Corporate account takeover events are reigniting the debate between banks and their former commercial customers, about everything from fraud liability and the "good faith" standard to commercially reasonable security.
"The action and manifestation of risk is not necessarily evident to today's users in the way it was in the past, and that creates a big inherent challenge for a CISO," says Malcolm Harkins, CISO at Intel Corp.
"The first step is for banks to admit there is a problem before they can address it, and many bankers are still in denial," says Shirley Inscoe, author of the book "Insidious: How Trusted Employees Steal Millions and Why It's So Hard for Banks to Stop Them."
"Our role is changing in the fact that we see fraud being perpetrated in a new manner everyday via malicious software, banking Trojans and online theft," says Jean-FranÃ§ois Legault, senior manager of forensics and dispute services at Deloitte.
As more criminals target branch ATMs, industry experts wonder if links to insider fraud might not be to blame. Recent brazen attacks prove even in a bank or credit union lobby, ATM skimming can strike.
Insider fraud expert Shirley Inscoe says Citi is not the only financial institution that's doing a poor job of keeping up with employee misconduct. Few banking institutions grasp how damaging inside jobs actually are.
"Any other bank could have just as easily been victimized," says banking fraud expert Shirley Inscoe, following the arrest of a former Citigroup executive charged with embezzling more than $19 million.
The database has become the main target for hackers and negligent insiders, as the insider breach at Bank of America showed. A recent survey highlights the need for financial institutions to enhance security measures to mitigate threats and losses.
Security experts at this week's Gartner Security and Risk Management Summit agree: Security, not compliance, has to be the new focus. Cyberintrusions cannot be stopped, and the RSA breach should be a lesson to the industry.