Consumers, tech companies look to life beyond the Social Insurance Number

Christopher Reynolds

The Canadian Press

In the wake of data breaches at both of Canada’s credit monitoring agencies, some experts say the problem isn’t theft of social insurance numbers and other information, but rather our approach to proving who we are.

As social insurance numbers (SINs) continue to flow into the hands of hackers, industry players and consumers are increasingly on the hunt for an overhaul to how we identify ourselves in the digital age.

Over a lifetime, Canadians hand out their SINs left and right — to landlords, credit agencies, credit card companies, car rental firms, colleges and universities. In none of those cases are they required to do so, although a SIN is often requested.

Federal rules require citizens to provide their SIN only to certain government agencies as well as employers and — if the account earns interest — to financial institutions.

Starting in 1964, SINs originally served as client numbers tied to employment insurance programs and the Canada Pension Plan. Its current use as a kind of ultimate identity marker has far outgrown its original intent, providing effective proof of who you are when matched up with another personal document or piece of information such as a driver’s license or date of birth.

However, if criminals gets a hold of more than one of those ID verifiers, they could use them to file a fake tax return or apply for a loan or mortgage in your name, with consequences that could last decades.

Until the digital age, computer hacking hardly posed a risk to people’s data. Nor were there large databases that stored millions of SINs, outside of government institutions and banks, says Rich Mogull, CEO of Phoenix-based security firm Securosis.

“Earlier, even in my lifetime — I’m only in my 40s — everything was more local. We went into our local bank, even credit cards were generally issued from a local bank,” he said.

“But we started moving toward large-scale regional and national banking…and we started applying for things like loans online” — boosting the need for unique identifiers that could be presented remotely and recognized by a computer.

Increasingly, credit monitoring agencies, utilities companies and credit card vendors began to use social insurance numbers — or social security numbers in the United States — as key identifiers to keep track of clients.

“Everybody is relying on one number, and it’s not a secret,” Mogull said.

“When I went to university my student ID number was my social security number,” he recalled, shaking his head. “Once that number’s out there and exposed, there’s no taking it back. And it can be used for all sorts of fraud.”

The problem drove Quebec resident Pierre Langlois to launch an online petition calling on Ottawa to replace social insurance numbers compromised by identity theft.

Moved to action last summer after a breach at Desjardins Group scooped up data from nearly 2.9 million members — including their social insurance numbers, names and addresses — Langlois posted a second petition asking the government to propose a “quick solution to this security problem.”

With more than 147,000 signatories, the petition shied away from a more specific demand for two reasons, Langlois said: the difficulty of changing your SIN — proof of fraudulent use must be shown — and the dubious benefit of that tactic in the first place, since those newly assigned citizens could be just as susceptible to data breaches down the line.

“The government is asking us to give it to every employer you’ve ever worked for. Do you think the small restaurant where you worked has higher security than a bank?” Langlois asked in a phone interview.

The solution, says Mogull, lies in local transactions or encrypted SIN storage that would make data theft harder.

Cryptographic keys comprise a long string of random numbers that can be used to unlock personal data, but Greg Wolfond, chief executive at Toronto-based SecureKey Technologies, is skeptical of cryptographic identifiers as the answer.

“I fear that the bad folks are still going to be able to take this data and use AI and put it together in smart ways to try to become you to get a loan, to file a fake tax return in your name,” Wolfond said.

He wants to get away from the “static information” model that underpins ID confirmation and motivates data hacks. Instead, Wolfond is advocating something called real-time verification as the best way to show that you are, in fact, you.

His company’s product, dubbed Verified.Me, allows customers to provide proof of their identity using information they’ve already given their financial institutions. The Verified.Me smartphone app connects with participating financial institutions and removes many of the steps currently required to establish a person’s identity.

Though only a few financial products are available through the app, Verified.Me counts Desjardins and the Big Five banks as Canadian partners.

In the long run, the approach could include applying for a mortgage, renting an apartment or obtaining a driver’s licence, Wolfond said.

In the past three years, millions of consumers have been affected by hacks against a panoply of companies including Canadian-based cheaters’ website Ashley Madison as well as British Airways, Uber, Deloitte and Walmart.

TransUnion revealed Wednesday that the personal information of 37,000 Canadians may have been compromised this past summer, leaving both of Canada’s credit monitoring agencies with data blemishes on their record.

Equifax announced in 2017 that a massive data breach compromised the personal information and credit card details of 143 million Americans and about 19,000 Canadians.

TransUnion says data on 37,000 Canadians may have been compromised

TransUnion says someone fraudulently accessed data using a customer’s login credentials

The personal information of about 37,000 Canadians held by TransUnion may have been compromised this past summer, leaving both of Canada’s credit monitoring agencies with data blemishes on their record.

The TransUnion incident is much more limited than the high-profile data hack at credit monitoring agency Equifax Inc. in 2017, which exposed the information of 147 million people, including about 19,000 Canadians.

TransUnion said in a statement Wednesday that someone fraudulently accessed its data through the use of one of its business customer’s login credentials between June and July.

Company spokesperson David Blumberg said that while the investigation is ongoing, the company maintains that the fraudulent login was not a failure of its systems.

“The unauthorized access was not the result of a breach or failure of TransUnion’s systems or our customer’s system,” he said.

Canadian Western Bank (CWB) confirmed that the credit report data was accessed through an account at its leasing division.

“In August, we learned that CWB National Leasing’s account was illegally used by an unauthorized third party to perform unauthorized credit checks,” said company spokesperson Maya Filipovic.

She said no personal information held by CWB National Leasing was taken, disclosed or misused in any way.

Type of personal information accessed

TransUnion did not disclose what kind of personal information was compromised by the fraudulent login.

A credit check by a bank or lender could give access to an individual’s name, date of birth, current and former addresses, information on existing credit and loan obligations, credit repayment history and potentially their social insurance number.

TransUnion said it learned of the breach in August and has notified those whose information may have been accessed as well as the privacy commissioners.

The incident is the latest of numerous data breaches in recent years, including the Equifax breach. More recently, Capital One said in July that data of six million Canadians was hacked, including about a million social insurance numbers. Desjardins said in June that the data of about 2.7 million accounts was hit with a breach.

The problem is that no system is foolproof, said Hasan Cavusoglu, an associate professor of management information systems at the UBC Sauder School of Business.

“The reality is this is a moving target. Organizations are every day exposed to new type of attack vectors, new kinds of threat actors.”

He said customers have little choice but to have their data held with TransUnion and Equifax.

“As long as you do some kind of transaction, your data will inevitably fall into these companies.”

The two credit monitoring agencies collect a variety of financial data to help banks and other lenders figure out how reliably a customer might pay them back. The model means the agencies want to collect as much information as possible to clearly represent someone’s credit worthiness, said Cavusoglu.

While breaches are impossible to rule out entirely, major financial institutions like credit agencies have significant incentives to keep the data safe, he said.

“Reputational damage as a result of these kinds of attacks is tremendous, let alone other kind of maybe regulatory sort of penalties as well as some legal costs associated with it. So they don’t want that reputational damage.”

Chicago-based TransUnion continues to look for ways to strengthen its defences against unauthorized access of any kind, and supports customers in efforts to protect their data, Blumberg said.

IMS Demonstrates Insurance Telematics First: 42% Crash Reduction & 7% Combined Ratio Improvement

Waterloo, ON, Canada, Oct. 08, 2019 (GLOBE NEWSWIRE) — IMS, the insurance telematics technology arm of Trak Global Group (TGG) is now positioned to offer North American and European insurers unprecedented access to the learnings from driver data via TGG’s award-winning Carrot Insurance brand.

Carrot’s direct interaction with its installed customer base has driven innovative product development, including the latest telematics smartphone based “Better Driver” app, which  recently won the prestigious 2019 UK Insurance Times Technology and Innovation Award for Best Customer Mobile app.

“Carrot’s award-winning technology has modified driver behavior in a positive way, and we are eager to make our learnings accessible to insurers,” said Nino Tarantino, CEO- Americas, IMS.

Accessing this critical data will enable insurers to:

  • Improve policyholder engagement
  • Offer a reward platform that builds loyalty
  • Motivate safer driving behavior
  • Realize the positive impact on combined ratios

“We have developed and tested our insurance telematics propositions with our own Carrot customers so our insurer partners don’t have to,” Tarantino continued.  “No other telematics service provider has this kind of direct-to-policyholder experience and insight, but we do through Carrot, and we want to share what we have learned with the insurance companies we work with.”

Carrot, which launched in 2012, has since overseen a 42% reduction in the number of accidents among its customer base, thanks to its pioneering technology and an active risk management program, including rewards for good driving, which has turned the insurance experience on its head for policyholders.

Carrot’s policy has also built customer loyalty. The company has returned $5M to customers during the past seven years and the rewards program, in turn, offers a built-in incentive for consumers to check their status and driving feedback.  In doing so, frequently, consumers drive better and safer.

“Carrot’s telematics program has made a previously unprofitable market segment for us profitable again,” said Ed Rochfort, Managing Director of Carrot Insurance. “By analyzing telematics data we’ve been able to dramatically improve our risk pricing while reducing the cost of claims. A huge win by all accounts.”

“We’re making big improvements in reducing the cost of motor claims for our insurer clients, saving them time and money by providing indisputable proof of what actually happened in an incident. We believe Carrot’s claims data analytics has reduced CORs for our insurer partners by 7.7%,” Tarantino said. “In turn, our insurance customers are using these same insights from Carrot to create their own digital insurance strategies.”

For further detail on the Carrot difference, insurers can download IMS’ Carrot case study to access learnings and insights from this award-winning offering: https://www.intellimec.com/carrot-insurance-rewards-case-study. Alternatively, insurers can contact IMS for more information at: https://www.intellimec.com/carrot-insurance-insights.

About IMS

IMS, part of Trak Global Group, is a leading connected car and telematics solutions provider, delivering services and analytics to insurers, governments and enterprises. IMS is the developer of the cloud-based DriveSync® connected car platform which has received industry acclaim for its ability to offer customers a data source-agnostic, multi-device strategy for service provision.

About Trak Global Group

Trak Global Group (TGG) is one of the world’s largest telematics companies, gathering and interpreting data from connected devices to help organizations manage driver and vehicle risk. The group has long-standing partnerships with global insurers, leading motor manufacturers, corporate fleets and daily rental companies and is the UK’s largest insurance telematics business.

In late 2018, TGG acquired IMS, the 3rd largest insurance telematics business in North America. In addition to its partnerships with major insurers, it has more than 130 patents associated with connected car services and has pioneered the use of telematics technology for Road Usage Charging in the United States.

In September 2019, private equity house Three Hills Capital Partners took a significant minority stake in the business, providing in excess of $50 million in growth capital.

About Carrot Insurance

Carrot Insurance, also part of TGG, is a UK-based, award-winning telematics insurance broker specializing in novice drivers. In 2015, Carrot received the Prince Michael International Road Safety Award for its work in reducing young driver accident frequency, and in 2015, it launched Better Driver, an app-based product representing the UK’s first mass-market usage-based insurance product.

For more information on IMS:

Visit: https://www.intellimec.com

Caller claimed woman’s SIN was used for a $100,000 fraud, drug trafficking

Read more

Hurricane Dorian Caused Over $100 Million in Insured Damage

October 4, 2019 (HALIFAX) – Hurricane Dorian hit Atlantic Canada on September 7 causing over $105 million in insured damage, according to Catastrophe Indices and Quantification Inc. (CatIQ). Seventy per cent of this amount is for damage to personal property, 25% is for damage to commercial property and the remaining amount is for damage to automobiles.

Province Insured damage*
New Brunswick $22.5 million
Newfoundland & Labrador $2.5 million
Nova Scotia $62.2 million
Prince Edward Island $17.5 million
Quebec $300,000
Grand Total: $105 million

*Initial estimates 

Hurricane Dorian wreaked havoc from the Bahamas to Atlantic Canada in early September. The weather system travelled through Atlantic Canada from September 7 to 8, 2019,and the cleanup lasted much longer. Halifax, Moncton and much of Prince Edward Island suffered a large portion of the damage, though damage reports were widespread across Atlantic Canada.

On September 7, Dorian became a post-tropical storm but maintained hurricane strength when it made landfall to the southwest of Halifax, with estimated sustained winds of 155 km/h. On the morning of September 8, the system hit the northeastern Gulf of St. Lawrence with strong southeasterly winds in Newfoundland. In the evening, the system tracked to the northeast across Newfoundland’s Great Northern Peninsula, with wind gusts ranging from 90 to 157 km/h.

Due to rainwater-saturated ground and trees being in full leaf, many large trees were uprooted across Atlantic Canada, and the region experienced numerous power outages. Heavy rainfall also caused road washouts and flooding of homes and businesses. The Magdalen Islands were severely affected as homes, cottages, and boats were damaged, and trees were uprooted; in several cases, and some cottages were blown off their foundations.

“Hurricane Dorian is another example of how devastating Mother Nature can be” said Amanda Dean, Vice-President, Atlantic, Insurance Bureau of Canada (IBC). “Severe, unpredictable weather like this is becoming more frequent, resulting in higher costs to homeowners, insurers and governments. Last year, insured damage from severe weather across Canada exceeded $2 billion, the fourth-highest amount of annual losses on record. That alarming trend has continued in 2019, with over $1 billion in insured losses recorded already this year.”

As the financial cost of the changing climate has been increasing, IBC has been working closely with all levels of government to increase investments to mitigate the future impacts of extreme weather and build resilience to its damaging effects. IBC is advocating for improved building codes, better land-use planning, incentives to shift the development of homes and businesses away from areas at highest risk of flooding, and investment in new infrastructure to protect communities from floods and fires.

The financial costs of severe weather are widespread adversely impacting insurers, policyholders and taxpayers, This is why all stakeholders need to come together to reduce the financial strain caused by floods and other severe weather events. For every dollar paid out in insurance claims for damaged homes, vehicles and businesses, Canadian governments and their taxpayers pay much more to recover the public infrastructure damaged by severe weather.

The amount of insured damage is an estimate provided by CatIQ (www.catiq.com) under licence to IBC.


About Insurance Bureau of Canada

Insurance Bureau of Canada (IBC) is the national industry association representing Canada’s private home, auto and business insurers. Its member companies make up 90% of the property and casualty (P&C) insurance market in Canada. For more than 50 years, IBC has worked with governments across the country to help make affordable home, auto and business insurance available for all Canadians. IBC supports the vision of consumers and governments trusting, valuing and supporting the private P&C insurance industry. It champions key issues and helps educate consumers on how best to protect their homes, cars, businesses and properties.

P&C insurance touches the lives of nearly every Canadian and plays a critical role in keeping businesses safe and the Canadian economy strong. It employs more than 128,000 Canadians, pays $9.4 billion in taxes and has a total premium base of $59.6 billion.

For media releases and more information, visit IBC’s Media Centre at www.ibc.ca. If you have a question about home, auto or business insurance, contact IBC’s Consumer Information Centre at 1‑844‑2ask-IBC.

“I discovered water damage in my home. Will insurance cover me?”

The short answer, unfortunately, is “that depends.” Here are the variables that come into play when homeowners seek water damage protection.

by

Q: My washing machine has been leaking for years and we only just learned of the leak and the resulting damage because of staining on our basement ceiling below. Will my home insurance cover this?
–Alison

A: While water damage is almost always the same—destroyed floors, mouldy drywall, and potentially destroyed electrical and heating systems—the cause can significantly change whether or not the damage is covered by your insurance.

Turns out, how water enters your home dictates whether or not the damage will be paid by you, out of pocket, or covered by your home insurance policy.

This should cause all homeowners concern. Why? Because flooding happens so frequently. Setting aside the incidental floods, such as pipes breaking or washing machines leaking, natural floods, such as those caused by snowmelt runoff or raised river banks, occur fives times as often as wildfires. In fact, natural overland floods are the second most frequent natural disaster in Canada, according to Dan Sandink, director of research at the Institute of Catastrophic Loss Reduction (ICLR).

Sadly, residents in Ontario, Quebec and New Brunswick are now intimately aware of how devastating a flood can be to both property as well as to someone’s financial well-being. In April 2019, CTV Newscalculated that 6,425 homes had been flooded in Quebec alone. Another 3,508 were surrounded by water. Another 21 Ottawa homes were voluntarily evacuated, while 80 roads in New Brunswick had been closed.

According to Canadian Forces, 2,000 troops were deployed to Eastern Canada to help with flood efforts, and more than one million sandbags were used in the nation’s capital, Ottawa.

This doesn’t bode well for homeowners across Canada, who will eventually feel the burden of rising premiums to cover insured losses. This is on top of the $1.9 billion in insured losses that Canadians already sustained in 2018—the fourth-highest amount on record, according to the Insurance Bureau of Canada.

What’s worse is knowing that a standard homeowners’ policy (or tenant insurance) doesn’t provide coverage in the event of flood damage. While government relief may be available for uninsurable damage, that relief is often slow to materialize and insufficient to cover the cost of repair, leaving families to pick up the pieces.

You may be able to purchase flood insurance—known as overland coverage—depending on whether or not you live in a flood-prone zone. And even if it is available in your area, however, you must also purchase sewer back-up coverage, which is typically far more available.

But what about floods that are not caused by natural disasters? What about the floods caused by burst pipes or cracked foundations or, in your case, Alison, a leaky washing machine?

In general, standard (also known as comprehensive) homeowners’ insurance may help cover damage caused by leaking plumbing if the leak is sudden and accidental, such as if a washing machine supply hose suddenly breaks or a pipe bursts. Keep in mind, this sudden, accidental flood cannot occur when the home is vacant for more than 48 hours (for some insurance providers this drops to 24 hours), which is why it’s important to have a trusted friend or family member check on your home every day or so to make sure everything is alright while you are away on vacation.

But what about slow leaks? Turns out this is where coverage gets grey and fuzzy. While most policies won’t cover damage resulting from poor maintenance—for instance, damage due to a leaking toilet you failed to repair— that doesn’t mean that all slow leaks are denied coverage.

What follows will help you understand when you’re covered, versus what’s your responsibility.

READ MORE HERE: 

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from ILSTV

You have Successfully Subscribed!

Pin It on Pinterest