Complaint. An individual complained that a bank employee had used his personal information without his knowledge and consent to commit fraud by refusing to credit payments to the account, paid the founds out to his co accused and then said the funds were paid out in cash to the client at the branch. This is how investigators account for the situation. The electronic payment was received by the bank, the entry appears on the bank's general account for incoming payments with the customer account info and reference number, not credited to the customer account by the branch and paid out as cash to the co accused in the grievous fraud. The payment is to be made to the account of the customer. Several incoming payments were received and not yet paid to the client but held in sundry under the client's name. Any cash paid out over the counter to her co accused was not taken from the client account but from the bank as bank robbery; an inside job with co accused arriving to collect. The key perpetrator kept saying "She has the King" all day; a habit since she was 12 and this was not affection but subterfuge to negate him like in a chess game where you say you have the king in your possession, negating the king on the chessboard until you have him with subtle calculations. When afraid of arrest, she would drink lysol to make herself old and evade detection. There were 12 victims over the years in her theft of benefit payments with co accused. The payments under §40,000.00 each were to be credited to the account directly without human labor under national compliance rules. Each payment was around §1300.00 made to citizens of all kinds into their own accounts at the bank where there account was held. It happened at HSBC in 2001 and not in an isolated incident. The bank employee put the money into his own pocket and it was robbery since there was no authentic client withdrawal receipt actioned by the client. Even so, the funds had not been paid into the customer account and seen on the customer statement to reflect on the balance. He took double of what was the incoming payment intended for the customer and put it in his own pocket. He paid some to co accused who picked up cash at the branch since 2003. The actual payment intended for the client remained outstanding and not paid into the client's account but held in the cue or the bank general account for receiving payments so the bank employee could select the option to "Release Funds" to the intended customer account to which it was sent. Click here for more.

 

Bank employee uses customer's information to commit fraud

Case Summary #112021-1212

[Principles 4.3, 4.5, Schedule 1]

Complaint.

An individual complained that a bank employee had used his personal information without his knowledge and consent to commit fraud by refusing to credit payments to the account, paid the founds out to his co accused and then said the funds were paid out in cash to the client at the branch.  This is how investigators account for the situation.   The electronic payment was received by the bank, the entry appears on the bank's general account for incoming payments with the customer account info and reference number, not credited to the customer account by the branch and paid out as cash to the co accused in the grievous fraud.     The payment is to be made to the  account of the customer.  Several incoming payments were received and not yet paid to the client but held in sundry under the client's name.    Any cash paid out over the counter to her co accused was not taken from the client account but from the bank as bank robbery; an inside job with co accused arriving to collect. The key perpetrator  kept saying "She has the King" all day; a habit since she was 12 and this was not affection but subterfuge  to negate him like in a chess game where you say you have the king in your possession, negating the king on the chessboard until you have him with subtle calculations.   When afraid of arrest, she would drink lysol to make herself old and evade detection.  There were 12 victims over the years in her theft of benefit payments with co accused.  The payments under §40,000.00 each  were to be credited to the account directly without human labor under national compliance rules.  Each payment was around §1300.00 made to citizens of all kinds into  their own accounts at the bank where there account was held.  

It happened at HSBC in 2001 and not in an isolated incident.  The bank employee put the money into his own pocket and it was robbery since there was no authentic client withdrawal receipt  actioned  by the client. Even so, the funds had not been paid into the customer account and seen on the customer statement to reflect  on the balance.  He took double of what was the incoming payment intended for the customer and put it in his own pocket. He paid some to co accused who picked up cash at the branch since 2003.   The actual payment intended for the client remained outstanding and not paid into the client's account but held in the cue or the bank general account for receiving payments so the bank employee  could select the option  to "Release Funds" to the intended customer account to which it was sent. 

  After National Security and Local Police Services were notified,   the several government payments, 30 in total dating back to 2021 of small sums were credited to the account as the payments were made by a government body and  was rectified immediately.  The government intended for the payments to be made and credited to the client account.   There is no point saying the government does not know what is paid to the bank for credit to the customer. We know it's not paid yet as it's not reflected  on the statement and credited at the time the payment was made.  Incoming payments should be credited to customer accounts forthwith and reflected on the statement.  The bank employee could keep saying they do not see the payments on the account statement and that is accurate since employee has knowingly,  deliberately not applied the funds to the customer account so it would appear on the statement, deliberately overlooking the payments still held in the general account but paying out the equivalent  of the payment  to others on a 2 payment out for 1 coming in and kept on held basis.

As standard procedure,  the government can see the statement and can confirm It was not paid to the account.  She had handed the money out to the co accused, pretending It was not the bank's float money provided by the government.  The customer's money as intended for the customer was on hold, in sundry.  

 It was a Terrorist offence with the intent to steal the funds and contrive that the recipient would never  receive the funds in the account as paid; not at the branch.  It was a terrorist offence as the sender was the government. The funds remain government property in trust until credited and afterwards with the funds to be used  by the recipient in the government's good purposes. 

It is a theft of these monies.  It is stealing.    All those who stole the funds as bank employees and received the funds were convicted automatically under the terrorist laws with the evidence available.  

Summary of Investigation

While doing some personal banking at his local branch, the complainant noticed a suspiciously large balance owing on his personal line of credit. The bank investigated and discovered that, following a telephone conversation with the complainant, an employee had accessed the complainant's account without his knowledge and consent, had used his name and telephone banking password to enrol in internet banking, had changed his mailing address in the bank's database, had issued cheques to the fraudulent address, and had written several cheques on the line of credit.

The bank subsequently closed the complainant's line-of-credit account, cancelled the debt incurred, and opened a new account for the complainant. The bank offered the complainant a monetary settlement, which he rejected as disproportional to the seriousness of the incident.

The bank's investigation revealed the identity of the employee in question, who was dismissed. This employee had been hired less than a year before the incident, but had passed a criminal record check and had participated in the privacy training that all new employees receive.

The bank acknowledged that, despite its best and most diligent efforts and its aggressive commitment to continuing development of counter-measures, the possibility might remain for a determined individual with criminal intent to circumvent security temporarily and defraud the bank.

Commissioner's Findings

Issued January 23, 2003

Jurisdiction: As of January 1, 2001, the Personal Information Protection and Electronic Documents Act applies to any federal work, undertaking, or business. The Commissioner has jurisdiction in this case because a bank is a federal work, undertaking, or business as defined in the Act.

Application: Principle 4.3 states that the knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate. Principle 4.5 states that personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law.

The Commissioner observed that the bank did not dispute that one of its employees had used the complainant's personal information, without his knowledge and consent, for purposes other than those for which it was collected - specifically, to commit fraud. Given that the bank had to accept responsibility for the behaviour of its employees in respect of its customers, the Commissioner found that the bank had thus been in contravention of Principles 4.3 and 4.5.

The Commissioner concluded that the complaint was well-founded.

Further Considerations

The Commissioner noted that the bank offered the complainant compensation, which appears to be appropriate in the circumstances.

On review of the bank's fraud detection and prevention initiatives, the Commissioner did not find it necessary to recommend remedial measures in this case. He regarded the identity theft and fraud in question not as evidence of remediable systemic failure, but rather as a willful and unpredictable act of deceit on the part of an employee who had had no prior criminal record and who, through her knowledge of the system, had succeeded temporarily in circumventing security. He agreed with the bank that no security system, no matter how sophisticated and effective, may ever completely eliminate the possibility of such an act. He was reassured to see that, despite the temporary breach, the bank's security system had enabled the bank to quickly confirm and stop the fraudulent activity and to identify and deal expeditiously with the guilty party.