If that headline reads like a recruiting pitch, so be it. Banks with their “legacy systems”—the ultimate pejorative in Silicon Valley—have a better story to tell than many nonbankers realize.
The stereotypical impression of large banks—constrained by cumbersome infrastructure, risk averse, slow to respond to technology changes—has some basis in fact. But not completely. And change is rippling through banks of all sizes.
Ongoing modernization is one reason why bank technologist Doug Biever has stayed at U.S. Bank for 23 years—and still finds the work challenging. Equally important, he said in an interview, is that investments in technology are a “big reason why I’ve been successful in hiring new people.” The company doesn’t just invest in core system maintenance. U.S. Bank makes progressive investments in server virtualization, wireless access, network reconfiguration, and other improvements necessary to support changing customer expectations.
Biever is senior vice-president and managing director of the Distributed Technology Services team at U.S. Bank, the fifth-largest U.S. bank with almost $450 billion in assets and approximately 3,200 branches. His group runs pretty much everything in IT, other than the mainframe, phones, and desktops.
Biever put himself through college working at the bank, first as a teller, then, after switching his major to computer science, working in one of the bank’s data centers. Now, Biever (pronounced beaver) reports to CIO Christopher Higgins.
“Mission critical” is just that
Although Biever didn’t use this analogy, banks, in a way, are not unlike the military. The mission for both is critical.
While changes in military technology often can be seen on the news, bank technology isn’t much on display, other than mobile apps and chip cards. Yet behind the scenes, bank tech has been changing significantly. Banks’ critical mission is to safeguard and maintain customer deposit accounts—what Biever calls the “Golden Records.” The mainframe is the system that does this. Biever notes that mainframe growth is very predictable as the bank regularly makes major investments to keep it ironclad.
His area, on the other hand, is where the most interesting change and innovation is occurring. But even there, banks face a different dynamic than nonbank tech firms. “The stakes are high with us,” he says. “As a bank, one of our biggest assets is customers’ trust. We all know that all it takes is one breach.”
Pointing to the Target breach of several years ago, Biever says, “I still shop at Target even though I lost my credit card in that breach. If U.S. Bank loses your credit card or your personal information, however, that’s a different story.”
Add Wi-Fi? Not that simple
That omnipresent concern over security plays into everything Biever’s group does. For example, U.S. Bank is part way through setting up Wi-Fi for customer and employee use in an initial group of 700 branches. The project began about a year ago, and Biever says the team’s initial take was that it would cost maybe $500 a branch with a fairly simple process: Order some routers and plug them into the bank’s network. “It certainly could be that simple,” Biever says. But when you start investigating what’s required to secure the routers properly, he says, cost and complexity rise. “As soon as you start layering in all the security technology, you’re well over $1,000 per branch.” That’s big money when applied across 3,200 branches.
The project, however, will bring much more than a customer benefit. It will enable a “refreshing” of branch technology, as Biever puts it; “rewriting branch applications to be compatible with tablets, wireless printers, etc.”
One other plus: The Wi-Fi access points have radios that pick up active mobile phones within a certain range. The radios only acquire the phone identification, not personal data, Biever says. Even that bit of information can be useful for staffing or marketing purposes.
The branch tech changes Biever describes will impact the bank’s network infrastructure. U.S. Bank primarily uses private circuits to carry branch communications. “Private circuits,” he says, “are very secure, point-to-point connections that do not traverse the internet. They have limited capacity, however, and are very expensive to expand.”
His group is exploring use cases for, and in some cases already installing, alternative networks. There are two primary options: broadband and cellular.
The bank has already invested heavily in cellular as a backup network, according to Biever. “It’s been terrific as a backup,” he says. “It’s very inexpensive and easy to deploy; capacity is excellent.”
In fact, in some cases where a primary circuit “fails over” to a cellular connection, the performance is better.
“The problem with cellular is that you get charged by the megabyte,” says Biever, “so it does become cost prohibitive at a certain point.” But data plans continue to evolve, he adds, just as with consumer usage, so it could eventually make sense to run cellular as the primary circuit.
Business broadband offers more bandwidth, says Biever. But it is not inherently secure, as it connects right to the internet. A change to broadband makes economic sense for a variety of reasons, however. One is that the bank currently has to cache software patches or distributions out to its branch servers. It does the same with videos.
“If we streamed video during the day over the WAN circuit, it would completely consume the bandwidth and quality would be terrible,” says Biever.
Security will be solved
Biever says the bank wants to eliminate branch servers to reduce costs, and wants to better leverage cloud applications to enhance the customer experience. Doing those things requires a bigger network connection.
Security issues have held up the change so far. However, Biever says, U.S. Bank is working on setting up a secure configuration. It could involve encryption, a virtual private network (a “secure tunnel” back to the data center) along with other operational investments.
He adds that they have found other banks have adopted broadband only for high-capacity traffic, such as video, while keeping their private circuits for more “quality-based use cases,” and relying on cellular for “last mile” connections—i.e. protecting against the possibility of a backhoe cutting all network lines while digging up the street outside the bank.
Biever says he wouldn’t be surprised if more than 50% of U.S. Bank’s branches eliminate private circuits in time. Some of the more remote locations would likely keep them to ensure quality. “If you replace private with broadband and implement all the security controls,” he says, “you can see an average four-times performance increase at the same cost as the original private circuit.” There are other considerations, however.
“Broadband doesn’t support QOS [quality of service] features,” says Biever, “and latency is not as predictive due to all the different ways your network traffic can route over the internet.”
Pressure is on
Despite the need for banks to maintain ironclad security, Biever agrees that the rise of fintech innovation has upped the ante for all banks. He does think the day is coming when fintechs will be regulated. (See Threads, p. 8, for one fintech that wants to be regulated.)
For now, Biever says, the fintech companies are able to do things quicker and cheaper—and better, in some cases. Their widespread use of APIs—application programming interfaces—for example, is something U.S. Bank is taking seriously, he says.
“Banks will have to either adapt or just hang it up,” Biever adds.