The stocks of most companies selling information security systems soared after September 11. But continued concern about the entire technology sector soon doused the rally.
ActivCard, a supplier of digital identity and authentication systems, didn’t quite follow this pattern. Despite a stream of orders from technology companies, financial institutions and the U.S. military, the company’s shares, which peaked at $29 in October 2000, continued to slide, dropping from $7.21 on September 10 to $6.70 a month later. Though the price rallied as high as $14.38 in late October, ActivCard couldn’t buck the downtrend. With the shares at $6.27 in mid-June, the company’s market capitalization was $250 million, only one quarter that of two years ago.
“Our stock has been trading nearly at cash,” laments Steven Humphreys, Activ-Card’s 41-year-old CEO, referring to the Fremont, California-based company’s $243 million cash hoard.
A Stanford Business School graduate, Humphreys succeeded ActivCard’s retiring CEO and co-founder, Jean-Gerard Galvez, in October after six years at the helm of SCM Microsystems, another security technology supplier.
Humphreys wonders when investors will appreciate the company’s virtues - such as rising sales. At $8.2 million in 2002’s first quarter, ActivCard’s revenues were up 15 percent year-over-year and 20 percent over 2001’s fourth quarter. “We are very comfortable projecting low 40s for this year,” says Humphreys; last year revenues totaled $31 million.
ActivCard has been in business since 1987 - it started out as a contractor to the French military and is still incorporated in France. The company began focusing a decade ago on commercial security products and has been losing money ever since. ActivCard’s operating loss doubled last year, to $33.4 mil- lion, and it almost equaled that in this year’s first quarter, with $28.6 million in red ink. Excluding restructuring charges, however, the first-quarter loss for the 300-employee company was $4.4 million.
“We are moving fast toward profitability,” insists Humphreys. “I’m beginning to see an understanding [on the part of inves- tors] that while others in the security space haven’t been hitting their estimates, we have been beating ours.”
That optimism isn’t misplaced, says S.G. Cowen Securities analyst Robert Stone. “Corporate technology cutbacks have constrained growth in this area, but ActivCard should be profitable by late this year,” he estimates. Adds Don More, a senior vice president with investment banking boutique Updata Capital in Red Bank, New Jersey, “Growth in the security sector will inevitably come, benefiting vendors like ActivCard that offer broad-based solutions such as authentication platforms.”
ActivCard’s software is at the core of a U.S. Department of Defense program to issue high-tech identification cards to its 4.3 million personnel. Humphreys believes such large-scale ID systems will soon spread to the private sector, where he says ActivCard is building momentum: “Our largest number of deals today are small pilot projects within large corporations that intend to scale up to thousands of users.” So-called scalability is a key attribute of the company’s systems.
ActivCard builds most of its systems around smart ID cards, with computer chips that digitally authorize and track users’ access to computers and databases. These cards are at the heart of the programs now being implemented by the Defense Department and within such companies as Citigroup, Hewlett-Packard Co. and J.P. Morgan Chase & Co.
After its initial public offering on Nasdaq Europe in 1996, ActivCard moved its headquarters to California. Its American depositary receipts have been trading on Nasdaq since March 2000.
Humphreys recently discussed ActivCard with Institutional Investor Assistant Managing Editor Jeffrey Kutler.
Institutional Investor: What has changed in the information security market to spark your optimism?
Humphreys: For one thing, ease of implementation. It used to be virtually impossible to call in a technology reseller with a $25,000 purchase order for a 100-seat [person] security system. The technologies were nonstandard and difficult to install. Today it’s almost routine to see companies doing 50- to 100-seat implementations of digital identity and authentication. In addition, those proprietary technologies have given way to interoperable client-server systems, which are easier to assemble and upgrade. Meanwhile, security is no longer just a low- or midlevel management concern; CEOs are now asking about it, and as such it becomes a companywide strategic, budgeting and architecture issue that requires an integrated solution for managing access cards and badges, passwords, tokens, smart cards, digital certificates, biometrics and any other desired components. That’s what people are looking for when they call us in. And on top of all that, you have scalability.
What does scalability mean?
We sell into small and medium-size enterprises with 50 to 100 seats; into divisions of big companies that might require 5,000 IDs; or into large companywide initiatives like at Hewlett-Packard, which bought 110,000 licenses. The same products that we sell for 100- or 5,000-user implementations are going into the Department of Defense’s identity program for 4.3 million people. The DoD is issuing 8,000 smart cards per day with our systems and has deployed well over 500,000 pieces of the client software that controls cardholders’ access to personal computers and networks.
Haven’t the basic economics of information security improved?
Yes. Two or three years ago, a smart card reader cost $200 or $300; now it’s about $10. And when you buy a computer with a built-in smart card slot, it’s bundled into the cost of the hardware, so it’s virtually free. The cost of the chip in the card has fallen under $1, and costs of systems and storage capacity will continue to fall.
What has been the impact of September 11?
I don’t consider it to be one of the major drivers of growth. I call it an accelerating factor, rather than a fundamental factor. It helps to raise awareness at the CEO level about security strategy. And in the U.S. government, where there is a need to address these issues quickly, we are in the fortuitous position of having the most broadly deployed digital authentication application.
Who are the biggest buyers of your systems?
Government is huge. It’s not just the DoD. We’re in the departments of the Interior, Justice and Energy. And it’s not just the U.S. - we’re in the U.K., France, Australia and five or six other countries. Financial services is also big; we have several bulge-bracket institutions as customers. Our other main [industries] are technology and manufacturing, telecommunications, health care and energy and transportation.
Who are your competitors?
There aren’t a lot of companies that do exactly what we do. Some big security players that might have competed with us, like Sun Microsystems and VeriSign, now partner with us. The main competition comes from system integrators - such as Accenture or KPMG Consulting - that do custom implementations for large enterprises. We are a product shop; when a company has very specific, proprietary needs, we refer them to one of the integrators.
Sun is leading a consortium, called Liberty Alliance Project, to promote digital ID standards across companies. How does this affect you?
We actually coined the term “federated identity” about three years ago, and of course we joined Liberty Alliance to support that concept. A federated platform will be important if, for example, we move to smart-card-based drivers’ licenses, and various state and federal agencies and, potentially, commercial entities share the memory capacity, or “real estate,” on the chips. We need standards - and bodies like Liberty Alliance - to make sure that these systems are both open and secure. But standards-setting bodies are never as important to us as deployments, users and references.
How do you feel about Microsoft’s Passport, a federated-identity alternative to Liberty Alliance?
We are confident that we will be interoperable and well integrated with all Microsoft initiatives. When you’re small like we are, you can’t be partisan.
Is it tough to manage a French-American enterprise?
Personally, it’s not a problem. I’ve spent a lot of time in Europe and speak English, French and German. Though most of our operations are now in California, the company remains a French société anonyme. We are looking very hard at changing the official domicile. At a time when a lot of American companies are heading offshore, we are likely to be heading onshore.
