Money: Just sign on the digital line

Electronic ID is the modern way to make your mark. By Stephen Pritchard
Click to follow
IN A WORLD with internet stock brokers, on-line insurance companies and electronic banks, one paper document persists: the form with a signature. Opening a bank account, investing in a PEP or buying insurance still needs ink on paper to take effect.

The speed, convenience and potential savings of internet commerce are reduced if the final step in a transaction is still paper-based. In personal finance however, the problem is acute, because proof of identity is as vital as the ability to pay.

When investment house Fidelity launched its web-based service for PEPs, it could let its clients alter portfolios or even top up holdings over the net. But new customers still need to fill in a form and sign it, not least to satisfy the Inland Revenue.

To make the best use of electronic commerce, however, companies need an acceptable alternative to the conventional signature. The electronics industry has already developed some highly sophisticated ways to identify people. Biometric data, such as fingerprints or the eye's iris pattern, let a computer establish that someone is who they claim to be, reliably and fast.

This is not science fiction. The Nationwide is just one large financial firm using biometrics: it has a cashpoint at its head office in Swindon which uses iris recognition instead of a PIN.

Good as it is, this technology does not transfer well to the web. Customers of the Nationwide cashpoint have to visit the branch where a computer photographs their iris. The system needs a digital camera, which most home computers do not have.

Instead, the internet industry is looking to numbers, in the form of a digital signature, for its solution. The idea behind a digital signature is simple: internet users sign a document with a unique set of numbers, not a pen.

Keeping those numbers secure is more of a challenge. A digital signature that is simply a PIN would not be very secure: anyone finding the PIN could obtain access to others' personal details on line or just spend their money. To overcome this, internet companies such as VeriSign in the USA are combining the digital signature with encryption and digital certificates.

A digital certificate is a set of numbers issued by a "trusted third party" to a person to prove his or her identity on line. The certificate is in code, making it almost impossible for anyone to pose as someone else with a digital certificate.

When someone buys goods or services on line, the merchant (shop, bank or insurance company) contacts the trusted third party to check the shopper's identity, but the shopper never needs to give an uncoded certificate to a merchant. The digital signature, also enciphered, validates the transaction itself.

The combination of certificates and signatures is more secure than a conventional credit-card transaction, and has the added advantage of proving identity, which means banks can use it for opening accounts.

The barrier is public acceptance. Despite advances in security, mistrust of the internet persists. "Technically speaking, it is really not an issue," says John Hughes, who handles accounts in the financial sector for Microsoft in the UK. "It is a question of the facilities being put in place to deliver it."

At present, this means customers with a computer to store the digital certificate, and banks and other organisations having powerful equipment to verify the signatures. That will give way to smart cards with chips containing all the information a company needs to establish a customer's details over the net.

Tim Jones, managing director of retail banking at NatWest, believes that time is coming. Soon plastic bank cards will contain all the information needed for a digital certificate. PCs will be developed with card readers, probably a slot in the keyboard. Smart cards will travel, too: mobile phones use them, and it would be easy to use the same card for electronic shopping.

NatWest is working with the Government, electronics firm EDS and Microsoft on a project called Intelliforms. This uses digital certificates and signatures to let people starting a business complete all paperwork on line. The system is on trial at a NatWest branch in Luton. The digital documents are accepted by the Inland Revenue, Contributions Agency and Customs and Excise.

The technology, and the Government's involvement, do not mean all the problems surrounding signatures and identity have been solved. Mr Jones, though, believes it is a significant step. "We are finding our way towards it with Intelliforms," he says. "But it is a step on the way."

From a computing point of view, the ideal solution to on-line ID is a universal smart card issued by a central authority. That makes it cheap and simple for firms to trade on line, as they have no need to issue their own digital certificates. In the UK, at least, governments have been shy of ID card schemes. Bank plastic and credit cards, which most carry, may prove a politically-acceptable alternative.

q Contacts: www.verisign.com; www.natwest.co.uk; www.nationwide.co.uk. The author: stephen.pritchard@dial. pipex.com.

Comments