Rethinking ecommerce security: security experts asked to redesign credit card payments

By Andy Oram
June 26, 2009

Ed Bellis, the chief information security officer at Orbitz, is trying to design a secure online system for credit card payments. His goal is an electronic payment system that:

  • Is secure by design, without reliance on additional controls outside the payment system
  • Does not require major additions to current systems of payment processors or merchants
  • Does not require major additions to clients or mass deployments of new software or hardware
  • Is easy for consumers to use

Ed wrote a chapter for the O'Reilly book Beautiful Security about online payments. In this chapter he evaluates the various security systems currently in play (3-D Secure, Secure Electronic Transaction, virtual cards such as PayPal) and suggests the outlines of an improved system.

On the O'Reilly Commons site he has started a new wiki open to anyone who is knowledgeable about security.

You might also be interested in:

News Topics

Recommended for You

Got a Question?