Friday, January 25, 2008

Prudential’s rock crumbles when it comes to securing personal information

Prudential Financial gets a spot on our office’s Identity Defense Wall of Shame this month. They had a temp worker collect personal information from a customer then the temp worker stole the customer’s identity to go on a three month, $70,000 spending spree!

According to the article about this event, Prudential takes customer information and security very seriously. We see that clearly from the end result of this encounter between a Prudential temp employee and a Prudential customer.

Stop and think about what happened here. A financial conglomerate worth $36 billion does not have the sense of how to secure personal information that it receives. Collecting customer information is the most volatile point in a transaction because it is up to the person who collects it as to how the information is treated. This is where Prudential’s security falls apart. The people collecting information should be trusted, longer term, well paid employees, who hopefully, will want to keep their job and have little or at least minimal incentive to steal. Instead they gave that crucial task to a 23 year old temp worker, who obviously did not care about his temp job and felt he needed to supplement his income.

I’m sure they spend millions on data security, and backup systems and passwords and encryption etc. As a financial institution they are required to have secure systems on all fronts. But no matter how big your walls are, or how many lines of defense you have, if you can’t complete step 1 and put the information into secure areas, it is useless. Picture your bank having the tellers leave all the money on the counters at night and still go lock the safe.

If Prudential has procedures in place, the management team is not reading the company manual. To be fair, this could easily happen with just about any employee and it is where a significant portion of all ID theft occurs. But when you assign tasks to someone who is not even an employee, then any incentive to do the right thing is minimized because there is no long term bond.

For the sake of all of their existing customers let’s hope they have a better system in place for securing their personal information.