Wells Fargo & Co. is broadening its use of software from CyberSafe Corp. to protect transactions initiated outside of Wells internal network.
Wells has used the Issaquah, Wash., companys ActiveTrust enterprise security software since 1997 to guard transactions that flow from platform to platform in the banking companys intranet system, said Terry Leahy, vice president of cryptography services at Wells Fargo.
Now the program will be used to protect information transmitted externally for instance, through branches, automated teller machines, or the Internet.
We are currently securing six million transactions a day, and that number is growing as we deploy new applications, Ms. Leahy said.
Wells is also implementing public key infrastructure technology that will link to the ActiveTrust suite. The $234 billion-asset company plans to conduct a PKI pilot in late October with an undisclosed vendor.
Commercial customers participating in the test will use digital certificates to authenticate wholesale transactions. Wells plans to roll out digital certificates to all 30,000 of its commercial customers next year; employees in Tempe, Ariz., will support the certificate authority operations.
Were building the foundation to enable our business folks to roll these products out, Ms. Leahy said. Large expenditures will come from assigning people passwords and then relinquishing those controls when personnel changes, she said.
Ms. Leahy said enhancements to the CyberSafe software base over the years have included performance capabilities, a subsystem for managing public and private keys, and packaging that enables the CyberSafe system to be easily integrated with any business application or platform. The bank is also evaluating CyberSafes Centrax intrusion detection software.
Every company is trying to get to the space where it can manage single sign-on, Ms. Leahy said. We have done some of it, using CyberSafes product, but its hard to deploy. Mostly, administrators and information technology support employees use single sign-on for immediate authentications, but the procedure is not yet enterprisewide, she said.
Wells has been safeguarding transactions at the application level and has given its employees secure access to the server. Its goal is to eventually link branch tellers to servers. To gain access, users must get an ID and a password from Wells cryptography services group.
In addition to Wells Fargo, CyberSafe is working with Morgan Stanley Dean Witter & Co., Deutsche Bank, UBS, and Credit Suisse First Boston to offer enterprise security and transaction security over multiple platforms such as Unix and Windows NT. Deutsche Bank uses single sign-on technology to for its networks worldwide so users can access all authorized applications with one authentication, such as a password.
