The Canadian Payments Association (CPA) has partnered with IBM Canada Ltd. to create a Public Key Infrastructure (PKI) framework that will facilitate secure e-commerce payments directly from an individual’s bank account.
Under the initiative, the CPA has declared it will serve as the root Certification Authority (CA) for e-commerce payments in the country, a role entrusted to the non-profit organization by the Canadian Association Payments Act, 1980. In turn, organizations certified by the CPA will become subordinate CAs, issuing digital certificates to their customers.
“It is within our mandate to establish and operate a national clearing and settlement plan, which we have been doing,” said Bob Hammond, general manager of the CPA, from his office in Ottawa. “Two years ago, our board set up a policy group; with the rapid change in technology and the world around us, the board decided to look at new ways to facilitate payments. Rapid growth and interest in the Internet led us to this point.”
A digital certificate is an electronic document that identifies the holder. By digitally signing the certificate, the issuing CA is vouching for the authenticity of the information included in it. The identifiers on the certificates of parties involved in a transaction are then attached to messages, thereby assuring all concerned of each other’s identity and of the security of funds related to the transaction. The program is still at the embryonic stage, but an anticipated pilot launch is slated for late 2000.
“IBM’s [involvement] is as a program management consultant,” Hammond said. “They’re helping us develop the initiative, they’re not providing the software.”
The CPA boasts 135 corporate members which includes the Royal Bank, Toronto Dominion, Bank of Montreal, Bank of Nova Scotia, CIBC, and Canada Trust, along with virtually all of Canada’s non-bank, deposit-taking financial institutions. It is this membership that funds the CPA’s activities and ultimately decides how and when the program will be officially introduced to the public. There is talk that the federal government is looking to amend the Canadian Association Payments Act to include insurance companies and other finance-related firms.
“People have credit card concerns (when making on-line transactions),” Hammond added. “We want to devise a way to allow for people to pay directly from their (bank) account (while on-line).”
In its role as a CA, the CPA will be responsible for issuing the first tier of digital certificates to its membership.
Hammond added once the program has been fully implemented, consumers will have a choice between using a digital certificate and using a credit card to conduct on-line transactions.
“Consumers like convenience and choice,” he said. “We will use the most up-to-date technology (to ensure privacy and security).”
The CPA’s (www.cdnpay.ca) existing systems clear and settle transactions averaging $120 billion each business day.