Commerzbank, the Germany-based international credit institution, knew its enterprise customers expected their banking experience to be as mobile as their other business processes. The challenge, however, was the 1995 German Banking Communication Standard (BCS), which all banks in Germany must comply with. The BCS offers customers more choices in where to bank, but it limits the capabilities of Internet-friendly banking. Recently, the German association of banking and finance, Zentraler Kreditausschuss (ZKA), created the Electronic Banking Internet Communication Standard (EBICS), establishing standards and formats for security, encryption and signature practices of Internet banking.
Once the EBICS rules were in place, Commerzbank began looking to offer its 50,000 enterprise customers a mobile banking solution. Major concerns were security and ease of use. Commerzbank did not want users to have to download a special application or install any software. Another challenge was that all corporate payments need to be "signed" by two parties. This was a major factor in Commerzbank's desire to offer mobile banking: It wanted to enable corporate customers to authorize payments and keep business rolling along as usual from anywhere in the world. But this requirement also created the need for electronic signatures.
Many of the initial vendor solutions Commerzbank investigated required customers to install some software or hardware, especially around the signature portion. The classic electronic signature solution is a smartcard: customers have credit card-sized smartcards and install readers on their computers; when a signature is required, users scan their smartcard with the installed reader. But Commerzbank was looking for a truly mobile solution that would work from any machine without having to install a reader. Finally it found Kobil Systems.
Based in Worms, Germany, Kobil Systems has been creating secure solutions around digital identities for over a decade. The Commerzbank solution is based on Kobil's mIDentity Zero Footprint Smart Card Application technology. Housed on a pocket-sized USB key, the solution requires no software, application download or smartcard reader. Users just insert the USB key into any PC and the Firefox Web browser immediately opens to the Commerzbank's corporate banking portal. From there, the customer simply signs on. When users need to authorize payment, he or she just clicks the "sign" button and a Java applet carries out the digital signature using smartcard technology running entirely from the USB key. Since the application is stored as read-only on the USB key, it is safe from virus manipulation. The portal uses at least 128-bit SSL encryption. Users then simply sign off the portal and pocket the USB key.
Highlighting the solution's ease of use, Carsten Giftge, VP of product management for corporate banking at Commerzbank, says, "The most important feature of the solution is that the user doesn't have to install any software for the card reader access and he needs no administrator privileges." At press time, Commerz was just rolling out the solution to enterprise customers, and none were available for comment.
Teresa von Fuchs is a writer in Austin, Texas.