By Gary S. Miliefsky
Sometimes technology alone is not the answer. Imagine your upper management starts demanding unreasonable numbers from the sales team and threatens to fire them if they can’t reach these unrealistic goals each month.
For a car dealer, it’s obvious that a consumer has to show up, sign up for a loan or bring a bank check for the full amount and buy the car of their choice. You just simply can’t fake it.
In the Wells Fargo case, something went viral — it was the ability to defraud consumers inside a bank of all places, where trust is sacrosanct. Sales teams found a loophole: “I’ll just create another account for Jane Doe, she won’t notice and I’ll hit my unrealistic numbers if I do this for all new accounts I open. In fact, why don’t I go through all the accounts I’ve ever opened and do the same — I have the PII (Personally Identifiable Information) and I have all the necessary permissions and access to ‘fake it ’til I make it.’”
This is what went down at Wells Fargo and it went internally “viral” — everyone was doing it and no one seemed to care. The results: sales were up, new accounts were opened and employees were keeping their jobs, getting their bonuses and no one at the “C” level was aware of the problem.
While I could go on all day about Ethics 101, it seems the “crowd” hysteria mentality and excuse is what took place at Wells Fargo. Only until many consumers suffered — some even losing their houses and having destroyed credit scores — did this issue become one of notice to law firms, criminal investigators, government agencies and, finally, the Wells Fargo “C” level executives.
What’s sad is that the U.S. government, since the introduction of the Patriot Act, began spying on all of us, looking for needles in haystacks. Want to move $5,000? This triggers a Patriot Act alarm at Wells Fargo (or any bank) for a “fraud review” — are you money-laundering for a terrorist organization or are you just trying to pay your bills? Either way, we the people are scrutinized at every turn.
Walk through New York City and you’ll see more than $2 billion invested in cameras on every street corner, tied into state agency and U.S. Department of Homeland Security fusion centers doing facial recognition on you, just to make sure you’re not a terrorist — your privacy is over.
Yet, Wells Fargo employees who chose to take a path of criminal behavior were not scrutinized in any way that would trigger an alarm for executives at the “C” level to wake up and realize something just wasn’t right with the number of new accounts being opened, the accrued penalties for low balances, the negative balances, the triggers to destroy people’s lives both in loss of homes and credit score. I would say this astounds me, but nothing, when it comes to malicious insiders, astounds me anymore.
If your company had this viral “crowd” mentality, criminal behavior happen to you, how would you know? What would you do? We can learn a lot from the Wells Fargo case.
First, setting unrealistic sales expectations triggered bad behavior. Second, something was wrong with middle management in the way they motivated frontline sales staff. Third, unlike all the safeguards in wire transfers, Patriot Act triggers and other fraud protections put in place never once turned inward on their own internal activities.
Employees became malicious, criminal insiders. No one at the executive level noticed and the crime continued until the victim snowball effect turned into an avalanche.
What we can learn to avoid this problem is quite simple. Internal controls for fraud should not just be pointing outward toward the consumers — tripwires should be in place to trigger alarms for fraudulent behavior from the inside-out. It’s that simple.
More frequent audits, including looking for malicious insider behavior, would have tipped upper management off, maybe in time to stave off the bad behavior before becoming viral. What this also says about human nature is that when good people are put in a corner — feeling like they will be fired if they don’t meet unrealistic expectations, in such a tough economic time — instead of the best coming out, it seems we see the worst coming out.
Once again, the lesson is learned — don’t be too greedy; don’t be too focused on honest-customer fraud risk. Take a look from the inside-out more frequently and you might be able to catch malicious insider behavior that should never happen in the first place.
Gary S. Miliefsky is founder of SnoopWall Inc. (www.snoopwall.com), a cutting edge counter-intelligence technology company offering free consumer-based software to secure personal data on cellphones and tablets, while generating revenues helping banks and government agencies secure their networks. He has been active in the INFOSEC arena, as the executive producer of Cyber Defense Magazine and a regular contributor to Hakin9 Magazine.
...login to read the rest of this article.