FMS launches trial for digital checks
In a pilot that may help the government meet a mandate to electronically issue all federal payments by next year, the Financial Management Service plans to cut its first electronic check perhaps as early as this week. During the next 18 months, FMS expects to issue as many as 1,000 digital checks p
In a pilot that may help the government meet a mandate to electronically issue all federal payments by next year, the Financial Management Service plans to cut its first electronic check perhaps as early as this week.
During the next 18 months, FMS expects to issue as many as 1,000 digital checks per day via e-mail to 50 Defense Department contractors that have volunteered to take part in the test of the new system. The program will rely on digital signatures, which will take the place of traditional pen-on-paper signatures and will be backed by a public-key infrastructure (PKI).
How the federal government processes payments to vendors will not change much. Agencies already submit requests for payments to FMS and have them verified electronically. But when FMS issues electronic checks via e-mail, the checks will be signed using encrypted "keys" that only the intended recipient— using a smart card— can decode. Then, using the smart card again, recipients will endorse the checks digitally and e-mail them to the bank.
Participants believe the pilot will boost electronic commerce by offering an easy way to make payments, an important step in helping agencies meet a legal mandate to make all federal payments electronically. Because the certificate authority for issuing keys is modeled on a set of existing business practices, it could be widely adopted by government agencies and private companies without enacting new laws first.
"Banks own the payment system and can implement a very efficient certificate infrastructure themselves for payments, which other parties cannot do,'' said Gary Grippo, program manager for electronic money at FMS.
"Anyone can pay anyone else with a check,'' said Chuck Wade, principal consultant with the BBN Technologies unit of GTE Internetworking, Cambridge, Mass., which is supplying the Treasury Department and banks with the digital keys for the project and is slated to receive the first check. While payments are "only one step in the electronic commerce cycle, it's an important step.''
Small federal contractors are the main market for this service because they find other options for receiving electronic payments too expensive or time-consuming, said Susan Landry, senior product manager for emerging payment technologies with BankBoston, the lead bank in the project.
The pilot apparently is the first to use smart cards and so-called elliptic curve (EC) encryption as the hardware and software for signing a digital document. EC technology, introduced in 1985, is more robust than other public-key cryptography methods. The technology theoretically offers more cryptographic strength in a smaller key than other encryption methods, and it is faster and requires less processing power.
David Temoshok, a General Services Administration employee who is chairman of an interagency smart card task force, said he has not followed the check pilot, but said "the idea that we test different encryption algorithms...has got to be part of the overall plan'' for developing federal smart card applications.
EC technology is relatively new and, according to encryption experts, has not yet withstood many efforts made by scientists and mathematicians to break its code. Bruce Scheiner, president of Minneapolis-based Counterpane Systems and a well-known cryptographer, said EC technology is risky because of its relative immaturity. He said FMS officials should have a sophisticated disaster recovery plan in case "some mathematician at some university" cracks the code.
"It's attractive with regard to size and performance," said Santosh Chokhani, who is president of CygnaCom Solutions Inc. and a member of an advisory committee helping to develop a federal government standard for a PKI, but "it hasn't withstood the test of time."
FMS is using software supplied by Certicom Corp. to exchange keys with check recipients.
NEXT STORY: Cybercenter Will Trace Net Intrusions