| The biggest reason that customer data leaks repeatedly occur in the financial sector is because financial institutions collect too much personal information. According to the Dong-A Ilbo`s coverage, financial authorities have not been able to grasp the exact state of how much personal information financial institutions are obtaining. In announcing measures to prevent customer data leak on January 22, financial authorities said financial institutions collect personal data in up to 50 categories, but it was found that Lotte Card, one of the three major credit card companies involved in the recent information leak, was gathering more than 100.
○ They know all of your personal information
It is no exaggeration to say that financial institutions` consumer data gathering is in an addiction at the crisis level. The problems occurred in data gathering stage aggravate during the process of "management-share-deletion," causing a "bullwhip effect" of distorting the overall distribution of consumer information. A source at a non-banking financial institution said, "A wrong perception that the more information they have, the better they can utilize it, is prevalent in the industry. Various events for giveaways are intended to collect consumer data."
Credit card firms can find out all personal and credit information of an individual, as well as what the person is doing where. Lotte Card said that it can collect 94 categories of personal information through its homepage, including not only names, social security numbers and addresses, but also assets, and tax payment and health insurance payment records. When a person makes a family card, he or she has to write personal information of family members, children`s birthday and wedding anniversary. For users of smartphone applications, card firms collect the time of connection to the application, model number of the device and the time and place the location-based service is used. Collecting massive consumer data was not only done at KB Kookmin Card and NH Nonghyup Card, but also other credit card companies, though there might be difference in types of data collected.
○ Disorderly management: information diet necessary
The problem is that massive sensitive information is not properly managed, while carelessly shared with other companies.
The main problem of the latest data leak involves the simultaneous leak of general information of names and addresses, and sensitive data such as social security and credit card numbers. It is a basic rule to manage general and sensitive information separately, but the three credit card companies handled them in a single server. An employee in charge of security at a financial institution said, "The damage of data leak could have been minimized if customer data had been separated and coded."
Based on policy terms that they can use customer information in guiding and recommending products and services, and in thank-you and promotional events, credit card companies share customer data with some 500 partner companies. Even if financial institutions strengthen security, they can`t control information flown outside. Lotte Group Chairman Shin Dong-bin put forth information protection measures, while other companies are also promoting internal check-ups. But there will be fundamental cure unless the vicious circle of massive information gathering and sharing is cut off.