Usually I charge people an exorbitant amount of money when I share my unfathomable reservoir of knowledge, but this one is on the house today.
I wrote this up last night at home.
To answer your question,
No. You must understand the big picture/vision; where certificate related technology can and will be used. First of all, Internet payments only represent about 5% of the picture. Second, Verifone's products only represent a portion of this.
Areas that can use certificate technology include:
1. Network security and authentication
2. Server security and authentication
3. Client security and authentication
4. Application/Software security and authentication
5. Database security and authentication
6. "Hardware" security and authentication
7. Wireless data transmission security and authentication
8. Personal security and authentication
The article you refer to (http://www.news.com/News/Item/0,4,21247,00.html?st.ne.fd.gif.j) only covers payment certificates which fall under a portion of 4,6,8 mentioned above.
VRSN is going to have difficulty meeting the demands/needs of this recent agreement due to their certificate issuing processes and technology. It is not efficient, fast, cost effective, low maintenance, portable AND scaleable. The only reason some vendors are choosing this solution is because it's the only one available now. Soon they will realize the current solution is too expensive, high maintenance and distributed.
SET in not a standard internet protocol. The internet steering committee still has yet to approve it. DVNTF's technology can be used in far more areas than just SET.
At the moment, general mankind views PERSONAL digital certificates as something "cool" to have, as with any new technology. I hear people say now and then, "hey, I just got my digital certificate from VRSN, cool huh?" Yes, very cool. You can't beat VSN when it comes to "personal security and authentication". However, as far as 1-7 are concerned, that's a whole new ball game. You won't hear anyone from Cisco say, "hey guys, I just got network security and authentication certificates for our customers, users and products from VRSN, cool huh?" No, that's ridiculous. That would be comparable to Cisco asking AOL to provide email addresses for everyone in the company.
Certificate technology and it's full potential as a security and authentication tool has not yet been realized. This is why major R&D is going on in areas 1-7 mentioned above.
Now, let's dissect the article:
Payment certificate issuing technology/processes (when streamlined/dialed-in) will move from CA's (Certificate Authorities), like VRSN, to enterprises. Note what the article said: "IBM offers both a CA service and software so banks can issue their own certificates to merchants and consumers." Will this be the trend? I think so. Money talks. Why let VRSN make money off of banks AND their customers? Explanation below:
"Under the partnership, VeriFone will resell VeriSign's certificate authority (CA) services."
Customers (banks, merchants, buyers) will pay marked-up prices.
"VeriSign greatly expands its marketing reach through both the global sales forces and distribution channels of VeriFone, the world's leading vendor of card-readers for retail countertops, and through parent HP, the world's second largest computer vendor, after IBM."
Let me paint a picture:
Retail stores have card reader devices at the cashier machines. The retail store of the future will also have card reader devices next to computer terminals so customers can purchase items via an online catalog that is linked to a sister store or affiliate through a computer network/internet. The amount of certificates used in this capacity would be relatively small. I estimate approx. 5% of future certificate technology will be used in these situations.
A real world example would be HP resellers. As with all resellers, they get discount prices. Authorized resellers could configure and order equipment online and purchase it via the Verifone/Verisign solution. (i.e. paperless ordering and configuration).
"SET is a protocol pushed by Visa and MasterCard for Internet card payments. Banks, merchants, and buyers must have both special SET software, which VeriFone sells, and digital certificates that vouch for their identities. As a CA, VeriSign can issue SET certificates for all three parties."
So, customers, merchants and BANKS must buy certificates AND special software from Verisign/Verifone. That's a big pain in the rear for everyone. Why would a large BANK buy digital certificates if they could make their own? I'll tell you why, because it would cost them 20 million to become a CA. Also the certificate maintenance would be very high. It's not in the best interest of VRSN and other CA's to give a bank the ability to become a CA unless they charge an extraordinary amount of money. VRSN says, "sure, we can set you up with certificate issuing processes and hardware, but it will cost you 20 million. Hmm.. I'll tell you what, we'll take care of the certificate issuing and management for you. All you need to do is pay us a little cash."
If banks could find a efficient, cost effective, scalable way to make and manage their own certificates for payment transactions (5% of certificate playing field) then banks could sell certificates to their customers and merchants.. instead of banks/Visa/MasterCard buying certificates, they could sell them. and generate more money for themselves.
"Customers told us, 'We'd like a single focal point for products and service, and we'd like you, VeriFone and HP, to be that point,'" said George Hoyem, vice president/general manager of VeriFone's Internet unit."
The bottom line is:
Customers/resellers are upset because they don't want to hassle with third parties.
Customers want a complete solution, not a partial solution. HP owns Verifone. This means that HP must buy certificates from Verisign, then resell them to the customer. If HP becomes a reseller of Verisign certificates, customers will pay marked-up prices.
What if HP/Verifone could make their own certificates for their own products? If HP could find an efficient, cost effective, scalable way to make and manage their own certificates for payment transactions HP would not need to buy certificates from VRSN and charge customers/merchants marked-up certificate prices. Passing savings to merchants and customers.
The article just doesn't make any business sense. The business model discussed in the article was completely inefficient. The article means absolutely nothing. If it did, don't you think we would have seen some reaction?
The technical industry is oozing with anticipation for feasible certificate technology models that are efficient, fast, cost effective, low maintenance, portable AND scaleable.. And are easy to implement in numbers 1-7 mentioned above.
When I buy dinner at a restaurant, I pay the waitress. I don't do business with the butcher, chief, dishwasher, waitress and management separately. Sure, their services are included in the total amount due. But the restaurant owns and provides all of these services for me. |
