For financial institutions of all sizes, six and seven-figure fraud is becoming more common. If they had better physical security, it’s likely many of those instances could have been prevented.
But security shouldn’t be a concern solely for major institutions. A financial institution of any size is vulnerable to fraud and theft. It only takes a singular security breach at one branch location to lead to loss due to theft or fraud – and sometimes those breaches can be replicated at other branches.
Finding the true costs of a branch security breach is complicated, but it will always end up being more than you think. Here’s why a security breach is so costly.
Defining a Security BreacH
First, we need to define what exactly constitutes a security breach. By definition, a security breach is any incident that allows unauthorized users to access data, networks, devices, or other sensitive information. For a branch of a financial institution, a security breach often leads to a monetary loss, but it can also lead to other kinds of theft – such as sensitive data or the personal information of your customers.
We’ve grown accustomed to thinking a security breach, especially at a financial institution, is always a cyber security breach. A hack or ransomware attack is an example of a digital security breach.
However, physical security breaches are also common, and they aren’t always immediately obvious. Physical security breaches include crimes of opportunity, which can lead to the theft of property such as laptops.
But how can physical security breaches occur at a financial institution? It could be as simple as someone “tailgating.” Tailgating is a common tactic in which an unauthorized person “tailgates” closely behind an authorized user, and is able to access a secure area.
Or perhaps an employee leaves unsecured property around. An employee badge or ID when stolen allows for physical access to another part of the building.
A physical security breach can also lead to a digital security breach. A well-meaning employee can fall victim to a USB drop attack. There are a few different variations of USB drop attacks. In the most common attack, a criminal intentionally leaves a USB device (commonly a thumb drive) to be found. When an employee plugs in the device, it can unleash malicious code onto the computer or network.
The Costs of a Security Breach
The costs of a security breach aren’t always immediately obvious, and it can be hard to pinpoint an exact cost for a breach. However, the costs associated with a security breach can be divided into a few different categories:
- The financial cost
- The consumer trust cost
- The true cost
Let’s break each of these costs down further.
- The financial cost is what most people think of when it comes to a security breach. It’s the most obvious one, and for good reason. The financial cost of a security breach can be massive.
First, there’s the cost of fraudulent withdrawals. Fraudulent cash withdrawals from an ATM may go undetected for days, weeks, or even months at a time, leading to a snowball effect as the cost of the fraud adds up.
Overall, the finance industry has the second highest average cost per breach, behind only healthcare. That’s an average cost of $5.97 million per breach.
Even a “minor” breach of a single ATM can result in the loss of thousands of dollars. Depending on its location, the average ATM may hold anywhere from $20,000-$100,000.
- Consumer trust can be another victim of a security breach. While their money may be insured, no one wants to find out that fraudulent activity occurred on their account. Even if their funds are returned to them, there’s still the issue of the stress involved in knowing your money went missing.
Customers are more likely to blame their financial institution for a security breach than they are the hacker or perpetrator. When it comes to their trust in banking needs, consumers are now ranking PayPal higher than their current bank or credit union.
Once the trust of your customers is lost, it can be impossible to get back. Customer loyalty is an ongoing, positive relationship based on a series of multiple interactions. A single poor experience won’t dissuade most customers, but multiple poor experiences or a single poor experience handled poorly, can end the relationship.
It can also add to the financial cost of a security breach, as more class action lawsuits get filed from customers stating negligence in using outdated and vulnerable software. These types of vulnerabilities can result in the high cost of sensitive data leaks of personally identifiable information, such as customer names, addresses, social security numbers, and account numbers.
- True cost is the overall cost of not being proactive. The question you should be asking yourself isn’t, “What is the cost of a security breach?” but “Can I afford to not be proactive?”
For a bad actor, the cost required to undergo a security breach is minimal. They only need to invest in their first target. If successful, it’s likely they can replicate their attacks across a network of devices or physical locations. A simple Google search for “ATM near me” is likely to result in dozens of potential targets.
Keep in the mind the definition of a bad actor is broad. A bad actor is any person or organization who seeks to exploit your institution’s vulnerabilities in exchange for financial gain or notoriety. A bad actor could be a sole person or a broad criminal network. A bad actor could even be one of your own employees.
For a financial institution, the upfront cost to invest in physical security is much higher. An investment of that size means investing in safes, lockers, vaults, under-counter systems, safe deposit boxes, and more.
This is multiplied by the number of devices and locations you have. However, the upfront cost is a necessary investment for good security. Otherwise, you risk incurring the cost of a financial loss, plus the cost of losing your customers’ trust.
Preventing Security Breaches
Now that we’ve identified what the costs of a security breach are, the question is, “How can we prevent them?”
One way is with ITM or interactive teller machines. ITMs act as an all-in-one, branch-in-a-box solution. ITMs are a natural evolution of the ATM, providing additional functionality. Along with basic cash transactions, they can support the customer via video conferencing from anywhere in the world. A teller can virtually help a customer with their needs, including reporting a lost or stolen card.
Another way of securing your branches is with TCRs or teller cash recyclers. TCR machines can handle teller cash, quickly counting, sorting, and verifying the total amount, as well as catching counterfeit bills. This eliminates loss, either from miscounts or internal theft. Another way of securing your branches is with TCRs or teller cash recyclers. TCR machines can handle teller cash, quickly counting, sorting, and verifying the total amount, as well as catching counterfeit bills. This eliminates loss, either from miscounts or internal theft.
An access control system can also deter nefarious actors. An access point can be made secure by utilizing physical security and electronic security solutions and having them work in tandem. Physical security is concerned with active and passive measures to control access. An electronic security gate system can serve as a secure access point, alongside turnstiles or door locks.
Surveillance is another aspect of physical security. This could include the use of closed-circuit television (CCTV) cameras, which can prevent and capture malicious behavior.
However, all of these systems are still subject to failure. That’s where taking a proactive approach with regular testing comes into play. Financial institutions need an IRP (incident response plan). An IRP is a detailed blueprint for what to do when a threat or potential threat is identified. In addition to having an IRP, you need an IR team to respond to threats.
Financial institutions of all sizes are prime targets for criminals. However, by being proactive and investing in the proper security equipment, the damage caused by a security breach can be minimized or even mitigated altogether.
The Wittenbach Difference
For over four decades, Wittenbach has delivered physical and electronic security solutions to credit unions, banks, and other financial institutions. With Wittenbach, it’s about more than security – it’s about convenience and reliability.
When financial institutions need physical security, electronic security, or next-generation cash handling and ATM/ITM machines, they choose Wittenbach. Providing world-class security and cash handling is the Wittenbach difference.
For more advice on security solutions for your financial institution, contact us.