A brazen swindle in Wheaton last week in which a man walked into a BB&T bank dressed as an armored truck courier and walked out with $574,500 in cash has been linked to a similar bank job the next day in Washington, authorities in Montgomery County said yesterday. Assistant State’s Attorney Marybeth Ayres named Elizabeth K. Tarke, a teller at the BB&T branch, as a possible ringleader.[From Teller Called Possible Ringleader in Two Bank Thefts – washingtonpost.com]
If you were going to pretend to be somebody else for half an hour, who would it be? Me, or a cash collector? The story says that an employee checked the bogus courier’s ID card. But how? I really doubt that the bank employee took off the courier’s ID card and put the ID card into a machine and had the courier put his eyes up to an iris scanner to match his iris to the card and then went online to have the card credentials verified by the courier company and bank servers. I’m sure the story means that the employee glanced at the ID card and it seemed about right.
This particular case caught my attention because it happened to gel with something I was preparing for a client. The essence of it being that there’s a false sense of security generated by identity that isn’t properly verifiable. There was another story about this in the newspapers a little latert:
A City investment banker who held senior positions at Bank of America and Credit Suisse may face jail after posing as a university undergraduate in order to help a student cheat his way through his final-year economics exams. Jerome Drean, 34, the former head of European equity derivatives trading at Credit Suisse, pretended to be Elnar Askerov, a 22-year-old Azerbaijani economics student at the University of York. Although there was no physical resemblance, Drean is believed to have sat eight exams over a period of 18 months, using a false identity card to pose as Askerov.[From City banker, 34, sat exams for student, 22 | The Guardian | Guardian Unlimited]
Pretty shocking, isn’t it? I was genuinely amazed to discover that a head of credit derivatives knows anything about economics, given the cheery news continuing to come from the U.S. sub-prime market. Anyway, unless you have to put an ID card in a device that goes ping — when presented with the right fingerprint, iris or whatever — instead of depending on people, how is this going to stop? That’s not a panacea of course, because the person monitoring the device that goes ping might well be miscreant machine minder, as another recent U.K. newspaper story illustrates rather well:
…illegal immigrants were kept in safe houses in London until they found work or further accommodation predominantly in Leicester, Bolton, Blackburn and Preston… Others were assisted by a corrupt Heathrow Airport official in continuing on to Canada or the United States.
The court heard how once “clients” travelling from India reached South Africa they would pay about £500 for a genuine South African passport fraudulently issued by corrupt officials and use these to enter the UK.[From BBC NEWS | England | People-smuggling network revealed]
I was in a discussion yesterday about how to design systems that are going to store and process sensitive personal data, and one of the people there said that the design should proceed on the basis that employees (ie, insiders) are corrupt. How true. Whether it’s bank account or passports, it looks as if the worst cases of identity theft are the one that involve staff (in particular, middle management).
These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]