SUNNYVALE, Calif. – People turn to their credit unions for a lot of things, and in the case of one Silicon Valley entrepreneur it was to serve as the launch pad for an inexpensive smart card authentication solution for Internet banking security. Mike Angelinovich is a co-founder of Onhand Virtual Access Inc. (OHVA), which has developed what it calls its OnhandID smart card reader. The first organization to offer it is Angelinovich's own long-time CU, National 1st FCU in Sunnyvale. The smart card changes passwords constantly after its own PIN (it can also handle biometric authentication) is entered, adding a third level of security to the standard ID number and password used to access accounts online. Smart card technology, of course, is not new, but the reader and card in this case cost about $5 to $7 each, much less than the typical reader, and it plugs into the little-used microphone port on laptops and PC's. "I came out of the card industry and I had been a member of this credit union for 25 years, so I said to my co-founder, `Let me talk to Marcia about this. I've known her for years.' Well, she just jumped at the idea," Angelinovich said. "It's exciting to be involved in this," said Marcia Franks, president of National 1st FCU, which is currently rolling out the device to 100 willing members at no cost. "I've never seen anything like it," said Franks, who has been with the $157 million, 17,700-member credit union for 25 years, the past 18 as president. To get things going, Franks hooked Angelinovich up with PM Systems Corp., her Internet banking and billpay vendor, which developed the interface needed to connect the reader to the CU's online banking system. PM Systems' executives also were impressed enough with the solution that it now is offering the OnhandID solution to other credit unions. "Security is a real concern for everyone," said Robert Broadwell, vice president and co-founder of the South Carolina-based e-finance enabler, which recently converted National 1st to its WebFederal2 online banking and billpay systems. "At best, security is always a moving target. Adding an extra layer of protection with a smart card required is one of the keys helps thwart Internet-based hacking attempts and identity theft," Broadwell said. "Many members will choose to stick with the simple, two-way authentication process currently available in today's legacy systems. However, offering smart card technology as another security layer will appeal to some members because it dramatically improves security," he said. It's also quite easy to use. "Members who opt for this level of protection are issued a smart card and a reader, which plugs into the microphone port. It's not necessary to physically load software into the computer," Broadwell said. "Instead, an active-x component automatically loads from the authentication sever. This simplicity also makes the reader and the card easily transportable between computers," he said. While not everyone will want to use such an extra step, Franks thinks her membership, with National Semiconductor as its primary SEG, has a lot of people who will. "Because they're in the high-tech industry and are very knowledgeable about these things, a lot of our members have been reluctant to sign up for home banking or billpay because of password issues," Franks said. "There's just so much stealing. This is the ultimate protection," she said. She said she would eventually like to see the technology become part of the CU's standard debit card. Angelinovich said it took about 18 months to develop Onhand ID, working closely with Atmel Corp. in Colorado Springs on the chips and their modules and with HANA Microelectronics in Thailand to build the prototype readers and embed the chips in the cards. Of course, smart cards aren't particularly new. It's the economics that make this solution promising, its backers say. Smart card systems right now cost about $15 or more each. The OnhandID reader and card cost about $5 to $7 each. "Up until recently, it was not economically viable for credit unions to deploy this technology," said Broadwell at PM Systems. "Low-cost readers, cards, authentication servers and second-generation Internet banking technology have changed all this." He said he expects adoption rates to be relatively low at first, "but we think credit union CEO's will want to at least give the member the option to have a much higher level of security . as kind of a due diligence effort." "We certainly consider it due diligence on our part to be able to provide this technology. And all three credit unions I visited last week were remarkably excited after they saw a demonstration. "They all indicated that they would offer it as an option, and would not force it upon members carte blanche." -

[email protected]