Crashed – digital signature on ATM card

The targets of the debit card operators for the digital signature were missed by 95% – 200,000 debit cards should be equipped with a secure signature by the end of 2005, 8,750 signature debit cards have been provided – BMF funded stranded project with EUR 1 million – negative user experiences so far – telebanking customers should do that Avoid ATM signature product – Federal Ministry of Finance service card as further support for failing certificate offer?

Far from the forecast target

On January 31 of the previous year, the signature on the bank card was presented at a large-scale press conference. 200,000 debit card owners should use this signature function by the end of 2005, the operators declared full-bodied. The BMF subsidized the campaign with EUR 1 million, with a promotion campaign for chip card readers at EUR 10 each.

In a broadcast dated February 3, 2005, ARGE DATEN already warned against exaggerated expectations, high costs and disadvantages for telebanking customers. At best, according to the ARGE DATA forecast, there will be 20,000 technology lovers who will order the ATM signature toy (http://www2.argedaten.at/php/cms_monitor.php?q=PUB-TEXT-ARGEDATEN&s=44197acc).

Now the more than sobering results are available. Just 8,750 people (as of November 2005) warmed to an ATM signature. Even if the BMF’s more than optimistic hope of 10,000 cards by the end of the year were to materialise, the original target would have been missed by a good 95%.

With around 6.7 million ATM cards currently in circulation, that’s less than two out of a thousand ATM card users who make use of this “service”.

Negative user reviews – toys for technology lovers

All in all, this technology should only be noticed by a hard core of technology-loving people. Even procurement and installation developed into a game of patience lasting several hours, in many cases the own computers had to be completely reconfigured and a large number of subsequent installations had to be carried out. Some technology enthusiasts even took their own courses on how to use the signature debit card.

In addition, the system actually only works in a Microsoft Windows environment, and the increasing number of LINUX users is finally being demoted to hobbyists. Overall, the method does not bring more security, but even less. The users have to make so many changes and trust an incomprehensible technology, which in turn makes it easier for attackers to create new holes and trapdoors.

The product is apparently not practical for mass use and the banks could secure the previously tried and tested PIN/TAN procedures with a few relatively simple technical and legal framework conditions in such a way that the phishing attacks, which are now also becoming increasingly popular in Austria, remain ineffective.

Will the BMF move on to the next funding campaign?

The information from the BMF (BMF-240101/1456-I/1/2005) emphasizes that the funding campaign will continue in 2006, but no further funding campaign is planned for the signature.

Information that makes us skeptical, however, as the Ministry of Finance is currently rolling out the new service ID card. It must contain the citizen card signature, i.e. the same type of signature as on the ATM card. The highlight is that this function is paid for dearly by the BMF, but is not required at all for official purposes. Officially, only access functions and a so-called official signature are required, which are also included on the card.

The order for several tens of thousands of cards was awarded without a tender to the same company that provides the ATM signature. The dissatisfaction of the tax officials is correspondingly great, as their personal data is passed on to a private company for this signature. Without their consent and contrary to the provisions of the Signature Act.

When will the ATM signature project come to an end?

On the one hand, there is a lack of interest and demand, if competition and classic market economy criteria were involved, then the product would have to be abandoned long ago. On the other hand, the system causes enormous costs, relatively independent of the number of actual users. A certificate company active in this regard in the chamber and banking environment therefore requires a constant supply of capital.

The credit rating of one of the companies that plays a central role in issuing the ATM certificates and is owned by the Chamber of Commerce, the Bar Association, BA-CA, BAWAG PSK and Telekom Austria, among others, is rated 344 according to creditor protection institutions (the ” The company’s rating is worse than the industry average”). It is also noted “Different experiences from the industry and company environment affect the risk situation”.

The last balance sheet (2004) presented by one of the operators also seems to point to a continuous thinning out of the equity base. The contribution capital of the owners of just under EUR 4.8 million is offset by just over EUR 725,000 in equity and total assets of EUR 6.3 million, of which 3.7 million are intangible assets.

It is probably only a matter of time before the current operators and shareholders of the ATM signature project take up the maths and stop the unfortunate project, which ultimately has to be financed by all bank customers and taxpayers. Which investor accepts a management that misses its targets by 95% in the long term?

Normal bank customers pay for signature experiments

Even the operation at those banks that offer telebanking using ATM signatures cannot cover costs. Ultimately, therefore, all bank customers have to help finance these experiments, with account management costs continuing to rise and interest on deposits falling.