Easy Money, Compliance, Security Engineering, and ...jail

"The SEC charged Grand Logistic S.A., a Belize corporation located in Estonia, and its owner Evgeny Gashichev of Russia, with breaking into victims' computers and using the illicit access to their brokerage accounts to drive up stock prices. Between August 28 and October 13, 2006, the illegal scheme made the company at least $353,609" More here

I believe that the identity theft was possible due to inappropriate identity management or/and authentication schema.

That is why more and more Compliance such as PCI standards gets adopted.

Compliance tells you what to do and Security Engineering tells you how

Cheers