Slashdot Mirror
72% of Banks Say Their Employees Committed Fraud
yahoi writes "The financial crisis appears to be exacerbating fraud by bank employees: a new survey found that 72 percent of financial institutions say that in the last 12 months they have experienced a case of data theft by one of their workers. Meanwhile, most banks don't want to talk about the insider threat problem and remain in denial, says a former Wachovia Bank executive who handled insider fraud incidents at the bank and has co-authored a new book called Insidious — How Trusted Employees Steal Millions and Why It's So Hard for Banks to Stop Them that investigates several real-world insider fraud cases at banks." The article dispels one assumption that might commonly be made about such insider fraud: "Interestingly, it's not the stereotypical offshore or outsourced employee who's most risky to their organizations. Nearly 70 percent of financial institutions say their full-time employees are most likely to pose an insider fraud threat..." Technology workers placed third in the roster of the job categories most abused.
The article dispels one assumption that might commonly be made about such insider fraud...
Am I the only one that is concerned that our financial institutions are assuming things relating to their security policies? Because it's common knowledge in our industry that most security threats come from inside, not outside, the organization.
#fuckbeta #iamslashdot #dicemustdie
That bank workers steal money like I steal stationary from work isn't some giant revelation.
Doesn't seem to be hurting profits though. At least in Canada we may not have that big of a problem.
I tried to think of a good sig, and this wasn't it.
And hey, some of the time it's worth it.
The World Wide Web is dying. Soon, we shall have only the Internet.
I recall a bank hitting my brother's account with a long list of overdraft fees when he never bounced a single check. Turns out that one month he was trying a new budget strategy where he wrote all of the checks for that month's expenses and dated them for that day. At that time, he didn't have the money in his account to cover those checks. But he never sent them out until after he and his wife had deposited money to cover those checks. The checks were presented to the bank at a time when the money was actually in the bank. They paid all of those checks and then charged him $20 for each one that was dated as described. He never bounced a check. The checks were never presented to the bank when there weren't sufficient funds in the account. How did they justify that action? Who knows...
And even now, banks are playing games with other fees and charges. Who writes checks any more anyway? Your bank may already be doing this... How many transactions per month are you allowed to have before they start charging transaction fees?
I'm a contract employee at one of the top ten banks in the nation, employed in website development. Within the first week I was given the keys to the kingdom in spite of the bank never even performing a rudimentary background check. Also in the first week, I discovered that it would be absolutely trivial for me to steal the credentials of every single user of the site and completely cover my tracks. It has now been MONTHS since I brought it to the attention of the people who I answer to and there is still not even a proposed solution to the problem. Scarier still is that any one of 75-80 people could do this and it does not even require collusion. This to me shows the "high regard" that banks have for your money.
The other 28% must be small banks, or in denial. If just 1 percent of the population is criminal, you have to anticipate 1 criminal for every 100 people you hire. IANA statistician, but even if you have well under 100 employees, the odds are still pretty good. I think it would be like the birthday problem, where the odds of somebody in a relatively small class having the same birthday as you are surprisingly high.
Of course, I'm not sure what percent of the general population would commit bank fraud if they had the opportunity. That doesn't matter of course. People who are likely to commit bank fraud will, of course, seek out jobs at the bank. As the famous bank robber said, "that's where the money is".
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
It seems the motive is typically to get a "loan" by a lower level employee which will be paid back at some point. It would seem that the employees are in fear to actually ask their own bosses to aid them in a situation of financial strife.
Isn't that what banks are about? Making loans?
It seems that inside the banks their is a pervasive culture of fear/shame/envy by staff of the owners. The fact that management seems to be unable to get inside this situation is indicated of a manager/employee relationship meltdown.
If I owned a bakery and my employees were stealing bread to feed their families cause I pay them nothing -- that in most peoples mind is a hint about how my relationship as owner to my employees is going.
If they are stealing bread but are not starving but in fact well off thats something else - envy and greed.
In any case a Bank which gets public assistance like in "too big to fail" or some other way should begin to be held publicly accountable for internal losses -- tangible assets and data privacy breaches. Till today no one is really reporting this number out of fear in losing the public trust. When the bank fails of course the horse it out the barn doors already.
I've seen this happen to a co-worker. She was generally quite out-going and talkative. But she started being quieter over time. One day it was announced that she no longer worked at the company, and through the rumor mill I found out that she had embezzled about 5 grand (mid 90's dollars) with the help of her boyfriend. She discovered by accident that some vendors would double-pay an invoice if a second copy was sent by mistake. Thus, she decided to send fake invoices to vendors with a history of double-paying, but with her boyfriend's bank account as the bill-to address of the 2nd copy. Eventually somebody noticed the bogus addresses.
The problem is that they didn't file formal charges because they wanted to protect the reputation of the company. They did confiscate all her future benefits, though; so it was probably a net loss to her.
However, by not prosecuting they set themselves up for a second attack. For another employee of the same accounting department made off with about 25 grand a few years later. I'm sure the second guy factored in the non-prosecution of the first attempt.
I'm not sure how to solve it, other than perhaps making prosecution mandatory. But I doubt companies want that kind of legal complexity for gray areas or where the evidence is weak.
Maybe some kind of "secret victim list" in prosecution, but that goes against the concept of jury-by-peers. The chance of one out of 14 jurors (with 2 alternates) spilling the beans is fairly high. And there's other issues with public disclosure laws.
Table-ized A.I.
I think if the employees were paid a living wage, it wouldn't be an issue, but they aren't. Bank tellers don't have room for advancement, and start out at about $8/hr, which didn't go up in the last minimum wage increase. Tell me, what incentive is there to keep private things private when you're a burger flipper? Give them extra training to justify the pay increase.
Make them experts in spotting fakes, figuring out when people are up to something, etc, etc.
Oh, wait, they're already trained for this? I'm sorry, but your job is worth more than $8/hr if it takes more than an hour or two to be trained.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
Well, TFA says:
Nearly 60 percent of the respondents in the survey ranked tellers and traders as the highest risk of insider fraud, followed by administrative/back office (55.74 percent), technology (34.43 percent), executive/senior management (29.51 percent), call center (29.51 percent), and line of business (26.63) employees.
Now, this strikes me a little odd. What do these percentages even mean? if 60% of respondents ranked tellers and traders as highest and 55.74 percent ranked admin/back office as highest, then 15% of the respondents don't know what "highest" means. A little arithmetic indicates that some 235% is accounted for here. Sounds like a case of ZOMG 235% OF OUR EMPLOYEES ARE STEELING! to me.
Analyzing reports is expensive. There's a lot of data there, you have to have multiple people do it(since otherwise the person analyzing the reports can steal from you) and unless you spend a lot of time and have a lot of people doing it you can only really see quite major exceptions from the general trends and most of the people who steal know how to do it without raising an major exception.
The truth of the matter is that low level fraud costs more to prevent than to accept, especially when you take into account the general moral drops you get from showing that you really don't trust your employees.
Most people are honest, most of the people who aren't honest can be scared off with the fact that audit reports exist, and the rest of them all together steal so very little that it's not really that big a deal.
"Interestingly, it's not the stereotypical offshore or outsourced employee who's most risky to their organizations.
that was not somebody attempting either a subterfuge or the implantation of a subliminal suggestion.
You see, it may very well be true that "offshore" employees in banking have less culpability, thus far...which - entirely coincidentally, I'm sure - corresponds directly to the amount of penetration into banking that offshoring has - thus far.
Interestingly, don't you think that such statistics provide a a nifty argument for offshoring banking?
Who gathered and "analyzed" this "data", again?
Orwell: "In a Time of Universal Deceit, telling the Truth is a Revolutionary Act"
I once overheard Bankers speaking and they do blacklist persons if they hurt the institution enough.
Though no charges were filed often the reference is veiled: "let go due to irregularities in performing the job" which is a whopping hint to the next employer they were doing low level fraud or in the more sinister case it was a recommendation for a let go employee -- to a competitor.
In a bar one evening I pointed out ''how simple it would be to send a few million to a bank in Rio''. I was told ''Who wants to live in Rio?''. They were not interested in trying to fix it.
About that time I did some work at a bank in London. Every morning the director of securities arrived in the IT department with a list of errors from the overnight run (all audit trailed, etc). He got a programmer to fix them which he did by running up an SQL interpreter. There was no oversight, the director walked away before this was completed, there was nothing to stop the programmer from doing it whenever he wanted. The programmer was employed through an agency, not a bank employee.
I met someone at a social function, asked him what he did: ''I am a banker, I get to rob people legally'' -- at least he was honest!
I could go on. This sort of stuff is endemic.
I had a friend years ago that was a detective on the Las Vegas Robbery squad. He told me that the average armed robber gets away with something like $5,000. The average electronic bank robbery gets away with over $500,000. He also told me that they almost never ever catch anyone committing a robbery by computer, but they get most of the people sooner or later that commit armed robbery. He was talking about both inside jobs (mostly involve some sort of computer) and outside computer attack type robberies here to clarify.
He said it was not so much tracking down a suspect, but that the nature of the electronic / insider robbery often lacked the traditional physical evidence that would really lead to a conviction. The banks and businesses don't really want to cooperate for PR / insurance / liability reasons. The nature of the evidence is not very compelling to a jury. Often it is difficult to properly get warrants across multiple jurisdictions in a timely manner and in such a way that the evidence can be used in court. Most importantly it just all around cost more money to investigate and prosecute, as it requires very expensive and specialized skills that most police departments (including the FBI) really do not have the resources to do properly. There is not a lot of political motive at the top of law enforcement and everyone else to do unless it is a really high profile robbery type thing that they have to do.
Living in Chile
someone was stealing other people's food out of the refrigerator. they decided that the thief was 'just hungry' and we should all chill out.
but they wont give health insurance to the janitor.
the guy that runs the technical division has no degree and people are 'proud' of this, like Palin proud.
You realize that every machine you swipe your card through has a record of your card number, and a few button presses latter will print it out, along with every card from that day, or week, or month, etc etc... Do you trust the vetted bank employee with some oversight more than you trust the burger flipper and the chic at the coffee drive through? How about the guy working at best buy, he also asked for your address and zip code. Ever consider that one?
The bottom line is that the only reason that credit cards work is because MOST people don't know they can sell those lists of card numbers and names to a third party. If there were a fast, easy way to do so, and it became common knowledge, the credit industry would fall apart in a matter of months.
All these companys want you to be totally loyal to the company. The job comes before your life, friends, and everything else. They demand loyality above everything. And yet... are most companys loyal to the employee? Fuck no! You're 100% replaceable.
http://exiledonline.com/this-is-why-workers-shoot-their-employers/
A VERY close relative of mine works in compliance in the finance industry. He worked for a credit card company that was going under and cooking the books. He told the truth in his report to the regulators but nothing happens very quickly. The company was then taken over by ex-management of another credit card company who quickly discovered the real situation.
Now they could have used him to help them sort things out, but instead of that they started cooking the books themselves, realised he knew too much and made him redundant. He fought it as unfair dismissal but didn't get very far, he had a case but would have ended up costing as much as he would get.
The irony is that he now works in compliance at the company where the new management of his previous company had escaped from, where part of his job is uncovering what the previous lot were up to.
My take on all this is that the financial services industry is rotten from one end to the other.
Si hoc legere scis nimium eruditionis habes.
If you have to stockpile, choose guns, ammo, canned goods, medicine, and a water filtration system, in that order. Because with enough of the first two you can always find a way to convince your neighbor to help with the rest.
God invented whiskey so the Irish would not rule the world.