Collaborating On SecurityCollaborating On Security

Financial-services sectors have been working independently and with the government for years, especially when it comes to monitoring suspicious activities. But since Sept. 11, the level of cooperation has been unprecedented, says Catherine Allen, CEO of BITs, the technology group for the financial-services roundtable, a trade association for the 100 largest integrated financial-services institutions. Allen spoke to information during a break from one of the regular meetings she has with homeland security chief Richard Clarke to discuss ways of extending the financial sector's role in helping the government understand how terrorist activities may undermine commerce.

One topic discussed for several months is the verification of Social Security numbers. Two key proposals are on the table. One would let financial-services institutions secure access to the Social Security database. The other would give that access to a third-party outsourcer to verify the numbers for multiple banks.

While such discussions are being held in the name of security or to prevent terrorists from laundering money, Allen says that it can only help the financial institutions, as well as credit-card issuers and retailers, which lose millions in identity theft and credit-card fraud costs that may be passed on to the consumers. "The better we can verify the truth of who the customer is, the more benefits there are to the individual consumer as well as all of the institutions involved," Allen says. "All of these actions are part of the risk-management strategies of our institutions. There's a benefit in being able to identify fraudulent activity and cut costs for fraud losses to the institutions."

But what about privacy? Allen says that privacy has always been an issue to be taken seriously, but when it comes to something like identity theft, most consumers would rather sacrifice some privacy to gain personal security. The byproduct is that the banks also are able to identify potential terrorists and criminals. "There's a balance between privacy and security," she says. "The people who have been victims of identity theft are certainly saying that institutions need to verify identities."

Still, there's a cost to all of this. Changing IT systems, adding firewalls, and addressing redundancy issues are expensive undertakings. "We're going to make those changes because we want to or because the regulators say we have to," says Allen. "But remember, the reason that 9-11 wasn't a disaster as far as the economic infrastructure was concerned was because institutions and regulators had understood the need for back-up earlier. It's expensive to run those things, but that's part of doing business."

Financial-services institutions are spending the majority of their IT budgets to address security, business continuity, and anti-money laundering issues. That comes at a cost, especially during an economic downturn, so projects such as customer-relationship management are, in many cases, ending up on the back burner.

close this window