My buddy "Fred," who works at a competing retailer, likes to get together and talk "shop" with me from time to time. Just this evening he was telling me about the Customer Service Manager at his store.
Fred told me that this evening he happened to walk by the podium where the CSM (or GSTL, in my company) does their paperwork, record keeping, and cash handling for the cashier's drawers. The CSM had left a box filled with all the customer's checks from the evening sitting out in plain view, unattended, where anyone could just swipe it and run.
Since my buddy Fred possesses half of a brain more than what his managers possess, he quickly covered the box with a plastic bag and hid it under the podium, and ran over to tell the CSM about her mistake. The CSM just shrugged her shoulders, and said "...So?" It used to be that the things Fred tells me would utterly amaze me. They don't anymore. There are people at my company who are just as stupid, and who do exactly the same things Fred tells me about.
For those of you who don't fully realize the enormity of the situation, let me spell it out. I used to work at a bank. The bank gave me training on how to spot the things that thieves and Identity Fraud artists do. All I would need is one check, and one check only, out of that box Fred saw, and I could do quite a bit of damage.
- With a clear specimen of the customer's signature on the check, and the account number, I could then drain the account the next time the bank opened. I know how to get around most banks' requirements for I.D. Even if I didn't know that, I could still find a teller young enough and green enough who couldn't tell a fake I.D. from a hole in their head. I know how to do all this without getting my real face visible on surveillance cameras.
- Using the customer's address and phone number printed on the check, within a matter of days I could find out their credit history, their social security number, their driving record, what credit cards they hold (and the numbers of each), who their kids are, where the kids go to school, the kid's grades, the kind of food they eat, the type of clothes they buy, the prescriptions they take and the doctors they see, their email addresses, their utility balances, where they travel, their pension information, their military service records, criminal and court records, and the list goes on.
- Using the customer's account number, I could hack into their online banking if they have it. If their bank offers online imaging of their canceled checks, I can do this whole same routine for every person or business the customer writes a check to.
- If I was lazy and hired a corrupt private investigator, I could have all this information in hours, if not minutes, rather than days.
Let retail executives be warned. There are two major retail companies in the Oklahoma City area that handle their customer's privacy matters with the skill of a four year old. Your employees have warned your managers constantly, to no avail.
Fred and I just finish our Starbucks coffees, and laugh our asses off.