Ed Bellis, the chief information security officer at Orbitz, is trying to design a secure online system for credit card payments. His goal is an electronic payment system that:
- Is secure by design, without reliance on additional controls outside the payment system
- Does not require major additions to current systems of payment processors or merchants
- Does not require major additions to clients or mass deployments of new software or hardware
- Is easy for consumers to use
Ed wrote a chapter for the O'Reilly book Beautiful Security about online payments. In this chapter he evaluates the various security systems currently in play (3-D Secure, Secure Electronic Transaction, virtual cards such as PayPal) and suggests the outlines of an improved system.
On the O'Reilly Commons site he has started a new wiki open to anyone who is knowledgeable about security.