News & Events
Is this an honor? Texas leads U.S. in foreclosures
Fort Worth Business Press, 04/11/2005
Breaking into a bank for fun and profit
It’s not every day that someone who breaks into banks and financial institutions shares secrets.
Jim Stickley does not actually break into banks. He’s usually invited in, at least by top management. Stickley gets paid to steal personally identifiable information such as names, addresses, Social Security numbers, credit card numbers and passwords.
Financial institutions hire Stickley’s firm, Baton Rouge-based TraceSecurity, to perform vulnerability audits of their banks. To perform the audits, Stickley and his team masquerade as air conditioning repairmen and the like, enter a bank branch, and see what they can get away with, be it sticky notes with passwords or information written on notepads. Their success rate is high. They successfully complete their heists 90 percent of the time. The other 10 percent of the time vigilant bank staffers thwart their heist.
“Most banks are surprisingly vulnerable to identity theft,” said Stickley. “They spend millions of dollars a year on high-tech computer security defenses, but often fail to address the simplest, most critical aspect of information security: the human element. A bank can have the strongest doors on their vaults, but if they invite me in and allow me to wander their office, I can steal much more than their money,” he said.
Stickley recommends banks looking to reduce identity theft follow these practices:
- Shred bins should be conveniently located near all bank employees.
- Confidential information and computers should not be left unattended under any circumstances.
- Sensitive data, including computer backup tapes, should be encrypted.
- To prevent phishing, all e-mails should be verified for authenticity.
- All bank employees must be trained on proper policies and procedures.
http://www.fwbusinesspress.com/default.asp?smenu=190&twindow=Default&mad=No&sdetail=3430&wpage=1