Raising the Stakes for Internal Fraud
0 comment(s)
Earlier this week, Bank Info Security released an article on the Computershare civil suit against a former employee for stealing company information and shareholder data. The piece discusses the potential impact such a suit might have on the financial services industry, and I was able to contribute my two cents about the matter.
My opinion is, that in the case of data breaches and insider fraud, legal action against employees is historically rare. Most of the time these incidents are handled as internal matters; the exceptions have only been the worst or largest breaches and fraud schemes.
But, we do see a shift in how firms are approaching internal fraud. A handful of high profile internal data breaches and fraud cases (e.g., SocGen, UBS, Madoff… the list goes on…) have shown the need to be more proactive and aggressive when it comes to monitoring internal behavior and pursuing action against offenders. In some cases, of course, firms are being held legally liable for the breaches and fraud losses committed by their employees. So the stakes are higher, and more firms are taking an approach of “the best defense is a good offense”. I think that’s what we’re seeing here.
Also, firms are more educated about the risks of data breaches. Traditionally it’s been hard to quantify the risk or loss tied to a data breach, since no funds were lost initially. Because it’s hard to quantify, few proactive steps were taken to manage the risk. But over time, firms have learned to draw clearer lines between a data breach now, and the eventual financial loss and/or reputational damage that happens later.
I encourage you to read the full piece, which includes quotes from Aite’s Julie McNelley and a spokesperson from Wells Fargo.
Posted in:
Internal Fraud
Collusive Networks
Account Takeover Identity Theft