Welcome to the Vital Integrities Blog

Citigroup's Credibility Takes Another Hit

According to its Web site marketing, Citigroup is fighting identity theft. In fact, the bank created a team of Internet Security Specialists to tackle suspicious credit card activity. "While Citi Cards' Identity Theft Specialists help fraud victims recover, the goal of the ISS team is to prevent cardmembers from becoming victims." Just this May, Citigroup announced its collaboration with the National District Attorneys Association to assist in the prosecution of identity thieves.

Then this week, Citigroup disclosed that a box of tapes containing information on nearly four million customers was lost in transit. The tapes contained names, Social Security numbers, account numbers, and payment histories belonging to the bank's loan and credit card customers. To be fair, Citigroup says it handed the box over to UPS for delivery to a credit bureau, but the box never arrived. (UPS spokesperson Bob Godlewski said they are "really, really, really" sorry!) But on the heals of recent consumer data thefts and misplacements--including Bank of America's disclosure in February that tapes containing information on over a million of its customers were lost in transit--Citigroup's sloppy security procedures are inexcusable.

Edmund Mierzwinski, a consumer financial security expert at the Illinois Public Interest Research Group, told the Chicago Tribune, "It is outrageous for a bank to lose unencrypted information months after another bank lost unencrypted information."

Citigroup says it is implementing procedures to encrypt financial data and transmit it to credit bureaus electronically. That's nice, but a little too late. If Citigroup is going to promote itself as a leader in data security, its management needs to Live By the Values They Profess. In other words, put proper security measures in place first--then write the marketing material.
Bookmark this post on del.icio.us

Vital Integrities Blog - Blogged