This website uses cookies primarily for visitor analytics. Certain pages will ask you to fill in contact details to receive additional information. On these pages you have the option of having the site log your details for future visits. Indicating you want the site to remember your details will place a cookie on your device. To view our full cookie policy, please click here. You can also view it at any time by going to our Contact Us page.

Internet security innovation could eradicate online fraud

02 November 2012

Physicists at the University of Strathclyde and Heriot-Watt University have developed a way of using light particles to verify internet transactions.

Dr John Jeffers

The team believe their discovery could help tackle the huge burden of e-crime, which is estimated to cost £205 million in the UK retail sector alone.

Strathclyde's Dr John Jeffers said: “The systems which currently underpin the security and authentication of internet transactions - founded on complex mathematical formulae - can be cracked and are therefore vulnerable to e-crime, such as fraud. Our research represents a major breakthrough by demonstrating - via the laws of quantum physics - how the security of online transactions and communications can be virtually guaranteed."

The study, published with free open access in the journal Nature Communications,shows how the fundamental particles of light (photons) can be used to verify the security and authenticity of any transaction or communication with a 'digital signature'.

Currently, digital signatures underpin Internet shopping, electronic banking, electronic voting and many software updates. Whenever the padlock symbol is displayed in a web browser, digital signatures are in use.

However, with traditional online security, these signatures are based on mathematical formulae and can be cracked, potentially leading to fraud and other online security breaches. Quantum digital signatures use a different approach which guarantees the authenticity and origin of messages.

Professor Gerald Buller, of Heriot-Watt University, said: “Computer virus attacks have shown that ‘signatures’ or specific codes can be hijacked, potentially causing chaos with systems being crippled, accounts hacked, and industry and consumers losing millions of pounds. Our new approach, using quantum mechanics rather than just maths to create signatures for multiple recipients (or customers), and could make hacking, fraud and theft near-impossible.”

Recent estimates place the value of 2011 online UK retail sales at a minimum of £25 billion, according to the Office of National Statistics, and as high as £50 billion, the Centre for Retail Research suggested.

E-crime is the biggest emerging threat to the retail sector, according to the British Retail Consortium’s recent report. Launching this study in August, BRC Director General Stephen Robertson said: “The rapid growth of e-commerce in the UK shows it offers great benefits for customers but also new opportunities for criminals...resources must be directed to e-crime in line with the emerging threat. This will encourage retailers to report more offences and allow the police to better identify and combat new threats.”

Quantum-based secure signatures mean that an 'eavesdropper' – a malevolent third party listening in – cannot fake a signed message which is being sent to multiple recipients. The technology works in the following way:

- The sender writes the signature with encoded light particles and sends it to the receiver
- The receiver cannot yet read the signature. However, it can be sure it received an authentic signature
- To confirm a message is authentic and to also read it, the receiver has to receive both the message (the “signature”) plus additional information required to decipher it
- The multiple receivers confirm that they have received identical signatures - only then does the sender provide the additional information required to read the signature
- This process takes place without the user (a shopper, for example) being required to do anything differently to current security methods.


Contact Details and Archive...

Print this page | E-mail this page