Fact Sheets

Identity Theft Checklist

Here is a list of some of the ways you can protect your personal information and reduce the risk you will become one of the thousands of Canadians who fall victim to identity thieves each year.

Check Your Wallet

  • Remove any cards or documents not needed on a regular basis. Don’t keep a Social Insurance Number (SIN) card or birth certificate in your wallet.
  • Only carry your passport when necessary.
  • If your wallet is lost or stolen, immediately contact your credit card companies and financial institutions. Also report any missing government-issued documents such as a driver’s licence, health card or immigration documents.

Protect Your Mailbox

  • Install a locked mailbox or a mail slot that allows letters to drop inside your home.
  • When you’re away, ask a neighbour to promptly pick up your mail or instruct Canada Post to hold your mail.
  • Take note of when credit card and utility bills are supposed to arrive. If they are late, contact the credit card company or utility to ensure the bills haven’t been redirected.
  • Alternatively, reduce the number of sensitive documents mailed to your home by switching to secure online banking and bill paying to eliminate paper bills and statements.
  • Destroy any unwanted pre-approved credit card applications that arrive in the mail and instruct your bank not to mail you unsolicited convenience cheques.
  • When you move, ask Canada Post to forward your mail.

Destroy or Secure Personal Papers

  • Buy a cross-cut shredder. Use it to destroy all papers with personal or financial information, including credit card receipts, credit applications, pre-approved credit card applications, cheques, financial statements, old income tax returns and expired vehicle registration certificates.
  • Don’t leave personal information lying around at home, in your car or at work.
  • Rent a safety deposit box to store key identification documents such as SIN cards and birth certificates as well as important papers such as tax returns, diplomas and degrees, marriage certificates and insurance policies.

Computer Caution

  • Use hard-to-crack passwords with a combination of upper and lower case letters, numbers and symbols. Don’t use automatic login features that save your user name and password.
  • Never leave your laptop in the car or anywhere else it could easily be stolen.
  • When using the Internet, take advantage of technologies that enhance security and privacy, including digital signatures, data encryption, and anonymizing services. See the OPC Fact Sheet on Protecting Your Privacy on the Internet.
  • Use a personal firewall, install virus protection software and disable file-sharing software to block unauthorized access to information in your computer. Update these security features regularly.
  • When shopping or banking online, only send personal or financial information after ensuring there is a secure transaction system. Signs of a secure link between your computer and a web site include an icon of a lock or unbroken key at the bottom right corner of the screen or a web site address that begins with https://.
  • Make online purchases from reputable firms.  If you want to use a service you have not heard of, be sure to check it out first. Check its web site, call its customer service line, and read its terms of agreement and privacy policy. If you do not feel comfortable with the service, do not use it.
  • Follow your financial institution’s security advice for signing out of a web site and clearing your Internet file after online banking. (This will stop hackers from obtaining information from automatically saved Internet files.)
  • Wireless network connections are convenient, but are not secure. Do not send personal information over these airways. Disconnect or disable your Wi-Fi equipment when not in use. Before launching a Wi-Fi session, try an invalid user ID and password and don’t continue if the phoney logon gives you network access.
  • Do not reply to or click on links in any e-mail asking for your personal information. Always be suspicious of e-mails from financial institutions, Internet service providers and other organizations asking you to provide personal information online. Reputable firms never ask for personal information in this way. If you are uncertain, look up their phone number in the telephone directory and call them. Do not click on any links in the e-mail or cut and paste them into your browser - chances are the link will take you to a fake website.
  • Ensure personal information is deleted before discarding or selling a computer. Use overwrite software or destroy the hard drive because information can remain on the hard drive even after deleting files from folders.

Beware of PIN and Password Poachers

  • Choose an access code (PIN) that can’t be figured out easily. Do not use a combination that uses your name, telephone number, date of birth, address or Social Insurance Number.
  • Never write down your PIN and leave it in your wallet or other obvious place.
  • Make sure no one can see you punch in your PIN at an automated banking machine (ABM) or at a point-of-sale terminal by covering the key pad with your hand.
  • Only use ABMs located in financial institutions and businesses you are familiar with. (Criminals have set up real ABMs in order to capture card and PIN information.)
  • Never use easy-to-guess passwords such as your mother’s maiden name.
  • Ask your bank and other organizations if it is possible to require that a password be provided before any inquiries or changes can be made to your financial accounts.

Keep Your SIN Secret

  • Give your Social Insurance Number only when necessary – for example, to an employer or to a financial institution in order to open an interest-bearing account. A limited number of government departments are specifically authorized to ask for the number. You can tell anyone else that you would prefer to use other identification. See the Social Insurance Number Fact Sheet.

Be Careful with Credit Cards

  • Don't give credit card numbers on the telephone unless you are sure who you are speaking with.
  • Review all credit card and bank statements as soon as you receive them so discrepancies can be reported promptly.
  • Keep a list of all credit card numbers and expiry dates in a safe place so that you can quickly notify credit card companies about lost or stolen cards.
  • Pay attention to credit card expiry dates. If a replacement card doesn’t arrive, contact the credit card company to ensure it hasn’t been stolen from the mail or re-directed to another address.
  • Cut up any credit or debit cards that are expired or that you don’t use.

Be Wary on the Phone

  • Don’t give personal information to anyone who phones unless you can confirm they are from a legitimate company. Be especially wary of anyone making too-good-to-be-true offers or asking for bank account numbers or PIN numbers. (Police and officials at financial institutions never ask for PIN numbers.) Hang up if you feel pressured.
  • Never provide your credit card number unless you initiated the call.
  • Do not use a cellular or cordless telephone to do telephone banking.

Verify Credit Reports

  • Ask for a copy of your credit report from major credit bureaus once a year to ensure they are accurate. Reports include the bureau’s information about your credit history and finances as well as a list of who has asked for that information. They can also show whether anyone has applied for credit using your name.
  • Reports are available at no cost from each credit bureau once a year. You can stagger the time at which you ask for reports to provide for more frequent reviews. For example, they could ask for a report from one bureau in the spring, and one from another bureau in the fall.

Be Vigilant

  • Use caution when sharing personal information. When asked to provide personal information, ask how it will be used, why it is needed, who will be sharing it and how it will be protected.

March 2007