| Identify theft legislation lacks teeth
28 November, 2007
By Vanessa Ho
The Canadian government recently tabled legislation
that aims to curtail online identity theft, but according
to security experts at Symantec Corp., while the legislation
will punish the criminals, it won't prevent identity
theft itself.
"Having legislation to protect consumers online
is always a good thing," said Marc Fossi, manager
of security response with Symantec Corp. "It
is just that in addition to having that you need to
take steps to protect yourself [so identity theft]
doesn't happen in the first place."
He added that one of the problems of the legislation
is that it doesn't take into account that the Internet
is global and that the person who is trying to steal
identities online isn't necessarily in Canada even
though the identity being stolen is Canadian. "They
could be located anywhere else in the world and in
a country that doesn't have any extradition agreement
with Canada so the person that stole the identity
might not be worried about any sort of legislation
that [Canada] has in place."
Rossi noted that in Symantec's recent "Internet
Security Threat Report", 22 per cent of the information
that was being traded and sold online was credit card
numbers and 21 per cent was bank account numbers.
Identities sell online for just $15 and credit card
numbers sell on the underground economy for around
$6.
One of the pitfalls that consumers continue to fall
victim are phishing attacks, especially those e-mails
that say they are from a person's financial institution,
said Rossi.
He suggested that consumers adopt a good phishing
detection application that will alert users if an
e-mail seems suspicious. As well, Rossi advised consumers
that their financial institution would never send
them an e-mail about their bank account or credit
card and if they suspect that something is wrong they
should phone their financial institution using the
number found on their bank card and not the number
in the e-mail.
Another thing that is happening is Trojans with key
loggers making its way onto users' systems that captures
a user's name and password for their online banking
and trading sites as well as e-tailers. Businesses
have also fallen victim to key loggers. As well, many
employees store sensitive and confidential information
such as financial records, customer data and e-mails
on their handheld mobile devices, a serious issue
if the PDA, smartphone or laptop is stolen. Rossi
said that having good anti-virus protection will avoid
these key logging Trojans from entering systems and
encrypting files will help in case data gets lost
or stolen.
Curtis McDonnell, a consultant with Fraser Milner
Casgrain's Employment & Labour Group, said that
if someone is caught obtaining, possessing or trafficking
in other people's identity information to commit a
crime, they could be subjected to legislation and
penalties.
"[The legislation] indicates that anyone who
commits an offence and is guilty is liable to a term
not exceeded by five years," McDonnell said.
He added that the legislation defines identity information
as being social insurance numbers, passports, birth
certificates or any other government issued documents.
McDonnell doesn't know if the legislation would put
a stop to identity theft but he believed that the
Canadian government tabled such legislation to make
people aware of the issue of ID theft and of the cost
to businesses in Canada of the fraudulent use of credit
cards and debit cards.
|
