Currently a trial is going on in British courts against a former customer business manager of the Handsworth branch of Barclays Bank.
Parminder Bhachu, 42, from Birmingham, is accused of authorising the transfer of £480,000 from the bank account of Londoner Barbara Siembida in February last year.
These transfers are said to have happened on a number of occasions between September 2008 and February 2009.
She and businessman Satwinder Ghattaura, 42, along with sisters Puspaben Patel, 32, and Niranjnaben Patel, 35, have been charged with conspiracy to steal.
The alleged modus operandi was:
* Ms. Parminder amended Ms Siembida’s address in December 2008 to an address of Mr. Ghattaura.
* Four days later Bhachu ordered a pin entry security device, used for internet banking.
* Ms. Parminder used falsified documents to open four business accounts under the name of ‘Stirling Property Investment’, into which £480,000 was transferred during five days in February 2009.
* Ms. Parminder authorised the transfer of the money into the false accounts after it was taken from Ms Siembida’s ‘nest egg’ savings fund.
* Ms Puspaben Patel visited the branch where Bhachu worked, posing as Ms Siembida, to facilitate the transfer of funds between Ms Siembida’s savings and current accounts so that the money could be withdrawn.
A key weakness that seems to have been exploited is the lack of a robust “maker-checker” authorisation controls in “non-transaction” data fields.
Generally banking software have very strong “maker-checker” controls and logs for financial transaction data. However, it is important to ensure that similar strong “maker-checker” authorisation controls and log review mechanism be deployed and stringently followed even for non-financial transaction data.
Comments are closed.