Swedish Watchdog To Investigate Klarna for Bank Secrecy Breach

Sweden's financial watchdog said on Monday it was investigating payments firm Klarna over a potential breach of banking secrecy laws in connection with an IT incident at the firm in May. From a report: For a 30 minute period on May 27, Klarna customers were shown other users' data - a digital mishap which the firm, in a statement on June 4, blamed on human error. "(We) will investigate whether Klarna has violated bank secrecy in connection with an IT incident in May where the bank's customers were able to access information about each other for a limited time," Sweden's Finansinspektionen said in a statement. A spokesperson for Klarna told Reuters that the probe, "was very much expected as part of our regular dialogue with the Swedish FSA and as always we approach this with full cooperation and transparency."

Wrong site?

[CantankerousCoot]

Calling this "News for nerds" is stretching things. The article has zero technical details. A bank screwed up and the regulatory agency which oversees it is potentially holding it accountable. Good. Not interesting, but good.

Newsworthy

[Comboman]

A regulator agency actually doing it's job is enough to be newsworthy in many parts of the world. What would be really newsworthy is if the affected customers received actual monetary compensation instead of a half-hearted apology and six months of free Norton Security.

Re:

[CantankerousCoot]

That's very much my point. It *is* newsworthy...just not "tech news" newsworthy. Personally, I wish the US took these things as seriously as the Swedish apparently do. But, again, it's not quite Slashdot-worthy.

Re:

[whizzter]

Klarna is mostly a tech company (atleast historically), started out offering payment backends for E-tailers like Stripe. The bank thing is a more recent development due to the way they make most money nowadays (chasing customers with late-fees).

In addition, being in Stockholm they were also one of the first adopters of Erlang outside of Ericsson with all early backend development done in Erlang(changed now though).

So relevant? Partially by the company yes but also in addition to the failure itself (that I t

Re:

[CantankerousCoot]

"So relevant?" No. It being a tech company does not make it relevant, given that there are no technical details to the story. As I said, it's stretching things quite a bit.

Kowboys

[ytene]

In my limited experience, Klarna are the ambulance chasers of the financial services world.

I made a single purchase from an EU-based retailer (specifically, located in the UK) for which Klarna provided the web-shop checkout services. They harvested information from the check-out process and started spamming me with email.

I got in touch with them and asked them for:-

1. Copies of all the information they had collected about me. 2. Proof that they had my consent to store and use my email address...

The run-around they gave me was masterful, maddening and very carefully designed to discourage any form of complaint, specifically to a regulator. For example, after they abuse you by spamming you with email and you ask them to stop, the first thing they want you to do is provide your mobile phone number so that they can "authenticate you" and verify that your "unsubscribe" message is genuine. Question: how are they going to be able to prove that any provided cell number matches with an email address they possess? How are they going to guarantee that they don't "accidentally" start tracking the cell-phone, including location?

This is a company which [in the case of my personal experience] not only flouted the EU GDPR at a systematic level - configuring their web shop service to harvest email addresses from non-customers - but then used the GDPR as a shield to hide behind.

I can only hope that the EU closes them down. They don't deserve to be in business.

Re:

[F.Ultra]

Sure that your where getting mails from Klarna? I, no one in my family or anyone that I know have ever received a single mail from Klarna and we have purchased from Klarna stores thousands of times.

Re:

[ytene]

Oh, I am certain that it was Klarna and certain that what they did constituted a breach of the GDPR.

For example, see here, [bbc.co.uk] or here, [finextra.com] or here, [pymnts.com] or here, [moneysavingexpert.com] or here, [fashionunited.uk] or here. [fintechfutures.com]

Re:

[F.Ultra]

I'll be damned, never happened to me, On the other hand I do live in the EU, just noticed that you where talking about the UK and you know since Brexit they have no GDPR there so perhaps Klarna is doing this shit in the UK only.

Re:

[ytene]

Oh I am afraid that you are entirely wrong on that point.

After the GDPR became effective across the EU, the UK government completely revised the “Data Protection Act” which passed in to law in Mar 2018.

One of the reasons that the UK did this was because so much of the UK’s economy is based on the knowledge economy and financial services and of course the EU is also one of the UK’s biggest customers. So the UK passed the 2018 Data Protection Act, which conforms in all respects

Re:

[F.Ultra]

So still no GDPR since they are no longer in the EU but instead a Data Protection Act, might be seen as semantics but still true. And still true is also that I as a EU member never ever have seen a single mail from Klarna.

Secondly, the UK is not getting shafted more than what they actually voted for, the UK voted to be seen as a third country by the EU and that is what is happening right now. Ironically a lot of the "shafting" for third countries where introduced by UK legislators.

Re:

[ytene]

The way that EU member states enact EU Regulations in to Laws is that each member nation takes the centrally-written regulation and enacts it in a local law.

For example, a quick Google search looking to see how France enacted the GDPR turned up this [gibsondunn.com] explainer.

As you can see, the paper, sponsored by Reuters and written by lawyers from Gibson Dunn, discusses how the GDPR is enacted in French Regulation, showing how French Law n'218-493 made modifications to the previously standing French Data Protection

Re:

[F.Ultra]

Sorry, missed that you where an EU citizen. SInce you made a purchase in a UK store post Brexit I was under the impression that you where a UK citizen, while the UK have enacted the GDPR into law it only affects EU citizens since non-EU citizens have no standing in the EU court.

However something have to be connected to Brexit since this appears to only happen in the UK and post Brexit.