[ISN] Book Excerpt: Identity Thieves (Chapter 7 from Dan Verton's latest book, The Insider)

Tue Nov 15 01:27:57 EST 2005

http://www2.csoonline.com/exclusives/column.html?ID=14346

[InfoSec News hoped to have recieved a review copy of "The Insider"
from the publisher, but the author, Dan Verton "wasn't willing to
incur the expense for email lists whose members have already read
multiple reviews in various publications that they all get." 
So here's is an excerpt of an excerpt, of what I've seen of 
"The Insider" online.   - WK]

-=-

The infamous outlaw Jesse James likely spins in his grave each time 
somebody utters the following statistic: bank robberies are actually 
on the decline, with banks reporting only $70 million in losses in 
2001 from robberies and average losses from those robberies totaling 
less than $5,000 per incident between 1996 and 2001. The decline of 
traditional-style bank robberies is a direct result of improvements in 
technology and the application of those technologies to the new 
banking environment. Today, banks are open, airy places, well-lighted 
and equipped with silent alarms, networked surveillance cameras, 
tainted "bait money" that enables law enforcement officers to track 
the thieves that manage to get away, and a massive electronic 
infrastructure that no longer requires bank tellers to have access to 
large stores of cash to conduct financial transactions.

But have bank robberies really declined in recent years? The answer to 
that question really depends on how you define bank robbery. In the 
modern age of electronic banking, Internet technologies have 
transformed the banking experience to such a significant degree that 
the concept of bank robbery can no longer be defined as its 
traditional form. Today, the traditional bank robbery, in which an 
armed robber physically enters a bank to carry out a "a stick-up," has 
been replaced by a growing multitude of fraud schemes, including check 
fraud, credit card fraud, automated clearing house (ACH) fraud, 
Internet commerce fraud, phishing scams, loan fraud, securities fraud, 
embezzlement, and identity theft.

The modern American bank has recognized the security risks associated 
with the new electronic frontier and, as a result, has deployed all 
the state-of-the-art electronic security devices that one would expect 
to find in a security conscious enterprise - firewalls, intrusion 
detection devices, password management systems, and powerful 
encryption technologies. Yet banks and financial institutions continue 
to lose millions of dollars every year to trusted insiders who 
understand where the weaknesses are in the system.

In fact, insiders accounted for approximately 70%, or $2.4 billion, of 
the $3.4 billion that banks lost as a result of both internal and 
external fraud and hacker incidents in 2004. During the previous year, 
24% of all FBI investigations and eventual convictions were related to 
insider fraud. In 2003, the FBI investigated nearly 7,300 cases of 
insider fraud in the banking and finance sector. Those investigations 
led to 2,397 convictions or pretrial diversions, leaving a whopping 
two-thirds of all reported cases unsolved.81

The FBI has also been tracking so-called "problem institutions" 
throughout the banking and finance industry. These organizations are 
defined as having "financial, operational or managerial weaknesses" 
that threaten their continued viability.

[...]