ID Thief Finds Holes in Institutions' Security


Most financial institutions are surprisingly vulnerable to identity theft, according to a hired gun who makes his living by penetrating their security systems.

With over 100 successful heists to his credit, Jim Stickley is one of the most successful bank robbers of all time. But he’s not after the cash. He’s after something more valuable — identity. Most bank robbers only get away with a few thousand dollars; Stickley gets away with information worth millions.

Stickley’s company, TraceSecurity, is hired by financial institutions to perform vulnerability audits on them, in which he attempts to steal names, addresses, Social Security numbers, credit card numbers, and passwords.

Booming Business
TraceSecurity has been getting a lot of calls lately as financial institutions beef up their information privacy practices, motivated by the recent spate of high-profile identity thefts and an increasing number of information privacy and disclosure regulations.

“Most financial institutions are surprisingly vulnerable to identity theft,” says Stickley, whose teams focus on social-engineering exploits. “They spend millions on high-tech computer security defenses, but often fail to address the simplest, most critical aspect of information security: the human element.”

Stickley and his team successfully complete their heists 90% of the time. The other 10% of the time, vigilant staffers thwart the heist. It’s not unusual for a single TraceSecurity social engineering team to rob three or four financial institution's branches in a single day.

They start by impersonating someone of trust or authority, such as an air conditioning technician or a fire marshal. When they show up, in fake uniforms with fake badges, the receptionist often welcomes them with coffee.

Within minutes, they have free range of the institution as they crawl under desks, steal backup tapes, and install spyware on the computers. In the evening, TraceSecurity returns to “dumpster dive,” which often yields a surprising amount of sensitive customer account information in the trash.

Once the heist is completed, the TraceSecurity team returns the stolen information to the institution’s executives who hired them, and provides recommendations on how to prevent actual criminals from perpetuating the same crime.

See Also: Financial Services, Fraud and the Future of Digital Onboarding

© National Security Institute, Inc.

– This article is the property of the National Security Institute and my not be copied or redistributed in any fashion without an appropriate licensing agreement. For more information and FREE samples, visit http://nsi.org/SECURITYsense2.html.



About the Author




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.