Devices used to enter your banking facility are in criminals' crosshairs.

Is your facility opening the door to theft?

Posted on

Picking just one word to describe the individuals who hold up banks, hack ATMs or break into financial institutions during off-hours is a tall order. So many come to mind, the four-letter variety included. "Nemesis" might be the most fitting; just when you think you have them beat, back they come. These criminals are nothing if not relentless, constantly refining and revising their strategies to outmaneuver FI's electronic and physical security solutions.

What's the latest scam scofflaws have up their sleeves? For the most part, the tactic is essentially a reinvention of a long-existing ploy.

Late last year, we wrote about the uptick in skimming and shimming, which involve black-market readers that "rip" data from debit cards and credit cards. These devices are commonly placed within ATM units, and because they're often quite small, they can be very difficult to detect. Indeed, as ATM Industry Association Executive Director David Tente told Consumer Reports, many of the contraptions might as well be invisible because they don't look particularly distinctive unless you know exactly what you're looking for. Even then, they can be hard to notice.

Vestibule doors under attack
The problem has become exacerbated as the 'bad guys' cast an increasingly wider net. For example, in addition to sabotaging physical ATM terminals, they're now also tampering with ATM vestibule doors. Accountholders regularly access ATMs when branches close by inserting cards into a reader device that authenticates vestibule entry. A simple swipe is all thieves need to financially ruin lives, stealing not only victims' card information, but their names, addresses and phone numbers. In short, users are unwittingly opening the door to full-on identity theft.

"Devices that rip data off of debit and credit cards don't necessarily need to be retrieved."

If that wasn't terrifying enough, the devices that rip data from debit and credit cards don't necessarily need to be physically retrieved by whoever installed them in the first place. Some have wireless capabilities, thereby transmitting the data that's downloaded onto these contraptions remotely.

Katherine Hutt, spokesperson for the Better Business Bureau, told Consumer Reports that these underhanded tactics serve as a classic example of why the era of convenience can be a double-edged sword.

"People really need to pay attention," Hutt warned. "We have convenient access to our money 24 hours a day, seven days a week, but so do scammers."

Nowhere to hide
Banks and credit unions seem to be fielding attacks from every angle, and all risk their relationships with consumers. During Q4 2019, targeted online attacks – where specific individuals and their accounts were breached – rose sharply, accounting for 65% of cyber incidents in the U.S., according to Positive Technologies. That was up from 59% during the prior quarter. And financial institutions were right in the thick of things. 

The study also found that when individuals are targeted, as opposed to businesses or organizations, nearly 50% of the data stolen is related to credentials, such as usernames and passwords.

Here's the good news: You can take control of your FI and customers' accounts and assets through a proactive approach to digital, electronic and physical security – one that facilitates prevention, protection and detection. Your people can play defense as well – personnel and customers included. Here are a few suggestions for the branch:

Look for signs of tampering upon entry
Skimming originally referred only to point of sale units and ATMs. As previously alluded to, not anymore. One response: communicate, communicate, communicate. Encourage customers to be on the lookout for signs of tampering before they check in. Security experts recommend gently tugging on the reader to see if it jiggles or makes any odd noises. If it's loose or appears different, advise visitors to steer clear and to contact the bank by phone.

Invest in advanced ATMs and entrance technology
More FIs are investing in state-of-the-art technology that does away with cards, allowing users to enter facilities or withdraw cash through touch pads or via their smartphones. You may want to consider investing in these systems so you can stay ahead of the security curve. Consider speaking with a current or perhaps a new third-party vendor to review centralized comprehensive access control systems versus door-specific solutions. Why? The former allows you optimal control and the ability to make expedient universal adjustments versus tackling your doors one by one.

Synchronize with alarm system
Security solutions are at their most effective when they are fully integrated. New capabilities in FI protection can detect when equipment – like access doors and ATMs – are misused. You may want to speak with your vendor to see what options they have available that feature tamper alarms or incorporate anti-skimming sensors.

Your customers rely on you to keep their assets defended. You can trust BranchServ to supply you with comprehensive technology and systems that are PCI compliant and fully customizable. Please contact us today to learn more and be sure to ask about Skim-Assure technology, the next generation of vestibule prevention and detection.