Locking up home banking

In effort to boost online banking, VeriSign said today it will issue a new type of digital ID for banks and financial institutions that want to do business on the Internet.

The new digital certificate, called Financial Service ID, vouches for the identities of banks, brokerages, and pension funds that support the Open Financial Exchange (OFX) specification created by Microsoft (MSFT), Intuit (INTU), and CheckFree (CKFR) for home banking services.

The special-purpose digital certificate will be specifically for financial institutions. Consumers and small businesses that use online banking will probably need a special ID as well, but today's announcement did not address the user side of transactions.

"OFX is going to drive online banking for the next five years," said Vern Keenan, an e-commerce analyst at Zona Research. "This announcement will ensure that those connections using OFX are secure.

"Security, while technically not as big an issue as the public imagines, is a critical factor for adoption of transactions on the Internet," Keenan added.

The Financial Server ID is designed to assure customers that their Internet transactions cannot be stolen or tampered with and are received only by the intended financial institution. The new IDs were used in a recent pilot linking consumers using Microsoft Money, Intuit Quicken, and CheckFree software with CheckFree, E*Trade, and Waterhouse Securities.

Open Financial Exchange, announced in January, is a specification for exchanging financial data electronically between financial institutions and businesses or consumers via the Net. It supports consumer and small-business banking, offering bill paying, presenting bills online, and investments, including stocks, bonds, and mutual funds.

But OFX is not the only financial protocol in the works. Integrion, a joint venture of IBM (IBM), Visa, and 17 major North American banks, is creating a separate protocol named "The Gold Standard."

Integrion and the OFX sponsors announced earlier this year that they planned to merge their two specifications, but that has not happened yet. The banks involved in Integrion have about 75 percent of the retail banking accounts in the United States.

Separately, VeriSign also announced that Arthur Anderson Australia has chosen VeriSign as one of three certificate authorities (CAs) for its new EC Integrity program, a one-stop secure e-commerce service. Other CAs for the program are Security Domain and Australia Post.

VeriSign offers several different kinds of digital certificates to vouch for the identity of Internet servers:

Secure Server ID for SSL verifies identities of servers using the Secure Sockets Layer protocol, a commonly used method of secure Internet communications.

Global Server IDs for International Commerce let companies approved by the U.S. Department of Commerce use 128-bit encryption with Netscape Communicator and Microsoft Internet Explorer 3.0 or later browsers. It allows U.S.-based companies with servers located in the U.S. and international banks with servers located anywhere to use 128-bit cryptography.

EDI Server ID allows organizations to provide privacy and security for the electronic data interchange or EDI, a form of e-commerce, using the Secure Multipurpose Internet Mail Extension (S/MIME) for secure email.

VeriSign also issues several personal digital IDs to Internet users and offers digital certificates for banks, merchants, and individuals under the Secure Electronic Transactions (SET) protocol. SET is a specification for secure credit card purchases over the Internet.