NAUGATUCK — Bob Voets never pictured himself working at a bank. So when Voets received a call in 2008 from Tom Nash — then-president of the state chapter of the International Association of Financial Crimes Investigators — asking him to succeed Nash as Naugatuck Savings Bank’s assistant vice president for financial crimes and director of corporate security, Voets’ reaction was succinct.
“You’re nuts,” he replied.
Voets was a 27-year veteran of the West Haven police force at the time, nearing the end of a long and distinguished career. He was, however, also an IAFCI member who had earned considerable renown. Voets was a co-founder of the West Haven Police Department’s Computer and Technology Forensic Crimes Unit and Fraud Division, and a widely recognized expert on cyber crime and security.
In 2007, Voets was designated the national runner-up for the IAFCI’s Investigator of the Year award after he conducted the country’s first federal investigation of “phishing,” a form of financial crime that involves fraudulently obtaining personal information through deceptive emails that link to fake commercial websites.
Voets also led training seminars for law enforcement members and bank security officers on cyber crime, was a published author in the field, and started a financial crimes working group.
His qualifications for the position were indisputable, yet Voets was still disinclined to accept the offer. Law enforcement was his life and all he had ever known.
Ultimately, though, he changed his mind and took the job. “My wife convinced me,” Voets admitted.
Naugatuck Savings bank is glad she did.
Charles Boulier III, the bank’s president and chief executive officer, called Voets an “industry resource” and a “tremendous asset.”
Voets said his job consists of maintaining the bank’s physical security, its “alarms and cameras;” investigating all financial attacks against the bank; serving as the liaison between the bank and law enforcement; and assisting bank customers if they become victims of fraud or identity theft.
In 2012, the bank began to receive a series fraud and identity theft complaints. According to Voets, any customers who were affected financially were reimbursed by the bank. He declined to say how much the bank reimbursed customers.
Voets, acting in his capacities as liaison to law enforcement and the bank’s financial crimes investigator, reported the incidents to the state’s Financial Crimes Task Force and took a leading role in the subsequent investigation.
Working with other investigators, Voets identified businesses in Cheshire and Seymour that were being compromised through their Point of Sale software, programs that allow companies to conduct business via credit or debit cards. The intrusions in Seymour were connected to a joint investigation of a large-scale cyber crime operation between the Connecticut Financial Crimes Task Force and the U.S Department of Justice.
Voets, along with law enforcement and information technology personnel, performed wi-fi scans in both towns to identify the breaches and remove malware being used to defraud consumers, businesses and financial institutions. Going above and beyond what had been asked of him, Voets then spent extensive time with the owners of the victimized businesses, educating them about network security and putting in place new systems to protect themselves and their customers from loss.
Voets estimated he spent 60 hours on the Cheshire and Seymour cases. He said he performed most of the investigative work at night, though he insisted he was “still on company time” since he is a salaried employee.
He would not identify the companies he helped, but explained the circumstances that sometimes make local businesses a target for financial crimes.
“A lot of small, mom- and-pop businesses either don’t have the resources for network security, or they don’t read the manual, and they take the software right out of the box, install it, and start taking payments on it,” he said.
Voets said that if these businesses then use the same computer for email or general Internet use, “all kinds of things can happen.”
If the computer is hacked, the hacker can access all information from the cards it processes, he said.
“Everything is written on that magnetic stripe,” Voets said. “And every time someone swipes their card, it goes to the credit card processor, and the bad guy gets it, too.”
To stop intrusions, Voets said, the first step is to locate open wi-fi networks. Once these “back doors” are found, the next step is to close the breach, he said.
Ultimately, Voets said, the key to protecting small businesses from cyber attacks is to make them compliant with Payment Card Industry standards, which govern all businesses that accept payment by credit and debit card.
The perpetrators of the cyberattacks against the Cheshire and Seymour-based businesses were never caught, but Voets said that isn’t unusual. Cyber criminals are often difficult to track, he said.
“On the Internet, you can be anyone you want. You can spoof your identity and your IP address,” the series of numbers assigned to each device that can access the Internet, Voets said.
The Connecticut chapter of the IAFCI named Voets its 2013 Investigator of the Year for his work in the Cheshire and Seymour cases. He also was nominated for the award again at the national level.
Mark Solomon, current president of IAFCI’s Connecticut division, said the award “annually recognizes excellence in combating cyber crime and prevention of further losses,” and he hailed Voets for his “passion in reducing criminal activity in Connecticut.”
Voets said he was surprised to receive the award, but “deeply honored to be recognized by my peers.”