Bob Tarzey: It is not just immediate data losses that have to be paid to customers

Security relies on new technologies

Despite plenty of press coverage about leaked financial information, banks and other financial institutions tend to be ahead of their counterparts in their use of technologies and network security, writes Bob Tarzey

Written by Laura Hailstone

CRN, 28 Feb 2008

Many data leaks are due to the carelessness of third parties, rather than the banks themselves.
They are also caused by sloppy handling of credit card details by retailers, government departments that are cavalier in their handling of citizens’ data, or consumers falling victim to scams.

But what can the banks do to maintain customer confidence?
First they need to make sure that whatever dangers outsiders expose them to, they know who is doing what on their own systems.

This requires strict asset management and auditing of access to data and how it is used. But it also needs to go beyond this. Internal processes for handling data need to be clearly defined
and easy to follow. It is all too easy to blame a lowly employee for being naive enough to put an unencrypted disk in the post, but they were only trying to do their job and poor processes allowed them
to copy the data to the disk in the first place.

Accountability needs to be pushed upwards to those who define the processes.
It is not just banks’ employees who need better education, it is customers too. Customers like internet banking and the immediate access it gives them over their own financial affairs.

Nearly all customers are on the same side as the banks; they do not want to provide thieves with access to their accounts any more than the banks do, but many are still duped by seemingly obvious scams.

Much financial fraud is not down to direct access to individual accounts but is through fraudsters applying for loans, for example, by successfully passing themselves off as a respectable individual.
With a list of details including names, addresses, dates of birth and account details that the UK government at least, seems to make so readily available to anyone, this can be all too easy to do.

Here, banks can invest in technology that can spot when a PC is likely to be used for making fraudulent applications.

Vendors such as Iovation provide technology that spots anomalous activity, such as serial loan applications from a single device and maintains a library of known rogue devices.

Banks will never be able to completely curtail bad data management practices by outsiders, but ultimately it is the banks and the banks alone that have responsibility for who can access their systems and who they dish our money to.

If banks can demonstrate firstly that they are not themselves responsible for data leaks, that they share data with third parties securely and that when data is leaked their access controls and processes for handling potentially fraudulent applications are water tight, then they should be able to maintain customer confidence.

Not getting all this right can prove very expensive.
It is not just the immediate financial losses incurred through theft and the compensation that might have to be paid to customers.

It is the more serious long-term damage to brand reputation and the loss of customer confidence and loyalty that is likely to entail.

Quocirca’s report Banks and data leak prevention is available free of charge to all CRN readers. Visit: www.tinyurl.com/2rrxgv

Bob Tarzey is service director at Quocirca.

  • Have your say
  • Send to a friend
  • Share
  • Print

See also:

reader comments

related articles

Fraud

Recession causes huge rise in identity fraud

Criminals are finding it easier to hijack people's accounts 04 Feb 2010

Security

Infosec 2010: Retailers blamed for making shoppers vulnerable to fraud

Some 44 per cent of London commuters claim to have suffered from bank fraud 26 Apr 2010

Security

Scareware rise heralds step change in cyber crime

Latest Symantec report finds criminals making over £800K a year from scams 19 Oct 2009

latest news

Ingram sales up more than a quarter in Q2

Distribution giants enjoys healthy sales growth as profits more than double 30 Jul 2010

FAST launches three-pronged attack on piracy

Organisation joins forces with Trading Standards teams in Cardiff, Southampton and the Royal Borough of Windsor and Maidenhead to stamp out illegal software use 30 Jul 2010

Avisen grows sales threefold after shopping spree

Buy-and-build firm completes integration of six acquisitions as annual revenue grows to £7.2m 30 Jul 2010

More news

analysis and reports

A study into the UK managed IT services sector
This report presents the findings of the research, within the context of the wider market trends impacting the IT services sector.

Blackhat SEO: inside fake anti-virus
This paper provides insight into where FakeAV (or scareware) comes from, what happens when a system is infected, and how users can protect themselves.

poll

Two-horse race?

Two-horse race?

Can HP challenge Cisco's dominance in the networking arena?

View poll results

cloud computing

CRN Chatroom: Embracing the Cloud in the Channel

This CRN Chatroom, in association with IBM, looks at the impact of cloud computing on the channel and the benefits it can offer to resellers

David Hobson

In the Studio with CRN: VARs lift lid on ADSI

CRN finds out more about the UK IT security channel's first governing body

More CRN TV

events

virtual datacentre

CRN Briefing: Demystifying virtualisation and the datacentre

Join CRN at this exclusive briefing event taking place on Thursday 5 August, in association with Ingram Micro and Cisco.

CRN Golf Challenge 2010

Join us at the exclusive Foxhills Golf Course on Tuesday 7th September for the eighth annual golf challenge

More Events

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Primary Navigation