Don’t worry about people stealing your ideas. If your ideas are any good, you’ll have to ram them down people’s throats.

Howard Aiken, primary engineer behind the Harvard Mark I.

On Wednesday, April 16, I am presenting Tractis at Suscipe.

Suscipe is a forum for entrepreneurs coorganized by the student associations in Spain of the London Business School, the Massachusetts Institute of Technology (MIT), and the Standford University, as well as by the Association of former interns of “la Caixa”, in collaboration with the Escuela Técnica Superior de Ingenieros Industriales de la Universidad Politécnica de Madrid.

The following is event’s program (pdf). The event is free of charge and you can attend only the parts you are interested in:

• 19:15: Innovative Project: Tractis
• 20:00: Special Guest: Angel Iglesias, founder of Ikusi, a Spanish company with over 700 employees present in more than 80 countries
• 21:15: Networking event

My presentation will be focused on the project itself, whereas Angel Iglesias will talk about his activity and entrepreneurial experience. The event will take place in the Escuela Técnica Superior de Ingenieros Industriales de Madrid, Room 3 (c/ José Gutierrez Abascal 2. Zona Paseo Castellana - Nuevos Ministerios).

Francisco Hernández, one of Suscipe’s coordinators, told me that 113 people have already confirmed their assistance, but there is still room for more. Whether you use Tractis or not, if you are starting your own project, or are interested in spending some time with people that want to make a difference, I will be happy to meet you in person.

Update 2008.05.26: The organizers at Suscipe have just uploaded the video of the presentation of Tractis.

Although somewhat late, I am happy to announce the winners of the 4th Edition of the Glider Awards (December 2007).

The Glider Awards are the awards Negonation gives its most valuable collaborators. What’s new to this edition is that all awards have been decided by the Negonation staff (vs. collaborators votes in past editions). This comes in response to a strategy that we have been following since mid last year in order to decrease the number of collaborators and increase the intensity of the collaboration with a few.

The first winner, with an award of 1000 €, is José Luis Gordo Romero. José Gordo is a regular winner of these awards: he already received recognition in past editions and, this time, he’s won first place again, being the first collaborator in Tractis history who has received the title of Glider Hacker twice (the first time being in the first edition of the Awards). Over the past few months –actually, since the beginning of the project–José has been helping us on a regular basis with system administration, server configuration, server certificates, DNS administration, back-ups, etc. Working with him is a real pleasure. He is professional, competent, and honors all of his commitments. Tractis wouldn’t be the same without you, José!

The second Glider Award, also worth 1000 €, goes to Choan Gálvez. We met Choan through Diego Lafuente, our Creative Director. Choan is a true magician of javascript and the creator of Protomean–the contract editor used in Tractis. In addition to handling himself really well in the, poorly documented, javascript world, Choan is an enthusiast of short stories and board games.

Despite not receiving a prize in cash, a special mention goes to Tatiana Nubiola, our linguistic guru, guardian of the style guide and enthusiast of the Academy of the Spanish Language and its dictionaries. She is responsible for most of the English translations and copy choices you see in Tractis. This makes Tatiana the first collaborator awarded with a Glider that (1) is a woman, (2) lives abroad (NY State, for those of you who were wondering), and (3) doesn’t program a single line of code. Tatiana is proof that you don’t need to know how to program to be a hacker.

Congratulations to the winners!

PS I apologize for the late post, I promise to post sooner next time.

This is the third post in the series entitled “Smart cards in Europe”. In the introductory post, we affirmed that Europe is about to receive 1 billion “smart cards with strong authentication and digital signature capabilities” which have the potential to change the way we do electronic commerce. The source of the card avalanche is two-fold:

1. Smart cards issued by governments to identify their citizens (Electrionic Identification Cards: e-IDs).
2. Smart cards issued by banks to substitute magnetic strip cards (EMVs).

This third post describes the second type. We’ve analysed the situation in 31 european countries (EU-27 plus Liechtenstein, Iceland, Norway and Switzerland). This is what we’ve found:

In 2010, all European bank cards, some 590 million of them, will be smart cards (EMVs) with strong authentication and digital signature capabilities.

If you don’t believe us, read on:

European banks that plan to launch EMV smart cards

Short answer: all of them.

In 2000 the European Commission decided that to foster innovation (Lisbon Agenda) the single market must make it easier to move money around the EU. Specifically, cross-border payments should not cost more than domestic payments. In other words, you can use your bank card in another EU country and they won’t charge you any more commission to withdraw money as they do in your home country. This initiative is known as the Single Euro Payment Area or SEPA. The SEPA zone encompasses 31 european countries (EU-27 plus Liechtenstein, Iceland, Norway and Switzerland).

To make SEPA a reality, all the EU banks need to agree on the same standards and implement the same procedures to ensure interoperability at the moment of accepting a card. To give an example, a cash machine (ATM) in Austria should be capable of accepting and understanding a card issued by an Italian bank. Said and done: the standard was developed by Europay, Mastercard and Visa and they called it EMV (the initials of the three companies). EMV will mean that there will be no difference between national and transfers within Europe. EMV will make SEPA a reality - meaning cheaper payments and faster money transfers between countries in the eurozone.

The EMV standard is based on “Smart cards with a microprocessor chip” and this microprocessor chip is capable of storing not just financial applications (EMV) but also other types of application such as strong authentication and digital signature. As you can see, EMV cards are (or have the capability to be) similar in functionality to eID smart cards. The only difference is that they are issued by a bank instead of a government.

EMV deployment phases in Europe

The banks of these 31 countries are obliged by SEPA to migrate all their magnetic strip cards to EMV smart cards. They have from January 2008 to 31st December 2010 to do the migration.

Experts consider that most of these countries will have completed the migration to EMV by 2009, one year before the deadline:

• 2006: United Kingdom has already completed 90-100%. France 50-90%. Rest 10-50%.
• 2007: United Kingdom and France will have completed 90-100%. Rest 50% to 90%.
• 2008: All will have completed 90-100%, except for Germany, which will have completed 50-90%.
• 2009: All will have completed 90-100% of migration to EMV.

Conclusions

If you live in Europe, you will soon have an EMV smart card in your pocket.
Europe is the undisputed leader at global level in EMV deployment (since 2002 - see slides 3 and 5 of this presentation). Europe has more than 50% of the total number of smart cards in the world (of the 590 million smart cards worldwide, 300 million are in Europe). Europe has more smart cards than magnetic strip cards (of the 587 million bank cards in Europe, 300 million are smart cards). The obligations imposed by SEPA on European banks mean that Europe will increase this lead.

We’re not saying that all EMV cards will be capable of digital signature (like the majority of eID cards). We are saying that (1) if the banks want to use it, the technology is there and (2) many do plan on using it. In our conversations with the main card issuers in Spain, the majority have plans to incorporate signature certificates in the chips. The objective is that the client identifies his/her self and signs online with a card and the look and feel of the bank. Once the adverts start, it’s difficult to imagine the rest of the banks failing to offer the same functionality.

EMV around the world

Europe is not alone: Banks in various countries are migrating their magnetic strip cards to EMV smart cards (Turkey, Brazil, Taiwan, Japan, Malaysia etc.).

As of year-end 2006 there were 3 billion bank cards in circulation. Of these, between 515 (source: GIA Cartes Bancaires) and 590 million (source: Deutsche Bank) were microprocessor smart cards:

• Europe: 300 million smart cards.
• Asia/Pacific: 150 million smart cards.
• South America: 140 million smart cards.
• USA: Has no EMV-compliant cards and, as with e-ID cards, is reluctant to introduce them.

Given the benefits of smart cards, it is just a matter of time before banks around the world change from magnetic strip to smart cards. The growth potential in this sector lies in the prospective migration of the 2.5 billion magnetic strip cards in circulation. Deutsche Bank estimates smart card growth of 18% CAGR in the payments industry between 2006 and 2010. In 2006 430 million smart cards were sold - 12% penetration, with France and Germany leading the way. In 2007 544 million were expected to have been sold (34% attributable just to EMV migration). In 2010, 600 million smart cards are expected to be sold every year with 26% penetration.

By 2010 there will be 830 million EMV cards in Europe, Asia and Latin America.

Something is changing, don’t you think?

Next post (and the last in the series): “Smart cards in Europe: Conclusions”.

This is the second in a collection of posts titled “Smart Cards in Europe”. In the introductory post we said that Europe is about to receive 1 billion “Smart Cards capable of strong authentication and digital signatures”. An event which has the potential to transform the way we do e-commerce. The origin of this avalanche is two-fold:

1. Smart Cards issued by governments in order to identify their citizens (”Electronic IDentification Cards” or “e-IDs”).
2. Smart Cards issued by banks to replace magnetic strip bank cards (”EMVs”).

This second post focus on the first case. We have analyzed the current status of e-ID implementations in 32 European countries, representing 565 million people (source: Eurostat). Our findings can be summarized as follows:

By 2010, 437 million people (82% of the European population) will live in countries with electronic ID cards (e-IDs).

If you don’t believe us, keep on reading:

Countries in Europe that already have an e-ID scheme

Ten countries, representing 153 million inhabitants (27% of the European population):

1. Spain (44,474,600): Spain started to introduce an e-ID sheme ( DNI electrónico ) in March 2006. As of November 2007 a total of 1,500,000 e-IDs had been issued. From December 2007 e-IDs will be issued throughout Spain. Projections are: 6.5 million e-IDs issued by December 2008 and 18 million by December 2009. Besides the electronic ID, Spain also has 14 commercial certification authorities (lawyers, notaries, registrars, regional governments, banks, etc.). See also physical description, demo and video of the DNIe.
2. Italy (58,751,711): Having completed two experimental phases in 2003 and 2004, Italy is currently deploying its Carta d’identità elettronica (CIE). By October 2005 2 million CIEs had been issued. The aim is to replace 40 million conventional ID cards by 2011 at a rate of 8 million per year. Apart from the CIE, Italy has 19 commercial certification authorities.
3. Portugal (10,569,600): Following the initial introduction of e-ID cards in February 2007, Portugal is preparing to start a full-scale rollout in 2008 and expects to issue 2 million Cartão de Cidadão per year. By July 2008 the new e-ID should be available throughout the country. Portugal also has 1 commercial certification authority.
4. Belgium (10,511,400): Belgium started deployment of its eID in September 2004. To date, 6,500,000 eIDs have been issued. Plans are to reach 8,000,000 by December 2009. Belgium has 2 commercial certification authorities. The Belgian government also issues e-IDs to minors and non-nationals.
5. Sweden (9,047,800): Sweden began to introduce its nationellt identitetskort in October 2005. So far, some 3,000,000 e-IDs have been issued (almost all in software format). Sweden is a special case in that e-IDs are not issued by the government but by authorized companies (banks, system integrators, etc.).
6. Austria (8,265,900): The rollout started in 2000 and is already complete. There are some 8,000,000 Bürgerkarte (citizen cards) in circulation. An original feature in this case is that there is no “one” type of e-ID: an e-ID can be stored in government-issued cards, bank cards or SIM cards.
7. Finland (5,255,580): The Finnish e-ID, or FINEID , like the Austrian one, can be stored in smart cards, bank cards or SIM cards. It was launched in 1999 but did not include an electronic signature until 2004. The Finnish government announced plans to issue around 135,000 FINEIDs by the end of 2007. Citizens who so wish may include their health insurance information in their FINEID.
8. Estonia (1,344,700): Estonia is probably the most advanced country in Europe in the adoption of electronic signatures by the general population. The Estonian ID-Card was launched in January 2002 and today is used by more than 1,000,000 citizens (almost 90% of the population). The Estonian government is working to create a Mobile-ID, so that the certificate can be stored in mobile devices.
9. Norway (4,770,000): Norway’s main commercial certification authorities are Telenor and the banks. Norwegians can obtain their e-ID from lottery offices, social security offices and banks. The certification authorities responsible for issuing certificates are ZebSign and BankID.
10. Iceland (307,700): The Icelandic government has reached an agreement with the banks under which all debit cards issued after the end of 2007 will incorporate government e-IDs.

Countries in Europe that are planning to launch e-IDs in 2008

Eight countries, representing 184 million inhabitants (32% of the European population):

1. Germany (82,438,000): Germany has declared on various occasions that it intends to deploy its Digital IDCard in 2008, which will include the ability to use pseudonyms online. Germany has 8 commercial certification authorities.
2. France (62,518,600): After various delays (to incorporate feedback from the public), France has stated its intention to put its Identité Nationale Electronique Sécurisée (INES) into effect in 2008. The plan is to include electronic signatures, although the first generation of cards may not have this functionality. France has 11 commercial certification authorities.
3. Netherlands (16,357,992): The Dutch DigiD service offers three levels of security: low (username & password), medium (SMS authentication) and high (on-card PKI). So far, 6 million citizens use low DigiD for authentication, while 2 million use medium DigiD. The high-security DigiD, known as eNIK , may be introduced in 2008. The Netherlands has 4 commercial certification authorities.
4. Hungary (10,076,600): Requirements and specifications for the development of the Hungarian e-ID, HUNEID, and its prototype implementation were published at the end of 2004. Introduction is expected in January 2008.
5. Bulgaria (7,679,200): Following the optimistic government announcement that issuance of e-IDs would start in 2007, the rollout is now expected to start in 2008. The Bulgarian Government owns 1 commercial certification authority, which is authorized to issue digital certificates to citizens.
6. Latvia (2,291,000): Following the passing of e-ID regulations by the Latvian Council of Ministers, the introduction of e-IDs is scheduled for 2008. Latvia has 1 commercial certification authority.
7. Slovenia (2,003,400): The Slovenian e-ID project was officially launched in February 2003 but was then suspended. A fresh start is expected in 2007-2008. Slovenia has 4 commercial certification authorities.
8. Malta (404,346): Malta is taking a four-pronged approach to the deployment of electronic IDs. The third phase started in 2007. All that remains is the fourth stage, which includes the issue of e-ID cards. Everything suggests this could happen in 2008.

Countries that are planning to launch e-ID schemes after 2008

Seven countries, representing 134 million inhabitants (23% of the European population):

1. United Kingdom (60,393,100): The National Identity Scheme is currently under development by the UK Identity and Passport Service (IPS). Its main goal is to introduce e-ID cards in the UK. Procurement of e-ID cards has already started and suppliers will be selected in May 2008. The first e-IDs are expected to be issued to British citizens in 2009 or 2010. The United Kingdom also has 4 commercial certification authorities.
2. Ireland (4,209,000): In June 2004 the Irish government established the framework for Public Service Cards(PSC), which will be used for authentication and electronic identification. Following Portugal’s example, the PSC will include a range of functions (social services, medical card, etc.).
3. Poland (38,518,241): Poland is studying the possibility of introducing an e-ID card, known as a Multifunctional Personal Document (MPD), to replace a variety of identity cards. Poland is aware of the need for an e-ID and is undecided whether to set up a new state-owned CA to issue MPDs or to delegate the role to commercial CAs. Changes in the law are needed. Poland has 4 commercial certification authorities.
4. Romania (21,610,200): Romania has started to work on e-IDs and biometric passports and has already issued an international invitation to tender for these projects. Romania has 5 commercial certification authorities.
5. Slovakia (5,389,100): The Slovakian government has plans to introduce e-IDs (called “BIFO”) and passports. Slovakia has 9 commercial certification authorities. Since March 2007, Slovakian citizens holding a digital certificate have had 1,000 “contact points” where they can sign electronically.
6. Lithuania (3,403,300): No e-IDs have been issued as yet, but the government is treating e-IDs as a priority. The Lithuanian e-ID will be multifunctional (government, health, loyalty programs, tickets, etc.). It is thought that it could be launched in 2009-2010. Lithuania has 1 commercial certification authority. To popularize electronic signatures, the government will issue 300,000 certificates to citizens completely free of charge before 2009.
7. Cyprus (766,414): The government of Cyprus has stated its intention to issue e-IDs but has provided no further information.

Countries that have no plans to launch e-ID schemes but that have commercial certification authorities

Three countries, representing 83 million inhabitants (14% of the European population):

1. Turkey (72,500,000): Turkey has 3 commercial certification authorities.
2. Czech Republic (10,251,790): The Czech Republic has 3 commercial certification authorities.
3. Luxembourg (480,222): Luxembourg has 1 commercial certification authority.

Countries that have no plans to launch e-ID schemes and no commercial certification authorities

Four countries, representing 21 million inhabitants (4% of the European population):

1. Greece (11,125,200): The Greek government has plans to create 5 government-owned certification authorities.
2. Denmark (5,427,400).
3. Croatia (4,442,803).
4. Liechtenstein (34,905).

Conclusion

In Europe, in terms of population:

• 27% of the population of the 32 European countries lives in a country that has an e-ID scheme (at varying stages of implementation).
• 32% lives in a country that is planning to launch e-IDs in 2008.
• 23% lives in a country that is planning to launch e-IDs after 2008.
• 14% lives in a country that has no plans to launch e-IDs but that does have commercial certification authorities.
• 4% lives in a country that has no plans to launch e-IDs and no commercial CAs.

Europe is not alone: Various countries have started issuing national identity cards in the form of e-ID smart cards (China, Qatar, Morocco, Thailand, Hong Kong, Oman, etc.). Some are planning to do so in the near future (Peru, Argentina, Brazil, Mexico, etc.). Others are considering the possibility (U.S.A., Russia, etc.). Although eID is a small segment of the overal smart card market, all the experts agree that it has the strongest growth prospects (21% CAGR) and is likely to grow dramatically over the next few years. Of all the emerging new applications of smart cards this is the largest market because the number of ID cards in circulation (worldwide, 1 in 2 people has an ID card, i.e. 3 trillion IDs) is much greater than the number of passports (1 in 10 people), transport cards (1 in 3), or driving licenses. According to the “Deutsche Bank Smart Cards report 2007″, e-ID smart cards in the “Other: Government ID, Passport, Health, Transport” category had 7% penetration worldwide in 2006. Projections are that an average of 400 million e-ID smart cards will be issued each year, reaching 17% penetration in 2010. If these projections are met:

In 2015, 84% of people with an ID will have an e-ID.

Something is changing, don’t you think?

Next post: Smart Cards in Europe: EMV Avalanche.

What is a smart card?

It is a card, similar to a credit card, that includes a chip/microcomputer capable of executing different types of applications including “authentication” and “digital signature”.

This is a smart card issued by the Portugese government:

This is a smart card issued by a Belgian bank:

This is a smart card issued by a German telecommunications firm:

The main idea: many different organizations in many different companies issue many different smart cards.

There are two types of smart card, depending on the type of chip:

• Smart card with memory chip: cheaper. Contain only non-volatile memory, perform a single function and don’t process data. Not capable of performing digital signature. Used predominantly in transport, PayTV, corporate security, pre-paid telephones, loyalty programs etc. This type of card is becoming obsolete. They represent 4% of the market (by value) and demand is increasing but only in single-digit figures.
• Smart card with microprocessor chip: more expensive. They are a type of mini-computer that includes processor, memory and an operating system on the chip. Can be single- or multi-application, in which case, the microprocessor is capable of running different applications, including authentication and digital signature. Predominately used in government (”e-IDs”), banking (”EMV”) and telecommunications (”SIM”), health etc. applications. Microprocessor cards represent the future of smart cards. They are applicable to a wide range of sectors, a large part of which are in the early phases of development. They represent 96% of the market (by value) and demand keeps rising.

Why should I care?

Because a smart card with a microprocessor chip allows strong authentication (verification of identity) and digital signature. Both (authentication and signature) are extremely powerful tools which will soon become ubiquitous. The massive deployment of smart cards with authentication and digital signature have the potential to change the way we interact on the Internet, do electronic commerce and how we deal with anonymity and privacy online.

And there’s more. Europe, for technological and legislative reasons, is at the centre of the tsunami:

1. Technology: Europe has (and will have) the highest concentration of smart cards capable of digital signature in the world. It’s not just that Europe has more than 50% of the smart cards in the world (300 million according to “Deutsche Bank Smart Cards report 2007″) but also that, as we’ll demonstrate in this series of posts, it is about to receive 1 billion smart cards with microprocessors issued by governments and banks.
2. Legislation: European directive 1999/93/CE on digital signature names “qualified digital signature” as the most advanced form of digital signature and gives it the same effect as a hand-written signature. For a digital signature to have “qualified” status, it should be generated by a “Secure Signature Creation Device” like, for example (you’ve guessed it) the chip on a smart card. And yes, you read that correctly - “the same effect as a hand-written signature”. So, the discussions as to whether the technology is secure or not are irrelevant. The law, by default, assumes that it is. If one of the parties denounces the signature, they bear the responsibility of proof i.e. they must demonstrate that the technology and processes used in the qualified digital signature were not secure (I’ll save you the suspense…no one is going to do this). A technology blessed by the law. Checkmate. End of discussion. We’ve studied 30 countries (the EU-27 plus Croatia, Turkey and Liechtenstein) and they’ve all implemented the directive. In summary, Europe enjoys uniform “qualified digital signature” legislation that gives the same power to digital signatures as hand-written ones.

The massive deployment of smart cards with digital signature backed up by the law promises great benefits (more agile relationships with government, secure electronic commerce, lower bank commissions…) but also serious implications for your rights and liberties as a citizen and consumer. Surprisingly, whether it’s for lack of knowledge, incredulity or voluntary blindness, this matter is not receiving the attention it deserves from the internet community.

We all know what happens when you don’t make a decision: reality decides for you.

Why is no one talking about this?

There are three reasons:

1. Whether we like it or not, the “conscience” of the internet, the A-list bloggers, the main thinkers and analysers of the net are in the USA. Whether we like it or not, europeans typically echo the movements, initiatives and debates that are generated in the USA and there they don’t know, understand or care what happens in Europe.
2. The majority of Europeans think that this is nothing new. Smart cards have been in circulation for years and nothing bad has happened. They don’t understand that they are thinking of smart cards with memory chips and not the microprocessor type. They look the same from the outside but inside they’re not.
3. Many people doubt that “digital signature” will be widely adopted. Digital signature and Public Key Infrastructure (PKI) have been around many years and nothing bad has happened. They don’t realise that it hasn’t worked until now for business not technological reasons. Before there was no business case: no company was willing to assume the cost of issuing digital signature cards to their employees, providers and clients. Now that the costs have fallen, European governments have decided to assume this responsibility and oblige the banks to do the same.

This time it’s serious. The ball is in our court.

Next post: “Smart cards in Europe: e-ID avalanche“.

I must Create a System, or be enslav’d by another Man’s;
I will not Reason and Compare: my business is to Create.

“Jerusalem: The Emanation of the Giant Albion“. William Blake.

Today, 17th March 2008, we officially launch Tractis in Belgium.

The Belgian “eID”

Now you can use your Belgian eID to sign in Tractis. The “eID” is equivalent to the Spanish electronic ID card (DNIe) i.e. it is a government-issued card that incorporates a chip with a certificate that permits authentication (verifying your identity) and fully legally-binding digital signatures.

The Belgian government issues three types of eID:

1. eID for Belgian citizens (”eID“).
2. eID for Foreigners (”La carte pour étranger“).
3. eID for children (”Kids-ID“)

We will initially support the first two (citizens and foreigners). Given that children cannot sign contracts, we will incorporate “Kids-ID” in the future just for authentication (secure chats etc.). You can find up-to-date information on which certificates we support in our help section.

If you live in Belgium and still don’t have your eID, you can ask for one in the service area of your town or city or wait until they automatically issue you one sometime before the end of 2009. The price of your eID will depend on the area in which you live, generally between 10 or 15€. If you have an eID and want to use it with Tractis, you need a smart card reader (we will give you one for free) and to install the drivers for the Belgian eID on your computer.

Why Belgium?

As we have stated in previous posts, our objective for 2008 is international expansion in Europe. The reason why we have chosen to start in Belgium is that it is one of the countries that has pioneered e-IDs (electronic IDs). Belgium has 10.5m inhabitants and the majority now have e-IDs (more than 80% of the population in the three regions - Flandes, Valonia y Bruselas-Capital). In addition, there are a large number of applications and services that make use of digital signatures. They started the roll-out in September 2004 and now more than 7,000,000 people have an eID. The government plans to reach 8,000,000 in December 2009.

International Expansion: With your help

Belgium is the first country that we have launched in outside of Spain and marks the start of our international expansion. In the coming months, we willl start adding more than 30 countries. We are now working to incorporate certificates for Estonia, Portugal, Austria and others.

We would like to thank Rodolphe Cardon of Lichtbuer, Lieutenant d’aviation at Belgian Air Force and expert in digital signatures for his help in testing signatures with the Belgian eID.

Is Tractis not yet available in your country? Help us translate the interface to your language, investigate the legislation in your jurisdiction or perform tests with your preferred certificate. Your help in any of these areas would be very valuable for launching Tractis in your country. Contact us.

We are pleased to announce that Caixa Galicia will use Tractis to allow their customers to digitally sign 100% online contracts. Caixa Galicia is one of the main savings banks in Spain and Europe. Its online banking division has more than 36,000 clients and manages more than 800 million euros. In other words, a big player in the online sector.

Caixa Galicia debuts digital signature of contracts with DNIe in the Spanish banking sector

The announcement is especially important because, although there are financial entities in Spain such as Bankinter, Kutxa, Caja Madrid or Banc Sabadell that have incorporated DNIe to authenticate (’verify the identity of’) their users, Caixa Galicia is the first in Spain that allows the use of DNIe and other certificates for the digital signature of contracts with their customers. A big step that we’re proud to be a part of.
Caixa Galicia gave a press conference yesterday and also distributed a press release which various radio stations (SER), written press and online (Ya.com/Finanzas.com, Terra/Invertia, Yahoo Finanzas, Cinco Días, Abc.es, El Economista, Europa Press, El Correo Gallego, Todo es electrónico , Loogic, Enrique Dans and others) have picked up on and are broadcasting news of this event.

The first process: Opening accounts without bureaucracy

The first contractual process that has changed to use digital signatures with DNIe is the opening of accounts. From today, people who want to open an account with Caixa Galicia can do it 100% online, signing with their DNIe (or any other certificate accepted by Tractis), from the comfort of their home, without forms, without waiting and without visiting a branch.

The decision of Caixa Galicia to start with this process (vs. contracts with existing clients) shows their interest in the acquisition of new customers, making their life easier and at the same time complying with the new Spanish legislation on contracting services electronically.

This diagram shows the flow of the contracting process:

Easy, no? In reality it is a flow that is applicable to any contracting process where the company needs to compile information in advance about the client (phase 2: forms) in order to be able to later present them with a personalised contract containing the solicited information, ready for them to digitally sign (phase 5: signing).

This is what the client sees in Phase 2, a web page served by Caixa Galicia:

and this is what the client sees in Phase 5, a web page with the personalised contract ready to sign. All with the URL, logo and look & feel of Caixa Galicia but served from Tractis:

An unbeatable experience

The experience of working with Caixa Galicia has been unbeatable. We’ve been very lucky to work with a team that is so professional, but at the same time so easy to get on with for our first big client. We’re especially grateful to Antonio Vazquez de Parga and Iván Rodríguez González from the Caixa Galicia digital strategy team for their vision and valuable feedback. Since they’ve given the green light to the project in December 2007 everything has worked out perfectly. The integration of the technology took only 2 weeks and the rest of the time was taken up with testing, training the customer service department, preparing the marketing launch material, changing the web pages, press release etc. A record time given the size of the client and the process implications.

Our first (big) client

Today 12th March 2008 is a very special day for us. It’s our first production launch of a big client using the Tractis API and processes that affect individuals and SMEs, our real focus. Successes such as this mean that all those hours without sleeping, the personal and professional sacrifices and bets of the team have been worthwhile. We’re on the right road. We’re very happy :D. We hope that this is just the start of the good news during 2008.