Scary – Who’s watching your ASSets
- Author Donald Carroll
- Published September 27, 2011
- Word count 929
BofA Breach: ‘A Big, Scary Story’
$10 Million Loss Highlights Risks, Sophistication of Internal Breaches
An internal breach at U.S. financial giant Bank of America shows how some corporations do not focus enough attention on mitigating internal fraud risks. According to news reports, a BofA employee with access to accountholder information allegedly leaked personally identifiable information such as names, addresses, Social Security numbers, phone numbers, bank account numbers, driver’s license numbers, birth dates, e-mail addresses, family names, PINs and account balances to a ring of criminals. With that information, the fraudsters reportedly hijacked e-mail addresses, cell phone numbers and possibly more, keeping consumers in the dark about new accounts and checks that had been ordered in their names.
Some 300 BofA customers in California and other Western states have reportedly had their accounts hit, and 95 suspects linked to the breach were arrested by the Secret Service in Feb.
BofA says it detected the fraud a year ago, but only recently began notifying affected customers of the breach.
"As we communicated to impacted customers, this situation involved a now former associate who provided customer information to people outside the bank, who then used the information to commit fraud against our customers," says BofA spokeswoman Colleen Haggerty. "Keeping customer information secure and confidential is one of our most important responsibilities, and Bank of America sincerely apologizes for this incident, and regrets any inconvenience it may cause our customers. We work hard to prevent fraud, and our customers who experience fraud on their accounts related to this incident will be reimbursed if they report it promptly to us."
Privacy expert and attorney Kirk Nahra calls the BofA incident "a big, scary story," and says account-management checks should have picked up on the fraud before more than $10 million was drained from customer accounts. "Money was missing, so there should have been some trigger just identifying that there was a problem," he says. "It’s just weird that the problem wasn’t picked up on sooner."
Protecting PII: A Widespread Concern
Julie McNelley, an A site analyst, says the BofA breach underscores concerns consumers should have about sharing their personal information with any company, not just a financial institution. "It’s a huge issue for all types of consumer information that is stored, and it’s being heavily targeted by all kinds of breaches," McNelley says. "Organized crime either had an employee planted or reached out to an employee and got them in on the hack. We’re seeing this more and more."Despite growing concerns about internal threats, McNelley says banking institutions and other organizations can implement strategies to detect employee fraud. In some cases, they can even predict high probabilities for employee fraud.
McNelley’s must-haves include:
Background checks. "When it comes to screening employees during the hiring process, a layered approach is necessary," McNelley says. Background checks are the norm, and public records could provide tell-tale signs about a certain candidate’s propensity to commit fraud. Especially, if a bank employee committed fraud while working for another institution, banking networks will often include background information about these employees’ previous work histories.
Prosecution. Be sure to press charges against employees who commit fraud. Many banking institutions are reluctant to prosecute because of bad publicity, but doing so establishes a public paper trail for other institutions to follow.
Behavior Monitoring. Implement and engage in behavior tracking. "When you have a teller who is accessing five times more accounts than any other teller in your bank, that could be a red flag that something is going on," McNelley says.
BofA Cleans the Mess
Going forward, BofA says it’s working internally and with its customers to clean up the mess. "We take personal data protection very seriously," Haggerty says. "This includes safeguards ranging from background checks during the hiring process, monitoring employee access to customer personal data, and very clear policies that prohibit the improper use of customer data. In the event of a privacy compromise or fraud, we have in place aggressive account monitoring and refund policies for unauthorized transactions after an incident occurs to protect our customers. Customers impacted by this specific incident will also receive two years of free credit report monitoring."As for the length of time it took BofA to notify affected customers about the breach, McNelley says she sees no red flags going up. "BofA was probably trying to figure out how far-reaching the fraud was and was working with law enforcement, so they had to keep some of it contained until they knew what they were dealing with."
Nahra, on the other hand, says he finds the delay somewhat perplexing. "I’m a little surprised, given at how sophisticated some of the big institutions are at picking up on fraud and irregularities," he says. "I don’t know how this person did it. If he downloaded a lot of information to a thumb drive, you can track some of that. On the access points, you always want to look at how you can control access to information in the first place."
But access control, Nahra allows, is a touchy issue for banks and other entities, since it’s difficult for corporations to limit employee access, especially to customer information that enhances the relationship and allows employees to better know and serve customers.
"We have a tension between privacy and security everywhere," Nahra says. "If I set up my bank website and make it incredibly hard to break in to. That means it makes it incredibly hard for the consumer to use. You’ve always got this tradeoff."
For more information on this article, CISSP, Security+
Article source: https://articlebiz.comRate article
Article comments
There are no posted comments.
Related articles
- Shabby Chic Meets Rustic Farmhouse: Elevate Your Space with Carved Wood Sliding Doors
- How to Master Eclectic Decor: Tips and Tricks
- Apostolic Blessing from Pope Francis
- How Do You Find Experienced Builders for Micro Apartments in Brisbane?
- Searching for Professional Carers in Cambridgeshire to Support Your Family?
- How Do You Transfer Money to Egypt in Just a Few Clicks?
- Want Your Office Sparkling Clean? Get Top-Quality Commercial Cleaning in Auckland!
- Looking for High-Quality Lighting in Brampton? We Have the Perfect Options!
- Want to Improve Your Tender Success Rate? We Have the Solution!
- How to Choose the Right Chauffeur Service
- Why were the 1940's so important in history?
- Why Fire Safety Training Should Be A Priority In Your Workplace
- Creative Ideas for Using Old Trunks in Your Interior Décor
- Gutter Replacement: Why Upgrading to uPVC Gutters is a Smart Choice for Your Home
- What Is Point Of Sale Branding? An In-Depth Guide To Boosting Sales And Customer Experience
- Why You Need DRaaS: The Case for MedOne’s Disaster Recovery as a Service
- Sparkle and Shine: Your Ultimate Guide to Christmas Makeup
- Chauffeur Service: Elevate Your Travel Experience
- Creating a Reading Nook with Old-World Vintage Furniture
- Micro Apartments in Brisbane: A Builder’s Guide to Smart Living Solutions
- A Comprehensive Guide to Finance for Co-living Properties
- The Benefits of Garden Design
- Why Local Businesses Are Choosing to go Local for Web Design
- Top 10 Personal Safety Tips All Women Should Know
- It’s Not Too Late to Make Money Investing in This Gold ETF
- www.sellmoj.com is the game changer for E-commerce
- Top 10 Ways Maintenance Manager for Business Central Saves Asset Headaches
- Buying a Ready-Made Company in Estonia: Your Effortless Business Setup
- What Defines a Victorian Style Home?
- Transform Your Space with Versatile Antique Door Sideboards