Skip to content
Lunarlink

Financial services buyer's guide

Security buyer's guide — bank branches & financial services

Branch, vault, ATM, and back-office security for OSFI-regulated institutions and independent financial practices.

8 minute read

Financial-services security is heavily shaped by OSFI guidance, card-brand PCI requirements, and internal risk-and-controls frameworks. The hardware is the easy part — auditability is where most deployments trip up.

Compliance at a glance

Four KPIs to benchmark.

Vault access
Dual custody enforced
Teller PPF
>= 80 ppf
ATM coverage
Continuous, tight framing
Access retention
7 years

Priorities

What matters most, in order.

  1. 01Dual-custody vault access

    Two-person rule, enforced technically.

  2. 02ATM lobby & skimmer detection

    Placement, framing, anti-tamper.

  3. 03Teller-line capture

    Transaction-level pixel density.

  4. 04Audit-retention architecture

    7-year access log, 90-day video baseline.

Vault and cash-handling

Dual-custody means two credentials required to open a vault or high-value cash room. Modern access platforms enforce this with anti-passback and time-window rules — don't rely on procedure alone.

Every vault access event must be video-correlated. The audit expectation is one-click retrieval of footage tied to a specific credential event.

Teller, ATM, lobby

Teller-line cameras need pixels-on-target to identify individuals passing notes or conducting transactions — a generic overhead camera does not. Placement and lens choice matter more than resolution alone.

ATM surveillance covers skimmer detection, tampering, and fraud cases. Cameras should be framed tightly on the card slot and keypad, with supplementary wide coverage for the user.

Back office and records

Records rooms, wire desks, and any area handling customer PI should be on segregated access and retained longer than the rest of the branch. Integration with a GRC or audit tool reduces the cost of quarterly review cycles.

RFP / vendor checklist

Use this to evaluate any quote.

  • Dual-custody enforcement

    Access platform configured and tested. Not procedural only.

  • Teller pixel density verified

    Pixels-on-target meets ID standard for the transaction framing.

  • ATM dedicated coverage

    Card slot + keypad + user wide shot, continuous recording.

  • 7-year access retention

    Policy documented, storage sized, quarterly export tested.

  • Branch-level incident playbook

    Sequence for incidents, escalations, and footage handover.

  • OSFI / PCI alignment

    Relevant controls mapped to the security system capabilities.

Red flags

Walk away if you see these.

  • Vault access controlled by a single credential.

  • Teller cameras cover the scene but can't pixel-identify a cheque.

  • ATM coverage is 'wide shot' only.

  • Retention sized at 30 days for access events.

Want this guide applied to your site?

A site walk + written recommendation against this checklist, usually within a week.

Book an assessment See our financial services page