Changing Numbers and Becoming Victims of Fraud
Five years ago, Dana, 48, decided to change his cell phone number. The corporate manager could no longer stand the endless assault of product offers sent to him via text message. Consequently, he had to notify all of his work colleagues regarding the phone number change.
“My cell phone stopped working as it was bombarded by text messages of product offers. Every time I turned the phone on, text messages would come in ceaselessly. In the end, I did not even check the messages,” Dana told Kompas in Jakarta in mid-April.
After changing his cell phone number, Dana realized that none of his work colleagues could reach him unless he notified them of the number change one by one.
Previously, Dana had no idea that his private data had been sold. He only knew of this after it was shown to him that his data was sold at RQ’s and AH’s online shops in e-commerce platforms Tokopedia and Bukalapak, respectively.
Modus of crime
Apart from a disruption of comfort, the illicit sales of banking customers’ private data may also spread public fear of fraud. Jakarta-based photocopy business owner Ismed, 42, has this fear. His name and private data was found in a cluster of private data of owners of time deposit accounts in Tokopedia.
This is despite Ismed saying that he had never had any time deposit account. However, he confirmed that the private data found about him was the same as that he used to apply for a credit card around 15 years ago.
“[A person called me], saying that he was from a bank. He told me that someone had illicitly used my credit card information. I was then asked to validate various personal information to block my card,” Ismed explained.
Instead of agreeing to the request, Ismed ended the call and then contacted the official call center number of the credit card issuer. He was then informed that the earlier call had been a fraud attempt.
The modus operandi in such cases are similar to that of credit card fraud suspects the police have arrested. The violent crime subdirectorate of the Jakarta Police’s general crimes division arrested three suspects identified as NM, 27; TA, 24; and AN, 36, in April last year. The three allegedly used banking clients’ private data purchased from another suspect IS, 32, the owner of the website temanmarketing.com (Kompas, 04/17/2018).
The suspects use the private data to contact banks’ call centers, report missing credit cards and ask for card replacements. The suspects then requested that the cell phone number and address of the original credit card owners be changed. Eventually, the suspects can use the new credit cards under the names of the original owners.
Another popular modus is to contact the card owners while pretending to be bank officers. The criminals would then offer to block the credit card in the pretext that it had been illicitly used by others. During the call, the victims would then be asked to confirm the three-digit card verification value (CVV) and the card’s expiry date. With this information, criminals will be able to use the credit card for shopping.
Quite popular
Online brokerage of private data is quite popular. RQ shop in Tokopedia has sold 40 packets of private data between July 2016 and April 2, 2019. Each data packet of information on 2 million bank customers is sold for Rp 250,000 (US$17.37). Several customers even wrote reviews on the private data that the shop sells. They wrote that the shop sold plenty of valid data. “[There is a lot of data] in the database. I think it offers good value for money,” wrote a buyer, identifying himself as Gde, on Nov. 23, 2018.
Afianto, another buyer of private data at the shop, said that he bought private data from the shop in mid-March 2019. He used the data to obtain clients. Afianto advertised his products on Facebook Ads and Google Ads.
“I used the private data to send broadcast messages to offer my products via WhatsApp. After using the private data, I got several clients,” he said.
Separately, House of Representatives Commission I deputy chair Satya Widya Yudha said there was limited regulation on private data protection. The government has only issued Communications and Information Ministerial Regulation No. 20/2016 on private data protection. The ministerial regulation has yet to have any law as a legal umbrella. It was based merely on Law No. 10/1998 on banking, which requires banks to keep the personal information of their customers confidential.
The ministry’s acting spokesman, Ferdinandus Setu, said the ministerial regulation could not do much against private data brokerage. The regulation can only impose administrative sanctions. The government is preparing a private data protection bill. “The ministerial regulation is only a short-term solution. The private data protection bill should be the long-term solution,” he said. (MDN/ADY/NIA