Stock Yards Bank and Trust makes employees productive and keeps data secure
- 1.6 Billion in assets
- 28 branch offices
- Established in 1904
- ITI, Fiserve,Harland
- User frustrations and lost productivity
- Data security and regulatory compliance
- High-volume of helpdesk calls
- Increased productivity
- Regulatory compliance
- Fewer helpdesk calls
Stock Yards Bank & Trust has been a trusted part of the Louisville, Kentucky community for more than a century. Today, the Bank has $1.6 billion in assets, 28 branch offices, and a large base of consumer and commercial banking and wealth management customers. With a growing footprint now reaching beyond greater Louisville into Cincinnati and Indianapolis, Stock Yards has recorded consecutive earnings increases for more than 20 years, ranking it as one of the best performing banks in the country.
The business challenge
The Bank’s tag line is “building confidence since 1904.” Essential to that effort is maintaining the confidentiality of customer records and the integrity of its information assets. As a financial institution, Stock Yards Bank must comply with the provisions of the Gramm-Leach-Bliley Act, and as a publicly traded company, it must meet the federal regulations of the Sarbanes-Oxley Act. Those can be considerable challenges for an institution with dozens of locations, hundreds of employees, and a host of software applications.
Application passwords are often the first line of defense in meeting these challenges, and Stock Yards Bank was experiencing significant password management issues, according to Jim Condra, senior vice president and chief information officer. “Our largest group of users is our retail branch employees, including about 110 tellers and 120 customer service representatives, or CSRs,” said Condra. “The tellers had three to four application passwords to remember, and the CSRs had four to five—all of them with different degrees of complexity and expiring at different times. And in our operations area, some groups had as many as eight passwords to manage. People kept complaining, saying, ‘There’s no way I can remember all of these passwords.’ And of course, many of them resorted to writing passwords down where they could be easily compromised.”
Moreover, the Bank’s audit department and information security officer were pressing to make the passwords stronger. Enforcement efforts included periodically running users’ network passwords through password-cracking software and conducting random calls to test employee compliance. Meanwhile, the Bank’s one-person IT helpdesk was receiving up to 30 calls per month specifically from users requesting password resets. “After doing that for a couple of years and not having the results we wanted, we started looking at biometrics,” said Condra.
Jim Condra felt biometrics would be the easiest solution to implement, because Stock Yards computer users could authenticate their identities during log-on simply by placing their fingertips on desktop scanners.
The Imprivata OneSign solution
Condra’s biggest concern was finding a solution that would support biometrics and work with the Bank’s critical software applications. Stock Yards tellers and CSRs use a variety of client/server and mainframe applications, primarily from Information Technology, Inc. (ITI), a subsidiary of Fiserv, Inc. The Bank environment also includes other Fiserv and Harland software solutions, a Windows-based LAN and an IBM iSeries mainframe.
Condra’s initial search for a solution was not particularly fruitful. “We looked at two other vendors, but quite honestly, we didn’t get very far with either one of them simply because of the cost,” he said. “We had some real concerns because we do have a couple of terminal server applications and we struggled a bit to get them running. Our network person spent about two weeks evaluating each of the products, and we discovered there really wasn’t good technical support from these other potential solutions.”
Jim Condra then approached his primary software vendor. “I called ITI and asked them if they’d done anything with biometrics yet, and I finally got in touch with a person who had and he said, ‘Call Imprivata.’”
Imprivata’s representatives introduced Condra to Imprivata OneSign®. With Imprivata OneSign, a single action of user authentication permits users to access all computers and applications they are authorized to use, thereby eliminating the need to remember and enter multiple passwords. Imprivata OneSign makes it possible to establish and enforce strong password policies without putting an undue burden on users. Without having multiple passwords to manage, users can stop bogging down the IT helpdesk with password reset requests.
Jim Condra and his 11-person IT team selected Imprivata OneSign after doing a pilot test. “We tried our core ITI software for the mainframe with two test users and we included the Fiserv loan application,” he explained. “We were looking for applications that had the largest number of users, thinking that if we couldn’t get all the applications to work, we would at least be able to eliminate as many passwords as possible.” When the pilot proved successful, Jim Condra bought and installed hundreds of fingerprint scanners for his tellers and CSRs. He was pleased to discover that Imprivata OneSign also easily managed one time password (OTP) tokens, which Stock Yards uses for remote user authentication.
The response to Imprivata OneSign from both users and the helpdesk has been uniformly positive. “I have had more compliments,” said Jim Condra. “People come up to me and say, ‘I can’t believe we don’t have to memorize those passwords anymore.’
In the meantime, Jim Condra is spreading the news about Imprivata to his peers. “I was at a conference in Chicago in September with other ITI bank users,” he said. “I was talking to people from banks in Wisconsin and Illinois who said they’d looked into biometrics and couldn’t find anything. I was happy to pass along the Imprivata solution information.”