A start-up affiliated with Big 6 accounting giant Deloitte & Touche today announced a security service aimed at companies doing business electronically.
NetDox' service will help clients verify the identity of their business partners on the Web.
The company will offer guarantees, backed with cash, that the partners are really who they claim to be. NetDox claims it is the first rating service for digital IDs.
NetDox will do that by rating the certification authorities (CAs) that issue digital IDs and evaluating whether the CAs really know the parties they're certifying. That will involve NetDox investigating procedures not only of public CAs like VeriSign and GTE's CyberTrust, but also overseas CAs and private companies that buy certificate server software--available from Netscape, Microsoft, and others--and issue digital calling cards for their own employees or customers.
"Many clients are saying public digital certificates are great for buying a pair of Reeboks, but not for buying a truckload," said Tom Friedman, NetDox vice chairman. That's where private issuers of digital certificates--and the need to evaluate their procedures--will come in. By rating issuers, NetDox hopes to make digital certificates, issued by Fortune 500 companies to their employees on intranets, useable in the outside world.
NetDox sees itself as a faster alternative to overnight delivery services like Federal Express, and it will price its services comparably. The company expects to do a major share of its business overseas, where public certificate authorities are not as developed as in the U.S.
"Our objective is to make Internet a commercially viable medium for business-to-business transactions," Friedman said. Putting its money behind its service, NetDox will guarantee business losses of up to $25,000 if a customer is defrauded by a customer who uses a digital certificate that NetDox approves. For a higher fee, NetDox will guarantee even bigger losses.
NetDox trades heavily on the name of DeLoitte & Touche, whose security services unit will handle due-diligence on issuers of digital IDs.
"When we founded the company, we thought an independent third party was vital, and it had to have a brand name attached to it," said Patrick Haynes, NetDox' chairman.
NetDox' service, expected to launch mid-year, will target banks, insurance companies, medical providers, health insurers, law firms, accountants, consultants, and companies active in electronic commerce. It is currently beta testing the service with parent Deloitte & Touche, Boston law firm Hale and Dorr, and other unnamed customers.
NetDox sees its service as going beyond encryption of data crossing the Net, and Haynes said it is in discussions with companies that offer secure encrypted packaging technologies to add their verification service.
"Look at the entire security process from the time when documents are created to when they are read on the other side," said Michael Sohn, the company's president. "The real trust is in the people of the sender and receiver. Assuring that we know who they are and the reliability of that assurance, that's where we make our guarantee decisions."