bank security adding value through operational risk management
TRANSCRIPT
Bank security
Adding value through operational riskmanagement
Answers for infrastructure.
2
A new dimension to banking securityFaced with today’s market uncertainty, banks and financial institutions arerethinking the way they do business, with a clear focus on two vital areas:the customer trust – directly linked to their ability to ensure business conti-nuity and secure assets, people and sensitive data; and operational effi-ciency – targeting improved competitiveness by redirecting payments tolower-cost channels, changing the role of branches to focus on the customerexperience and service cross-selling, as well as by streamlining processesand systems.
Combined with stringent operational risk and compliance regulations, thishas led to security issues being increasingly viewed and managed as a single,end-to-end concern within a bank’s risk management strategy, looking beyond the physical environment to incorporate IT systems, channel man-agement and identity and access management.
At Siemens, we understand that the level of sophistication and functionalityrequired from security systems is driven by the specific business role ofbank premises, from ATM zones, to local branches or data centres. The scal-able products and systems we offer can help customers and staff feel safewithout interrupting daily business, interoperating seamlessly to support amore “self-service” and customer-friendly banking environment – for maxi-mum operational efficiency and return on investment.
3
Keeping the vital customer trustTo compete successfully in today’s toughmarket place, financial institutions needto keep the trust of their customers – a trust which relies not only on theircapacity to deliver good value services,but also on their ability to protect people,assets, premises and the highly sensitivedata they hold. Despite the increase inelectronic fraud, a worrying trend iden -tified by a recent EBF1 report is thegrowing use of violence in physical raids.With any security breach potentiallyhaving devastating effects on a bank’sreputation, security is understandablya growing priority and banks need tohave – and be seen to have – adequatesecurity measures.
Protecting the “new bank”In addition, banks have diversified therange of services they offer and their de-livery channels to improve both customerretention and acquisition: the simplerservices are now available through lower-cost, “self-service” channels such as ATMsand online banking, whilst branches arerefocused on more complex service sales,with open, customer-friendly spaces.Whilst this shift improves service levelsand drives operational costs down, withthis new bank business model comenew threats, and the need therefore for amore holistic approach to security, wheresales channels are no longer seen in iso-lation: security systems should not onlyencompass a bank’s security as a whole –protecting everything from a single ATMto branches, data centres and entirenetworks – but also enable the exchangeand cross referencing of security andtransaction data across all bank channels.
Highlights
Develop cross-channel security intelligence to more effectively protectpeople, data, assets and premises
Reduce losses to fraud, theft and vandalism
Improve operational efficiency andbusiness continuity with measurableROI
Increase compliance with operationalrisk management regulations
Protect brand equity and customertrust
Ensuring business continuity Losses resulting from security breachesare not just monetary: collateral damagescan also include compromised data, lostproductivity and reduced turnover – ulti-mately damaging a bank’s credibility.Regula tory requirements such as Basel II2
and Sarbanes-Oxley (SOX) also empha-sise the need for banks to proactivelyprotect business continuity and guardagainst operational risks3: interoperablesecurity systems can help address theserequirements, either by preventing at-tacks and business disruptions, or byspeeding up incident recovery throughe.g. the provision of tools to investigate – and prosecute – more effectively.
Security with measurable return oninvestments (ROI)
Siemens draws from over 30 years of secu rity know-how to deliver interope r -able systems which support a trulyholistic approach to banking security:access control, intrusion detection andvideo surveillance systems work togetherto deliver the required functionality forgiven sales channels, enabling securityresources to be deployed more cost-effectively. Capable of integrating intoexisting IT networks, they can help re-duce the initial level of investments, yetstill make room for system upgrades orexpansions. Powerful reporting tools,combined with the bank’s transactionaldata, provide an enterprise view of po-tential security threats, improving bothprevention and response capability: losses due to theft of cash, assets andsen sitive data are reduced – as are threatsto business continuity – thereby providingmeasurable return on investment.
Banking on security with a holistic approach to risk management
Compliance with international standards
International standards – such as VDSand EN – are vital in ensuring that elec-tronic security systems are installed professionally and remain reliable.Siemens embraces this compliance inevery way, with also for example, videosurveillance systems that are Kalagateand BGV (UVV-Kassen) compliant. Theseensure, amongst others, that evidenceis admissible in court and that suspi-cious events can be saved separatelyand securely exported to various media.
1 European Banking Federation2 Within the Basel II accords, operational
risk is now treated as a clear focus area,alongside credit and market risks.
3 “The risk of loss resulting from inadequateor failed internal processes, people andsystems, or from external events.”(Basel II definition)
4
Protecting the “self-service” bankBank owned or sponsored stand-alone ATMs, 24-hour zones, ATM operator networks.
The “self-service” security challengeBanks and financial institutions have a le-gal duty to prevent cardholders’ financialand personal information from beingcompromised or misused2. They need toensure that ATMs are safe to use and protected for malicious purposes (cardskimming, credit/debit card fraud). Elec-tronic security systems can help banksaddress these challenges, adding a usefullayer of protection for the users, as wellas at every step of the ATM managementprocess – from replenishment and main-tenance to continuously monitored oper-ation. Adequately tailored systems caneven help banks optimise ATM cash flowsand the level of capital they have tied totheir vaults by reducing the security risksassociated with keeping higher amountsof cash in ATMs.
Reducing fraud-related costsA high proportion of ATM-related fraud isestimated to be committed by organisedcrime and internal staff, and the cost ofthose incidents is getting higher for theindustry. Beyond the cash losses is theeffect heightened ATM security concernshave on insurance premiums, which im-pact directly on cash management costs.Implementing tighter security measureswill reduce losses, and as a result insur-ance claims – and premiums.
Protect stand-alone ATMsAs an increasing number of ATMs are being installed away from branches,speed of intervention is critical, makingconstant monitoring a key success factorin protecting them from vandalism, theftand electronic or mechanical tampering.This supports cost-effective and speedy
event responses whilst also providingreassurance to lone users.
Security systems from Siemens enablethe simultaneous monitoring of manyATMs in real time from a single, centrallocation. This gives ATM operators andbanks more pro-activity – for exampletaking an ATM offline immediately if sus-picious activity is detected. Seismic de-tectors, when fitted to ATMs, will provideimmediate and reliable detection of at-tacks on the enclosure without any falsealarm being generated by passing trafficor by the vibrations generated by theATM operation. With faster, more reliablealarms, speed of intervention is improvedwhilst the risk of damage to ATMs is re-duced. An additional layer of security canbe added through video surveillance sys-tems – acting both as a visual deterrentand providing useful evidential material –for example with day/night cameras fromSiemens linked to a SISTORE MX digitalrecording system: live or recorded im-ages can be tagged to alarms or ATMevents, thereby documenting completetransactions – a useful evidential featurein case of disputes regarding cash with-drawals.
24h services at branchesThe 24-hour availability of ATMs and deposit boxes inside branches calls for aminimum level of protection of both theusers and the machines against theft and
In a bid to improve customer convenience and shift paymenttransactions to lower-cost channels, banks have become increasingly “self-service” organisations, rolling out ATMsaccessible 24/7 at branches or in “remote” areas (e.g. in theHigh Street, at petrol stations, supermarkets, transport terminals etc.). Indeed, not only have ATMs provided bankswith a more cost-effective service delivery channel, but theyare also a key channel through which banks can conductpowerful one-to-one marketing – this is reflected in the ATMnumbers, estimated to go over the 2 million mark worldwideby 20111, and with nearly half of them deployed in off-sitelocations.
The “self-service” bank brings its own security challenges,with a dramatically increased pool of potential – and easier– targets for card frauds, robberies, muggings, forced with-drawals or even ram raids …
Access control Intrusion detection
Glass break detector Seism
Vandal resistant dome
Entry/exit reader
Access controller Control keypad Digi
Cen
tral
co
ntr
olle
rsIn
tero
per
abili
ty in
act
ion
– 2
4-h
ou
r AT
M z
on
eFi
eld
dev
ices
06h00 – The cash-in-transit (CIT) team arrives at the 24-hour ATM zone located on a busy high street, to proceedwith cash replenishment ahead of the weekend. TheATM zone has its own local electronic security system,linked to an outsourced Alarm Receiving Centre (ARC).The CIT team enter using their personal card swiped atthe reader at the entrance. Once inside, they block thedoor to prevent anyone from entering. All ATMs in thearea (a mix of wall recess-mounted and free standingmachines) are equipped with Intrunet seismic detectors.The motion detectors are automatically deactivated, atthe same time triggering automatic recording via the SISTORE AX digital recorder. Live video images are sentto the ARC to ensure any suspicious event during replen-ishment is acted upon immediately.
12h30 – The bank’s system which monitors all transac-tions made through the ATM network has flagged up anunusually high number of aborted transactions in the24-hour zone. The ATM network manager contacts theARC to access video footage from this location. The images recorded via the SISTORE AX, which interfaces tothe ATM machines, enabling a quick access to events andsearch of the video footage relating to those abortedtransactions. The team identifies the same individual using the ATM over the course of 2 hours.
Motion detectorsUsed to monitor movement inside theATM zone, and to detect any unautho r -ised entry. With multi-criteria signalanalysis for high immunity to falsealarms, and advanced mirror technolo-gies for superior detection. Easy snap-iinstallation concept for ease of installation and maintenance.
Seismic detectorsPositioned inside free standing ATM ma-chines, directly in the wall structure neathe machines or inside bollards posi-tioned outside stand-alone ATMs. Alarmare triggered as soon as an attack is de-tected, whilst environmental vibrations passing traffic, ATM operational vibra-tions – are reliably ignored.
Swipe card readersConnected to a SiPass Entro system tocontrol access to 24-hour zones. Thesystem can be programmed to recog-nise card data, allowing or refusing entry to the ATM zone.
Cash-in-transit services can be given apersonal access card, with specificrights, which can be set to not unsetthe alarm system automatically. In-stead, they would have to deactive thealarm using the alarm keypad, givingthem the opportunity to enter a duresscode and signal the alarm if forced toenter the ATM zone under duress.
SiPass Entro
The ATM zone functionality in SiPass Entro includes pro-gramming of card details and branch serial codes into theEntro software to enable door opening in 24h zones, aswell as alarm control, Alarm Status Feedback (ASF) andSISTORE DVR integration. All event logs are encrypted fordata security and can be securely exported for reportingpurposes. The system also offers access groups, timeschedules and zone definable functionality (anti-pass-back and interlock) and a centrally held database.
Intrunet SI120 or SI220
The Intrunet SI220 system can act as a lor encompass multiple ATM zones. Alaously trigger video recording and be trawith live video – to a monitoring centrevideo alarm verification prior to interveoffers flexible, reliable alarm transmissISDN with IP and GSM back-up) and canset/unset from the SiPass Entro access scheduler facility.
5
Video surveillance
mic detector Wide dynamic camera
Control software:
Interoperability – System Control Softwaretal recorder
Dual technology detector
IntrusionDetection
VideoSurveillance
AccessControl
CamerasHigh-resolution models ensure detailedinformation is captured.– Wide dynamic models for bright
areas such as facing entrances toATM zones, for clear images bothinside and looking at the outside.
– Day/night models in conjunctionwith infrared illumination for clearimages 24 hours a day.
Vandal resistant domesPositioned at the entrance of 24-hourzones or above stand-alone ATMs, theywill provide the crisp images required toinvestigate suspicious events. IP66 theycan withstand a blow up to 1000 kg.
TFT displaysWith various sizes of screen and perfor-mance of display – suitable for in a con-trol room or as public display monitors.
-
-n-
-ar
s
–
ocal alarm system,rms can simultane-ansmitted – alonge for audio andention. The systemsion (e.g. PSTN,n automatically becontrol system’s
SISTORE AX
The SISTORE AX digital recording system offers direct con-nection to ATMs and up to 16 cameras. It can be controlledlocally or over the network via the Remote AdministrationSoftware (RAS). The call-back functionality enables ARCs toreceive alarm messages on event (alarms from IntrunetSI220 or access control events from SiPass Entro). For moreadvanced functionality, use SISTORE MX (BGV (UVV-Kassen)/Kalagate certified; programmable to read carddetails and tag video footage with transaction time/date).
The ATM is immediately taken off-line whilst investiga-tion continues but remains under alarm and video sur-veillance – the police are also informed so personnel canbe dispatched to the location if required.
15h00 – After review of the video footage, the policehave confirmed that the individual caught on camera is aknown repeat offender. A police patrol is dispatched onsite to attempt arrest.
22h10 – The ARC receives an alarm originating from anATM located at an unmanned petrol station. The ATM wassponsored by the same bank and is fitted with seismic detectors, which have now triggered an alarm. The areasurrounding the ATM is also under video surveillance:day/night cameras are connected to the petrol station’sSISTORE AX digital recording system, which is programmedto record every time ATM transactions take place, or if analarm is triggered. The ARC operator simultaneously accesses live video images and pre-alarm recorded imagesvia the SISTORE AX network viewing software to check thecurrent situation on the site: There is damage to the wallon which the ATM is installed but by reviewing the pre-alarm recordings, he is able to establish that a car has reversed into the wall by accident and driven off. The ARCcontacts the bank’s ATM network manager so the ATMservice provider can be called on site.
SiPassEntro Software
6
Glass break detectorThe acoustic glass break detector is idealfor 24h zones with large glazed areas asthey can be positioned up to 8.5 m awayfrom the glass surface to be monitored,offering flexible positioning options.
Door and window contactsCan be used to signify the opening ofthe door, simultaneously de-activatingthe PIR detectors inside the ATM zone,and triggering real-time recording froma SISTORE AX.
7
tampering – with video surveillance, analarm system and a means of restrictingaccess to legitimate customers. A SiPassEntro Lite access controller, linked to anaccess reader on the door, can be used toread the bank card details and authorise –or not – entry to the 24h zone. Motiondetectors, linked to an Intrunet SI220 intrusion system, are then deactivatedonce the entry is authorised, at the sametime triggering automatic recording via a SISTORE AX (unless continuous recordingis preferred). Through the use of IP-basedvideo surveillance, the images can betransmitted back to a central control facil-ity from where any suspicious activitiescan be monitored and investigated, eitherfor an appropriate real-time response orfor a follow-up in the event of an incident.
Extend security to sponsored ATMsAs financial institutions increasinglysponsor ATMs that are placed by indepen-dent commercial entities such as retailersor public transport organisations, ensuringadequate ATM security becomes a morecomplex challenge. However, banks cantake best practices and due diligence astep further, by taking a more active rolein ensuring that these ATMs benefit fromthe same level of protection as their own.A basic – yet efficient – system can startwith seismic detectors, combined with alocal SISTORE AX recording system, set torecord continuously.
Ensuring safe ATMs replenishmentThe increasing reliance on ATMs as ameans of reducing operational costs hastranslated into the addition of more ser-vices obtainable through the machines,from cash remittance and deposits to
Highlights
Optimise ATM operational costs thanksto reduced losses to frauds/attacks,better cash levels management andreduced insurance premiums
Protect ATM users at all times withvideo surveillance
Reduce the risk of ATM fraud with seismic detectors against mechanicaltampering
Identify suspicious patterns acrossATM networks with networked videosurveillance and seismic detection
Optimise the chance of successful investigation and prosecution throughevent-driven video recording withcomplete transaction audit trail
mobile phone top-ups. Replenishmentcan therefore now take longer, movingfrom just cash-related operations tochecking the ever more complex machinefunctions – potentially giving more timeand opportunity for robbery. Video sur-veillance systems from Siemens can beset to record on events, for examplewhen the enclosure is open for replenish-ment or maintenance, with live imagesstreamed over an IP network to a moni-toring centre, giving added protection tothe replenishment process – and impor-tantly, the staff undertaking this process.
Reducing operational costs at ATMsCash management is an essential part ofmanaging the profitability of ATMs, and adifficult balancing act between optimalcash levels in ATMs and replenishmentfrequency – and costs. However, as cashis better protected within ATMs, a moreoptimal amount of cash can be kept inthe ATM itself, therefore reducing the riskof downtime and the number of (costly)replenishments. This can also have aposi tive impact on insurance costs, asbetter security translates into reducedclaims and premiums. Security systemsfrom Siemens also support remote ser-vices, reducing the need for costly on-site visits for upgrades or maintenancepurposes.
Tackling ATM ram-raidsRam-raids – where an ATM is forcibly removed from its location to be brokeninto off-site – are showing an upwardtrend, and are increasingly conducted bywell-organised crime gangs. While basicprecautions can be taken to prevent ram-raids – by using concrete bollards, bolting
the machines to the floor and keepingATMs away from doors and windows – analarm system incorporating seismic de-tectors will enable fast response and dis-patch of intervention services. Coupledwith video surveillance for evidence andinvestigation purposes, electronic securitywill increase the chance of catching thecriminals and recovering the cash.
1 Source: ATM Industry Association (ATMIA)2 Cf. Gramm-Leach-Bliley Act
ATM replenishments can be made safer through remote monitoring.
8
For a more secure “retail” bankPost-offices, local branches, currency exchanges.
For a safer “proximity” branchAchieving the right balance between thesecurity of customers and staff on the onehand, and convenience and competitivenesson the other, is the challenge facing finan-cial institutions today. Banks are generallymore at risk of attack during quieter peri-ods – such as opening times – when staffnumbers are low and fewer customers arepresent. Apart from established bank secu-rity procedures, adopting other “commonsense” practices – such as limiting customer access, controlling staff access and lockinginterview rooms when not in use – is fun-damental to a more secure banking envi-ronment. Through training, staff should beencouraged to remain alert at all times andto be on the lookout for suspicious or un-usual behaviour. With these types of basicpractices in place, electronic systems arethe effective “final layer” of security – bothduring and outside business hours.
Improve risk containmentin the branch
Bank branches should be separated intozones with clearly defined risks and controllevels (see graphic overleaf): Public (areasthat all employees and customers can ac-cess), controlled (areas that can and mustbe locked when unattended) and very controlled (where access is restricted toauthorised users). This can be achievedthrough a combination of physical barriers(such as air locks) and electronic security:an interoperating system of video surveil-lance, access control and intrusion detec-tion in areas of high risk allows bank man-agers or security staff to view any areawhenever an alarm is triggered or a dooropened, therefore enabling them to checkthe visitor’s authority and progressthroughout the branch. This can be com-plemented by automatic video recordingfor evidential or investigation purposes.
Protect staff at all timesThe increasing use of open-plan office de-sign to build relationships with customersalso puts staff at greater risk. But the risksare not limited to robbery. Personal finan ceis potentially an emotive subject which cansometimes escalate to violence again ststaff. Video cameras from Siemens withwide dynamic technology will ensure crispimages even when facing a brightly-lit entrance, acting as a deterrent in themore public areas whilst providing usefulevidential support should a prosecutionfollow any attack. Silent alarms at individ -ual counters and in interview rooms,linked to a central monitoring centre orsecurity room, will also provide valuablereassurance to staff and ensure immedi-ate response to incidents.
Secure executive homesThe increase in the number of bank rob-beries where staff and their families areheld hostage to gain access to the safeshows that implementing a security pro-gram which would encompass executivehomes as part of the bank’s own securitysystem could also make the difference between early and appropriate interven-tion or successful robbery. An intrusion detection system incorporating silentalarms and triggering live video streamingto a monitoring station will ensure that nosuch situation goes unnoticed until it is toolate, and will provide valuable support topolice forces during the intervention phase.
As a bank’s most central channel, the role of the local branch ischanging to maximise customer interaction and increase thereturn on investment. This now tends to involve putting morestaff in advisory and selling roles to push cross-selling, rede -signing and standardising the physical space across branches(with the risk of making it much simpler for organised criminalsto plan and target multiple branches of the same bank), andopening up the working environment. As a result, members ofstaff are less protected by physical barriers against attacks byabusive customers – or robbers.
Electronic security can help compensate for the reduction inphysical barriers in the public areas by making it harder to gainaccess to sensitive assets or data and making it easier and lessrisky for staff to raise the alarm.
Access control Intrusion detection
9
Glass break detector Access controller IP
Ultrasonic detector
Prox and PIN reader
Wide dynamic camera Silent alarm button Intru
Cen
tral
co
ntr
olle
rsIn
tero
per
abili
ty in
act
ion
– t
ow
n c
entr
e b
ran
chFi
eld
dev
ices
07h30, Monday morning – The cash-in-transit van arrives with the internal mail and the amount of foreigncurrency pre-ordered for the day. Respecting the red/green“traffic light” system which indicates the integrity of thesecurity systems, the security guards open the front door,drop sacks delivered and resecure the front door. Their arrival is recorded through external cameras linked to a SISTORE MX digital recording system; their opening of thefront door de-activates the Intrunet SI220 alarm system inthe area, simultaneously triggering real-time video record-ing via internal cameras until the front door is resecured.“Traffic light” system again shows “green” to indicate all iswell within branch, and the security system is fully reinstated.
08h00 – The bank manager arrives alone and – seeinggreen security light – opens front door by badging hisaccess card and entering his own PIN code using a SiPassProx & PIN access reader. This deactivates the intruderalarm and the “traffic light” system. An audible alarmsounds, indicating that the alarm system in the safe andstrong room is still armed.
08h30 – While staff prepare for the day’s business, twodesignated key holders access the safe area using their personal proximity card and PIN number, at the same timedeactivating the motion detection system in the area. Thesafe’s integrity is continuously monitored via seismic detec-tors, which can detect electronic/mechanical tampering.
Motion detectorsUsed to monitor the various zones insida branch, from the ATM zone to cus-tomer and staff areas or offices, safes,etc. With multi-criteria signal analysis fohigh immunity to false alarms, andclever mirror technologies for superiordetection.
Seismic detectorsPositioned inside ATMs, or directly inthe wall structure near the machines orvaults. Alarms are triggered as soon asan attack on the machine or wall is de-tected, whilst environmental vibrations– opening of the vault’s door, ATM operational vibrations – are reliably ignored.
Proximity and PIN readerRobust design and metal casing designand metal casing for vandal resistance.Ideal for use at staff entrances.
Models for indoor use also include aduress functionality.
Smart card technologyEnables physical access rights to becombined with logical access via digitalauthentication and single sign on to HRdatabases and directories, sales report-ing, procurement systems, process doc-umentation of loans/mortgages, etc.
SiPass integrated
This scalable system provides seamless role-based accesscontrol between the defined branch risk zones, e.g.: doorinterlocking enables the creation of man traps or airlocksbetween the public and mixed areas; with escort control,2 valid cards must be presented at the door before it canbe unlocked; Records of entries/exits enable visitors to beaccounted for at all times; elevator control restricts access to staff-only floors. The system also offers power-ful reporting tools.
Intrunet SI220
With versatile alarm transmission modefor local intrusion detection with remo offers: activation/deactivation on badgcards (SiPass integrated) with simultaning (SISTORE MX); independent alarm afor each branch security zone based onbusiness requirements; alarm triggeredtransmission to the ARC for alarm veriftaneous access rights changes to other
Video surveillance
10
P camera Prox and PIN reader
Vandal resistant dome
usion keypad
Dual technology detector
e
or
a-
es, SI220 is idealte monitoring. Iting of authorised
neous video record-actuation/settingsn risk scenarios andd video recording/ication and simul-
r areas.
SISTORE MX
BGV (UVV Kassen)/Kalagate certified, this hybrid videorecorder can adapt to bandwidth restrictions in support toother critical banking systems, and can read details of cardsused to access ATM zones: event images are tagged withtransaction data/time/date (15 minutes pre-/post-eventrecording). The event “logbook” is saved in a central, securedatabase. Enables access/intrusion event driven real-timerecording on IP/analogue cameras, and hardware/softwarebased network recording (resp. SISTORE MX NVR/NVS).
Seismic detector
Hybrid digital recorder Control software
SiPass IntegratedSoftware
Silent alarmsThe Intrunet hold-up foot rails and contacts enable a discreet alarmactuation. They can also be used toactivate cameras.
Door and window contactsThese will alert staff closing the branchto any window or door left open, andwill send an alarm should someone for-cably open a door or window to break in.
CamerasHigh-resolution models, to monitor tilllines, queuing systems and recep -tion/enquiries desks, or near entranceareas to monitor customers exiting fromthe branch.– Wide dynamic models for bright areas
povide clear images both inside andlooking at the outside.
– Day/night models in conjunction withinfrared illumination for clear images24 hours a day.
– IP models for true digital transmissionof streaming images.
Vandal resistant domesFor the monitoring of all building eleva-tions, external fire exit doors, entrance
points to the building and car parks/barriers. IP66 they can withstanda blow up to 1000 kg.
Speed domesCan be moved with the utmost preci-sion. Up to 36x optical zoom and400°/sec preset speed.
TFT displays With various sizes of screen and perfor-mance of display – suitable for in a con-trol room or as public display monitors.
09h00 – The bank opens. The video surveillance systemrecords continuously throughout the premises. Staff en-ter the interview rooms by badging their personal accesscards to proximity readers. This simultaneously disablesthe motion detectors in the room, switches the lights onand triggers live video recording (potential evidence).
13h30 – A customer claims he tried to withdraw cashfrom the ATM and was issued a receipt but no cash. With the SISTORE MX DVR, the bank manager reviewsthe video footage tagged with the relevant transactiondata, thereby confirming that the cash had not beendispensed. An engineer is called on site to investigatethe problem.
15h00 – The assistant manager notices the growingnumbers of queuing customers via the video surveil-lance system. To reduce waiting times and free up coun-ters for complex transactions, he sends staff to redirectcustomers needing simple transactions to ATMs andguide them through the self-service options.
17h00 – Closing time. CIT staff arrive to transfer thecash accumulated during trading. Video surveillancesystems cover all their time on bank premises. The safeis then locked and the alarm activated in the area. Themanager locks the front door. All security systems are activated (“traffic light” system shows green).
11
Highlights
Turn branches into true “sales centres”by lightening the security burden forstaff
Enhance the customer’s experiencewith a safer banking environment
Reduce the risk of identity fraud atbranch with physical data protectionand verification tools
Address higher risk areas with inter-operating systems for the control ofaccess, video monitoring and alarming
Increase compliance with data protec-tion and due diligence requirements
ments have been made to make the actualjourney much safer, and this has shiftedthe focus towards the actual cash hand-over point – in the bank itself.Conducting cash delivery or collection inthe public area of banks, building soci-eties and post offices also causes a de-gree of risk to public and staff safety. Itis therefore essential that cash exchangestake place in secure areas (access con-trolled and fitted with video surveillanceand alarms) or at times when no memberof the public is present.
Increase compliance through securityMore sophisticated security functionalitycan also contribute to compliance, en-hancing transaction trail auditing by pro-viding more advanced access control oralarm event reporting, and backed upwith video recordings with time anddate. For example, a recording system,linked to the bank’s ATM system, can beset to record on certain conditions, e.g. ifthe card swiped to enter a 24h ATM zoneis identified as being blocked or stolen.The video is then tagged and linked tothe suspicious transactions, with pre- andpost-event images also recorded.
Maximise sales opportunitiesSecurity systems inside the premisesshould support both intervention and investigative activities, and raising thealarm should be easy and inconspicuousto prevent violent or panic reactions. Byimplementing interoperable security sys-tems, local branches can strengthen wellestablished bank security processes witha centralised – even remote – overviewand control of all the security functionalityand areas. This enables routine or incidentscenarios to be translated into logical
Protect valuable assets and data Banks hold not just valuable cash, butalso data and data storage devices,which, if removed from the premises willturn into a lucrative business for thecriminals. Protecting access to officesand data rooms is therefore critical atbranch level. “Prox & PIN” access readerspositioned at strategic entrances will pre-vent unauthorised access to the areas,with attempts at forcible entry automati-cally triggering an alarm and videorecording. Tags fitted to sensitive datastorage devices, and linked to the accesscontrol system, can trigger an alarm ifthey are removed from the building with-out authorisation.
Secure safes and deposit boxesTo protect safes and deposit boxes, accesscontrol readers at entrances will stopmembers of the public accessing con-trolled areas. The wide range of readersfrom Siemens includes “Prox & PIN” mod-els with ‘duress’ code functionality (forinstance when a member of staff is co-erced to enter an area under threat). Seis-mic detectors fitted to safes and depositboxes will trigger an alarm if forcible removal or access is attempted (particu-larly suitable for unmanned self-servicedeposit boxes, which make it possible forthieves to rent a box for the sole purposeof gaining easy access to the vault). Thiscan be complemented with video surveil-lance for enhanced monitoring, with real-time video recording of images through-out the trading period and live recordingon alarm after hours.
Reduce cash-in-transit risksCash-in-transit services remain a primetarget for robbers. Significant invest-
Examples of security zones
Publicly accessible zoneCustomer zoneControlled customer zoneGeneral staff areasVital technical installationsSensitive staff areaHighest security area
action/reaction between the access control,intrusion detection and video surveil-lance systems. Tighter security makes the branch less attractive to criminals:the resulting banking environment issafer for staff and customers, and there-fore more conducive to fruitful businesstransactions.
Office
Elevator
Staircase
Money conveyor
Zone protectedby interlocked
doors
24h zone
Banking hall
Wind screen
Counter customer
safe
12
Enterprise level security, compliance andglobal competitivenessNational and global bank networks, data centres, bank headquarters, national goldreserves, central bank hubs.
Enterprise level securityIn support to successful bank ERM strate-gies, security risks ought to be managedas a single end-to-end topic. Interoperableaccess control, intrusion detection, andvideo surveillance systems provide thetools to manage, monitor and report security risks and events as required bythe legal framework. They can providethe sophisticated security functionalityrequired to reduce losses stemming fromthe operational risks defined in the BaselII accord, at all levels of the service deliv-ery channels network. They provide acentral security platform for both compa-ny wide policies and the locally managedspecific security issues pertaining to each channel.
Support payment consolidationthrough improved data security
Continuing competitive pressures areleading financial institutions to worktowards consolidating payments to reduce handling costs. But with thesepayment “hubs” – infrastructures thatare capable of processing payment frommultiple channels – there is a growingpotential for unauthorised access to evenlarger amounts of sensitive data for thepurpose of manipulating, stealing oreven destroying it. With increasinglystringent regulatory requirements, suchas the Gramm-Leach-Bliley or SarbaneOxley Acts, data centres should thereforebe treated as high security buildings, andcan therefore greatly benefit from inter-
operable systems. Applying a role-basedaccess management to payment and datacentres, is best achieved with centrallymanaged access rights as this ensuresup-to-date access authorisation at alltimes for legitimate staff. Access eventscan be backed up with live or recorded visual verification of a person’s identityon badging through video surveillancesystems, whilst interoperation with alarmsystems will enable the alert to be givenshould access to a restricted area be attempted by an unauthorised user.
Role-based access managementTight access control to information andthe systems holding them is a complexmatter in a global banking world wherethe consolidation of the core systemsused to manage the varied operationalchannels has only just started. Accesscontrol systems from Siemens can offera “one card” answer for financial institu-tions that have locations nationwide oreven worldwide. Instead of multiplecards or ID badges that would normallybe needed to perform multiple functions(e.g. entry in building or electronic signa-tures) one card includes all these ser-vices.
To achieve greater competitiveness on a national or evenglobal level, banks need the flexibility to implement com-pany-wide business models that will optimise their marginlevels and turnover. Whilst channel diversification is a keysuccess factor, the challenges this brings for banks are multi-fold – from consolidating payment channels whilst ensuringcompliance across ever more complex networks of ATMs,branches, data centres and headquarters to promotingbusiness intelligence sharing, and streamlining systemsand processes.
Interoperable security systems support more efficient enter-prise-wide risk management strategies (ERM), by enablingbanks to reduce the complexity of their processes and systems, at the same time facilitating an enterprise viewof security across entire networks.
Access control Intrusion detection
Emergency response services
Inte
rope
rabl
e co
ntr
olle
rsIn
tero
per
abili
ty in
act
ion
– n
atio
nal
ban
k n
etw
ork
Fiel
d d
evic
es
External motion detectorsSiemens external motion detectors en-able an alarm to be triggered as soon aintruders set foot on restricted outdoorareas, allowing for intervention to takeplace before access to critical areas orassets has been gained.
Internal motion detectorsThe range of Siemens internal motiondetectors caters for all bank environ-ments: from 24-hour zones to retailbranches and data centres.
The range covers requirements for allgrades of risk areas, and offers thehighest detection rate and false alarmimmunity.
Proximity and PIN reader with a robustdesign and metal casing for vandal re-sistance.
Proximity readersIdeal for controlling access to doors inoffices.
Smart card technologyEnables physical access rights to becombined with logical access via digitalauthentication and single sign on to HRdatabases and directories, sales report-ing, procurement systems, process doc-umentation of loans/mortgages, etc.
Intrunet SI410
This scalable system facilitates centraliment over standard communication chback-up for reliable transmission. Individcan be programmed based on zones/risport for alarm type specific interventioaccess control “duress” events). Its Macremote standardised updates of securitmultiple sites provides a cost-effective personnel codes are up to date.
13
A large bank has implemented a new nationwide securitysystem to bring all local systems under one uniform andcommon standard. The objective is to reduce the costs ofsecurity systems themselves, but also to close any securitygaps, particularly with data access and reporting capability.Central to the system is role-based access management,supported by a SiPass integrated access control system,which integrates into the bank’s standard IT environmentand HR database applications. The system is configuredto work across the bank’s corporate domain, ensuring thenetwork integrity is not compromised. The system formsthe basis of an enterprise wide interoperable security sys-tem – also including Intrunet SI410 intrusion detectionsystem and SISTORE CX video codec recording – from whichall security functionality can be managed and controlled.The entire bank network is in turn linked to an MM8000Danger Management System, which facilitates the manage-ment of data from various sub-systems, including fire detection systems.The SiPass integrated system manages the access rightsand cardholder data of over 3000 staff from the bank’scentral security and safety hub located at it’s general head-quarters. The one card concept supported by SiPass inte-grated (combining physical access rights and digital sign-on)has been implemented in all sites: changes to access management policies can now be rolled out automatically,ensuring consistent access restrictions to sensitive areas,
Local branches
Executive management homes
IntrusionDetection
VideoSurveillance
AccessControl
IntrusionDetection
VideoSurveillance
Self-service pointsIntrusionDetection
VideoSurveillance
SiPass integrated
A true backbone for enterprise applications: distributedarchitecture for central/local event management, card-holder enrollment, data authentication and encryption,reporting and configuration changes; “One card” conceptwith role-based access to offices, IT networks/applications;anti-passback; visual verification; elevator control; HRsystem integration (LDAP compliance); overview of allaccess/alarm events with video footage back-up, accessiblefrom SiPass software; full system archiving/restoration.
Video surveillance
Super high-resolution camerasOffering the highest detailed images forevidential use, the range of super high-resolution models are ideal for the monitoring of main entrance points toeach floor, lifts, lobbies and staircase/fireexits.
Vandal resistant domesFor the monitoring of all elevations ofthe buildings, external fire exit doors,all entrance points to the building andcar parks/barriers. IP66 they can with-stand a blow up to 1000 kg.
TFT/LCD displaysTypically used to create “video walls”for use in a control room the range of
asre
sed alarm manage-hannels with IP/GSMdual security settingssk levels, with sup-n procedures (e.g.
cro functionality forty settings acrossway of ensuring all
business data or applications across all sites and employees.In line with security breaches reporting requirements, anysuspicious event flagged up in local systems can also beaccessed, managed and reported both locally and in thecentral SiPass database.Similarly, the Intrunet SI410 Macro functionality enablesconsistent alarm settings across all sites, with for exam-ple safes being set in all branches under constant alarmmonitoring, with bypass only accessible to authorisedholders of special codes. Specific event types can alsobe defined to trigger video recording or alarm activa-tion/deactivation based on established business scenariosand risk levels that are common to all sites. The SISTORE CXcodec recording system enables the centralised manage-ment of local video recorders in branches through its virtual matrix functionality. This enables locally recordedcritical event footage to be centrally and securely archi vedaway from the branch. All sites are equipped withSISTORE CX EDS for outdoor video motion detection andSISTORE CX ODR to e.g. detect any unauthorised parkingin front of bank branches.
The SiPass software provides a central control point forall security functionality, enabling remote access to localintrusion event log or to conduct live viewing, playbackand recording of images based on access or intrusionevents, overlaid on user-friendly graphical site maps.
14
SISTORE CX
Kalagate certified, this codec recorder supports distributedsystems e.g. a unit per branch or building – all connectedto a central control room, and provides: fast transmission/streaming of the highest quality video, centralised storageof recordings for secure archiving (NAS); bandwidth man-agement tools; advanced search functionality (addressinglegal requirements to report security events with support-ing information); back-up of business critical security data;perimeter surveillance capability (SISTORE CX EDS/ODR).
Secure intrusion keypadThe stylish keypad enables quick andsimple multi-partition operation. Keyswitch and annunciation modules offeradditional security levels and parallelpartition indication and operation, aswell as unique tamper detection con-cepts.
security TFT displays offers featuressuch as anti-glare security glass.
Control keyboardsAble to control both the digital record-ing system and speed domes, the CKArange of keyboards offers ease of con-trol and flexibility particularly when using the variable proportional joystick.
National headquarters
Data/cash centre
Regional headquarters
Central controlfor regional HQ
Central controlfor branches
IntrusionDetection
VideoSurveillance
AccessControl
IntrusionDetection
VideoSurveillance
AccessControl
Central controlfor national HQ
Central Control dangermanagement (MM8000)for entire network
IntrusionDetection
VideoSurveillance
AccessControl
15
In a SOX and Basel II context, this ensuresthat identity and access rights are up to date and traceable – and that securitybreaches are reportable at all times.
Replicate security best-practicesInteroperable systems provide the meansto access and manage intrusion detection,access control and video surveillancedata and processes centrally, thereby facilitating the implementation ofstreamlined security measures and proce-dures. This also enables best practices tobe identified and shared throughout thenetwork. With all the security data col-lected centrally and easily retrievable, abank can keep an ongoing watch on allits activities within – and across – saleschannels. This translates into more effi-cient bank channel integration, ensuringthat all channels are communicating withone another and seamlessly sharing se-curity-related information, so tracking ofsuspicious account activity and cash canoccur simultaneously, raising red flags ifsomething goes wrong.
Protect IT and data networks integrityIT integration sits high on banking insti-tutions’ strategic agendas, in the searchfor more efficient and transparent waysof managing and protecting data andbusiness processes. Compliance require-ments have permeated to IT networksused by financial institutions, calling forsecured back-up of critical data for exam-ple. Interoperable security systems fromSiemens can sit on their own network,ensuring they will not compromise thenetwork integrity. In addition, they deliv-er sophisticated reporting tools, which
allow for event logs and recorded videoto be exported over secure connection to centralised data centres, away fromthe branch.
The compliance success factorInteroperable security systems, by provid-ing banks with an enterprise level view ofall security-related matters, can con-tribute to improve compliance levels, onthe one hand by helping to prevent card-holders’ financial and personal informa-tion from being compromised or mis-used, and on the other, by providing thetools to implement a successful role-based access management to sensitivedata or assets. More specifically, in a con-text where banks are legally required tofully disclose all events that are materialto the business and report all securitybreaches (Basel II third pillar) being ableto back-up transaction data with authen-ticated video recordings and access andalarm event reporting brings significantadvantages from an auditing process per-spective.
Security in support to business intelligence
With centralised monitoring of sites, andintegration into a bank’s operational sys-tems, bank headquarters can achievebetter understanding of their “proximity”businesses (be it ATMs or branches),thereby improving the efficiency of theirnetwork. On a national scale, the addedvisibility brought about by interoperablesystems also enables a more efficientstaff deployment across multiple branch-es, based, for example, on changing busi-ness activity levels in branches, or the
Highlights
Harmonised security concept acrossentire bank network improves the efficiency of security strategy andreduces the total cost of systemownership
Certified products and systems con-tribute to better insurance compliance
Understand and react to securitybreaches more readily with holistic approach to security
Common security user interface facili-tates cost-effective staff deploymentacross multiple branches
Protect IT network integrity with certified electronic security systems
need to transfer skilled staff to othersites for cross-training purposes.
16
Case study: Siemens improves security forSpareBank1 across 460 branches
The challengeEach of the 23 member banks – whichtogether constitute one of the most fa-miliar names in the Norwegian financialmarket – ran their own security systemsand services locally. Although the al-liance’s main goal was to ensure the indi-vidual banks’ independence and localconnections, the objective of the agree-ment was to create a mutually bindingco-operation between the partners with-in the security operation, focusing on security levels, cost optimisation and thedevelopment of predictable security lev-els and services throughout the alliance.
The answerAll branches within the bank network willhave video surveillance and intrusionalarm systems installed, with the majori-ty of the branches also supplementingtheir security measures with access con-
trol. A centralised access control systemutilising operational services (with serverhosting at Siemens’ MARC station for 23branches), is also being specified.
The alarm management services respondto all types of alarms (both life-threaten-ing and everyday events), thereby con-tributing to business continuity, crimeprevention, staff safety and, ultimately,providing peace of mind. The centre willmanage information from all locations,offer support on technical questions, re-ceive service calls and remotely managethe security systems.
The resultKey to the requirements was the imple-mentation of an interoperable securitysystem that is capable of working togeth-er to deliver the required security levels.This enables the control of the varioussecurity functionalities (access control,intrusion detection, video surveillance,alarm management) from one centralpoint. For example, whenever eventstrigger access or intrusion alerts, videorecording will start and live images willbe received to provide verification at theMARC from where, if necessary, interven-tion forces will be alerted. In reroutingexisting alarm transmission to the MARC,several areas for improvement in the cus-tomer’s existing system were identified,all of which have been addressed by thenew system.
Highlights
333x SISTORE digital video recorders(SISTORE MX with 2 TB hard drives forall branches, and SISTORE AX4 Lite formost of the ATM machines)
Replacement of 1,385 cameras withSiemens models
420x Intrunet SI410/SI220 intrusionpanels securing most branches and2,236 motion detectors fromSiemens
1,300 doors across all branchessecured by SiPass integrated accesscontrol systems and readers
Siemens has won one of the largest security contracts inNorway – a complete security and services solution agree-ment with SpareBank1, an alliance of 23 banks and 350 offices that together make one of the largest providers offinancial products and services in the Norwegian marketwith 460 branches.
The bank wanted a fail-safe and sophisticated security solu-tion with a central system operation and maintenance thatinvolves the upgrading of video surveillance, intrusion de-tection and access control systems – and therefore providesincreased security against unauthorised access and criminalactivities – in all 460 branches.
Access control Intruder detection Video surveillanceRemote
monitoring
Self
-ser
vice
are
a
SiPass Entro LiteUp to 8 doors/1,000 cardholders
SiPass EntroUp to 512 doors/40,000cardholders
Both systems provide a bank lobbyfunction (white list) that uses thecustomers’ bank cards to provideaccess to the self-service area.
Intrunet SI1202 partitions/12 rooms
Intrunet SI2206 partitions/36 rooms
Both systems provideflexible alarm transmissionand verification
SISTORE AX– Local operation – Generic ATM
interface– Event callback
Via AlarmReceivingCentre
Ret
ail b
ank
(lo
cal b
ran
ch)
SiPass Entro– Easy integration with video
surveillance/intrusion systems– Multi-site concept– Easy software maintenance
via terminal server support
SiPass integrated– For system expansion from
SiPass Entro– For larger retail banks
Intrunet SI220– SMS event messaging– Supports audio and video
alarm verification
SISTORE MX – Hybrid recording – Support of main
ATM interfaces– Event callback
Own oroutsourcedcontrolroom
Glo
bal
org
anis
atio
n(h
ead
qu
arte
r o
ffic
es)
SiPass integrated– Virtually unlimited number
of doors/cardholders– Mutiple workstations– Visitor management– Integrates with HR databases– High security bank features:
duress codes, dual custodyand integration of biometricidentification
Intrunet SI410– 16 partitions/128 rooms – Easy system customisation
for banks – Highly scalable– Fully networkable– Flexible alarm transmission
and verification– SMS event messaging
SISTORE CX– Hybrid recording– Virtual matrix
for centralisedoperation
– Out-/indoorvideo analyticssurveillance
– Event callbackwith alarmpicture
Own or out-sourcedcontrol room(SiPass integrated,MM8000DMS or IVMdanger/videomanage-ment)
Fiel
d d
evic
es
Magnetic stripe readers(with or without keypads)
Ex ternal PIR motiondetectors(perimeter surveillance withalarm triggered videorecording)
Indoor ”All inone” camera– BGV-approved
Proximity readers(with or without keypads)
Internal motion detectors(wired or wireless.For ATM zones, counters,back-offices, safe areas, etc.)
High-resolutionanalogue and IPcameras
Vandal resistantdomes
Hands-free Cotag readers Seismic detectors(safes, vaults or ATMsprotection)
TFT/LCDdisplays
Smart card readers(with or without keypads)
Glass break detectors(wired or wireless)
Controlkeyboards(control virtualmatrix via IVM)
Door/window contacts(wired or wireless)
Systems overview
* The information contained in this table is only meant as a guide. Other combinations are possible.
17
www.siemens.com /banksecurity
The information in this document contains general descriptions of technical options available,which do not always have to be present in individual cases. The required features should thereforebe specified in each individual case at the time of closing the contract.
© Siemens Switzerland Ltd • Order no. A6V10259110 • 10907 Ah
Siemens Switzerland LtdIndustry SectorBuilding Technologies DivisionInternational HeadquartersGubelstrasse 226301 ZugSwitzerlandTel +41 41 724 24 24
Siemens LtdIndustry SectorBuilding Technologies DivisionUnits 1006-1010/F, China Resources Building26 Harbour RoadWanchaiHong KongTel +852 2870 7888
Answers for infrastructure.Megatrends driving the future
The megatrends – demographic change, urbanization, climate change and glo-bali zation – are shaping the world today. These have an unprecedented impact on our lives and on vital sectors of our economy.
Innovative technologies to answer the associated toughest questions
Throughout a 160-year history of pro-ven research and engineering talent, with more than 50,000 active patents, Siemens has continuously provided its customers with innovations in the ar eas of healthcare, energy, industry and in-frastructure – globally and locally.
Increase productivity and effi ciency through complete building life cycle management
Building Technologies offers intelligent integrated solutions for industry, com-mercial and residential buildings and public infrastructure. Over the entire fa cility’s life cycle, our comprehensive and environmentally conscious port -fo lio of products, systems, solutions and ser v ices in the fi elds of electrical instal -la tion technology, building automation, fi re safety and electronic security, ensures the:– optimum comfort and highest energy
effi ciency in buildings,– safety and security for people,
processes and assets,– increased business productivity.
Siemens Pte LtdIndustry SectorBuilding Technologies DivisionThe Siemens Center60 MacPherson Road348615SingaporeTel +65 6490 6000
Siemens plcIndustry SectorBuilding Technologies DivisionBrecon HouseLlantarnam Park CwmbranNP44 3ABUnited KingdomTel +44 871 386 0800