New York State law enforcement officials are urging major banks to start checking their teller’s access to customers’ personal data.
In a letter to several New York banks Friday, Attorney General Eric Schneiderman urged bank management to tighten policies, create more accountability, oversight, and check points for tellers in light of arrests left unnamed in the memo, in which tellers at some of the largest banks in New York stole millions from hundreds of customers in the state and the East Coast.
The ongoing investigation, named “Operation Pen and Tell” scrutinised the highly unrestricted access tellers have to bank account and social security information from customers around the country.
Some tellers, which are considered the first line of defence in account fraud, “often provided this stolen information to co-conspirators, who used it to… withdraw money,” Schneiderman’s office wrote.
Schneiderman urged banks to limit tellers’ access to customer information by limiting their reach to customers in the local area. According to the memo, newly hired tellers often had unlimited access to account data after a brief training period. The success of the schemes uncovered by the Attorney General’s office was contingent upon this hole in security.
The memo revealed that while some bank management attempted to investigate a suspected teller, the query ended once the teller resigned. Tellers would then resume their illegal operation at another financial institution.
Branch supervisors also often did not have “reasonable and regular access to an audit trail for account information.” Frauds could have been prevented had banks tracked employees access to the system, and noted tellers who looked into a unusual number of accounts or searched up unrelated customers from multiple geographies.
According to the Wall Street Journal, Schneiderman’s office announced the arrest of five people accused of running an identity theft ring in 2014. Three were tellers who had worked at Bank of America, J.P. Morgan, TD Bank and Wells Fargo.
The letter was sent to Bank of America, J.P. Morgan, Wells Fargo, Citigroup Inc., Banco Santander SA, Capital Financial Corp., HSBC Holdings PLC, PNC Financial Services Group, and TD Bank, the Wall Street Journal reported.
Read the attorney general’s complete memo here.