September, 2014

In this Issue:
   Bomb Threats: Part 1
   by Barry Thompson
Bomb threats have unfortunately become a stark reality for financial institutions. Be sure to instruct staff during a bomb threat not to use cell phones or smartphones to call 911 or anyone else. Some bombs may be activated or triggered by a wireless device.
Data Breach Reaction
There has been a lot of press recently about data breaches and banks are now listed as the victim, not your local or even national retail store. So your customers may have security questions, and while that is more on the IT side, the Security Officer can certainly help. Articles such as this one can help you formulate a response that includes communication with customers, specific information about your bank's status and information the consumer can use to both protect and monitor their accounts. Ensure your action plan is up to date, and help your customers protect their data with useful tips for internet safety found in this article.

Training Programs

Checkup for your RDC Program
September 8
 — 
by Susan Orr
Remote Deposit Capture, or RDC, covers a lot of territory and continues to expand. RDC doesn't just refer to your merchant customers but now includes consumer mobile capture, ATM deposit capture, lockbox operations, and even your internal branch capture. How will your deployment of RDC stack up against the expectations of your examination team? Is your risk-analysis current? Have you included all your RDC applications? Have you kept up on any technology changes that can affect your service delivery or mitigate the risks involved? Are your controls robust enough to satisfy your management's risk tolerance and the scrutiny of examiners who have seen RDC deployed by scores of other financial institutions? Get the latest information on RDC best practices that can keep you in the good graces of both management and regulators in this webinar.
FinCEN's Beneficial Owners Proposal: What It Can Mean for You
September 22
 — 
by John Burnett and Sonja Kriegsmann
FinCEN's proposal to beef up Customer Due Diligence requirements by requiring financial institutions to obtain and verify beneficial ownership information for entity new customers promises to complicate and prolong the new account process and to require significant updates to your policies and procedures documents. FinCEN claims it will level the playing field for all institutions. That can only mean that many banks will need to step up their efforts. If you're looking for an analysis of the proposed regulatory changes and the message behind FinCEN's prefatory information, or searching for ideas you can use in a comment on the proposal, join Sonja and John for this in-depth discussion.
Vault Burglaries, Floods, Fires & Other Disasters
November 5
 — 
by David McGuinn
Damage to a bank's safe deposit vaults caused by a burglary, fire, flooding, tornado or other disaster can create not only major logistical problems, but also potentially huge legal liability. But there are measures your bank can take that can limit its financial exposure to such events. Attend this important two-hour presentation to get key information you can use to mitigate the post-disaster exposure of your safe deposit operations


Welcome to the September issue of Security Spotlight
In this month's Security Spotlight, summer may be winding down but bank robberies, ATM crimes, counterfeit items and ID theft were still hot happenings in August. Barry Thompson has an important reminder about what not to do during a bomb threat, and our Facebook posts provide excellent examples to use in your annual security training.

A Cover Up and Uncovered
Blessed? Truly? - When those with criminal predilections set out to rob a bank, they generally don wigs or hats to cover their hair or sunglasses to mask their eyes. What about easily identifiable and permanent markings, like tattoos? Apparently that's when make-up comes in handy. It seemed to do the trick for 23-year-old Andrew Rodgers when he robbed the Cooper State Bank in Columbus, Ohio on July 23rd. Bank surveillance footage of Rodgers shows him with a clear face other than a closely shaven beard and mustache. Rodgers, who barely made it to his getaway car when the dye pack in his stolen loot exploded, was arrested less than a week later. When he was apprehended, his face was covered in ink art. Most notably were the words "Truly Blessed" across his forehead with a cross in the middle. Charged with one count of aggravated robbery, Rodgers is not so blessed.

Bare exposure - And then we have the bank robber in Illinois who went to the other extreme and did nothing to disguise his appearance. Ezekial Deanda, 32, didn't wear a hat, a mask, or sunglasses when he demanded cash from the teller at the Associated Bank in Rockford. In fact, Deanda didn't wear anything at all. The bandit revealed himself completely when he took off all his clothes before his heist. Heading to the bank's basement with the cash he pilfered, that's where police found him getting dressed when they arrived. Deanda faces charges of robbery, resisting a police officer and aggravated battery to an officer (for allegedly spitting on one of the arresting officers). What about indecent exposure?


Check our Bank Robbery page for photos and information on the latest robbery suspects. There are 33 unknown bank bandits featured in our suspects gallery for August.

Most of these bandits concealed their identities with hoods, sunglasses or other coverings. Enforcing a no hats, hoods and sunglasses policy can help reduce the number of bandits who target your bank. Purchase No Hat Cling signs for all of your branches from the Banker Store.



DIY Skimmers and ATM Thefts

Need a skimmer? Print one. - When an ATM skimmer and fraudulent slot cover are found to so closely resemble the real thing, it brings up the question of possible insider involvement. In Marseilles, France, a man was arrested while he was testing an ATM skimmer using his own card against his own account. Turns out he had used a 3D printer to make the realistic slot covers and had already stolen $40,000 (not from his own account).

ATM theft - When we hear the term ATM theft, it's often relative to theft from a person at an ATM. In western Washington state, however, the Enumclaw police are looking for the theft of the actual ATM, reported by a local business owner. In such cases, thieves tilt the ATM into a truck or trailer and remove it so they have time to break into it. When the entire ATM is taken, the losses are often higher. This incident is a reminder to revisit the anchors, chains and shrouds used to secure smaller, free-standing ATMs. Whether it's your bank's ATM or a customer's, do your best to mitigate this type of loss.

ATM theft 2 - If you read the story above with the thought that it was a "rare case" or that it doesn't happen "here," and if "here" is anywhere near Fayetteville, GA, you might want keep an eye out for forklifts. A forklift was stolen at a restaurant off GA Highway 85 during its remodel and later used to remove an ATM from the Delta Community Credit Union. Video shows the stolen forklift being used during the theft of the ATM, which was placed into the bed of a stolen pickup truck. The truck was found abandoned, without the ATM. While the amount of cash left in the machine is unknown, the ATM was valued at $50,000.

ATM theft 3 - In Akron, OH two fire department vehicles were stolen. One was recovered after it was set on fire and left abandoned. An ATM that had been stolen from a store in nearby North Canton was found in the back of that vehicle. The second fire department vehicle was also later recovered with damage.

Weakest link - The bank's vault is secure. A safe that is located inside or outside of the vault, that is used for teller drawers, and that contains a minimal amount of cash is a weak link in the chain of security. A weaker link may be outside the bank, where the armored car delivers and takes your cash shipments. In Clinton Township, MI, near Detroit, an armored car guard opened fire on a pair of robbers in the middle of the afternoon. Police quickly arrived on scene. Witnesses to the crime said the guard was exiting the bank when he was approached by one of the thieves. He handed over the bags of cash and began firing. One of the two robbers involved was killed while the other fled. After firing off three rounds, the guard took refuge back in the truck, closing the door behind him. Fortunately the second robber fled and didn't enter the bank. If this happened at your bank, when the shots started, how long would it take to lock your bank's doors?

How low can they go? - We know that dormant accounts get additional monitoring, but what about an account that hasn't gone dormant yet, but you know the owner has died and the account will go dormant unless the estate takes over? After an account owner passes away there can be a lot of confusion. An HSBC bank officer and her husband, who were taking advantage of the confusion, have been arrested for allegedly stealing $35,000 from bank accounts of passengers on the missing Malaysia Airlines flight 370. Police are looking for a third person they believe was also involved in the thefts.

  
  Don't miss it! Register Now!


Hot Topics from the Bankers' Threads
As security issues heat up we've seen a noticeable absence of discussions of security issues in the Public Security area. More of the discussions, for risk management and confidentiality reasons, has moved to the private area where we have a forum for bankers only on security topics, and another that allows law enforcement and regulators access.

We also have a "private" security forum for discussion of more private, sensitive topics. That is where security officers were discussing reliance on motion sensors instead of clearing the bank each morning, signing for keys and maybe for combinations, the cost of defending the bank vs. being sued for checks a hooker cashed, larceny, 314a lists, backup SOs, and more!

To comment in Bankers' Threads you must be a registered user. You can register here. If using your bank email account, you will be given access to the private forums. The Private area is a group of forums under the heading "Private - Financial Institution Personnel Only." The Private forums do not include access to Bankers Hotline or Compliance Action, premium content areas that require paid subscriptions to those respective publications.

If you are already registered for the Threads, but don't yet have access to the private forums, using your bank email address send a request for access to andyz@bankersonline.com. Please verify that you do not yet have Private access. Once your registration request is approved, you can access the Private Security forum here.




Counterfeits, ID theft and other things that go bump in the night
More than 200 CrimeDex alerts crossed my desk last month (I haven't set up any filters, so I get almost all of them). The first one to catch my eye included "AZAG" in the subject line. It was posted by the Arizona Attorney General's office, which is looking for information on accounts held by any of seven individuals who may be involved in "Fraudulent Schemes and Artifices, Forgery, Money Laundering and Theft in excess of $500,000." I know I want to know how any investigation described that way turns out!

Walmart investigators reported working on a fraud scheme involving suspects who claim to be Walmart employees needing to conduct test transactions and socially engineer their way into convincing a real Walmart employee into sending money via MoneyGram. The superchain has run up more than a half million dollars in losses in this scheme in the last 6 months. When was the last time you warned your staff about social engineering?

Financial Plus Credit Union, in Michigan, warned it has received multiple notices from across the country that people are receiving counterfeit cashier's checks purportedly drawn on the credit union, involved in multiple scams including online job applications, secret shopper and Craigslist frauds. Ohio University Credit Union has also reported being hit with counterfeit cashier's checks in amounts from $2,980 to $3,600, apparently all derived from a legitimate $20 cashier's check sent by a CU member to a children's aid society. And Citizens National Bank of Paintsville, KY, reported counterfeit official checks that have been mailed to victims in another internet scam.

And this month's contender for the "lowest of the low" aware is report by Houston, TX, police, who are seeking 15 or more suspects who are reportedly stealing the identities of elderly women from nursing homes and rehab centers. Half of the suspects are believed to be phlebotomist nurses working as contractors in nursing homes and other medical establishments. The stolen identities have been used to make fraudulent purchases amounting to over $1 million.

Are you a BOL CrimeDex subscriber? You could be receiving regional or nationwide alerts about crimes that can warn you of crooks operating in your area or scams that could affect your institution and its customers.

CrimeDex is now FREE to registered members of the Bankers' Threads
Private Security Forum! Get the details and subscribe now!



Throughout the month, we share news related incidents on our Facebook page that can be informative examples for training employees on security issues and more.

In our August 27th link to a bank robbery story, the bank's surveillance images show what looks like your friendly, middle-aged neighbor, but this man threatened the teller and is suspected of other bank robberies as well. Thanks to the effectiveness of the bank's camera angle, good lighting, a clear image and a helpful crime line tip, this incident ended with an arrest.

Our August 13th post about teenage trouble in paradise shows that even kids can figure out what it takes to rob a bank. And on August 12th, the unfortunate story about a teller shot during a robbery is one example to add to your training so that employees know how best to avoid these circumstances. On August 8th, another story to include in your robbery training materials involves an employee's car being stolen and used as the getaway vehicle after a bank robbery.

Keep up with these and other informative topics on our BOL Facebook page. Be sure to "like" the articles so we can continue to post more articles of interest to you!

Subscribe to the monthly
Security Spotlight!

Access archived issues of the Security Spotlight
on BankersOnline's Security Spotlight Archive page.