Banks to blacklist rogue workers in fraud fight

Major U.S. financial institutions are working to set up a new defense against insider fraud: a database of employees who are known to be scam risks.

Banks and similar organizations already run reference and background checks on new employees, but an extra security measure is needed, according to BITS, a consortium of 100 of the largest U.S. financial institutions, including JPMorgan Chase and Wachovia. The new database, announced Wednesday, will list information on employees at financial institutions who were fired because they compromised customer data or knowingly caused financial losses, the group said.

"There is a phenomenon of people being able to literally walk down the street to another financial institution and get hired," said Cheryl Charles, a senior director at BITS. In one case, the same scammer was hired by three institutions, she said. "This new database is going to help prevent that kind of thing."

Reports of insiders attacking financial services systems are on the increase. In a 2004 Deloitte survey of IT security in the industry, 35 percent of companies said they had come under an attack from an internal source. That's up from 14 percent in 2003.

That trend has been reflected in high-profile security breaches at banks. In one example in April, police in Hackensack, N.J., arrested nine individuals who were allegedly involved in selling the personal information of just under 700,000 people. Eight of the suspects were bank employees, and Bank of America and Wachovia were among the big companies that had to notify customers that their account information had been stolen.

The compilation of information on insider risks is meant to help prevent such breaches, Charles said.

"Unfortunately, there is not a good way today to track who these people are. So we're putting them in a database--of course, consistent with the law and making sure nobody's privacy is violated," she said. The database is currently under development and should be ready by mid-2006, BITS said.

The blacklist is one of the ways financial institutions are fighting fraud. Banks are also increasingly protecting their online services and putting up shields against phishing attacks.

The Federal Financial Institutions Examination Council recommended earlier this month that banks introduce multiple-factor authentication by the end of 2006.

Is This Legal?

I sure wouldn't want to be the guy at the bank
who puts names into this database. There have
been anti-blacklist laws for about 100 years.

Only if a person has actually been convicted
of a fraud-releated crime would this sort of
thing be allowed, under current law. . .

[heystoopid]

waste of time

Like all lists, it is obsolete as soon as it is written! The only crime here, is that all honest customers are charged extra in higher fees and charges to compensate the organizations lack of integrity to adequately maintain data and customer security at all times. The old story, you pays your money, and you get what you pays for!, no more no less!

[hunter351]

Who all wiill this include?

I know people automatically judge an individual for saying that a "friend" might show up on this list, but this is the case for me. He was "let go" back in 2001 for taking money from his cash drawer. The bank he worked for did not charge him with anything, but will this sort of thing show up on this list.