Some background on digital certificates and banks, from the December 27, 2000, American Banker:
"Digital certificates are sort of like smart cards: They are both cool technologies that may some day come in handy, but there is still very little you can do with them.
"Another similarity is that digital certificates may soon have their day in the sun.
"Zions Bancorp and Bank of America Corp. are among the U.S. banks that have become certificate authorities and have recently let customers conduct some transactions authorized by digital signatures linked to certificates. Other banks are starting to follow, leading people in Internet security circles to predict a digital-certificate boom for 2001.
"'We are putting together very appealing programs for the banks to go out and adopt this technology,' said Geoff Kahler, vice president of marketing for Digital Signature Trust Co., the Zions Bancorp subsidiary that sells digital certificate technology to banks. 'What we're saying is a bank-authenticated certificate is better than a certificate that's verified by Joe Schmo technology company.'
"Like a passport or a driver's license, digital certificates verify in the online world that the bearers are who they say they are. Just as a government agency vouches for the passports and driver's licenses it issues, so must a certificate authority, or 'trusted third party,' stand behind the certificates that are issued to people and companies for use in the Internet world.
"People at many certificate technology companies are pushing banks to take on this role, since banks have been sources of trust ever since the days when people who moved to new towns needed letters of credit in order to conduct business.
"Several large banks have already embraced this view and begun acting as certificate authorities, and it will be interesting to see how the market evolves. It is possible that every bank, large or small, will want to get into this business eventually, if it does indeed turn out that people and businesses come to rely on this technology for secure transactions. Many smaller banks will probably take a pass, but a lot of them may also want to participate, to ensure they play central roles in their customers' online commercial activities. . . .
"So far there are pockets of activity, with banks lining up behind vendors that facilitate their roles as certificate authorities. Wachovia Corp. is working with Xcert of Walnut Creek, Calif., to serve as a certificate authority for business-to-business transactions. Bank of America is doing the same through Identrus LLC. Wells Fargo & Co. is also a certificate authority through Identrus, the New York technology firm, but so far has not come forward with a live application.
"First Data Corp., which will act as certificate authority for any bank that wants to outsource such a service, is doing so on behalf of FleetBoston Financial Corp., which is offering certificates on its Fusion smart cards. Star Systems Inc., the huge national electronic funds transfer network, announced this month it was piloting Internet debit card transactions authorized with digital signatures.
"'This will be the breakout year,' predicted Laura Rime, acting vice president of marketing at Identrus. 'It only takes a few key applications to get out there and have some commercial viability. Once we and our banks can show the potential, it will really take off.'
"There are several factors besides the E-Sign law that would seem to work in favor of digital certificates. One is the strong support of the federal government. David Temoshok, the electronic government program manager for the General Services Administration's office of governmentwide policy, says that Uncle Sam wants to conduct as much business as it can with citizens electronically, to cut down on paperwork and expenses -- and that to do so the government needs the type of online security that the certificate-and-signature system seems to promise.
"Another good sign is that it is quite easy to get a digital certificate. Consumers can apply directly for them through Digital Signature Trust's Web site (and others), which checks various databases (much as an online lender would) to confirm a person's identity. Once people are approved, they get verification in the mail, including an activation code that lets them download the certificate onto their browser, there they could use it to sign e-mail or, some day, to apply for online loans. They could also store it on a smart card or other hardware token.
"Mr. Kahler of Digital Signature Trust said the number of people applying for certificates is 'in the hundreds per day,' despite the $24 charge for a TrustID digital certificate, which is valid for one year.
"As with smart cards, there is a chicken-and-egg quandary: most people won't want them until there are good uses for them, and good uses may not be developed quickly until people have them.
"When it comes to issuing digital certificates and coming up with ways to use them, 'the banks are on their own in terms of deployment and readiness,' said Ms. Rime of Identrus. 'We have to do what we can to follow their lead, but it's really up to them. They have to be the ones to do it.'"
________________
I found it interesting that the Verisigns are out there pitching the banks. Especially since this market hasn't really taken off yet, you'd think that having the biometric nonrepudiation feature would be a very good selling point for VRSN, ENTU and BALT. |
