From Address to The Name of Biological Mother
In less than three hours after meeting him at a shopping center in Jakarta in the middle of March, credit card marketing agent RF said he was able to provide the personal data of up to 1,100 credit cardholders in exchange for money.
"If you want, I will send it via email," RF said. RF said the data was owned by a friend. He said the buying and selling of personal data was common practice among marketing agents of banking products.
Through the What\'sApp application, RF offered data of 1,100 bank customers for Rp 500,000 (about US$35). After negotiating, it was eventually agreed that thousands of customers\' data could be obtained for Rp 350,000.
Before meeting RF, Kompas found that personal data was sold openly through online marketplaces, such as Tokopedia, Bukalapak and www.temanmarketing com. The personal data of two million people were available from one online store in Tokopedia and were listed in more than 50 categories, one of which was a priority customer group.
Some of the illegally sold personal data were correct, as discovered when the owners of two telephone numbers, namely Yanti, 45, and Dede, 58, were called.
Yanti and Dede confirmed that their illegally sold personal information was correct. They both expressed disappointment, saying they had not given the bank approval to share their data with others. They had been required to provide the information to the bank when they applied for a credit card.
"This is very dangerous. I never gave consent to sell my data," said Yanti, who works in Central Jakarta.
Dede said the same thing. "Especially the data of the biological mother; that is very dangerous," said the employee of a private company in Depok.
Personal data obtained from the RQ shop on Tokopedia and the AH store on Bukalapak was complete but not contain a lot of information. Many cell phone numbers in the data no longer worked. Helen, 45, one woman in Jakarta whose personal data was among those sold at the RQ store, acknowledged that her listed address was that of her previous residence.
She was living at the address when she applied for a credit card in 2002. "It is very old data. Only one of my credit cards uses the old address," Helen said.
Illegal sales of personal data occurs due to tight competition in the credit card market, according to JS, a coordinator of credit card marketing agents.
Most banks issue credit cards and application requirements are not as strict as in the past. These days, someone with a monthly salary of Rp 5 million can be issued a credit card. "Now employees with a salary of only Rp 3.5 million (per month) can apply for a credit card. In the past, only certain people could apply, "said JS.
Taken home
Using personal data is also common practice among those who market banking products via telephone. RY, 27, who works for a bank on its credit card marketing team, admitted that while working as a telemarketer five years ago, he could take home personal data obtained from the bank he worked for.
"I could take data home on a sheet of paper. I still contact some to market souvenir products. However, I\'ve never sold any data," he said when met at a shopping center in North Jakarta.
Steve Martha, the general manager of the Indonesian Credit Card Association (AKKI), said illegally sold personal data were generally used for marketing purposes. He said no banks would sell customer data. However, due to a lack of oversight, customer data at some banks were misused. "In terms of security, if something unexpected occurs, it not only disadvantages customers but also the bank,” Steve said.
The chairperson of the study and development division at the Federation of Private Domestic Banks, Aviliani, said banks regularly changed their personal identity number (PIN) to access customer data. "Banks are very strict. So if there was suspicion [of leaking personal data), the culprit would be processed,” she said.
Meanwhile, a number of banks guarantee the security of their customers\' personal data. Bank Rakyat Indonesia’s network and service director, Osbal Saragi, said the bank was committed to maintaining the confidentiality of customer data in various ways, such as always sending encrypted data so that it could not be read by other parties. “BRI also cooperates with the National Cyber and Encryption Agency to oversee the process of sending data so it\'s not misused," he said.
The corporate secretary of Bank Central Asia Tbk., Jan Hendra, said BCA periodically educated all employees about the importance of protecting customer data. "BCA consistently asks customers to be careful in responding to requests from other parties for their personal data," he said. (MDN/ADY/NIA)