Could third-party breaches threaten Israel’s new credit data sharing system?

Israel’s first-ever system for sharing credit data, featuring the establishment of a central credit register, was officially launched by the Bank of Israel last week.

By
April 18, 2019 05:30
3 minute read.
IDRRA CEO Kobi Freedman

IDRRA CEO Kobi Freedman. (photo credit: Courtesy)

 
X

Dear Reader,
As you can imagine, more people are reading The Jerusalem Post than ever before. Nevertheless, traditional business models are no longer sustainable and high-quality publications, like ours, are being forced to look for new ways to keep going. Unlike many other news organizations, we have not put up a paywall. We want to keep our journalism open and accessible and be able to keep providing you with news and analysis from the frontlines of Israel, the Middle East and the Jewish World.

As one of our loyal readers, we ask you to be our partner.

For $5 a month you will receive access to the following:

  • A user experience almost completely free of ads
  • Access to our Premium Section
  • Content from the award-winning Jerusalem Report and our monthly magazine to learn Hebrew - Ivrit
  • A brand new ePaper featuring the daily newspaper as it appears in print in Israel

Help us grow and continue telling Israel’s story to the world.

Thank you,

Ronit Hasin-Hochman, CEO, Jerusalem Post Group
Yaakov Katz, Editor-in-Chief

UPGRADE YOUR JPOST EXPERIENCE FOR 5$ PER MONTH Show me later

Israel’s first-ever system for sharing credit data, featuring the establishment of a central credit register, was officially launched by the Bank of Israel last week.

Until then, credit data for borrowers was always retained by the lending institution alone, usually the customer’s bank.

Now seeking to increase competition in the retail credit market, the Bank of Israel will collect data from credit providers and government authorities and will transfer them – only if the customer consents – through credit bureaus to credit providers authorized to use the data (lenders) and to customers (borrowers) themselves.

Only companies holding a license from the Bank of Israel will be able to access data and provide potential borrowers with a credit rating. Currently, Dun & Bradstreet, BDI and Trendline Information and Communication Services (Kav Manche) are the sole providers possessing the necessary permit.

While the Bank of Israel’s database containing sensitive financial information is likely to be highly secure, questions have been raised regarding vulnerabilities caused by less stringent third-party providers that may gain access to the data at a later stage.
“What we see in the world is situations where third parties are interconnecting with a more secure place and becoming very quickly the weak spot and attracting the threats from hackers,” Kobi Freedman, CEO of cybersecurity platform IDRRA, told The Jerusalem Post.

“Think of it as a sort of door or window into your home, where the locks are weaker. Normally, what happens is that hackers, like thieves, focus their efforts on the place where the cost-effectiveness of the attack is more profitable.”

Warning of a recent shift in the world of cyber crime, Freedman states that hackers increasingly seek to penetrate smaller, weaker companies within a supply chain to access companies higher up the chain, and thereby gain access to personally identifying information.

“Hackers are very interested in two things: One is the ability to massively gather data and then resell it; and while the cost per record might be quite low, the amount of records makes it very interesting financially,” said Freedman.

“The other kind of goal is to specifically target individuals for different reasons, where the cost per record might be very high because the target may be very profitable.”


While the three data aggregators currently licensed by the Bank of Israel are high profile organizations and assured to be relatively secure, Freedman states that there must be a strict policy regarding the necessary security and risk level of any future third party seeking to access the database.

“Everyone who wants to develop a service on top of this bureau will need to be inspected regarding their data protection and privacy aspects of their infrastructure and policies. Gap analysis should be generated for every one of them,” said Freedman.

IDRRA, selected by leading research and advisory firm Gartner as a “Cool Vendor” last year, has developed an artificial intelligence-powered platform for automating security, data protection and privacy-related risk analysis for third parties.

“If you’re exposed to sensitive data, you need to meet the highest standards. There should be a strict process that says if I am seeking financial information, I must meet a list of security and privacy requirements. If I’m not meeting them, I will never get access to this service,” said Freedman.

“I think the Israeli government is aware of this risk, and proper measures will be taken. There is an initiative to certify and monitor third-party risk on both the commercial and national level. If this sort of strict process is in place, then the level of risk will be far below the positive results that we’re expecting from this centralized credit service.”

In order to ensure privacy, the Credit Data Law enables customers to independently access, once a year without charge, all information gathered on him or her, and to transfer it to entities that will provide the customer with advice regarding his or her credit-related financial management.

Customers may also limit the transfer of all or some credit data to credit providers of their choice or all institutions, and also request the deletion of all data on the register.

Join Jerusalem Post Premium Plus now for just $5 and upgrade your experience with an ads-free website and exclusive content. Click here>>

Related Content

Needy people line up to fill up their baskets with foods and goods on Thursday ahead of the Passover
April 18, 2019
Pesach: Surrounded by charity

By AARON KATSMAN