WaFd Unites 200K Customer IDs and Prevents Attack with PingOne on AWS

Executive Summary

WaFd Bank, established 105 years ago, uses data to create frictionless, digital experiences. When customers had login issues with the bank’s multiple vendor portals, WaFd overhauled its approach to identity management. The bank sought a new identity solution that was cloud-based, extensible, and ran on AWS. Partnering with Ping Identity, WaFd deployed PingOne. WaFd has unified roughly 200,000 customer IDs to date and onboarded three-quarters of its vendors. In 2022, the system held strong against a massive cyberattack that lasted three weeks yet resulted in zero identities compromised.

Customers Juggle Multiple Login Credentials

WaFd works with roughly 25 vendors to offer services such as commercial banking, mortgages, and online banking. Each vendor has a login page that asks customers to sign in, then directs them to the vendor’s platform. However, a single WaFd customer could potentially have multiple login credentials, depending on their banking needs. This was an issue when customers called to reset their passwords. It also inhibited WaFd from understanding which interactions went with which customers. When WaFd created its roadmap for modernization, it zeroed in on identity management and planned to create one, centralized system with unique customer identifiers that would unite all customer interactions—no matter how they logged in.


Ping Identity not only offered the most innovative solution, but because PingOne was on AWS, we knew it would help WaFd further our goals of becoming a digital-first bank.”

Brent Beardall
Chief Executive Officer, WaFd Bank

PingOne Centralizes Identity Management with Unique Customer IDs

Pike Street Labs (now known as Archway Software), a former subsidiary of WaFd dedicated to innovation and modernizing the bank, set out to find the right identity management solution. The team had four criteria: It had to run on Amazon Web Services (AWS) because Pike Street Labs had a small team that didn’t want to support infrastructure. It needed to be built with a customer’s login experience in mind. It had to be extensible. And finally, the data needed to feed into an AWS data lake. WaFd went with PingOne from AWS Partner Ping Identity because the solution would simplify the customer experience and provide valuable data for WaFd to enhance its services. “Ping Identity not only offered the most innovative solution, but because PingOne was on AWS, we knew it would help WaFd further our goals of becoming a digital-first bank,” said Brent Beardall, chief executive officer at WaFd.

Building a Digital Nervous System without the Anxiety

PingOne delivered much more than an identity solution—it became the center of the bank’s entire digital nervous system. PingOne communicates with vendors’ platforms via an API layer and enables single sign-on (SSO) for WaFd customers, regardless of whether they’re connecting via Plaid or a chatbot powered by Amazon Lex. “Since working with PingOne on AWS, WaFd’s Net Promoter Score has more than doubled,” said Dustin Hubbard, president of Archway Software. “We’ve reduced friction for customers, and the number of customers struggling to remember what username and password went to which login portal has dropped dramatically.”


With AWS, we have a trusted partner who can meet the scalability, resiliency, and reliability that is paramount to our customers.”

Matt Bates
Director of Technology Alliances, Ping Identity

Uniting Customer Interactions with Decryptor Keys in an AWS Data Lake

Now that each customer’s identity is unified across various vendor portals, WaFd can trace customer interactions. Events such as logging in or phoning the call center are logged in a data lake and tagged to the customer’s unique decryptor key. On the frontend, WaFd employees have a dashboard to visualize each customer’s interactions. “The PingOne system that feeds into the AWS data lake gives WaFd a much more holistic view about how customers interact with the bank,” Hubbard said. The system was so successful that WaFd funded Pike Street Labs to become its own spin off as a digital banking venture. Other banks now will be able to benefit from WaFd’s significant investments in innovation by licensing the same Archway Software platform.

Modernizing on AWS Streamlines Systems Interactions

As WaFd searched for the right identity solution, finding one that ran on AWS infrastructure was key. Pike Street Labs was already using other AWS services to modernize different aspects of the bank, so the team wanted consistency with everything hosted on AWS. “AWS is the cloud platform of choice,” Hubbard said. “With PingOne on AWS it makes a lot of the interactions between systems easier because they’re all using the same cloud infrastructure.” For Ping Identity, building on AWS helps meet customers where they are. “With AWS, we have a trusted partner who can meet the scalability, resiliency, and reliability that is paramount to our customers,” said Matt Bates, director of technology alliances at Ping Identity.

Thwarting Millions of Attacks and Protecting Customers

While streamlining identity management was one facet, protecting customers’ identities was another capability that PingOne brought to the table. The system was put to the test on February 24, 2022. That day, the number of login attempts soared to four million per hour, compared to the usual few thousand a day. A highly sophisticated attack was underway. Working with Ping Identity, WaFd worked around the clock for three weeks to counter illegal entry attempts. “With Ping Identity detecting the attack, plus having an AWS-based system that we could scale horizontally almost infinitely, our customers were protected, and we had the AWS instances to handle the traffic,” Hubbard said. In the end, not a single identity was stolen, and customer operations continued as usual, uninterrupted and undeterred. For a bank that prides itself on customer service, it was a moment of great accomplishment.

WaFd Bank

About WaFd Bank

WaFd Bank is a local bank and portfolio lender based in Seattle with more than 200 branches in 8 western states to serve their customers.

AWS Services Used


  • Centralized identity management
  • Improved customer experience for logging in
  • Connected PingOne data to AWS data lake
  • Created decrypter keys for each customer to achieve better customer engagement insights

About the AWS Partner Ping Identity

Ping Identity helps organizations protect their users and every digital interaction they have while making the experience frictionless. Ping Identity lets enterprises combine identity solutions with the third-party services they already use to remove passwords, prevent fraud, support Zero Trust, and anything in between. More than half of the Fortune 100 companies choose Ping Identity to protect digital interactions.

Published May 2023