Friday, October 28, 2005
Create a Database for Banks of Employees You Terminated
The conflict between Human Resources and Security may be coming to an end.
Security: "Tom was fired because he scammed the bank, right?"
HR: "Yes."
Security: "The other bank called for a reference and all we said was he worked here for the last 8 months. Why didn't we say we lost money because of this guy? He ran a scam."
HR: "Oh no, too much liability. We'll only confirm employment."
Security: "And they'll do the same when we call them on on next applicant who used to work there."
HR: "Yes."
Sometimes business needs take priority, and ethics towards the industry take a back seat. But BITS, a nonprofit, financial service industry consortium made up of 100 of the largest financial
institutions in the US, is planning on changing this scenario.
Recognizing that scammers get into one financial institution and may move from bank to bank like a check kite, they plan to start a database to help end this. By listing employee information in a central database, employees who were fired because the bank had "problems" due to confidential customer data being exposed and employees who knowingly caused a financial loss can be identified before they are hired at a new institution.
Many information security breaches are caused by employees. Many of these have been high-profile cases and deliberate. "Unfortunately, there is not a good way today to track who these people are. So we're putting them in a database--of course, consistent with the law and making sure nobody's privacy is violated," Cheryl Charles, a senior director at BITS said.
The database will essentially be a blacklist of names and will be used to combat fraud and protect customer information. It is expected to be available in mid-2006. Other details were not available.
The conflict between Human Resources and Security may be coming to an end.
Security: "Tom was fired because he scammed the bank, right?"
HR: "Yes."
Security: "The other bank called for a reference and all we said was he worked here for the last 8 months. Why didn't we say we lost money because of this guy? He ran a scam."
HR: "Oh no, too much liability. We'll only confirm employment."
Security: "And they'll do the same when we call them on on next applicant who used to work there."
HR: "Yes."
Sometimes business needs take priority, and ethics towards the industry take a back seat. But BITS, a nonprofit, financial service industry consortium made up of 100 of the largest financial
institutions in the US, is planning on changing this scenario.
Recognizing that scammers get into one financial institution and may move from bank to bank like a check kite, they plan to start a database to help end this. By listing employee information in a central database, employees who were fired because the bank had "problems" due to confidential customer data being exposed and employees who knowingly caused a financial loss can be identified before they are hired at a new institution.
Many information security breaches are caused by employees. Many of these have been high-profile cases and deliberate. "Unfortunately, there is not a good way today to track who these people are. So we're putting them in a database--of course, consistent with the law and making sure nobody's privacy is violated," Cheryl Charles, a senior director at BITS said.
The database will essentially be a blacklist of names and will be used to combat fraud and protect customer information. It is expected to be available in mid-2006. Other details were not available.
