Home > Compliance, Identity Theft, Peak Performance > Weak Link in Chase Bank and ABN Amro security

Weak Link in Chase Bank and ABN Amro security

When my team and I find mismanaged confidential information in a security audit we launch
an awareness campaign around trash, recycling, and shredders. Not surprisingly, recycling bins, like
dumpsters, are repositories for plenty of corporate secrets.

But bank dumpsters are the worst (or best, if you’re a bad
guy). The large bank branches in wealthy
neighborhoods attract the most valuable dumpster data of all: personal
financial statements of millionaires. You heard right. Dive a dumpster
in Lake Forest or Bal Harbour and commandeer the bank accounts of the very rich.

I’ve noticed that ABN Amro and Chase Bank are particularly
lax in shredder placement. Private
bankers, every night, throw out reams of paper with names, addresses, bank
account details, social security numbers, and dates of birth. Even mother’s maiden
names are included on ducuments thrown out in ABN and Chase dumpsters around the US.

Climbing through these dumpsters is usually a crime (if not
performed as part of an authorized security audit, of course), since they sit
on private property – behind that crooked wooden gate in the parking lot. But I know of more than one Chase Bank branch in
wealthy neighborhoods with dumpsters in the alley – that is, in the public

Some communities have laws that inhibit trash picking, but
in general, the U.S. Supreme Court protects dumpster diving and trash picking
on public property, ostensibly to permit law enforcement to gather evidence
without a warrant. You don’t have to be
a freegan [a person who chooses to live off food and property retrieved from
trash] to see the value of that kind of accessibility. Identity thieves and all-around scum bags can
benefit, too.Discoverdumpsterdiving

The personal financial statements of the very wealthy that I
mentioned are the documents used to "apply" for high end personal and
business loans and usually have all the info needed to set up bank-by-phone and
an Internet account. After all, the very
rich don’t usually do their own banking. Their accountants do it for them the old fashioned way, by balancing
ledgers against monthly statements. Enough time for a bad guy to set up wire transfers, print checks, and
connect to a Paypal account.

You bankers out there may want to have your dumpsters inspected and your "shredder culture" assessed before the bad guys do it for you.

  1. October 8, 2007 at 8:42 am

    As I am sure you know, banks aren’t alone in this vulnerability.
    I conducted a security assessment at the headquarters of a major corporation a few years back. As I was being given a tour of the buildings, I asked the Facilities Manager who was accompanying me about procedures concerning the disposal of confidential information. She assured me that anything of any value was shredded before being placed in the trash and that employee compliance with this policy was “very good”.
    A few minutes later, we walked by the outside dumpster and recycle area and I took a quick look around. As luck would have it, I was able to reach into the top of a recycle bin and pull out a 2″ thick computer print-out that had a complete listing of employee names, home addresses, home phone numbers, social security numbers, and pay classifications.
    Many companies have proper procedures in place but employees get lazy and don’t follow them. Overcoming this requires ongoing security awareness training. I also recommend to my clients that they regularly conduct random “dumpster inspections” as a part of their overall information security program.

  2. October 9, 2007 at 1:43 am

    Thanks, Michael. Well done!

  3. October 11, 2007 at 4:07 am

    Oh, yes!
    These dumpsters can turn a Klondike to one that know how to deal with information. You do not have to be Mitnick (http://www.kevinmitnick.com) to encash it…
    I wonder why banks still operate paper files instead of secured and encrypted digital media?

  4. October 22, 2008 at 11:11 pm

    This Is a very informative blog , I am really pleased to post my comment on this blog . It helped me with ocean of knowledge so I really belive you will do much better in the future . Good job web master .

  5. September 1, 2009 at 11:24 pm

    I work in service office , we used to store papers in huge piles but since we have used shredders , the storage capacity have reduced a lot.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: