Leading banking and security industry panelists gathered at the PGA National Resort and Spa in Palm Beach Gardens, Fla., earlier this month to troubleshoot some common challenges and offer tips on expediting the convergence of security systems.

An audience of 53 security professionals from regional and national financial institutions listened in live to the session called Banking’s Roadmap to Physical & Logical Convergence while more viewers across North America logged on to their computers for a webinar transmission of the session.

“Convergence is a word that means a lot, in a lot of different industries, and has certainly become a lightning rod within the security industry around how we bring the two traditional disciplines, or peers, of security together ”“ physical and electronic,” said Gareth Webley, Chief Security Officer of National City Bank.

He and fellow panelists noted that criminals continually evolve their methods to circumvent security as quickly as new measures are implemented. Citing fraud as a bank’s most prominent risk, Webley pointed to the recent arrest of David Verhotz of Hudson, Iowa, who is accused of embezzling $29 million from the Cleveland-based KeyCorp bank ”“ allegedly doing so right under its nose.

Webley, who is senior vice-president of global trade services, also referenced the popular film Ocean’s Eleven, in which the characters foil elaborate security systems to steal millions from the vaults of three busy casinos ”“ a fictitious scenario but not entirely impossible.

The concept of convergence is relatively new, yet fervently championed as the new standard to protect assets as electronic technologies develop at lightning speed. 

Banks, as well as government or health care sectors, are mandated by law to protect customer information and comply with legislation governing securities and investments. That means they must judiciously guard information and assets in order to conduct business.

But just as any major organization, a breach in security would also affect a bank’s brand.

Ryan Buckley, vice-president of information security at Citizens Financial Corp., acknowledged shareholder and consumer confidence are key drivers behind convergence. “If my ID was stolen and my life turned up-side-down, I might think twice about maybe going back to the old days and begging out on the use of electronic channels into my bank,” he suggested. “If there were major events where massive amounts of identities were stolen and good portions of the public thought about doing banking the old way and not electronically anymore, there would be profound cost impacts to the banks.”

Panelist Adam Stanislaus, vice-president of security at First Data Corporation, which provides electronic transaction services, suggested convergence ”“ if done properly ”“ enhances an institution’s brand, shareholder value and dialogue within the organization.  

“At the end of the day, it all starts with the IT and the physical organization. They are two different organizations in a lot of places today and they talk different languages, they see different things, they have different risks and different models. To establish a relationship is the number one priority,” he said. “Convergence allows you to better communicate with your executives and hear the physical and the IT talking about the same things.”

An effective convergence strategy takes into consideration which operations within the organization to include, technological limitations, and provides for policies and procedures such as disaster recovery to ensure the merged systems are effective. 

Hurdles to convergence are related to its integration rather than technology. John Maya, group director of information technology at ADT added that persons within an organization responsible for convergence should be carefully selected for their expertise, and that once a model is in place, it requires continual monitoring.

“The resounding thing that we’re hearing throughout this symposium is the relationship of physical security and IT organizations talking and conversing, not one time but many times continuously to ensure that we’re always looking ”¦ to make sure that as we see the risks, we’re mitigating them that we’re classifying them and prioritizing them, and then we go back and keep looking for more and more risks out there,” said Maya.

Finally, be wary of contract support, said Buckley of Citizens Financial Corp., who advised banks to always choose services from reputable contractors and vendors.

 “In an large enterprise, banking or not, you’ve got thousands of contractors rolling that enterprise and they’re a couple of keystrokes away from banging on the interface of that system,” he cautioned. “So my advice is, I definitely agree go with very reputable companies that know what they’re doing and not only know the security functionalities of the products they’re aiming at you but also know application security functionality to make sure that these security products themselves don’t end up being entry ways into your jewel box, so to speak.”