Financial services firm scrambles over report of security breach

Fiserv, a company that provides financial services for 10,000 clients, is scrambling to clear up a weekend report that said it suffered a major security breach.

2 min read
Fiserv, a company that provides financial services for 10,000 clients--including banks, securities firms and credit unions--is scrambling to clear up a weekend report that said it suffered a major security breach.

Brookfield, Wisc.-based Fiserv was the subject of an article in the Britain-based Observer and Guardian newspapers Sunday, which quoted a 28-year-old software analyst who said he accessed numerous bank accounts through the company's Web site.

Ralph Dressel, who works at Royal Skandia Investment bank, told the Observer and the Guardian that he was able to access accounts, transfer funds, change PIN numbers and pay bills at many U.S. banks.

"I guess if I wanted to I could have transferred $50 million into my account," Dressel told the Observer. Dressel could not immediately be reached for comment.

Fiserv issued a news release this morning, calling the report "incorrect and misleading." Fiserv officials said Dressel did not access people's accounts, but he somehow managed to get into invented accounts used for sales purposes.

"It's a bunch of fictitious information, mock-ups," said Chuck Doherty, Fiserv's director of corporate communications. "Let's say you're a bank and were deciding whether to offer Internet banking and weren't sure how it worked. You can go in there and do transactions and get an idea of how it works."

The "demonstration accounts" were designed for use by potential clients only, so technically, Dressel's ability to access the accounts constituted a security breach. But the breach was far less severe than the Observer had stated, Fiserv said.

Fiserv's Doherty said the company had contacted the Observer, but he was not sure yet if a correction would be run. The Observer could not be reached for comment.

Charles Sprague, Fiserv's executive vice-president, said he was upset that the article did not include any response from Fiserv.

"Maybe they called our office in the middle of the night Sunday, but no one I know has heard of it," Sprague said.

Although Fiserv said they did not expose customer account information, they would not be the first to do so if they had. Earlier this month, First Virginia Bank customers were able to view the account information of their fellow bankers, including deposits, balances and cleared checks.

In November, NetBank accidentally linked two accounts, giving one client the private information of another client, including a social security number. H&R Block shut down its online tax filing service after the company accidentally exposed some customers' sensitive financial records to other customers.

More than 40 million households are expected to view and pay their bills online by 2005, according to a study by Jupiter Communications.