Home | News Alerts | Banks Face Growing Threat of Inside Identity Theft

Banks Face Growing Threat of Inside Identity Theft

Reuters-eWeek -

November 22, 2006

ZURICH -- Banks are pouring money into building formidable defenses against computer hackers but are only just waking up to what may be a bigger threat -- the physical theft of client information by criminals in the office. "You can have a fortress-like security system, but if you are not terribly discriminating with consultants and temporary employees, that is a terrible vulnerability," said Carmen Oveissi Field, a New York-based consultant on computer crime.

Full Story (Reuters—eWeek)

Our Analysis:

In a case of putting a finger in one hole of the dike while water gushes through another one, banks have concentrated many of their security resources in the area of remote online banking while neglecting pressing security issues at home.

It seems to be a lot easier for banks to warn people continuously about the dangers of phishing and proselytize about the importance of password security (which is next to useless when it comes to a savvy criminal), etc. than to effect genuine security upgrades on their own physical branches. The encouragement—and practice—of consumer responsibility in security matters, while important, has its limitations.

Banks are notorious for overcharging consumers for identity theft protection and passing off security expenditures to their customers in the form of fees and other charges that continue to increase. Meanwhile, an old-fashioned category of security seems to have grown lax. Who knows, maybe it’s harder to pass off those expenses to customers as an “added service.”

According to the article: “Widespread outsourcing of data management and other services has exposed some weaknesses and made it harder to prevent identity theft by insiders . . . There are lots of weak links. Back-up tapes are being sent to offsite storage sites or being mailed and getting into the wrong hands or are lost through carelessness."

A great deal of financial security issues are completely out of the hands of consumers and must be addressed by the banks themselves, either individually or in collaboration, if the system is to ever be as secure as possible. There will always be gaps in security, or new threats posed by savvy identity thieves and other sophisticated criminals, but the banking industry owes it to it customers—to say nothing of its own long-term viability—to make sure online and offline security are integrated so that the whole system can become more robust.

Increasingly, industry after industry is realizing that fighting identity theft takes a bit more work and knowledge than expected. The test, however, is how quickly an industry reacts after that realization.