect this type of theft, you should check your medical files, through your physician, for fraudulent activity at least once a year. You can also obtain a copy of your “Statement of Benefits” from your provincial or territorial ministry of health, which would provide a summary or listing of all services received through your health card. Contact the provider immediately if you see descriptions of services unrelated to your own health care. The consequences of medical identity theft can potentially be disastrous for the victim of identity theft.

In synthetic identity theft, instead of stealing an actual person's identity, a thief creates a fictional identity by taking pieces of information from a number of people. The thief usually starts with one victim's Social Insurance number and then composes a fictional identity associated with that number. Synthetic identity theft is often harder to detect than true identity theft, because accounts and other credit that is falsely obtained typically do not show up on the credit report of the victim whose Social Insurance number has been stolen. Since the thieves have created fictional identities instead of stealing real consumers' identities, it is most often banks that are the real victims of this type of theft because they are stuck with the bills. Beware of so-called credit repair companies that use synthetic identity theft to "erase" your credit file and create a synthetic (or fictional) identity for you. While this tactic appears to solve your credit problem, it is illegal and could create new ones down the road.

A data breach is a situation in which information is either lost by or stolen from an organization or individual. Financial information, medical records, customer information, and student data are all examples of information that has been accessed as a result of data breaches. The incidents can occur under a number of different scenarios. Hacked databases and stolen laptops, PDAs, USB flash drives containing sensitive information account for many breaches.

Credit and fraud monitoring involves monitoring your credit history for suspicious activity. Both credit bureaus offer credit monitoring for a modest fee, providing services such as allowing you to check your credit files every day for any fraudulent usage of your identity. To find out more about this service, see links for both credit bureaus on our Resources section.

Beware of companies that guarantee they can prevent identity theft. While you can mitigate your risk of becoming a victim and the damage after a compromise, no one can give you a 100% guarantee that you can escape. Even if you do everything right, you might still be on the wrong database at the wrong moment. Never forget, the bad guys are getting better and better at what they do and are often far ahead of the good guys.

A fraud alert or fraud warning is a statement that you can place on your credit report by contacting the two major credit bureaus. It signals to potential creditors that you may be, or are at risk of being, a victim of identity theft. What you should know to place a fraud alert or warning:

With TransUnion and Equifax

1. If you have become the victim of fraud or identity theft, you may place a Fraud Warning free of charge. This warning will also remain on your credit file for 6 years.
2. If there is no evidence of fraud, you can still put in place a Fraud Warning, which stays on your credit file for 6 years. There is a fee of $5.00, plus additional provincial taxes, for the placement of this warning.

You can monitor your credit by checking your credit report from both agencies at least twice a year. Under “consumer legislation”, every consumer has the right to get a copy of his or her credit report free from each of the credit reporting agencies. These agencies do not share information, so it is important to order your credit report from both in order to give you a complete picture of your current credit standing.

There are several ways for you to obtain copies of your credit reports. Refer to our “How to Order Your Credit Report” guide by clicking here.

Yes. In 2010 the federal government passed Bill S-4, which created three new Criminal Code offences related to identity theft including,

• Obtaining and possessing identity information with the intent to use the information deceptively, dishonestly or fraudulently in the commission of a crime.
• Trafficking in identity information, an offence that targets those who transfer or sell information to another person with knowledge of, or recklessness as to, the possible criminal use of the information.
• Unlawfully possessing or trafficking in government-issued identity documents that contain the information of another person.

All three offences carry five-year maximum prison sentences. In addition, the legislation gives courts the power to order offenders to pay restitution to a victim of identity theft as part of their sentence.