Identify Theft Risk: Are You Tracking the Root Cause?

Steven Minsky | March 22, 2006

CNN recently published a new report Identity theft: The new way to rob a bank. The CNN article is about how a bank employee recently committed identity theft by selling customer information which resulted in $12 million in losses to their employer.

The folks inside are just as likely to be the perpetrator as the folks outside.

This article highlights the need for organizations to identify the root cause of risks so that appropriate action can be taken. The field of Enterprise Risk Management is doing just that. Does your Enterprise Risk Management program and tools help you to identify, assess and track issues from a root cause perspective? ie. Not only tracking the losses attributed to Identify Theft for example, but what is the specific root cause that is allowing this Identify Theft to occur? For example, is it outside hackers or your employees? IT systems? relationships with vendors?

When we hear Identify Theft, we jump to the conclusion, often incorrectly, that bank information is stolen by outside hackers and when we hear Bank Robbery we think of the infamous “cell phone bandit” that robbed a series of Wachovia bank branches recently.

The FBI reports that there are about 7,600 bank robberies a year, amounting to roughly $77 million in losses to the institutions. However, this compares with a 2003 Federal Trade Commission report estimated identity theft losses to financial institutions to be at $47 billion.

There is more on root cause and Enterprise Risk Management in my ebizQ column, The Price of Fraud where I wrote about how Enterprise Risk Management Tools are helping in the battle against fraud.