Publication Date: November 8, 1996

Related article - Security Expert Says Internet Is Safe for Commerce

Wells Fargo: Pulling the Team Ahead with Internet Banking

By Sue Mellen

Appropriately enough, the Wells Fargo Bank logo is a stagecoach led by a team of horses. The graphic makes good use of the institution’s long history—reaching back to 1852 when the company was established as a banking and express firm serving pioneers in the Old West. But it is also symbolic of the bank’s determination to keep its team pulling out ahead of the competition. In the last century, the winning edge was a good draft horse. At the end of this century, it is technology.

"Wells Fargo Bank has always been technology-driven. Look at our history with ATMs back in the 1970s. Everyone thought we were crazy, but we knew consumers were savvy enough to welcome the innovation," says Wells Fargo spokeswoman Janet Otsuki.

Wells Fargo wasn’t the first bank to introduce automated teller machines into its system; that distinction belongs to Citicorp, which brought ATMs onto the scene in 1971. But Wells Fargo was close behind, one of a select group of institutions to begin installing ATMs in its branches by the mid-1970s. Although the bulk of banking transactions today take place over ATM networks, in 1980 fewer than 20,000 ATMs were operating across the country. And how about this for a technology first: Wells Fargo conducted the first electronic financial transaction—by telegraph—in 1864.

An Express Route to the Future

Today, the San Francisco-based bank is capitalizing on its high-tech history by pulling ahead of the pack in the area of secure Internet banking. Not only was Wells Fargo first to get its services online, but Smart Money magazine recently ranked the bank’s services No. 1 among the growing number of institutions now offering Internet banking.

The climb toward this industry pinnacle began in 1989 when Wells Fargo began offering services through Prodigy and a direct dial-up system. Public interest was minimal until 1994, when the company brought up its Web site, which initially served as strictly an image/marketing vehicle. Then, from January through March 1995, the bank conducted a customer survey and determined that 36 percent of those logging onto its site were interested in conducting at least some banking functions over the Internet. Just two months later, in May 1995, Wells Fargo became the first institution to offer Internet banking services.

"We were able to get our first service up and running in just eight weeks. That’s a good example of one of the most important advantages to doing business on the Internet: You can respond quickly to customer needs and make any necessary changes. That’s critical in the current business climate, where things are changing constantly," Otsuki says.

Wells Fargo began by simply offering customers the ability to check account balances and histories. In May 1996, the bank added transfer capabilities between consumer accounts and the ability to pay credit balances online. A bill-paying service followed in July and consumer services, including check ordering, were added in September.

According to Gailyn Johnson, senior vice president and manager of online financial services, the list of Internet services has been driven strictly by customer demands.

"Customers sent us lots of e-mail saying that they wanted to be able to use the Internet to pay bills. We listen to them, and that’s one important reason Wells Fargo decided to introduce Internet payments," she says.

Distributing Security Across the System

As it went about planning online services, Wells Fargo was also listening to the public’s concerns for security issues. (Recent surveys, including one conducted by Network World, indicate that security is by far the primary concern of Internet/intranet users.) Clearly, prospective account-holders needed to be assured and reassured that it was safe to pack away their passbooks and give up queuing in front of tellers.

Wells Fargo established a security umbrella it calls Distributed Security, which encompasses the three components of the system: the user’s computer, the Internet and the bank.

When customers enroll for Internet banking, Wells Fargo provides an initial online password that can be changed as often as a customer likes during log-on. A customer’s password and social security number are required to authenticate the banking session, but they never appear complete on a user’s computer screen. So, even if your 15-year-old is looking over your shoulder during a session, he won’t be able to use your account to order those expensive in-line skates. Wells Fargo also requires that browsers refrain from recording your banking information on a computer's hard drive—where it would open to prying eyes—unless a user explicitly downloads the information.

The bank includes another safety valve for home base: automatic log-off. If a user hasn’t employed the program for 10 minutes, it automatically shuts down, making it impossible for a thief to experiment extensively with alternative account numbers and passwords.

Using a system that is now becoming a fairly standard security tool, the bank breaks down user information into separate data packets before it leaves a user’s computer. These packets then travel over the Internet along with millions of other such information snippets, only to be reassembled when they reach the Wells Fargo system. This, of course, means that it would be close to impossible for a hacker to glean all the necessary bits of information to access a customer’s account.

But if a hacker did manage to assemble necessary information packets, he would find that they had been encrypted using at least 40-bit or "international-grade" encryption, with the bank requiring browsers capable of 128-bit or "domestic-grade" encryption for bill-paying services. Domestic-grade encryption is billions of times more powerful than international grade, wrapping a message in numeric code with an exponentially greater number of potential keys, but only one that actually translates the hidden message.

Interestingly, Wells Fargo can claim experience with encryption dating back more than 100 years. Toward the end of the last century, the institution conducted much of its banking activities via telegraph, and the bank regularly coded messages before transmission. One sample Wells Fargo message from the old days of the Wild West is "We will pay $1,000 silver tomorrow," which was relayed as "Petrify Ambition Distaff Thorny."

The system back at the bank is protected with a secure firewall designed to protect entry to any system using unauthorized protocol And a Wells Fargo security team constantly monitors attempts to break into the bank’s security systems.

The Age of Internet Banking Has Arrived

The greatest challenge to financial institutions setting up shop on the Web is to secure transactions under lock and key. Wells Fargo is one bank that seems to have overcome the challenge, effectively bringing online banking into the public realm.

Wells Fargo’s security experience is being recognized outside the banking industry, with the bank now working with Microsoft Corp., BankAmerica, American Express and VeriFone Inc., a company that manufacturers devices used at the retail level for verifying credit cards, to help secure Microsoft’s new Merchant Server software. The product, which is expected to be available in time for the December shopping rush, provides retailers with the tools they need to build secure Web sites, where customers can order merchandise and make secure electronic payments.

"The Internet is such an important tool for us. It allows us to easily change content and respond more effectively to customer needs," says Otsuki. 

Sue Mellen writes from Tyngsboro, Mass.

---

Bill Finkelstein, chief scientist of electronic commerce research and development at Wells Fargo Bank, is a featured speaker at DCI's Business Online Conference. Please see our online brochure for conference details.

Related article - Security Expert Says Internet Is Safe for Commerce

---