Man clicked to others' bank account

[InfoSec News <isn () c4i org>]

http://www.nzherald.co.nz/storydisplay.cfm?storyID=1190521&thesection=technology&thesubsection=general

08.03.2002
By RICHARD WOOD 

The ASB Bank mistakenly gave Cambridge man Bruce Laugesen online
banking access to a joint bank account belonging to a couple in
Mahitahi, in South Westland.

The couple did not have internet banking access themselves, although
they are ASB Bank customers and use ASB Fastphone telephone banking.

The mixup occurred because the customer in Mahitahi, Bruce Laugesen,
has the same first name, middle initial and last name as the Cambridge
man.

Although Mr Laugesen in Cambridge immediately advised the ASB Bank
when he discovered he could gain access to someone else's account over
the internet at the weekend, the Mahitahi couple were unaware of the
security breach until the Herald talked to them on Wednesday night.

Consumers' Institute chief executive David Russell said the ASB Bank
should have contacted the couple immediately.

"The ASB certainly owes two customers a big apology, and of more
importance and to the rest of the ASB customer base is that it puts in
place systems that do their very best to prevent this happening
again," he said.

A chief investigator with the banking ombudsman, Susan Taylor,
described the situation as a "serious breach of privacy" and said it
was the first occurrence she had heard that involved the internet.

The banking ombudsman's office does not investigate unless a formal
complaint is laid and is subsequently not resolved by the bank.

ASB Securities managing director Tim Preston said that it was human
error and no reflection on the security of ASB's electronic systems.

He said the two customers' accounts were wrongly linked by a staff
member who did not follow company procedures.

"The staff member acted on name linkages only, when bank policy
requires further checks and matches. The bank is disappointed that
such a serious mistake was made and the staff member concerned has
been made aware of the inadequacy of their actions."

Mr Preston said the ASB gave customers one number and all accounts
relating to that customer were linked.

Once alerted to the issue, he said, the bank immediately separated the
accounts, investigated the cause, and was contacting the customers to
apologise.

"As a result of this, we will be reviewing company procedures to
ensure this cannot happen again," he said.

The Laugesens in Mahitahi hold bank accounts at the Hokitika branch of
the ASB and Bruce Laugesen of Mahitahi said he was quite happy with
the branch.

But he was concerned at how easy it was with the internet and the
telephone systems to access accounts, pay bills, and shift money
around.

"The way computer systems are these days these things are going to
happen. It will probably happen more and more as we more and more
become dependent on computers.

"I think I'll go back to getting rid of the phone banking and just
paying it."

The ASB says in its annual report that it has 100,000 internet
customers who together make more than 1 million transactions a month.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.