Digital agency accused of not taking responsibility for NemKonto frauds

A number of parties have had enough and have called for the finance minister to bring clarity to the situation

Earlier this year, national broadcaster DR revealed that the security of the NemKonto banking system has been compromised since 2016.

But despite the system’s security being criticised for its flaws and lack of transparency in preventing fraud, it turned out that only minor changes have been made to the NemID system.

A warning was sounded by Finans & Leasing (FL), the trade association for finance companies, back in February..

“We can only note that to date, the changes we have proposed since 2016 have not taken place, both with the Danish Agency for Digitisation [Digitalstyrelsen] and the Justice Ministry,” said FL head, Christian Brandt.

READ ALSO: Danes among the biggest victims of card fraud in Europe

Dubious reports
A few years ago, Digitalstyrelsen was asked to respond to its failures, and conveyed in a report to Parliament that the issue only related to 20-50 rare cases in total.

But the bank trade association Finans Danmark has assured that the agency was aware “with a fairly high degree of certainty” that there are in fact more than the 50 or so cases.

These statements proved to be correct in April 2018, when an internal memo from the agency revealed that 50 cases of fraud had been identified in 2017 alone.

The agency’s report to Parliament also gave the impression that the fraud had only occurred in 2017 and 2020, while research has proven that dozens of cases have occurred every year from 2015-20.

In response, the finance minister Nicolai Wammen demanded a new report shedding light on the case.

Opposition demand clarity
But once the second report was published earlier this year, it was criticised by several administrative law experts as being misleading and false.

Now, multiple parties in Parliament are demanding that Wammen rein in the situation.

“It’s a complete mess. First the case regarding security problems with NemID surfaces. A report then arrives and now a new report turns up, which is also riddled with errors,” Dansk Folkeparti’s spokesperson for judicial issues, Peter Skaarup, told DR Nyheder.

“And they try to convince is that they have things in order, while that clearly is not the case.”

READ ALSO: At least 46 libraries caught up in NemID fraud

Tentacles of terrorism
Fraudsters install ‘keyloggers’ (USB stick or software) on library computers and subsequently all keyboard actions are recorded, including the user NemIDs.

With this data, the hackers are then able to transfer the victim’s NemKonto account to an offshore bank account belonging to the hacker network.

Fraudsters were thus able to obtain access to public benefits such as child benefits, SU student grants and pensions. The money then vanishes, withdrawn from several locations, within hours.

The stolen money is then spent on money laundering or even terrorist financing, according to the intelligence agency PET. In 2019, two Danish-Somali brothers convicted of terrorism were found guilty of carrying out this modus operandi.

In order to intervene in this case, the Ministry of Finance has set up a 24-hour helpline for victims of fraud.