In shops, no rules on customer data
When a car accident occurs in Korea, whoever is determined to be the victim receives compensation, not the auto insurance policy holder. This means that the names of the driver and the policy holder don’t have to match in order to receive compensation.
Shim thought he could make a lot of money by creating false insurance claims using his clients’ personal information, so he and his girlfriend created about 30 such claims. They netted about 100 million won ($94,286), which was deposited to an account that was created using the name of one of his clients. Soon, Shim was caught by the police.
“Such fraud cases will continue happening if mobile carriers don’t come up with a firm measure to take control of their subscribers’ personal information,” said a police officer at the Gwangjin Police Precinct, in eastern Seoul.
After the recent massive leak of customer information at KT, more light is being shed on the lax management of customer information at mobile phone sales shops. Because mobile carriers are?state-acknowledged institutions authorized in the collection and handling of personal information, their dealer shops have access to their clients’ key information, as easily as bank branches do. But experts point out that those shops have no policies on the handling of that information.
There have been recent criminal cases in which dealers made photocopies of service subscription forms and used the information from the forms for their other business units. Some dealers even sold the information to brokers. In the recent case of KT, an accomplice of the hacker, who leaked the information of 12 million subscribers, was identified as an owner of the mobile carrier’s authorized dealer shop.
Unlike a direct-management store, which is directly controlled by carriers, independent dealer shops make money by signing up subscribers and transferring them to direct-management stores and authorized dealers with whom they have contracts. Those independent sales dealers are legally out of the carriers’ control, so it is difficult to oversee their employees or teach them privacy-handling policies. There are about 40,000 dealer shops nationwide, which is more than gas stations (13,000) and convenience stores (24,000). Although few dealers commit criminal activities using personal information, the subscribers can’t avoid the anxiety about potential crimes.
Online independent dealers are even more vulnerable. They mobilize subscribers on online communities or via messages, seeking photocopies of ID cards. The current law restricts self-authentication to two methods: credit cards and certificate verification, issued by financial authorities. It is illegal to ask for files with personal information. But it is hard to crack down on online dealers because they only operate temporarily.
Even the Korea Communications Commission, which oversees the telephone industry, can’t control the issue, blaming a labor shortage.
Current guidelines require that photocopies of ID cards should be returned to the subscribers or be shredded after the registration process is complete. But there is no one overseeing that process.
Lee Sang-il, a lawmaker from the ruling Saenuri Party, said that such leaks can be stopped only with a systematic change in which the registration process is enabled while personal information doesn’t have to be disclosed to others.
“The policies have to impose a heavier responsibility on the carriers, and have frequent monitoring on illegal telemarketing activities,” Lee said.
BY SOHN HAE-YONG [email@example.com]