In these days of emails and instant messengers, many of us don’t check our physical mailboxes as often as we did before. Tech businessman Valerii Iakovenko rarely does.
But if he’d paid a bit more attention to a letter in his mailbox, he might have found out much earlier that he owed money on a credit that he hadn’t actually taken out.
Iakovenko takes part in state tenders, and so he uses the mandatory public e-procurement system Prozorro. The system frequently asks users to submit scans of documents, including scans of passports, to verify the identities of tender participants.
Iakovenko believes someone searched through Prozorro and extracted his passport data, using it to fill in a form on the website of Moneyveo, an online micro-credit company.
The person pretended to be Iakovenko, but gave their own bank card number in order to receive the money instead of the entrepreneur. Moneyveo didn’t cross check the name of a card holder and a passport holder before granting the credit.
Iakovenko thus fell victim to fraudsters and ended up owing money to Moneyveo. The letter in his mailbox informed him that he owed $450 — not a huge sum.
But as Iakovenko fished out more letters from his mailbox, he found out that the sum had been growing very fast — just a month before it had only been $320.
“Anyone can get into such trouble,” Iakovenko told the Kyiv Post, and indeed, he is not the only one who has fallen victim to such a scheme.
Ukraine’s Security Service, or SBU, says it has recorded 1,000 cases of the fraudulent use of personal data of Ukrainians in order to “create debts” and “launder money.”
Iakovenko informed the police about the fraud. But it was his Facebook post that attracted public and media attention to the case, and brought Moneyveo into the spotlight. Dozens of other victims wrote back to Iakovenko, sharing their stories.
Most of the victims are entrepreneurs who work via the public e-procurement platform — the heads of companies and professionals who are obliged to publish scans of their passports openly online, Iakovenko said.
But people from rural areas of Ukraine have also been dragged into the fraud scheme. And for them, a $450 “debt” could be a financial disaster, as the average monthly salary in Ukraine in September was only $320.
Some people said debt collectors had turned up to claim money that they never borrowed. Some people even saw real estate ads offering their own flats for sale, according to Iakovenko. The loss of money, even relatively small sums, is not the only problem. Nowadays having a bad credit history is a real disadvantage, Iakovenko said.
It deprives a person of the chance to take out a mortgage, or use other financial tools like instalment plans, credits, deposits, and overdrafts.
“Entrepreneurs and individuals use these tools every day,” Iakovenko said. And so he was surprised when he found out that two favorable overdrafts given to him by his bank had “simply vanished.”
“My whole credit history — built by my salary income and by the millions of hryvnias I paid in taxes — was wiped out as if it had never existed,” he said.
“One can’t even buy a washing machine (on credit) with such a pleasant ‘bonus’ from Moneyveo.”
Shortly after Iakovenko posted his story on Facebook, the fintech company stepped forward, with its CEO Alyona Andronikova at first blaming Prozorro for poor personal data protection, but later only blaming the online fraudsters.
Moneyveo agreed to cancel the credit, settle the conflict, and “clean” Iakovenko’s credit history as soon as the story broke. Andronikova said in all such cases her company contacted the institutions and banks to repair the damage to the victim’s credit history resulting from the fraud.
Iakovenko said that because of his Facebook post, many more victims had come forward who were in much worse situations with Moneyveo.
Some have spent up to eight months in the courts trying to clear their names, to no effect. In many cases, the Iakovenko’s public post has been the only way these fraud victims have been able to resolve the situation.
The SBU searched Moneyveo’s office in Kyiv on Oct. 10, before Iakovenko went public with his case. Although the security service didn’t give the name of the company, Moneyveo reported that the SBU had searched its office that same day.
The SBU said that the firm “used a massive amount of personal data of Ukrainians to issue pseudo credits.”
But Andronikova denied that Moneyveo was been involved in around 1,000 similar cases, as claimed by the SBU. There have been only 157 cases, accounting for only 0.02 percent of the total amount of the credits granted by the company, Andronikova said, claiming that this is good performance by worldwide credit industry standards.
Besides, according to her, such frauds do not only occur with services like Moneyveo — there have already been cases of banks and other financial companies giving similar fake credits. Moreover, Moneyveo claims that it is one of the victims of such fraud schemes, thanks to “the poor culture of personal data protection in Ukraine.”
Procurement system Prozorro, which Moneyveo claimed to be the source of Iakovenko’s passport scan, issued a statement reminding its users that they agreed to the conditions on which they published their personal data online, and asked them to double check with buyers who organized the tender and try to avoid publishing any documents when it’s unnecessary.
Besides, such passport scans could also have been taken from the dark web, or from the leaked sources like Nova Poshta, a delivery company that has been accused of leaking a database of its clients’ personal information several times.
EPravo law firm co-founder Vitalii Vlasiuk said that while it might seem obvious that Moneyveo was in the wrong and was allowing such fraudsters to operate, it’s too early to jump to such a conclusion and blame the fintech company, as there is simply not enough evidence.
Vlasiuk also said Iakovenko had acted properly by immediately trying to reach out to the company, calling the police, and then calling as much public attention to his case as possible.
Moneyveo’s Andronikova promised to improve her company’s bank card crosscheck system and stop granting credits to those whom they can’t verify.
She also pointed out that Moneyveo employees who work with their databases have to undergo lie detector tests. Iakovenko, meanwhile, said that while Moneyveo might introduce new procedures and prevent such frauds from happening in future, they never apologized to those Ukrainians who were affected by the company’s issuing of credits to fraudsters, which cost the fraud victims money, time, and nerves.
“They can do whatever, but the harm has been done, and it’s colossal,” Iakovenko said. “I’m not talking here about the petty cash the fraudsters got from people, I’m talking about the time thousands of people wasted (proving their innocence).”
Iakovenko said that even if Moneyveo ensures their platform is complete secure, there will always be other companies that are less public that will quietly carry on robbing Ukrainians. In other countries such firms would be closed down immediately and the state would launch a thorough investigation, he said.
“Ukraine, in contrast, is a country of idiots unafraid of the law, where firms like Moneyveo can continue to exist.”
The Kyiv Post’s technology coverage is sponsored by Ciklum and NIX Solutions. The content is independent of the donors.