For consumers, the process is very simple. In the case of the Verified by Visa initiative, existing cardholders can visit their bank’s Web site and enrol in the system, by providing some basic personal information and a password which is stored by the bank. To make a purchase from an online merchant that supports the Verified by Visa system they will be presented with an extra screen in their browser to enter this information. Hidden from the merchant, this is provided directly to the issuing bank that authenticates the cardholder and authorises the transaction with the merchant.
Simple in practice, but the secure generation, storage and management of the cryptographic keys that underpin the core encryption, digital signature and cardholder validation processes, relies on sophisticated technology. Because of the severe security and branding implications of a successful attack, stringent measures have been defined by the card associations. To meet these challenges, software companies developing cardholder authentication solutions for the online payments market such as Arcot Systems and Cyota, are turning to specialists like nCipher to provide this additional level of security and functionality.
For example, Arcot's TransFort system uses cryptography in a variety of ways to protect sensitive information and to create digital signatures to provide a record of authenticity for transactions and payment authorisation. The integration of nCipher's new payShield hardware security module (HSM) establishes a safe, tamper-resistant hardware environment that overcomes the inherent security and performance problems associated with handling sensitive information or performing complex secure processes on unprotected server platforms.
Ensuring that the processing of encrypted customer data is performed within the boundaries of the payShield (HSM) helps to ensure that sensitive data is never exposed to potential attackers where it could be stolen or manipulated to create fraudulent authorisation of illegitimate transactions.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.