Companies to make shopping safer

Visa and VeriSign will introduce an electronic commerce security scheme.

Mike Ricciuti Staff writer, CNET News
Mike Ricciuti joined CNET in 1996. He is now CNET News' Boston-based executive editor and east coast bureau chief, serving as department editor for business technology and software covered by CNET News, Reviews, and Download.com. E-mail Mike.
Mike Ricciuti
Credit card giant Visa International and security software maker VeriSign will today introduce a digital encryption scheme aimed at tightening the security of online shopping.

The two companies have devised an online payment system that scrambles credit card numbers and makes it possible for merchants to validate a shopper's identity for more secure Net commerce.

Using the new system, merchants never receive a credit-card holder's entire account number. Instead, users making online purchases transmit a message to merchants that contains a special decoder key, a list of items being purchased and their prices, and a digital certificate authenticating the user's identity along with a partial credit card number and the issuing bank. Merchants use the key to decode the message, record the purchases, and debit the credit card.

The company claims the system is "100 times safer" than off-line, mail-order, and telephone-order purchases. To falsify a purchase under the scheme, a thief would have to obtain users' credit card numbers?which are never transferred online--and then crack the digital encryption.

The new system is gaining backers and is on its way to becoming an industry standard. Microsoft and Netscape Communications plan to incorporate the payment system into future software.

Related stories:
Firms try to lock up security market
Firms hope smart cards make cents
Credit cards strengthen security