Bank & Vault Security

Your vault has cameras.
It doesn't have a witness.

Branch cameras show someone walking into the vault. They don't prove which cash strap was pulled, which safe deposit box was touched, or whose phone was 6 feet from the drawer at 2:47am. Digital Tripwire does.

$2.7B
Annual U.S. internal bank theft
61%
Of bank fraud is employee-involved
18mo
Average time to detect insider theft
0
Vault cameras that identify devices
The Problem

Cameras show the room.
They can't prove the touch.

A teller walks into the vault on authorized access. The camera shows them entering. It shows them leaving. What it can't show is which strap of bills they pocketed, which safe deposit drawer they pulled from, or whether they were alone when the override was logged.

By the time the discrepancy hits the morning audit, the footage has already been overwritten or sits in a queue waiting for a subpoena. The branch has video. It doesn't have the device-level record of whose phone was inside the vault during the unauthorized window.

That gap is what cameras were never built to close.

Empty bank vault interior at night
The Solution

Every cash strap remembers.

Digital Tripwire node concealed inside a bank cash strap
The nodeHides in the strap, the drawer, the vault frame
Digital Tripwire hub logging nearby devices with signal strength and distance
The hubSits in the back office on USB-C power

Digital Tripwire nodes are embedded inside cash straps, taped to the inside of teller drawers, slipped behind safe deposit nameplates, and mounted inside the vault door frame. The hub sits in the back office on USB-C power. Nothing on the customer floor changes. No one knows the nodes are there.

When a node detects motion or proximity, it wakes the hub, which scans every Bluetooth and Wi-Fi device within 10 feet and writes the result to an encrypted, tamper-evident log. MAC address, signal strength, timestamp. Uploaded over LTE-M cellular, independent of the bank's network and independent of camera retention windows.

  • Nodes hide inside cash straps, drawers, and vault hardware
  • LTE-M cellular, independent of branch network
  • Tamper-evident encrypted log, compatible with existing camera and alarm systems
Placement Guide · Interactive

8 spots that cover
your entire branch.

Strategic node placement covers every high-value, low-camera blind spot. Nodes are sized to hide inside currency straps, behind nameplates, and inside hardware nobody opens. Tap a node to see what it protects — or run the demo and watch an insider get logged.

nodes sleep until touched · or tap one
VAULT RESTRICTED · DUAL CONTROL SAFE DEPOSIT SDB ROOM SERVER ROOM IT RACK · NETWORK HW MANAGER NIGHT DROP TELLER LINE ATM CUSTOMER LOBBY NO NODES · PUBLIC FLOOR ENTRANCE
Branch event log● LIVE
✓ 5A:C9:E1:44:B2:07 logged at 4 nodes · 02:47–02:53 · FIB evidence packet exported
V

Vault Door Frame

Inside the frame casing

Logs every device entering or exiting the vault. Cross-references against your access control log, so an authorized badge with an unexpected second phone is visible immediately.

BLE + Wi-Fi scan · dual-control flag

C

Cash Stack

Embedded inside the currency strap

The strap is the node. Move the bundle and it wakes the hub, which logs every device within 10 feet. Per-strap evidence, not room-level footage.

Motion trigger · per-strap ID

S

Safe Deposit Wall

Behind a nameplate in the SDB room

Covers every box access. A 2:47am Sunday entry is timestamped against the device that was standing there.

Nameplate mount · per-box coverage

T

Teller Drawer

Inside each drawer

Logs after-hours and shortage-event access. When the count is short, you know which drawer, when, and whose phone was at it.

Drawer mount · shortage correlation

R

Server Room

Inside the IT rack

Documents physical access to network hardware — including the staff with the privileges to alter everything else.

Rack mount · privileged access log

M

Manager Office

Under the desk

Where overrides are signed and approvals happen. Presence evidence for the transactions that never should have cleared.

Desk mount · override correlation

N

Night Drop

Inside the deposit chute housing

Chain of custody for after-hours pulls, from the moment the bag lands to the moment it is collected.

Chute mount · after-hours chain

A

ATM Service Panel

Behind the cassette door

Documents every cassette swap. Vendor, employee, or neither — the log does not care who says they were there.

Panel mount · cassette swap log

The Section Nobody Talks About

The threat isn't outside.
It's already inside.

An employee with authorized vault access pockets a strap. A teller manipulates a deposit on the way to the drawer. A back-office manager signs an override that never should have cleared. The camera shows them in the room. It cannot show what their hands did.

  • Per-strap, per-drawer, per-box proximity evidence
  • Cross-references against access control logs
  • Flags after-hours and dual-control violations
  • Encrypted log cannot be deleted by branch staff
  • Independent of camera retention windows
Bank vault interior with cash stacks
Compliance & Audit

Audit trail that survives
the examination.

Bank compliance audit documentation

FDIC and OCC examiners want documented physical security controls and demonstrable monitoring of high-value asset areas. BSA and AML reviews want defensible records of who was present during sensitive transactions. SOX requires evidence integrity for material findings.

Digital Tripwire produces tamper-evident, timestamped, exportable proximity logs in CSV and JSON with full chain of custody. The data is hash-signed at the moment of capture and uploaded before branch staff have any opportunity to alter it. When the examiner asks how you document who was in the vault, you show them.

FDICOCCFFIEC BSA / AMLSOXFinCEN
EVENT #8545
triggerheartbeat
devices3
time02:14:07Z
sha256: a91f…c27e
EVENT #8546
triggermotion
devices7
time02:31:44Z
prev: a91f…c27e
sha256: 4be2…91aa
EVENT #8547
triggertaken
devices2
nearest4 ft · -35 dBm
prev: 4be2…91aa
sha256: f30c…d881
EXPORT
formatCSV / JSON
custodyverified
integrity✓ intact
chain of custody: complete
AES-256 encrypted before transmission
Hash-chained, tamper-evident logs
Court-ready chain of custody export
Validated by former FBI, prosecutor & judge
Bonding & Insurance Claims

Your bond claim says "loss."
Now you have proof.

Financial institution bond (FIB) claims and crime policy claims live or die on documentation. The carrier wants timestamps, presence evidence, and a chain of custody that holds up in court. A cash count discrepancy with a camera that shows the room but not the hands is a fight. A discrepancy with device-level proximity evidence at the moment of the loss is a settlement.

Digital Tripwire exports a forensic-grade evidence packet on demand: encrypted log, hash signature, device list, timestamp range, and chain-of-custody documentation. Designed for FIB carriers, internal investigations, and federal examiners.

Your loss documentation goes from "we think this happened Tuesday" to "here's exactly when, and here's whose phone was 4 feet from the strap."

Forensic evidence documentation
Expert Validation

What actually holds up
in court?

We asked former FBI forensics investigators, federal prosecutors, and family court judges. They'd never seen BLE proximity data used as evidence. Until now.

Nizar Balil

Nizar Balil

Former FBI & Interpol Digital Forensics Investigator. 20+ years in digital evidence analysis and courtroom testimony.
VERIFIED EXPERT
Lisa Pyle

Lisa Pyle

Former NYC Criminal Prosecutor & Federal Ethics Attorney
VERIFIED EXPERT
Marquis Jones

Marquis Jones

Former Family Court Judge & Deputy Attorney General
VERIFIED EXPERT
The Difference

Digital Tripwire vs. cameras vs. dye packs.

Capability
Digital Tripwire
Vault Cameras
Dye Packs
Identifies devices, not silhouettes
Covers internal theft, not just robbery
Limited
Robbery only
Logs per-strap and per-drawer access
Device-level ID
Room-level only
Survives on-site staff tampering
Off-site cellular
Footage can be wiped
Pack can be defeated
Does not damage recovered cash
Destroys bills
Independent of branch network
LTE-M cellular
Requires network
Mechanical only
Tamper-evident chain of custody
Varies
Court-admissible forensic export
CSV / JSON + hash
Varies
Retention
Cloud, indefinite
Typically 30–90 days
Single-event
Annual cost per branch
Low subscription
High capex + cloud
Recurring consumables
Bank FAQ

Common questions.

No. Digital Tripwire is designed to layer on top of existing physical security infrastructure. Cameras and alarms remain in place. Digital Tripwire fills the forensic evidence gap that cameras structurally cannot close: device-level identification of who was actually present at the moment a high-value asset was disturbed.

Dye packs solve a different problem. They mark cash during an external robbery, which only matters in the small percentage of bank loss that is takeover robbery. Digital Tripwire is built for the majority case: internal theft, after-hours access, SDB and vault breach, and bond claim documentation. Dye packs destroy recovered cash. Digital Tripwire produces forensic device evidence without damaging a single bill. The two are complementary, not competitive.

Vault construction does attenuate cellular signal, but the system is designed for this exact case. Nodes capture and store scan data locally inside the vault. The hub sits in the back office on the cellular side of the vault wall. When the vault is opened, accumulated scan data is transmitted via LTE-M, which has significantly better building penetration than standard LTE. For deep-vault deployments, a relay node bridges the signal.

Tamper events are themselves logged. Removing a node, blocking its signal, or attempting to disable it generates an immediate alert with the timestamp and device list at the moment of tampering. Logs are uploaded over LTE-M and stored off-site, so they cannot be deleted by anyone with branch network access. The system is designed under the assumption that the threat may include staff with administrative privileges.

The export is designed specifically for legal proceedings. Each log entry is hash-signed at the moment of capture, the upload chain is documented, and the export package includes chain-of-custody metadata showing every transformation between capture and delivery. Digital Tripwire is built around the same evidence-handling standards used in digital forensics. Admissibility ultimately depends on the jurisdiction and the case, but the underlying record is forensic-grade.

The system captures MAC addresses and signal strength, not identities, content, or call data. It is functionally similar to the proximity logging that retail Wi-Fi already performs. The intended deployment is in non-public, high-value asset areas (vault, SDB room, ATM service panel, server room) where reasonable expectation of privacy is already limited and where signage and policy disclosures cover monitoring. Customer-facing areas are not the primary deployment zone.

Standard pilots run in a single branch with 6-9 nodes covering vault, SDB room, teller line, and ATM service panel. Installation is non-invasive. Nothing on the customer floor changes. The hub runs on USB-C in the back office. Nodes are placed during off-hours by your security or facilities team. Most pilots are operational within a single business day.

Pilot Digital Tripwire

Your vault deserves
a witness.

Enterprise pricing scaled to branch count. Pilot a single branch in 24 hours. Forensic-grade evidence, FDIC-ready audit trail, FIB-ready loss documentation.

Request a Pilot