Securing Online Payments
by Richard Moulds - VP of Marketing, nCipher - Monday, 7 April 2003
For example, Arcot's TransFort system uses cryptography in a variety of ways to protect sensitive information and to create digital signatures to provide a record of authenticity for transactions and payment authorisation. The integration of nCipher's new payShield hardware security module (HSM) establishes a safe, tamper-resistant hardware environment that overcomes the inherent security and performance problems associated with handling sensitive information or performing complex secure processes on unprotected server platforms.

Ensuring that the processing of encrypted customer data is performed within the boundaries of the payShield (HSM) helps to ensure that sensitive data is never exposed to potential attackers where it could be stolen or manipulated to create fraudulent authorisation of illegitimate transactions.

A Safer Future

Previous initiatives by the card industry to increase the security of online transactions have failed to be widely adopted because they were too cumbersome for consumers and expensive for the banks. SET (Secure Electronic Transactions) for example, required consumers to download a 5Mbyte 'wallet' and digital certificates. The difference with Verified by Visa and MasterCard SecureCode is their simplicity. Consumers only need to remember a password. The main pressure is on the issuing banks that become liable for Verified by Visa transactions whether they have implemented the system or not - so long as the merchants and acquirers have taken the necessary measures.

In addition to these online systems, there are other industry initiatives to reduce payment fraud in general and deliver a wider range of cardholder services. For example, the card associations expect that next generation chip based credit cards, or Ďsmart cardsí rather than traditional cards with magnetic strips will be used by about two-thirds of all credit card users before the end of 2006.

The good news is that through industry collaboration and initiatives such as Verified by Visa and MasterCard SecureCode, there will be a high level of interoperability and standardisation. The end result should be a dramatic reduction in credit card fraud and should also accelerate the use of the Internet and other online channels for e-commerce by increasing consumer confidence.

Infosecurity Europe is Europe's largest and most important information security event. Now in its 8th year, the show features Europe's most comprehensive FREE education programme, and over 200 exhibitors at the Grand Hall at Olympia from 29th April - 1st May 2003.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Feb 8th