Personal identification numbers, which are easily found on the Internet, make life easier for criminals who aim to scam money over the phone, but keeping personal identification numbers secret requires a political decision, writes ERR News.
This year, fraudsters have stolen millions of euros, and it has been found that criminals have managed to access more than 1,000 accounts on the eesti.ee state administration services portal. Fraudsters also often use publicly available information to break the law.
The Estonian Commercial Register is a real gold mine for fraudsters. If a criminal is lucky, they can find various data there, including names, personal identification numbers and phone numbers. With this information, it is possible to start connecting to a person’s online bank, but a PIN code is also required to complete a transaction. Fraudsters use various ways to obtain personal data, and people often reveal their personal identification number or PIN code during a phone call. Rain Vosman, head of the criminal bureau of the Police and Border Guard Board’s (PPA) Southern Prefecture, said that criminals always try to use the Internet and publicly available information, which can reveal a fairly complete picture of the person they plan to defraud. Another way to obtain personal data is to purchase it on the black market, where it is offered by people who have hacked various databases.
The police reported on the 18th of December that criminals have accessed government service accounts using electronic identities and fraudulently obtained PIN codes. Vosman said that the goal is to obtain data that can be used for further fraud, to gain people’s trust and then defraud them of money. He explained that if the criminal already has a personal identification number and phone number, they can call and manipulate people to obtain the PIN1 code, which allows them to access the eesti.ee account, which in turn contains a large amount of sensitive information.
The police officer suggested that
hiding personal data from publicly available information could improve the situation – the less data is available to fraudsters, the better.
The European Union’s General Data Protection Regulation (GDPR) allows member states to individually determine whether personal data is available in the public domain. In Estonia, this is regulated by several laws. Kristi Värk, head of the Data Protection Department at the Estonian Ministry of Justice, said that in Estonia, personal data is most often made public to ensure transparency. However, in the autumn, the ministry issued guidelines to other ministries, which indicate that the rules must be written into law. Värk added that the disclosure of personal data is a serious interference with fundamental rights, as practically anyone can access the data, and a person thus loses control over it. She stressed that there are cases when the disclosure of personal data is justified, but that this should be decided by legislators.
Anna Õuekallas, Head of the Electronic Identity Unit at the Estonian Information Systems Authority (RIA), said that responsibility must be borne by all involved. She stressed that electronic service providers must assess the risks and, if there is a possibility of large financial losses, re-evaluate which identification tools are used and in what form.
Vosman acknowledged that everyone can certainly do more, but the greatest responsibility lies with each individual: “We can make these links as secure as we like on the state side or on the side of telecom companies, but scammers still manipulate the situation so that the person themselves enters their codes in the wrong place, where they actually would never in good faith enter a code.”
Read also: Estonian Interior Minister: Russians don’t know how to read maps
The post Estonian fraudsters use publicly available personal data to commit crimes appeared first on Baltic News Network.
No comments yet.