Use OWSM username token client_policy on the business service. Do not override the csf-key in the policy and configure a pass-through service account in the business service.
No need of multiple business service. Let me know if this solved your problem or not.
To pass username and passwords you can use "Transport Headers" action. For Ex: if are using Publish action to call your business service, use "Transport Headers" action, select request, add one header for username. Select "Other" option and enter UserName in the text box and then go to "Set Header to", click on the expression link and provide username or xpath. Similarly you can add header for Password. You need to enter "Password" in text box and provide password or xpath in the expression field.
Please let me know if you have any concern.