IBM, VeriFone target security

The two companies, along with several other security players, outline technologies designed to boost the growth of online banking and consumer e-commerce.

2 min read
A host of Internet security companies today outlined technologies designed to boost the growth of online banking and consumer-oriented e-commerce.

Much of the news centered on the Secure Electronic Transactions (SET) protocol for secure online credit card payments, but IBM (IBM) and others also unveiled for comment a new Open Trading Protocol designed to boost consumer commerce on the Net.

The two largest providers of SET software, IBM and VeriFone (now a unit of Hewlett-Packard) announced that their SET software for consumers and merchants now interoperates.

Mark Greene, vice president of e-commerce for IBM, also said VeriFone and IBM will publish on February 2 a reference guide to encourage SET software interoperability among all vendors. The joint interoperability work between IBM and VeriFone has drawn fire from some smaller SET vendors, but publishing the interoperability guide may diffuse such criticism.

Greene also said that NationsBank, the third largest U.S. bank, last week performed the first SET transaction in the United States based on version 1.0 of the protocol; other U.S. tests have used a trial version of SET. NationsBank's transaction charged a customer of MasterCard, which developed SET with Visa.

MasterCard and Mondex, its ecash-on-a-smart-card subsidiary, also are backing the OTP protocol, which aims to standardize how consumer purchases are made on the Net. It is intended to provide a consistent buying format regardless of hardware, software, and payment type.

OTP is designed to supplement, not compete with, other Internet commerce protocols, including SET and the EMV specification for payments with smart cards. It defines how offers to sell are made, how buyers initiate purchases, delivery, digital receipts, dispute resolution, and after-sale support.

OTP is in an open comment period now.

In other announcements addressing Internet financial transactions:

  • C2Net Software announced that banks in Germany, Italy, and Australia are using its strong encryption products, its Stronghold server software, and its SafePassage client software for online banking.

  • CertCo, a certificate authority software firm, said it has won U.S. approval to sell its CA software overseas to banks, approved financial institutions, multinationals, and telcos. CertCo also said Digital Signature Trust, a Utah-based CA, is using CertCo's CertAuthority software.

  • Entrust Technologies, which markets CA software for issuing digital certificates, said Canada and Singapore's National Computer Board have signed an agreement to coordinate e-commerce policies on digital certificates. Aiming to boost cross-border Internet commerce, they will cross-certify their infrastructures for digital IDs. Both use Entrust's public key infrastructure software.

  • Rainbow Technologies and VeriFone said they will collaborate so that Rainbow's CryptoSwift cryptographic accelerator board can be used to speed encryption functions in a future version of VeriFone's vPOS SET merchant "cash register" software. Rainbow signed a similar deal with RSA Data Security to accelerate RSA's S/Pay toolkit for building SET transactions.

  • GlobeSet and Hypercom, both SET software vendors, announced that their software now supports Atalla's crypto accelerator hardware, called PayMaster. Using hardware to encrypt and decrypt SET transactions is faster and more secure than using software only.