By Jennifer Wells | National Affairs
Get your hands off my financial affairs, I was saying just the other day. And my family’s financial data, for that matter. Perhaps we’re just a little bit sensitive over here in the land of Swimming in Debt Co. (a recently revived household entity with fewer constituent parts than when I last publicly surveyed its assets and liabilities). Here, take a look at this. One of Swimming in Debt’s Class B shareholders received a nasty notice of claim from a company in the “receivables and customer contact industry” acting under contract with a bank I will not name here. “Your account referenced above has been assigned to our agency for immediate collection,” said the heart-stopping letter, demanding a sum of roughly $1,500. The shareholder in question was a) rattled and b) perplexed. Here’s why: he has no account with the bank in question, and has never had an account with the bank in question. If you think clearing up a matter like this is straightforward, I am here to tell you that you are very, very wrong. You call the cops. You call the bank in question. The bank directs you to get in touch with the credit bureaus. You do this. You spend hours of your life trying to clear up a mess you had no hand in creating. Allow me to create a highlight reel of ensuing events. The bank eventually acknowledges that this is a case of identity theft. With the fraudster presenting two pieces of false identification, the bank opened an account with an overdraft of $1,500. The account statements were sent to an email address somewhere in the ether, which explains why our household shareholder saw no warning signs. You would think that the bank might act with alacrity and regret. Instead, it’s like dealing with lawyers. (Never say you’re sorry.) You write to the TransUnion credit bureau seeking assurances that no black marks are on file. The credit bureau’s response: “This letter is written in response to your correspondence disputing the accuracy of certain information in your credit file. To investigate the item(s) we contacted the creditor reporting the disputed information. They could not respond to us within a reasonable time.” What? Insanity. The letter goes on to invite the household shareholder to request his own credit file from both credit bureaus. “Thank you for your correspondence and please let us know if we can assist you in any other way.” Back to the bank. How about sending us a letter confirming the crime? “None of the institutions will send out a letter saying you have been a victim of fraud,” says the guy at the bank who knows about fraud, and how easy it is
to buy a SIN card (for just $35 at Dundas Square, he says). The banks work as a group. We know this. Like I said, it’s like dealing with lawyers. But wait: the bank has an email address for the fraudster, so isn’t there a line of investigation to be pursued? Nope. Can’t they trace which branch issued the card? If so, the bank would not say. How about this: to what entity does the bank report the fraud? The Canadian Bankers Association posts statistics on credit card and debit card fraud. The counterfeit data for debit cards, provided by the Interac Association, is quite astonishing. Look: from a total of $105.5 million in 2008, the fraud on these cards collapsed to $16.2 million in 2014 and to $7.9 million in 2017. How solid are those numbers? No one would ever know about the stolen $1,500 because the bank stays mum. “The majority of it stays in-house,” said the guy at the bank. I would add a feeling of incredulity here, except at this part of the tale, what’s the point? If there had been any evidence about the individual responsible that would have resulted in a fraud report, we were told. But in this case there is no known perpetrator. Hence, crickets. So we don’t really have the data? To which the bank guy responds: “What purpose would that serve?” And now I’m thinking: maybe Statistics Canada has the data. As Global’s David Akin has reported, not only did StatsCan direct the banks to pass along personalized information
of the financial affairs of Canadians, a plan that’s now on hold, but it additionally directed TransUnion to hand over a treasure trove of personalized credit information, which TransUnion did do. In the House this week, Prime Minister Justin Trudeau repeatedly failed to explain how he can be so offside on the fundamentals of privacy. How strange that at a time of rampant data breaches – don’t forget the data hack at credit union bureau Equifax affecting a mere 150 million or so consumers – the PM would spend so much time reminding us of how Stephen Harper cancelled the long-form census. “High-quality and timely data are critical to ensuring that government programs remain relevant and effective for Canadians,” he said. So true. And so beside the point. Conservative Leader Andrew Scheer had it right: “It is not about what is being made public. It is about whether or not the government thinks it has a right to peer into individuals’ bank accounts and access line-byline transactions.” And creditworthiness. The privacy commissioner has now launched what should be a very short investigation that will lead to an inevitable conclusion: personalized financial data must be scrubbed before winging its way to Ottawa. By the way, the Class B shareholder did get the fraudulent bad debt erased from his record. But I can’t believe we’re the only ones to have suffered such an unsettling experience. Surely someone somewhere has the data on that.