Looks like National Australia Bank (NAB) is the latest bank to fall victim to mail-out problems that compromise customer data. They're not the first, and are unlikely to be the last. The usual bank spokesperson
agenda in these situations is to claim that there is nothing in the lapse that exposes customers to to risk of fraud.
But thinking about the data on my average bank statement, I would tend to disagree. Name, address and account number are a good starting point for an identity thief. But my bank statement also contains account numbers for all the utility bills and direct
debits that come out of my account. It can also provide additional information such as whether I have any other bank accounts, credit cards or mortgages.
While these pieces of information in isolation can't be used to steal from my bank account, in the hands of a proficient criminal they can be used as leverage for gaining further information, to change my address, and get closer to being able to apply for
new loans in my name
Why else would banks and government departments encourage the shredding of all personal financial papers such as bank statements as the first step you can take to avoid becoming an identity theft victim?
A 2006 survey
in the US, sponsored by the Identity Theft Resource Center and Fellowes, claims:
"Nearly 40 percent believe identity theft is most likely to occur through online exchanges, when in reality, online exchanges only represent nine percent of the crime. The majority of identity theft crimes occur through paper documents and stolen information."
It's worth mentioning that Fellowes sells paper shredders, and so has an ulterior motive in spreading FUD about the issue. But if I was a NAB customer whose statement was sent to someone else by mistake, I would be nervously hopeful that the recipient complied
with the bank's request to destroy the mistakenly sent document.