"Between 1992 and 2003, Citibank employed a computerized 'credit sweep' process to automatically remove positive or credit balances from credit-card customer accounts."
Full Article
The state of California has ordered Citibank to pay $14 million in fines and restitution for skimming positive balances away from customers and depositing the money in an executive bonus account.
Clearly it would seem that the biggest problem in this case is the total undermining of the relationship between Citi and its customers. Below is perhaps the most disturbing part of the article: "In the words of a Citibank executive, “Stealing from our customers is a business decision, not a legal decision.” The same executive later said that the sweep program could not be stopped because it would reduce the executive bonus pool, Brown charged."
The general public has, over time, grown relatively comfortable with the proliferation of, and reliance upon computer systems. Without a second thought, people trust the computer systems to maintain accurate records. In this instance, the computer system did exactly what it was supposed to. Unfortunately, it was programmed to steal.
So in a sense the integrity of the computer system was never comprised. Clearly, however, the integrity of the company leaves much to be desired.
Consumers, then, should not think of information security as something to be left to the IT department of large corporation. It should not be accepted simply as being an 'https' address or the catchy little icon from "hackersafe" (now mcaffe), verisign or other third party testers.
I'm not saying that information security can't be those things. Rather, such elements must be bolstered by personal vigilance, not only in web-browsing, but more importantly in tracking personal finances and standing up for oneself when a company like Citibank targets consumers.
Friday, September 5, 2008
Subscribe to:
Post Comments (Atom)
Posts
I'm amazed at the executive's comment that "stealing from our customers is a business decision, not a legal decision" and that his primary concern is the "executive bonus pool". Stealing may have been a business decision, but it's still a legal one as well. We talked a lot in class about the CIA Triad & this seems like a huge Integrity concern. This scam is costing Citi over 18 million in refunds. I think they should be much more concerned about the potential loss of thousands of customers they're likely to lose rather than the executives' bonuses. This credit sweep ran for almost a decade and clearly had to be written by somebody. However, if the higher up whose attention it was brought to tried to keep it covered up, then that just gives strong evidence that it was known all along to Citi.
ReplyDeleteThat's an interesting perspective, Megan. I think that one of the major factors that contributes to the type of problem you highlight is the business mindset that's focused on quarterly results as reported to the market. If I can do something today that will make my numbers better this quarter, I don't really care about the consequences that may come months or years down the road. After all, it's very likely that it will be someone else's mess to clean up anyway.
ReplyDeleteBut allowing this scam to operate has to be an unwise business decision. I understand that the CEO probably figured that the scam wouldn't be detected for sometime, and I understand that he also figured he probably wouldn't be around when it was discovered, but I would think that quarterly earnings would pale in comparison to customer loyalty. For when a company loses customer loyalty, or gains a stigma as a profits-first-customers-second company, it's bound to lose the vast majority of its customers.
ReplyDeleteI did some research and I found out that Citibank has been experiencing serious financial failures recently. The $14 million in fees should only compound their troubles.
I also want to address the issue of personal activism in the information security. I think the problem is that many Americans are too lazy to take personal actions to ensure that their information is protected. Double checking your bank may seem like a quick-and-easy way to protect yourself, but I bet a lot of Americans would deem even that to be too complicated. I'm sure they would much prefer to have some IT Company deal with it instead.
i think this executive needs to be fired and put in some type of jail. this is a full out scam and the company doesn't seem sorry about what they were doing at all.
ReplyDeleteOn the other side of it. I think an incident like this one could be used as an eye-opening experience. Telling the people that they need to do the little things to protect their money instead of trusting the computer and the banks.
Question. What type of paper trail can you (being the costumer) do to possibly catch you bank or anyone else rather that is stealing your money? Is their a way that costumers can get into the system? How were they caught?