[ISN] Man clicked to others' bank account

From: InfoSec News (isnat_private)
Date: Wed Mar 13 2002 - 01:15:23 PST

  • Next message: InfoSec News: "[ISN] Commentary: The Best Way to Make Software Secure: Liability"

    http://www.nzherald.co.nz/storydisplay.cfm?storyID=1190521&thesection=technology&thesubsection=general
    
    08.03.2002
    By RICHARD WOOD 
    
    The ASB Bank mistakenly gave Cambridge man Bruce Laugesen online
    banking access to a joint bank account belonging to a couple in
    Mahitahi, in South Westland.
    
    The couple did not have internet banking access themselves, although
    they are ASB Bank customers and use ASB Fastphone telephone banking.
    
    The mixup occurred because the customer in Mahitahi, Bruce Laugesen,
    has the same first name, middle initial and last name as the Cambridge
    man.
    
    Although Mr Laugesen in Cambridge immediately advised the ASB Bank
    when he discovered he could gain access to someone else's account over
    the internet at the weekend, the Mahitahi couple were unaware of the
    security breach until the Herald talked to them on Wednesday night.
    
    Consumers' Institute chief executive David Russell said the ASB Bank
    should have contacted the couple immediately.
    
    "The ASB certainly owes two customers a big apology, and of more
    importance and to the rest of the ASB customer base is that it puts in
    place systems that do their very best to prevent this happening
    again," he said.
    
    A chief investigator with the banking ombudsman, Susan Taylor,
    described the situation as a "serious breach of privacy" and said it
    was the first occurrence she had heard that involved the internet.
    
    The banking ombudsman's office does not investigate unless a formal
    complaint is laid and is subsequently not resolved by the bank.
    
    ASB Securities managing director Tim Preston said that it was human
    error and no reflection on the security of ASB's electronic systems.
    
    He said the two customers' accounts were wrongly linked by a staff
    member who did not follow company procedures.
    
    "The staff member acted on name linkages only, when bank policy
    requires further checks and matches. The bank is disappointed that
    such a serious mistake was made and the staff member concerned has
    been made aware of the inadequacy of their actions."
    
    Mr Preston said the ASB gave customers one number and all accounts
    relating to that customer were linked.
    
    Once alerted to the issue, he said, the bank immediately separated the
    accounts, investigated the cause, and was contacting the customers to
    apologise.
    
    "As a result of this, we will be reviewing company procedures to
    ensure this cannot happen again," he said.
    
    The Laugesens in Mahitahi hold bank accounts at the Hokitika branch of
    the ASB and Bruce Laugesen of Mahitahi said he was quite happy with
    the branch.
    
    But he was concerned at how easy it was with the internet and the
    telephone systems to access accounts, pay bills, and shift money
    around.
    
    "The way computer systems are these days these things are going to
    happen. It will probably happen more and more as we more and more
    become dependent on computers.
    
    "I think I'll go back to getting rid of the phone banking and just
    paying it."
    
    The ASB says in its annual report that it has 100,000 internet
    customers who together make more than 1 million transactions a month.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Mar 13 2002 - 04:29:00 PST