Merrill Lynch is one of the world's leading financial management and advisory companies with offices in 38 countries and territories. With its headquarters in New York City, the financial capital of the world, and subsidiaries and affiliates located globally, the company services client assets that total approximately $1.7 trillion. Driven to meet the special needs of its international as well as individual clients, Merrill Lynch adopts innovative technologies and leverages operations that are both efficient and cost effective.
Challenge
"In today's turbulent times, a company can't be too careful when it comes to ensuring the safety and security of its employees and information," said John Bennett, vice president, Physical Security Department, System Security Group, Merrill Lynch. "You can't quantify security and we were by no means trying to cut corners to save money by implementing this system. However as it turns out, the solution not only provided us with the essential security measures we needed but unexpectedly saved us money in the long run."
As with most Fortune 1000 companies, guarding against the ever-present danger of security breaches that could harm both personnel and invaluable IT networks is a primary concern for Merrill Lynch. The company knew that the first step in protecting its people and information from harm was controlling physical access to its buildings through authorised credential checkpoints. With a global organisation of 50,000 permanent users plus 20,000 consultants and visitors, providing efficient checkpoint management could be an enormous task. So, when the company undertook the project of assigning new credentials to nearly 70,000 constituents (employees, consultants, visitors), it needed to find a partner with the experience and capacity to handle a project of this scale.
The company's first step was to identify the scope of the project. Realising that many of its long-time employees were still using old badges with no built-in security measures, Merrill Lynch felt it was time to install a new centralised solution. The new measures would not only control physical entry to its buildings, but have the capacity to integrate with the company's IT infrastructure to enable logical and authorised access to the computer network. They could eventually be expanded to move beyond general access to a single "multi-tasking" card that could encompass future needs such as biometrics, cashless vending or entry to the employee gym or child day care facilities.
Evaluating an upgrade of the company's existing CheckPoint access control system, Merrill Lynch's security personnel felt they wanted to move ahead in the direction of smart cards. Their analysis directed them toward a vendor that would allow them to advance technologically, providing ‘alternatives' going forward. Another driver for the upgrade was Merrill Lynch's IT department's desire to get involved in the decision by specifying contact smart chips to enable future logical access capabilities and network log-on authentication.
"In today's turbulent times, a |
In their assessment, they determined the following requirements to successfully complete such a project:
- Multi-technology: New solution would use multi-technology card to assist migration to smart card technology.
- Multi-location: Solution must consolidate local formats to move toward using a single format for Europe, United States and Asia to accommodate office locations in New York, New Jersey, Europe and Asia Pacific including Japan and Korea.
- Multiple credential status: In addition to providing credentials for 50,000 Merrill Lynch employees, the new badging scheme had to accommodate 20,000 other tenants who occupy the company's buildings.
- Round-the-clock operation: The security solution must be operational 24/7/365.
- Administrative efficiency: Above all, the new credential system would need to be implemented in an efficient manner so as not to interrupt the workflow of the company or become an administrative disruption.
- Future applications: Solution needed capability of future expansion into network log-on, biometrics and other smart card-enabled applications.
Working with security integrators Security Services & Technologies (SST) and Security Integrators (SI), Merrill Lynch cooperated to develop an integrated access control system. The integrators' focus on implementing a practical approach to a cost-effective solution placed significant importance on the selection of a card provider for the project.
After research and deliberation, SST and Merrill Lynch selected an advanced technology solution from HID Global, a leading manufacturer in the access control industry. HID proposed a new system that would deliver multiple layers of protection by standardising procedures for issuing new and updating existing employee identity cards, increasing the company's efficiency and security. "Technology is moving ahead by leaps and bounds everyday," said Paul Martin, vice president, Physical Security Department, System Security Group, Merrill Lynch. "We wanted to stay ahead with the latest security technologies and move ahead in the direction of technology."
Managing a job of this size could be administratively taxing, but Merrill Lynch felt comfortable with the selection of HID Global. They felt that HID demonstrated the capacity, ability and experience to handle its large set of requirements. Using HID's Card Personalisation Service, Merrill Lynch found an economical and secure alternative to in-house card production, ideal for printing photo ID badges.
Format management
Prior to entering into this project, Merrill Lynch already had a relationship with HID, benefiting from the secure and administrative features of HID's Corporate 1000™ Programme. Developed to meet the demands of ever-changing workplace dynamics, the Corporate 1000 Programme gives security professionals the ability to standardise on a "Single Card Solution." In the Corporate 1000 Programme, HID is able to provide end-user customers with more than 1,000,000 individual card numbers within the assigned 35-bit card format specifically developed for the individual end-user customer.
By moving toward merging several of its existing Corporate 1000 national formats into a single global Corporate 1000 format, the new HID-based solution was easy to manage, control and offered Merrill Lynch expandability options to address future needs. Using this unique format offered through the Corporate 1000 Programme, cardholders will be able to use a single access card with HID readers at any Merrill Lynch site throughout the world.
Solution
Merrill Lynch began implementing the re-badge programme at its New Jersey office using HID's iCLASS® proximity cards. So as not to disrupt the workflow at the facility, company representatives handed out nearly 22,500 badges pre-printed and programmed with the employees' information. Photo identifications were checked by trained security guards at each entry point and could be matched against the photo stored on the access control software. This stop-gap measure enabled the company to pre-test the solution on subsets of staff without impeding others' ability to get to work.
To address the most important of their requirements, the administration of the pre-printed cards represented a significant logistical hurdle that needed to be carefully managed. HID's Card Credential Services was up to the challenge.
|
Merrill Lynch plans to implement HID Global's iCLASS® read/write contactless smart card technology to deliver versatile interoperability with Merrill Lynch's IT and security departments |
HID Global on the job
Providing secure credentials to a large base of users requires a huge administrative coordination effort. In this case, Merrill Lynch needed credentials for employees in nine locations, broken down into three different designations, representing unique work statuses of its employees. Given the value and sensitivity of the information housed in Merrill Lynch offices, the credentials needed to be equipped with state-of-the art security enhancements. Additionally, with its large base of users, Merrill Lynch needed to be able to rely on HID Global to manage large volume card production and personalisation, with little or no fall-out, and an almost unheard of turnaround time for products. HID Global was able to satisfy their customer on all fronts.
HID card credential services
Production of new credentials was primarily handled by HID Global's Card Credential Services (CCS), a card production service bureau based in North Haven, CT, run by Charlie Camp, manager, Card Services, HID Global. Dedicated to facilitating card production, this business unit comprises an integral part of HID's credential issuance services. CCS provides a secure card production environment (secure process, secure system). With unused card inventory protected and stored in a locked cage, the limited number of CCS personnel ensures an auditable production process. Protected by biometric verification, CCS guarantees the integrity of the process. These extra security features provided by CCS are unique in the industry and provide quality assurance for demanding industry-leading customers like Merrill Lynch.
Merrill Lynch's security team dealt very closely with Eric Widlitz, HID Global's vice president, OEM and Government Channels, relying on his expertise and advice for this large job. Expanding on the level of service provided by HID Global staff at every stage of the project, Merrill Lynch's Bennett explained, "We toured the plant and got a sense of the job. We became students of card-making, learning everything about how the card was made. There were a lot of options along the way, but with the help of Eric, I think we made the right decisions."
Credential security features
From the beginning, Merrill Lynch's specified HID standard iCLASS®/Prox embeddable 16K/16 cards were sent to a chip embedder who embedded Axalto Pegasus 64K contact chips for future expansion capabilities and applications.
On top of the additional memory capacity from these embedded chips, adding advanced visual security elements to the ID cards is a basic means of increasing card identity system security. To equip Merrill Lynch's credentials with the required security enhancements, HID's Card Credential Services worked with in-house artists and external vendors to prepare artwork for the company's custom ID cards. The cards feature customer-selected colour borders surrounding the employee's photo. Depending on the cardholder's designation, one of three coloured borders surrounds his/her photo, immediately identifying the cardholder as a Merrill Lynch employee, vendor/consultant or building tenant through visual verification of the identification badge.
Beyond this card security feature, Merrill Lynch designated specific artwork to fit within their corporate identity scheme and to uniquely identify the cardholder as a Merrill Lynch constituent. The card, however, does not have Merrill Lynch's name printed on it, as that could enable security breaches if the card were lost. Instead, there is a generic "Return Postage Guaranteed" address on the back of the card to return it to the company if found.
Another enhanced security feature on the cards that increases its security is a laser-engraved number on the chip-side of the card. Imprinted in gold on the back of the card, the number provides a more durable and permanent solution than dye printing, with extra secure verification. The credentials also feature a holographic laminate overlay on top of the cards. The patchfilm holographic material, with a pattern on the 0.5 mm thick overlaminate, provides another layer of enhanced security features to the card, further reducing the likelihood of counterfeiting and reproduction.
Together, these elements help to produce a complex, fraud-resistant ID card that can frustrate the most diligent and determined counterfeiters. The customised ID cards with security elements are virtually impossible to alter or duplicate, yet easy to authenticate.
Printing quality
HID's Card Credential Services' unfailing commitment to customer service and satisfaction is further revealed its choice of hardware to be used on this job. HID Global's Charlie Camp evaluated equipment to determine which type of printer-a traditional printer or retransfer-would be appropriate for this job. To provide the optimal solution for cost-effective image clarity and colour resolution, Camp determined that a retransfer/reverse image dye-sublimation printer would be appropriate for a project of this scale. With a goal of optimising turnaround time, CCS bought new printers with removable laminators to properly address the customer's specific needs.
With superior resolution to direct-to-card printers, retransfer printers have a lower fallout rate, ensuring the integrity of the production process and maintaining the card number sequence. A Shingo award-winning Lean manufacturing facility, CCS was also tasked to reduce scrap, ensuring that the use of production stock was optimised.
The customised ID cards are virtually |
Rapid turnaround
"Due to the sheer volume of the project, we could never have done such a large project in house," said Paul Martin. "We felt confident that HID was geared up to do the job."
Merrill Lynch cites HID Global's ability to manage the administrative aspects of the credential personalisation process as a key value-add. Merrill Lynch staff gathered and compiled a user database, including photos, personnel data, credential permissions and other unique information.
The collected data was then delivered to HID CCS and the clock was running. HID took the customer data and processed it through database software. The cards were prepared using the processed data, printed, sorted by colour and alphabet, assigned to the proper location, then returned to the customer for distribution to its individual card holders.
The complete, secure credentials were created for Merrill Lynch staff with an exceptionally rapid turnaround. An initial order of nearly 4,600 credentials was received on December 1, 2005. Upon printing the cards, they were then sorted by location, colour (employee status) and alphabet (employee's last name) for return to Merrill Lynch. Within ten days, the completed credentials had been produced and shipped to the customer.
Another personalisation order for 10,500 credentials was received at CCS' North Haven, CT plant on May 31, 2006. HID Global processed the card data, prepared and printed the cards and shipped 10,500 completed credentials between June 7 and 13.
Successful Implementation of new credential system
"From our leading-edge research and analysis services to our innovative software solutions and web-based delivery systems, Merrill Lynch continues to be on the forefront of employing new technologies to deliver exceptional service to our clients," said John Bennett, Merrill Lynch. "With the implementation of this new security and credential system, we are continuing to raise the bar on technology for the benefit of our personnel and customers."
Results
- Standardised procedure for issuing new or updating existing identity cards increases both efficiency and security
- Updated photos for long-time employees
- Remarkable administrative capabilities from HID Global Card Credential Services
Having achieved success with the New Jersey office's re-badge programme, Merrill Lynch plans to rollout the credential programme companywide with more than 1,000 readers and 65,000 cards, 22,500 of which will be customised and personalised according to the company's specifications. Standardising on HID's proximity cards in its first stage, the company plans to eventually implement HID Global's iCLASS® read/write contactless smart card technology to deliver versatile interoperability with Merrill Lynch's IT and security departments.
Employing this advanced technology will enable Merrill Lynch to deploy greater security control through biometric authentication such as iris scanning and facial recognition. In addition, the smart card technology will support the company's plans for more widespread use of cashless vending and improved PC log-on security.