Wells Exec Sees Perilous Lag in E-Commerce

The banking industry must take it upon itself to create a favorable climate for smart cards and electronic commerce, one of the more vocal proponents of those innovations said last week.

Decrying the continued lack of a "compelling consumer proposition" and "a business case for us," Wells Fargo Bank executive vice president Dudley Nigg said bankers face a new type of disintermediation threat unless they "change the environment" through both competitive business strategies and appropriate technical standards.

"We're sitting around waiting for something to happen," Mr. Nigg said at the Bank Administration Institute's Retail Delivery '97 conference in New Orleans. "The real danger is that someone else does make it happen and we run a real risk of disintermediation."

Referring to the work San Francisco-based Wells and other institutions are doing on electronic purse and multiple-application smart cards, he said, "There could be no bigger (risk) than if we find others issuing multi-application cards and we are paying their freight."

He said deficiencies in the technologies themselves are rapidly going away. He cited projections that in 18 months, a smart card with a 16K chip (holding 16,000 bytes, or characters) will cost $3, compared to $10 or more today for a less functional card.

"The cost of equipment is also coming down exponentially," Mr. Nigg said. "We just re-ran our business case, and I can tell you it really looks different at $3 per card."

Wells, the lead U.S. investor in the Mondex electronic cash system, has plans to combine functions on a single chip card: debit, credit, stored value, loyalty-point tracking, and digital certification.

Certification-the verification of cardholder and merchant identities- will be especially crucial for payments over the Internet. It is here that Mr. Nigg fears the banking industry as a whole is coming up short.

"What can banks do better than anybody? Certification," Mr. Nigg said during a panel discussion titled "The On-Line Banking Standards Race."

He complained of a "lack of clear agreement on certification ... I see technology companies and technologists taking a leadership role and banks taking a back seat."

Standardization has become an electronic commerce hot-button. The Banking Industry Technology Secretariat, a division of the Bankers Roundtable that has support from other banking trade groups, is trying to look after the industry's interests in that area and keep a grip on the payment systems.

William M. Randle, executive vice president of Huntington Bancshares in Columbus, Ohio, and, like Mr. Nigg, a member of the BITS advisory group, said, "We need open and interoperable standards." He said BITS is assessing standards, certificate authorities, and other aspects of "critical infrastructure" in that light.

"Certification is embedded in SET," the Secure Electronic Transactions specification for Internet credit card payments, Mr. Nigg said. "We need to make it happen."

SET, which is nearing full commercial implementation after more than two years of preparations, has been criticized for its slow pace and the technical complexity that exacerbated the delays. Some skeptics say the protocol has been oversold and cannot deliver on its anti-fraud promises without further enhancements.

But the banking and credit card establishments' support for SET has not flagged, and it could give the concept of digital certification a major mass-market boost. Mr. Nigg said SET 2.0, the next stage of the security protocol that is supposed to rectify the shortcomings of the current 1.0 version, "is definitely good news." He conceded that the industry has "done a poor job of communicating to consumers the power of the process."

Some signs of certification progress have emerged in recent weeks from high-tech land.

Entrust Technologies Inc. of Richardson, Tex., a leader in certificate authority and public key infrastructure systems, announced support for cross-certification among multiple vendors. Joining with 15 others including GTE Cybertrust, Harbinger Corp., Hewlett-Packard Co., International Business Machines Corp., and Tandem Computers Inc., Entrust said the standard lays the groundwork for a "global interoperable security architecture."

Entrust is also in the thick of SET preparations and sees the protocol as "a viable Internet-enabler," president and chief executive officer John A. Ryan said in a recent interview. But the company's attitude toward "SET 0.0," the pre-1.0 test versions, was indicative of its problems.

"We saw that rolling out slower than some others did," Mr. Ryan said. "We were hesitant to put resources into 0.0. It had security deficiencies.

"Now we have a whole team built around banking and SET. We are up with the first ones ready to go with SET 1.0 and have the ability to scale to millions."

Verisign Inc., an Entrust competitor that had early financial backing from RSA Data Security Inc., Visa International, and others, recently announced an initial public stock offering. It has issued more than one million of what it calls Digital IDs and 35,000 Server IDs for World Wide Web sites.

To promote secure electronic mail-perhaps a more immediate road to mass acceptance of certification than SET for credit cards-Verisign has created the equivalent of a White Pages directory of digital certificates on the Internet. A computer user can find, save, and store others' certificates in their Microsoft or Netscape browsers to ensure secure e-mail transmissions.

Last month, Mountain View, Calif.-based Verisign announced an alliance with Litronic Inc. of Costa Mesa, Calif., to distribute Class 1 Digital IDs with the Litronic NetSign authentication system for Netscape Communicator. It is one of a growing number of examples of portable hardware-based security-the cryptographic codes can be stored and carried around on a smart card or similar device.

Such convenience and portability contrast with the inflexibility of the early SET design, in which certificates are stored in a personal computer hard drive. Though few home computers have card-reading ports, several manufacturers are beginning to include them and technology is available to read chip cards in floppy disk drives.

Verisign announced Monday that Microsoft Corp. named it the preferred provider of both corporate and consumer certificate services. The companies said they have a broad agreement to explore the integration of security enhancements into Microsoft products. New offerings include 128-bit encryption for Microsoft Internet Information Server 4.0 and free trial Digital IDs.

In an October report, Forrester Research Inc. of Cambridge, Mass., concluded that digital certificates were "stalled" and not yet mainstream because of a lack of applications and necessary infrastructure. The firm's network strategies group saw more near-term growth on corporate intranets than in open electronic commerce, with some companies motivated by a desire to beef up security of Microsoft Windows NT operating systems.

"Financial companies will be early users of certificates for e-commerce with their customers," said a Forrester summary. "However, the catalyst for widespread adoption will be forward-thinking banks and insurance companies that will guarantee certificate-based transactions between third parties."

Digital cash and PC banking also figured in the Retail Delivery '97 panel discussion.

Mr. Nigg said a lack of "commonality of standards" across such alternatives as Cybercash Inc.'s Cybercoin, Digicash Inc.'s E-cash, Mondex, Proton, and Visa Cash discourages investment in the budding virtual cash business.

Mr. Nigg said banks must exploit their leverage in the interest of interoperability: "We deal with these businesses every day. We even own some of them, and those we don't own regard us as their primary customer."

Panel moderator Joseph De Feo, president of Open Group, suggested home banking standardization may have been hindered by the rivalry between Microsoft and IBM. Microsoft advocated the Open Financial Exchange, or OFX, specification, while IBM, a participant in Integrion Financial Network, supported an alternative called Gold.

"The perception may be there but the facts go in the other direction," said James Dixon, president of NationsBanc Services Inc. The company's parent, NationsBank Corp., is one of 18 banking companies in the Integrion consortium.

Aside from the fact that the OFX and Gold camps are working on a converged standard, Mr. Dixon said Integrion's acquisition of Visa International's Visa Interactive program and strategic alliances with Checkfree Corp., Intuit Inc., and Meca Software LLC speak to the venture's commitment to openness.

"Microsoft is a competitor in pieces of this, and I'm glad to have them as a competitor," Integrion managing director William M. Fenimore Jr. said in an interview. But he is even open to linking to Microsoft systems if they are compatible and "if they can show a room full of NT servers can work as good as what we have."

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER