Eight of the biggest and most influential commercial banks in the world accomplished something simple Wednesday to deal with one of the vexing complexities of electronic commerce.
Citigroup and Chase Manhattan Corp. of the United States, Barclays Bank of London, Deutsche Bank of Frankfurt, and four others said they will form a joint venture to manage and promote a digital certificate system for validating business customers over the Internet.
In the process, they brought instant legitimacy and credibility to a concept that has challenged the sales forces of information-security and payment-system vendors and that even some bankers have had trouble bringing to the attention of their top executives and boards.
And as with any joint venture-in this case, one of perhaps unprecedented international proportions and a for-profit charter-the euphoria of organization is tempered by a realization of the daunting administrative and operational tasks that lie ahead.
"There are a lot of moving parts to this," said John Herron, chief executive officer of Certco Inc., a Bankers Trust Corp. spinoff that is providing the underlying data encryption technology.
"This is not simply a technology solution," he said. "We have to develop systems and rules and bring other banks in. These are challenges but they create opportunities as well."
The stated objective is to put banks in a position to influence the spread of, and profit from, electronic commerce on a global scale. The joint venture will focus on business-to-business commerce, specifically the issuing of certificates to commercial customers. They number at least five million at the eight organizing banks: ABN Amro of the Netherlands, Bank of America, Bankers Trust, Barclays, Deutsche, Chase Manhattan, Citibank, and Hypo Vereinsbank of Germany.
The group hopes to add both equity owners and non-equity participants, said Guy Tallent, vice president of Chase and chairman of the organization's steering committee. He said the company will be a limited liability Delaware corporation with headquarters in New York, pilot tests likely to get under way by yearend, and full-scale operations in 1999.
"This enterprise offers a value proposition to participating financial institutions," Mr. Tallent said. "An institution can create a new business line, leveraging this platform to transform traditional banking products for the electronic commerce space. There is a business proposition for financial institutions in transferring the business practices they have done traditionally to e-commerce."
"This becomes a new line of business," said Jay Simmons, senior vice president of Certco. "Banks didn't even see the revenue- generating opportunity a year ago."
The venture, as yet unnamed, is described as a "global trust enterprise," providing member banks with an important tool for issuing and verifying the digital credentials that customers will need to assert their identities and be validated when doing business virtually.
The enterprise would be at the top of a certification hierarchy, responsible for a data-encryption code called the root key, provided by Certco, from which all certificates issued within the network would be derived.
Certco, which joins the eight banks on the initial list of shareholders, has been talking up the idea of a unified banking industry hierarchy and root key since its inception in 1996. It said the discussions leading to Wednesday's formal announcement commenced in November 1997.
The announcement came about a month after the American Bankers Association's formal launch of ABAecom, a bid to serve as root certificate authority for the U.S. financial services industry. People active in the global trust enterprise see such national or regional efforts-including developments in Germany, which has a well developed legal framework for the digital signatures derived from certificates-as complementary with their ambitions.
"ABAecom can issue certificates based on the global root," said Mr. Simmons of Certco.
He and other officials stressed that the trust framework will be open and interoperable, allowing individual banks to make their own choices of public key infrastructures. The resulting keys would trace back to the global root.
The trust enterprise concept also has a smart card component. Gail Hoffman, vice president of Citibank, said the banks view smart cards as useful for distribution and management of the encryption keys and ensuring authentication when employees are not at their home bases.
As with the overall public key infrastructures, the various smart card systems on the market would have to be open and compatible with each other- an inflammatory issue in some more consumer-oriented markets. Bank of America senior vice president Libby Ghekiere conceded that "there is a lot of work to be done to make that work effectively."
Outside reactions to the global trust enterprise were generally favorable, particularly in the interests of awareness and credibility.
"The best news is that it signals the banking industry's interest," said Scott Lowry, president of Digital Signature Trust Co., a Zions Bancorp. affiliate and provider of ABAecom's root key. "This is a useful step to focus on banks' role in the authentication business."
Mr. Lowry said ABAecom looks forward to working with the enterprise but it remains to be seen if it turns out to be "the one."
Stephen Cone, a data encryption expert and president of nCipher Inc. of Woburn, Mass., pointed out that there have been other attempts at Internet- based roots that never materialized. But he said the banks' announcement "represents a significant consortium endorsing the use of the Internet, digital signatures, digital certificates, and public key infrastructures for conducting business."
Mr. Lowry and Thomas Greco, the ABA staff counsel who is president of ABAecom, said whatever happens on a global scale, there will still be a need for a venture like theirs to perform a service for banks below the top tier. "Even a global trust enterprise can't represent everyone," Mr. Greco said.
Ms. Hoffman of Citibank said, "There will never be just one of anything. We see this as significant, and significant beyond other equals, but it will coexist" with efforts like ABAecom around the world.
All of the latter, she said, "are beneficial to us because they encourage electronic commerce and the involvement of small institutions."
James Marks, electronic commerce analyst with Deutsche Bank Securities, injected a skeptical note about the ability of a consortium to carry out such bold objectives. "If you have six or eight insiders, there will be 8,000 others asking questions." But he said the enterprise was right to focus on business-to-business opportunities, which seem larger and more immediate than consumer purchasing on the World Wide Web.
"We are looking at a lot of work, and we understand that," Ms. Hoffman said. "It is laid out in our business plans."
u
AUSTIN, Tex.-GlobeSet Inc. said it has licensed its family of secure Internet payment software to DataDesign AG of Munich, Germany.
DataDesign is one of many European financial industry software houses preparing for on-line payments conforming to the MasterCard-Visa Secure Electronic Transaction standard. "GlobeSet is the only SET software provider with a full range of products that are SET-marked," or certified, said DataDesign founder and chief executive officer Stefan Pfender.
In August, GlobeSet became the first company to have all four of its programs-digital wallet, certificate authority, payment gateway, and merchant software-judged standards-compliant by SET Secure Electronic Transaction LLC.
