Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


04:11 PM
Connect Directly

Bankers Gone Bad: Financial Crisis Making The Threat Worse

Seventy percent of financial institutions in the past 12 months have had cases of insider fraud, new survey says

A former Wachovia Bank executive who had handled insider fraud incidents says banks are in denial about just how massive the insider threat problem is within their institutions. Meanwhile, the economic crisis appears to be exacerbating the risk, with 70 percent of financial institutions saying they have experienced a case of data theft by one of their employees in the past 12 months, according to new survey data.

Shirley Inscoe, who spent 21 years at Wachovia handling insider fraud investigations and fraud prevention, says banks don't want to talk about the insider fraud, and many aren't aware that it's an "epic problem."

"There needs to be more training around this issue," says Inscoe, who co-authored a book about bank insider fraud called Insidious -- How Trusted Employees Steal Millions and Why It's So Hard for Banks to Stop Them, which publishes later this month. "We are seeing a huge increase in this country of organized crime rings threatening individuals who work in financial institutions and making them [commit fraud on their behalf]," she says.

Meanwhile, according to a new survey by Actimize, nearly 80 percent of financial institutions worldwide say the insider threat problem has increased in the wake of the economic downturn. "A significant number of folks are being impacted more than a couple of years ago," which is when the last survey was conducted, says Paul Henninger, director of the financial crimes product group at Actimize. The Actimize survey found that only 28 percent of financial institutions had not suffered an insider breach in the past 12 months.

"The severe recession has put these employees into a position to cross the line," he says.

Interestingly, it's not the stereotypical offshore or outsourced employee who's most risky to their organizations. Nearly 70 percent of financial institutions say their full-time employees are most likely to pose an insider fraud threat, versus 10 percent of part-timers, 8 percent of outsourced workers, 6 percent of temporary workers, and 5 percent of offshore employees, according to the survey.

Nearly 60 percent of the respondents in the survey ranked tellers and traders as the highest risk of insider fraud, followed by administrative/back office (55.74 percent), technology (34.43 percent), executive/senior management (29.51 percent), call center (29.51 percent), and line of business (26.63) employees.

The typical profile of the banker fraudster that Inscoe and co-author BC Krishna say typically commit these crimes is one of a bank's top performers, who is well-versed in its operations and how to circumvent them and remain under the radar.

But some security measures for limiting user access to sensitive data, such as minimizing user privileges, don't apply cleanly for banks. "What makes this problem interesting is that these employees need to have these privileges -- branch managers, customer service representatives, call center workers," Memento's Krishna says. "If you take them away, they can't do their jobs...a teller needs user privileges to go in and change an address, for example. It's impossible to implement dual controls -- you'd create customer service problems. The best thing they can do is proactively monitor and look for signs that user entitlements aren't being abused."

And in most insider fraud cases at banks, the employee has the motivation (think financial pressure, revenge) and the opportunity. Many of these cases start out with the insider intending to repay the money they moved or stole, Inscoe says. "In every situation I've been aware of, the person has been intending to repay the money, almost like a short-term loan they're giving themselves," she says. Unfortunately, the scam continues and the person never actually gives back the money, Inscoe adds.

Some banks are also missing a key element of the insider threat, too, she says. "Some are only focused on internal fraud if money is involved. I have a huge problem with that," Inscoe says. So if an employee is caught surfing customer data, they don't bother pursuing the case because no money was lost or stolen, she says.

"But for all they know the employee was selling that data to an external crime ring, incurring huge losses," she says. "And it breaks the customer's trust in their financial institution [if these cases are overlooked]. I have a real problem if banks say the only real insider fraud is if they see hard dollar loss."

'Should Have Been Caught Long Ago'
Nearly half of the banks in the Actimize survey say they are losing 1 to 4 percent of their total revenues to insider fraud, and the biggest challenges to meeting the threat are cost/expense (67 percent), data availability/access (55.77 percent), availability of tools (46 percent), and general resources/priorities (46 percent).

Inscoe and Krishna's book, meanwhile, explores several real insider fraud cases, including that of "Donna Lee Munson," a former assistant vice president of a bank in Georgia. The authors interviewed Munson (which is not her real name), who was convicted of stealing nearly $200,000 from her bank, in their book just prior to her serving her 18-month sentence at a federal prison. Munson transferred small amounts of money from bank customers' CD's to her own account over a period of time, with the intention to pay it back. "I never took any cash. Cash seemed wrong to me. Cash seemed like a tool of my job. But the paper part of it just seemed different," she said in the book interview.

Munson said her situation became so out of hand that she was unable to repay the money without arousing suspicion. Munson said banks should have better systems to catch employees like her who use their jobs to steal money. "They should have caught me a long time ago," she said in the interview.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio


Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-08-10
A cross-site scripting (XSS) vulnerability in the Credential Manager component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link.
PUBLISHED: 2020-08-10
An SQL injection vulnerability in the Assets component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database.
PUBLISHED: 2020-08-10
An SQL injection vulnerability in the Analytics component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database.
PUBLISHED: 2020-08-10
A cross-site scripting (XSS) vulnerability in the Permissions component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link.
PUBLISHED: 2020-08-10
In MyBB before version 1.8.24, the custom MyCode (BBCode) for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be exploited by pointing a victim to a page where the visual editor is active (e.g. as a post or Private Mes...