Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Case study Conduct a risk assessment for the scenario below A bank clerk stole m

ID: 3745035 • Letter: C

Question

Case study

Conduct a risk assessment for the scenario below

A bank clerk stole money from a customer’s account. The clerk changed the customer’s address to his own, issued an extra card for the account (which he received), and then changed the

address back again. He withdrew money from ATMs. The

customer did not notice the thefts for a long time because of

the way the bank’s system worked: When a customer gets a

statement from an ATM (as the clerk always did), that

transaction did not appear on the statement that was mailed.          

Source: Secure Computing, Summers

What is the threat?

What vulnerabilities exist?

What safeguards may have helped avoid this situation?

Explanation / Answer

Answer)

The threat is that a third-party or even a bank official on gaining access to the customer account can with draw money or change customer's access without proper authorization and do all the other operations using methods or leaks in the bank's system. The threat here is clearly many:

a) A bank clerk or any bank official can change the customer's bank address or other details without customer's authorization

b) Individual committing the fraud can withdraw money from the customer's account using a fraudulent ATM card, received on other address

Clearly, the system of the bank is also faulty leading to this crime. The vulnerabilities which exist in this case are:

a) Bank clerk is able to change the address of a customer without his knowledge or authorization

b) Bank clerk is able to reverse the address change and such change is not noticed by any

c) Bank clerk was able to receive the card on the changed address and started using it without any verification of the customer, if it was really the customer using the card or not

d) The statement of the money withdrawn from the ATM was not shown in the mailed transaction statement, thus noticing the theft becomes difficult.

There are various safeguards that can be implemented here such as:

a) Any bank official cannot change the customer's address without his authorization, the address has to be verified using ID proofs of the one provided by customer

b) Bank official cannot reverse the address for a time period after it is changed

c) Reversing should be same concept as changing the address

d) Card received by the customer/individual should be verified using customer's phone number generating a PIN for first-time usage

e) Suspicious activities have to be monitored

f) Statement sent by the mail to the customer should have all the details specifically that consists of all transactions/withdrawals made

g) Card can be blocked by the customer on detecting suspicious activities.

Related Questions

Case study 1 A young man is brought to the emergency department by am artment by
Question #3520759
Case study 1 Alana Doroppoli is 56 years old. She is an Italian immigrant who ha
Question #127626
Case study 1 Mrs Halah is 58 years old and lives alone in a small unit. She has
Question #127532
Case study 1 Sam is a support worker for a small regional service that supports
Question #127915
Case study 11.1: Investing in a corporate fitness programme Procal Co. is consid
Question #1256532
Case study 11: Intel Corporation 1968 - 2003 Read the case study and answer the
Question #345726
Case study 11: Intel Corporation 1968 - 2013 Read the case study below and answe
Question #342820
Case study 18: Cirrhosis Patient\'s chief complaint: Provided by wife: \"My husb
Question #98610

Navigate

Previous
Case study Chapter 14 Nordstorm How to Succeed by Selling Just one Shoe Upscale
Next
Case study Fatima provides support to people with care needs who live in the com