Rule Financial: Making financial transactions confidential and tamper-proof

• Customer Profile: Technology consultant for financial services
• Goals: Protect customers' financial transactions
• Solution: PGP® Command Line encrypts file transfers
• Alternatives: Unsupported freeware
• Deployment: Within budget & ahead of schedule
• Benefits: Security; easy installation; seamless integration with existing infrastructure

Rule Financial chose PGP Command Line to enable its banking customers to secure critical electronic financial transactions with brokers.

London-based Rule Financial provides technical consulting in the form of project management and business process/IT systems design to banks, insurance companies, and financial services firms. Its customers include ABN-AMRO, Deutsche Bank, and JPMorgan Chase.

The Challenge

Rule Financial was looking for an application that would allow its banking customers to encrypt electronic financial transactions with their brokers. Today, regulations and industry standards increasingly focus on protecting sensitive and confidential information both in transit and in storage. "Our investment banking customers consider it a best practice to secure trade data with public key cryptography before they transmit it over the Internet," says Richard Goldklang, chief technology officer (CTO) for Rule Financial.

Rule Financial's customers also wanted to take advantage of digital signatures, which ensure the identity of the sender as well as the integrity of a transaction. In addition, they preferred that file transfers be secured with the International Data Encryption Algorithm (IDEA), a popular European encryption method for guaranteeing confidentiality.

The Solution

Rule Financial's CTO discovered that PGP Command Line offered all the functionality the company needed-and more. The PGP® product uses public key cryptography to create digital signatures. It supports the IDEA algorithm plus other popular encryption algorithms such as TripleDES as well as the two leading public key cryptographic formats, OpenPGP and X.509 v3 certificates, ensuring compatibility with a wide variety of installed software. In addition, it is easy to set up PGP Command Line to protect sensitive information in automated transactions that are part of routine business processes.

Freeware not acceptable. As an alternative, Goldklang briefly considered a freeware product that supported OpenPGP, but his customers feared that lack of support and an uncertain future could jeopardize business continuity. The freeware also did not include a usage license for the patented IDEA algorithm, which Goldklang would have had to obtain separately. Instead, he preferred PGP Command Line. As Goldklang points out, "PGP Command Line comes with enterprise support, includes an IDEA license, and supports a large number of operating systems and hardware platforms. It was the only suitable solution that interoperates with our customers' critical business applications today and will continue to do so as business needs expand."

The CTO had no doubts about the capability and reliability of PGP Command Line, which had been proven effective in successful deployments by other leading financial institutions. He also felt more comfortable licensing a product from PGP Corporation, an established and trusted technology vendor whose experience he could draw on to complete his project on time.

The Results

Rule Financial's customers were pleased with the deployment. "We completed the project within budget and faster than expected," Goldklang says. "PGP Command Line was very easy to install, well documented, and runs without problems."

Easy installation. Rule Financial's staff used the PGP Command Line scripting interface to automatically encrypt files before they were sent and to decrypt them after they were received. They were able to customize and incorporate their existing file transfer process and found the product scaled to meet their needs.

Summary

A year after initial deployment, PGP Command Line continues to run without incident. "We really like working with PGP Corporation," Goldklang says. "The company has lived up to its excellent reputation."

If he had to do the project again, the CTO would still choose PGP Command Line: "Our customers are now placing follow-up orders. It's hard to get better proof than that of your project's success."