Glad Valborg!

I read an article in the April 30th edition of Metro about a new SMS loan scam combined with a purchase on Blocket.se (Sweden’s version of Craigslist, without the promiscuous “No Strings Attached” casual sex sections).

Let’s say you’re selling an iPad 3 on Blocket.  The fraudster would contact you and say that they’re interested in your iPad, but since they live in other side of Sweden, they would like you to ship the iPad to them.  No problem, you say, as long as they deposit money into your account first.  The fraudster puts money into your account, you see that it’s there, so you take your iPad 3 to Posten and ship it to them.

Sounds like a pretty normal transaction, right?  It probably is, until you get called into the police station for identity theft and financial crime.

The problem here is that the fraudster got the money via one of those infamous SMS-loans and had the money deposited directly into your account.  All it takes is a Swedish mobile phone, a personnummer (Swedish social security number), and a bank account number.  You text the loan service this information and they put the money into the bank account. Normally it’s not a problem, but if the personnummer isn’t yours and the bank account isn’t yours, it becomes one.  Once the person whose personnummer was used finds out that they have a debt to the loan company, it becomes pretty easy to trace what happened.

It’s a pretty clever ploy, and it’s hard to protect yourself against this kind of identity theft… but I do think Sweden could do a lot more to protect us consumers.  Consider these points:

1. Why is it still so easy to borrow money via a SMS loan?
2. Why hasn’t Sweden restricted the use of personnummer in daily life?  As an American, we protect our social security numbers with knife and dagger.  Why don’t we do the same in Sweden?
3. Why is information on private persons so easy to obtain?  Did you know that Nordea, one of Sweden’s oldest and largest banks, still uses the personnummer as the bank account number?

I don’t have answers to any of those questions, so I can only speculate.  I guess that the openness of information in Sweden is rooted in an old socialist meme that everyone is equal in this society so there is no need to protect information that distinguishes one person from another.  (Or, from a more cynical perspective, that everyone is equal in this society and the only way to ensure that is to keep all information open so everyone can keep tabs on each other.)  Whatever the origin, it is outdated and should be updated to reflect the risks of today’s society.

Sweden is part of the EU, and with that comes all of the benefits and downsides to membership in a larger union.  One of these downsides is the criminal underground that has learned to take advantage of Sweden’s openness of information.  This criminal element has learned to exploit the weaknesses in the Swedish infrastructure, and I don’t think the government has any idea how to even begin plugging all of the holes.

Start by educating yourself on identity theft… this is one situation where it’s not good to be #trulyswedish.  My advice – just like you protect your credit card PIN and your computer password, you should protect your personnummer!