Bank staffers are selling client data in back-door deals with online fraudsters — helping to facilitate sophisticated scams that target the live savings of Americans, according to a report.
These bank insiders, usually the lowest-paid employees, continue to get caught selling personal information, exposing a major weakness in bank security, Bloomberg News reported.
“The more employees there are inside a company with access to sensitive customer information, the higher the risk that access is going to be abused,” said R.J. Cross, a privacy advocate at US Public Interest Research Group.
Nearly a decade ago, then-New York Attorney General Eric Schneidermann warned major banks including JPMorgan Chase, Bank of America and Citigroup, to boost their internal security measures after finding insider leaks were on the rise.
The banks contend to lawmakers and the public that the customers are responsible for ensuring they don’t get scammed — but the trend has only worsened over time.
Elder fraud complaints to the FBI’s Internet Crime Complaint Center spiked 14% last year and associated losses grew 11%, according to a government report released earlier this year.
Among the incidents cited by Bloomberg was a new staffer at Toronto-Dominion Bank who was hired to detect money laundering from a New York outpost. Instead, she used her internal access to leak customers’ personal information to a criminal network via Telegram, according to Manhattan prosecutors. Her phone allegedly had photos of 255 checks belonging to bank customers, as well as personal information from 70 more, according to detectives.
In Florida, Wade Helms, a staffer at Navy Federal Credit Union, allegedly wrote customers’ personal information in a notebook, then made an account on Telegram and posted that he was looking for a buyer, Florida officials said.
He would speak to a Telegram user who claimed to be a broker for stolen data over the phone and on a personal computer next to his office desk, prosecutors said.
By the time Navy Federal discovered the breach, Telegram pages called “Navy Wave” used to leak client data had exposed as many as 50 accounts to more than 2,700 subscribers.
Helms pleaded no contest to 11 charges in a deal with prosecutors this year and was sentenced to 10 years’ probation. He was ordered to pay about $9,100 in restitution to the credit union.
“Navy Federal takes all necessary precautions to protect our members’ personal and financial information,” a spokesperson told The Post in a statement, adding that they are constantly strengthening their security measures.
It’s challenging for companies to keep up with trends in crime as they’re scaling up their workforces, Jonathan Lopez, a former federal prosecutor who specializes in bank crime cases, told Bloomberg.
“The issue may not be one of a faulty program in many instances, but the sheer numbers of people involved,” Lopez said. “While zero fraud rates may be impossible, institutions should be incentivized to continue to strive to get their fraud rates and insider fraud rates as close to zero as possible.”
Canada-based TD Bank was fined $3 billion in a historic settlement with US authorities after multiple branch employees accepted gift cards or cash bribes to open accounts and debit cards used to move money to Colombia, according to Attorney General Merrick Garland.
One New York-based TD branch manager stole more than $200,000 from an elderly client, stealing from their account even after the retiree died. TD later fired the banker, who admitted to the crime and was sentenced to more than a year in prison. His lawyer said he stole the funds to pay for his son’s college tuition.
In September, New York authorities accused Daria Sewell, a new member of the TD scheme, of taking and posting images of customers’ checks on Telegram with instructions on how to steal from the accounts. A network of New York fraudsters were later charged in a $500,000 check-fraud scheme, according to the Manhattan district attorney’s office.
Sewell pleaded not guilty to illegally possessing personal information.
“In both instances the employees were terminated and we cooperated fully with authorities in their investigations,” a TD spokesperson told Bloomberg. “As we have consistently said, these individuals aren’t representative of our 30,000 colleagues in the US who serve our customers with integrity.”
In Louisiana, federal prosecutors accused outsourced employees from international call center Teleperformance of selling elderly USAA clients’ information. The scheme went on for three years, according to federal prosecutors.
“We fully cooperated with authorities to aid in the investigation and terminated the employees as soon as we were made aware of the incidents,” Teleperformance told Bloomberg. “We work closely with our clients to ensure we minimize our employees’ access to customer account information to include only the access needed to deliver the services and minimize the risk of fraud to the lowest possible level.”
The Teleperformance employees pleaded guilty to bank fraud conspiracy and are awaiting sentencing.
TD Bank, Teleperformance and USAA did not immediately respond to The Post’s request for comment.