A group of leading technology companies with a eye on electronic commerce have launched a venture aimed at securing financial transactions over the Internet.
The new company, a Redwood City, Calif.-based start-up called Verisign Inc., has developed "digital ID" technology meant to authenticate the origin and ensure the integrity of information sent over public and private networks.
The company and its technology are attracting a lot of attention from industry leaders.
Verisign was formed with the financial backing of Visa International, RSA Data Security Inc., Ameritech Corp., Bessemer Venture Partners, Fischer International Systems, Mitsubishi Corp., and Security Dynamics Technologies Inc.
The start-up is also receiving widespread support from other industry leaders including Apple Computer Inc., Netscape Communications Corp., General Electric Information Systems Co., Intel Corp., Lotus Development Corp., Sun Microsystems Inc., and two new electronic commerce companies, Cybercash Inc., and Open Market Inc.
Verisign's technology was developed to address the lack of adequate security on the Internet, which continues to thwart the progress of electronic commerce.
The security problem has garnered much attention, as companies continue to form alliances to develop methods of securing transactions over the Internet. Many of the alliances have been rooted in encryption technology from RSA.
Partnerships have been formed, for example, by Visa and Microsoft Corp., as well as MasterCard International and Netscape, a provider of a popular "web browser" and other software for the Internet.
The card companies, which have been working separately on security endeavors, just announced an agreement to back a single encryption standard.
Other security efforts have been initiated by the Electronic Business Co-op, a consortium of technology companies, and CommerceNet, a multi- industry consortium in California that includes several big banks.
The objectives of these alliances have been to use data encryption to ensure that information sent over the Internet cannot be compromised. Data encryption uses complex mathematical formulas to scramble account numbers and other information.
Verisign's digital ID technology goes several steps further by adding an authentication capability that industry players agree provides a critical missing link to current encryption methods.
"(Encryption) merely ensures that others can't read your data," said Jim Bidzos, Verisign founder and chairman of the board, and president of RSA Data Security. A digital ID "assures you that the data was sent by the right person, and that the contents haven't been altered on the way," he said.
Digital IDs are issued by Verisign, which acts as a certifying authority that establishes the identity of a user. The IDs are electronically stamped to a document or transaction, assuring the recipient that an electronic transmission is really coming from the person whose name is attached, and that the information has not been tampered with.
Verisign likens the digital ID to a "driver's license for the information superhighway," a license that other companies have agreed to recognize.
Verisign supporters see the technology as a way to establish trust in an electronic environment, the lack of which has been undermining consumer comfort levels with cyberspace and hindering its progress.
"With digital IDs, those you communicate with over the network know you've gone through certain checks so they can be certain you are who you say you are," said Bessemer Venture Partners' David Cowan, co-founder and director of Verisign.
To illustrate the need for authentication, Mr. Cowan brought up the potential for fraud that exists with the use of credit cards on the Internet.
Even if the transaction is encrypted, he explained, many merchants still know your credit card number, which opens up the possibility for it to be misused. Verisign's digital IDs ensure that a card is unable to be used by anyone but the owner, he said.
Magdalena Yesil, vice president for marketing at Reston, Va.-based Cybercash, which provides security for financial transactions using encryption, agreed that digital IDs provide a much needed piece of the infrastructure for electronic commerce.
"Ultimately we want to have on the Internet the same type of discount rates as exist" in the present credit card world, she said. For this to occur, "the Internet must be made almost as attractive to merchants as a person walking into a store, from a security standpoint."
Cybercash registers consumer credit card numbers in its software, enabling transactions to be encrypted. Ms. Yesil said the ability to get a digital ID will probably be added to the registration process within a year or two.
Authentication is also critical for home banking applications, said RSA's Mr. Bidzos. "Right now, there's no good way for a bank to tell if a person requesting information is really who he says he is," he said. "A Social Security number and mother's maiden name are too easily obtained."
Through Verisign, banks and other organizations will be able to buy bundles of digital IDs, and reissue them to customers or employees, said Bessemer's Mr. Cowan. That way, a bank would be able to verify a customer before providing access to account information, he said.
Other companies supporting the technology agree that authentication is a necessary component to expand the market for electronic commerce.
"We see (Verisign) as an investment in the future in a technology that is very promising," said Visa executive vice president Richard Lonergan, commenting at last week's launch with MasterCard of a joint effort to create an on-line transaction security standard.
Mr. Lonergan added that although Verisign's digital ID could add a desired level of transaction security, it was premature to discuss any connection between the Visa/MasterCard project and Visa's investment in Verisign.
Recognizing that it will be unable to serve the entire electronic commerce market, Verisign is authorizing certain companies to issue digital IDs. One company that's been announced is Mitsubishi, which will build a channel for the Verisign technology in Asia, Mr. Cowan said.