BANK OF BOSTON CORP. has found what it believes to be a foolproof way to provide its corporate customers with secure electronic access to their financial information.
The superregional bank found that customers wanted to have the ability to access their account information quickly and through a single entry point at all hours. The problem the bank had was finding a secure way to provide the access.
"We wanted to find the technology that provided a secure way for customers to enter our system and get their account information," said David Idell, a product developer at the bank. "We were providing access through remote dialing but the process was very cumbersome and consisted of too many levels of security to go through in order to get at the data."
What the bank came up with is a program called "Boston Window," which provides corporate customers with a single point of entry to access information safely and easily through the use of a Secure ID card.
The Secure ID card is the size of a standard credit card, and is used by customers as a tool to enter the bank' s systems. The card features a programmed computer chip that provides the users with a new access code every 60 seconds. The card replaces the traditional reusable password, which often caused problems with network security. Users do not have to worry about changing their password or risk it being compromised.
"We have centralized the security point with the use of the card, which makes access easier for customers who need to get into the system," said Mr. Idell.
In order to get into the system, the customer dials in through a personal computer, enters name and personal identification number, and then is prompted to enter the code that is displayed on the card.
The $43.4 billion-asset Bank of Boston purchased the secure card technology from Security Dynamics Technologies Inc., Cambridge, Mass.
"The card provides a steady display of the security code for 60 seconds and then changes, so in effect, every 60 seconds the customer gets a new password," said Mr. Idell.
So far, the bank, which operates more than 100 offices in 23 countries, has issued Secure ID cards to 1,500 corporate clients, who have issued it to more than 6,000 employees.
Roger W. Pageau, manager of banking and cash management at New England Electric System in Westborough, Mass., said that using the card has worked well forthe utility.
"We have been using the card since the bank started rolling it out, and it provides us with a good tool to access the bank's system and our account information," he said. "It is much simpler than other security systems that I have seen and much more secure."
Bank of Boston has established a stringent set of security standards for its use of technology. The bank has an in-house department that looks into security standards available in the marketplace and then publishes internal guidelines for the corporation to follow.
Although Mr. Idell would not comment on specific standards, he said they range from the nature of passwords and how they are controlled to who has access to data both remotely and on-site. "We believe that the card offers us the necessary safeguards to provide access to the system without compromising the security of the information," said Mr. Idell. "The only way a customer can get in is if they have the card and enter the code and their PIN. One without the other is useless.
"We had a need to provide a secure and easy way for customers to access the system and the use of the card gives us an advantage we needed," he said. "It puts the security functions in a central location, it is very easy to carry, and meets internal bank standards for security."
Before Bank of Boston started using the card, it offered its corporate customers a more layered approach to security, which got bungled and was often extremely time-consuming.
"We used to make customers go through many steps to enter the system including entering passwords which changed on various days in thirty day increments," said Mr. Idell. 'The process was so lengthy that we constantly had to provide personnel support and training. Now with the card in place, we don't have to provide the support."
One of the benefits the bank reaped by using the card is the quick response it can have if the card is lost or stolen.
The Secure ID card operates in real time and if the bank's administrative office enters the card' s code number into the main system it is rendered useless and no longer issues passwords.
"fin customer loses the card, it can be turned off from our administrative office so that it does not receive the transmissions with the codes," said Mr. Idell. "By being able to tum off the single card, we do not have to worry that the system is being violated or being forced to change procedures because [a card] is misplaced."
Bank of Boston provides its customers with two cards so that they always have a spare in case one is lost or stolen. In the event both are lost, a new card will be issued within 24 hours.
To date, the bank has had "extremely" positive feedback from customers and plans to expand the use of the card to more of its corporate customer base.
Bank of Boston has been making a concerted effort to increase the size of its corporate business.
"It is to the bank's benefit to expand the services it provides to corporate clients," said Michael Granger, an analyst at Fox-Pitt Kelton Inc. in New York. "Bank of Boston has always been a player in the corporate services area and it is very focused on expanding services for cash management, trust, and commercial deposits. All of its products amd services fit into a package that serves the large corporate market, which wants to have one bank meet all its needs."