BankersOnline Security Spotlight

Members of a branch staff once asked me, "If we trust our fellow employees, do we really need to follow procedures to the letter?"To answer this question, I quoted President Ronald Reagan:"Trust, but verify!"Internal controls and procedures were developed over the last one hundred years to protect not only the institution, but also the individual.The greatest losses for banks occur in the area of internal fraud, but if you follow your procedures and internal controls properly, you can?t be blamed if something goes wrong.
Featured Security Webinars
Unraveling the Mystery of Developing An Enterprise-Wide Information Security Risk Assessment - May 13 —
Risk assessments are a key focus of examinations today and are mandated by regulation. They are essential to an effective and appropriate risk management program and provide the basis for your security program, audit program, business continuity plan, not to mention your vendor management program, identity theft red flag program, BSA, and ACH. Once thought to be an IT risk assessment, today, the focus is on the institution as a whole. Focusing on just IT systems and electronic data is not sufficient. You also need to ensure you have assigned risk ratings to each asset/item in the risk assessment; in fact you actually should be assigning an inherent risk rating and a residual risk rating. Examiners are also expecting to see a validation of the effectiveness of the controls you have listed for mitigating the risk. Needless to say, many organizations are still a little unclear what is meant by an enterprise-wide risk assessment. This seminar will provide an overview of the key elements of a risk assessment and provide a framework that can be adapted to the other numerous risk assessments now required.

Stealing from Within: Embezzlement & Data Theft - May 19 —

Risk assessments are a key focus of examinations today and are mandated by regulation. They are essential to an effective and appropriate risk management program and provide the basis for your security program, audit program, business continuity plan, not to mention your vendor management program, identity theft red flag program, BSA, and ACH. Once thought to be an IT risk assessment, today, the focus is on the institution as a whole. Focusing on just IT systems and electronic data is not sufficient. You also need to ensure you have assigned risk ratings to each asset/item in the risk assessment; in fact you actually should be assigning an inherent risk rating and a residual risk rating. Examiners are also expecting to see a validation of the effectiveness of the controls you have listed for mitigating the risk. Needless to say, many organizations are still a little unclear what is meant by an enterprise-wide risk assessment. This seminar will provide an overview of the key elements of a risk assessment and provide a framework that can be adapted to the other numerous risk assessments now required.
Security Products
in the Banker Store



Effective Robbery Response &
Opening Procedures




Robbery Prevention ? "NO HAT" Signs
(Now Available in STATIC CLING)



BSA: SARs & Beyond


Welcome to the May Issue of Security Spotlight
How alert are the people in your institution? This issue of Security Spotlight focuses on what to do to prevent robberies, what to do in case of a robbery, what to do if another kind of disaster occurs near your institution. Read how to use our Alerts & Counterfeits Database, and a sad announcement about one of our own. Security Shorts will have you going in circles: don't miss them!

Robbery and Your Institution
Your Bank is Robbed; Call 911!
In Daly City, CA, a police sergeant noticed a black Chevy Tahoe making an illegal turn in front of him. Something about the occupants of the truck made him suspicious as he began his pursuit.It turned out that the subjects of the vehicle had just robbed a branch of US Bank.While in pursuit of the vehicle, the information the bank had just been robbed started to be received by law enforcement. It turned out to be a very unlucky day for these would-be bank robbers.

This story also points out the need for banks to train the victim-teller to make an immediate call to 911.Many tellers believe that when they activate the burglary alarm the police are immediately notified. Depending on how your alarm system has been implemented, this alarm could take up to five minutes before law enforcement is notified. Several police officers have been killed when stopping vehicles after a bank robbery, not knowing a bank had been robbed and the car has a fleeing felon in it.The victim-teller can supply law enforcement with immediate descriptions that could help them apprehend the robber in the first five minutes after the robbery.

The Old Dog and the Starlet - Robbers?
Elderly but agile...this elderly bank robber, dubbed the "Geezer Bandit", may be getting on in years but he's getting around easily enough - and eluding law enforcement. Having knocked over his seventh bank since August, he's not ready to retire quite yet! Appearing to be in his 70s, wearing prescription sunglasses, the mature, gray-haired gentleman (previously featured in the November, 2009 Security Spotlight) is still up to his old tricks robbing banks in San Diego County, CA. The FBI, San Diego, is offering rewards totaling $16,000 for information leading to the capture and arrest of this elusive elder.

One way to fame...Many young women travel to California to become movie stars. The "Starlet Bandit's" claim to fame is a series of bank robberies in Los Angeles County. Believed to be responsible for ten bank heists in the L.A. area since March, 2008 - eight of which occurred last month - the Starlet Bandit approaches the teller wearing "movie star" sunglasses, carrying a shoulder bag and talking on her glittery, jeweled cell phone. She then passes a note with the demand for money to be placed in the bag, instructing the tellers not to walk away from the counters or she will harm customers. She is 5?5? to 5?7? tall, and in her early to late 20's, the brazen young bank robber has hit three different banks two times each. Despite the glamorous nickname she's been given, the suspect does not dress up for her heists and has been referred to by the FBI as "frumpy".

Car bomb in Times Square
The May 1, 2010 car bomb in New York City hurt no one!If this had happened during normal business hours in the vicinity of your institution, how long would it take to close down your bank to evacuate the area?Banks everywhere should review their procedures on locking away currency and negotiable instruments to enable them to vacate a branch or main office in less than five minutes.While many institutions claim they can do this, in many cases, this has been found not to be the case.Evacuation drills of offices located in cities, next to national monuments or targets that would interest terrorist groups should be considered.Oklahoma City or Times Square, no matter where your location, now would be a good time to review procedures to enable you to shut down your offices ASAP.

With sadness, and yet with wonderful remembrances of all the good times, we write of the sudden and unexpected death of Kathy Emery, our friend, co-worker, author of the Robbery page on BankersOnline.com, and of the robbery section which usually opens this Security Spotlight. We will greatly miss Kathy's friendship, humor, and willingness to always help wherever she could.
Be sure to check our Rogue?s Gallery of Unknown Suspects page for photos and information on all the latest robbery suspects. Protect your institution by posting signage prohibiting hats, hoods and sunglasses. The effectiveness of this simple sign on your door is unsurpassed. Available now in two different designs in static cling format in the Banker Store.



A Little from All Over ...

A Case of Preference -The "Double Dip Bandit" robbed a TCF branch in Chicago. He likes TCF so much he robbed one branch once, another twice, and a third, three times, for a total ofsix robberies of the TCF bank. There have been at least 56 bank robberies reported in the Chicago area so far in 2010, according to the FBI.

Again...and Again? -Back in Sacremento, CA, a serial bank robber nicknamed the "Fake-Bearded Fedora Bandit", has robbed six banks in four months.You can see why the FBI nicknamed him as they did.The FBI's press release states, "In all of the robberies, the suspect approached the teller counter and made verbal demands for money. In at least one of the robberies, he made an attempt to disguise his voice by speaking with clenched teeth. As he approached the teller counter during the March 31 robbery, he told the teller, 'Here we go again.'" There is a $4,000 reward for him.

Yes Ma'am...or Sir... -In the Seattle area, two robberies were made by what police suspect is a man dressed as a woman, as seen here.The "woman" approached a teller and said that she had children and there were men who would hurt her. In that case, the teller believed the robber was a woman and didn't hand over any cash. In the other robbery a note was used and neither time was a weapon shown.

Serial Bank Robber in Oklahoma City -In the Oklahoma City area, police are looking for a serial bank robber suspected of seven robberies of two different banks. Bank of the West was robbed five times, with three times at the same branch. The same Bank of Oklahoma branch was robbed twice.In two of the last robberies, the semiautomatic handgun he carries was used to pistol-whip bank employees who were not cooperating with his demands.The FBI, Oklahoma Bankers Association, and Bank of the West have offered a $10,000 reward for information on this man.

Polite, but Dumb... -The last bank robber isn't so hard to identify.He would be from this photo where he robbed a TD Bank in Washington, DC. (We link to this photo as a perspective so it may be compared to other photos you've seen from cameras mounted lower. This appears to be high resolution and in color, but of little use without an enhancement to the image.) This robber approached the teller at 7:45 PM on April 29. He gave her a note telling her this was a hold up and that he wanted no fake money. The note even said "Thank you" at the end!The cash he got from her included a dye pack. When the dye pack was triggered, he was startled, and as he tried to throw away some of the money, he also threw down his wallet. The police are actively seeking Ahmed Hassan.Alerts & Counterfeits
We remind you each month to look for the fraudulent cashier's checks, money orders and other items your regulator notifies you about as they occur. Today, we want to remind you that there is a searchable database as well, courtesy of BankersOnline. Here are some advantages to using this. To start with, if you want to see the Alerts & Counterfeits reported in the month of April, look for the dates after March 31 and before May 1. These dates are exclusive, not inclusive.



The default view is that you will see ten items per page. In this case, there were eight reports last month so it doesn't have to extend to a second page. Above the date fields is a keyword box where you could enter part of an institution's name. If you enter "Pinnacle", you can see one entry from May, 2010, and four others. Two of those four were from the same bank during the same month in 2006. You can also search by state and by the type of item you want to find. Here is a screenshot of a partial list of the items.

Tips for Searching: