December 7, 2017

Who Goes There? Controlling Visitors – WST

Preventing unauthorized access to customer data starts with controlling physical access to non-public areas of bank facilities. Each institution should implement the following:

      • A well-defined and detailed visitor access policy;
      • Continual training of policies and procedures with all employees; and
      • Log books showing all visitors to non-public areas of the bank.

We also suggest some other fundamentals to make this effort more effective.

      • Request photo identification from all visitors;
      • Compare names and signatures on identification to the log book;
      • Consider photocopying the identification;
      • Have designated personnel approve all visitors at all bank locations;
      • Train employees on proper methods of screening unfamiliar individuals as well as how to deny access to unauthorized visitors.


You would be surprised at how successful unauthorized visits to sensitive areas of banks can be. It even surprises us when performing Social Engineering Assessments how easily we can gain access to bank operation areas. From small banks in small towns to larger banks in the city, size and location does not seem to make a difference.

We have found that most bank employees have a gut instinct that something is not right in these situations, but they don’t act on it. Most do not feel it is their place to stop and question strangers or they are uncomfortable doing it.

Training staff how to properly challenge visitors is key to success. Acting it out and practicing how to deal with unauthorized visitors gives your staff the tools they need when the situation arises.

Past Weekly Security Tips – WST