Case Study: The Fastnet online banking system utilising Microsoft's Server Gate Cryptography (SGC)

Feature

Case Study: The Fastnet online banking system utilising Microsoft's Server Gate Cryptography (SGC)

When customers demanded a secure, convenient banking service over the Internet, ASB Bank responded by launching the Fastnet online banking system

ASB Bank (ASB), one of New Zealand's most renowned banks, has been in operation for over 150 years. Its longevity has never been a source of complacency; in fact, the company endeavours to consistently provide its customers with progressive banking technology. It was the first New Zealand bank to install a computer system linking its head office with its branch offices; one of the first to deploy point-of-sale banking machines allowing customers to purchase goods and services using a debit card; and the first in New Zealand to introduce telephone banking services.

With the Internet explosion in the mid 1990s and the consequent opportunities afforded by the advancing technology, ASB decided to exploit the phenomena to consolidate its position as industry leaders. It established an Internet Banking Services (IBS) programme providing information, banking services, product access and transactional utilities to both retail and commercial customers. Jeremy Dean, chief manager, Electronic Banking says: "We realised the need to embrace online services in October 1995 to protect our position as a technology leader."

Opportunities on the Internet

In order to become familiar with Internet technology and their customers' online needs, the ASB initially decided to provide a corporate website. Its website, www.asbbank.co.nz, profiled the bank and its customers. It enabled it to learn how to manage Internet development, maintain ongoing programs to update content and functionality and keep the lid on internal support costs. "Working on the corporate website, we learned how to present to, and interact with, customers on-line. We learned how to express our brand and how to manage a dialogue in that environment," says Dean.

Once the bank felt that it had mastered the intricacies of web technology, it progressed to Fastnet, an IBS (Internet Banking Service) that allows customers, worldwide, to check balances and statements, transfer funds and make bill payments. ASB chose to install the service on Microsoft Windows NT Server 4.0, using its Internet Information Server to provide web hosting services because "We wanted to build on a strong, secure, reliable platform," says Dean.

After a period of testing, the site went public in April 1996. "As a result of that we discovered that our intuitions about the value of online business services were correct," says Dean. "We flushed out the challenges and changed technologies. We then committed to launching a full Internet-based service, and did so in mid 1997, providing customers with a facility that was not only truly useful, but also far in advance of what other New Zealand banks were then able to offer."

Security

The proliferation of the Internet and the advances in technology has led to an increase in data traffic over public and private networks. This increased connectivity, although an asset, has, in turn, led to increased breaches of security and higher incidents of fraud. ASB recognised that if it wanted to ensure that its online banking service remained a viable banking alternative, it would have to place as much emphasis on security as it had on innovation and user convenience. It had to ensure that the encryption software incorporated into their online banking system provided the strongest security available.

"We established early on that 128-bit cryptography was the minimum level of security that we were comfortable with," says Dean. The more digits in the key, the harder it is for a hacker to intercept digitally transferred information. "We trailled alternate security technologies, but customer feedback showed that these approaches were cumbersome. We then searched far and wide for the best security we could find and finally settled on Microsoft's Server Gated Cryptography with 128-bit security," says Dean. The project was a success.

Future developments

Building on the success of Fastnet, ASB is in the process of augmenting its online activities and later this year will launch Access On-Line, an online activity allowing merchants to quickly and securely process customers' credit card charges. Like Fastnet, Access On-Line uses Server Gated Cryptography to provide 128-bit security for merchant and e-commerce transaction applications.

"Where Fastnet adds value to our relationship with traditional retail customers, Access On-Line adds value to our relationship with merchants," explains Dean. "We recognised that merchants and commercial organisations wished to collect, process and have credit card transactions authorised securely over the Internet and we felt that there was a role for the bank to play in that area," says Dean.

Access On-line acts as an intermediary between the merchant and the card issuer. When the customer hits the "pay" button at an Internet commerce site and provides his credit card number, the merchant establishes a secure session with the bank, using SGC. Access On-line then gets the card number and expiration date and presents them to the card issuer via a separate SGC session. The issuer provides an authorisation number to the Access On-line server, which relays it to the merchant. The end result is fast e-commerce transactions for the customer, with complete security for the customer, the merchant and the card issuer.

"We now better understand how business-to-business and business-to-consumer transactions will be conducted on the Web," says Dean. "You might say that our early incumbency of the position as technology leader has presented us with a number of learning opportunities."

( Microsoft 1999

Compiled by Arlene Martin


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

This was first published in September 1999

 

COMMENTS powered by Disqus  //  Commenting policy