Excel Bank Minnesota (Minneapolis; $430 million in assets) needed to provide employees with an intuitive, secure method to access the bank's six to seven network applications. Excel's 70 employees had so many complex passwords to connect to the bank's network that it was "a nightmare for them to remember them and keep them synchronized," says Craig Boivin, the bank's CIO. "It was a challenge for both employees and IT."
The authentication system Excel Bank had used required employees to provide a password to access the network and another to access its Open Solutions (Newmarket, Ontario) core banking system. And some employees needed more passwords to access credit analysis modules.
"Every time someone would return from vacation, we would have to reset their passwords," Boivin says. "In addition, a few times a week, people were forgetting their passwords and we'd need to reset them."
Determined to solve the problem, the bank sought a solution that would be easy for employees to use but still provide adequate security. This drove Boivin to find a solution with single sign-on and two-factor authentication. "We wanted employees to have a physical card, plus a PIN number in order to gain access to the system, with the system managing all the passwords," he relates.
In the second quarter of 2003, Boivin started looking for a solution to the bank's security issues. He tried various products in the third and fourth quarter of that year. "We'd call in a vendor and say we wanted to test their system. Of the two vendors we tested, one would have required us to have a device that would randomly generate a nine-character number that the employee would type into the password field, plus a PIN. This was too complicated. Another vendor didn't have single sign-on capability." Boivin declines to name the vendors.
In the fourth quarter of 2003, however, Boivin met a representative from Minneapolis-based Datakey who gave Boivin the software and card readers to try. While testing the software in the first quarter of 2004, however, Boivin discovered an issue with the core banking system passing on user names and passwords. "Datakey modified their software for us quite quickly," Boivin notes.
Early this year, Excel signed a contract with Datakey for its Datakey Axis software and smart card network security solution. The product, which required just 2 percent of Boivin's capital expenditure budget, was easy to implement, and it interfaced with the bank's Citrix application servers, he says, adding that no infrastructure changes were necessary for the deployment.
A consultant from Datakey provided training in just one day to Boivin and his two support people. Excel Bank rolled out the solution in September to all of its employees. A card reader sits on each employee's desk, and the employee places the smart card in the reader to access the system.
The software works with Open Solutions by recognizing its log-in screens and maintaining a single sign-on experience. All passwords are stored on the smart card, so employees are unable to give anyone else their passwords. In fact, passwords are changed periodically and even the employee doesn't know what they are. (Employees do have their own PINs.)
According to Boivin, the system forces people to behave in a responsible manner. "People can't enter or leave the building without their card, so they can't leave it in the system or forget it at home," he says. "Another additional advantage is that our business bankers can access the system from their homes and about 30 percent of them are using the remote access capability."
In 2005, Boivin would like to roll out this capability to some of Excel's customers.
- Institution: Excel Bank Minnesota (Minneapolis).
- Assets: $430 million.
- Business Challenge: Provide employees with an easy-to-use and secure method for accessing applications.
- Solution: Datakey's (Minneapolis) Datakey Axis software and smart card network security solution.