Issued by FDIC
Security Spotlight: Internal fraud, rural robberies, hot topics, a CDD tool, and more!
Welcome to the June Issue of the Security Spotlight
Barry Thompson's Monthly Security Tip
Internal fraud warning signs
Financial institution security professionals will eventually experience an internal embezzlement. Training your staff to detect warning signs of internal fraud is one of the most effective measures you can take to mitigate embezzlement losses. Bank management often questions internal fraud training, with the misconception that if internal fraud isn't discussed staff members may not think about doing it. In reality, it's unlikely that internal fraud training will influence a potential embezzler in any way. People who get involved in embezzlement are often under pressure to obtain funds for many reasons. Following are some internal fraud warning signs:
- Staff member regularly works after hours, takes work home, works frequently on weekends.
- Refusals to take vacations or sick leave.
- Refusals to accept promotions.
- Use of intimidation when asked questions about a particular area or account.
Train your staff to know the warning signs and implement a fraud hotline. Studies suggest that a fraud hotline will reduce potential losses by half, especially when employees know the warning signs. According to the Association of Certified Fraud Examiners, hotline tips are one of the top ways internal fraud is discovered.
Most Wanted: Nationwide search
Rural robberies on the rise...Banks in Omaha, NE are on high alert following a rise in violent bank robberies. According to the FBI, 41 bank robberies occurred in the Omaha area in 2016, including 32 in which the robbers were armed. So far this year, 12 financial institutions in the region have been robbed – 10 of those involving guns. Criminals are targeting smaller banks in towns just outside the metro area where there is less of a law enforcement presence and longer response times. The FBI suspects that gang members are behind the robberies, given their M.O., entering the banks waving guns, shouting orders, jumping counters and often going straight for the bank vault. The thieves usually wear masks or hoods, hiding their facial features and showing very little skin. The latest heist took place on May 8 at the Two Rivers Bank in Arlington, where two men carried semiautomatic handguns and wore masks that made them look like old white men. The Omaha FBI office is asking for the public's help in solving these very dangerous robberies, and Omaha Crime Stoppers has raised its reward to $20,000 for information leading to criminal charges in any area bank robberies.
Check our Bank Robbery page for photos and information on the latest unknown bank bandits, many of them with sunglasses, hats or other head and facial coverings disguising their identity. Enforcing a no hats, hoods and sunglasses policy can help reduce the number of bandits who target your bank. Purchase No Hat Cling signs for all of your branches from the Banker Store.
Hot Topics from the Bankers Forums
There were no new discussions posted in the public Security forum in May. If you have a non-sensitive question or topic to share, you can post it for discussion here. You'll find active discussions on sensitive security topics in our "Private Security Forum," where bankers discuss issues out of public view. There's also a private forum that invites participation by bankers, regulators and members of law enforcement.
The private forums are the place for security officers to discuss topics like hot topics like finding an expert on checks, Fedline tokens, ATM skimming and requesting ATM video, and more. If you're a registered user of BOL's Discussion Forums, but don't see the Private - Financial Institution Personnel Only forums near the top of the Forums list, use your bank email address to send an access request to email@example.com. Once your request is approved, you can access the Private Security forum here.
BOL CrimeDex helps banks improve security
Over 500 BOL CrimeDex alerts crossed our desktop last month! Whether it was a warning about gas pump skimmers in Tennessee, a search for financial accounts from the Postal Inspection Service, a request for ID assistance on a cloned-card case, or an alert about counterfeit cashier's checks from a credit union, the alerts were posted in pursuit of crooks, fraudsters and others who would rather live dishonestly on someone else's hard work than honestly on their own. Here are just a few examples:
- A report from the Chicago area about two individuals with fraudulent IDs attempting to cash a stolen federal tax refund check
- An alert from the Hood County (TX) Sheriff's Office seeking the identity of two suspects who used a stolen credit card
- A post from the McCoy Federal Credit Union with photos of suspects involved in installing a skimming device on an ATM
- Photos of a suspect involved in three bank robberies near Montgomery, Ohio, with a request for assistance in identifying the robber
- A request for account information related to illegal internet sweepstakes establishments being opened in Colorado
- A New England bank asked for help identifying a suspect responsible for several large-dollar HELOC account takeovers
- A Georgia bank reported that two suspects had opened multiple accounts with fake Cameroon passports and deposited dozens of $99 checks on frozen or blocked accounts, withdrawing cash before the bad checks were returned.
BOL CrimeDex helps banks improve security—In addition to the invaluable assistance that BOL CrimeDex alerts can provide in identifying criminal suspects are the scores of examples of behavioral "red flags" that a security officer can use to drive home the security message to staff members in training sessions. If you have access to our private forums, read the "CrimeDex Service FREE" notice in the second thread of the "Private - FI Personnel Only" forum.
Throughout the month, we share news-related incidents on Facebook that can be informative examples for training employees on security issues and more. With the winter doldrums gone, May security news seems to be picking up as we approach summer with increased activity in the security world. If you missed them, catch up on the May posts, and follow our BOL Facebook page for June's hot topics:
- We started the month out on May 3 with a new twist on an old scam to obtain your customer's debit card information.
- On May 4, we posted a warning for everyone (bankers and customers) about a phishing scam that is designed to give the hacker open access to the targeted victim's Gmail account. Consider how much valuable information is contained in all that email.
- Our May 5 post raises the question as to what procedures you would follow if a person drives their vehicle into your bank – through the doors, a wall, or any combination?
- Your bank probably has a "no hat, no hoodie, no sunglasses" policy. It's tough enough enforcing that, even more so with costumes worn during Halloween and Santas coming in at Christmas. The first of several posts on May 8 brings up how to deal with a parade that may bring in costumed characters.
- In grocery store branches, bank staff may face various types of distractions they aren't used to – such as a fight. In another post on May 8, check out the video we shared, and ask if your tellers would have been securing their cash drawers.
- Another May 8 post is about a small business owner requesting lockdown instructions following a bank robbery with the suspect on the loose. This would be similar to a school lockdown when there is a local threat.
- On May 11, we shared a story containing photos of a Houston area woman who recently robbed five banks. Should banks be posting these pictures so staff can BOL (be on the lookout)?
- Many convicted bank robbers get away with light sentences. But the one we posted about on May 15 is going away for the next 9 years.
- A second story posted May 15 gave a POTB (pat on the back) to an observant bank employee and the police who stopped the perp at LAX.
- When planning a bank robbery, leaving the getaway to finding a driver afterward and offering them stolen money is not the best laid plan. The robber featured in our May 19 post found that out, and now his plans for the future are set.
- If you receive an enticing email with an unexpected offer that is just a click away, you should consider that it may be a phishing email. Did you know there are sites that help you safely test that link? Check them out in our May 23 post.
- In our May 24 post, we wrote about how nice it is to have loyal customers...but loyal bank robbers, not so much.
Read about these and other informative topics on our BOL Facebook page. Be sure to "Like" the articles so we can continue to post more articles of interest to you, and share our page with your fellow Security Officers and bankers, and ask them to "Like" us so they too can stay updated on the latest news!
If you are involved in your bank's Customer Due Diligence and Beneficial Ownership rules or your bank is looking for a starter checklist, check out this tool provided by Banker's Toolbox. Read the description and get a free download on the BOL Banker Tools page and look for the
CDD Starter Checklist.
First published on 06/02/2017