A method and system for secure communications in a mobile commerce system having a pre-defined communications protocol. The method and system are backward compatible, providing reader configured to distinguish between a first type of transponder using an unencrypted protocol and a second type of transponder using an encrypted protocol. The reader determines the type of transponder and alters its communications protocol accordingly. The encrypted protocol provides for encrypted communications within the constraints of the existing pre-defined communications protocol.