MasterCard International has aligned itself with Netscape Communications Corp. to ensure security of credit and debit card transactions over interactive networks.
The alliance opens a new frontier of the bank card associations' rivalry. Visa International had previously announced an agreement with Microsoft Corp. to develop a credit card security standard for on-line networks.
MasterCard and Netscape said they will develop an interface to authorize and clear card transactions made on the vast, interconnected cluster of computer networks known as the Internet. Using available data encryption technology, the companies plan to extend this capability to all MasterCard merchants and cardholders as early as midyear.
The urgency for transaction-security standards is driven not only by competition in this area, but by the fact that transactions are already taking place - often without a prudent level of security.
"Commerce is already happening on the Internet," said Edward J. Hogan, a MasterCard senior vice president. "It's time for us to bring some order to the proposition."
Visa grabbed the public spotlight in November by teaming with Microsoft, the dominant computer software company. But that did not necessarily assure Visa a premier position in data security.
In an interview days later, Eugene Lockhart, MasterCard's president, revealed that his association "got the same call Visa did," but had chosen not to participate. Mr. Lockhart and his counterpart at Visa, Edmund Jensen, have publicly agreed not to let competitive factors stand in the way of banks' on-line security needs.
Although Mr. Hogan stated that "Visa cannot standardize MasterCard," he did say that both associations and banks that are individually pursuing on- line transaction security would probably come to cooperate on guidelines.
Netscape, the provider of a popular piece of software for navigating across the Internet, has been trying to play a leadership role in bringing data encryption to bear on electronic commerce. It has also announced alliances with First Data Corp. and Bank of America.
Netscape has competition from Microsoft as well as recent startups like Open Market Inc. and First Virtual Holdings Inc., which build "electronic malls" that require payment infrastructures.
James H. Clark, the chairman and chief executive of Netscape, said there are four progressive levels of data security.
The first type is unsecured transactions - those conducted without encryption or merchant verification of any kind, as is true of many Internet transactions until now.
On the next level, data is encrypted, or scrambled to prevent illicit interception, between the customer and the bank or merchant. This security is already being put in place by companies like Netscape.
MasterCard and Netscape are hoping to take security to the third and fourth tiers.
The third, which the partners hope to make available by mid-year, combines a personal identification number and merchant authentication with the data-scrambling. While other technology providers may be able to protect credit transactions, Mr. Clark maintains that debit transactions will require at least this degree of surety.
The fourth level would also integrate a digital signature - a complex number, often thousands of digits long, and encrypted in transmission - with the other safeguards. This is not likely to become available until next year, Mr. Clark said.
He stressed that none of these measures is meant to be proprietary, and that security of some kind has already become essential in electronic commerce.
"The Internet is like a telephone party line," he said. "Almost all information is snoopable."
