Datu Nopl\u016bdes Aizdomas: Tehnolo\u0123iju Eksperta Br\u012bdin\u0101jums<\/p>\n
Latvijas tehnolo\u0123iju un dro\u0161\u012bbas jomas entuziasts Elviss Strazdi\u0146\u0161 publiski izteicis satrauco\u0161u apgalvojumu, ka komercbankas sav\u0101s sist\u0113m\u0101s, ievie\u0161ot jaunas \u201cinov\u0101cijas\u201d, netie\u0161i nodro\u0161ina kr\u0101pniekiem iesp\u0113ju piek\u013c\u016bt klientu sensit\u012bviem datiem. K\u0101 zi\u0146o Latvijas Av\u012bze, Strazdi\u0146\u0161 sav\u0101 soci\u0101lo t\u012bklu ierakst\u0101 nor\u0101d\u012bjis, ka banku lietotn\u0113s ir atkl\u0101ta iev\u0113rojama sist\u0113mas nepiln\u012bba, kas \u013cauj potenci\u0101lajiem \u013caunpr\u0101t\u012bgiem dar\u012bt\u0101jiem viegli uzzin\u0101t personas identifik\u0101cijas datus.<\/p>\n
Procesu aprakstot, eksperts uzsv\u0113ris, ka kr\u0101pniekam nepiecie\u0161ams vien ien\u0101kt k\u0101das bankas mobilaj\u0101 lietotn\u0113, doties uz maks\u0101jumu veik\u0161anas sada\u013cu un ievad\u012bt upura t\u0101lru\u0146a numuru. Rezult\u0101t\u0101 banka, p\u0113c Strazdi\u0146a teikt\u0101, \u201car liel\u0101ko prieku iedos \u0161\u012b cilv\u0113ka v\u0101rdu, uzv\u0101rdu un pat konta numuru\u201d. Vi\u0146\u0161 \u0161o risin\u0101jumu d\u0113v\u0113 par \u201cstulb\u0101ko \u2018inov\u0101ciju\u2019, k\u0101du p\u0113d\u0113j\u0101 laik\u0101 esmu redz\u0113jis\u201d.<\/p>\n
Zibsai\u0161u Re\u0123istra Ietekme un Banku At\u0161\u0137ir\u012bg\u0101 Pieeja<\/p>\n
\u0160\u0101da inform\u0101cijas atkl\u0101\u0161ana, izmantojot t\u0101lru\u0146a numuru, ir cie\u0161i saist\u012bta ar Zibsai\u0161u re\u0123istra darb\u012bbu, ko nodro\u0161ina Latvijas Banka. \u0160is re\u0123istrs paredz\u0113ts, lai padar\u012btu starpbanku maks\u0101jumus \u0101tr\u0101kus un \u0113rt\u0101kus, \u013caujot klientiem veikt p\u0101rskait\u012bjumus, nor\u0101dot tikai sa\u0146\u0113m\u0113ja mobilo t\u0101lru\u0146a numuru. Latvijas Bankas publiski pieejam\u0101 inform\u0101cija liecina, ka 2023. gada beig\u0101s \u0161aj\u0101 re\u0123istr\u0101 bija re\u0123istr\u0113ti vair\u0101k nek\u0101 819 t\u016bksto\u0161i zibsai\u0161u, kas nor\u0101da uz pla\u0161u \u0161\u012b pakalpojuma izmanto\u0161anu Latvij\u0101 (un Igaunij\u0101). Lai gan m\u0113r\u0137is ir uzlabot maks\u0101jumu sist\u0113mu notur\u012bbu un \u0113rtumu, sist\u0113mas funkcionalit\u0101te var tikt \u013caunpr\u0101t\u012bgi izmantota.<\/p>\n
Strazdi\u0146\u0161 \u012bpa\u0161i nor\u0101d\u012bjis uz probl\u0113mu ar Swedbank klientiem, apgalvojot, ka \u0161\u012bs bankas klients no \u0161\u012bs \u201cf\u012b\u010das\u201d pat nevarot atteikties. Savuk\u0101rt vi\u0146a teiktais liecina par at\u0161\u0137ir\u012bb\u0101m starp komercbank\u0101m. Eksperts atz\u012bm\u0113jis, ka da\u017eu banku gad\u012bjum\u0101 \u0161\u0101da pakalpojuma funkcija ir iesl\u0113gta p\u0113c noklus\u0113juma, kam\u0113r cit\u0101m t\u0101 ir j\u0101aktiviz\u0113 pa\u0161iem. Interesanti, ka v\u0113l\u0101k, p\u0113c Strazdi\u0146a atkl\u0101juma, vi\u0146\u0161 tv\u012btojis, ka vairs nevienam numuram nav iesp\u0113jams p\u0101rbaud\u012bt datus, izmantojot telefona numuru, radot jaut\u0101jumu, vai bankas ir steidzami rea\u0123\u0113ju\u0161as uz atkl\u0101to nepiln\u012bbu.<\/p>\n
K\u0101 Tas Darbojas un K\u0101das Sekas Tam Var B\u016bt<\/p>\n
Sist\u0113ma, kas \u013cauj atg\u016bt personas datus, izmantojot vien t\u0101lru\u0146a numuru, rada nopietnus riskus kr\u0101p\u0161anas jom\u0101. Zinot personas v\u0101rdu, uzv\u0101rdu un konta numuru, kr\u0101pnieki var veidot \u013coti p\u0101rliecino\u0161us soci\u0101l\u0101s in\u017eenierijas uzbrukumus. Piem\u0113ram, vi\u0146i var m\u0113\u0123in\u0101t izlikties par bankas darbiniekiem, lai izvilin\u0101tu v\u0113l sensit\u012bv\u0101kas inform\u0101cijas, piem\u0113ram, piek\u013cuves kodus vai paroles. Tas, ka \u0161\u0101da inform\u0101cija ir pieejama, ap\u0161auba datu aizsardz\u012bbas pamatprincipus Eiropas Savien\u012bb\u0101, \u012bpa\u0161i \u0146emot v\u0113r\u0101 Visp\u0101r\u012bg\u0101s datu aizsardz\u012bbas regulas (GDPR) pras\u012bbas par datu minimiz\u0113\u0161anu un m\u0113r\u0137tiec\u012bgumu.<\/p>\n
Lai gan Latvijas Banka, t\u0101pat k\u0101 citas iest\u0101des, publiski nor\u0101da, ka nodro\u0161ina personas datu apstr\u0101di atbilsto\u0161i normat\u012bvo aktu pras\u012bb\u0101m, \u0161\u012b atkl\u0101t\u0101 funkcionalit\u0101te \u0161\u0137iet eso\u0161a konflikt\u0101 ar \u0161\u012bm pras\u012bb\u0101m. Latvijas Bankas m\u0101jaslap\u0101 atg\u0101din\u0101ts, ka dati, piem\u0113ram, konta numuri un t\u0101lru\u0146a numuri, tiek apstr\u0101d\u0101ti, tom\u0113r to publisk\u0101 vai da\u013c\u0113ja publisk\u0101 atkl\u0101\u0161ana caur komercbanku interfeisu ir cita l\u012bme\u0146a jaut\u0101jums.<\/p>\n
K\u0101das Ir Banku Atbildes un Rea\u0123\u0113\u0161ana<\/p>\n
Publiski izskan\u0113jis min\u0113jums, ka SEB bankas klientiem \u0161\u0101ds pakalpojums var\u0113tu b\u016bt iesl\u0113gts autom\u0101tiski. Lai gan konkr\u0113ti koment\u0101ri no vis\u0101m iesaist\u012btaj\u0101m bank\u0101m par \u0161o specifisko atkl\u0101jumu uz raksta tap\u0161anas br\u012bdi var neb\u016bt pieejami, \u0161\u0101das baumas liek dom\u0101t par nepietiekamu lietot\u0101ju kontroles meh\u0101nismu p\u0101r saviem datiem.<\/p>\n
\u201c\u0160\u012b ir stulb\u0101k\u0101 \u201cinov\u0101cija\u201d, k\u0101du p\u0113d\u0113j\u0101 laik\u0101 esmu redz\u0113jis. Un pats slikt\u0101kais ir tas, ka, piem\u0113ram, Swedbank klienti no \u0161\u012bs \u201cf\u012b\u010das\u201d pat nevar atteikties.\u201d <\/p><\/blockquote>\n
\u0160ie izteicieni nor\u0101da uz nepiecie\u0161am\u012bbu klientiem b\u016bt \u0101rk\u0101rt\u012bgi piesardz\u012bgiem, veicot jebk\u0101das darb\u012bbas bankas lietotn\u0113, kas saist\u012btas ar sa\u0146\u0113m\u0113ja numura p\u0101rbaudi. Dro\u0161\u012bbas eksperti jau ilgsto\u0161i br\u012bdina, ka, pa\u013caujoties tikai uz digit\u0101liem risin\u0101jumiem, sabiedr\u012bba k\u013c\u016bst atkar\u012bga no \u0101r\u0113jiem faktoriem un sist\u0113mu nepiln\u012bb\u0101m, un katra jauna pakalpojuma ievie\u0161anai j\u0101b\u016bt r\u016bp\u012bgi izsv\u0113rtai no datu aizsardz\u012bbas viedok\u013ca.<\/p>\n
Iesp\u0113jamie So\u013ci Datu Aizsardz\u012bbai<\/p>\n
Situ\u0101cij\u0101, kad \u0161\u0137iet, ka banku sist\u0113mas var\u0113tu atkl\u0101t datus pat ar minim\u0101lu inform\u0101ciju, pat\u0113r\u0113t\u0101jiem j\u0101iev\u0113ro pastiprin\u0101ta piesardz\u012bba. Lai gan tie\u0161a atsl\u0113g\u0161an\u0101s no konkr\u0113tas funkcijas ne vienm\u0113r ir iesp\u0113jama, k\u0101 nor\u0101d\u012bjis Strazdi\u0146\u0161 par Swedbank, ieteicams p\u0101rbaud\u012bt bankas lietotnes iestat\u012bjumus, mekl\u0113jot jebk\u0101das saist\u012btas priv\u0101tuma vai maks\u0101jumu opcijas. Ar\u012b Latvijas Banka mudina iedz\u012bvot\u0101jus v\u0113rsties pie Datu valsts inspekcijas, ja rodas pamatotas aizdomas par personas datu apstr\u0101des p\u0101rk\u0101pumiem.<\/p>\n
\u0160is gad\u012bjums kalpo k\u0101 sp\u0113c\u012bgs atg\u0101din\u0101jums, ka finan\u0161u iest\u0101\u017eu tehnolo\u0123iskais progress da\u017ek\u0101rt var apsteigt datu dro\u0161\u012bbas protokolu pilnveido\u0161anu. B\u016btiski ir gaid\u012bt ofici\u0101lus banku un uzraudz\u012bbas iest\u0101\u017eu pazi\u0146ojumus par \u0161\u012bs atkl\u0101t\u0101s ievainojam\u012bbas nov\u0113r\u0161anas gaitu un veiktajiem labojumiem, lai nodro\u0161in\u0101tu, ka Latvijas iedz\u012bvot\u0101ju finan\u0161u dati tiek aizsarg\u0101ti ar augst\u0101kajiem standartiem.<\/p>\n","protected":false},"excerpt":{"rendered":"Datu Nopl\u016bdes Aizdomas: Tehnolo\u0123iju Eksperta Br\u012bdin\u0101jums Latvijas tehnolo\u0123iju un dro\u0161\u012bbas jomas entuziasts Elviss Strazdi\u0146\u0161 publiski izteicis satrauco\u0161u apgalvojumu,…\n","protected":false},"author":2,"featured_media":84356,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[21293,77,76,8879,21294,4290,35,39,38,36,37,34,40,21295],"class_list":{"0":"post-84355","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-bizness","8":"tag-banku-drosiba","9":"tag-bizness","10":"tag-business","11":"tag-datu-noplude","12":"tag-elviss-strazdins","13":"tag-krapsana","14":"tag-latvia","15":"tag-latvian","16":"tag-latviesu","17":"tag-latviesu-valoda","18":"tag-latviesuvaloda","19":"tag-latvija","20":"tag-lv","21":"tag-zibsaisu-registrs"},"share_on_mastodon":{"url":"https:\/\/pubeurope.com\/@lv\/115769786177025579","error":""},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/lv\/wp-json\/wp\/v2\/posts\/84355","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/lv\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/lv\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/lv\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/lv\/wp-json\/wp\/v2\/comments?post=84355"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/lv\/wp-json\/wp\/v2\/posts\/84355\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/lv\/wp-json\/wp\/v2\/media\/84356"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/lv\/wp-json\/wp\/v2\/media?parent=84355"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/lv\/wp-json\/wp\/v2\/categories?post=84355"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/lv\/wp-json\/wp\/v2\/tags?post=84355"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}