The Wells Debacle: A LessonInstitutions Can't Afford These Low-Tech Mishaps
While the cause for the malfunction of the printer is a bit more concerning - was the printer somehow hacked or compromised with malicious software? - the mailing error is pretty easy to pinpoint. Checks and balances, no pun intended, were not in effect.
Phil Blank, managing director of security, risk and fraud for Javelin Strategy & Research, put it best: "It represents a failure in basic 'block and tackling.'"
The low-tech stuff should be easy to avoid, but it's often the sort of thing that slips through institutional cracks.
The whole incident reminds me of the systems upgrade at Bank of America a few weeks ago that resulted in thousands of customers complaining of access lockout to their online banking accounts.
Some industry pundits suggested something more nefarious, like an attack waged against BofA by Anonymous or some other hacktivist group. But I think the site outage was more likely caused by exactly what BofA claimed - a systems upgrade that was launched in haste without proper testing before deployment.
Looking at the Wells Fargo statement debacle, I can't help but think something similar. Somebody dropped the ball. You can't blame it all on a printing error. Aren't steps in place to perform some sort of double check?
I'm sure this statement incident, which affected Wells customers who opened accounts in South Carolina and Florida, will motivate folks at Wells to do things a little differently in the future.
Josh Dunn, corporate communications manager for Wells in Charlotte, N.C., says the bank sincerely regrets the mix-up and has assured customers that the risk of their bank accounts being compromised as a result of the statement snafu is low. Still, the bank is providing all affected customers with a year's worth of free ID theft protection.
I should hope so. ID theft protection is the least Wells can offer as protection for its customers as well as for itself.
And it's not just banking institutions that face some of these completely avoidable compromises of personally identifiable information. We read about it every day in any number of organizations crossing any number of industries: From a hospital throwing away paper patient records that it neglected to shred, to a government IT staffer leaving an open laptop in a car he forgot to lock.
Financial institutions, as card issuers, have their hands full trying to come up with better ways to thwart that kind of fraud and protect the customers who are adversely affected when card fraud does occur. The low-tech stuff should be easy to avoid, but it's often the sort of thing that slips through institutional cracks.
I get it. People are distracted. And we all get sloppy. The thing is, we can't afford these lapses. With growing concerns about incidents linked to identity theft, financial institutions, especially, have to do more to ensure they aren't the ones that accidentally expose consumer information.