Cash-in-Transit Security and CIT Operations | CloseProtectionHire

Why CIT Security Is a Distinct Discipline

Cash-in-transit (CIT) security sits at the intersection of physical security, armoured vehicle operations, and organised crime response. It is not simply executive protection applied to a vehicle environment. The threat model is different – the target is the cash or valuables cargo, not the principal. The vehicle is both the protective measure and the point of attack. And the regulatory framework, in the UK and across multiple other jurisdictions, is specific to the sector.

Understanding the CIT threat requires separate analysis across jurisdictions. A European CIT programme and a South African CIT programme are, in practice, designed for entirely different threat environments. Applying the standards of one to the operational reality of the other produces either over-spending in low-risk environments or inadequate protection in high-risk ones.

The UK Regulatory Framework

In the United Kingdom, cash-in-transit operations are governed by BS 7958:2015 (Cash and Valuables in Transit – Code of Practice for Road-Based Transport of Cash and Valuables). This British Standard covers vehicle design requirements, crew operating procedures, safe systems of work, and minimum incident response protocols.

All operatives engaged in CIT work must hold a valid SIA (Security Industry Authority) licence in the Cash and Valuables in Transit category, established under the Private Security Industry Act 2001. Obtaining this licence requires a Clean Disclosure check, completion of a Level 2 Award for Cash and Valuables in Transit, and renewal every three years. Deploying an unlicensed operative in a CIT role is a criminal offence – and the operator licence of the security company employing them is at risk.

The British Security Industry Association (BSIA) CIT Section supplements BS 7958 with sector-specific guidance covering crew numbers relative to cash carrying levels, vehicle specification tiers, and safe working hour limits. BSIA membership is not a legal requirement, but its guidance represents the recognised industry standard against which negligence claims would be assessed in the event of an incident.

Vehicle standards are governed by EN 1522 (bullet resistance classification for doors, windows, and shutters) and EN 1063 (security glazing) – both European standards applied by UK manufacturers and operators. For CIT vehicle bodies specifically, VPAM (Association of Verifiers of Protection Materials) VR classifications define ballistic resistance levels from VR3 through VR7, with VR4 and VR5 being typical for UK commercial CIT operations.

South Africa: The Highest CIT Heist Rate Globally

The South African Banking Risk Information Centre (SABRIC) reported 179 cash-in-transit robberies in 2023, resulting in 51 fatalities among crew members and bystanders. No other country of comparable economic scale records CIT heist rates of this magnitude.

South African CIT attacks are operationally sophisticated. Attacks typically involve multiple vehicles – using passenger vehicles to box in the CIT vehicle and heavy vehicles to block escape routes. Homemade explosives, including angle grinders and thermite-type cutting devices, are used to breach vehicle bodies. Armed teams are coordinated, with defined roles for blocking, breaching, and extraction. The planning cycle for a major South African CIT heist is measured in weeks, not hours.

The primary mitigation framework in South Africa involves: GPS tracking with armed response integration, randomised route variation and departure time windows, prohibition on predictable overnight parking of loaded vehicles, armed escort for high-denomination loads, and dye pack and ink staining systems that destroy the commercial value of cash seized. SABRIC works with member banks and CIT operators on threat intelligence sharing that provides advance warning of attack planning patterns.

Brazil and Mexico

Brazil’s CIT attack rate is second in volume only to South Africa globally. SINPRO, the national association representing security transport companies, estimates approximately 1,200 CIT attacks annually across Brazilian states, with the highest concentration in Rio de Janeiro, Sao Paulo, and Minas Gerais.

Brazilian attacks follow a pattern similar to South Africa: multiple vehicles, blocking tactics, and armed teams. Unlike South Africa, where the breach of the armoured vehicle is a standard attack phase, Brazilian attacks frequently involve the coercion of crews through threats to family members whose locations have been obtained through prior surveillance – a methodology that bypasses the vehicle armour entirely.

In Mexico, CIT attack risk is geographically concentrated in cartel-contested territories. The Bajio region (Guanajuato, Michoacan) and the Veracruz-Mexico City motorway corridor have seen the highest incident rates. SEDENA data indicates that armoured vehicle ambushes in these zones increasingly involve high-powered weapons capable of defeating standard CIT vehicle armour.

Lagos, Mumbai, and Karachi: P1 City Context

In Lagos, the primary CIT risk is internal fraud within the cash handling and processing chain rather than external vehicle attack – though armed robbery of cash vehicles does occur, particularly in the Mainland districts and in areas with limited police presence. Cash centre integrity, employee vetting, and audit procedures over the counting and processing function are the primary security investments for Lagos-based CIT operations.

Mumbai’s banking sector manages significant cash logistics through the Reserve Bank of India’s regional clearing network. CIT operations linked to ATM replenishment and inter-branch settlement are a growing sector. The threat level for CIT vehicle attacks in Mumbai is lower than in Africa and Latin America, but cash handling fraud and armed robbery in low-security environments occur.

Karachi’s CIT environment reflects the broader security profile of Pakistan’s largest commercial city – periodic armed robbery of cash transport vehicles, inconsistent police response, and operational risks that require security programme design substantially above the international baseline.

Route Intelligence and Insider Threat

Post-incident analysis of CIT attacks consistently identifies route intelligence as a critical pre-attack input. Organised attack networks obtain route data through direct surveillance, through corruption of CIT operations centre staff or depot employees, and in some cases through social engineering of bank branch staff who interact with collection crews.

The most consistent finding is that predictability is the primary vulnerability. A CIT vehicle that departs from the same location at the same time on the same day of the week, following the same route to the same cash centre, provides an attack planner with everything needed to stage an ambush. Route variation – departing within a window, using alternative routes, varying the sequence of stops – significantly increases the planning burden on an attack network.

Restricting route plan information to a strict need-to-know within operations teams, using secure dispatch communication channels, and implementing anomalous access monitoring on scheduling systems addresses the insider intelligence dimension.

Executive and Finance Personnel Considerations

In markets with elevated CIT attack rates, senior treasury and finance personnel at organisations with significant cash logistics – large retailers, fuel distributors, casino and gaming operators – are sometimes targeted as social engineering vectors. Their knowledge of cash centre locations, collection schedules, and CIT provider relationships represents intelligence value to organised attack networks.

Security awareness training for treasury and finance staff in high-risk markets – covering the methods by which organisations obtain route intelligence and the indicators that they may be subject to social engineering – is a proportionate and low-cost countermeasure. It does not require the full executive protection programme appropriate for other threat categories.

The close protection considerations for personnel managing financial operations in P1 cities are addressed in the broader context of security for banking and financial institutions, and the central bank and currency operations security environment – which sits at the top of the cash logistics risk hierarchy – is covered in security for central bank and currency operations.

James Whitfield is a Senior Security Consultant with experience in close protection operations, high-value asset security, and security programme design in high-risk markets. Enquiries: use the contact form.