Central banks from 10 nations have issued a report which concludes that several forms of electronic payment systems, such as smart cards and encrypted credit card payments over the Internet, are not completely safe. Governors from central banks, including the US Federal Reserve, the Bank of England, Deutsche Bundesbank and Bank of Japan, joined with computer security experts in November 1995 to form the Committee on Payment and Settlement Systems (CPSS). Within the CPSS, the Task Force on Security of Electronic Money was established in October 1995.
The committee has spent the last 10 months examining how safe it is for consumers to pay for products and services over the Internet or with a smart card by meeting with vendors of electronic commerce security products and conducting studies using the various payment methods, says a spokesman for the Federal Reserve Bank.
The overall conclusion of the report is that "measures exist which would enable the risks inherent in using these (electronic payment) products to be controlled ... however, there is no single security measure or set of measures that can be says to provide a guarantee of complete protection," according to a summary of the report.
The task force concluded that smart cards, since they are hardware-based and tamper-resistant, are the most secure forms of electronic payment available today. Unfortunately, research also found that such systems were the most costly to implement.
The task force found cryptography and the use of certificates to be a relatively safe method of payment because of the involvement of third-party "key" holders who monitor and trace individual transactions from a central database. But it couldn't give its full stamp of approval due to the limited levels of encryption available today. However this sort of monitoring provides a high level of consumer protection against fraud, the officials says.
Since the task force realised that "cryptographic key lengths used in electronic money products are expected to increase as processing speeds rise," future studies could find systems based on encryption nearly 100 percent safe, according to the summary.
The kind of electronic payments the task force found least safe were so-called e-cash transactions, where virtual money is transferred between a consumer's PC and a vendor's system. Researchers found that while the transaction could be secured with encryption, lack of a third-party system to monitor transactions offered no protection against fraud for consumers.