'Many in Armenia are careless with their personal data' – expert

Personal data protection in Armenia

In recent years, the personal data of Armenian citizens has often fallen into the hands of cybercriminals due to leaks from various electronic platforms. However, they frequently hand over their personal data to fraudsters themselves. Various schemes are used for deception, after which the data is used to carry out financial fraud. The victims are those whose personal data has been obtained. Recently, there have been more cases where people find out that a bank has granted them an online loan, even though they never requested it.

According to information security expert Artur Papyan, many naively fall for the fraudsters’ tricks and provide their personal data. He emphasizes that there are also cases when, due to a data breach, fraudsters already have certain information about a person: “When they call and introduce themselves as employees of a particular organization and then discuss already known personal information, they gain trust more easily.” In this regard, he urges people to be more cautious, verify who they are speaking with, call back, or visit the organizations they believe may have contacted them.

• ‘Additional risks may arise’: Armenian foreign intelligence report
• Impact of video games on teens: Armenia reports fewer suicides in 2024
• Meta removed over a hundred fake Russian propaganda accounts targeting Georgia, Armenia, and Azerbaijan

Fraud targets consumers, not systems

According to Vladimir Karyan, an analyst at the Central Bank’s Department of Operational and IT Risks, the Central Bank oversees the security of information technologies used by banks. He assures that information protection is a priority for banks:

“Over the past 3 years, no cases of attacks on banking systems or theft of money or personal data have been recorded. In 99% of cases, the target of fraudsters is the consumers themselves, particularly under the guise of online lending.”

However, consumers receive documents from the Ministry of Internal Affairs and the Investigative Service stating that they are victims. Nevertheless, banks do not release them from the obligations imposed by fraudsters. The Central Bank assures that this issue is being discussed with commercial banks and credit institutions.

Most fraud involves online loan applications

Cybercriminals most frequently organize online lending schemes. Arthur Davtyan, head of the Business Ethics Control Department at the Central Bank, explains that whether a loan is taken out at a bank or online, the same personal data is required.

“Citizens need to understand that ‘personal data’ is a broad concept. Many even share the passwords to their banking apps. That is, they are giving outsiders their access keys. And unfortunately, fraudsters take advantage of this,” he said.

According to Mariam Tovmasyan, head of the Anti-Fraud Department at the Central Bank, there are banks in Armenia where the volume of online lending accounts for more than 50% of the total consumer loans. However, she assures that the percentage of “fraudulent loans” is minimal:

“Cases of online loans being obtained using citizens’ stolen personal data are extremely rare. They account for less than 0.1%. Despite this, we still pay special attention to the problem of affected citizens.”

She adds that, in the overwhelming majority of cases, fraudsters gain the trust of individuals, and they voluntarily provide their personal data:

“For example, they send people links and persuade them to enter the system and fill in their personal information. Often, fraudsters pose as employees of financial institutions, telling people that a loan has been issued in their name, and in order to cancel it, they need to follow the link and fill out their personal information.

In Armenia, there are still cases where citizens believe they have inherited something in another country and provide their data to claim it. There are also instances where people are deceived with offers of cryptocurrency investments, giving fraudsters access to their data. Additionally, there are cases where personal data is taken through transactions on the List.am platform.“

Central Bank employees urge citizens not to share their personal data or banking app passwords with outsiders.

Tax authorities gain access to bank accounts of Armenian citizens: Benefits and risks

Here’s what taxpayers think about the changes to the tax code, the risks experts foresee, and the clarifications provided by government agencies

Expert commentary

Information security expert Artur Papyan reminds that during the Armenian-Azerbaijani “cyber war,” a large number of people’s personal data was leaked. He also highlights the risks of personal data breaches from various companies. As an example, he mentions insurance companies::

“I don’t know how, but they exchange personal data of drivers who have taken out insurance policies [referring to compulsory motor third-party liability insurance], which leads to leaks.”

According to the expert, the number of financial fraud cases online has increased since 2020. He explains this by the fact that during the coronavirus pandemic, people’s movements were restricted, and as a result, many frequently used electronic payment methods and conducted financial transactions online.

Artur Papyan notes that there have been more cases of investment fraud and what he calls “romantic scams”:

“For example, someone from abroad gets acquainted with an Armenian citizen and then proposes marriage. But at some point, the romantic relationship turns into a fraudulent financial scheme. There are also cases where someone writes on behalf of an acquaintance, claiming they have been robbed in Spain or somewhere else, urgently asking for money with promises to return it. And there’s a scheme where personal data is fraudulently obtained for a transaction and then used for other deals.”.

According to the expert, people fall victim to fraud and lose money because, in most cases, they do not think about whom and why they are providing their information:

“Many of us are careless with our personal data. In general, we don’t care about the security of our personal information. If a criminal knows what medications I take, where I go, what services I use, I am very vulnerable. My data can be used against me.”

He warns that, given the importance of personal data protection, people need to be cautious and attentive. He advises:

• to always ask for additional clarifications;

• carefully read documents before signing them.

Papyan believes that mass educational work among the population is necessary.