To the point
Currently, some financial institutions are making headlines about leaks of their customers' personal data. While we should not be overly alarmed by this situation, it is nevertheless advisable to respect these few rules of caution about sharing personal data.
Our rules of caution regarding personal data
Let’s face it: what’s happening right now with personal data leaks won’t stop me from travel hacking.
In fact, for years now, computer systems for years now spreading our personal data all over the place.
Sometimes it’s Marriott that loses information – such as passport numbers – affecting up to 500 million customers, sometimes it’s Equifax… then Desjardins or more recently Capital One.
Since the rise of the Internet in the early 2000s, there have been nearly 300 massive data leaks (each affecting several million people) according to this Wikipedia census.
All this doesn’t prevent me from applying to credit cards (which allows me to save hundreds or even thousands of dollars every year thanks to all these little tricks).
But these various pieces of news allow me to remind you of a few rules of caution when it comes to personal data!
Information given to financial institutions
When applying for a credit card, we agree to disclose certain personal information.
To extend credit to you, the financial institution will need to identify you in order to verify the information transmitted through the credit bureau.
Technically, to identify us, the institution will need information such as:
- our first and last name
- our date of birth
- our address
Then, in order to give us credit, the institution will need to know:
- our income (salaries, investments…)
- our past and present jobs
Either the institution will rely on what we say (or what our credit report reveals about us), or it will ask us for proof (and/or may call our employer).
How do the banks protect us?
Financial institutions all act in different ways to protect US. They can, for example:
- ask for many supporting documents (pay stubs, identity papers…)
- ask us to come to our branch (to withdraw or activate a credit card )
- call us and ask us a few more questions (to make sure it matches our credit report)
In-branch activation
We would all like to receive our credit cards in the mail and be able to activate them online.
However, some institutions such as BMO, CIBC, Scotia or TD will often ask us to visit their branches.
This is a protective measure: it is much more difficult for an identity thief to present false documents in person… than it is to answer a few questions online!
Here’s an example from Radio-Canada:
BMO Bank of Montreal reported the case of a Sherbrooke man arrested earlier this month after he went to one of their counters to obtain a credit card with a stolen identity, possibly from Desjardins.
“The employee could feel that something was wrong, explained the Sherbrooke Police Service on Radio-Canada. He did further research and realized that the identity on the cards was the subject of an Equifax alert.”
Validation in two steps
Most banks have moved to 2-step identification.
That is to say, in order to access your bank/credit card accounts, it will be necessary to:
- login with your username and password
- AND validate this access through a code received by phone or through an authentication application
This 2-step identity validation is often optional, as it complicates access to accounts (especially when abroad).
But it is a particularly effective way to protect access to your accounts…. and data!
Monitor Credit cards Statements Online
Banks are pushing for you to accept electronic statements (instead of paper statements). Certainly one of the objectives is to save paper and shipping costs.
But it also removes an important loophole: bank mail.
In addition, it encourages us to check our accounts online, rather than waiting for the monthly statement. This way, we will be aware of a possible problem with our accounts/credit cards much faster!
Credit card payment protection
In case of fraudulent use of our credit card, WE ARE NOT RESPONSIBLE.
Visa, Mastercard and American Express have a “zero liability” policy for unauthorized transactions. This means that customers using credit cards issued by banks are NOT responsible for fraudulent transactions.
You’ll have to:
- contact the bank
- have Equifax and Transunion place a fraud alert on your account.
The banking institution:
- will freeze the credit card
- will investigate
- will re-credit the amounts improperly withheld
- will issue a new card
Information given to loyalty programs
The loyalty programs we all know about (AIR MILES, Aeroplan, Marriott Bonvoy…) feed off the information you give them.
We “play” with this, since these different programs offer us points… to find out a little more about our consumption habits (purchases made, hotels we stay in, trips made…).
But do we really need to answer their various surveys asking for information like:
- the composition of our household (number of children, ages…)
- our personal/family income
- the type of house we live in
- the make of our car
- your mother’s maiden name
- our passport or driver’s license number
- …
Of course not!
Information disclosed on social networks
Social networks (Facebook, Twitter, Instagram…) have invaded our lives… at the risk of causing problems for our personal data.
Personal details
It often happens that we share too much information. For example, it is not very difficult to find information like:
- Date of Birth
- Names of relatives (mother, father, brother, sister…)
- Names of pets
- Elementary or secondary school
- Colour of our car
- Important dates (graduation, wedding…)
All of which are often the answers to questions about resetting passwords!
Travel dates and holiday photos
In the excitement of the big departure: we announce it on Facebook to our friends by “tagging” each other at the airport or at our destination, or by sharing photos at the other end of the world.
What you do/say online… could have repercussions at home! Think about it!
Information thrown away
In recent months, financial institutions have been obliged, by new legislation, to send us many documents that often include our account numbers (bank, credit cards…).
You must be very careful when putting these documents away for recycling… someone malicious could take a look at them!
Check your credit report regularly
I repeat it every time it comes up: you must regularly check your credit report. At least once a year!
Here, we are not talking about the score as such, but about the information contained in the file (open and closed credit lines…).
You can request a credit report for free, once a year!
Change your passwords regularly
Finally, there is a basic rule that is often not respected: the regular changing of passwords (bank accounts) and PINs for your credit/debit cards.
However, for passwords, there are nowadays many tools to protect them or to create complex passwords such as 1Password, LastPass…
In short, the tools exist: jusr try to use them as regularly as possible!
Conclusion
No, recent data leaks occurrences don’t scare me much. As I said in my introduction, it’s been more than 20 years since computer failures happened: a lot of our data is ALREADY in the wild.
As a member of the Facebook group pointed out: travel hackers are generally better informed than most members of the public and are often much more vigilant (both in their cards applications and in their personal finances).
In short: let’s not get overly paranoid… but always be careful!
