Single Sign-On Services OfferedSingle Sign-On Services Offered

Wouldn't it be nice to buy things online with just a single click, rather than having to find your wallet, pull out your credit card, and type in the number every time you make a purchase? Two new single sign-on services--from Providian Visa and SingleSignOn.net--are aimed at helping consumers do just that.

Providian Visa is rolling out its latest smart card, which has a 32-Kbyte, Java-based chip that identifies the user, remembers and fills in the user's credit-card numbers and bill-to and ship-to addresses, and also adds a loyalty and reward program. The card, based on triple DES, 128-bit encryption, can be used for both online and offline purchases.

To use the Providian Visa card online, consumers need a reader, which the bank is selling for $19.95. They could then slide the chip card into their computer, shop on any sites that accept it as a payment vehicle, and pay items in a shopping cart with a single click. The card could also be used in the physical world. For example, a card could accommodate real-time "buy 10, get one free" promotions. With each purchase, the receipt would include an update of where the customer stands in the promotion, such as noting that five of the 10 items have been purchased.

"Customers have more sign-ons than they know what to do with," says Chuck Johnston, VP of technology for Providian's integrated card business, "and the convenience of having one way to get to everything is really compelling."

Even with its improved product and inexpensive readers, Providian faces the traditional two hurdles of chip cards: gaining acceptance at merchant sites and finding a consumer base willing to buy and install a card reader. Still, Johnston says he believes that the loyalty-program applications, the fact that computer and cell-phone manufacturers are beginning to build in smart-card readers, and merchant concern over losses from online fraud will make this the year that smart cards finally take off in the U.S. market.

Meanwhile, SingleSignOn.Net, a startup launched last month by a former CheckFree executive, is looking to gain acceptance for a system that needs no reader at all. It's looking for bank partners that will offer its public key infrastructure-level security that customers can access at any computer, using just a password. The system works by splitting the 1,024-bit password used by PKI, with half of it being held by the financial institution and the other half accessed by a six-digit password chosen by the user. Sponsoring banks purchase a plug-in application that links to their networks and costs 50 cents or less per customer per year. "We're marrying the ease of passwords with the security of PKI, so you get the best of both worlds," says CEO Ravi Ganeson. "We call it practical PKI."

The real battlefield in single sign-on will come not in the consumer market, but on the business-to-business side of the house, where it will facilitate the sharing of data with partners and suppliers, says John Patterson, CEO of Business Logic Corp., which provides products to do just that. "PINs, passwords, and purchasing on the Web are only the first step toward a broader and seamless integration of consumer data across platforms and across applications," he says. "The winners will be those businesses that enhance customer relationships by not only eliminating multiple entry of credentials but also by eliminating the re-keying of all kinds of consumer data across multiple Web sites."