binary 1536651 1920

Some rules of caution about personal data

To the point Currently, some financial institutions are making headlines about leaks of their customers' personal data. While we should not be overly alarmed by this situation, it is nevertheless advisable to respect these few rules of caution about sharing personal data.

Our rules of caution regarding personal data

Let’s face it: what’s happening right now with personal data leaks won’t stop me from travel hacking.

In fact, for years now, computer systems for years now spreading our personal data all over the place.

Sometimes it’s Marriott that loses information – such as passport numbers – affecting up to 500 million customers, sometimes it’s Equifax… then Desjardins or more recently Capital One.

hacker 2883632 1280

Since the rise of the Internet in the early 2000s, there have been nearly 300 massive data leaks (each affecting several million people) according to this Wikipedia census.

list of data breaches
List of data leaks

All this doesn’t prevent me from applying to credit cards (which allows me to save hundreds or even thousands of dollars every year thanks to all these little tricks).

But these various pieces of news allow me to remind you of a few rules of caution when it comes to personal data!

Information given to financial institutions

When applying for a credit card, we agree to disclose certain personal information.

Applying for a credit card means applying for credit!

So it’s not just a welcome bonus or benefits, it’s the credit that is given to us by a financial institution.

To extend credit to you, the financial institution will need to identify you in order to verify the information transmitted through the credit bureau.

Technically, to identify us, the institution will need information such as:

  • our first and last name
  • our date of birth
  • our address

No need to give our Social Insurance Number (SIN) to apply for a credit card!

Then, in order to give us credit, the institution will need to know:

  • our income (salaries, investments…)
  • our past and present jobs

Either the institution will rely on what we say (or what our credit report reveals about us), or it will ask us for proof (and/or may call our employer).

We will then give ONLY what is asked for, nothing more!

How do the banks protect us?

Financial institutions all act in different ways to protect US. They can, for example:

  • ask for many supporting documents (pay stubs, identity papers…)
  • ask us to come to our branch (to withdraw or activate a credit card )
  • call us and ask us a few more questions (to make sure it matches our credit report)

Don’t be afraid to wait for a phone call from the issuer of your new credit card: the questions asked are protective measures.

In-branch activation

We would all like to receive our credit cards in the mail and be able to activate them online.

However, some institutions such as BMO, CIBC, Scotia or TD will often ask us to visit their branches.

This is a protective measure: it is much more difficult for an identity thief to present false documents in person… than it is to answer a few questions online!

Here’s an example from Radio-Canada:

BMO Bank of Montreal reported the case of a Sherbrooke man arrested earlier this month after he went to one of their counters to obtain a credit card with a stolen identity, possibly from Desjardins.

“The employee could feel that something was wrong, explained the Sherbrooke Police Service on Radio-Canada. He did further research and realized that the identity on the cards was the subject of an Equifax alert.”

So I’d rather take a few minutes of my time to go to a branch to get a credit card … than have my bank take no steps to ensure my correct identity.

Validation in two steps

Most banks have moved to 2-step identification.

That is to say, in order to access your bank/credit card accounts, it will be necessary to:

  • login with your username and password
  • AND validate this access through a code received by phone or through an authentication application

This 2-step identity validation is often optional, as it complicates access to accounts (especially when abroad).

But it is a particularly effective way to protect access to your accounts…. and data!

Check with your bank to see if it supports 2-step identification!

Monitor Credit cards Statements Online

Banks are pushing for you to accept electronic statements (instead of paper statements). Certainly one of the objectives is to save paper and shipping costs.

But it also removes an important loophole: bank mail.

In addition, it encourages us to check our accounts online, rather than waiting for the monthly statement. This way, we will be aware of a possible problem with our accounts/credit cards much faster!

Monitor your accounts online!

Credit card payment protection

In case of fraudulent use of our credit card, WE ARE NOT RESPONSIBLE.

Visa, Mastercard and American Express have a “zero liability” policy for unauthorized transactions. This means that customers using credit cards issued by banks are NOT responsible for fraudulent transactions.

You’ll have to:

  • contact the bank
  • have Equifax and Transunion place a fraud alert on your account.

The banking institution:

  • will freeze the credit card
  • will investigate
  • will re-credit the amounts improperly withheld
  • will issue a new card

More information here.

Whether the fraud occurred on our credit card in Canada or during one of our trips, we are protected!

Information given to loyalty programs

The loyalty programs we all know about (AIR MILES, Aeroplan, Marriott Bonvoy…) feed off the information you give them.

We “play” with this, since these different programs offer us points… to find out a little more about our consumption habits (purchases made, hotels we stay in, trips made…).

But do we really need to answer their various surveys asking for information like:

  • the composition of our household (number of children, ages…)
  • our personal/family income
  • the type of house we live in
  • the make of our car
  • your mother’s maiden name
  • our passport or driver’s license number

Of course not!

It is therefore necessary to think twice before disclosing this information. Because if they were to “leak”, they could be cross-referenced with other data about us… and harm us!

Information disclosed on social networks

Social networks (Facebook, Twitter, Instagram…) have invaded our lives… at the risk of causing problems for our personal data.

Personal details

It often happens that we share too much information. For example, it is not very difficult to find information like:

  • Date of Birth
  • Names of relatives (mother, father, brother, sister…)
  • Names of pets
  • Elementary or secondary school
  • Colour of our car
  • Important dates (graduation, wedding…)

All of which are often the answers to questions about resetting passwords!

Don’t share non-essential information!

Travel dates and holiday photos

In the excitement of the big departure: we announce it on Facebook to our friends by “tagging” each other at the airport or at our destination, or by sharing photos at the other end of the world.

What you do/say online… could have repercussions at home! Think about it!

But that doesn’t stop you from sharing a “Thank you milesopedia” photo in an airport lounge, on the beach or at your hotel…. when you return from your holiday!

Information thrown away

In recent months, financial institutions have been obliged, by new legislation, to send us many documents that often include our account numbers (bank, credit cards…).

You must be very careful when putting these documents away for recycling… someone malicious could take a look at them!

Document and credit cards shredders don’t cost much, less than forty dollars on Amazon. Additional protection in our daily lives!

Check your credit report regularly

I repeat it every time it comes up: you must regularly check your credit report. At least once a year!

Here, we are not talking about the score as such, but about the information contained in the file (open and closed credit lines…).

You can request a credit report for free, once a year!

Change your passwords regularly

Finally, there is a basic rule that is often not respected: the regular changing of passwords (bank accounts) and PINs for your credit/debit cards.

However, for passwords, there are nowadays many tools to protect them or to create complex passwords such as 1Password, LastPass…

In short, the tools exist: jusr try to use them as regularly as possible!

Above all: never use simple passwords like 123456 / qwerty or one of the 25 most common passwords! Make things more complex with special characters (& % $ #…), upper / lower case letters and numbers!

Conclusion

No, recent data leaks occurrences don’t scare me much. As I said in my introduction, it’s been more than 20 years since computer failures happened: a lot of our data is ALREADY in the wild.

As a member of the Facebook group pointed out: travel hackers are generally better informed than most members of the public and are often much more vigilant (both in their cards applications and in their personal finances).

In short: let’s not get overly paranoid… but always be careful!

Come to discuss that topic in our Facebook Group!
Jean-Maximilien Voisine
Jean-Maximilien is an expert in Canada and France about Loyalty programs, Credit cards and Travel. He is the Founding President of Milesopedia.

Suggested Reading