Recently I was elected the new Treasurer of the Capitol of Texas Chapter of the Information Systems Security Association.\u00a0 No, that’s not my way to seek your approval, but thanks for the kudos.\u00a0 The reason why I bring this up is that one of the first things I needed to do as the new Treasurer was change the bank account information over from the old 2008 board members to the new 2009 ones.\u00a0 I called in advance and scheduled a meeting with a banking representative and asked what I needed to bring with me.\u00a0 The answer was documentation showing the board change, a current account signer, and a new account signer (me).\u00a0 So far so good.<\/p>\n
So me and two of the old board members show up at the bank to do the deed.\u00a0 We sit down in the guys office with the door wide open while he proceeds to ask me personal questions such as my social security number and mother’s maiden name in front of those guys and anyone within earshot.\u00a0 I probably should have said something right there, but lowered my voice and gave the guy the requested information, but that was strike #1 for a bank whose name I will not mention.<\/p>\n
I tell him that I’ve brought two of the current signers with me and motion toward the guys sitting next to me.\u00a0 They tell the bank representative their names and the representative acknowledges.\u00a0 He starts handing me paperwork to sign effectively removing the old names off of the account and putting the account solely in my name.\u00a0 At this point he’s asked for my driver’s license, my SSN, my mother’s maiden name, but has yet to verify that the guys sitting next to me were who they said they were.\u00a0 No request for any form of identification from either of them.\u00a0 Strike #2.<\/p>\n
I ask him to assist me with setting up the online account access and he makes a quick call to find out what needs to be done and hands me another form which I sign.\u00a0 At this point he tells us we’re all set.\u00a0 One of the old board members asks “So at this point all of my information has been completely removed from the bank account?” and the bank representative says “yes”.\u00a0 We thank him and leave only to discuss what just transpired outside amongst ourselves.\u00a0 What would have prevented us from walking into that bank with a fake document showing a board member change, having two of my buddies pretend that they were the old board members, and getting the account changed into my name and walking off with the money?\u00a0 They required no signature or identification from the old board members.\u00a0 In fact, I did pretty much all of the talking and I’m pretty sure they didn’t even say their names (or that they were the old board members), I did.\u00a0 You guessed it, strike #3!<\/p>\n
So what have we learned from this little exercise?\u00a0 First, no matter how secure your systems are, you need to make sure your process take security into account equally.\u00a0 Second, Capitol of Texas ISSA really needs to find a new bank.\u00a0 Do you have any idea how secure your bank account\u00a0 is?<\/p>\n","protected":false},"excerpt":{"rendered":"
Recently I was elected the new Treasurer of the Capitol of Texas Chapter of the Information Systems Security Association.\u00a0 No, that’s not my way to seek your approval, but thanks for the kudos.\u00a0 The reason why I bring this up is that one of the first things I needed to do as the new Treasurer […]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[28],"tags":[213,212,215,622,214],"class_list":["post-180","post","type-post","status-publish","format-standard","hentry","category-security","tag-account","tag-bank","tag-issa","tag-security","tag-transfer"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pfI0c-2U","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/180","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/comments?post=180"}],"version-history":[{"count":2,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/180\/revisions"}],"predecessor-version":[{"id":182,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/180\/revisions\/182"}],"wp:attachment":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/media?parent=180"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/categories?post=180"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/tags?post=180"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}