Electronic Commerce: Certco Chief Urges Bank Role in Net Security

Peter C. Freund, who emerged from Wall Street trading rooms to get in on the ground floor of the digital certificate business, is starting to raise his voice.

Mr. Freund, founder and chairman of Certco Inc. of New York, is on a crusade to get bankers thinking about how to assure on-line trust-a budding business that he describes with words like "awesome" and "powerful."

He can only hope that the enthusiasm becomes contagious as he takes the message on the road. His forceful logic could not be lost on the hundreds of people who heard Mr. Freund speak two weeks ago at the RSA Data Security Conference in San Jose, Calif.

This week he is attempting the same at a Smart Card Forum meeting in Salt Lake City.

Mr. Freund, 46, neither looks nor acts the role of a classical evangelist. But he speaks of his own pilgrimage that began with a 10-year stint at Goldman, Sachs & Co., followed by several years with Bankers Trust Corp. where, among other accomplishments, he invented the credit derivatives business before taking charge of a new electronic commerce unit about five years ago.

It was then that he and a colleague at the time, Peter Sudia, saw something "awesome" in the confluence of public key cryptography, the rapid expansion of the Internet, and "a magical technology for allowing unfamiliar people to execute transactions."

"A trust infrastructure was lacking, and financial institutions will be at the center of that," Mr. Freund said in an interview last week.

In a RSA conference presentation titled "Trust, the Essential Precondition of Electronic Commerce," he said the "seamless, frictionless power of the Internet to connect the best buyer with the best seller is irresistible." If that scenario is to become commonplace, and on the massive scale that the Internet promises to deliver, "somebody with long- standing, pre-existing relationships with customers" will have to perform certification and guarantee functions.

Who better than banks to be those trust authorities?

As the Smart Card Forum's scheduled keynote speaker Wednesday-the forum's new president, Donna Farmer, used to work at Certco-Mr. Freund's topic is "Banks: The Dominant Future Buyers of Smart Cards."

Though he is in the business of public key infrastructures, or PKIs, the data-encryption-based hierarchies that underlie digital certification, Mr. Freund is taking a position on smart cards that would sound radical to most bankers in the United States. They consider the "business case" dubious. But Mr. Freund is finding his voice as something of a zealot.

He comes at chip cards from the point of view that when it comes to digital security, hardware is better than software. "We at Certco are hardware bigots," he said last week.

The danger is that when certificates and related security operations reside in computer software, a breach can go undetected until network auditing kicks in. "Even two seconds in network time can cause huge pain," Mr. Freund said.

A smart card or other hardware token means more assurance up front, in the issuing process, and better early warnings if something goes wrong.

Hardware encryption may not be needed for low-risk exchanges such as e- mail, Mr. Freund conceded. But he wants banks to set their sights on the big picture of risk management, on the "high assurance" necessary to grease the wheels of e-commerce, on their ability to make representations and cover liabilities that sets them apart from nonbanks-and on how all that relates to preserving their customer relationships and payment systems.

"Their tactile, up-close-and-personal relationships allow them to underwrite risk in the most efficient and economical manner," he said.

Certco, which began in 1996 as a spinoff of Bankers Trust's BT Ventures subsidiary and is now owned by a group that includes BT as the largest (though minority) shareholder, is one of a host of vendors jockeying for PKI positions. Its pitch is strategically similar to that of Xcert International Inc. of Walnut Creek, Calif., which also appeals to bankers' pride and survival instincts as commerce moves on-line.

Both companies also have in common an influential investor: Addison Fischer, the founder of Fischer International Systems Corp. and a major force in the data security field. (He was an early backer, for example, of RSA Data Security Inc., the leader in encryption technology and sponsor of the recent San Jose conference where officials of Certco, Xcert, and numerous others were out in force.)

As privately held PKI entities, Certco and Xcert lack the brand recognition of two certificate technology companies that went public last year, Entrust Technologies Inc. and Verisign Inc. They may also be trailing GTE Corp.'s GTE Cybertrust unit in this regard.

But both have made inroads. Xcert is associated with the American Bankers Association's ABAecom certificate venture, along with Zions Bancorp. affiliate Digital Signature Trust Co.

Certco was involved, with Digital Signature Trust, in the Utah government's pioneering digital certificate program and was chosen jointly with Spyrus of Santa Clara, Calif., to be the root certificate authority, or CA, for the MasterCard-Visa Secure Electronic Transaction protocol.

But Certco's biggest splash is likely to come as co-owner and root CA for the global trust organization, the joint venture now in formation by Bankers Trust, its merger partner Deutsche Bank, Citigroup, Chase Manhattan Corp., and four others.

Mr. Freund said he does not know if or how the Deutsche-Bankers Trust merger might affect Certco, but it has been run independently all along and the two have the global trust organization in common.

"We have a tremendous stake in the success of (GTO) and we are focused on getting it up and working and successful."

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER