Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
Security /

Fed: Old nets out; Web in

Today's breaking news
Send to a friendFeedback

By Ellen Messmer
Network World, 04/22/02

DALLAS - The Federal Reserve - 12 central banks that handle interbank transactions for 9,600 financial institutions - last week said it intends to eventually ditch its proprietary applications, dial-up and even its SNA network in favor of using the Internet. That transition should be well under way by year-end, officials say.

Among the factors prompting this move is a detailed study by the Fed - the first update since 1979 - that shows electronic payments are soaring while use of paper checks may have topped out. The growth in Automated Clearing House (ACH) payments, the type of electronic payment the Fed processes, will require a new generation of high-speed networks and a better way to share business data through "open systems," according to Fed executives.

The Fed's decision-makers say a new network based on the Internet will offer easier access to banks and their corporate customers for processing payments and obtaining historical data needed to resolve routine conflicts.

However, putting large-scale money-processing on the Web raises serious security concerns about hackers and hybrid-worm threats damaging monetary-transaction flows. Fed officials acknowledge they have no concrete plan for handling the authentication of online identity for the Web-based processing they want to begin this year.

Nor is the Fed alone in its quandary over security. Pay.gov, a government Web site supporting ACH-based transactions, is struggling with ACH authentication. The Department of the Treasury's Financial Management Service runs that site.

According to Pay.gov program manager Greg Till, the Web site whose ACH processing is handled by the Federal Reserve Bank of Cleveland, is "operating in limited fashion" as it tries to figure out authentication procedures. Currently, only a limited number of personnel from the Department of Veterans Affairs and the Bureau of Alcohol, Tobacco and Firearms use the site under what Till calls "the friends and family" privacy method of carefully dispensing passwords to known agencies and businesses.

"We understand the risks, and we're thinking about reliability and security," said Bill Burouski, senior vice president at the Federal Reserve Bank of Chicago, who joined other Fed executives at last week's Payments 2002 conference in Dallas to discuss this embrace of online processing.

The Fed considers one of the strongest forms of authentication, digital certificates, as too "cumbersome" after testing them during Web services pilot projects with about 100 financial institutions.

The Fed may adopt just simple passwords or perhaps the stronger authentication provided by smart cards and token-based authentication, Burouski said.

"All of us are going to have to think hard about risks and mitigation," said Sally Green, executive vice president at the Federal Reserve Bank of Boston.

Moving to open systems poses a greater security challenge than do the old terminals used to access the Fed network today, she acknowledges.

Green said the Fed has decided to abandon the development of an expensive Windows-based application it had worked on for years to replace the Fed's older DOS-based payments programs. The DOS-based programs are still put to use on terminals among banks today.

"We have chosen not to roll out our Fedline for Windows product and instead will go directly to Web-based services," Green said. "Historically, we've used proprietary hardware, software and services, but the Web will allow us to reach more users in more locations."

The Federal Reserve, and banks in general, are surprised by the results of the Fed's just-released study of the volume of checks and electronic payments made in the U.S. in 2000. That study has many in this community thinking they will miss the e-commerce payments wave unless they quickly get on board and take advantage of processing on the Web.

The study shows that there were 49.6 billion checks worth a total of $47.7 trillion written in 2000, as opposed to the 32 billion checks worth $24 trillion written in 1979. The surprise is that the share of checks to electronic payments has declined from 85% in 1979 to about 60% in 2000.

The term "electronic payments" refers to credit and debit cards, ACH and Electronic Benefits Transfer (used in government financial assistance programs). ACH accounted for 78% of electronic-payment dollars and 19% of transaction volumes.

"I'm seeing a pace of change unlike any in my experience," said Cathy Minehan, president of the Federal Reserve Bank of Boston.

"The payments system we've known for so long may be disappearing. Electronic payments are on the cusp of becoming the dominant payment. But are we ready for it?" Minehan asks.

"The Fed identified 18 billion checks that could be replaced each year by ACH," says Janet Boyst, senior vice president at Wachovia Bank and a board member of the National Clearing House Association (NACHA), the organization that sets rules for ACH. With the Web growing in importance in payments processing,

NACHA last week said it would launch its own study to better define security requirements for next-generation ACH networks.

NACHA already took its first step in this arena last March when it issued NACHA Web Payments Rules for authorizing consumer debit over the Web. Companies have started to use ACH in Web transactions.

DaimlerChrysler now offers a way for car buyers to pay each month at its Web site by initiating a debit payment for the car loan. It outsourced the ACH payment function to Fort Knox National Company (FKNC). Customers paying loans online are transferred to a Web page at the FKNC Web site that looks like the Daimler-Chrysler Web site. FKNC collects the ACH authorization for the money to be transferred from the customer's bank account after the buyer authenticates his identity.

That authentication is actually a "shared secret" known by the buyer and Daimler-Chrysler, said Karen Brewster, manager of lockbox control at Daimler-Chrysler Financial Services, who spoke on the topic at Payments 2002.

After the ACH debit is authorized, the customer gets an e-mail confirming that the funds were withdrawn from his account.

Priscilla Capes, executive vice president at FKNC, said the NACHA rules for the Web so far require that each session between buyer and the site must be encrypted by 128-bit Secure Sockets Layer and have in place a "fraudulent-transaction detection system," in addition to an annual security audit.

RELATED LINKS

Contact Senior Editor Ellen Messmer

Other recent articles by Messmer

Deutsche Bank's ACH struggle

National Clearing House Association

Federal Reserve Financial Services


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.