Collaboration on online shopping security

The real impact has been made recently by the credit card associations themselves, working with the banks to deliver a secure infrastructure.

To most consumers, the internet doesn't feel very secure. Flaky dial-up connections, unhelpful service providers, offline websites and unreadable pages hardly inspire confidence in the online world.

Just as real-world banks created an impression of strength and trustworthiness by building solid, secure offices and branches, online financial services companies are working to build infrastructures that will inspire equal confidence.

However, these visible manifestations are harder to reproduce in the online world, where the only indication of security is a small padlock or key in the corner of a web browser window.

What users do trust is familiar credit card brands. They are confident the powers behind the plastic will process the transaction, and a recognisable name will appear on their statement.

The need for a secure infrastructure has been apparent for several years. But in the early days of e-commerce, it was not clear who should lead the efforts, or how much the consumer needed to know about them.

Previously, proposed architectures such as secure electronic transactions offered strong security, but were difficult to use and implement, and required an unrealistic knowledge of internet security on the part of the merchants and consumers.

Other infrastructures, based on technology such as public key infrastructure, have been offered by a number of service providers, with limited success outside the corporate enterprise.

The real impact has been made recently by the credit card associations themselves, working with the banks to deliver a secure infrastructure and giving clear leadership.

Visa's 3-D Secure programme, also known as Verified by Visa, and MasterCard's SecureCode, are two examples. In response, security vendors have grouped together to offer packages of equipment, hardware and software that meet their specific demands.

Verified by Visa offers direct, secure communication between the customer and issuing bank, eliminating the possibility of merchant fraud.

When shopping at a participating internet merchant, cardholders will be put in contact with their issuing bank, where they will be required to enter their password to authenticate payment and complete the transaction. This significantly reduces the likelihood of fraud by deception.

Close cooperation between all parties can help create a network that will allow consumers to shop online with confidence.

Alex van Someren is chief executive of nCipher.