For over 200 years, the term “trust” used in a financial sense (e.g., “bank and trust”) has implied confidence in the trustee. I’d wager that most of us still believe our banks are fiduciary trusts and that our money is being safely held by a third party. However, the trends highlighted in a recent New York Times article, “Bank Tellers, With Access to Accounts, Pose a Rising Security Risk,” could change our minds. Not only is our money at risk at many financial institutions, so are our digital identities.
The Times article focuses on the rising threat posed by low-paid bank tellers who have excessive access to sensitive customer data. The tellers profiled in the article don’t simply steal from customers directly; they act as conduits for criminal networks. Tellers can access and sell customer data for as much as $2,500 per record according to The Times, with very little risk of detection.
And the risk to consumers is bigger than cash withdrawals from their bank accounts. Once digital identities, including Social Security numbers, are being traded on the black market, consumers are at risk for all kinds of fraud. The article cites examples of stolen identities being used to print fake ATM cards, which are then used to withdraw money from accounts; to take out fake loans in the victims’ names; and to create fake drivers licenses in order to apply for fake credit cards, which are used and approved at fake businesses.
Gaining access to customer data is relatively easy for employees, yet many banks do not have the right controls in place to detect and prevent it. The situation has escalated to the point where legal and regulatory authorities are urging the adoption of stronger security policies and processes at financial institutions. To prevent identity theft, banks must restrict the information that tellers can access, and they must monitor tellers’ access to sensitive data to detect any suspicious activity.
The good news for financial institutions is that the right identity governance solution can help them identify high-risk access to sensitive data and apply automated controls to reduce that risk. With controls such as access certifications and policy scans, banks can detect excess or inappropriate access and automatically revoke unnecessary privileges, and they can ensure that tellers only gain access to information required to perform their job duties (“least privilege”). By implementing the right identity governance solution, banks can protect digital identities, prevent criminal exploitation, and restore consumer confidence in fiduciary trustees.