Security services credit union

One of the primary roles of The Credit Union Central of Ontario (Central) is to act as an intermediary for financial transactions between its member credit unions and commercial banking institutions. So, when it saw a 74 per cent increase in Web-based transactions from December 2001 to early 2002, it decided to re-evaluate its security and online access options.

Based in Mississauga, Ont. Central provides a range of financial and operational wholesale products and services to credit unions in conjunction with its 220 credit union members. Through those partners, Central serves more than one million Ontarians' banking needs.

When the organization began inquiring about a tool in which to conduct Web access management for all its credit union members, it was a little dumbfounded at the lack of information available.

"We wanted to give more access to information to our members via the Web, and everyone we were talking to was telling us to use a secure tool that will work with our operating system (Windows NT)," says Paul Martinello, director of systems development for Central. "But they didn't know what that tool was or how to find it.

"It was at (Toronto trade show) CompTIA that we came across a company called Securant, which is now RSA. They offered us page level security within a Web site and remote administration of users logged onto that system."

Martinello says the two key issues for Central were offering security and administration of and for its users. "This product provides that."

It's been more than a year since Central bought into RSA Security Inc.'s ClearTrust Web management access software, and Martinello says he couldn't be happier with the product or RSA's support.

"When Securant was first bought out by RSA, we got lost in the shuffle a little bit," he says, "but they have more than made up for it. Their support has been excellent, and we've been able to enhance our users' online experience by taking advantage of the solution's single user sign-on capability."

Pete Lindstrom, director of security strategies for the Hurwitz Group in Framingham, Mass., says the big risk for organizations now is maintaining control over users accessing its Web sites.

"In the end, this (ClearTrust) is a move to gain more control over your community of users," he says. "This is a tool that will help you do this."

According to Martinello, Central allows designated staff to remotely access their own user login IDs to Central's Web site. This enables users to move from sub-site to sub-site without having to log in repeatedly, he says. Central's members use its Web site to upload and download confidential information on a daily basis, including automatic fund transfers, bill payments, cheque clearing data and cash-position data, all in real-time, he says.

Although he would not divulge the cost of the Central implementation, Martinello says the institution's return on investment was realized within three to six months.

"With these types of products, there's really not a lot out there," he says. "It was a straightforward implementation and the software supports SSL-encrypted Web communications, so it works seamlessly with our existing applications."

Jason Lewis, director of product management for Bedford, Mass.-based RSA, says providing a single sign-on solution and management of online applications is a universal need within the financial services industry.

"When a company migrates from a few Web applications to multi applications, the administration side of it gets more cumbersome," he says. "For the end user ... having to log on repeatedly is a real pain in the neck."

Lewis says RSA also provides digital signature, authentication and smart card technologies which compliment its Web access management software.