CIC Swiss Bank Whistle-Blower Tells All
http://www.bankbuzzreport.com/wp-content/themes/newscast/images/skin1/icon-date.png); background-position: -3px 0%; background-repeat: no-repeat no-repeat;">Nov 21, 2012http://www.bankbuzzreport.com/wp-content/themes/newscast/images/skin1/icon-comment.png); background-position: -3px 0%; background-repeat: no-repeat no-repeat;">1 Comment
The Following Letter Was Sent to Bank Buzz Report by a Whistle-Blower Who Was a Former Employee of CIC Swiss Bank.
I have read the articles on Bank Buzz Report and I have to tell you they are quite fascinating. I spent many years working for CIC Swiss Bank in Basel so I know the complete story about the CIC Bank customer whose account was hacked and large sums of money stolen. When I say their account was hacked, to be clear, it was CIC Swiss Bank Ebanking software, residing on the bank servers, that got hacked.
Ebanking software systems are not all equal, just like not all cars are all equal. Just like there is a big difference between a Yugo and a Mercedes-Benz,so it is with EBanking Software. CIC Swiss Bank had a YUGO Ebanking software, and it just was not safe at any speed. CIC Swiss Bank could have had the Mercedes Ebanking software, but they just didn’t want to spend the money to get it.
I have to say that you got most of it right. However, I want to now give you a perspective from inside the bank. I am not going to use my name since CIC Bank management in Basel, Switzerland, in the persons of Mr. Thomas Mueller and Mr. Christoph Ruch, can be very vindictive.
I know exactly who the customer is that you are writing about, and know how this hacking attack was successful. The simple answer is because of the YUGO Ebanking Software that CIC Swiss Bank was running and their use of the paper key cards. However, CIC Banks has now seen the light, after having so many problems, and ditched the paper key cards and went to a digit key code system. That system is much safer and impossible to hack since only one is issued, and is with the customer and is needed every time the account is accessed.
When the YUGO Ebanking Software was hacked, it was obvious to all of us at CIC Swiss Bank, that it was due to the inferior quality and security of the Ebanking software, as well as the YUGO management team in place at CIC Bank. We were also aware that it could have been an inside job carried out by an employee of the Bank or by third party contractors who were doing contract work for CIC’s Bank online Ebanking platform. As stated above, the Ebanking software was using paper paper key cards, which is insecure and was not used by any other bank except CIC Swiss Bank.
The digital key code system is much safer because it generates a unique number every 30 seconds and is required when logging into Ebanking the system. CIC Banks Ebanking security was inadequate on many levels and only a matter of time before they are going to be exploited. The user name and password is known by key people at CIC Bank and also by third party contractors who work on sensitive Ebanking software for the bank and have access to user names and passwords. But the system needs the key card number to work and the paper key cards are completely insecure.
I had previously told both Ruch and Mueller that they needed to change to a digital key card system, but they said it was too expensive and they didn’t want to spend the money. I tried to tell them they were sitting on a ticking time bomb and eventually accounts were going to get hacked. Ruch told me to basically mind my own business.
But the biggest problem was that CIC Swiss Bank had a YUGO management team at the helm. In discussing this loss with Mr. Thomas Mueller, CEO of CIC Bank and Mr. Christoph Ruch, the head of CIC’s legal department, I did my best to explain that this was a system failure that permitted the account to be hacked and that it could also be possible an employee at the bank was helping the hackers.
I also pointed out that this Ebanking account was mishandled from the very beginning when the customer clearly stated they wanted viewing only capabilities and not any payment capabilities. I reminded Muller and Ruch that Mr. Jureg Kuster, who worked for the bank for years, delivered a letter from the customer to CIC bank along with the signed Ebanking agreement, stating in part, “make sure we only have viewing only and no payment options”. In fact, Mr. Ruch had the letter in his hand and simply stated, "this letter doesn’t exist", and put it into his drawer. I told them that would not work and advised them to accept responsibility and credit back the money that was stolen and be done with it. Failure to do that would surely lead to a law suit that would be a total PR disaster for the Bank. They flatly refused and said that reimbursing the money was not an option since it would not look good to Board of Directors of CIC Bank in Paris.
You were correct when you stated that the customer asked many times for the bank to provide proof that the bank wire instructions actually came from the customer. Both Mueller and Ruch struggled over that since they were unable to provide proof, since the YUGO Ebanking system didn’t have the proper software to do that. Further, the computer logs were corrupted and log information went missing, which was strange to me and could not be explained. Mueller and Ruch had long discussions about how to respond to the customer and finally Ruch came up with the ridiculous suggestion and told Muller to just tell the customer that the Bank could not provide them with any proof. Mueller agree and wrote a letter to the customer telling them just that.
Muller and Ruch were also struggling over what to do with the customer’s demand that the Bank file a police report. Ruch and Mueller didn’t didn’t want to get the police involved and Ruch commented that they gotten enough bad press when CIC Bank employees stole millions of Swiss Francs from bank customer accounts in Lugano some years ago. So instead they told the customer, whose account was hacked, to file the police report, knowing that the customer lived in another country and didn’t speak either French or German.
I see you discovered the Lugano incident and the news reports about that thef. Good reporting, since CIC Bank did their best to keep that news buried. They were largely successful except for the two articles, they must have missed due to the fact that those small newspapers that published those articles.
You need to understand that the Swiss Banks are fully supported and protected by the media, any negative news about Swiss Banks won’t get published until it becomes an international incident or criminal matter. The news media will do nothing, except perhaps place a courteous call to the bank, informing them that they got a complaint from a bank customer, perhaps in the hope of getting the bank to spend some advertising money with them.
I was in Ruch’s office when he got a call from a newspaper editor, who said he picked up information via the civil and criminal complaints filed against CIC Swiss Bank. Mr. Ruch was joking with the editor and told him there was nothing to it. However, when he hung up the phone he went into a tirade and was cursing the customer and was also cursing Mr. Kuster, for taking the customers side. Mr. Ruch then screamed that he would get even with the traitor Mr. Kuster. Ruch was totally out of control and I was quite stunned by his conduct. His face was red and if looks could kill, everyone in that room would be dead. Ruch was totally irrational and there was no way to reach him. So I just quietly walked out of his office and went back to my office and started contemplating looking for another bank to work for.
Ruch and Muller are terrible managers, have poor judgment, are egotistical and have made numerous bad decisions. That resulted in the bank losing many good customers and millions of Swiss Francs, who the customer took with them when they closed their accounts. I finally couldn’t take the arrogance and incompetence of these two individuals any longer and quit. I am working for another bank right now and very happy there. It’s smaller, but it is much more customer friendly and we use the digital key card system for our online Ebanking customers, and we never had an account hacked.
CIC Bank is owned by the French Bank, Crédit Mutuel-CIC group headquartered in Paris France. The CEO is Mr. Philippe Vidal, but Mr. Vidal, is not paying attention to what’s going on at CIC Bank Switzerland. CIC Bank France is having their own major problems in dealing with the EURO crisis and has billions at risk in way of loans to Southern European countries. CIC Bank France, is also preoccupied with the European Union breakdown as well as an ongoing investigation against them for money laundering. This is resulting in the lack or proper oversight for CIC Swiss bank operations. What’s amazing is that Mr. Vidal leaves two incompetent individuals, in the persons of Mueller and Ruch, running bank operations in Switzerland. It is a recipe for disaster and that's what unfolded as they defend a law suit filed by the bank customer.
Why Mueller and Ruch just didn’t reimburse the customer for their loss, and then fix the security problems, is just un-explainable, un-fathomable and inexcusable. Both customer and employee relations are terrible at CIC Bank and there is no effective leadership at the top and when something goes wrong they blame others and go into cover-up mode. Therefore, employees are constantly quitting and good bank customers are constantly leaving. Mueller and Ruch proceed to run CIC Swiss Bank operations into the ground as Mr. Pillippe Vidal, the Chairman of the Board, sits in his swank office in Paris thinking about how to prevent another Moody’s downgrade. Maybe a good start would be to get rid of his "YUGO" management team at CIC Swiss Bank!
I am confident that the Bank customer will prevail in their law suit against CIC Swiss Bank for all of the above stated reasons and more.
Former CIC Bank Employee
The following article is from one of our external contributors. It does not represent the opinion of Benzinga and has not been edited.