[ISN] Hacker-proof credit card transactions?

From: mea culpa (jerichot_private)
Date: Mon Oct 26 1998 - 15:12:13 PST

  • Next message: mea culpa: "Re: [ISN] Microsoft shuts site down -- ID's exposed"

    Hacker-proof credit card transactions?
    By Albert Pang ZDNet E-Business, ZDNet News
    July 9, 1998 10:40 AM PT
    URL: http://www.zdnet.com/zdnn/stories/zdnn_display/0,3440,2118577,00.html
    
    Secure electronic commerce reached a milestone yesterday, making it
    possible for Uncle Sam to carry out credit card transactions without fear
    of being ripped off by hackers. 
    
    Certicom, a cryptography software developer, and MasterCard International
    unveiled a pilot program under which the online store of the U.S.
    Treasury's Bureau of Engraving and Printing (BEP) will be offering up to
    200 selected participants the ability to securely purchase collectible
    items. 
    
    Using a smart card, a smart-card reader, and an electronic wallet based on
    elliptic curve cryptography (ECC), the participants will be buying uncut
    currency and presidential portraits from the BEP Website. 
    
    The central component of this pilot lies in Secure Electronic Transactions
    protocol (SET), an emerging technology often touted as one of the safest
    ways to conduct credit card transactions over the Internet. However
    numerous SET pilot programs have yielded lackluster results because of
    large systems overhead and performance limitations of its current version,
    SET 1.0. 
    
    Placing their bets 
    
    What Certicom, MasterCard, and 10 other technology suppliers hope to
    accomplish is to place their bets on ECC, which offers efficiency benefits
    over other cryptographic algorithms such as RSA Data Security. In other
    words, credit card transactions conducted over the Internet using SET plus
    ECC would be faster and safer. In the best-case scenario, such
    transactions could be completed as securely and quickly as those in a
    physical store where a cashier runs a credit card over a reader and
    obtains the authorization.
    
    In fact, Certicom, citing preliminary results of a benchmark process by
    GlobeSet, says ECC reduces cryptographic overhead in the payment protocol
    by 73 percent and performs about 40 times faster on the SET payment
    gateway than one without ECC. 
    
    Split opinion 
    
    Others are skeptical about these claims. "Better performance is always a
    good thing, but we haven't seen the benchmark results on ECC,"  says
    Elizabeth Ames, director of product marketing at VeriFone, a unit of
    Hewlett-Packard, whose software products have been approved as
    SET-compliant by SETco. SETco is a nonprofit organization set up by Visa
    and MasterCard to promote the use of SET.
    
    Ames says VeriFone has not decided on whether it will support ECC because
    SET 1.0 does not support ECC and the next version of SET 2.0 is going to
    be algorithm-independent. Specifications of SET 2.0 will not be finalized
    by the end of the year.
    
    However, Jennifer Vancini, director of marketing for e-commerce at
    Certicom, says the preliminary benchmark methodology in this pilot has
    been audited by SETco and that its ECC implementation is compatible with
    SET 1.0. She adds that ECC could be included in SET 2.0. 
    
    In any case, ECC, which until last year was considered an obscure
    algorithm, could become the impetus behind the broad acceptance and steep
    growth of e-commerce in the coming months. 
    
    Is ECC going to breathe new life into SET or is secure e-commerce still a
    figment of one's imagination? The debate is far from finished. 
    
    
    -o-
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:08:58 PDT