Experts say: CityBee’s stolen data is not enough to obtain quick loans on behalf of others, Regitra does not see threats either | Deal

“It’s hard to imagine that without the full participation of the person whose data was stolen, someone could take advantage of this situation.” 15 minutes approved Šarūnas Frolenko, Director of the Association of Financial Services Companies (FINCO).

He believes that residents need not worry, because if the malicious people have only leaked personal data from CityBee, they will not be able to collect consumer credits on behalf of others.

“It is important to understand that obtaining consumer credit, even if done remotely, requires a sufficiently complex identification procedure, so having data does not mean that it can be used very easily,” explained Frolenko.

Jekaterina Govina, director of the Bank of Lithuania’s Financial Market Supervision Service, also confirmed to journalists on Wednesday that the chances of scammers using the leaked data (taking consumer credits on behalf of others or paying for goods online) are low.

“How much do we know and to what extent can we trust the information provided by the company, if only the database went abroad in February 2018 and if the company actually used the security standard to process payments? Most likely that the card data be used to pay elsewhere for goods or services is very small, “Govina said.

The Director of the Financial Market Supervision Service of the Bank of Lithuania also pointed out that if information on payment card data was delayed until 2018, most of the cards had already expired.

“In a bank only 20 percent. The cards that are issued in 2018 are still valid,” said the expert.

He added that malicious people are also unlikely to be able to take out credits on behalf of others or open accounts using leaked driver’s license data. As of January 1, the driver’s license became a legal means of identification.

“I can not say that it is impossible, but the chances are very low. If the credit companies comply with the requirement of prevention of money and establish the identity of the clients, it should not be possible to take credit for that data”, added the representative of the Bank of Lithuania.

Today, the Bank of Lithuania has no data to use the leaked CityBee data to buy financial services.

What information do you need to get accredited?

Experts point out that it would be difficult to use the data obtained by scammers, since the client is authenticated in several ways when issuing a loan. According to Flrolenko, if the person applying for a loan identifies himself remotely, the person is often required to send a photo or video showing both their face and an identification card.

Then it is determined to which account the money is transferred, it is checked if the credit can be granted, if the solvency is adequate or if there will be no charge for the resident. Residents’ consents are required to verify the data because they are registered in databases. There are many processes where having a single document is rarely used that way.

“I am one of the CityBee customers whose data has been leaked, but I do not survive someone crediting me on my behalf,” explained F. Flrolenko.

I’m one of the CityBee clients whose data has been leaked, but I can’t survive someone taking credit on my behalf – explained F. Flrolenko.

The data that must be submitted to obtain consumer credit online was clarified on Wednesday and 15 minutes journalist. All I needed to create an account at a randomly found online and SMS credit company was a personal ID, email and phone. However, in the next step, when trying to get a loan, I was asked to confirm my identification through online banking.

To do this, you need a lot more data, not only the bank’s user ID, but also one of the sources of identification: Smart ID, PIN code generator, ID card or mobile signature.

“One is to register with a company to use self-service, the other is to obtain a financial service. When obtaining a financial service, different regulatory regimes are applied, the prevention of money laundering is activated, according to this law, any financial institution to which this law applies must identify in detail the person with whom it communicates ”, said F. Flrolenko.

And Govina urged residents to be even more vigilant in protecting their online banking logins and not disclosing them to anyone, because in cases where loans are obtained under a foreign name, scammers often steal personal bank details.

According to Frolenko, the most important detail in this story is the account password, because many people use the same passwords in different accounts, so if one is revealed, the password of many others can be clear.

There is the possibility of ensuring

Flrolenko said that this situation was noticed by everyone, including credit companies, who will take precautions and take into account that there may be attempts to use stolen data.

“Just as people are worried about being cheated, consumer credit companies understand that this event is a matter of precaution for them, because the objective is not to give a loan, the objective is to give it and get it back. And the situations in which people are deceived, money is attracted, are not good for anyone, neither for the one who gives the loan, nor for the one who is deceived, ”says S.Frolenko.

J.Govina emphasized that in response to the situation, the Bank of Lithuania sent letters to consumer creditors requesting that they pay special attention to customers seeking credit and to ensure that potentially forged certificates are not used to identify them.

By the way, to obtain additional protection, it is possible to request a service that limits the possibility of borrowing; If such a request is made, the credit should not be issued in that person’s name. This service is provided by both the Bank of Lithuania and the Creditinfo Lietuva company.

J.Govina stated that the interest in this service offered by the Bank of Lithuania “STOP for consumer loans” has increased.

“We also urge credit recipients to take special care to ensure that no one is on the list who does not want to receive credit,” said a representative of the Bank of Lithuania. He added that not granting credit to the people included in said database is not a recommendation but a requirement.

Meanwhile, Aurimas Kačinskas, director of Creditinfo Lietuva 15 minutes stated that the popularity of this service has increased dozens of times a day. Since yesterday, 11 thousand people have contracted this service. population, as the company, in response to the situation, offered such an opportunity almost free of charge.

Residents who have registered on the website www.manocreditinfo.lt can opt for the “Protect your identity all year round” service for a symbolic fee of 0.01 Eur, which will later be returned to the CityBee clients’ accounts .

The opportunity to protect against unwanted credit under such conditions will be available throughout the week, until February 23. 24.00 This amount will be reimbursed to anyone who has requested the service on Tuesday and has paid the usual price of the service (14.95 Eur).

“Interest in this service was felt yesterday in the first half of the day, so after noticing the increased flow of questions from customers, the immediate environment, we decided that we need to help residents deal with anxiety. The flow itself is big enough. We weren’t even expecting it, “commented A. Kačinskas.

According to him, subscribing to this service imposes a restriction on loan companies so that they do not automatically lose loans: participants from credit bureaus, when checking loan applicants, will see that they owe a large amount, and therefore Therefore, they will decline or examine any loan more closely. those consumers.

A. Kačinskas emphasized that the debt shown is false, therefore, it will not damage the resident’s credit rating in any way, they will not be seen in the credit history. To be able to take out the loan later, the consumer will simply have to disconnect this service.

“It’s the safest way for creditors to signal that something is wrong with the person applying for the loan and that the loan will not be issued automatically. This basically stops the process itself if someone uses it illegally by taking my data or entering the bank, ”said Creditinfo director Lietuva.

J.Govina also emphasized that the Bank of Lithuania asks creditors not to evaluate the presence of the consumer on said list when applying for a loan.

Fewer loans are obtained in foreign names

F.Frolenko assured that the number of cases in which loans are taken on behalf of third parties is significantly reduced. And the fraud schemes used in recent years have been complex and based on the deceit of the victim herself.

For example, a year and a half ago, a relatively large wave of scams was observed: criminals were able to deceive people and force them to complete credit applications, submit their documents, and electronically sign or SmartID. People imagined filling out an employment contract or other official document.

Regitra: You don’t need to change your user certificate

Regitra does not see any major threats due to stolen data. How 15 minutes Emilija Bardauskienė, junior specialist from Regitra’s Communication Department, reported that no cases of increased changes in driving licenses have yet been noted.

“Currently, we receive only a few more inquiries from customers regarding the need to change driver’s licenses. Therefore, in light of the information currently available to law enforcement authorities, it is not necessary to change driver’s licenses. However, if customers want to do so, the documents can be exchanged, as usual, without waiting for them to expire, ”said a Regitra representative.

On Monday it was announced that the data of the CityBee users who had registered up to 2018 were published by the programmers on the Internet. The company claimed to have disclosed about 110,000. customer data – customer email email addresses, phone numbers, personal codes, encrypted passwords.

CityBee CEO Kristijonas Kaikaris urged users to change passwords at a press conference on Tuesday, both on their CityBee account and on other platforms that use the same password when signing up. It is true that K. Kaikaris emphasized that there are no payment cards for users of the published data, because the company does not collect this data.

The Lithuanian Criminal Police Office launched an investigation into the theft of data.