Pr

1
Identity Theft How to Protect your Clients
A PARTNER YOU CAN TRUST.
Stuart Crawford, CLU, Director of Sales,
Ontario
2
I.A. Update

• Founded in 1892, Industrial Alliance and
  Financial Services Inc. is a life and health
  insurance company that operates in the insurance
  and financial services sectors.
• The fifth largest life and health insurance
  company in Canada, Industrial Alliance group
  which has operations in a number of financial
  services sectors. In particular, I.A. has
  subsidiaries in the following sectors life and
  health insurance ( I.A. Pacific Insurance and
  Financial Services Inc. and The Excellence Life
  Insurance Company), mutual fund management (I.A.
  Clarington Investments Inc.), mutual fund
  brokerage (Investia Financial Services Inc. and
  FundEX Investment Inc.)

3
Consider these Sobering Facts

• According to the Federal Trade Commission, 1 out
  10 people will be a victim.
• It is estimated 9 million people this year will
  have their identity stolen.
• The FCC lists 5 areas of identity theft
• Drivers license
• Social security
• Character identity theft
• Medical identity theft
• Credit identity theft

4

• Americans write 39 billion cheques a year, and
  half of these folks never reconcile their bank
  statements
• Consider Cheques bare your name and address and
  maybe your phone number. It also has the full
  name and address of the bank where the cheque is
  drawn and your account number.
• A social security number costs 49.00 on the
  black market. A drivers license goes for 90.00.
  A birth certificate will set you back 79.00.

5

• IDENTITY FRAUD
• Struck 1.7 million Canadians in 2007
• The average number of hours victims spend
  repairing the damage caused by identity theft and
  fraud is 330 hours.
• Canada is ranked 2nd in the world in terms of
  malicious attacks on the internet.

6

• Some stories I uncovered doing some research
  myself.
• Someone could
• Open a new phone or wireless account in your name
  and run up charges on your existing account.
• Open a bank account in your name and write bad
  cheques.
• Use your name and SIN number to obtain
  government benefits.
• Give your personal information to police during
  an arrest, when they dont show up for their
  court date, a warrant for arrest is issued in
  your NAME!

7
Agenda

• Identity Theft An Overview
• Common Techniques Latest Scams
• Why Identity Theft Occurs
• Investment fraud Scams
• Help Protect Your Clients Yourself
• What to do if Victimized

8
How Worried Are Your Clients?
77 of Canadians are VERY or somewhat concerned
about becoming a victim of identity theft in the
future 15 of Canadians have had their credit
card used fraudulently 14 of Canadians have
been the victim of a phishing scam
You can help.
Ipsos Reid November 22, 2005
9
Know the TermsIdentity Theft
Identity Theft - Involves the theft of financial
or personal information with the intent of
establishing another person's identity as their
own A woman was charged after obtaining a
fraudulent driver's license, using the license
to withdraw more than 13,000 from the victim's
bank account, and obtaining five department
store credit cards in the victim's name and
charging approximately 4,000 on those cards
U.S Department of Justice
10
Identity Fraud

• Identity Fraud - More common - involves
  financial or other personal information being
  stolen to make purchases or gain access to
  financial accounts
• June 2005 CardSystems Solutions Inc, a firm
  that processes credit card transactions for
  MasterCard, Visa, American Express, and
  Discover, reported that hackers had stolen 40
  million credit card numbers

Identity Theft Revisited Security is Not Enough,
September 2005, Privacy Commissioner of Ontario
11
Identity Theft An Overview
Identity theft is one of the fastest growing
crimes in North America A fresh identity is
stolen every four seconds Criminals dont have
to be high tech Machines to copy and clone
customers' personal information on credit cards
and debit cards can be bought on the Internet
for as little as 400
The Economist March 23, 2007
12
Critical Information at Risk
Armed with enough personal data, identity
thieves can take on many different financial
personas. Information and Privacy
Commissioner, 2005
13
What the Criminals Are Doing
Source Ipsos-Reid February, 2005 (based on the
responses from 1001 Canadians)
14
Common Tricks and Techniques

• 1.Theft of payment cards and documents
• Stealing a wallet or purse
• Credit card information you provide in person or
  over the telephone during a purchase
• Filling out a change of address form to get all
  your bills sent to another address
• 2. Shoulder Surfing the use of direct
  observation techniques, such as looking over
  someone's shoulder, to get information
• Memorizing numbers quickly, as you type them
• May carry a small camera designed to record your
  key strokes

Report on Identity Theft Keeping Canadians Safe,
Public Safety Canada
15
The Latest Scams - Database Theft

• Theft from Company or Government databases

• January 2007 - Account information for 470,000
  CIBC Talvest Mutual Fund customers was lost when
  a computer file went missing in transit
• April 2006 - The Bank of Canada reimbursed
  100,000 to Canada Savings Bonds investors
  victimized by thieves who used personal
  information in a CSB database to cash bonds
• May 2005 - The U.S. Department of Justice
  reported the theft of a laptop computer
  containing travel account and credit information
  for as many as 80,000 Justice employees - the
  data on the laptop was not protected by a
  password

Report on Identity Theft Keeping Canadians Safe,
Public Safety Canada
16
The Latest Scams - Phishing

• Phishing occurs when criminals posing as
  legitimate business institutions and government
  agencies send unsolicited e-mails in an attempt
  to gather personal, financial, and sensitive
  information
• E-mails supposedly from the Internal Revenue
  Service have been used to retrieve sensitive data
  from U.S. taxpayers
• An email, from PayPal, claims that the
  recipients account has been subject to
  fraudulent activity and directs the individual to
  call a phone line to confirm their credit card
  details
• Spear phishing describes any highly targeted
  phishing attack where the victims are known to
  have a relationship with the mimicked sender
• In 2004, students and friends of a university
  professor were receiving emails from him that he
  never wrote

PC World Magazine Threat Alert Spear Phishing
17
Phishing - How Common Is It?

• 24 of Canadians have received phishing
  identity theft attempts
• The success rate for Phishers is staggering
• Phishers can replicate web sites so well that an
  estimated 3 - 5 of recipients will unknowingly
  furnish Phishers with personal data

Ipsos Reid November 22, 2005
18
Targets of Phishing Scams

• Most targeted Industries Sectors in Q2 2008
  Financial Services continues to be the most
  targeted industry.
• An increase in attacks towards social networking
  sites such as My Space and Facebook.

Anti Phishing Working Group June 2008
19

• FACEBOOK The New Link to Identity Theft
• Research shows that 41 of facebook users will
  divulge personal information such as, e-mail
  address, date of birth and phone number to a
  complete stranger.
• In most cases, it was possible to access users
  family photos, (info about likes/dislikes,
  hobbies, employer details and other personal
  facts all information that could help a criminal
  guess someones password or impersonate them.
• e-crime September 2007

20

• Preventative Tips from FACEBOOK INC.
• Be suspicious of anyone ---- even friends ----
• Choose a strong password and use unique
  credentials for each of your web accounts.
• Use an up-to-date browser that features an
  anti-phishing blacklist.
• Use and run anti-virus software on your
  computer.

21

• Countries Hosting Phishing Sites in Q2 2008
• United States 18.93
• Turkey 17.92
• Poland 13.56
• Greece 6.86
• China 5.87
• Russia 4.28
• France 2.48
• Rep. of Korea 2.38
• Bulgaria 2.28
• United Kingdom 2.16
• Anti-phishing working group 2008

22
The Latest Scams - Skimming

• Skimming is a high-tech method by which thieves
  capture your personal or account information
  using an electronic device
• This can happen in an instant, without the owner
  of the card being aware of the theft.
• In 2004, thieves in Calgary duplicated the debit
  cards of 35 ATM users within an hour.
• Dozens of people had their bank accounts
  cleaned out after they used machines at two
  variety stores on one of the city's most popular
  strips - Queen Street West near John Street.
• CTV News August 9, 2006

About.com Identity Theft Skimming
23
Financial Impact for Canadians

Phonebusters Identity Theft Statistics January
2007
24
The Price of Your Identity

• A single credit card can sell for between 40
  U.S. to 5 while a block of 250 numbers sells for
  100 (CBC May 23, 2002)
• A complete identity package, including a
  permanent resident card (or green card) and a
  social security card, goes for 150 and takes
  about 40 minutes to deliver
• In Alberta, a thief sold debit and credit card
  information acquired by skimming and charged
  100.00 for each skimmed card and realized a
  total profit of over 117,000 before he was
  caught

25
Why Identity Theft Occurs

• The single largest cause of identity theft is
  poor information management at various
  organizations.
• 70 of all identity theft can be traced to leaks
  that occur within organizations.
• Employees who accept bribes or who steal
  customer information on behalf of organized
  crime.
• Discarded computers that were not erased.

Working Together to Prevent Identity Theft
July 2005
26
PASSWORDS Dont let yours be hacked!

• Most people use the same username and password
  across multiple web sites, this opens the doors
  for identity thieves .
• According to PCMag, most commonly used passwords
  are
• Password
• 123456
• qwerty
• Abc123
• Letmein
• Monkey
• Myspace1
• Link182
• (your first name)
• Exercise caution when creating passwords use
  special characters such as,
• (! _at_ (gt) ?)
• Use at least 8 characters
• Example prog13

27
Investment Fraud Scams

• Definition Investors get big, secure returns
  on their cash, only because other investors come
  into the frame to pay the previous investors
  return. The moment people start taking out
  money, it all falls apart.
• Description for this type of scam Ponzi
  Scheme.
• Named after Charles Ponzi (Mar 3, 1882- Jan 18,
  1949).
• One of the greatest swindlers in American
  history.
• Promised clients a 50 profit within 45 days, or
  100 within
• 90 days by buying discounted postal reply
  coupons.
• At one point he was making 250,000 per day.
• His downfall started by a series of articles in
  the Boston Post by Charles Barron who published
  the Barrons financial paper.

28

• On August 12, 1920 Federal agents arrested
  Ponzi, auditors revealed Ponzi was 3 million in
  debt. Investors received less than 30 cents on
  the dollar.
• Ponzi spent 3 ½ years in Federal prison and 9
  years in State prison.
• He spent the last years of his life in poverty.
  Died in a charity hospital in Rio de Janeiro at
  age 66.
• Recent Scams
• 50 billion Ponzi scheme masterminded by former
  Nasdaq chairman
• Bernie Madoff.
• Again the lure of easy money outstripped
  suspicions raised by Madoffs shroud of secrecy.
• Once markets tumbled on Wall Street and
  investors withdrew, it all collapsed like a house
  of cards.

29
Targeted Victims of Ponzi Schemes

• Clients who have been in other, legitimate
  business activities accountants, financial
  planners, investment bankers, brokers, etc.
• Friends, family members, and business associates
  of targeted victims.
• If it sounds too good to be TRUE...

30
Help Your Clients Protect Themselves

• Despite best efforts of organizations, the
  advent of
• the Privacy Act, and growing awareness
  surrounding
• the issue breaches can occur
• How can you help your clients?

31
Steps to Minimizing Individual Risk

• Remind your clients of the obvious precautions
• Do not click on a link in an e-mail when you are
  not sure of its legitimacy, even if it looks
  genuine
• Avoid e-mailing personal and financial
  information
• Install the latest anti-virus and firewall
  applications to your computer
• Never open e-mail attachments from unknown
  sources and delete the e-mail in question
  immediately
• Regularly review your account statements

Public Safety Canada Canadian Government
32
Guarding Against Fraud - Recommend your clients

• Sign their cards as soon as they arrive
• Carry their cards separately from your wallet
• Keep a record of their account numbers, their
  expiration dates, and the phone number and
  address of each company in a secure place
• Keep an eye on their card during the
  transaction, and get it back as quickly as
  possible
• Void incorrect receipts

Public Safety Canada Canadian Government
33
Guarding Against Fraud - Recommend your clients

• Destroy carbons
• Save receipts to compare with billing statements
• Open bills promptly and reconcile accounts
  monthly
• Report any questionable charges promptly and in
  writing to the card issuer
• Notify card companies in advance of a change in
  address

Public Safety Canada Canadian Government
34
Guarding Against Fraud - Urge your clients not
to

• Lend their card(s) to anyone!
• Leave cards or receipts lying around
• Sign a blank receipt - when they sign a receipt,
  draw a line through any blank spaces above the
  total
• Give out their account number over the phone
  unless they are making the call to a company they
  know is reputable
• If they have questions about a company, check it
  out with the local consumer protection office or
  Better Business Bureau

Public Safety Canada Canadian Government
35
Ensure Your Clients Protect Their Documents

• Do not leave pieces of mail lying around their
  residence or work site
• Shred or otherwise destroy credit card receipts,
  bills and related information when no longer
  needed
• Avoid keeping a written record of your bank PIN
  number(s), social insurance number and computer
  passwords, and never carry these details with
  them
• Never leave receipts at bank machines, in
  trashcans, or at unattended gasoline pumps

Public Safety Canada Canadian Government
36
Additional Reminders

• Never provide personal information such as SIN,
  date of birth, credit card numbers, or PIN over
  the telephone unless they initiate the call
• Avoid ATMs that have messages or signs fixed to
  them indicating that the screen directions have
  been changed, especially if the message is posted
  over the card reader
• Stand close to the ATM and shield the keypad
  with their hand (they may wish to use the knuckle
  of your middle finger to key in the PIN)

Public Safety Canada Canadian Government
37
Warning signs of identity theft

• Monitor financial and personal information for
• Unexplained new accounts and debts
• Inaccurate information on your credit reports
• Failing to receive bills or other mail
• Receiving credit cards that you didn't apply for
• Being denied credit, or offered less favourable
  credit terms
• Getting calls or letters about merchandise you
  didn't buy

Federal Trade Commission
38
Ten Steps to Prevent Identity Theftfrom Frank W.
Abagnale author of Stealing Your Life

• Check your Credit Report It does not matter if
  you earn 10,000 or 10 million, this is the best
  self-protecting technique.
• Dont give out your SIN Its your number. If
  your payroll department needs it, okay. Ask
  others why they need it.
• Protect your Computer Use a secure wireless
  connection to access the internet. If you have a
  child who downloads music/games it could infect
  your computer with spyware. Perhaps they could
  use a separate computer, not the one you use for
  on-line banking.

39

• 4) Keep Track of Billing Cycles Keep a little
  list
• of what bills you are expecting each month
  and
• check them off when they arrive.
• 5) Examine your Financial Statements Examine
  every charge to root out errors or fraud.
• 6) Guard your Mail from Theft Pick up your mail
  as soon as possible after it is delivered. If
  youre on vacation, ask one of your neighbours to
  pick it up or call the post office to HOLD.

40

• 7) Invest in a Shredder A must have in every
  home. More important than a dishwasher? Use a
  cross-cut shredder which reduces the paper to
  confetti.
• 8) Practise Safe Shopping Shop only from secure
  sites that will encrypt your order information
  and your credit card number before sending them
  to a merchant.
• 9) Avoid Sketchy ATMs Avoid hotel lobbies and
  convenience stores. Stick to secure bank ATMs.
• 10) Be Suspicious of Unexpected Calls or Letters
  Indulge in some healthy paranoia, especially
  when someone calls or e-mails and asks for
  personal information.

41
Theft-Proofing - Tips for Advisors

• Create a document or employee handbook that
  covers use, storage and handling of client data
  and information.
• Only collect essential data and obtain consent
  for all information collected.
• Encrypt data on networks, laptops and remote
  access devices.
• Update security software frequently.
• Save files to networks not hard drives.

42

• Use locks, alarms and video cameras.
• Conduct employee background checks and terminate
  network/office access when employees leave the
  organization.
• Limit access to sensitive data, both through
  physical partition and security clearance.
• Use scrubbing software or destroy hard drives
  shred all sensitive documents.
• Prepare a strategy to manage a breach.
• Source The Consumer Measures Committee

43
What to do if Victimized

• Immediately report the crime to the police
• Cancel all your cards and accounts, and open new
  ones
• Advise all businesses with whom you have a
  relationship
• Contact the Post Office if you suspect a
  fraudulent change of address
• Consider telling your employer, as an added
  precaution
• Document all the steps you have taken

Public Safety Canada Canadian Government
44
Resources for Victims of ID Theft

• PhoneBusters National Call Centre (PNCC)
• Ontario Provincial Police Anti-Rackets Toll
  Free  1-888-495-8501 Email 
  info_at_phonebusters.com Web   www.phonebusters.co
  m
• Credit Reporting Agencies
• Place fraud alerts on your credit reports by
  contacting the credit bureaus that operate in
  Canada
• Equifax Canada
• Request a personal credit report
• Report fraud 1-800-465-7166  Web
  www.equifax.com/EFX_Canada
• Trans Union Canada
• Request a personal credit report
• Report fraud 1-877-525-3823 Web www.tuc.ca

Public Safety Canada Canadian Government
45
Summary

• This is a critical time for you to take the
  opportunity to review and improve your clients
  security practices.
• Phishing is a problem that will be around for the
  foreseeable future - techniques are constantly
  mutating and phishing schemes continue to
  proliferate because they continue to work.
• Stay alert to the signs of identity theft and be
  proactive in protecting your clients, yourself,
  and your family.