Most major U.S. banking companies have not made major moves with smart cards, but the industry has a believer at the top.
Citigroup, the nation's biggest bank holding company and the parent of Citibank, has been as tentative as others - so far. But it is embracing smart cards as the best technology available to ensure security across network lines, and evidence of its commitment should be apparent before long.
"Since the advent of the Internet and Web technology, a lot of players in the financial services market have had to realize that in order to survive you have to make use of technology wherever you see fit," said Toni Merschen, vice president and director of chip card and access technologies in the e-Citi unit. "If you look at Citibank or all global financial institutions, we're not just in the provision of financial services but also trust services."
With face-to-face recognition of customers, let alone comprehensive checking of signature cards, a thing of the past, new authentication mechanisms are needed, and smart cards can play that role.
Mr. Merschen, speaking at the recent Financial Technology Expo in New York, said that on the Web "you need to know that the person you're dealing with" is, in fact, that person.
Referring to Citibank's oft-stated goal of having a billion customers worldwide by 2010, he said: "We want to be reachable in any way our customers want to reach us - by cell phone, personal computer, or TV. So user authentication has to be very flexible, it has to be able to be used in all of these appliances without compromising in security, still be convenient, and be mobile around the world."
Citibank's smart card focus is on authenticating business-to-business electronic commerce, where the transaction figures are higher than in business-to-consumer dealings and the security risks that much greater.
In April Citibank joined seven other multinational banks in creating the digital certification venture Identrus. It is building an infrastructure that will allow "people who have never met each other to do business with each other" in trust and confidence, Mr. Merschen said.
"Identrus authentication is strictly smart card-based because that's the only way you can manage this in an open environment," he said.
The other emerging market for smart card technology targeted by Citibank is multiple applications in closed environments - university, government, or corporate campuses, for example.
Citibank issued about 400 cards for a nine-month General Services Administration smart card test that began in May. The cards come with a magnetic stripe, a silicon chip to be read by terminal devices, a second chip that operates in contactless mode, and the cardholder's photo. They work as an employee badge, credit card, and telephone calling card, and allow building access, Internet access, electronic boarding on American Airlines, and biometric authentication for secure computer files.
The GSA has been preparing a request for bids to broaden its smart card program and plans to choose a vendor early next year.
William O. Holcombe, director of smart cards in the office of governmentwide policy at the agency, said he hopes the test will yield experience that can be used throughout government.
"We think the smart card is going to be one of the technologies of the future," Mr. Holcombe said. "We want to help the government figure out how to use smart cards to reinvent their business processes and also to encourage interoperability in the smart card world so agencies don't all go around and reinvent the wheel."
Another multiapplication program was started by Citibank with a real estate company in Hong Kong, with the addition of electronic cash and loyalty functions.
Citibank said it is also working with several universities to issue cards with an e-cash component, building and library access, and loyalty programs.
"Customers are asking for this," Mr. Merschen said. "We see users of financial applications, be they corporations or government agencies, asking for higher security."