Tech mismatch leaves m-commerce struggling

M-commerce transactions are being slowed down because the encryption standards employed by most websites are not compatible with those used in mobile devices.

According to top security experts, the basic encryption standard currently incorporated in most internet transactions - secure sockets layer (SSL) - is not compatible with wireless transport layer security (WTLS), deployed in most handheld devices such as mobile phones and PDAs. Jeffrey Robinson, manager of corporate development at RSA Security, said: "There's nothing wrong with WTLS except that it is not compatible with SSL. So all WTLS messages must be converted into SSL before an ecommerce site or corporate network can read them. This can slow the whole process down." Sandra England, president of Network Associates' encryption software division PGP, agreed. "Yes, at the moment a lack of interoperability exists, which slows down the performance. But as PDAs and mobiles get more processing power, the devices should soon be able to read SSL directly," she said. But even with increases in processor power, doubts remain over the future of some M-commerce transactions. Ian Walker, technical director at public key infrastructure specialist Entrust, claims SSL on its own - even if deployed end to end - may not be secure enough for all m-commerce transactions. He said: "SSL, or other similar types of encryption, does provide some level of authentication, but it only secures the data whilst in transmission, not once it's arrived to its destination. It should be secured from start to finish."