In response to increasing pressure by the bankcard associations, Visa and MasterCard, to improve the security of online credit and debit card payments, Cyota Inc. of New York is rapidly signing up major banks and acquirers across the country to its SecureSuite service.

SecureSuite is being offered as an Application Service Provider (ASP) model to issuer banks that supports Visa's Verified by Visa (VbV) service, MasterCard's Secure Payment Application (SPA), and other card security mechanisms intended to help eliminate card fraud and unnecessary costly processing related to card-not-present transactions.

In December 2001, Bank of America launched the VbV service to their cardholders and in January 2002 First USA Bank launched VbV to First and Bank One cardholders. In January, Visa began a nationwide TV advertising campaign for Verified by Visa to increase awareness and encourage cardholders and merchants to sign-up and participate.

Both banks are employing the SecureSuite ASP system and are preparing to use SecureSuite for SPA support when MasterCard begins mandating their issuer banks to use SPA on all Internet card transactions this spring.

SecureSuite is a ground-breaking processing platform that permits participating banks to offer an array of existing and emerging secure payment technologies in a single integrated package. SecureSuite may also be implemented internally within a bank's processing network, as TSYS in Georgia has done for the banks it supports. Today, SecureSuite currently offers:
  1. SecureVbV - Verified by Visa support
  2. SecureMPA - MasterCard's Secure Payment Application (SPA) support
  3. SecureDebit - Maestro debit card network support
  4. SecureClick - Surrogate credit card numbers that mask the real underlying credit card numbers from the merchant processor
  5. PayMatch - Procurement card support for corporate purchasing cards that integrates surrogate card numbers with line-item-details to simplify the matching of purchase orders and payments data.

A number of large retailers have already signed up to offer VbV to their customers. A current list of these retailers may be found at Visa's Verfied By Visa Web site. Merchants who wish to participate in VbV need only sign up with their acquirer and install Cyota's Merchant Plug In (MPI) on their e-commerce systems.

Cyota is hoping to offer a one-stop-shopping service to card issuer banks that are being forced by the payment associations to support a number of new and incompatible payment protocols and technologies that secure all forms of Internet charges. In an effort not to repeat the painful mistakes made with the heavyweight Secure Electronic Transaction (SET) protocol, Cyota is leading the way with a solution that offers a rapid implementation path to accelerate time-to-market demands.

Cyota began offering the SecureClick surrogate card numbers to issuer banks in 1999 and eventually began delivering SecureSuite as a complete and extensible system that hides the implementation details of the various protocols from bank system and merchant e-commerce system developers, and vastly simplifies integration tasks. Cyota is also planning to support SmartCards within the SecureSuite in preparation for mass-market issuance and acceptance within the US.

The company also is planning SecureMobile as a SecureSuite offering to support wireless PDA and mobile phone payments as the technology matures, improves, and moves into the mainstream.

You can participate in Cyota's Verified by Visa invitation and view the SecureVbV demo. You can also find out more about SecureSuite at the Cyota Web site.

Only time will tell how rapidly consumers and merchants will take advantage of new secure payment processing capabilities, but one thing is certain now that was rather hazy when SET was the buzz -- Cyota and SecureSuite are making it faster, cheaper, and easier for everyone to get into the game.

This column was first published on, an site.