BrokeBerry

Attack Computer Wiz

A Security & Technology Weblog

I was at my local bank the other day waiting in line to make a deposit. The line was not very long and I didn’t expect much of a wait. There were two tellers working with customers and a third teller was at her window working with some paperwork. She waived me over to her window and stated that she would help me. I handed over my deposit and informed her that I would like to purchase a roll of the latest presidential dollar coins. She said sure, and told me that she needed to go to the vault to get the coins.

She left me at her window and walked away. As I was standing there alone I could not help but look down at the stacks of papers in front of me, three different stacks to be exact. I could clearly see the top sheet of paper on each. The heading was something like Social Security Direct Deposit Request Form. Each form was completely filled out with a customer’s name, address, phone number, social security number, bank account number, routing number, and a dollar amount. There was some other information there also, but I don’t recall what it was.

As a security professional I am always on the lookout for possible risks, legal violations, or policy violations. What could I, if I were an identity thief do? Steal the paperwork? Try to memorize the information? What about my camera phone, how about snap a picture of the documents? Any of which I could have easily done and I highly doubt anyone in the bank would be the wiser. Until of course they reviewed security camera footage if they even would think too.

This is not the first time, nor will it be the last time this opportunity would come up. Just days earlier I was checking into a hotel and the previous customers information was lying on the desk in front of me and the rest of the world to see, including credit card numbers.

In today’s world why are banks and hotels, people that deal with so many customers personally identifiable information, so lazy about protecting it. They are bound by many laws and regulations. Employees should be trained to be more cautious about what they leave just laying around.

user Posted by John "Mike" Wright

| More

0 comments

Post a Comment