The Web    Google
New nCipher Product Targets Online Payment Card Fraud

New nCipher Product Targets Online Payment Card Fraud
September 17, 2002

nCipher plc on Monday announced a hardware-based security module intended to help banks, payment processing service providers and credit card issuers to meet emerging security standards.

nCipher's payShield is a version of the company's nShield security module outfitted with payment processing software from either of two partner firms, Arcot Systems and Cyota. The hardware device is intended to provide a secure environment in which to protect cryptographic keys and perform authentication processes, offloading such tasks from Web and other servers.

"Putting any kind of crypto software on a server is a risky proposition," says Richard Moulds, vice president of marketing for nCipher, based in Cambridge, England. "Secrets can be extracted and manipulated from desktops and servers."

payShield is intended to meet the requirements of online security initiatives launched recently by MasterCard International and Visa. MasterCard's Authentication Program and the Verified by Visa program both involve having customers enter some form of password or secret along with their credit card number, akin to using a PIN with an ATM card.

Implementing the schemes involves sending several encrypted messages between the consumer, the online merchant and the bank that issued the consumer's credit card. The final approval by the issuing bank is sent via a digitally signed message. MasterCard and Visa both mandate the use of hardware security modules to perform many of these cryptographic functions

payShield is one such platform. It performs functions including the encryption for the temporary SSL connection between the issuing bank and the merchant, as well as a comparison between the password submitted by the customer and the one stored in the issuing bank's database.

"That's critical," Moulds says. "If someone can usurp that process, they could produce a bogus authorization."

In all, about 10 cryptographic processes take place for each authorization, Moulds says, noting payShield can support about 150 authorizations per second.

The payShield box starts at about $25,000 and is now in beta test with Arcot and Cyota software. It is expected to be generally available by the end of the month.

  • Symantec, Nortel Play Team Defense
  • 10/21: Bloodhound.Exploit-17 Detects Files
  • 1/3: Gift-C Worm Spreads Via Email
  • 3/8: SymbOS/Commwarrior-A Hits Nokia
  • Navy Disciplines Midshipmen Pirates
  • Botnets: Who Really ''Owns'' Your Computers?
  • Keeping Score of Identity Risks
  • 5/2: Oscarbot Virus Spreads a Hyperlink
  • How Spyware Took the Next-Gen Threat Crown
  • Enforcer 3.1 Bars Unsanctioned IM, P2P Access
  • Alliance Formed to Finger Hackers
  • Security Camera Price