The Fight Against Phone Fraud Approaches Control of Phone Calls 0 9

The number of deceived people and the amounts of stolen funds continue to grow. The government is concerned about the money that is leaking out of Latvia in this way, and state institutions and banks are worried about the misuse of their names and details for dishonest purposes. On the other hand, state institutions have opened up quite broad opportunities to allocate funds for social advertising campaigns and financial literacy training. The Financial Industry Association, representing commercial banks, has called for a more effective fight against financial fraud. Its proposals to reduce phone fraud through changes in legislation were discussed in the Budget and Finance (Tax) Commission of the Saeima. The commission invited a wide range of representatives from ministries, institutions, and enterprises that should cooperate in preventing phone fraud. The discussion revealed both local inaction and a global problem: blocking and catching phone fraudsters threatens control over conversations and correspondence, which is as dangerous as phone fraud itself.

A Terrifying Negligence is Revealed

People seated around the table at the Saeima commission meeting (including those who joined remotely) collectively came to the realization of the terrifying, almost unbelievable negligence of state institutions.

First, representatives of commercial banks, and then the Bank of Latvia, complained about the Google data search platform, which fulfills the orders of fraudsters by redirecting information and exchange connections to fraudulent websites and does not respond to reports of such fraud. As a result, links to legitimate bank websites are placed next to links to fraudulent traps with the same bank logos, and people have to listen to how the President of Latvia or the Prime Minister calls for investments in companies that allegedly mine diamonds or have found an algorithm for currency speculation that yields either 10 or 100 euros in profit for every euro invested. Ingus Valtiņš, a representative of the Bank of Latvia, confirmed that the information provided by the central bank about fraudulent advertising is treated by Google in the same way as any statement from a private individual, that is, not at all. The Bank of Latvia also approached the Consumer Rights Protection Center (PTAC) and received, as understood by the Bank of Latvia, a refusal to participate in the fight against fraudsters.

It turned out that the location of the Bank of Latvia, PTAC, and the supervising Ministry of Economics in the center of Riga, as well as the rotation of employees of these institutions across various working groups, meetings, conferences, etc., along with the correspondence between the Bank of Latvia and PTAC, have not yet allowed for an understanding of what the issue is. PTAC Director Zaiga Liepiņa confirmed that she is the authorized representative of Latvia, whom even Google, YouTube, and Facebook are obliged to consider according to the rules imposed on these companies by the European Commission. However, Latvia has not empowered her to decide which advertisement or link is fraudulent. She understands everything but does not have the right to independently decide that, for example, Edgars Rinkēvičs cannot call for investments in diamond mining in South Africa or South America. If any authorized institution of the Latvian state (Saeima, government?) were to decide that such advertising is fraudulent, then it would pass this decision to Ireland, where the European structures of global networks are registered. Until life proves otherwise, we can live with the conviction that companies whose turnovers are hundreds or thousands of times greater than the budget of the Latvian state will take Latvia's decisions into account, as Latvia is an EU member state.

The commission meeting did not provide confidence that institutions would now begin preparing a decision to empower one body with the authority to make decisions about fraudulent advertising and links. Instead of agreeing on the need to raise awareness about the facts revealed at the meeting and demand action from the executive power, the deputies continued to chatter about their own matters with astonishing (suspicious?) indifference and inability to follow the course of the meeting, preventing the commission chair Anda Čakša from bringing the discussion to formulations that would provide for specific actions and consequences.

The scale of investment fraud was reported by State Police representative Solvita Sļāde. According to statements from victims, the amount of money stolen not in total, but specifically through attracting investments, has increased from 8 million euros in 2023 to 16 million last year and to 23 million by the end of the current year. The moral, rather than legal, responsibility for this fraud also lies with the banks, whose paid deposit interest rates lag so far behind inflation that people are left with a choice between a guaranteed loss of money in banks in the long term and a nearly hopeless risk, but still a hope to earn on their funds with investment collectors.

Ready to Fight Against Caller ID Spoofing

The banks' proposals in the fight against money extortion were to shift actions and responsibilities onto telecommunications service providers. Just now, it was mentioned that fraudulent transactions begin on social networks and then, with the involvement of telecommunications operators, reach financial institutions.

The wish list of the Financial Industry Association starts with a demand that telecommunications operators do not allow incoming calls from abroad to pass through registered Latvian phone numbers, creating the impression that the caller is in Latvia. For such spoofing, fraudsters must be able to use a phone number registered with one mobile operator to call a number registered with another operator. To stop fraud, information exchange between different operators is necessary. The commission was pleased with circumstances that give hope for such an exchange in the near future. First, representatives of telecommunications operators reported that the data exchange technology would be ready faster than the permission for the exchange itself. Second, the Director of the Data Protection Inspectorate, Ekaterina Macuk, confirmed that the origin of the call is not data that one telecommunications operator is obliged to hide from another. Third, the Director of the Electronic Communications Department of the Ministry of Transport, Ginta Veipa-Kopilova, stated that the Electronic Communications Law is currently open for amendments under the slogan of fighting bureaucracy, under which the fight against fraud could also be "slipped in" before the third, final reading.

While the proposal for tracking phone numbers is only being formatted in the style of the Electronic Communications Law, it is unknown whether this approach will be able to protect only local numbers from being used as a cover for foreign ones, or whether it will be possible to go further and also protect the numbers of banks, police, and other institutions from being used to mislead call recipients.

Judge, Don’t Buy Esoteric Candles!

Speaking about the development of phone fraud and the fight against it in general terms, Edgar Pastars, a representative of the Financial Industry Association, explained that currently in the European Union, there is regulation created in 2015 to combat data theft, and regulation against the theft of consent for data use is in the process of being developed. Banks have accumulated a long list of vivid cases where electronic monitoring systems of banks stopped transactions and bank employees explained the risks of the transactions initiated by clients, but people still found ways to transfer their money to fraudsters.

For example, the agency LETA reported on December 18 about a complaint from a resident of Ventspils to the police that she confirmed the sent loan agreements in Smart-ID format and then executed a phone order to transfer the issued money to foreign banks. When the local bank blocked her bank card and account due to exceeding transaction limits, the victim went to the bank, unblocked her account, withdrew cash, and placed it in the parcel machine indicated by the fraudsters.

Pastars continued with a similar story where a bank warned a client not to make a payment to an account that the bank already knew was used in fraudulent operations, but the client insisted on proceeding with the transaction. The transaction was such that esoteric candles were purchased by a judge.

It turns out that people need to be protected from themselves, which means that someone must monitor what they say and write in non-public electronic communication between participants of a conversation or correspondence. A warning about the risks of such a solution was sounded at the commission meeting by the Deputy Head of the Information Technology Security Incident Prevention Institution CERT.LV, Varis Teivans: "There is a report in the European Commission about 'chat control' with the noble goal of protecting less protected groups — children, etc., but it involves breaking into encrypted channels. Thus, we will make ourselves even more vulnerable."