Sie können alles über jeden von uns erfahren, und das ganz einfach

[НСК-СБ]

You can learn everything about each of us, and easily​

With the help of remote identification, a private investigator posing as a person involved in the divorce process was able to obtain information about accounts in two banks, three other financial institutions, and a credit card company.

We all trust the details of our most important personal assets, such as salary, investments and savings, to banks and insurance companies and rely on the protection of our data. We believe that these institutions will protect not only our money, but also our privacy - after all, who wants everyone to know how much money we have and where it is, what salary we have or what loans we have taken?

According to the Privacy Protection Act, companies that own this kind of information are required not to let it leak. However, from the story that happened not so long ago, it follows that, having received some data, for example, the address, phone numbers and identity cards (“teudat zeut”), which is not at all difficult to do, anyone can call one or another company where personal information in order to use it.

It was in this way that banks, insurance companies, an investment firm and a credit company provided a private detective, who identified himself as their client by the name of Amir (real name and surname are kept in the editorial office), detailed information about the client's account balance, savings, securities, loans, pension funds, training funds, payments, standing orders and credit cards.

This case, which Amir claims took place four and a half years ago, in the midst of his divorce proceedings, shows how easily a person was able to obtain sensitive personal information about someone else by contacting major Israeli financial institutions. This information was shared despite the fact that these entities acted within the framework of the identification procedures established by the Capital Market Authority and the Bank of Israel, the regulatory bodies that control these entities.

This story began when a woman who was getting divorced decided to turn to the services of a private detective, Roy Meridor, to find out the true financial situation of her “former”. Apparently, Meridor was provided with all the necessary details, since he was able, by contacting financial institutions, to introduce himself as an ex-spouse and collect all the information about him.

In November 2017, Amir suddenly discovered suspicious activity around his accounts and payments. Then he turned to the police, and in December 2017, Meridor was arrested. In his computer, they found correspondence with the customer, which contained reports on the work done, as well as various documents received by him from a number of institutions. The Private Investigators Act and the Privacy Protection Act prohibit impersonation of a specific person.

As a result, a criminal case was initiated against Meridor for violation of privacy, as well as for aggravated fraud in order to obtain private information. In 2018, he confessed to the crime, was convicted on 23 counts of invasion of privacy and lost his license. In June 2020, the Kfar Saba Magistrate's Court sentenced him to eight months in prison, a sentence that was later commuted to community service, as well as a fine of 15,000 shekels.

However, the story did not end there, because in addition to the criminal case against Meridor, the court is considering the claims that Amir filed against the Yahav and Beinleumi banks, the Phoenix and Migdal insurance companies, the Meitav Dash investment company and the credit company " Max". Lawsuits against each of the banks provide for the payment of 300 thousand shekels for invasion of privacy, material damage and moral injury; the plaintiff demands 160,000 shekels each from Phoenix and Migdal, Meytav Dash and Max.

According to the lawsuit, from the moment the police contacted the companies during the investigation and asked for recordings of conversations between a private detective and their support service, it became clear to them that they provided confidential personal information to a person to whom they had no right to provide this information at all.

According to Amir - and this is reflected in the document - the companies knew that they acted negligently and thereby allowed an encroachment on his privacy, but did not even bother to inform him in real time about what had happened and refused to hand over the records.

Explanations submitted to the court by the defense of the banks, insurance companies and investment firm stated that the claims should be dismissed as Amir filed them in March 2021 seeking compensation for incidents four years old when they expired two years later.

In addition, the defendants expressed the opinion that Amir was acting in bad faith, because he was suing them, and not his ex-wife or Meridor, although it was they who, acting illegally, invaded his private life, illegally obtained banking information and caused him damage. The companies deny the legitimacy of the lawsuits, seeking to disavow them and impose legal costs on Amir.

Amir believes that the defendants should be punished for negligence, inattention and connivance, and provides a number of evidence to support his arguments, when banks or insurance companies should have suspected something was wrong, but this did not happen. And, according to Amir, those appearing in the recording of conversations with his "double" clearly demonstrate this.

"Identification procedure outdated"

We asked to check the identification procedures of the Bank of Israel, which oversees banks, but the Central Bank said that the disclosure of procedures is prohibited. In practice, the decision on how to identify a client is determined by each bank in accordance with its risk management policy.

One bank may ask for a secret code, while the other is content with “grandma questions” (questions relating to the identity of the client, such as the name of his grandmother or the name of the elementary school where he studied). According to a source from one of the banks, if the client requests any information, and does not make certain monetary transactions, there are usually fewer identification requirements.

There is no uniformity in identification for credit and insurance companies, where the decision is made based on the specifics of a particular company. A number of insurance companies are content with the issue of the date of issue of the identity card; a number of credit card companies ask about recent credit card transactions; other companies, completing the identification process, send a one-time code to the customer's phone number provided to the company.

“This unfortunate incident shows how easy it is to break into the financial assets of each of us and steal our “digital identity,” says lawyer Naama Karpel, CEO of a privacy-focused NGO. – In an era when personal information is available on the Internet, it is very important to update and adapt security procedures, in particular identification procedures, to the reality in which we live.

Those who have been involved in Amir's story claim that he was not negligent and acted in strict accordance with established procedures, and the case of a private detective is an exception.

The defendants note that the private detective is not an ordinary user, but a professional who has resorted to skillful manipulation, and there are hardly any like him who are able to repeat such a trick, posing as another.

A source

 

[Alexander Konovalenko.]

Very interesting and informative article.

 

[Детективное агентство Израиль.]

Thanks for the warning and thanks for the article!

 

[David Mamedov]

Yes, I completely agree with you! Now is the time that for 50 rubles, you can find out everything.

 

[Частный детектив. Армения. Ереван.]

Somehow it didn't feel right...

 

[Частный детектив Азербайджан]

Nothing surprising.

 

[Детективное агентство Одесса]

Thank you for the post!

 

[aleksandr]

Informative

 

[Dmitriy B]

Instructive...

 

[Остапович Дмитрий]

Here the "detective" should have understood in advance the responsibility that threatens him for such actions. Therefore, everyone decides for himself which orders to take.