One bank’s effort to improve transaction security.
One of the main reasons Presidio Bank wanted to strengthen the security of its financial transactions was the large number of expensive fraud incidents occurring in the industry, according to Fred Bailard, Presidio executive vice president.
Bailard says he also wanted to beef up transaction security because Presidio mainly has business customers, who do not receive the same level of fraud protection under law as those with consumer accounts. Business account transactions also tend to have a higher dollar value than their consumer counterparts.
The answer was a secure, encrypted channel for carrying out transactions, he says. Bailard researched options for about 18 months before settling on the Trusted Access solution from IronKey, he says, partly because the vendor has a relatively large number of clients in the military and government and partly because it was user friendly. The client could download and set up the software it would need on its end in about seven minutes. The bank would provide individual clients with software by entering information, including an individual account number, into an IronKey online administrative console. Clients would then automatically receive an e-mail with set up instructions. And the program didn’t appear to be intrusive to clients; it did not make clients “go through too many hoops,” says Bailard.
Customers were originally sent a message describing the new solution and explaining how to download and implement it. Clients were also asked to contact their individual relationship service manager for assistance. In many cases, however, customers were able to set it up on their own.
Bailard also says that now that it has been implemented, performing updates is a simple, one-step process that can be conducted on the back end at the bank. The bank can make updates through the administrative console; those updates then apply to client solutions the next time they’re activated.
The solution creates a virtual private network using strong Advanced Encryption Standard encryption, which clients can use to access the bank through IronKey’s servers.
The bank also looked at providing clients with antimalware solutions, he says, but Presidio wouldn’t be able to be sure that businesses were keeping their software updated, since it did not work as easily as this solution.
IronKey also provides clients with a hardshell browser that protects against infections by creating a virtual sandbox. Customers can open the secure browser via an icon located on their screen. Both the browser and the operating system that is also part of the solution are developed by IronKey.
To gain access to the Trusted Access secure channel, clients must enter a user name and password when they launch the solution. Another security measure is a back-end solution that checks the user’s Internet Protocol address. This helps to limit the possibility of a third party taking the password and user name and gaining entry from an unauthorized computer.
If a customer wants to use the solution from an additional computer, it needs to contact the bank, which will enter that information into the administrative console. Users will then get a new e-mail that they can use to download software onto the additional machine.
The bank has also chosen to purchase some of IronKey’s standalone encrypted USB drives that contain the software. These can be plugged into computers when clients are traveling. No information entered into the secure browsers is left on the temporary computer.
The solution didn’t work on Apple Macintoshes at first, but the bank has since worked with IronKey to provide such functionality so that clients with those computers can use it. The bank requires that all clients use the software.
Bailard thinks clients appreciate that Presidio “went to this level for this kind of solution.” The bank “has had nothing but good comments.” He also says that he feels more secure about transactions. “We haven’t yet seen somebody break this kind of solution.”