"Big Valley," an early TV western starring Barbara Stanwyk, Lee Majors and Linda Evans, featured the Bank of Stockton. The bank has vastly different security issues in 2000 than it did when robbers rode up on horseback. Today, the villains are more likely to be stealthy hackers trying to break into the bank's computer system for the fun of it, because they're malicious or to get rich quick.
That's why the bank, the oldest in California still operating under its original 1867 charter, has come up with an innovative way to ensure data security: It has built a fake database into its electronic channels. Anyone coming into the system is checked and it is determined whether he or she is a customer. "If not, it sends them to a place that appears to be authentic and it works back to them," says Jim Lawrence, vice president and manager of information systems. "Once they get to that point, we've got them." In other words, the hackers think they've broken into the system, but meanwhile they are being traced.
Lawrence won't divulge the name of the company that markets the dummy database. But he notes that the database is just one of the many layers of security incorporated into the bank. The key, he stresses, is having layers of security. "Our biggest concern is Internet security, and the comfort level of our customer," Lawrence says. "We can't provide a product to our customer that we don't feel is totally secure, or at least the best by today's standards."
Though the $1 billion-asset bank lacks the vast resources of the major banks, "We have to compete technology-wise with these types of banks," Lawrence says. Thus, Bank of Stockton offers customers online banking through Quicken and Microsoft Money, allowing them to inquire about balances, transfer funds and pay bills. More recently, the bank started providing email statements over a secured server and now customers can even get images of their checks online.
Vulnerable Web sites
According to the Computer Security Institute, last year 57% of large corporations and agencies reported attempts on their online computer systems by hackers, up from 37% in 1998. In its "2000 Computer Crime and Security Survey," the Institute said 90% of its respondents detected computer security breaches within the last 12 months and 70% reported a variety of serious computer security breaches other than the most common ones of computer viruses, laptop theft or employee "Net abuse." For example, these respondents noted breaches such as theft of proprietary information, financial fraud, system penetration from outsiders, denial of service attacks and sabotage of data or networks.
No wonder the Bank of Stockton has hired hackers to try to hack its computer sites to uncover weak spots, and is using third-party firewall companies to check its systems. Lawrence doesn't even accept direct phone calls; the switchboard operator says "he no longer takes calls" and that the individual calling for him should write a letter. So no wonder he hesitated to be interviewed for this article.
Not surprisingly, then, he won't divulge which companies the bank has hired or what kinds of firewalls it employs. "The first thing hackers want to know is who the company is and what are the firewalls. They want to know what they have to break into. Hackers know what they're doing," he says. "Hackers will even call up businesses and say they forgot their PIN numbers, and it works-not here anymore-but if they call a credit card company and if they get the right person in the right mood," they can get the information they want. "Hackers don't use just technology."
The bank also has spent a lot of time and money to train its technical staff on types of information security. "Security is a major subject," Lawrence says. "The whole staff must understand the security issues, not just one or two guys. I have network engineers who are well-versed" in technology security, he says, but not one individual knows all the answers. "Not even me."
Lawrence, who comes from a technology background, is obviously proud of the technology tools Bank of Stockton provides its customers. He points to the difficulty banks have in retaining customers as well as attracting new ones. "We want to give them the tools to do anything they want in any way they want" to bank, he says, adding that the bank, one of the few independent banks left, has a high rate of customer retention.