The Biometric Clock

Aug 1, 2006 12:00 PM, By Carol Carey

For International Bank of Commerce (IBC), the decision to invest in a biometric computer security system has brought both expected and unexpected rewards. The flagship bank of International Bankshares Corp., IBC has its headquarters in Laredo, Texas, with more than 200 branches in 80 communities in Texas and Oklahoma.

As IBC has grown, its security needs have become more complex. It now has some 3,200 PCs in use throughout its branches. Tellers, platform representatives and sales personnel use the company's wide area network (WAN) for everything from day-to-day customer transactions to loan document preparation and sales operations. Tellers also use a computer time clock software program, Source Time Professional from Ceridian, Minneapolis.

Up until 2005, access to this and other company programs was granted through passwords. Employees used one password to gain access to their computers and other passwords to access various Internet applications. Among other things, the password system was vulnerable to time-clock fraud, which can cost American businesses millions of dollars yearly.

Taking a proactive approach to computer security, IBC decided to install biometric readers at all of its branches, beginning in 2005. Specifically, the company wanted to control time-clock fraud. In the process, they found that with biometric technology, they could improve productivity.

IBC chose SAFsolution Enterprise Edition 1.3 system from Saflink Corp., Bellevue, Wash., says Chris Loehr, senior vice president and network manager for IBC. SAFlink offers biometric and smart card security to protect intellectual property and to eliminate passwords. Its software includes management solutions that can be integrated with physical security programs as well as enabling administrators to control access to computer networks.

“One of our main motivations was to control time-clock fraud,” Loehr says. “Previously, tellers would clock in with passwords. With fingerprint readers, an employee cannot have their friend log onto the computer for them. While this was an initial reason for installing the biometric readers, we have since discovered other advantages, such as increased teller and help-desk productivity.” Loehr believes the software will ultimately reduce demands on IBC's help desk by 30 percent because it will eliminate the need for password resets.

IBC has found that biometric fingerprint readers provide a secure and productive way to provide employee access to their PCs and to the company's network. In 2005, the bank began an extensive upgrade which, when finished, will place biometric fingerprint readers at every PC.

“Whenever you have to upgrade hardware and software, it is a time-consuming process,” Loehr says, adding that the biggest challenge of the project has been coordinating it with the IT department's many other priorities.

SAFlink's software has been installed in a central server at the Corporate Data Center. For the first phase of the project, IBC fitted 25 locations in south Texas with the systems, including its two biggest branches, the McAllen Main Bank and the Brownsville Main Bank. “This process took about a year,” Loehr says. The second, and last phase, will put the remaining 100 branches on the system.

The SAFlink system works in conjunction with other hardware and software components. It also has specific system requirements. For instance, in order for users to access a company's network applications with the same biometric fingerprint reader they use to log onto their computers, a SAFlink-supported single sign-on program is required. IBC uses the Identiprise SecuredUser program by Secured Services, Reston, Va., for this purpose. This software is installed in the central server, along with the SAFlink software, at the computer data center.

Once users have logged onto their computers with the fingerprint reader, they can access the company's Internet applications by using the same reader again. Access to Internet applications is achieved through the Indentiprise software, working in conjunction with SAFlink. The result is essentially a biometrically secured single sign-on (SSO) capability for users.

Previously, users may have had multiple passwords to get into different applications. Tellers, in particular, have many applications, Loehr says, and IBC has seen a significant benefit to teller productivity with the new, biometrically secure SSO system. “This was one of the unexpected and welcome advantages of going to biometrics,” he says.

Device drivers also had to be installed in the desktops to support the biometric readers. Biometric readers are connected to each PC through individual USB ports.

IBC uses two types of biometric readers with the SAFlink system: one is the Biopad by American Power Conversion Corp. (APC), West Kingston, R.I. APC manufactures both stand-alone readers and readers built into a PC's mouse. “In situations where we are short on space, we would use the built-in reader,” Loehr says. “We will have approximately 300 of these; the rest will be stand-alone models.”

IBC also uses stand-alone TouchChip fingerprint readers from UPEC Inc., based in Emeryville, Calif. “We expect to split the stand-alones equally between UPEC and APC,” Loehr says.

SAFlink integrates with Microsoft's Active Directory or Active Directory Application Mode (ADAM), Microsoft's security database of all users and computers. It is the integration between SAFlink and Active Directory that allows a company such as IBC to replace employee passwords with biometric templates on its existing network infrastructure.

Enrollment is done through the SAFlink software. At IBC, enrollment is supervised for security reasons. “The software asks the user for their Windows credentials,” says Dave Reiley, senior sales engineer for SAFlink. “It then guides them through the biometric enrollment process. When you enroll, a biometric template is stored in Active Directory for subsequent authentication.”

How has the SAFlink system performed so far? “We have seen a very good, positive difference in teller time-clock fraud, as a result of using the biometric readers,” Loehr says. Increased productivity, especially among tellers, has been another advantage.

Tellers use a software program for their window transactions called EZ-Teller, by Harland Financial Solutions Inc., Atlanta. When supervisor approvals or overrides are necessary, fingerprint readers are more efficient than password log-ons, thus increasing productivity, Loehr says.

Platform and sales personnel can also access Internet applications (using an in-house software program) through the fingerprint readers.

Future plans call for employees to be able to access at least 30 more applications with the present configuration of the SAFlink system.

As biometric security is extended to other applications, its benefits are expected to facilitate the process of keeping employee and customer data confidential — a top priority at this dynamic financial institution.

According to the Computer Security Institute (CSI), an international membership association serving the information security community, biometrics — while still a relatively small percentage of the computer security market — is one of its fastest growing segments. In the annual CSI/FBI Computer Crime and Security Survey for 2006, 20 percent of respondents said they use biometric technology.

The survey's results are particularly significant for the financial industry, which claimed the largest percentage (17 percent) of respondents, followed by consulting and information technology industries. Next to viruses, report respondents stated that unauthorized access to computers continued to be their greatest source of financial loss.

ABOUT THE COMPANIES

For information, circle the Reader Service number (listed below) or visit securitysolutions.com

American Power Conversion Corp.	33
Ceridian	34
Harland Financial Solutions Inc.	35
Saflink Corp.	36
Secured Services	37
UPEC Inc.	38

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

This month in Access Control

• Opening Up About Door Closers
• An Enterprise Approach
• The Framework For Open Systems
• On A Higher Plane
• More from April's issue