Without regard to dating myself, I started in bank security in 1987, after ten years as a police officer. As you can imagine, I have seen many technological and strategic changes through the years, but at the end of the day, the objectives remain the same. Those objectives are the protection of customers, employees, property, and the prevention of economic losses associated with fraud and other related crimes. On the physical security side of this, there have been significant changes over the last 30 years or so, concerning video surveillance, alarms and access control. For instance, in the old days, if we needed video surveillance footage, we would ask the bank office to interoffice the VHS tape and we would hope we could find a grainy black and white image of a suspect. Today, of course, we have access to a local or cloud-based video program for immediate retrieval of crisp, colorful images. Access control and alarms are enterprise wide systems controlled from afar. No old key boxes and bulky key rings. There is ongoing development of biometric access solutions and suspect identification through facial recognition. Instead of “phone call trees,” there are blast messaging emergency communication programs.
In terms of bank fraud, the landscape has changed dramatically since the 1980s. In the old days, it was primarily check fraud. In the 1990s, counterfeit credit and debit card fraud began to take root and the losses were significant. We formed task forces comprised of bank fraud investigators and law enforcement, and coordinated investigations in hope of identifying and prosecuting fraud ringleaders. Banks had multitudes of fraud investigators and their primary mission was trying to recover fraud losses and prosecute suspects.
"Clearly, as the result of massive data breaches through the last few years, all customer personal information can be assumed to be floating out in the badlands"
Today, the financial services industry is “all in” with prevention tactics, not just recovery and prosecution. Gone are the multitudes of fraud investigators. Their replacement is a throng of analysts reviewing thousands of daily fraud alerts generated from complex fraud detection programs. These programs are analyzing sophisticated, mostly behavioral–based algorithms, designed to detect fraud early, thus negating or mitigating a fraud loss. It is a strategic change that is considerably more impactful to the bottom-line than chasing the bad guys. Of course, law enforcement is still tracking fraud by their own sophisticated data and intelligence collection in an effort to identify and prosecute key perpetrators. Now, most of the fraud challenges relate to cyber threats in the form of phishing, email compromise, and ransom ware, which result in various fraud incidents. Clearly, as the result of massive data breaches through the last few years, all customer personal information can be assumed to be floating out in the badlands.
My successors would have grown up, so to speak, in the realm of hi-tech physical security and fraud prevention methods. These sophisticated approaches, rightly, will be the most productive strategies going forward. I wish the next generation’s fraud fighters the best in continuing to utilize and develop more sophisticated and savvy programs and tools to protect their institutions.