Identrus has been forced to delay by about three months its proposed network for secure commerce between businesses on the Internet.
The expanding bank-owned consortium, a cooperative banking investment in Public Key Infrastructure (PKI) technology, attributes the delay to difficulties inherent in global e-commerce.
Identrus was to supply PKI technology to its bank members last December and they were to supply their customers in March. In fact, Identrus only began the roll-out to banks in late March and their roll-out to customers is not expected until this month or next.
Paul Donfried, chief marketing officer of Identrus, says Identrus knew that there was no urgency in supplying the banks once it became clear that the banks weren't ready. The banks were slowed by the realization that the project was more important and more complex than originally thought.
Identrus' growing membership and broadening reach also struck unforeseen difficulties that delayed its launch, Donfried says. Last month, nine banks announced that they would join Identrus, bringing the consortium's size to a total of 38 members, 17 of which are owners. (The consortium began with seven member-owners in October, 1998.) Six of the nine recent members of Identrus's "global internetwork of trust" were European.
Identrus was "overly optimistic" on how long it would take to merge application technologies with PKI infrastructure, Donfried says. PKI applications allow bank members to issue their business customers with digital certificates: encrypted digital documents that verify the identity of participants in an e-commerce transaction. Digital certificates allow companies to conduct transactions securely over public networks, which banks believe will bring more business banking customers on-line and boost B2B e-commerce.
The delay was exacerbated as Identrus encountered "more geopolitical sensitivities than we realized (existed)" while expanding into Europe, Donfried adds. Identrus originally intended deploying from a single, U.S.-based data center, but Donfried says that as the consortium met "some sensitivities (in Europe,) we realized data centers would need to be replicated around the world."
Some analysts say banks re-evaluated the importance of Identrus in part because they feared a loss of customers as B2B e-commerce explodes over the next few years. The global value of all electronic payments will treble from an estimated $1.3 trillion in 1999 to $3.3 trillion in 2004, according to recent research by equity analysts the Prudential Technology Volpe Group.
"At the end of the day (financial institutions) realize they are 'people companies,' and they fear they could simply lose those people to competitors and dot-coms," says Steve Ross, a technology security expert in the Enterprise Risk Services group of New York-based Deloitte & Touche LLP. "The initial issue for financial institutions getting into PKI is how to keep the customers you've already invested in, because the volatility of the marketplace is incredible."
But others also point out that financial institutions can leverage their traditional role as "trusted third parties" in business transactions by backing their digital-certificate applications with the necessary risk management to make them totally secure. This will help them beat back low-cost, non-bank competitors and create possible new sources of future revenue.
"Payments will never be straight B2B-banks will still play a role in 'initializing' payments made on the Web," says Jim Parker, vice president of Chase.com, a division of NY-based Chase Manhattan Corp. "Our digital certificates give us access to different stages of a transaction and opportunities to play an integral role in aspects of the transaction (other than payments,) like securing e-mail."
Chase Manhattan was one of the original seven founding members of Identrus, along with Bank of America, Citigroup, ABN AMRO, Barclays PLC, Deutsche Bank/Bankers Trust and Hypo Vereinsbank. Its latest influx of "level-one members" was the largest since the consortium was launched in October 1998, under the name Global Trust Enterprise (see graph at right).
Until last November, level one members had to make an (undisclosed) equity investment in the consortium. A Federal Reserve ruling changed that, and Dresdner Bank and Commerzbank of Germany, Scotiabank of Canada, and San Francisco-based Wells Fargo & Company joined Identrus as level one members without becoming owners.
Level one members have direct access to the Identrus infrastructure and act as certificate authorities in their own right. Level two members are bank correspondents of level one banks and they obtain certificates through them. (For instance, a Wells' correspondent bank gets Wells' branded certificates to supply to its business customers.)
French banks BNP Paribas, Caisse Nationale de Credit Agricole and Societe Generale (SocGen), plus Spain's Banco Santander Central Hispanol (BSCH) all joined Identrus in early April as level one members and equity partners. So did Australia and New Zealand Banking Group Ltd (ANZ).
Establishing a European data center, now located in the Netherlands, added to Identrus' launch delay and cost, Donfried says. He added that because data-centers were outsourced, Identrus "didn't necessarily double (its) investment" in adding a European facility, although he declined to provide budget figures. The consortium will build its next international data center in Asia as it begins expanding into that region.
Chase Manhattan expects to launch its digital certificates commercially sometime next month, Parker says. Chase is currently testing its Identrus applications with a group of six clients.
Bank of America, another founding member of Identrus, also expects to launch its first commercial Identrus-based services next month, according to Regina Seiler, senior vice president and the bank's Identrus project manager.
Since last September Charlotte, NC-based BofA has run a pilot program with San Jose, CA-based Cisco Systems Capital (CSC), a subsidiary of computer network supplier Cisco Systems. BofA issues digital certificates on smart cards to CSC and its customers. CSC has used the BofA-branded digital certificates to digitally sign and electronically send leasing documents, which cuts the leasing process from 1-2 months down to 2-3 business days.
Such relationships have helped banks to focus more on how they can use Identrus to add value for their customers and themselves. "Banks recognize now that (Identrus) is about more than delivering financial services-it's about managing trusted relationships with customers," Donfried says. "The sheer scope of that opportunity has made them step back."
Indications of some teething pains at Identrus came in a recent seminar organized by Baltimore Technologies plc., which is supplying digital certificates to Identrus. A Chase executive asked from the floor whether Baltimore's new wireless technology would work with those certificates, and for a status update. After an awkward pause the speaker said he wasn't at liberty to publicly discuss Identrus. Another source said afterwards that banks aren't seeing demand for digital certificates from their business customers.
Still, Donfried says Identrus expects to sign up some 300 level one members, including 22 equity investors, by the end of this year. These 300 are expected to draw several thousand level-two members into the Identrus network, greatly expanding the network.
But Deloitte & Touche's Ross expects that competing consortia to Identrus will emerge, making long-term predictions on Identrus difficult.
"Over time it will evolve and it probably won't be working the same as now five years out," he says. "(In information technology,) nothing ever works out the way it was intended to when it was set up".
Rob Luke is a business writer in Indianapolis.