Identity Theft at Banks

Last few weeks the news is that the top banks are doing massive job cuts to reduce operating costs. In my view, cutting jobs is a desperate move and not the best way to reduce costs. As a tactic to cut costs, it should be used last because of the long-term repercussions on employee morale, organization culture and performance. Thoroughly explore other aspects or line items to determine whether costs can be reduced in other areas. One of the areas where banks are facing a problem is the increasing amount of frauds, especially identity thefts.

I am using the report “Measuring Identity Theft at Top Banks (Version 1.5)” prepared by Chris jay Hoofnagle to support my argument. Secondly, the Fraud Survey 2010 conducted by SMG Group is relevant. Although the reports provide a little old data, I recommend both of them for a read to banking industry professionals. Below are some of my points.

To give a backdrop, according to the survey findings 76% of the frauds are detected in banks when the customer notifies the bank. This doesn’t reflect very positively on the fraud prevention measures put in place by the banks. An organization has high fraud risks for three reasons:

1)    Senior management is not committed to preventing frauds

2)    There is insufficient investment in technology and systems to detect and prevent frauds.

3)    The fraud investigation teams are either incompetent and/or deviant.

Chris Hoofnagle study states that the biggest banks are having the largest problems (page 16). Now this is interesting, because large banks would have the money to invest in technology and systems to prevent fraud. Hence, why are they failing?

On page 20, the graph titled “Top Credit Card Issuers by Volume, 2006” depicts an interesting picture. Quote from the report –

“When the estimated annual events are applied to the top ten credit card issuers according to the Nilson Report, by volume of cash advances and purchases made in 2006, American Express emerges as the least likely to suffer an identity theft event, followed by USAA. While Bank of America ranked highly in overall events, adjusting for credit card volume, Wells Fargo, HSBC, and Capital One emerge at the top.”

See the graph below, which gives the number of fraud events per billion in annual volume.  The top 25 banks in US accounted for 49.9% of identity theft complaints.

A second graph on page 22 gives a comparison on the top 25 banks identity thefts per 1000 customers, including the difference between retail depositors. Again, the top banks are doing badly. See the graph below:

Now in my view as most of these are credit/debit card frauds, then controls need to be put in place here. In credit/debit card frauds, the most frequent is that of “Card Not Present”. This can be through either internet or telephone banking. Now to actually verify the authenticity of the customer, banks must ask a series of questions from the customer – name, date of birth, place of birth, address etc. Secondly, for cards additional information needed is- credit card numbers, credit card holder name, expiry date and CVV number. Now how difficult is that to check and control. Why are fraudsters able to use Bin Card generating software and get away with millions in fraud?

In my view, something is not right. Banks should focus on reducing fraud costs to improve operating profits. What do you say?


Measuring Identity Theft at Top Banks (Version 1.5) by Chris Jay Hoofnagle –
University of California, Berkeley – School of Law, Berkeley Center for Law & Technology

2010 Survey Results- The Faces of Fraud- Fighting Back by SMG Information Security

2 comments on “Identity Theft at Banks

  1. They say that wisdom is developed after happening of an event. In banking industry operating and internal controls need go in a “hand in glow” kind of style. Now a days exhaustive transactional analysis of the source document is undertaken based on the data available in hard or in soft form. When an in depth transactional analysis is undertaken consciously, mindfully, intelligently, judicially with well tested discrimination by a seasoned visionary in the field of user friendly banking services matured wisdom does deliver the effectively tested preventive control that can also provide support the control mechanism on detection and rectification of the faulty – revenue loosing – controls. These well tested and qualitative preventive controls alone effectively reduce the fraud costs over a period of time and therefore positively improve operating profits – a macro economic virtuous circle. True, increasing operating profits when earned consistently present a healthy scrip picture of a banker. The truth is that banks may hardly have – in fact no time at all – and opportunity to manage and control the fraud costs – macro economic vicious circle – when frauds are caused as a result of the weaker and unwise preventive controls. In 2012 a banker needs to globally contribute to the human resource development inculcating and educating trustworthy banking habits, as they say that excellence is a habit.

Comments are closed.