Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News

01:31 PM
Vicki Gerson
Vicki Gerson
News
Connect Directly
RSS
E-Mail
50%
50%

Who Goes There?

Excel Bank Minnesota picks Datakey smart card solution to authenticate network users.

Excel Bank Minnesota (Minneapolis; $430 million in assets) needed to provide employees with an intuitive, secure method to access the bank's six to seven network applications. Excel's 70 employees had so many complex passwords to connect to the bank's network that it was "a nightmare for them to remember them and keep them synchronized," says Craig Boivin, the bank's CIO. "It was a challenge for both employees and IT."

The authentication system Excel Bank had used required employees to provide a password to access the network and another to access its Open Solutions (Newmarket, Ontario) core banking system. And some employees needed more passwords to access credit analysis modules.

"Every time someone would return from vacation, we would have to reset their passwords," Boivin says. "In addition, a few times a week, people were forgetting their passwords and we'd need to reset them."

Determined to solve the problem, the bank sought a solution that would be easy for employees to use but still provide adequate security. This drove Boivin to find a solution with single sign-on and two-factor authentication. "We wanted employees to have a physical card, plus a PIN number in order to gain access to the system, with the system managing all the passwords," he relates.

In the second quarter of 2003, Boivin started looking for a solution to the bank's security issues. He tried various products in the third and fourth quarter of that year. "We'd call in a vendor and say we wanted to test their system. Of the two vendors we tested, one would have required us to have a device that would randomly generate a nine-character number that the employee would type into the password field, plus a PIN. This was too complicated. Another vendor didn't have single sign-on capability." Boivin declines to name the vendors.

In the fourth quarter of 2003, however, Boivin met a representative from Minneapolis-based Datakey who gave Boivin the software and card readers to try. While testing the software in the first quarter of 2004, however, Boivin discovered an issue with the core banking system passing on user names and passwords. "Datakey modified their software for us quite quickly," Boivin notes.

Smart Solution

Early this year, Excel signed a contract with Datakey for its Datakey Axis software and smart card network security solution. The product, which required just 2 percent of Boivin's capital expenditure budget, was easy to implement, and it interfaced with the bank's Citrix application servers, he says, adding that no infrastructure changes were necessary for the deployment.

A consultant from Datakey provided training in just one day to Boivin and his two support people. Excel Bank rolled out the solution in September to all of its employees. A card reader sits on each employee's desk, and the employee places the smart card in the reader to access the system.

The software works with Open Solutions by recognizing its log-in screens and maintaining a single sign-on experience. All passwords are stored on the smart card, so employees are unable to give anyone else their passwords. In fact, passwords are changed periodically and even the employee doesn't know what they are. (Employees do have their own PINs.)

According to Boivin, the system forces people to behave in a responsible manner. "People can't enter or leave the building without their card, so they can't leave it in the system or forget it at home," he says. "Another additional advantage is that our business bankers can access the system from their homes and about 30 percent of them are using the remote access capability."

In 2005, Boivin would like to roll out this capability to some of Excel's customers.

---

Snapshot

- Institution: Excel Bank Minnesota (Minneapolis).

- Assets: $430 million.

- Business Challenge: Provide employees with an easy-to-use and secure method for accessing applications.

- Solution: Datakey's (Minneapolis) Datakey Axis software and smart card network security solution.

Comment  | 
Print  | 
More Insights
Register for Bank Systems & Technology Newsletters
Slideshows
Video
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.