I stumbled into a major bank security issue - need advice please

[Emmeline]

This is the story. I went to my bank, chatted some with the cashier, then she suddenly froze, someone had brought a shopping trolley into the bank.
I made some joke about it, and out of the blue she reveals what must be high priority security issues. In fact she said "if you do x that will put the security system out of order"
So then I realise, wow, my bank has two serious security issues.
Firstly, an alarm system that could very easily be circumvented.
Secondly, a cashier that babbles about it openly.

My very first thought was, I just have to alert the bank about this.
My second thought was, what good have they ever done to me. Nothing!
They go about with their business, if they fail they cry for mama government who will give them the taxpayers money and after that they will reward the same people who couldn't manage in the first place with millions of $.

Besides, I'm sick of helping people and businesses out without receiving reciprocation.

My question is, what would you do?
Would you alert them without expecting anything in return?
Would you do it with the presumption that you would get something in return?
Would you alert them but make sure that you would get something in return if the information is valuable?

Emme

p s Just realised there are at least two other options "I don't give a s**t or I would rob the bank d s

 

[vinylweatherman]

Tell whoever regulates the banks, rather than the bank itself.
Not only would the bank be ungrateful, but they would belittle you by calling you a "liar" rather than admit that you really HAD brought a serious security issue to their attention.

Having got rid of you, they would probably do nothing about it - out of sight, out of mind.

Remember, the cashier froze, the bank clearly KNEW about the issue, yet had done NOTHING about it, perhaps because it thought no-one else knew, and it would not be worth the expense.

Given that a lowly cashier knew, this also leaves the bank wide open to the "inside job", where a gang of robbers recruit a cashier, or plant one at the bank, in order to create a plan to render the security systems ineffective.

In fact, if you want money for this, you will get the BIGGEST reward from the bank ROBBERS for this information (but you will then be considered an "accessory", and will join them in jail), and once robbed, EVERYBODY will find out about how lax the bank had been, and new rules would ensure that EVERY bank addressed this particular problem.

 

[Emmeline]

Thank you

Oh yes, I realise that know. That's the kind of reply I was hoping for.
I can be so horribly naive and idealistic, trying hard to be more pragmatic
it's not easy.

Appreciate that greatly, now I can get it out of my system and simply say I don't give a rats a**

Emme

 

[Emmeline]

It would be like me to care about the bigger picture though, like general security issues, but frankly I don't have the energy

 

[vinylweatherman]

Well, send an email to the regulator, or the bank, and keep proof of when you sent it, and what it said.

When robbers eventually use this flaw to rob the bank, and the bank pretends to have been taken by surprise, say to them (via a newspaper if necessary), "Surprise, I told you about this last <insert timespan here>, so you must have known, as did the cashier that told me about it in the first place".

You will come away having "done your duty" rather than keeping quiet, whilst the greedy bankers will get what they deserve for putting their bonuses ahead of proper internal security measures.

Many big scandals and robberies have lead to investigations that have shown that all the risks were KNOWN by those who should have done something about it long before the criminals took advantage.

Take ID theft. For years customers have been encouraged to shred everything, yet the banks have been caught REPEATEDLY dumping customers' sensitive information, unshredded, in bagged "business waste" placed on the street for collection. Even after the regulator read the riot act to them about it, they were caught AGAIN doing it the following year. I am sure some branches are STILL doing it, whether through poor training, or staff who "can't be arsed" spending time in front of the shredder, so put it out whole hoping that it won't get nicked by thieves in the few hours before their waste company picks it up & pulps it.

There are numerous cases of sensitive data being "lost" through the classic schoolboy errors of sending it by regular post, or leaving it on an unattended laptop in a public place, including in a car, even losing those tiny Flash drives, which are just asking to be lost without the owner noticing, and which should never be used for big databases containing details of many people.

The UK government lost the records of over 20 MILLION claimants of benefits, and it was because they were burned to a pair of CD ROMs, and POSTED (and then lost in the post). They were never recovered, and the government tried to assure people that no real risk was present because some data was missing, yet at the same time tell us that even "some data" is more than enough in the hands of a skilled fraudster.

In your bank case, it would be almost impossible to successfully charge someone with attempted bank robbery on the grounds that the shopping trolley they brought in disabled the security system, gvien that using a shopping trolley where there are shops is not something one could call "suspicious activity". I am sure that there isn't a sign forbidding the bringing of your shopping into the bank, and anyone challenged has a valid excuse "what, leave it outside where it can get nicked, you must be crazy"

BTW - where EXACTLY is this bank (maps please)

 

[Emmeline]

Hehe, nothing pleases me more than alerting newspapers to severe neglect of
laws and regulations, business ethics, responsiblities etc.

I will check out to whom (regulator, bank) I shall address an e-mail.

I remember the U.K government disaster, can't say much more about it not being familiar with how they run things but still scary

About the trolley, it was not bringing it in there as a deliberate act. Simply bringing it without any malicious intents, can obviously cause severe damage to the system. I won't go into that here

If you'll be my partner in crime, I'll give you the map

Thanks again

Emme

 

[vinylweatherman]

Hehe, nothing pleases me more than alerting newspapers to severe neglect of
laws and regulations, business ethics, responsiblities etc.

I will check out to whom (regulator, bank) I shall address an e-mail.

I remember the U.K government disaster, can't say much more about it not being familiar with how they run things but still scary

About the trolley, it was not bringing it in there as a deliberate act. Simply bringing it without any malicious intents, can obviously cause severe damage to the system. I won't go into that here

If you'll be my partner in crime, I'll give you the map

Thanks again

Emme

I'll give you the secrets to emptying the Microgaming fruities in return for a map

I'll need a translation into a few Eastern European languages - might increase the value

 

[Emmeline]

Microgaming
Are you the magic genie?

(2 years - one 350x bet)

 

[blahfeld]

Another possibility...

Just some food for thought... it's possible the cashier had no idea what they were talking about. They may have heard some rumour or overheard someone joking and thought they were serious.

I once heard a graphic designer say she'd been told a computer scanner (as in a thing you might scan a photo with) contained technology used in nuclear weapons - and she believed it.

 

[Emmeline]

Good point, that thought didn't even cross my mind

 

[vinylweatherman]

Just some food for thought... it's possible the cashier had no idea what they were talking about. They may have heard some rumour or overheard someone joking and thought they were serious.

I once heard a graphic designer say she'd been told a computer scanner (as in a thing you might scan a photo with) contained technology used in nuclear weapons - and she believed it.

It's possible, but even if the cashier believed this, she should NOT have given anything away to a CUSTOMER, but instead have had a quiet word with "security", so that the problem could have been dealt with quietly.