1. Group One HSBC HTS US Employee Admin edit
This intranet
All intranets
Search...
Published: 20 August 2009
CSI: HSBC
It begins with a few clever phone calls and well-worded questions. It escalates into identity theft, illegal purchases and a case for the REACT
Incident Management Team.
The following scenario is fictitious. But the five steps are typical of schemes that plague companies of all kinds and sizes. And it illustrates how
HSBC responds to remediate these problems.
Step One
Con Man calls HSBC Customer Care and says he’s from the Fraud department. His system is down, he claims, and he urgently needs
information about Carol Cardholder — her credit card account number, expiration date, date of birth and Social Security/Insurance number. The
Customer Care employee is happy to help, but he’s cautious because he can’t locate the caller in the Group Directory. For confirmation, he asks
for the name and phone number of the caller’s manager. Instead, Con Man hangs up.
What Con Man gained: He now knows that he’ll need a manager’s name and phone number to get information.
Step Two
Con Man calls Customer Care again, this time reaching a different employee. Con Man sounds angry, demanding to speak to someone in the
Fraud department. When Fraud Rep answers and identifies himself, the angry Con Man says he won’t provide his account number until Fraud
Rep first gives him his manager’s name and phone number in case they get disconnected. Wanting to appease him, Fraud Rep provides the
information. Con Man then hangs up on the puzzled Fraud Rep.
What Con Man gained: He now knows Fraud Rep’s name, as well as the name and phone number of his manager.
Step Three
Another call by Con Man to Customer Care. This time he says he’s Fraud Rep and his system’s down. He needs important account information
about Carol Cardholder. As proof of his identity, he provides the name and phone number of Fraud Rep’s manager — and gets the account
information he’s looking for.
What Con Man gained: He now has Carol Cardholder’s account number, Social Security/Insurance number and other identifying information.
Step Four
Con Woman is Con Man’s girlfriend. She calls Customer Care, claiming to be Carol Cardholder. She wants her credit line increased. After
providing all the appropriate identifying information (obtained by her boyfriend), she’s approved for an additional $2,000.
What Con Woman gained: As “Carol Cardholder,” she now has spending power that the real Carol Cardholder knows nothing about.
Step Five
Con Woman starts charging purchases to Carol Cardholder’s account. In addition, she uses Carol’s personal information to open a new line of
credit in Carol’s name at a different bank. Carol, of course, knows nothing at this point about the identity theft and fraudulent purchases.
Time to REACT
Our two con artists aren’t content with merely raiding Carol’s account. They’re greedy and go for more. Using Fraud Rep’s name, Con Man
phones numerous Customer Care employees, pulling the same fraud over and over.
But Con Man makes slip in one of his calls. Getting suspicious, the Customer Care employee asks more probing questions. Again, Con Man
hangs up, but the employee isn’t finished. She talks to her fellow Customer Care employees and learns many of them have received similar
calls from the phony Fraud Rep.
Recognizing a dangerous pattern, the employee knows what to do. She gets in touch with REACT by calling the North American Help Desk, 1-
888-685-4357.
REACT, the Rapid Emergency Action Crisis Team, is the umbrella name for Security & Fraud Risk’s disciplined approach to investigating and
resolving information security problems.
REACT’s Incident Management Team calls in any other HSBC units that may be needed to resolve the issue. Together, they develop a
remediation plan to determine:
What kind of customer data was exposed and how it happened
Who was affected by the security breach
How to contain the damage and fix the problem
In this case, the Incident Management Team gathers key information from the Customer Care employees who were contacted by Con Man. The
team learns:
Who Con Man claimed to be
The phone number(s) he called from
The names of the customers whose accounts were targeted
Armed with that information, the Fraud Investigation department handles shutting down activity in the targeted customers’ names and any
fraudulent accounts that were set up for them.
Of course, things don’t always go this smoothly on every case. Sometimes key information isn’t available for Fraud Investigation to work from.
S ti d ’t k h th t t d t til th fi d t th l h th t d bill t t lli i Th t’
Page 1 of 2CSI: HSBC
04/10/2010http://connect.us.hsbc/topheadlines/2009/aug_20_2009.html?year=2009&printF...
2. when they call REACT.
But however HSBC learns about the fraud, Compliance then makes sure all the appropriate reporting is done, including notifying all the targeted
customers. To help address their problems, HSBC provides U.S. customers with an identity theft protection product from an approved vendor.
(This is done on a case-by-case basis in Canada.) This product, which HSBC pays for, will:
Give each customer a current credit report for himself
Monitor the customer’s credit report for any changes caused by the identity theft
Help correct any wrongful account charges that were made in the customer’s name
Refer the customer to ITAC, the Identity Theft Assistance Center, an industry-supported organization that will help the customer deal
with issues related to this incident
The Incident Management Team also sees that other appropriate parties are notified. It could be credit reporting agencies. If the compromised
credit cards came from one of our business partners, they’ll be contacted as well by the appropriate Relationship Manager. Account numbers
will be changed for the targeted customers.
If the situation warrants, state, provincial and federal regulators could be notified, along with law enforcement agencies. Internally, the details of
this multi-person fraud case are also included in a monthly report to senior management in both North America and Group.
REACT goes proactive
It’s not enough to deal with the current problem. The REACT Incident Management Team will also work with its internal partners to prevent
similar problems in the future. It will take steps to:
Work with the Business Information Risk Officers (BIROs) and Human Resources to educate the employees who unwittingly released
information to Con Man.
Raise employee awareness of information security issues and identity theft through various communications.
Suggest procedures that would make it more difficult for future con artists to pass themselves off as HSBC employees.
When all the steps have been followed, the issues have been resolved and REACT’s tracking system has been updated with all the details of
this case, the Incident Management Team can finally close the case.
And stand ready to REACT the next one.
Related Links:
What is REACT?
How Do You REACT to Security Problems?
Page 2 of 2CSI: HSBC
04/10/2010http://connect.us.hsbc/topheadlines/2009/aug_20_2009.html?year=2009&printF...