Digital revolution a problem for banks

The digital revolution is turning into the achilles heel of Swiss banks, said security and banking analysts quizzed about recent stolen data turning up in the hands of neighbouring countries.

CD-ROMs, USB sticks and even mobile phone cameras have become handy options for disgruntled or ambitious staff to copy computer data on thousands of clients when a few years ago a cumbersome paper trail was needed.

Swiss banks built much of their recent reputation around a legal obligation to maintain secrecy on their customers' banking affairs – criminal cases aside – including from the taxman, whether in Switzerland or abroad.

But preventing one-off leaks, which can have much a bigger scope than before, is becoming a conundrum.

Banks are "big consumers of Information Technology" and have to "square the circle" to counter the threat, said Gregoire Ribordy, director of network security firm IDQuantique.

Measures are available, such as minimising the extent of information open to client advisers, automatic access restrictions, multiplying the number of people needed to unlock encrypted data, or prohibiting USB keys and CD-ROMs at the workplace.

Nonetheless, "information has to circulate so that people can do their jobs", said Ribordy. Yet, even a miniature camera on a mobile phone is enough to take a snapshot of data displayed on a computer screen, he said.

The 1934 law on bank secrecy was specifically designed to discourage staff from leaking client data to foreign powers by making it a criminal offence, but that was in the era of hand or type-written ledgers and punch cards.

In 1996, a private security guard became a whistleblower by recovering documents from the shredding room of UBS bank in Zurich to reveal details on hidden Holocaust-era accounts.

But little has filtered on the exact origins of a CD-ROM with stolen Swiss bank data German authorities said they were ready to buy for €2.5 million (Dh12.5m) in a crackdown on tax-dodging German taxpayers.

A spokesman for the Swiss Bankers Association, Thomas Sutter, said that the case "is not a good thing for the financial centre".

The German case emerged just months after French authorities picked up a CR-ROM with raw data taken by a former employee of HSBC Private Bank in Geneva, Herve Falciani, allegedly with details on 3,000 clients.

And in 2008, an anonymous whistleblower sold data on thousands of clients at Liechtenstein banks, helping Germany investigate suspected tax evasion by business executives, sports stars and entertainers. In the French case, Falciani was a computer expert at the bank. While in recent years public attention has focused on external attacks by hackers or thefts exploiting Internet Banking, IT security specialist Jerry Krattiger told Le Temps newspaper that about 70 per cent of leaks were by insiders.