Faster Internet access for Migros Bank customers

English | Deutsch

Zurich, Switzerland, 12 July 2001—Migros Bank has issued chip cards with digital certificates for Internet banking to 1,000 selected customers. This pilot program, which will run through the autumn of 2001, allows customers to access their accounts by means of a modern Java smart card that contains a personal certificate. This eliminates the need for a strike-off list of additional passwords. The solution was developed in close cooperation with IBM Switzerland and IBM's Research Laboratory in Rüschlikon.

Migros Bank is one of the first financial institutions to introduce an innovative Java card authentication solution. Using a multiapplication smart card with a personal certificate stored on its chip, customers can perform Internet banking without the strike-off list of additional passwords. Although the current three-step access verification method calling for a contract number, password, and strike-off list (or some other kind of disposable password) offers customers secure access, it is rather impractical. The new technology developed at IBM's Research Laboratory in Rüschlikon ensures the legitimate customer sole telebanking access to account and stock depot data. It is as secure as the current system, but faster and much more convenient.

Electronic identification card

Chip cards or smart cards are an ideal medium for valuable certificates because they combine optimal protection from unauthorized access with the utmost mobility. The M-CARD, a multiapplication Java card, is compatible with the "Visa Open Platform" specification. Its powerful processor chip is able to communicate in an intelligent and fraud-protected manner with external devices. Hence the smart card lends itself to many different uses because it combines three basic functions in one card: it identifies the card owner, grants him or her access to an Internet account via PIN code, and can be used for making payments. As the use of chip cards requires special reader hardware on the user's PC, card readers were issued to the 1,000 test customers as part of the pilot project, along with an installation CD and a user's manual.

Secure private key

The smart cards contain a crypto-coprocessor. The pair of keys necessary for the certificate is generated by the bank in a so-called black box, a procedure that ensures the highest security. Even when in use, the key never leaves the card, which makes it fraud-proof by the very latest standards. As customers are already known to the bank, elaborate enrollment procedures are superfluous, which greatly shortens the time necessary to issue the cards.

The pilot project will run through the autumn of 2001. Migros Bank will then evaluate whether and in what form it will provide its customers with smart card-based banking services. Fritz Reich, CIO of Migros Bank, explains, "As an innovative bank, we want to exploit today's new technologies so that customers can communicate with us in a faster, simpler and yet absolutely secure manner. We will continue to develop this technology and plan to enable even more services with this card." Migros is banking on the new Internet Java card to help it remain at the forefront of modern technology, to enhance customer satisfaction, and thus to encourage customer loyalty.