As you may have read, Morgan Stanley recently disclosed that one of its employees – an advisor named Galen Marsh – stole account information from up to 10% of its wealth management clients (roughly 350,000 people) and posted a portion of this information online in the hope of ultimately selling the full details. On the heels of recent cyber-attacks on Target and Sony, this customer security breach demonstrates how internal threats can be just as problematic for large firms as those from external sources.
Morgan Stanley’s quick discovery of the information leak and swift firing of Marsh probably prevented any significant long-term damage, but many have been left wondering what steps could have been taken to prevent something like this from happening in the first place. One issue with combating inside threats is the difficulty of determining whether employees are retrieving customer data for actual business matters or using it for illegal purposes. In a memo to employees, Greg Fleming, president of Morgan Stanley’s wealth management division, said that “(w)hile the situation is disappointing, it is always difficult to prevent harm caused by those willing to steal.”
Nefarious internal employees will always pose a threat (as will external hackers, for that matter), but many firms are taking measures to safeguard client data by enhancing their customer-facing security practices. With the rise of Apple’s Touch ID technology, as well as fingerprint identification software available on other mobile devices, personal security measures are becoming ever stricter. Financial services firms including American Express, Capital One, Discover, E*TRADE and TD Ameritrade have incorporated Touch ID into their login interfaces, allowing users to access their accounts with their fingerprint (provided their device supports Touch ID). This method is more secure than using a typical username and password, which can be stolen or falsified.
USAA is one firm at the forefront of the movement for enhanced personal security. As part of a pilot program launched this past November, USAA began rolling out biometric login features to a limited number of clients with iOS 8 devices. The new optional authentication methods utilize facial or voice recognition software to verify users’ identities before logging them into their USAA accounts. This is an innovative use of the iPhone’s native functionality and something that other firms will probably embrace in the months and years ahead.
Voice Recognition Facial Recognition