Identity Theft in Eastern Europe?
Database of 700,000 Bank Borrowers Released
August 16, 2006
Banking secrets go on sale
Credit
reference bureaus and banks received emails yesterday with offers
to buy a database on borrowers who purchased goods on credit in
retail chains. The database has more than 700,000 entries. If the offer
is not a fake, this crime may deal a hard blow on the image of banking
business which is traditionally built on confidential information.
Police experts, however, suspect the anonymous sellers of a scam. They
say they have failed to buy the database so far.
Kommersant
got hold of an extract from the base dated as of
April 7, 2006, which was a kind of promotion for potential buyers. Each
entry contains the borrower’s name, address, name of the retail chain
where the purchase on credit was made, the sum of the purchase, the sum
of the first payment, the sum of the credit, the time of the credit, the
amount of annual payments, the amount of the delinquency and sum of
fees. The sellers ask 90,000 rubles for the database with 700,000
entries. The sum cannot be compared to market prices on credit
histories. Each credit history costs some $0.4 in a credit reference
bureau.
Market watchers cited a number of possible sources of the information
leakage. “In theory, anyone could be guilty of this: banks, credit
reference bureaus, retail chains or collecting agencies,” said Maxim
Chernushchenko, deputy chairman of the board at
Investsberbank. Some said that the Central Catalogue of Credit
Histories at the Bank of Russia could be to blame.
A high-placed source at the Bank of Russia denied these accusations.
“First of all, we don’t get all the information; for example, we don’t
have the creditors’ names. Besides, the information is encoded and
cannot be used by other people in case of a theft.” The Bank of Russia,
however, is concerned about a possible leakage. “We will launch checks
in our agency, banks and credit reference bureaus,” the source said.
Credit reference bureaus refuted accusations point blank. Oleg Lagutkin,
director general of the Global Payment Credit Services bureau, said that
the technological level of leading bureaus is so high that the leakage
is impossible. Nikolay Dimchenko, director general of the Experian
Interfax bureaus, noted that his employees see the data encoded and
the access to the information is highly restricted.
The
Federal Financial Markets Service spoke in support of credit
bureaus. “There are three reasons why it is obvious that [credit
reference] bureaus could not have been the source of the leakage,”
Alexey Volkov of the Financial Markets Service said. “The format of
credit histories is strictly fixed by Russian laws, and it contains no
information about retail chains.” The second argument to prove bureaus’
innocence is that their base on creditors could not have come to 700,000
as of April 7, 2006, according to the financial official. In fact, the
bureaus had worked only a month by that time. Experts, however, note
that some credit bureaus started cooperating with banks before their
companies were officially registered, and some bureaus could have
accumulated this size of base.
Market participants say that the database on sale looks like a database
of retail back office banking programs. Thus, banks appear to be major
suspects of the leakage. Moreover, the number of banks operating in
retail chains is quite restricted. Russkiy Standart, Home Credit,
Investsberbank,
Rosbank,
Alfa Bank and
Renaissance Capital Bank are among leaders. Russkiy Standart and
Home Credit declined to give comments on the situation yesterday.
IT security specialists are convinced that the appearance of the
database would have been impossible without help from IT services of
banks. “Neither system administrators nor security service has the full
access to this kind of information. Only top managers do,” said Alexey
Chachaev, president of the Leta IT security company.
The reason for the high price of the new database can be that it has
been designed for professional users. “The database can be of interest
for the companies who are engaged in direct marketing,” Vyacheslav
Temenyuk, director general of the 4sformula agency, suggested. However,
Temenyuk and his colleagues admit that most direct marketing agencies
are now moving from work with stolen information.
Bankers and credit reference agencies hope that the database offered is
a fake. If it is not the case, their reputation can be severely damaged.
It goes double for credit bureaus which have secured trust with people
and whose business is supposed to mean that information that they
operate is confidential.
Police also believe that the database can be a sham. Police have learnt
about a new offer of databases, and they are now searching for the
sellers, a member of the hi-tech crimes department at the Moscow
interior ministry’s department told Kommersant off the record.
They say, however, that it is not clear yet if the database was stolen.
Police have not managed so far to buy the whole base, so they do not
rule out that “this may be just a scam.”
Svetlana Demetyeva, Alexander Zheglov, Valery Kodachigov, Yulia
Kulikova