A Measured Approach
The Sheer Importance of Securing Banks Requires a Multifaceted, Proactive Approach
- By Bill Wayland
- Feb 01, 2020
The threat landscape continues to evolve for every
business. But banks and financial services companies
face especially urgent demands – from aging
infrastructure, outdated technologies, and the
skyrocketing cost of brick and mortar locations, to
cyber-attacks, fraud and changing federal and state regulations.
Adding to these challenges is a shift in how consumers want to
interact with their bank today and the need for financial institutions
to differentiate their organizations. The obstacles may seem
daunting, if not completely overwhelming, at times.
A logical first step to better understand how these risks may
affect your business is to conduct a thorough risk assessment.
This risk assessment can help pave the way to help ensure your
assets are protected while also helping improve your client’s interaction,
satisfaction and overall customer experience.
Aging Infrastructure and
Looming large on the horizon is the fast-approaching sunsetting
of Microsoft Windows 7. Most, if not all ATMs are built on the
Windows 7 platform and come January 2020, organizations that
have not already upgraded or secured a service contract to upgrade
at a future time, could face potentially serious risks.
After January, Microsoft will no longer support Windows 7,
including issuing future security patches, security updates, nonsecurity
hotfixes, free or paid support options or online technical
content updates supported by Microsoft. For those financial
institutions that will continue to run Windows 7 on their ATMs,
they have the option of purchasing an Extended Security Update
(ESU) that will provide support through January 2021.
The ESU program will include security updates deemed “critical”
or “important” for the ATMs. Without purchasing an ESU
for ATMs or upgrading to Windows 10, organizations that experience
a breach to their networks after that time could be liable
for any losses the consumer may experience.
The upgrade requires a new “PC core” and a software upgrade,
but financial institutions may want to consider taking that
a step further to include third-party monitoring and servicing of
the ATM. With internal IT and security resources stretched thin,
outsourcing the service, maintenance and monitoring of ATMs
to a Managed Service Provider (MSP) may make sense for some
These services can help to ensure that the latest security patches
are installed as they become available. Real-time monitoring for trouble signals can help avoid downed machines and the lost
revenue that could result, and can also potentially send an alert
when an illegal act such as tampering, installing skimming devices
or even jackpotting incidents occur.
of your current security and life safety solutions? Chances
are, if your current solutions have been in place for more than five
years, they are outdated and less effective at protecting against today’s
threat landscape. Do you still have wired or analog cameras
watching your facilities or outdated access control solutions that
still rely on easily duplicated magnetic stripe cards?
These may be areas of concern to prioritize new solutions.
As cyber threats continue to increase, implementing a remotelymonitored,
security-only network may also be an option to add
as an extra layer of separation between your business-critical data
and the security products that may reside on your main network.
While completely swapping out your existing technologies or
adding a new network are probably not economically feasible improvements
to tackle all at once, working with a qualified security
integrator can help you to design a roadmap and budget for future
Bigger No Longer Means Better
Until the financial crisis in 2007, a retail bank’s total share of
deposits was tightly linked to the size of its branch network. Over
the past decade, this relationship between deposit growth and
branch density has weakened. Deposits at the 25 largest US retail
banks have doubled over the past decade, while their combined
branch footprint shrank by 15 percent over the same period.
However, a recent study conducted by Value Partners and
Fiserv, US Bank reported that while 60 percent of traditional
transactions, like deposits, are digital – 80 percent of sales activities
still occur at the branch, making an argument that both channels
are still viable options for today’s consumer.
A contributing factor when deciding the best channel to serve
a customer may lie, in part, on the cost. A 2012 study published in
the Wall Street Journal reported that each in-person interaction
with a bank teller costs the business $4, compared with $0.17 for
digital financial transactions and $0.70 for ATM.
So, it seems the answer may lie somewhere in between brick
and mortar locations and mobile or online activity, or maybe a
combination of both with Interactive Teller Machines (ITMs) or
a “Branch in a Box” approach. While certainly not the solution
for every bank, these are becoming more viable options in lieu of
expensive new branch construction, by still providing access to
additional remote locations and expanding access to tellers.
When considering future growth strategies for your operations,
ITMs may play an important role in your planning. Join
forces with an organization that not only has a dedicated team
with hands-on experience implementing ATM technologies and
newer ITM solutions, but has the capability to bring all your fire,
life safety and security systems together.
Giving and Getting Customer
Standing out in a crowded competitive environment is hard to do
as more banks and financial service organizations merge and the
industry consolidates down. As discussed earlier, catering to the
fickle demands of today’s varied consumer can be tricky, from the
digital millennial to the traditionalist who wants human interaction
at the brick and mortar location.
They all have one thing in common: The expectation that they
deserve and will receive the highest level of customer service. As
part of their customer experience, they expect the ATM they visit
to be up and running, the branch they visit safe and secure and
the mobile app experience to be streamlined and flawless.
To help you meet the increasing demands your customers
place on your organization for an exceptional customer experience
and perhaps give you a little competitive edge, you should
ensure that your technology is fully functional and available to
the public. Here are a few tips when selecting or dealing with a
systems integrator to help you meet your customers’ expectations.
First, select a systems integrator that is experienced in serving
the banking and financial services community and is up-to-date
on the changing rules and regulations that govern the industry.
An organization that has dedicated team members calling on the
market segment is ideal.
1. When engaging the systems integrator, identify and agree
upon service protocols in advance such as response and dispatch
times. Does your provider have a monitoring best practices procedure
2. Develop a team approach to meeting your security and operational
needs with your systems integrator. The team should include
sales, project management, service and operations to work
hand-in-hand to keep everyone abreast of job status.
3. Apply a consultative approach with your provider, where
they keep you informed on the latest technologies on the market
and how they could potentially enhance your security portfolio.
4. Look for a systems integrator that goes beyond selling and
installing hardware in your facility. Your provider should be a
true partner in the ongoing performance of your solutions by offering
preventative maintenance, inspection and testing services.
Some integrators can even monitor and service ATM systems for
situations such as low printer paper.
When moving to ITM solutions, employing a partner that can
address the network and video components of these systems is
critical to customer satisfaction. Working with a trusted professional
partner can help give you a competitive edge in the crowded
financial services market by helping to identify risk at your
facilities and offering insight on the right solutions. They can also
provide those additional services to help ensure that the cash handling
side of your business is running at peak performance.
A reliable integrator can offer professional installation, maintenance,
monitoring and testing to ensure systems
are up to code, all while making sure your
tried-and-true life safety systems can work with
new innovations and advanced technologies.
This article originally appeared in the January / February 2020 issue of Security Today.