• Home
• Contact

INTERVIEW WITH STEPHEN RANZINI

Posted on February 15, 2007
Filed Under Articles |

INTERVIEW WITH STEPHEN RANZINI: President & Chairman, University Bank

TELL US A LITTLE ABOUT YOU

I’ve been head of my banking organization for 17 years now. Although I was a scholarship student at Exeter and Yale, when I was 23 I convinced BankOne to lend me the money to buy a bank in a leveraged buy-out and at that time became the youngest bank holding company President in the country. I’m deeply involved in banking technology and I’m the U.S. delegate to the United Nations global financial services standards setting body as well as the International Standards Organization global standards setting body.

WHAT KEEPS YOU UP AT NIGHT?

As a banker, “phishing” keeps me up at night. I’m involved with a number of groups studying what to do about it.

Phishing is the act of sending an email to an internet user falsely claiming to be a legitimate enterprise in an effort to trick the user into providing private information that will be used for identity impersonation.

More than any virus, phishing relies on the user to fall for a mechanized social engineering attack than can be highly personalized.

Phishing and spam and identity impersonation hurt legitimate business because they undermine the entire ecommerce channel.

The banking industry is working on ways to combat these threats by providing consumers with stronger identity management tools online.

But for business owners, our credibility and our ability to transact is negatively impacted because of the pervasive nature of these sophisticated risks. Fully 30% of all PCs in the world are compromised already by criminal hacker gangs who steal information. That means on average 30% of our customers’ PC are compromised. When compromised by Remote Access Trojans (RATs) these PCs become part of so-called zombie-bot networks.

PHISHING RELIES ON HUMAN NATURE, HOW DO YOU TRAIN YOUR PEOPLE TO BE SKEPTICAL?

We constantly share with our staff real life examples of fraud, show them what a virus or phishing email looks like and educate them about the many risks. Electronic fraud is usually quite similar to bunko artist cons that have been successful for decades in the real world. The internet merely allows greater anonymity to the criminals and increased efficiency through mass personalization that the criminals’ compromised networks of millions of zombie-bot computers enable.

HOW ARE PHISHING TECHNIQUES EVOLVING?

The technique we’ve all seen uses email with a link to a legitimate looking but fraudulent website where the user is asked to update personal information such as passwords and credit card, social security, and bank account numbers.

These e-mails are put out by criminals who prey on consumers who are naïve about the many risks of being online. No bank or credit card company or government regulator will ever send you an email about your account and ask you to do anything other than to call them. Be skeptical about e-mails and who they are really from because when the internet was designed, it wasn’t designed to tell you for sure who was sending you an e-mail.

The sad thing is, approximately 5% of recipients respond to a phisher’s request.

Thank goodness people are getting smarter.

Unfortunately, the criminals have lots of time to think about different and creative ways to separate you from your money.

That’s why almost anything online can be spoofed. Have you ever seen an account statement contained in an Adobe Acrobat file with a password that locks the file from being altered? Well, a free program available from a hacker site that can crack any Adobe password – allowing anyone to alter the account statement.

There is even a new type of fraud where criminals spoof caller ID to impersonate your bank and ask you to give your security password to the “bank” employee over the phone. You cannot trust your caller ID anymore. Even if your caller ID says “University Bank,” hang up and call us back to verify.

Even going to an innocent looking website can get you in trouble. Criminals designed a website selling brand name bicycles cheaply that scored high on Google and Yahoo Shopping searches. If you entered your credit card information and “purchased” a bicycle at a great price, no bicycle ever came, and your credit card wasn’t charged. Why? They just wanted to steal your identity, which is more valuable to criminals than a simple credit card and impossible to recover once it’s been stolen. With an identity they can buy a house in your name, take out loans in your name and cause you endless mischief. One person I met was on the FBI’s Top 10 Most Wanted List, not because she had done anything wrong but because a criminal had impersonated her identity.

IF YOU CAN’T TRUST ANYTHING, HOW DOES THAT IMPACT THE INTEGRITY OF THE BANKING INDUSTRY? HOW DOES THIS IMPACT BUSINESS OWNERS?

The banking industry is suffering increased losses from identity impersonation and identity fraud. Business owners are also getting hit with increased losses from credit card charge-backs, increased costs from mandates for new security services, fraudulent checks and fraudulent electronic transactions.

 

 

 

 

I wrote this article for CDW. It is reprinted with permission of CDW and http://www.biztechmagazine.com

Comments