Skip to main content
//empty //empty

Mihai Simonia/Getty Images/iStockphoto

Do you struggle to remember passwords for your online accounts? Do you ever write passwords on a piece of paper and tuck them under your keyboard? Do you use the same password for everything, even though you know it puts all your accounts at risk if one is hacked?

If you answered yes, you're like most of us. And Toronto-based SecureKey Technologies Inc. thinks it can make your life easier and more secure.

Founded in 2008, SecureKey is not a household name, and it probably never will be. "We're not intent on becoming a consumer brand," says chief executive officer Charles Walton.

Story continues below advertisement

But three of Canada's biggest banks know who SecureKey is. They have signed a deal that will allow their customers to use their online banking IDs and passwords when using Government of Canada online services.

"While SecureKey is not known to most, the company is well known and respected in the financial services industry,with backing from Intel Corp. and some of the largest players in secure payments," says Paal Kaperdal, Toronto-Dominion Bank's senior vice-president of online banking.

MasterCard, Visa and Discover all own stakes in SecureKey as well. MasterCard already uses its technology in its PayPass Wallet. Mr. Walton won't talk publicly about Visa or Discover, but the companies' investment clearly indicates they are interested.

Annual revenue at SecureKey, which has 120 employees, is less than $10-million and the company is "working toward profitability," Mr. Walton says. In the coming year, besides building its presence in Canada, SecureKey plans to extend its reach into the United States and Britain.

Intel's stake in the company says a lot. Through its Intel Capital arm, the Santa Clara, Calif., chipmaker was a prime investor in a Series A round of financing in February of 2011, and led SecureKey's $30-million Series B investment round this spring.

Intel is incorporating SecureKey technology in chip sets it sells to computer manufacturers, meaning SecureKey seems on its way to becoming a part of most computers. Mr. Walton says SecureKey is working on other deals to put it in smartphones, too.

SecureKey's approach to security is two-pronged. The first prong is to allow ordinary computers and mobile devices to read credit and debit cards. That's the piece Intel is building into its chips. It means you could tap your credit card against your PC or your smartphone and the device would recognize the card. That would make online transactions more secure, because they would require the actual card, not just the card number.

Story continues below advertisement

The second part of SecureKey's vision is using one secure set of credentials to deal with multiple entities online. The recently announced SecureKey Concierge deal involving the Canadian government, the Bank of Montreal, the Bank of Nova Scotia and TD is an example.

Government departments get to take advantage of the banks' online security, while banks gain customer loyalty by offering an additional service. And customers, Mr. Boysen says, avoid the need to remember passwords for government sites they may visit infrequently.

"There are a lot of things to keep track of in terms of logins and passwords and so on," says Mike Henry, senior vice-president and head of Canadian retail payments, deposits and lending at Scotiabank.

The first time someone uses a bank user-ID for access to government services, the federal website will ask a number of questions to verify the person's identity, says Andre Boysen, SecureKey's executive vice-president of digital identity and authentication services. After that, the banking ID will suffice.

Some people may hesitate to use their online banking accounts to deal with government departments, especially the Canada Revenue Agency. But Mr. Boysen points out that SecureKey's system does not give the government banking data or tell banks what government services their customers use. The bank just passes an anonymized security token via SecureKey to the government department, confirming the person's identity.

SecureKey wants to extend this kind of service to other levels of government and to business. Mr. Walton says the province of British Columbia will join SecureKey Concierge next year, as will some municipalities.

Story continues below advertisement

The same idea could work in business settings, he says. For instance, a large manufacturer needs to offer many suppliers electronic access to documents. Rather than issuing security keys to employees of all its suppliers – which Mr. Walton says could lead to employees "walking around with a keychain of these cards" – the supplier's employee access card could serve as a credential for access to its partner's systems.

This "credential brokerage" idea isn't new.

"This is a concept that has been around for a fairly long time," says Chris Anderson, partner and national practice leader for information security services at Grant Thornton Consulting in Toronto – "in theoretical terms probably 30-35 years." Identrus, a consortium of major U.S. and European banks, launched a similar project in 1999, but it never gained critical mass, Mr. Anderson says.

"You have to get enough people into the community to make it take off," says Mr. Anderson. Can SecureKey do what Identrus could not?

"I honestly don't know," he says. "I do think there are a lot of positive indicators."

Report an error Editorial code of conduct
Tickers mentioned in this story
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies