3 common online financial security mistakes for young adults

Your teens and young adult children likely have a little more technology insight than you do. In fact, they may be the ones teaching you how to pay bills or cash cheques on your mobile banking app, or helping you set up a Tax-Free Savings Account online. But for all their web smarts, young Canadians tend to have habits that could be putting their financial security at risk.

"Young Canadians need to understand they're creating a digital footprint of themselves and they're responsible for what's out there," says Jeff Schwartz, executive director of Consolidated Credit Counseling Canada. "Their financial responsibility is to guard private information."

Talk to your kids, regardless of their age or level of Internet understanding, and watch out for common online privacy errors.

1. Posting pictures with financial information
The scenario: Your son just had his first payday. He's proud of himself and wants to show off his hard-earned cheque, so he posts a selfie with it on Instagram. common-mistakes

The problem is his paycheque lists his full name, address, birthdate, employer information and potentially his social insurance number. That's more than enough for a fraudster who is looking to open a credit card or loan in his name.

This is a common flub, according to Judith Cane, an Ottawa-based money coach with 27 years of experience in financial planning. She specializes in working with millennials.

Kids don't always understand the impact of posting photos of sensitive information, she says.

It's not limited to paycheques, either. Young Canadians celebrate
many milestones with a photo, such as a driver's license, scholarship or bursary acceptance letter or even documents to a first home. They post the photos online in a moment of pride, but cybercriminals are ready to grab the information. Cane has even seen instances of fraudsters using cellphone or hydro bills posted on Facebook, or a photo with a magazine in the background.

"Go on the Internet, and search 'personal ID,' and you'll see tons of images of phone bills, credit card receipts, and intimate information showing up," she says.

Be cautious about what is identifiable, Cane says. Show your kids examples of what not to post, and if you spot a photo with identifying information in it, be sure to have your teen remove it immediately.

2. Sharing information with friends
The scenario: Your college-aged daughter mentions that she and her fellow interns have a rotating schedule in which one person collects orders and money, then runs out to get lunch for the office each day. On the days you daughter isn't the runner, she simply hands off her debit card (and a Post-It with her PIN written on it) to the person headed out because it's easier than keeping track of change.

This happens regularly. In a 2013 Visa survey, 45 per cent of 18- to 34-year-olds polled conceded to loaning their card, or sharing the card number via text, email or phone call. It's a huge no-no, whether it's an everyday lunchtime occurrence or a one-time situation for a friend to purchase concert tickets.

It's not that you shouldn't trust your friends, you just don't know where your card may end up, Schwartz says. The card could get lost, or it could end up in the hands of an employee you don't know or with a stranger in the shop. And, for example, if your child sends the information via a company email account, anyone from the employer's IT department could access the information, Cane says.

Additionally, if your child ends up a fraud victim, he could be held responsible if he's ever given a PIN to someone else. The same goes for if he's ever sent his credit or debit card information to anyone via text or email.

"Don't share this information, but especially don't have a written trail of it," says Cane. "If you write it in an email, you might as well announce it to the world."

3. Not safeguarding passwords
The scenario: your kids have so many accounts that they find it hard to keep up with a unique password for each one. So, they use the same password they used to set up their first email account when they were 12, which was a school email with a generic password they were supposed to change. Now, at age 20, all their passwords are still "1234."

This, too, is a common situation. According to a SplashData survey on the most common online passwords, "123456" takes first place, with "password" coming in second.

Schwartz advises warning your child that she shouldn't have one password to all her accounts. If a hacker gains access to one, he has the key to all of them. And if it's an easy password, this is another situation where your child could end up on the hook for any fraudulent activity.

In addition to having different, hard-to-guess passwords for each account, Schwartz suggests telling your children not to allow their computer or phone to remember passwords for accounts. That way, if anyone picks up your kid's phone while he isn't looking, they won't have instant access to all his information.

"It's inconvenient," Schwartz says. "You've gotten so used to everything being instant that having to log back into things and remember handfuls of passwords is hard to do, but you'll understand what it could cost you when someone hacks into your account."

Finally, advise your child not to pay bills or check bank account balances on unsecured Wi-Fi networks. Free Internet is convenient, but that doesn't mean it should be used for conducting financial transactions.

Teach your kids the warning signs
Schwartz says there are clear warning signs of cyber fraud. Your child should be wary of any credit card or bank statements from accounts that don't belong to him, as well as collections calls for accounts he didn't open or charges on his statement that he didn't make.

"Spend a bit more time examining statements because there might be unauthorized charges or accounts could be drained overnight," Schwartz says.

To err on the side of caution, have your children sign up for credit monitoring so they get an alert anytime someone tries to pull their credit report.

See related: Third-party financial apps: convenient, popular -- secure?, Cybercrime is nothing to like or share
Published October 6, 2015

Most recent Legal, regulatory, privacy Stories