Internet banking in New Zealand has gained a shot in the arm with the introduction of 128-bit encryption technology by Microsoft.
Countrywide Bank is to use Microsoft’s Server Gated Crypto technology to provide secure Internet banking and the ASB Bank, which already has more than 2500 Internet banking customers, will drop its r3 encryption product from Switzerland in favour of Microsoft.
Jon Raby, manager of online services for Countrywide Bank, says the availability of Microsoft SGC was a determining factor in the timing of the bank’s launch of online banking. Countrywide will have a pilot involving up to 200 people (staff and customers) running before the end of the year.
“We think it’s a more superior long-term solution because with products available prior to this you had to load specific software on the client.”
It is for this reason that the ASB Bank is to gradually change from r3 to Microsoft SGC. Says IT director Garry Fissenden: “It’s really a customer convenience thing. r3 works perfectly fine but it’s really a browser add-on, meaning we have to download software to the customer. It’s not compatible with every single site in the world either -— so sometimes we can’t get into a site to download it. SGC is seamless and will work with Netscape Navigator 4.0 or Internet Explorer 3.02.”
The ASB Bank also runs Microsoft Internet Information Server, a product which will eventually have SGC integrated into it. “At the moment we have an r3 server and an IIS from Microsoft. Once we have everyone on SGC we will only need the IIS server.
“Our plan has always been to go with the security native in the browser but we were unable to because of export restrictions. At the same time we wanted to get the service out to our customers and our research showed that r3 was the best product available at the time.”
ASB Bank started looking for a solution before the US government allowed US companies to export 128-bit encryption products. Previously US laws limited exportable US software products to no more than 64-bit encryption for financial data but in June Microsoft received government approval to export SGC.
However, while ANZ spokesman Steve Eaton says SGC is good news for Internet banking, the bank believes it is too early. The ANZ does not have plans to launch such a service in New Zealand despite the fact that it will do so in Australia before the end of the year.
“The bank has done a huge amount of research and is following all developments. We know what the business opportunity is, what the market demand is and we’ve decided not to move at this stage. That’s because of the size of the market, the cost of delivering the service, until now security issues, and the fact that the Internet industry is so young and the technology is moving rapidly.
“Everything that you can do with Internet banking, is available through our telephone banking service. The market is saying to us that it’s easier to access banking through the telephone. The number of New Zealanders using the Internet is still relatively small. Fewer than 10% use it on a regular basis.”
Meanwhile, BNZ is believed to be very interested in the product.
Microsoft will now incorporate SGC into all its products dealing with the Internet, starting with Internet Explorer 4.0, Microsoft Money 98 and IIS.
“What this means is that banks can build computer infrastructures based on the Microsoft BackOffice family that interoperate with a range of popular client software, including Internet Explorer, Microsoft Money, and Netscape Navigator, no matter where there customers might be,” says Microsoft consulting services’ New Zealand manager, Trevor Crawford.
Microsoft is also working with software developers to incorporate Server Gated Crypto technology into their online financial solutions. Glazier Systems director Pat Ryan says the solution strengthens the products and services that developers will be able to deliver in the short term. The announcement effectively means that high-level encryption is being “commotidised”.
Glazier Systems intends to incorporate SGC technology into its current electronic banking service initiatives. “We are currently developing credit card authorisation and acquisition systems in conjunction with some of New Zealand’s leading financial service providers.”
SGC is contained in a dynamic link library (DLL) and provides a bank’s server with the ability to “switch on” 128-bit encryption. A separate DLL file also enables the client software to “switch on” 128-bit encryption. The digital certificate allows a bank customer’s computer to perform a digital handshake with the bank’s server. If the client software detects a digital certificate, the session is established using 128-bit encryption. If a certificate is not detected, the client and server negotiate the highest level of mutually available encryption.