Disclaimer: This information comes from sources that cannot be verified. As such, make no assumptions about its completeness or accuracy. We endeavor to keep this information up to date as much as possible. Feel free to send comments/ updates to the Security News Editor.

November 03, 1997, Section: News

HP ships encryption software in Net-commerce push

By Terry Costlow

Menlo Park, Calif. - Taking a big step toward boosting commerce over the Internet, Hewlett-Packard Co.'s VeriFone last week began shipping products based on the Secure Electronic Transaction standard. Several major banks have pledged support for the encryption scheme, developed by Visa and MasterCard.

VeriFone, which supplies card readers, also has established links with certificate-authentication authorities that will provide digital signatures so that retailers, consumers and banks all know they are dealing with legitimate entities. By providing the signatures and encrypting communications, VeriFone believes it is providing the key piece of the infrastructure puzzle for electronic commerce.

"The banks and agencies we are working with are backed up by over 200 world banks, and they have access to millions of merchants," said George Hoyem, general manager of VeriFone's Internet Commerce Division. "I think next year we will see a number of merchants coming online, and in two years we'll see a number of consumers making transactions over the Internet. The lack of security is the main thing that has held back consumers who want to use the Internet."

Now that Secure Electronic Transaction technology is being integrated into personal computers, point-of-sale systems and banking computers, consumers will have the same assurances that they do when they use their credit cards in retail stores.

" This is the first time that the credit-card companies have said this is safe, and they will back it up by standing behind Internet commerce," Hoyem said. "Because this is now a credit-card-backed product, they will stand behind it with the same $50 fraud protection that is offered for regular credit-card transactions."

Lists transactions

VeriFone's offerings address three aspects of secure transactions. The first is called vWallet, software for consumers that handles encryption and stores a list of transactions. It also signs each transaction with the certificate that consumers will get from a licensed issuing agent.

"The wallet comes to consumers without a certificate. They will have to contact the certificate services associated with their credit-card issuer," Hoyem said. "The user will then type in a code and the certificate service will download their certificate. This certificate will be stored in the wallet using the same encryption used in the system. It will also be password-protected."

At the point of sale, vPOS software will be linked to the Web storefront, providing encryption/decryption and storing certificates that assure consumers they are dealing with a retailer who has been certified to make Internet transactions. The latter aspect is critical for Net commerce because consumers have no certainty that Web sites are run by legitimate entities.

The third leg of VeriFone's strategy is an Internet gateway for financial institutions. A number of banks, including Bank America, Wells Fargo, the Royal Bank of Canada and Sumitomo Credit Services, plan to adopt VeriFone's Secure Electronic Transaction offerings.