SecurityInfoWatch: At the Frontline: Members 1st Federal Credit Union's Chip McBreen

May 24, 2010 | Coverage

Credit union security chief discusses industry security challenges, implementing new technology

With the proliferation of check fraud and other types of crime targeting banks across the country, Pennsylvania-based Members 1st Federal Credit Union is taking proactive steps to protect itself and its customers.

The bank, which has 40 branches located throughout south central Pennsylvania, recently implemented new surveillance solutions from 3VR to help reduce investigation times and nab crooks before they can strike again.

According to Members 1st Assistant Vice President of Fraud and Security Services Chip McBreen, the bank is also in the preliminary stages of working to deploy new technology that can prevent the placement of skimming devices on ATM machines.

In this "At the Frontline," McBreen, a 20-year veteran of the Pennsylvania State Police, discusses the security challenges facing the banking industry and how he is using different technologies to streamline and simplify security operations at Members 1st.

What are some of the biggest security issues facing the banking industry today?

I think from a security and fraud perspective, check fraud continues to rise in our industry by exponential bounds. It is critical to be able to accurately identify suspects and to gather evidence in a timely fashion so it can be transmitted to law enforcement authorities so they can initiate an investigation on their side to try and catch the (perpetrator) and affect a recovery.

What has given rise to the increase in incidents of check fraud?

With the proliferation of counterfeit checks, it is kind of the new way to steal. It is a lot safer for you to try and pass a counterfeit check than it is to try and rob somebody on the street. And your chances of being caught or prosecuted are certainly a lot less because unfortunately, the system right now tends to not look at it as important because of the collateral harm that takes place. No one was hurt, no one was injured and no one was killed so the system does not look at it quite as seriously sometimes as it should. (The judicial system) is starting to come around now because of the amount of cases that are coming through, but still in a lot of jurisdictions, they want to give the so-called perpetrator the benefit of the doubt that he was a victim in the whole scam.

How are you using security technologies like 3VR’s SmartRecorders to combat crime and fraud?

Our recorders are a part of our overall philosophy when it comes to fraud prevention and fraud investigation. On the investigative side, we are using our recorders as an after-the-fact situation to identify the person who is conducting the transaction. This deployment strategy, coupled with the facial recognition analytics of 3VR really enable us to not only instantly identify the issue that we are looking at of a particular violation or a particular type of crime that occurs at one date or time… but also to search for other events involving this individual that we may not know about yet. It enables us to expand our evidence gathering efforts to try and help mitigate a fraud even before we may have a loss.

On the prevention side, (facial recognition) gives us the ability to know when a specific individual has entered one of our branches and to be able to stop that individual from conducting another transaction that may be fraudulent or to alert law enforcement that a person of interest has entered our branch.

How big of a problem have skimming devices become and what steps have you taken to prevent their placement on your ATM machines?

ATM skimming is becoming a growing concern among financial institutions - especially here on the east coast. You see stories lately where ATM skimming is becoming more popular in (several large cities). We use all Diebold ATMs, which have a technology that allows the ATM machine to detect a skimming device if it has been placed on it. There are some sensors on the card reader, and if those sensors are covered for any length of time or it sees the sensors covered when cards are passed through it, then it will send an alert.

We are really just starting to deploy this technology to help combat this type of scam. The camera systems are extremely important, so we get good shots of the individual perhaps placing (the skimming device) on the ATM. At all of my branch ATMs, I have deployed two cameras - one camera inside the ATM and one camera under the overhang outside the ATM in order to get a license plate shot or a shot of someone who may be tampering with the unit.

With so many branches in different locations, what are some of the challenges you face in streamlining your security operations?

Each branch - even though it acts independently of the others - is able to be tied together with an enterprise system through a special 3VR server. Because we are tied into one place, it enables me to do enterprise-wide searches instead of having to search each individual recorder separately. That saves huge amounts of time. The deployment of an enterprise-wide server has made this chore of tying the systems together so much easier on my side and it still allows the branch to be independent.

With so many cyber criminals attempting to hack into bank systems and the accounts of customers, what are you doing online to protect the assets of Members 1st and its customers?

We have a number of different firewalls, filters and programs and applications that monitor our network constantly. We do penetration testing on a regular basis - not only with our network, but also with physical penetration in social engineering. We do that on a regular basis - a couple of times a year we pay folks to try and penetrate our network either from the outside wireless or through social engineering or some other means to check our vulnerability. We would much rather have our vendor break in and tell us where we are weak, than have somebody else break in and steal something.

What are your thoughts on different types of policies that banks have taken to deter robberies, such as not allowing hats or sunglasses to be worn? Do they work?

We have employed the same policy. We put a sign on the front door of our branches asking members to please remove their hats or sunglasses when they enter the branch and we are very upfront and honest with them about it. We are trying to get your picture and those items make it more difficult. We are a very member-oriented organization - we greet our members when they come in the door, we are very friendly to them and we are very focused on consulting with them on how we can best serve them. But our management is supportive of us because they realize… that (a bank robbery) is a life-or- death situation for the staff. Even the most innocent or benign robbery is a life-or-death situation and so we train our associates very rigorously on how to react to this type of event and how to look for some of the signs before it occurs. A member who is trying to hide his face from a camera behind the teller line may be much more than someone just having a bad hair day. 


Read the article