ID thieves hawk details of 21 million German bank accounts

ID thieves hawk details of 21 million German bank accounts

Identity thieves in Germany are trying to sell the bank account details of 21 million people, for an asking price of EUR12 million, according to a local magazine.

Economic weekly WirtschaftsWoche says two of its investigative reporters posed as potential buyers and met with two individuals in a hotel in Hamburg.

They were offered the bank account numbers and codes, as well as names, addresses and phone numbers, of 21 million victims for EUR0.55 per record.

The thieves handed over a CD containing the details of 1.2 million accounts to the reporters to prove their story. The magazine has handed the disc over to authorities.

WirtschaftsWoche suggests the thieves may have obtained the data from call centres. In the worst case scenario, three out of four German households are at risk of theft, says the magazine.

The revelations come just months after T-Mobile admitted losing a storage device holding the records, including names, addresses, phone numbers and dates of birth, of 17 million German customers.

However, WirtschaftsWoche says this case could be far more dangerous because the T-Mobile data did not contain bank account details.

Comments: (2)

A Finextra member
A Finextra member 10 December, 2008, 08:31Be the first to give this comment the thumbs up 0 likes

How can fraudsters use these German account details? Can false direct debit transactions be created by fraudsters? Can false credit transfers be injected into the bank clearing system? As such a bank account number is not a confidential information and should not be a threat to the bank customer providing that a proper customer identification and transaction validation process is used every time the account number is entered in order to debit the account. Be that on paper or in an online channel.

Andy Morris
Andy Morris - ACI Worldwide - Watford 12 December, 2008, 11:29Be the first to give this comment the thumbs up 0 likes

2008 has witnessed some of the biggest insider fraud incidents affecting both consumers and the companies the data or goods are stolen from alike. According to a report released in June 2008 by BDO Stoy Hayward, fraud cost UK businesses more than £705m in the last six months, a 74 per cent increase over the same period last year. The biggest threat to business, however, came internally, with management fraud 46 per cent of the total. According to BDO Stoy Hayward, the problem of business fraud was certain to grow as senior executives at British businesses are becoming increasingly concerned about fraud risk as the credit crunch bites. As a result, we might see even more unscrupulous employees give into temptation in the near future, convinced they are incapable of being caught whether this is in an organisation or financial institution.

However, there are ways in which fraud can be combated. Financial institutions should consider monitoring employee activity more closely through Point of Compromise (PoC) detection. Even though, traditionally, PoC is the location at which the card skimming has taken place, the same techniques also allow banks to closely monitor employees accessing data and detect potentially suspicious behaviour. As a result, banks are in a position to generate an internal watch list to monitor customer transactions.

Given the current market environment and potential for reputational damage, fraud prevention needs to become a focus for any institution. Measures also need to be in place to prohibit temptation. Ultimately, employees should be monitored and placed under surveillance so that any bad apples are quickly identified.

As such, banks and organisations need to adopt a single view of all activity. This places financial institutions in a much stronger position to detect employee fraud. In an environment built on trust, a reputation for integrity is one of the most valuable assets an organisation or financial institution can possess.