Bureau picks a security measure people can use

Bureau picks a security measure people can use

By Richard W. Walker

GCN Staff

The Treasury Department's Bureau of the Public Debt sells about $1.6 million worth of savings bonds a week online through its Savings Bond Connection Web site. Online since last November, the operation is running smoothly and its sales of Series EE and Series I savings bonds are increasing.

But there was one bump on the way to going live. It happened when the system's method of encryption technology became a complication.

After setting up the system during pilot testing to use Secure Electronic Transaction technology, which requires digital certificates, the project team began to realize something: SET was virtually nonexistent in the marketplace.

'During the time it took us to bring up the site, we couldn't see any evidence that SET was going to take off or that people were going to be able to get certificates easily,' said Wally Ernest, director of the division of staff services in the bureau's savings bonds operations office. 'So we felt that bringing it up for SET certificate transactions only would have been a real waste.'

So the team modified the system to use Secure Sockets Layer, the current encryption standard for Internet commerce, to secure credit card transactions with buyers.

Users now need only an SSL-enabled browser and Netscape Navigator 3.0 or higher, or Microsoft Internet Explorer 4.0 or higher, to buy bonds with their MasterCard or Visa cards. SET is still available to customers who do business with banks that issue SET certificates.

Although almost all citizen transactions on the Savings Bond Connection site use SSL, the bureau employs SET for its own transactions with commercial payment processors, said Patrick Greer, the bureau's system administrator.

Search for security

Security was the key concern when the project team began, in late 1996, to develop a plan to sell savings bonds on the Web, Ernest said. 'Our interest was really in having the most secure type of transaction we could offer.'

After exploring various methods of transferring payment, including forms of debit payment, the team decided credit cards were the way to go, despite some mixed feelings.

'We didn't want to give the impression to the public that buying a bond with a credit card that had a balance that you were paying interest on would be a really good idea,' Ernest said. 'But we knew that people use credit cards for convenience now, and that was really the only safe way to transact business at the time.'

The bureau's team then signed on with the Financial Management Service, a sister agency at Treasury, which was developing a SET-based electronic commerce system with IBM Corp. and MasterCard International of Purchase, N.Y.

The team built the site on IBM's Net.Commerce software'now called IBM WebSphere Commerce Suite'tailoring the system to meet the site's administrative, logistical and technical requirements.

Working with IBM, the team adapted Net.Commerce to process both SET and SSL-based transactions efficiently.

To date, the bureau has sold about $35 million in savings bonds online, representing about 200,000 bonds and 130,000 transactions. When interest rates recently shot up to 7.49 percent, online sales increased 44 percent.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.