Like many other banks, Royal Bank of Canada has been grappling with how to provide its corporate customers on-line access to account information while insuring a high level of security. The Montreal-based banking company has solved the problem with smart cards. Similar to a credit card, a smart card stores information on a microprocessor chip located within it and allow users to transmit data with complete security. Through smart card technology, the $123 billion-asset bank can offer corporate customers from retailing, fast food, and utility companies an efficient and secure access ramp to their accounts, while collecting fee income associated with the cards and related services.
Since 1985, when the bank first starting using smart cards to facilitate secure access to its on4ine electronic business banking services, the bank has collected more than $1.4 million in fees associated with the cards. "When we developed the process of providing a customer access and reporting function on-site, our primary need was to ensure the information was secure and the system was safe;' said John Black, the product manager. "By using the cards, we can ensure that the customers have safe and secure access to the data and that our system is not being violated." Now that the service is successfully under way, the bank's emphasis has turned to the revenue potential.
"Our intent is to make revenue for offering these services," said Mr. Black.
The Royal Bank of Canada, the world's 51stlargest bank, issues approximately 5,000 smart cards a year. It charges customers a onetime installation fee of $1,000 to install smart card readers and associated technology at the customer site. To date, the bank has installed more than 3,400 readers.
"We also charge a fee based on the number of accounts a customer uses the smart card to access," said Mr. Black. "As the customers increase the number of accounts they access, the per-account fee decreases."
The bank has installed over 1,400 readers at customer sites and in some cases, customers require multiple readers at various locations. For the most part, customers install one or two readers and will have between three and five cards to gain access to the information.
The Royal Bank is using smart card technology from Dallas-based Micro Card Technologies Inc.
The readers work with standard personal computers and operate through a proprietary communications program.
The personal computer provides the customer with a gateway into the bank's systems. The system transfers information between the customer site and the bank, ensuring that it does not become modified during communication sessions.
The bank offers the technology to existing customers as part of what management considers better customer service.
"Once a customer has established a relationship with us, we offer the service to them in order to better serve their needs," said Mr. Black. "They can get individual account and rate information as well as run reports documenting activity using the system."
To ensure safety, the bank works with an individual at the customer site who acts as a system administrator/supervisor. Through a specially programmed card, the supervisor is able to monitor activity and in the event a card is lost or stolen, can shut it off to limit security breaches.
"The supervisor is given the means to remove a misused or stolen card from the system," said Mr. Black. "Access to customer is denied once the card is removed from the system."
A user with a card is not allowed access to the information without the use of a personal identification number.
Customers can access a full day's worth of information using the PC system and store it for future use on their desktop computer hard drives.
The old system did not allow for customer retention of the data; it was used strictly for viewing.
"When you start to offer retention of information, you need to have additional security because the data is accessible on a hard drive," said Mr. Black. "The smart card provides an added level of security to both access our systems and the customer' s machines."
One of the problems the bank found in developing the system was that different customers have various information and security needs. "Every one of our customers has different security needs depending upon size, type of business, and operating environment," said Mr. Black. "Our objective is to provide flexible security techniques so that each customer may select the tools most appropriate for their needs while not compromising the data or system security."
The smart card system offers the customers entitlement control and simplified communications access to the bank's mainframe information.
By using the card technology, the bank is able to limit access to certain files at the customer's request.
"Customers are able to authorize which employees will have access to the banking information through the use of the card," said Mr. Black. "Employees cannot gain access to the system without the card and it can be programmed to allow entry to specific areas only."
The bank has tried to make accessing the information as easy as possible by embedding most of the data needed to access the communications network and mainframe onto the card.
"By programming the cards, we have simplified the process," said Mr. Black. "The entire session is established automatically without manual intervention."
The system has been designed with the idea that once a connection is made, the information is downloaded to the personal computer and the connection is terminated immediately. "Customers dial in, get the raw data they need, and get out of the system immediately," said Mr. Black. "The whole thing is done automatically because of the information embedded onto the card."
All of the reporting is done off-line because the information becomes available at the customer site.
The process allows the bank to export from the bank system standard files for easy conversion to industry standard spreadsheets and word processing programs.
Gilles Lisimaque, executive vice president of Gemplus Card International and co-chairman of the Smart Card Fomm's technology committee, said the smart card provides a safe and secure mode for providing access to data with assurance of safe transmissions.
"The card cannot be simulated or copied, which means it is completely secure from fraud," he said. "It takes care of all of the issues surrounding security."