Earlier this morning, we got an interesting tip from one of our readers regarding FBC’s new insurance service Yako. The 3rd party insurance service allows people to renew insurance on their phones which is pretty convenient.
It seems, however, that the service is getting too convenient for some and is now raising privacy concerns with potential customers who’ve now discovered that the service knows a bit too much about them before they even sign up:
I was listening to Star FM in the morning and there was a program for FBC and they were advertsing their latest insurance product that is accessed through the USSD *220# and the interviewer asked how they know personal details emunhu and the guy from FBC said toziva munhu wese.
External hard drives 500gig 1TBUS $15.00 Harare
HP Elite bookUS $290.00 Chitungwiza
Hp LaptopUS $500.00 Gweru
Dell Inspiron 3450 Core i3 4th GenUS $200.00 Gweru
When I got to the office I also tried to register. I dialled *220# and was required to put my First name and the ID number. Then BOOOM, all my full names names came. My question is I have never registered any Account with FBC and I have never done anything with FBC, where did they get my details?
Please Techzim, try to register and help us find us the missing link. Where did they get the registry database from?Tip
After getting the tip, I tried to register for the service to recreate the above experience and lo and behold after only asking for my surname, ID number and date of birth the system produced my first name:
Like the tipster above, I have no affiliation with FBC – I don’t bank with them and never have, so I was also a bit confused regarding this.
We reached out to FBC to understand how they got these details and they explained that the information is drawn from a number of databases as part of KYC procedures:
As one of many other financial insitutions, we have a number of databases we draw information from as part of our Know-Your-Customer (KYC) procedures and that’s where we details on potential clients.FBC representative
Because banks need to know who they are dealing with and their past record with other institutions risk management purposes, they share records and tap into databases with information on potential clients.
12 thoughts on “[Updated] FBC Seems To Know Who You Are Before You Register For Their Product. How Is This So?”
I think this is the future. We should commend FBC for going the extra mile to their KYC.
That is so true. I successfully registered on “yako” it is so convenient. I have dudes out there in the diaspora who are chest-thumping about authenticating their details in a similar style as FBC is doing while they do not have any relationship with the global insurance companies. I can’t wait to embrace this cool feature locally ……
FBC has introduced something new and exciting to the market. Looks like the product was well researched and developed to perfection, too perfect for some folks. Well done FBC you are leading the pack
About time someone did something useful with that “leaked” ZEC Data…
If this was Europe, FBC would be getting sued for breaching Data privacy… but this is Africa so well done for using illegal data from ZEC… lol
sink OR swim, brace it. the future is now. Kudos FBC
Then BOOOM, all my full names names came., all your full names names came? … and that’s where we details on potential clients. thats where you details on potential clients? wtf does that mean?
The Registrar General said their office can offer their Data to a limited extent to institution that want it.Zinara,ZRP and econet are players already using the system and more are welcome.
It basically means tech companies can link to Registrar General office data base and offer services to individuals without need to validate I.D physically as it is now automated.ZEC did it during elections, steward bank does the same.A good move for things like online applications, opening of bank accounts etc.Same procedure is used in South Africa, That’s how they check black listed people.
In S.A, companies don’t get data from the registrar general or home affairs. The data comes from Credit Bureaus. Individuals submit their details and give consent to a credit check, companies then request your data from a credit bureau like TransUnion, Experian or Compuscan. Credit bureaus keep track of black listings, not the registrar general. Even in Zim, when you are blacklisted, the RBZ credit bureau has the record, not the registrar general.
Much ado about nothing. Every ID number is unique and matches only one name. We use the same set up when registering students for Cambridge Examinations.
However, this on it’s own is not 100% foolproof as fraudsters can still register fake details, addresses etc. Enter Steward bank and ANYONE can now open a bank account using the very same fake details provided during registration for Ecocash. The onus remains on the banks to make sure that their systems are water-tight and nit easily broken into. Clients also must avoid, for example, online banking using public wifi etc
I think the issue at hand, is where are they getting these ID numbers?
If they already had this data why do I have to fill forms with my name and ID number when opening a bank account? Why not just put in my ID and everything else follows?
The fact that they couldn’t cite which database it was exactly also raises questions regarding the legality of all this.
This is actually a good move all banks must follow suit because we are tired of fraudsters every zim system must and shld be linked to the central registry well done FBC