In Norway, the police have registered a doubling of the number of fraud cases since 2020. Already on 1 June 2023, the same number of fraud cases have been registered at the banks as in the whole of 2020. It is portrayed as a major social problem and something that the banks and the police cooperate on. But much of the classic Olga scam could have been avoided if we looked to the Swedes, says IT expert Jonny Rein Eriksen. There, they have come up with a solution that means that far fewer people are defrauded: scanning a QR code. Norway should also introduce this, says Rein Eriksen. – Yes, I definitely think so. It was not without reason that the Swedes introduced the solution in their time. NOK 40 million a month At the end of 2017, a wave of fraud started in Sweden where bank customers were called and tricked into approving BankID logins on behalf of the fraudster. It was with Vishing or Voice Phishing, which in everyday speech is best known as the Olga scam because the scammers like to go after older people. Around NOK 40 million a month was drained from customers’ bank accounts. It was seen as an attack on essential infrastructure and critical for confidence in the banking system. In 2018, Finansiell ID-Teknik in Sweden improved the security of the BankID app. So they came up with a solution to fix the problem. – It is super simple and well-established technology, says Rein Eriksen. IT expert Jonny Rein Eriksen works for Opera Software. He creates systems and works with network communication, analyzes and issues around security. Photo: Private QR code did the trick In Sweden, they have almost eliminated the possibility of logging into a website only via a phone call. Both the Swedish police and Finansiell ID-teknik have confirmed that fraud via BankID has decreased drastically after they introduced the solution. Cases of vishing fraud alone fell quickly by as much as 90 per cent. – The method of trying to trick a login with BankID has in principle ceased, says Malin Wemnell in Finansiell ID-Teknik to IDG. So what makes this QR code work? Rein Eriksen explains: – A fraudster cannot sit and call a user to get them to enter codes and then log in, because parts of the system depend on a QR code which depends on your phone. So: You pick up the phone and scan the QR code on the PC, so that it is verified that the mobile and login screen (PC) are in the same location. BankID Norway: – Something we are considering introducing Ole Petter Aasen, product manager for BankID Norway, says that they have great interest in the use of QR codes. – We think QR is very interesting, but it is only part of the solution, he says. By getting as many people as possible onto the app, they secure the users better than in old solutions, such as for example using a code chip. – It will nevertheless be important to look at even more measures against phishing, and QR is something we are considering introducing as an additional measure. Ole Petter Aasen is product manager for BankID in Norway. He believes that Rein Eriksen is absolutely right that we should learn from those around us. Photo: Vipps Aasen explains that there will soon be 2 million people who have used the BankID app, which makes such measures possible. – Can help stop fraud In addition, BankID Norway has received support for using BankID with biometrics, which in turn means that the user gets better information about what the BankID is about to be used for. This makes phishing more difficult, because there are no codes that can be given to the fraudsters. – We also want to introduce measures that ensure that the app is close to the computer where the customer is logged in, but whether this is a QR code or other methods remains to be seen, says Aasen and adds: – QR has clearly had an effect on to help ensure that the user of the BankID is in the vicinity of where the BankID is used. The effect is that the user of the BankID is in the vicinity of where the BankID is used. – This can help to stop some of the fraud that takes place today, where there is a physical distance between the user and fraudsters. – An increasing problem Aasen explains that fraud has changed and become more professional in recent years. Fraudsters’ websites and methods have become so good that even digitally experienced people can be tricked into providing their BankID and other information on fake websites. – We therefore work actively to be able to uncover this when it happens, so that we can stop the fraud before it happens. He explains that BankID Noreg is increasing its investments in anti-fraud work with more employees working dedicatedly to stop fraud, and that they have more cooperation with other security communities than before. – With fraudsters who manipulate citizens into providing secret information, we are faced with an increasing problem that we as a society must solve together.
ttn-69