Wednesday, July 13, 2005

Security at Bank of America??

Bank of America is toughening up it's systems against online fraud. Their new system is supposed to help prevent against phishing attacks and offer two level authentication at the banks site. This is all well and good, and much needed. The online world is only as safe as we make it. BofA could almost be commended for the effort.

The problem at BofA though has not been at its site or phishing attacks. It's been insiders stealing customers information and offering it for sale. It's been the bank and it's business associates losing unencoded back-up tapes loaded with customer information.

It's great that BofA is doing something about authentication and phishing. More importantly it needs to do more at protecting our information in-house.

The majority of hacking type attacks come from inside a company. Ask any director of an I.T. department and they'll tell you the same. BofA has shown that they are succeptable to insiders trading information for cash. They need to ensure that the procedures used to get information on customers is not automated in their systems.

The back-up tapes, they send out, should be encrypted at the source. Preferably the information should go over a dedicated wire, instead of physically shipping the information.

The more humans that are taken out of the loop, in these cases, the less a human error can take place. When less people are involved, there is less of a chance for greed to be involved.

Bank of America is not alone in screwing up. It's happening all over the country, and in fact the world. Just recently a company in India, that was doing out-sourced work for a British bank, was found to have an employee selling CDs of customer information.

Banks need to do more to protect the information that they have. Preventing against phishing attacks isn't enough.

Out-sourcing to foreign countries isn't the answer to cutting costs either. Especially when those countries have no laws against selling customer info, nor the law enforcement capacity to do something when it happens.


Post a Comment

<< Home