For Data Security, Cardinal Chief Turned to . . . His Brother-in-Law

When Chip Mahan of Cardinal Bancshares decided to create a bank on the Internet, he did not venture alone into the uncharted realms of cyberspace.

He made it a family affair.

Before putting one of Cardinal's subsidiaries - what he calls a "pig- path bank in the middle of nowhere" - on the Internet, Mr. Mahan turned to Secureware Inc., a small data security outfit that happens to be headed by his brother-in-law, Michael McChesney.

"By the end of this decade, every viable bank is going to have an interface on the 'Net," said Mr. McChesney, chief executive officer of Atlanta-based Secureware. "I'm not saying everyone with a branch is out of business, but they're going to have to have interfaces to deal with customers electronically."

Since July 1994, Cardinal has been working with the software company on a system that could allow consumers to do their banking anywhere and any time via a personal computer.

First and foremost, the pair have been focused on making sure the services and information provided over their interactive system are safe from the prying eyes of hackers and fraudsters who inhabit the thousands of interconnected networks that comprise the Internet.

Secureware, a seven-year-old company, has worked with the likes of International Business Machines Corp., Digital Equipment Corp., Sun Microsystems Inc., and Hewlett-Packard Co. to develop standards for computer security.

Computer security - "compusec" in the trade - pertains to protecting the operating systems within computers themselves. Communications security encompasses encryption, digital signatures, and other techniques for scrambling and coding data to ensure it is transmitted to the right place and right person.

Although communications security has received more attention in the press and among companies exploring ways of doing electronic commerce, about 90% of the publicized break-ins have occurred on the operating systems level, Mr. McChesney said.

Cardinal's bank on the Internet, which Mr. Mahan expects to be accessible this summer, will apply both communications and computer security.

On the communications level, the Cardinal system will employ private- and public-key encryption and digital signatures for data transmissions and authentication of senders and receivers. The data transfer also makes use of hash functions, which translate written documents into long streams of digits that are as unique as human fingerprints.

For computer security, Secureware's specialty, the bank's operating systems have firewalls and audit files. Firewalls, common in computer design, are the first protective barrier for the inner sanctum of the computer system from external intrusion. Audit files, commonly used by banks, record all the daily activity on individual accounts, pointing up irregularities.

Signing up for Cardinal's on-line service does not involve the Internet. Customers have to mail in an application form with deposit. But after that, it is all electronic.

When connecting up, the customer and the bank exchange their digital keys to authenticate each other - a process that is handled automatically on the consumer's end through the use of a password.

The connection is made over the Internet, the most open of the electronic information highways, but the system's architecture could allow for access to the bank through other channels in the future.

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER