Bank of America and VeriSign announced Thursday that they are completing the first phase of the National Automated Clearing House Association’s Certification Authority Interoperability Pilot — an initiative designed to facilitate secure Internet commerce applications between banks, merchants and consumers.
The pilot is testing the use of digital certificates for digitally signing authorization agreements to debit users’ accounts for recurring payments via the Automated Clearing House (ACH). As a part of this pilot, Bank of America is one of the first financial institutions to take advantage of the Online Certificate Status Protocol (OCSP), a new protocol being established by the Internet Engineering Task Force (IETF) that allows a merchant to obtain the status of a consumer’s digital certificate online in real time.
Merchants will rely on their respective financial institutions to obtain validation of digital certificates issued to consumers of participating financial institutions. This validation is accomplished via Internet interaction between the consumers’ and merchants’ financial institutions. The BofA/VeriSign pilot will be analyzed to modify and further develop operating rules and business practices for use of broader, multi-purpose digital certificates within the banking industry.
“Bank of America’s participation in this pilot illustrates our commitment to providing leading-edge Internet technology solutions to our customers,” said Elizabeth Ghekiere, senior vice president of electronic commerce with Bank of America’s Interactive Banking division. “Working with the VeriSign OnSite solution, Bank of America will be able to provide both consumers and merchants with the necessary trust to conduct secure transactions via the Internet in real-time.”
Under today’s paper-based ACH system, consumers wishing to have their accounts debited for recurring payments — such as mortgages, utility bills and insurance premiums — must sign paper-based pre-authorization agreements. The consumer’s financial institution then approves these requests using the ACH network, a highly secure, reliable and efficient electronic payments system that links America’s banks to the nationwide electronic payment and collection infrastructure. Standardized by the US Federal Government in the mid-1970s to handle exploding check volumes, the ACH has become the backbone of the nation’s electronic payments system. This pilot program will be instrumental in advancing the ACH by bringing it onto the Internet.
In this pilot project, Bank of America is issuing digital certificates to pilot “consumers” (members of the NACHA Internet Council). Specially selected pilot users are provided with an easy-to-use, intuitive Web interface to obtain digital certificates, enabling the digital signing of authorizations over the Internet to debit test accounts via the ACH network. The pilot merchant [Science Applications International Corporation (SAIC)] receives the authorizations and certificates via the Internet and then relies on its financial institution, Bank of America, to obtain validation of the certificates. Validation is accomplished via Internet interaction between Bank of America as the merchant’s bank and the consumer’s financial institution using the OCSP.
“Bank of America has achieved a milestone in financial services with its implementation of this digital certificate pilot,” said Richard Yanowitch, vice president of marketing at VeriSign. “By leveraging the encryption and user authentication provided by digital certificates and signatures, Bank of America’s pilot merchant and test users benefit from the greatest degree of online security available to date while also taking advantage of the convenience and cost-effectiveness of the Internet.”
By selecting the VeriSign OnSite solution, Bank of America gains the ability to deploy digital certificates to a wide range of consumer and corporate customers. VeriSign has delivered the software and back-end processing services necessary for BofA to establish itself as a large-scale digital certificate authority.
As part of their NACHA pilot program, Bank of America and VeriSign will utilize the Online Certificate Status Protocol (OCSP) to communicate with other financial institutions and determine the status of an identified certificate in real-time. In the pilot, test merchants can issue a request to Bank of America regarding the revocation status of a specific digital certificate that was received from a test consumer. Using OCSP, Bank of America can then immediately send a real-time response to the test merchant informing them whether or not that digital certificate has been revoked, facilitating online commerce that over the Internet and private networks. VeriSign’s enterprise PKI solutions are available through VeriSign regional account representatives, resellers, and is both secure and fast.
About Bank of America
BankAmerica Corporation and its major banking subsidiary, Bank of America NT&SA, operate nearly 1,800 retail branch offices in nine states and more than 7,500 Versateller ATMs. Bank of America can be reached on the Internet at http://www.bankamerica.com and on America Online at Keyword: BofA. After the planned merger with NationsBank Corporation — which is subject to regulatory and shareholder approval and expected to close at the end of third-quarter 1998 — the new BankAmerica will have relationships with 29 million households in 22 states and Washington, D.C., and two million businesses throughout the world. Pro Forma total assets for the two companies at June 30, 1998, was $573 billion. The new company will have operations in 38 countries and America’s largest branch and ATM networks, with 4,800 branches and nearly 15,000 ATMs.
VeriSign, Inc. is the leading provider of Public Key Infrastructure (PKI) and digital certificate solutions used by enterprises, Web sites and consumers to conduct secure communications and transactions global affiliates. The company’s Digital IDs and Secure Server IDs are available through the company’s Web site at http://www.verisign.com. For more information visit VeriSign’s Web site at .