72% of Banks Say Their Employees Committed Fraud

yahoi writes "The financial crisis appears to be exacerbating fraud by bank employees: a new survey found that 72 percent of financial institutions say that in the last 12 months they have experienced a case of data theft by one of their workers. Meanwhile, most banks don't want to talk about the insider threat problem and remain in denial, says a former Wachovia Bank executive who handled insider fraud incidents at the bank and has co-authored a new book called Insidious — How Trusted Employees Steal Millions and Why It's So Hard for Banks to Stop Them that investigates several real-world insider fraud cases at banks." The article dispels one assumption that might commonly be made about such insider fraud: "Interestingly, it's not the stereotypical offshore or outsourced employee who's most risky to their organizations. Nearly 70 percent of financial institutions say their full-time employees are most likely to pose an insider fraud threat..." Technology workers placed third in the roster of the job categories most abused.

Seems low

Is that not counting executives?

Re:Seems low

[fuzzyfuzzyfungus]

I'm pretty sure that it only the intersection of "actions which are illegal" and "actions which harm the bank's interests" counts as fraud for their purposes...

Re:Seems low

[roguetrick]

If shit gets that bad, I hope you're investing in bacon and not gold.

Re:Seems low

[nmb3000]

Riiiight. When the government is bankrupt, it _can't_ payout.

If you really believe that the government will falter to such a degree that it will not be able to honor its FDIC obligations, I suggest you remove your funds from your bank, and put them into food storage, ammunition and firearms, and other dystopian future necessities.

Least in the old days you had _some_ assets to cover your debts, and one just couldn't "print" more pseudo-assets.

If you're talking about the dollar being backed by the gold standard, this is just as big of an illusion of security as current paper currency is. The only reason gold was ever considered valuable in the "old days" was due to its scarcity, and relying on an object's absolute physical availability to determine it's value is flawed in an economy of our size. If we tried to back the GDP of countries like the US, Canada, Russia, Europe, etc., with gold we'd have run out of the metal a long time ago.

The funny thing is that gold has only recently become really valuable as a commodity with the advent of integrated circuits and other electronic components that make use of it. If society really does degenerate to the point some people think it will all the gold in the world won't help you. People will need and want to trade for required things like ammunition, canned food, fuels, etc. After that comes the vices such as cigarettes, alcohol, and toilet paper. Gold is going to be waaay down the list.

If you're really worried about money for the post-apocalyptic society of tomorrow, I'd suggest you start collecting bottle caps.

Re:Seems low

[OrangeCatholic]

Actually, it is. When you sell a house to someone with no money, that's fraud. Especially when you know you're doing it.

Also something called "naked short-selling", which involves selling non-existent stock. It happens millions of times per day, everyone does it, and nobody complains. Bear and Lehman stock was counterfeited so rapidly, the stock plummeted to zero within days.

It's the thug life, right? No fraud in the hood. Drugs, guns, murder - that's just recklessness and stupidity.

Re:Seems low

[Chrisq]

If shit gets that bad, I hope you're investing in bacon and not gold.

I'm Jewish you insensitive clod.

Re:Seems low

[corbettw]

If you have to stockpile, choose guns, ammo, canned goods, medicine, and a water filtration system, in that order. Because with enough of the first two you can always find a way to convince your neighbor to help with the rest.

Denial?

[blueg3]

If 72% of financial institutions say they've experienced data theft, how do "most banks" remain in denial? It sounds like "most banks" just admitted it.

Also, I'm not sure data theft is the same as fraud.

Suprise! NOT!

[Herkum01]

Is this really a case of it being unexpected? Banks, which handle lots of money and are generally unwilling to pay for honest talented staff see mishandled cash? What a surprise!

Next article, "Investment Bankers are overpaid for the returns they generate on their transactions!"

The Cold War had it right

[plover]

"Trust, but verify."

These people are in positions where they have to have access to the information to do their jobs. Locking them down so they can't get to the data without a partner would double labor costs (much more expensive than the 1-4% quoted in TFA.)

So the best answer is: give them the access they need, tell them you're logging it all, log it all, and *analyze the freakin' reports!* There are so many reports out there in most businesses that just get ignored. But we're talking about the early warning signs of theft, and they can't be ignored without consequences.

So 28% of banks lie on surveys.

[xC0000005]

The odds of a bank (even a small bank) having no such problems is next to none. The only bank I can think of which has absolutely no employee corruption is the one in the mall. It's been closed for a few years, during which their track record is flawless. Their customer service times aren't actually much worse either.

Seriously, if there are humans in involved and money involved, corruption ain't far behind.

Fraud by bank employees is nothing new

[erroneus]

I recall a bank hitting my brother's account with a long list of overdraft fees when he never bounced a single check. Turns out that one month he was trying a new budget strategy where he wrote all of the checks for that month's expenses and dated them for that day. At that time, he didn't have the money in his account to cover those checks. But he never sent them out until after he and his wife had deposited money to cover those checks. The checks were presented to the bank at a time when the money was actually in the bank. They paid all of those checks and then charged him $20 for each one that was dated as described. He never bounced a check. The checks were never presented to the bank when there weren't sufficient funds in the account. How did they justify that action? Who knows...

And even now, banks are playing games with other fees and charges. Who writes checks any more anyway? Your bank may already be doing this... How many transactions per month are you allowed to have before they start charging transaction fees?

Re:Fraud by bank employees is nothing new

[tunapez]

I was trying to determine all the fees involved in Chase Bank's "FREE" checking a couple weeks ago. I asked what the minimum balance and specific performance were required to get that "FREE" checking? The yanker said no minimum and I did not have to do anything. Half way through the process the yanker mentioned if I did not use my debit cards some 10(?) times in a month there would be a $6 fee. I asked him if he knew what specific performance meant and do you lie and tell half-truths to your friends and family too? He laughed like it was a funny joke. I walked to the credit union, where I should have started.

Wells Fargo last year hit my checking account w/ 2 x $35 charges for $6 and $11 transactions, unknown to me my DD was 3 days late while on the road and I was not paying some monthly charge to auto-transfer or over-draft protection. I asked to set my account to deny ANY transactions when funds were not available so I would be aware of and remedy the situation. They told me the account didn't work like that but I could pay for those services and they would credit me one of the charges. I grabbed a withdrawl slip and wrote it to the balance of my savings, $9k and change. Shortly the manager offered to drop both charges. I told him no thanks, choke on your $70. ***Until the CU, I continued to use the checking, for cashing checks. If they need to hold overnight I pick the cash up in the a.m. and never carry more than a $5 balance.

F the banks, bunch of crooks and liars.

That's the real cost of disloyal companys.

All these companys want you to be totally loyal to the company. The job comes before your life, friends, and everything else. They demand loyality above everything.

And yet... are most companys loyal to the employee? Fuck no! You're 100% replaceable. We don't really need YOU. Get back to work or you're fired. Sick? Come to work anyway! You did such a great job on that project. have some perks! more money? no. you wont get more money.. but look! pizza on fridays! wooo!

Nobody should be suprised that many employees have a crap attitude about their jobs. And will steal any chance they get.

You want real loyality from employees? PAY US MORE. We don't work here for our health or because we like it or for the perks or the lovely 'family oriented' way you do business. We work here because you pay us.

And now with the economy fuckup. The first things to go are perks and pay raises. Yet you still want the same loyality from the employees.

Good luck with that. We're gonna steal anything not bolted down. Get all we can before the company gets rid of us.

I Could Be a Fraudster

I'm a contract employee at one of the top ten banks in the nation, employed in website development. Within the first week I was given the keys to the kingdom in spite of the bank never even performing a rudimentary background check. Also in the first week, I discovered that it would be absolutely trivial for me to steal the credentials of every single user of the site and completely cover my tracks. It has now been MONTHS since I brought it to the attention of the people who I answer to and there is still not even a proposed solution to the problem. Scarier still is that any one of 75-80 people could do this and it does not even require collusion. This to me shows the "high regard" that banks have for your money.

Banks apparently have few with tech. knowledge.

[Futurepower(R)]

They're in denial because they are not aware of the full seriousness of the issue.

I discovered something that amazed me. I was trying to resolve a client's quite simple software issue. I worked with managers of two large banks (tens or hundreds of thousands of commercial accounts). I discovered that one of the banks had no technically-knowledgeable employees, except for computer maintenance staff. They used contractors for everything else. The contractors with whom I talked had little technical knowledge.

The other bank had either no one who was technically-knowledgeable or just a few people.

They don't have just have problems with fraud, they have problems in every area where technical knowledge is needed. They cannot resolve modern problems because they have little or no knowledge of them, and they don't want to learn. Technically knowledgeable people are apparently seen as an annoying necessity.

With employees of a third large bank, at which I have personal and business accounts, I found that I could get a laugh by saying I saw their web site and thought that high school students should not write web sites for banks. Later the web site was improved.

Re:Banks apparently have few with tech. knowledge.

[Tablizer]

Well, a decent techie probably costs them about 150 grand a year if you include related overhead. Thus, they figure the yearly "loss" by *not* having such an employee is less than 150 grand a year. It may not actually be true, but they have no way of knowing.

A lot of times a company ends up with a stupid or shifty IT employee that causes more problems than their worth. If the bank is technically ignorant, then they don't have a good way to filter. Techies raise almost as much ire as auto-mechanics. Both may charge 10 grand to "fix" the Flux Capacitor.

     

Re:Banks apparently have few with tech. knowledge.

[OrangeCatholic]

True. There is a disconnect. Techies don't have the personality to actively brand themselves, and clients don't have the technical skills to appreciate good help.

That's why the most successful techies have good personalities and only a moderate amount of skill.

Example, the last time I had the cable guy over the house, he had never seen Tivo and had no idea that high-def recording or live streaming existed. He didn't know that Windows XP 32 and 64-bit were different (his software failed on my platform), and it was futile to explain the difference. He had never seen a 40" TV used as a computer monitor, either.

But I'm sure he's supporting a family of four. He's mature, been doing it for a while and probably has a great resume.

Now, if you want to go into business as a cable tech, how do you differentiate yourself from this guy, who knows absolutely nothing, and has a better reputation than you do?

Stapler

[Wolvenhaven]

Has anyone seen my red stapler?

Personal Experience

[Tablizer]

I've seen this happen to a co-worker. She was generally quite out-going and talkative. But she started being quieter over time. One day it was announced that she no longer worked at the company, and through the rumor mill I found out that she had embezzled about 5 grand (mid 90's dollars) with the help of her boyfriend. She discovered by accident that some vendors would double-pay an invoice if a second copy was sent by mistake. Thus, she decided to send fake invoices to vendors with a history of double-paying, but with her boyfriend's bank account as the bill-to address of the 2nd copy. Eventually somebody noticed the bogus addresses.

The problem is that they didn't file formal charges because they wanted to protect the reputation of the company. They did confiscate all her future benefits, though; so it was probably a net loss to her.

However, by not prosecuting they set themselves up for a second attack. For another employee of the same accounting department made off with about 25 grand a few years later. I'm sure the second guy factored in the non-prosecution of the first attempt.

I'm not sure how to solve it, other than perhaps making prosecution mandatory. But I doubt companies want that kind of legal complexity for gray areas or where the evidence is weak.

Maybe some kind of "secret victim list" in prosecution, but that goes against the concept of jury-by-peers. The chance of one out of 14 jurors (with 2 alternates) spilling the beans is fairly high. And there's other issues with public disclosure laws.
   

Apple doesn't fall far from the tree.

[Civil_Disobedient]

I guess it's only fraud when the bank is the one getting ripped off.

When they're handed hundreds of billions of dollars of taxpayer money to shore up bad debt and open up the faucet of commerce, but then instead decide to stop lending and hoard the cash... that's... something else? Right?

I have NEVER seen...

[ibsteve2u]

an argument that started with the word interestingly:

"Interestingly, it's not the stereotypical offshore or outsourced employee who's most risky to their organizations.

that was not somebody attempting either a subterfuge or the implantation of a subliminal suggestion.

You see, it may very well be true that "offshore" employees in banking have less culpability, thus far...which - entirely coincidentally, I'm sure - corresponds directly to the amount of penetration into banking that offshoring has - thus far.

Interestingly, don't you think that such statistics provide a a nifty argument for offshoring banking?

Who gathered and "analyzed" this "data", again?

Re:The other 28% must be small banks or...

[Mr2001]

Well, I said IANA statistician. Can you show your work? It does make sense that some banks would be able to hire 100 employees under those circumstances and not bump into a criminal; but the exact equation isn't something with which I'm familiar.

If each employee has a 1% probability of being a criminal, the probability of each employee not being a criminal is 99%. If you pick two random employees, 99% of the time the first one will not be a criminal, and 99% of those times the second one won't be either: the probability is 99% * 99%, or 99% to the second power.

Thus, the probability of 100 employees not being criminals is 99% to the 100th power (0.99 ^ 100 = approximately 0.366 or 36.6%).

Bankers I have talked to ...

[Alain+Williams]

Some years ago I did some work at a bank in Luxembourg for a few days. One machine there was a ST400 - a SWIFT machine that could be used to ''wire'' money anywhere in the world. You send a message to this box (over a TCP/IP connection) and it would send money anywhere in the world. There was no protection on this, no login/... to control access. Everyone had a laptop (with working floppy) and could connect to the ST400. There were SWIFT books around the place describing the message format, many of those were familiar with the format.

In a bar one evening I pointed out ''how simple it would be to send a few million to a bank in Rio''. I was told ''Who wants to live in Rio?''. They were not interested in trying to fix it.

About that time I did some work at a bank in London. Every morning the director of securities arrived in the IT department with a list of errors from the overnight run (all audit trailed, etc). He got a programmer to fix them which he did by running up an SQL interpreter. There was no oversight, the director walked away before this was completed, there was nothing to stop the programmer from doing it whenever he wanted. The programmer was employed through an agency, not a bank employee.

I met someone at a social function, asked him what he did: ''I am a banker, I get to rob people legally'' -- at least he was honest!

I could go on. This sort of stuff is endemic.