Traditionally touted for their cost savings and enhanced functionality, Voice Over Internet Protocol (VOIP) and IP telephony now are helping banks to improve resource management, business continuity, customer service and overall performance.
Q: How/why are banks using VOIP and related IP telephony solutions?
Jeff Van Houten, Parish National Bank: Primarily, PNB has chosen VOIP as a cost-savings measure. As the bank expanded, we recognized a need for a telephony technology that would give us low up-front costs [and] low maintenance costs, and allow us to spend our recurring telecom budget productively. By using VOIP we gained efficiency in our WAN lines, freeing up needed bandwidth for other technologies, such as videoconferencing and remote security monitoring. If your telecom budget is more or less fixed, you might as well transport higher-value-added services over those lines, as opposed to leaving large blocks of bandwidth strictly for voice calls.
Martyn Roetter, Arthur D. Little: Savings from IP telephony can include reductions in charges for circuits and conference calls; lower expenditures on moves, adds and changes, and on voice and data systems maintenance; plus improvements in areas such as call center productivity and disaster recovery capability. However, these benefits do not come automatically. Careful planning is required to avoid some pitfalls unknown in traditional telephony.
Jim Bright, Cisco Systems: While cost savings is almost always the starting point for banks, most are experiencing better employee productivity and flexibility, which very often translate into better customer service.
Q: What are the risks and/or security concerns for banks implementing VOIP?
Van Houten, Parish National Bank: You need to distinguish between VOIP as a technology and VOIP as a popular press term when addressing security concerns. VOIP in the popular press refers to two distinct technologies: the transport of phone calls via packet-based IP and the use of Internet-based carriers to connect callers. Internally, VOIP can be made more secure than traditional hardwired technologies through advanced techniques such as encryption. If using an Internet-based carrier, there are some legitimate concerns, however. But I would expect most bank deployments to use traditional carriers as a gateway to external callers; therefore, inadequate security shouldn't be a deterrent to adoption.
Roetter, Arthur D. Little: Some risks, such as network unreliability, can be managed by applying existing well-established engineering practices for IP networks, while for others - including security risks - comprehensive best practices are still being developed. Networks can be designed with prioritization or even separation of voice and data traffic so that delay-sensitive voice is not blocked by data traffic during periods of network congestion.
However, although the security of VOIP has not yet become a major threat, it is a legitimate concern for banks. Customer voice mails could overflow with spam audio files sent to millions of IP phone addresses. Banks should build in security from the beginning with, for example, special firewalls to restrict VOIP network access and detect intrusions. Nevertheless, the greatest risks to security still may lie with people, not technology - if laptops or flash drives containing account information are lost or stolen through carelessness, or a bank hires a criminal hacker, for example.
Brian L. Buffington, AT&T: VOIP has to be treated in the same way a firm would treat its data - it needs to be highly secure, particularly for financial services organizations. When VOIP is introduced, the security requirements for voice applications become much more stringent than with traditional telephony. Security must be inherent to a bank's network, and banks must have clear governance policies. Businesses should perform a security audit to make sure all the pieces are in place before launching a VOIP solution.