TRENDING:

The Fraud Blog with Tracy Kitten

The Wells Debacle: A Lesson

Institutions Can't Afford These Low-Tech Mishaps Tracy Kitten (FraudBlogger) • October 29, 2011    
The Wells Debacle: A Lesson

The statement mailing error Wells Fargo Bank has blamed on a malfunctioning printer got quite a bit of attention this week. It's just one of those examples of how the not-so-sophisticated hiccups can often lead to the biggest headaches. [See Wells Fargo Customer Info Exposed.]

While the cause for the malfunction of the printer is a bit more concerning - was the printer somehow hacked or compromised with malicious software? - the mailing error is pretty easy to pinpoint. Checks and balances, no pun intended, were not in effect.

Phil Blank, managing director of security, risk and fraud for Javelin Strategy & Research, put it best: "It represents a failure in basic 'block and tackling.'"

The whole incident reminds me of the systems upgrade at Bank of America a few weeks ago that resulted in thousands of customers complaining of access lockout to their online banking accounts.

Some industry pundits suggested something more nefarious, like an attack waged against BofA by Anonymous or some other hacktivist group. But I think the site outage was more likely caused by exactly what BofA claimed - a systems upgrade that was launched in haste without proper testing before deployment.

Looking at the Wells Fargo statement debacle, I can't help but think something similar. Somebody dropped the ball. You can't blame it all on a printing error. Aren't steps in place to perform some sort of double check?

I'm sure this statement incident, which affected Wells customers who opened accounts in South Carolina and Florida, will motivate folks at Wells to do things a little differently in the future.

Josh Dunn, corporate communications manager for Wells in Charlotte, N.C., says the bank sincerely regrets the mix-up and has assured customers that the risk of their bank accounts being compromised as a result of the statement snafu is low. Still, the bank is providing all affected customers with a year's worth of free ID theft protection.

I should hope so. ID theft protection is the least Wells can offer as protection for its customers as well as for itself.

And it's not just banking institutions that face some of these completely avoidable compromises of personally identifiable information. We read about it every day in any number of organizations crossing any number of industries: From a hospital throwing away paper patient records that it neglected to shred, to a government IT staffer leaving an open laptop in a car he forgot to lock.

Financial institutions, as card issuers, have their hands full trying to come up with better ways to thwart that kind of fraud and protect the customers who are adversely affected when card fraud does occur. The low-tech stuff should be easy to avoid, but it's often the sort of thing that slips through institutional cracks.

I get it. People are distracted. And we all get sloppy. The thing is, we can't afford these lapses. With growing concerns about incidents linked to identity theft, financial institutions, especially, have to do more to ensure they aren't the ones that accidentally expose consumer information.



About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network

Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.in, you agree to our use of cookies.