Earlier this morning, we got an interesting tip from one of our readers regarding FBC’s new insurance service Yako. The 3rd party insurance service allows people to renew insurance on their phones which is pretty convenient.
It seems, however, that the service is getting too convenient for some and is now raising privacy concerns with potential customers who’ve now discovered that the service knows a bit too much about them before they even sign up:
I was listening to Star FM in the morning and there was a program for FBC and they were advertsing their latest insurance product that is accessed through the USSD *220# and the interviewer asked how they know personal details emunhu and the guy from FBC said toziva munhu wese.Opencast RefrigerationUS $3.00 Harareitel vision 1US $142.00 GokweHuawei y6 Prime 2018US $74.99 HarareBluetooth earbudsUS $7.00 Marondera
When I got to the office I also tried to register. I dialled *220# and was required to put my First name and the ID number. Then BOOOM, all my full names names came. My question is I have never registered any Account with FBC and I have never done anything with FBC, where did they get my details?
Please Techzim, try to register and help us find us the missing link. Where did they get the registry database from?Tip
After getting the tip, I tried to register for the service to recreate the above experience and lo and behold after only asking for my surname, ID number and date of birth the system produced my first name:
Like the tipster above, I have no affiliation with FBC – I don’t bank with them and never have, so I was also a bit confused regarding this.
We reached out to FBC to understand how they got these details and they explained that the information is drawn from a number of databases as part of KYC procedures:
As one of many other financial insitutions, we have a number of databases we draw information from as part of our Know-Your-Customer (KYC) procedures and that’s where we details on potential clients.FBC representative
Because banks need to know who they are dealing with and their past record with other institutions risk management purposes, they share records and tap into databases with information on potential clients.