Reuters New Media [ Yahoo | Write Us | Search | Info ] [ Index | News | World | Biz | Tech | Politic | Sport | Scoreboard | Entertain | Health ] _________________________________________________________________ Previous Story: Digital TV Sets Off High-Definition Race Next Story: NTT Data, MCI To Start Internet Roaming Service _________________________________________________________________ Thursday April 10 10:03 AM EDT Internet Security Code Said Vulnerable To Hackers By David Morgan ATLANTA - The new security protocol for safeguarding credit-card transactions on the Internet may have to change because the underlying cryptography is too easy to hack through and too difficult to upgrade, an expert says. Steve Mott, senior vice president of electronic commerce and new ventures for MasterCard International, said it could take hackers as little as a year to break the industry's standard encryption code, which is supposed to render credit-card numbers unreadable to outsiders on the Internet's World Wide Web. For that reason, the consortium of technology companies and creditors that has spent two years developing the Secure Electronic Transaction (SET) protocol may switch to a faster encryption system called Elliptic Curve, which is produced by Certicom Corp. The first complete version of SET, known as SET 1.0, will be available to software makers June 1 with core cryptography provided by RSA Data Security, a unit of Security Dynamics Technologies. "RSA is a very good starting point. But we suspect that in a year or two, the Kevin Mitnicks of the world will start to figure out ways to hack it," Mott said. Mitnick is one of the most notorious computer hackers. "The only way you scale an RSA is to add a lot more bits. You add a lot more bits and it becomes more complex software in terms of the interaction of the transaction messages. That's part of what's taken SET so long to start with." MasterCard has been helping put together merchants with its own member banks for SET pilot projects in Denmark, Japan, Taiwan, South Africa and the United States. Mott told a news conference at the Internet Commerce Expo that the Elliptic Curve encryption system would make a better encryption core. In fact, he said it would have been chosen in the first place if developers had been known about it. "It will fit on a chip card. I think its 160 bits equals security to 1,024 bits of RSA," the credit industry executive said. "We anticipate putting it into some SET 1.0 pilots in the very near future this year in the U.S." Copyright, Reuters Ltd. All rights reserved _________________________________________________________________ ________________________ ___________ Help _________________________________________________________________ Previous Story: Digital TV Sets Off High-Definition Race Next Story: NTT Data, MCI To Start Internet Roaming Service _________________________________________________________________ [ Index | News | World | Biz | Tech | Politic | Sport | Scoreboard | Entertain | Health ] _________________________________________________________________ Reuters Limited Questions or Comments