Stay up to date with the latest IT news and information affecting the world of finance with TechRepublic’s free Financial Services IT newsletter, delivered each Wednesday. Automatically sign up today!

Voice over IP (VoIP) is an attractive proposition to
financial services firms. With frequent calling between widely dispersed
locations, telephony is a major cost to banks, which VoIP promises to cut. In
addition, the integration of IP-based communications channels has the potential
to increase productivity while saving money. Converging voice and data systems
makes it possible to merge operations that were once separate, and to control
the system from a central location. Benefits abound, but there are also
potential disadvantages. First, let’s look at a success story.

Consider SouthTrust, the
Birmingham, AL-based bank that merged with Wachovia in November 2004. Before
the merger, in 2000, SouthTrust completed what was then the world’s largest
multisite deployment of Cisco’s VoIP technology, embracing more than 10,000
users across nine states.

SouthTrust reported that the number one benefit of the Cisco
solution was cutting costs. In the first year of deployment, it cut more than
$5 million in telephony costs compared to actual costs in the previous year—and
since then it reports annual savings of about $5.7 million.

Perhaps more importantly, SouthTrust’s users liked VoIP too.
A post-implementation survey, with 438 sites or departments responding, ranked
overall system performance as good, with reliability of calls, quality of voice
mail, quality of local and long distance calls, and VoIP features all rating
good, or between good and excellent. Because of the success of SouthTrust’s
VoIP implementation in 2000, Wachovia plans to roll out telephony to most of
the newly-merged company over the next two and a half years. However, despite
the positive results in this case, two recent reports are raising other questions
as to the use of VoIP in financial services.

The first is from the business consultant company BearingPoint. Its report makes a
general observation about the global networks of many financial services firms,
pointing out that they are often “networks of networks”—that is,
systems that are not integrated so much as cobbled together. “The result is often inefficiency, high cost, inadequate
disaster recovery, and an inability to deliver new bandwidth-intensive
applications,” the report says.

This is not news to most banks.
Heterogeneous systems that have been poorly linked together, particularly after
mergers and acquisitions, struggle to provide the bandwidth or quality of service
that IP telephony requires. In reality, then, BearingPoint suggests that the global
deployment of VoIP—the scenario in which it should offer its greatest benefit
to banks—may not, in many cases, be possible.

While BearingPoint’s report points out the problems with the
networking infrastructure that is required for VoIP, the second report concerns
security and comes from a new body, the VoIP Security Alliance.
It was launched in February of this year and aims to promote the security of
VoIP networks.

One of its first acts was to issue a warning. Founding
members from VOIPSA and security vendors such as Avaya, Qualys, and 3Com agreed that
as VoIP deployments become more widespread, the technology becomes a more
attractive target for hackers, increasing the potential for harm from cyberattacks.
The implication is simple: VoIP application attacks will increase as hackers
become more familiar with the technology. The fear is that they will discover
ways of snooping in on VoIP calls, or even rerouting them.

Coupled to this alert is another one from the National Institute of Standards and Technology (NIST). This U.S.
government body recently warned organizations switching to VoIP to “proceed with caution.” The
report, “Security Considerations
for Voice Over IP Systems”
(draft SP800-58) includes nine
specific recommendations for IT managers, such as building separate voice and
data networks, configuring firewalls, and conducting security testing.

The message is clear. If the reliability, quality, and
economics of VoIP are now proven, market vendors must turn their attention to the
limitations of current network infrastructures as well as the increasing burden
of securing those networks once VoIP is implemented.