For Finextra's free daily newsletter, breaking news and flashes and weekly job board.
An article relating to this blog post on Finextra:
A successful phishing sting on French president Nicolas Sarkozy has prompted a government condemnation of online security on the Internet.
20 Oct 2008
French police have arrested six people in their investigation into the high-profile fraud attack on President Sarkozy, but believe they are only minor figures in a wider plot. What's more interesting is the
internal bank investigation at the SocGen branch where he holds his account. Apparently more than 150 staff members have consulted the account, and the bank suspects that many
were just checking it out for fun.
This is not good news for SocGen, given the reputational damage they suffered last time they had
a lapse in internal controls. But I suppose you can't blame the bank staff for being curious. After all, they do pay the man's wages.
Thanks for saying its SocGen. That part of it has been kept a secret in the French newspapers.
Not sure if they provide their 'high-end' customers OTP devices but SocGen uses the 'roaming calculator' type of authentication method for their online banking. They think that it would be difficult for keyloggers to get the pincode with a roaming digits
Perhaps SocGen can roam the exhibit halls of the Cartes Exposium which is happening next week in Paris Nord to check out better authentication tools. :)
It is rather amateurish to operate a bank with any random employee being able to access any customer's account for fun. Who designed their security? It isn't worthy of Homer Simpson.
No bank employee should be able to access any account unless it is on behalf of the customer or with the customer's approval/participation.
No wonder insider fraud is so popular, its made so easy with these systems thought out in the 1950's when the teller knew your name. They might all know Sarkozy's name, but times have changed and those carefree days are gone.
It's enough to make customers lose confidence and any trace of trust in banks.
Time to get into the 21st century and stop those randoms getting into anyone's accounts.
Journalist copywriter and marketer
writer & tech geek
16 Feb 2007
This post is from a series of posts in the group:
A community for discussion of Transaction Fraud systems and anlaytical techniques for bank card and financial services organisations.