Though demand for its services is barely beginning, the American Bankers Association's e-commerce security venture is aiming for a big payoff.
ABAecom, the digital certification subsidiary that the trade group formed last year, sees itself as far more than a service provider to banks, said ABA executive vice president Donald G. Ogilvie.
Describing a product concept that has been trademarked as Portable Cert, Mr. Ogilvie said ABAecom wants to have a hand in securing just about any type of payment transaction over the Internet-plus appropriate nonpayment functions, such as voting and document filing.
"The sky is the limit," Mr. Ogilvie said of the prospects of ABAecom and Portable Cert in a speech to the Cardtech/Securtech '99 conference in Chicago.
ABAecom and its technology partner, Digital Signature Trust Co., intend to "flood the market" with certificates, said the trust company's president, Scott Lowry. They have a "chicken-and-egg problem" in that few services currently require digital authentication, Mr. Lowry said.
By getting ABA member banks to issue millions of certificates over the next year and a half, the venture hopes that service providers on the Internet will begin requiring them.
Just the appearance of the ABA's top staff officer, Mr. Ogilvie, at a high-tech seminar such as Cardtech/Securtech, which mainly covers smart cards and advanced information security techniques, underscored the trade group's commitment to ABAecom and the prevailing level of expectations.
The ABA, working closely with DST, a Zions Bancorp. affiliate in Salt Lake City, established ABAecom to help assure a central role for banks in electronic commerce, specifically through the issuance of digital certificates.
Banks would serve as trusted agents, assigning these digital credentials to on-line buyers and sellers, similar to the way signatures are verified in physical-world transactions. ABAecom and Digital Signature Trust maintain a root key, a data encryption code that sits atop the hierarchy of certificates issued by participating institutions.
The for-profit ABAecom has made a relatively elementary product, called SiteCertain, available free to ABA members to authenticate bank Web sites. SiteCertain can also be delivered through a bank to an on-line customer's site. The SiteCertain symbol indicates that a Web page is valid; a visitor to the site can click on that icon to verify the digital certificate.
ABAecom's grander goals have been reflected in the opening of its policy advisory board to nonbank organizations such as the Securities Industry Association, in its likening of digital certification to such other ABA public services as the administration of check-routing and credit card numbers, and now in its vision for Portable Cert.
"You would get it from a bank just as you would a signature guarantee for a securities transaction," Mr. Ogilvie told about 250 people at the symposium, "Changing the Face of Money," which was held before the start of the main Cardtech/Securtech meeting on Wednesday. The meeting attracted an estimated 10,000 people.
A customer would be issued the single certificate, which would conform to an open technical standard, to assure interoperability. The certificate could be used in any type of secure transaction with financial companies, health care providers, government agencies, and any number of other entities.
Citing projected growth in electronic commerce and in the size of the on-line population-37% of the U.S. population, by one estimate-Mr. Ogilvie said banks are ideally placed to fulfill a "trust need on the Internet." He said it is a "logical extension" of banks' historical functions and the distribution systems and information assets they can bring to bear.
The same reasoning is behind Identrus LLC, the multinational digital certificate venture known as the global trust organization before it was incorporated in March.
"Identity drives commerce," said Identrus president Guy S. Tallent in a speech preceding Mr. Ogilvie's. "Without knowing who you are dealing with, you will not complete a transaction," he said, adding that "banks must lead."
Canadian Imperial Bank of Commerce and Sanwa Bank of Japan recently joined the Indentrus ownership group of Bank of America Corp., Bankers Trust Corp., Chase Manhattan Corp., Citigroup, ABN Amro of the Netherlands, Barclays Bank of the United Kingdom, and Deutsche Bank and Hypo Vereinsbank of Germany.
Mr. Tallent said more than 15 financial institutions have signed letters of intent to be participants in the Identrus business-to-business certification network, and customer pilots are expected to get under way in the third and fourth quarters this year.
Identrus is eyeing multi-purpose certificates like those described by Mr. Ogilvie, with interoperability across system vendors and smart cards serving as user-authentication tokens.