Call today! 1 866 3 NYMITY
Username: Password:
Nymity News
Nymity logo
Home About Us

Interview with Jacques bois

December 2006

 

Interviewee: Jacques Bois, Detective Staff Sergeant, ID Crimes & Forgery Investigations, Anti-Rackets Section, Ontario Provincial Police

 

Interviewer: Terry McQuay, President of Nymity


Subject: Identity Crimes

 

Nymity: Jacques, at the recent CMA conference you indicated that true identity "theft" is rare. Please explain.

 

Bois: There is currently no standardized definition for Identity Theft. As such, it is a term that is often “loosely” applied to capture a number of offences – rendering the ability to accurately reflect its true impact difficult at best. For example, “skimming” (i.e. the capture and reproduction of the information contained on the magnetic stripe of a payment card) is often considered an identity theft by some when, in reality, the offence is captured under the Criminal Code of Canada as a credit card forgery.

 

True cases of identity theft – referring to the reproduction of a person’s life and / or personal identifiers by someone who then pretends to be that person for an extended period of time are rare.

 

What is much more prevalent, are identity crimes – whereby someone’s personal information is obtained and utilized by a criminal to mask his / her true identity for a specific reason – generally the commission of another criminal offence.

 

Nymity: What are the main reasons for identity crimes?

 

Bois: Identity Crimes are generally committed for one of three main reasons:

a) Financial Gain

    • Criminals obtain credit cards, loans, lines of credits, mortgages, etc … under assumed names

b) Benefit Entitlement

    • Criminals obtain private and government benefits they are not entitled to – from health care and dental work, to social benefits.

c) Access to Sovereign Nations

    • Criminals attempt to travel in and out of countries incognito under assumed name.
Nymity: From a corporate perspective, what are the risks related identity crimes?


Bois: Corporations are at risk on a number of fronts:

 

Collusive Employees

Some employees will, over time, begin stealing files and the personal data of employees or clients. These employees may have been approached or coerced in doing so by someone else or they may have obtained employment within the company for that specific purpose.  Corporations should conduct thorough background checks on prospective employees, and ensure that a system of checks and balances is in place to monitor employee actions and what data they have access to.

 

In some police investigations, it was determined that the collusive employee had been provided with passwords and access to files generally restricted to that employee in order to “expedite matters” and because he or she “was trusted”. This is certainly not to suggest that employees should be viewed as anything but trustworthy, but, where a system of checks and balances exist, it should be followed. And where none exist, one needs to be created.

 

At a minimum, corporations should ensure that all access to electronic data is automatically logged so that, in case of a breach, it might be much easier to determine who accessed the information and when.

 

Impostors
These criminals will attempt to gain access to your work environment on the premise of being there to repair equipment or for a flurry of other possible reasons. As soon as access is granted, these individuals will record or steel any information they can get access to.

 

Corporations should ensure that someone within the company can confirm the legitimacy of any such request for access. Furthermore, if this person will be working from an area that is either “sensitive” or from where he or she can gain access to personal information, an employee should be designated to oversee that person’s work and movement.

 

Hacking
What is protecting the corporation’s electronic data from outside intrusion? Are these measures reviewed periodically an improved as required?

What if someone was to break into the corporation when no one was present? What would that person have access to? What personal information is kept by the corporation – and why?

 

Dumpster Diving
Criminals will not hesitate to pick up a corporation’s trash. What personal information is being thrown out? Any personal information about clients or employees?

 

All documents that contain any personal information should be shredded before being disposed of.


In order to assess their risks, corporations need to be asking the same question the criminals are seeking to answer themselves: “What or where is the weakest link?”  The answer to that question will dictate what the criminal will probably attempt to breach first.

 

Nymity: What are the "quick wins" or key measures for corporate Canada to address risks related to identity crimes?


Bois: Corporations need to proactively examine their infrastructure and take some of the precautions identified to reduce their risk of exposure, be in a better position to identify the point of compromise if it occurs, and, hopefully, reduce the impact of the breach.


Nymity: What is the risk of a lawsuit or legal action for an organization that has lost the information used for identity crimes?


Bois: The risk of litigation is increasing. Corporations will need to demonstrate to the Courts that they took “reasonable” precautions in protecting the information from being lost or stolen. What constitutes “reasonable” will be determined by the Courts and the specific facts surrounding the breach.

 

In addition to the actual theft or lost personal information, the corporation’s actions following the breach may also be called into question. There is no doubt that a corporation’s image may be tarnished by the lost or theft of personal data. In a bid to avoid this negative criticism, some corporation may decide not to disclose this breach to the individuals who are determined to be at risk as a result of the incident.

 

However, I would suggest that it would stand to reason that the corporate image might be damaged to a much greater degree if it becomes known that people were determined to be at risk and never notified. It may also be reasonable to assume that such a decision may, on its own merit, lead to an increase risk of a lawsuit.

 

Accountability is key.


Nymity: In closing, what risks are looming for corporate Canada and do you see the rates of identity theft increasing?


Bois: There is no doubt that incidents of identity crime will increase, fueled primarily by an ever changing world of technology that is making more things possible, and the related shrinkage of the world we live in.

 

 

 

Now Hiring

 

 

 

 

 

 

 
Contact Us | Privacy Policy | Terms of Use and Disclaimer © 2003 - 2008 NYMITY