Ensuring that the processing of encrypted customer data is performed within the boundaries of the payShield (HSM) helps to ensure that sensitive data is never exposed to potential attackers where it could be stolen or manipulated to create fraudulent authorisation of illegitimate transactions.
A Safer Future
Previous initiatives by the card industry to increase the security of online transactions have failed to be widely adopted because they were too cumbersome for consumers and expensive for the banks. SET (Secure Electronic Transactions) for example, required consumers to download a 5Mbyte 'wallet' and digital certificates. The difference with Verified by Visa and MasterCard SecureCode is their simplicity. Consumers only need to remember a password. The main pressure is on the issuing banks that become liable for Verified by Visa transactions whether they have implemented the system or not - so long as the merchants and acquirers have taken the necessary measures.
In addition to these online systems, there are other industry initiatives to reduce payment fraud in general and deliver a wider range of cardholder services. For example, the card associations expect that next generation chip based credit cards, or ‘smart cards’ rather than traditional cards with magnetic strips will be used by about two-thirds of all credit card users before the end of 2006.
The good news is that through industry collaboration and initiatives such as Verified by Visa and MasterCard SecureCode, there will be a high level of interoperability and standardisation. The end result should be a dramatic reduction in credit card fraud and should also accelerate the use of the Internet and other online channels for e-commerce by increasing consumer confidence.
Infosecurity Europe is Europe's largest and most important information security event. Now in its 8th year, the show features Europe's most comprehensive FREE education programme, and over 200 exhibitors at the Grand Hall at Olympia from 29th April - 1st May 2003. www.infosec.co.uk