Perhaps the most important computer security question you should be concerned with is the protection both of your bank account and your identity information related to your bank.
We’re not talking here of the steps a PC user needs to take to safeguard bank and identity information on his or her hard disk, but the identity theft protection your bank is taking to safeguard data on you.
It has been known since 2006 that many banks have proven vulnerable to identity theft. In that year, Wachovia Bank had 441 reported cases of identity theft, HSBC, 571, Discover, 667, Well Fargo, 786, Washington Mutual/Providian 885, Citibank, 1249, Capital One, 1328, JP Morgan/Chase/Bank One, 1839 and Bank of American/MBNA, 3351, according to a report covering a mere three months (figures taken from Hoofnagle’s report published in PC Magazine). Since then, the numbers have improved, but reported cases have not disappeared.
There are basically two kinds of identity theft found in banks. One, the one you are most concerned about, is account takeovers. The banks need to be concerned about the other kind; it is called synthetic identity theft.
In this case, a hacker creates a new account, a fraudulent account with a fake identity. It is an identity theft protection issue to the extent that if a hacker can create a new account in the bank’s production systems, the same hacker may also use the same techniques to view and perhaps manipulate other accounts, including yours. Then, the hacker can take over your account, and your identity.
Whether your identity is exposed or the bank is exposed, identity theft protection or identity theft prevention is the issue; more basically, the complete security policies of the bank is the issue. What has been done since 2006?
For one thing, identity theft protection has come to the forefront of system designers, engineers, managers and the like, as a fundamental design requirement for any bank information system. This is not to say that security has not always been a fundamental consideration; it has now become an issue that will determine the very viability of the bank and of its standing in the industry.
Many banks that were part of the identity theft problem in 2006 are gone now or have suffered terrific downsizing. This in itself is troublesome: less money for information security, for information security specialists, means more exposure for you.
We cannot say with certainty that the recent bank problems are are all aware of has, without question, made banks and their identity theft protection policies, procedures, methods, and controls more vulnerable. It may not have an appreciable impact at all. But one thing is certain: when money is scarce, protection and the engineering needed to implement it simply cannot be afforded.
What does the collapse and turmoil in the banking industry signal to you about the security of your identity? Namely this, that you would be wise to check out your banks security performance now. It’s only reasonable: the less guards you have at the gates, the less protection you have. Ask your bank now how their security has performed and check out internet sites that are following this problem now.