Telling Your Superiors Their Financial Data Is At Risk?

alterimage asks: "I'm a Computer Science major at night, working by day in Accounting for a major telecom provider, with clients consisting of most the entities on Fortune's Top 20 Most Admired Companies of 2006 list. Daily, I see customer payments in excess of $50,000 come and go. Strangely enough, rather than have these payments conducted by an IVR system or over the Internet, the majority of these payments are conducted over the phone with individuals such as myself, who are instructed to write down, document all the specific banking information, and to keep them on hard-copy in an unlocked file cabinet that is accessible to anyone. Having experience with social engineering and fraud, I've already advised my boss that it's probably not a good idea for those bank routing and account numbers to be laying around unsecured, and was told that I'm over-reacting. So I ask Slashdot: At what point should the human aspect of security be considered in the business environment? Should I just smile, nod, and play along in this situation?"

Don't Jump To Conclusions

[rueger]

You're a junior employee by the looks of it, possibly part time, taking phone orders.

There is every likelihood that your employer has safeguards in place that you don't know about, and even that they don't want you to know about.

Re:You're probably witnessing a scam.

[passthecrackpipe]

Well, Scam may be harsh - there simply isn't enough information to determine that - burglars use crowbars - does that make everyone that uses a crowbar a burglar? However, SOX is right on the money, although it doesn't apply to all organisations. Nevertheless, outside of SOX there is pretty good whistleblower protection anyway.

The question is, do you *want* to be a whistleblower? I just recently found myself in a similar situation where I was "asked to leave" because I insistently pointed out serious issues with the integrity of some significant financial datasets my (now previous) employer was processing. Subsequent discussions with my solicitor (who was very keen on running with a major whistleblower case) and a lot of discussions with my wife and other close friends made me decide to simply take some hush money and go away - your career will be ruined, your life will be a disaster for many years, and there is simply to much aggrevation, with no little payback for being some idealistic flag-bearer in what is -essentially- no longer your problem. I am on record as bringing these issues up, and these records are non-repudiable. My ass is covered. So is my mortage and my the education funds for my kids.