IFSEC Global recently caught up with Dennis Choi, General Manager at IDIS Middle East and Africa, to discuss how the company’s partners have been upgrading surveillance across thousands of ATMs as they help banks to meet tighter compliance requirements in the region.
The Middle East banking sector is undergoing significant transformation as both retail and corporate banks respond to economic and demographic changes. The current increases that we are seeing in oil and commodity prices will give a boost to revenues, and long term will feed into the region’s ambitions to diversify away from oil with visionary programs such as Saudi Vision 2030. As Gulf States raise further capital to support these transitions, the region’s finance sector will continue to evolve in order to compete on global markets.
The region’s retail banking landscape is also being reshaped by the fact that younger demographics are less reliant on cash and are more confident using mobile commerce than older populations. We are therefore seeing the development of fintech, while traditional branches concentrate on more personalised services – for example extending personal loan portfolios, mortgages etc. and increasing lending to SMEs.
These changes, over a comparatively short timescale, have motivated banks to rethink their estates and to focus on efficiency savings. We have seen mergers and acquisitions, and number of branches being scaled back. But this is being offset with a new emphasis on customer service in the branches that remain, and a significant investment in the availability of ATMs.
Of course, physical security remains key in the financial sector. In recent years authorities such as the Saudi Arabia Monetary Authority (SAMA) have tightened compliance, and that has had a big positive effect with other Gulf States following the lead. The aim of these tougher standards has been to counter cyber threats, fraud, money laundering, and the financing of organised crime and terrorism. The new compliance requirements extend to all areas of banks’ operations, including enhanced physical security of ATMs.
But this is not just a box-ticking exercise. Institutions have shown themselves willing to commit significant time, manpower and resources to achieve the best long-term return on investment (ROI) and the investments now taking place are multi-year journeys.
Video surveillance integrated into cash machines has long been recognised as the key risk reduction measures. Video tackles common threats – theft, shoulder surfing, skimming, fraudulent activity, vandalism – and enables investigation of specific incidents and historic activity. By improving user safety, surveillance provides reassurance and maintains customer loyalty.
Choose the right tech mix to meet compliance
Compact NVRs and pinhole, modular cameras integrated into cash machines are proven the world over. Transaction data, which is easily overlaid on to video footage, provides an audit trail. This meets compliance requirements by allowing users to be reliably identified.
The best cameras for these applications include 4.3mm or 2.5mm fixed lens options. They are perfectly sized for ATMs and can be discreetly installed. They feature true wide dynamic range – for handling challenging and variable lighting conditions – and come with inherent failover to protect against loss of data.
Yet for Middle East retail banking and ATM applications there are even more challenges to consider. As well as extreme light variations, from glaring sun to complete darkness, hot, dusty, and windy conditions are also common. It’s critical that both CCTV hardware and software are fit for purpose and designed with these challenges in mind.
While compliance standards differ from state to state most regulations now include: a minimum of full-HD cameras with high performance WDR and IR; redundancy including camera SD card and NVR failover, redundant power, and support for RAID 1; live streaming; remote retrieval of footage; and management and control of ATMs from centralised control environments. In addition, banks need to have affordable VMS federation services that allow branch managers and associated security teams to monitor and manage the day-to-day operations of their ATMs and deal with safety and security events locally from client software and mobile applications.
The uninterrupted transition from legacy systems
The smooth migration of existing ATMs ensuring uninterrupted video monitoring and recording is also crucial. No part of a bank’s operations or estate can be left exposed; any gaps in footage can result in security failures, losses, and stiff penalties for non-compliance. The key to achieving this is to deploy technology that enables a phased approach, supporting both new and legacy cameras, and ensuring live streaming and recording without interruption through each stage.
A variety of tech options will support this route but major banks, including Saudi National Bank (SNB), the largest in the Kingdom of Saudi Arabia (KSA), have recognised the advantages of a single-source, end-to-end solution, with true plug-and-play set up of cameras and NVRs and one-click configuration. This allowed connection of ATMs back to SNB’s Riyadh centralised control room, without service interruption. The cost-effective and simple migration path was achieved using IDIS encoders which also allowed existing legacy cameras to be retained and managed, all without ongoing licensing fees.
At the same time, the plug-and-play approach reduces complexity and cost, for both banks and systems integrators. Upgrade projects can be very large scale and can involve hundreds of engineers working across extended geographies with a wide variation in the design of ATMs. This means thousands of cameras and NVRs may need to be deployed, often in remote, challenging environments with temperatures exceeding 40C – conditions not uncommon at some of the drive-thrus found in desert locations.
A true end-to-end solution means simple system design with devices that automatically mutually authenticate. This makes installation safer, faster, and more straightforward – a capability that also closes common cyber loopholes by eliminating the need for manual passwords. Engineers simply connect ATMs back to centralised control rooms using IDIS FEN (For Every Network) technology, so they don’t need networking skills or specialist knowledge of tasks such as port forwarding or hole punching. At IDIS this has been termed ‘manageable complexity.’