BreachExchange mailing list archives
Tellers are overlooked as threat to data safety
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Thu, 18 Feb 2016 19:07:59 -0700
http://www.toledoblade.com/business/2016/02/14/Tellers-are-overlooked-as-threat-to-data-safety.html Bank robbers used to burst into banks brandishing guns and bearing notes demanding cash to the teller behind the window. Today, the thieves may be on the other side of the counter. As concerns over identity theft and foreign cyberattacks rise, customers are largely in the dark about a growing threat just around the corner: bank tellers and managers with instant access not only to their critical personal information but also to their cash. Though much of the focus on bank fraud has been on sophisticated hackers, it is the person behind the window who should worry depositors, according to prosecutors, government officials, and security experts. Tellers and those who oversaw them once played a respected role, carefully counting out bills and peering at signatures. But ATMs, direct deposits, and electronic banking have diminished tellers’ importance to the point that their work is now low-paid. Rich and elderly bank customers are particularly at risk, prosecutors say, when tellers and other retail-branch employees tap into accounts to wire funds without authorization, make fake debit cards to withdraw money from ATMs, and sell off personal data to other criminals. Accounts with high balances and direct deposits of government funds, such as Social Security payments, are especially coveted. “It’s a rampant problem,” said Brenda Fischer, chief of the Cybercrime and Identity Theft Bureau for the Manhattan district attorney’s office. That office and other prosecutors have brought a string of cases against tellers and other employees who typicall interact with customers at retail branches. The Manhattan prosecutor’s office estimates it brings at least one case against a teller per month. Last year, a teller in White Plains, N.Y., was sentenced for her role in an identity theft ring that pilfered $850,000 from bank accounts. A former teller at a Capital One branch in Maryland was sentenced in 2014 for gaining access to seven accounts and passing customer information to a co-conspirator who drew checks on the accounts. Nationally, last year, cases included a former Pennsylvania teller sentenced for withdrawing money from accounts; a former Manhattan teller sentenced for using information to receive tax refunds that he routed to himself; a former Connecticut teller who took cell-phone photos of account information to cash fake checks, and a former Virginia credit-union teller who took out loans from the union in customers’ names. Her acts led to the institution’s collapse. Bringing charges against tellers and low-level managers can be challenging, prosecutors say, because of banks’ lax security controls and gaps in regulation. One Chicago-area teller jumped from Washington Mutual to LaSalle Bank to Fifth Third before he was caught, withdrawing more than $2 million along with his co-conspirators. They rerouted customers’ addresses to mailboxes they controlled, made driver’s licenses in customers’ names to open credit cards, and formed fake businesses so they could buy credit-card terminals to approve the fake charges they had rung up. Despite the sums at stake, executing the crimes can be easy, prosecutors say. Tellers and employees at retail branches, who can gain access to a customer’s information with a few taps of a keyboard, are at the centers of the schemes. Last year, for instance, federal prosecutors say Peter Persaud, an employee at a Chase branch in Brooklyn, sold customer information to an informer for $2,500 per customer. Mr. Persaud has pleaded not guilty; the case is continuing. In other cases, thieves bribe the low-paid tellers to hand over personal data to drain money from accounts and make debit cards, checks, and credit cards in customers’ names. According to the Bureau of Labor Statistics, the median annual income for tellers in 2014 was $25,760, a salary that prosecutors say does not match the high-risk nature of their jobs and can leave the teller vulnerable to bribes. Under laws passed in the aftermath of the Sept. 11, 2001, attacks, banks are required to vet their customers and closely monitor accounts to detect any suspicious activity. But when it comes to tellers, prosecutors say, sometimes, little more than a basic criminal-background check is performed. More than money is at stake. Social Security numbers and addresses can be trafficked on the black market, where thieves sell vast collections to the highest bidders.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which vendors to trust. Contact us today for a demo.
Current thread:
- Tellers are overlooked as threat to data safety Audrey McNeil (Feb 19)