Depositors gather in the rain outside Bank of United States after its failure in 1931. (photo, Library of Congress)

by Daryl Cornell, CEO, Triton Systems

Imagine for a moment that North Korea or some other rogue state successfully launches a cyberattack against a small or medium-size U.S. bank.

As a result of the hack, bank records are scrambled or frozen and customers of that bank no longer have access to their money.

The number of victims immediately involved totals only tens of thousands. Nonetheless, the press is alerted and begins interviewing panicked, angry customers.

Customers of other financial institutions see these news reports and, although they are completely unaffected by the cyberattack, begin withdrawing money “just to be safe.”

Before long, America’s ATMs have been emptied and long lines have formed at bank branches. Faster than you can say “hack,” a classic bank run is underway.

The problem is exacerbated by the fact that bank branch closures over the past 20 years have further limited consumer access to cash.

The proliferation of white label ATMs over the same time period has benefited banks in a number of ways. For one, merchant replenished ATMs have driven a sharp decrease in the demand for customer withdrawals and cash deposits at bank branches.

In response, banks have culled facilities — by as much as 25 percent according to some estimates. Banks have also responded to the explosion in the number of white label ATMs by granting access to their own bank ATMs to noncustomers — for a fee, of course.

Should a serious bank run occur, one possible response by financial institutions would be to limit ATM access to customers only, further complicating the cash access problem.

Independent ATM deployers will be hard pressed to pick up the slack in the event of a widespread bank run. The first hurdle will be validating that a customer has funds available to make an ATM withdrawal. Scrambled or frozen bank records for affected customers will likely result in rejected transactions.

For customers whose records are accessible, a shortage of cash will likely limit the effectiveness of white label ATMs. Until ATM owners can access bank or vault cash to refill their machines, customers will remain unserved by ATMs.

Sheltered Harbor, the subject of a report last week by The Wall Street Journal, is a project initiated by a consortium of banks and credit unions to address such a cyberattack scenario — or one even worse — before it occurs.

Consortium members pay fees based on their size, and backups of their data are stored in vaults for safekeeping. The goal is for backup customer banking data to be up and running within 48 hours — assuming that the backup data has not been corrupted also.

Those of you who live in hurricane-prone areas know how fragile our food supply chain is. It’s a given that soon after The Weather Channel Meteorologist Jim Cantore decrees that you are officially in the “cone of death,” grocery store shelves will be empty.

Unfortunately, our cash supply chains are equally shaky. Any spike in ATM use and bank withdrawals will result in cash shortages until banks and independent ATM deployers can react and refill ATMs and teller tills.

Just as we stock up on water and canned goods before a storm, having a month’s supply of cash on hand is never a bad idea. A word to the wise should be sufficient …

‘Gimme shelter’: A tale of cyberwar, bank panic and ATM cash