The Key to Bank Security

RCG Holdings Ltd. was chosen by a Middle East bank for deploying biometrics access control system.

Access control has been a key element in security for most of the enterprises. According to a market research report on global electronic, access control market published by Global Industry Analysts Inc., the demand for electronic access control is forecasted at US$6.1 billion in 2010, which was identified as one of the fastest-growing sectors in the security industry. There has been a keen demand for access control devices adopting different types of technologies. A common factor of identification is RFID, which is one of the key drivers according to the report from IdTechEx. According to International Biometrics Group, the market for global biometrics is forecasted at US$7.4 billion in 2012, representing a compounded annual growth rate of 20% from 2007. The figure showed a trend of deploying biometric technology in access control systems, adopting fingerprint or facial recognition for security.

By RCG

Commercial Bank International (CBI) is one of the leading banks based in United Arab Emirates.  The bank focuses on providing innovative and highly-personalized financial services in the retail and commercial sectors.  CBI has an aggressive strategy and vision for excellence in growth, market coverage and operations. With a network of 11 branches and call centers distributed within the region, the bank aims at delivering services to all clients all over the UAE with convenience.  Having an objective of providing “relationship beyond banking”, corporate values of customer satisfactions and quality service were demonstrated throughout the bank’s development history.

CHALLENGES

CBI is currently undergoing an era of strategic expansion and this is when they faced a series of challenges.  The Time and Attendance (T&A) system used for tracking employee attendance records at CBI was conventional, which cannot be customized to fit various usages and it does not have a centralized system to manage the expanding employee database.

Transition from Conventional T&A System

One of the core systems under their expansion project is the pay-roll system.  Due to aggressive expansion and strict quality standard, the existing T&A system does not have any customization capability and hence was not compatible with the bank’s new technology infrastructural requirements.  The consequence of a conventional T&A system was the decrease in efficiency which caused inconvenience at the operations level.  Time had been spent on administrative tasks which should be spent on more productive tasks.

Multiple Factors for Identification

Since the bank had staff of different categories, standardizing the access control factor was not an ideal method.  There were regions in the bank which required heightened security measures, such that a system capable of customization for various security levels should be adopted.  At the same time it is crucial to record workers’ signin and sign-out time accurately, hence reliable factors of verification should be used.

Compatibility with Bank’s Software

Wages are dependent on employees’ total working hours and are unique in every bank.  The bank also developed its own payroll system, which failed to communicate efficiently with the existing T&A system, causing a significant increase in workload to the human resources department in handling HR-related tasks.  The deployment of the new system should minimize the changes incurred to the existing infrastructure, which could potentially minimize the cost-required for adoption.

Data Collection and Centralization

Centralization of data from different branches was no easy task. As CBI was under strategic development, a number of branches might be opened up apart from the existing ones.  The precise collection of employees’ attendance data from every single office became crucial, requiring the development of a comprehensive centralized server capable of meeting the requirements.  The reliability and accuracy of the process of centralizing different staff information became one of the most important challenges as any mistake may lead to lawsuits which the bank never wanted.

Privacy Concerns

Improving efficiency and saving resources are the driving forces for CBI to adopt advance biometrics/RFID solutions.  They admit collecting biometric data and keeping private data confidential would draw great concern about privacy, their solution provider RCG spent much resource in education on the precautions such as protective encryption are in force when recording sensitive biometrics data, and only privileged personnel are permitted to access to collected data.  However, they also agreed that the “transition period” is inevitable whenever new technology is being adopted. 

CBI adopted the biometric/REID solutions (Photo by RCG)

IMPLEMENTATION DIFFICULTIES

Since CBI needs the i4 Flexi readers to be implemented in all sites and each branch has their own network setting.  Centralizing the data from all the sites to the server in proper way was a big challenge.  Static IP address has to be assigned to each system so that the collected data can be relayed to the centralized database.  Extra risk assessments were carried out in order to secure the system stability.  At the first deployment phase, the comprehensive new system posed a drawback on CBI’s daily operation.  The employees were concentrated on familiarization of the overall operation and a drop of efficiency has been observed.  Besides, rearrangement of working hour was also required for the employees to attend the new system training sessions. 

SOLUTION

CBI adopted the biometric/RFID solutions provided by RCG Holdings Limited.  The i4 Flexi is RCG’s biometric access control with RFID technology.  The reason for choosing i4 Flexi was mainly because the controller provides various authentication modes including fingerprint, fingerprint + card, card + password, card and password so that some employees whose fingerprints are shallow or damaged can still gain access by using card and password in lieu of fingerprint verification.  In some highly-restricted areas like safe vault where sensitive documents and valuables are stored, the built-in tamper alarm together with the terminal-controller codematching mode of i4 Flexi offer enhanced security.  The device adopts split-typed controller to prevent any unauthorized break-ins for the highest security level.  Since CBI has different categories of staff with different levels of authentication, several types of authentication including FP, PIN and RF card are prepared to eliminate the possibility of fraudulent access.  The i4 Flexi controllers support RS485, Wiegand and TCP/IP protocols, it can be installed as either a standalone device or within networked environment.  Besides, i4 Flexi incorporates time attendance management module, which provides a tool for human resource management, thus saving the resources on more worthy returning tasks.  Throughout UAE region, approximately 30 sets of i4 Flexi were installed at different CBI branches.  For monitoring these controllers, RCG has developed a software system called Data Pulling System (DPS) which is customized for the reliable retrieval of information within the data network built within CBI.  The data collected on each device is then centralized based on Virtual Private Network (VPN), a technology utilizing large area networks to eliminate physical connections, and then relayed to the central head office server for further statistical attendance analysis.

BENEFITS REALIZED

The deployment of RCG’s access control and attendance system provides an effective means to manage the internal staff’s areas access and attendances.  The set-up allows information to be analyzed and stored within the headquarters for centralized information control.  The system eases the branches workload caused by previous system.  An advanced and improved operation is resulted for CBI overall.

ⓒ2007 www.SecurityWorldMag.com. All rights reserved.

     Todd Koelling

     Alarm Transmission Technologies Pros & Cons