TELECOM Digest OnLine - Sorted: Re: Online Banking Security: Who's Minding the Vault?

Re: Online Banking Security: Who's Minding the Vault?
21 Jan 2005 13:16:33 -0800

Lisa Minter wrote:

> As Americans improve their computer skills and grow more comfortable
> with banking over the Internet, the hackers, phishers and other
> fraudsters are honing their nefarious skills as well.

They must not forget traditional auditing either. One bank was hit
with a big losses from its ATM machines the old fashioned way: the
machine's attendants simply took leftover money from the trays because
the bank didn't bother to count it and compare the counts to the
machine's meters.

That is very basic accounting/auditing.

A former employee of a small town bank told me his bank would balance
its book each night to the penny. That meant all transactions had to
be reconciled and explained. A lot of work, but standard procedure.
When their bank was acquired by a big bank, their reconcillation
requirements dropped radically. That opens a window to fraud.

Another issue is employee morale, especially involving identity theft.
While bank employees were not the greatest paid, they usually were
treated reasonably well and professionally by their employer and it
was pretty rare for an employee to steal.

But now many employees work in boiler room customer service units
where they are basically in an electronic sweatshop. The computer
monitors every keystroke, every phone call, as well as hidden cameras
and audio recording. There is pressure to complete many transactions
and sell premium bank services.

Under such conditions, employees feel less connection to their
employer (because there is LESS connection). Instead of greeting
customers face-to-face in a pleasant branch office, they're in some
windowless basement. (Recall the big room in the film "The
Apartment"). As such, there is less moral restraint on stealing
identity information from unsuspecting customers.

Indeed, if the information is used three months after it is stolen, it
would be very hard to trace it back to the thief. That's one of the
challenges of identify theft -- by the time the victim discovers it, a
great deal of damage has already been done and it's too late.

Today's highly complex banking services (they call them "products")
with multi-page statements are hard for ordinary mortals to decipher
and it's easier for inappropriate transactions to get buried in them.
It's getting worse as electronic deductions replace checks and the
transaction description is a long string of numbers.

Identify Theft is a fast growing crime and the govt is moving too
slowly to catch up. Of course culprits must get long prison
sentences, but that is not enough of a deterrent. Investigative
agencies must go after even petty thefts which they don't bother with

It may be necesssary to put restrictions on high quality color copiers
and duplication with computer scanners and printed. Color copies of
driver's licenses go a big way for theft.

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: "Re: Don't Allow Under-9s to Use a Mobile"
Go to Previous message: "Re: Radar Detectors"
May be in reply to: Lisa Minter: "Online Banking Security: Who's Minding the Vault?"
TELECOM Digest: Home Page