Media Centre  > Media Centre > Case Studies > Origo  
 
 
 
bullet_newell_red.gif Origo

Digital Certificates Extranet

Sopra Group worked with Origo to create UNIPASS, the first standard digital certificate.  There has been a seismic shift towards e-commerce over the last few years, specifically in the business-to-business arena with the development of extranets.  E-commerce demands fast and secure communications, which has prompted the life and pensions industry to establish a uniform strategy to execute secure trading.
 
As a result, Origo was launched by sixteen leading life assurance companies in June 1989 as an independent UK forum to bring different industry groups together, including life and pension product providers, IFAs, portals and software companies.  Origo's operating principle is to work to identify and define those elements of processing and information distribution that can be made common across the industry.

Overall Origo aims to provide:

  • A common set of information standards for the numerous organisations and individuals involved in the industry to use
  • A secure trading environment in which industry goals are met and competition flourishes
  • Fast and secure communications protected by robust standards and protocols.

Since 1989, Origo has laid down a number of business and technical XML data standards that make it possible for financial services companies to exchange data with their partners electronically in an efficient and cost-effective manner.

Almost 300 life and pensions and collective investment companies and IFAs currently use the standards.  These companies which include Norwich Union, Standard Life and Skandia, make up 80% of the £500 billion life and pensions market in the UK.

Currently Origo's standards are used for all types of business transactions and processes, from quotations right through to contract enquiries and over the next few months many companies will implement new standards for valuations.

The Challenge

As part of its drive to create universal standards across the industry, Origo identified that there was a need to implement simple but secure measures for financial bodies trading online.  As a result of legislative changes, hand-written signatures on paper can be replaced by digital equivalents, opening the way for e-commerce, based on trust, security and authentication.

Currently the majority of transactions carried out online are between IFAs and product providers via their extranets or via service providers such as The Exchange or AssureWeb.  IFAs have to use separate passwords and log-in names for each different financial web site they enter.  Passwords are also notoriously insecure and are commonly written down or shared around.

In addition, the current system also wastes a great deal of time and effort for IFAs, who have to try and remember all the different passwords for each site.  According to a recent survey carried out by Origo at adviser.tech 2002, on average IFAs have to remember 15 or more passwords to conduct their daily business.

This information provided further impetus to Origo's decision to create the industry's first ever-standard digital certificate, known as UNIPASS, specifically tailored for the life, pensions and collective investment industry, which would be accepted by all providers and portals. 

The aim of the certificate is to allow individual transactions and queries to be digitally authenticated to prove the identity of the individual and to provide evidence of whether the contents of a transaction have been tampered with.  It would also remove the need for multiple log-on names and passwords, thereby saving providers and IFAs time and money.

From Theory To Reality

Origo selected Sopra Group, one of the UK's leading IT services and solutions consultancies, to boost the in-house team delivering the UNIPASS Service.

The brief was simple - help Origo turn the project from theory into reality - and as soon as possible.  This included establishing a Public Key Infrastructure (PKI), which involved developing the web site, creating and deploying the certificates, and establishing an environment that enabled the life and pension companies to allow their systems to accept digital certificates.

Establishing the PKI was not a simple task and involved a lot more than just 'hardware and software'.  A PKI effectively replaces multiple security systems, such as individual passwords, with a common means of gaining secure access to the various quotation and trading systems.  By obtaining a UNIPASS, approved individuals can gain admission to the services of organisations that have signed up with Origo.

Initially Sopra Group consultants worked with Origo to identify and define the elements of data processing and distribution necessary for the Registration Authority (RA) tasks required for a PKI.  The consultants rapidly demonstrated their capabilities and went on to assist with all aspects of the UNIPASS service including front-office, back-office, and web solutions.

Sopra Group assigned senior consultants with many years of experience in web technology, security, project management and the financial services sector to the assignment.  The consultants quickly became part of the Origo team which, using Sopra Group's extensive 'back office' resources, created the PKI in less than ten months.

As a result UNIPASS, the industry's first ever standard digital certificate, was created.  Free to IFAs and funded by providers, the single virtual certificate removes the need for multiple log-on passwords and PINs.

Putting UNIPASS To The Test

Since its creation, trial certificates of UNIPASS were made available to product providers to allow the development and testing of their systems.  During the trials, which varied between a few weeks and a few months, each of the providers offered users a choice of either certificate-based entry or the old login/password entry to their extranets until the trials were complete.

Prudential, Norwich Union and Skandia were the first companies to trial UNIPASS, and since August 2002, they have all started accepting the digital certificates, with more companies including Standard Life, AXA, The Exchange and AssureWeb planning to follow.

Benefits Of UNIPASS

The benefits of UNIPASS have been quickly realised by both IFAs and product providers alike.  By eradicating the need for passwords, it has saved the IFAs and product providers both time and money.  For product providers, the need to maintain databases containing the passwords of the 30,000 IFAs in the UK is quickly diminishing in line with the uptake.

According to one IFA user, Bryan Keane of Arden-Grange Financial Management:

"This solution is long overdue.  It is always a headache trying to remember log-on names and passwords when you are moving in and out of sites and UNIPASS is a welcome solution."

Prudential currently has 8,000 individuals using its own digital certificates and aims to migrate all these users to UNIPASS as they approach their renewal date.  Following trials at Prudential, Adam Byford, the e-business development manager commented:~

"Feedback from IFAs has confirmed that they are fed up with having to remember numerous passwords and user names and often resort to writing them down, which is obviously very insecure.  The UNIPASS digital certificates are an ideal solution to this problem, as they are not only secure but promote ease of access."

UNIPASS is just the first of many such initiatives to secure online transactions and to verify the parties involved.  If the financial industry is going to save money by eradicating paper-based methods, then UNIPASS is a vital step to starting this process.  The next step will be implementing a standard procedure for digital signatures.

Why Sopra Group?

Sopra Group has solid experience within the financial services industry and, according to Origo, was able to demonstrate an achievement-focused attitude.

Garry Miller, UNIPASS general manager, said: "We needed people who could assimilate smoothly into the team here.  The project was evolving all the time and Sopra Group had to come in and hit the ground running, which they certainly did.  Our team was small and I was confident that Sopra Group could supply all the necessary additional resources as and when we needed them.  They demonstrated they had the quality of skills, the right attitude and the partnership necessary to complete the project on time and within budget."

"We have used Sopra Group's web testing services twice already and I don't doubt that as Origo develops we will use more of the company's resources and services."

Sopra Group is well-known in the industry for the emphasis it places on forging long-term relationships by building trust and confidence with its clients.  The relationship with Origo is a classic example of this approach, where the magnitude and the 'uncharted territory' of the task meant that the project could not be accurately defined at the outset.

Yet, in just one year, Sopra Group and Origo have completed the first phase of the project to create, build and run the PKI service which will establish a framework of standards within which the financial services industry will operate.
  Return To Top   Email Us   Sopra Group Global Important Information
Copyright © 2001-2008, Sopra Group. All rights reserved.