Bankers ‘not concerned’ about massive Turkish citizens’ personal data leak
Hülya Güler - ISTANBULBanking sources have said they were not concerned about the leaked personal data of nearly 50 million Turkish citizens, as this data was not enough for third parties to illegally perform banking transactions.
Reports of a fresh data leak began circulating early on April 5, after the Associated Press released a report on hackers who posted a database online which included the personal information of nearly 50 million Turkish citizens, describing the incident as “one of the largest leaks of its kind.” This massive leak triggered panic among many citizens, who have been mainly concerned of potential illegal banking transactions by third parties using their personal data.
“There is nothing to be concerned about. We feel comfortable so our customers should do the same,” said a banking source, adding that a two-factored ID verification system is in operation in Turkey’s digital banking.
A website which had a surname-based search of the leaked data was online until April 6. The information which could be accessed on the website included data such as national ID numbers, addresses, birthdates and parents’ names. The Ankara Chief Public Prosecutor’s Office launched an investigation on April 6 into reports of the leak.
“It is not enough for any ill-intentioned people to access to another’s online bank accounts by using these data. In Turkey, a two-factored ID verification system is used in digital banking. In this vein, it is not enough for even customers to show who they are. They also need to pass two different ID verification steps, which require the surname of their mother or the answer of a pre-designated question, such as the name of their first pet. Passwords constitute another factor. The leaked data did not include any of these. In this vein, it is impossible to make illegal banking transactions by using the leaked data,” added the source.
‘No way even to apply for a loan’
According to another banking source, any ill-intentioned person cannot even apply to receive a loan by using the leaked data, as the two-factored verification system is also used, in line with the regulations, which were set properly by the banking watchdog.
Almost all banks also require another verification method, which is based on SMS.
Banking sources noted call center staff take an exclusive training on ID verification.
“If call center operators have doubts about the identity of the caller, they ask some additional questions, such as when the bank card was last used or in which areas the bank holder has an automatic payment order,” said one source.