Dan Griffin's Blog

Comments on security, PKI, smart cards, cryptography, and entrepreneurship.

I’m attending the FBI Seattle Division’s Citizen’s Academy 2008. Highly recommended for anyone interested in the FBI and/or security. One recent briefing was about the Seattle FBI office’s work in retraining employees of the Puget Sound region’s banks in order to help catch bank robbers.

Now I’m sure warning bells are already going off in your head just reading that. Aren’t these people just going to get themselves shot?! That was my initial reaction as well. But these new techniques are deceptively simple, are reportedly already measurably successful, and I like the idea of fewer bank robbers running around.

As an aside, the agent who did the presentation is an enormously entertaining guy – the kind who could sell a ketchup popsicle to a lady in white gloves. And this is predominantly his hard work and research. You can see his picture in the news links below.

Any current or prospective bank robbers: pay close attention.

  • First, the Seattle area has a high rate of bank robberies, on a national level. A few reasons are cited for this, including that bank robbers in Seattle tend to be homeless and are frequently addicted to heroin. And this is a welcoming community for the homeless and for addicts.
  • Second, bank robbers tend to be serial offenders. They’ll do it 10, 20, whatever number of times until they’re caught. That’s an important consideration, because it means if you can catch the bad guy on the second offense, for example, you’ve helped a large number of potential victims downstream. You’ve had an exponential (positive) effect on your crime statistics.
  • Bank robbers tend to target female clerks, and particularly all-female banks (as in, you walk in the door, and all you see are women).
  • Next, cameras are mounted high, so robbers where hats and sunglasses.
  • The bad guys don’t typically go for a take-over; they act like a regular customer, and use a hand-written note (no weapon means less jail time) when they get to the teller counter.
  • After the job, time is a critical factor in getting police on the scene before the guy gets away. As little as 15 seconds is enough to make the difference.

So the new bank employee training scheme goes like this. First, if the teller sees anything potentially suspicious, such as a guy standing in line with a hat and sunglasses, she excuses herself from the current customer she’s helping and informs a greeter. Then she goes back to her customer.

The greeter, preferrably a man, has a desk away from the tellers. His job is basically high-intensity customer service. He goes up to the suspicious-looking person and says, “Hey, I don’t recognize you. Are you here to open an account?” “How can I help you?” Etc.

If the customer is a real customer, he gets a free pass at this point, since he just managed to jump the teller line and, in most cases, get helped by the greeter.

If the customer is a bad guy, the extra attention is most unwelcome. For one thing, he’s being drawn away from the teller counter, so the mechanics of his plan have been disrupted. And depending on his excuse for being there, the greeter is going to ask him for ID. That’s critical for the overall strategy, because it gives the bad guy an easy out: “Oh, my ID? I left it in the car. I’ll be right back.” He’s gone, disaster averted.

What if a note-passer does make it to the teller counter? For one thing, there’s a strategy about how much $$ to give. Too little, and you risk further confrontation. Too much, and you can bet he’ll be back to rob you again next time. Stack smaller bills under some big ones. And once the cash is on the counter, the teller takes a step back and puts her arms out to the side, signaling, ‘there’s your money - take it - we’re done, right?’

Once the bad guy is out the door, the teller who interacted with him is the one who calls 911 - immediately. Everyone else assumes strategic positions around the inside of the bank, looking outside, trying to identify the bad guy’s escape route and/or vehicle.

That last bit is a change from previous practice since, for one thing, banks use offsite security monitoring that’s frequently centralized and hence not located in the same town. The security company, once notified, had to first call the bank and speak to a manager to confirm what’s going on. Only then could they call the police, but not via 911 because they’re not local! And the security company has no idea what the bad guy looks like, which is pretty much the next thing that the police need to know in order to have a hope of catching the guy.

Finally, put the bank security cameras at a low angle so they can get good shots of people at the counters.

Local news links on this:

Permalink |

1 Comment »

  1. Hey, Larry Carr’s preso. I did that class last year… and then asked him to speak at Seattle InfraGard last summer. Great guy, great talk.

    Comment by planetheidi — May 9, 2008 @ 3:24 pm

RSS feed for comments on this post. TrackBack URL

Leave a comment