The ATM Forum international consortium recently approved the first version of its security specifications aiming to protect communications over Asynchronous Transfer Mode (ATM) networks by offering data confidentiality, partners authentication, etc. This paper describes the architecture of one of the first ATM Forum compliant security prototypes being currently developed in the European project SCAN (Secure Communications in ATM Networks). Additionally to the security management functions specified by the ATM Forum to exchange encryption keys and negotiate security services, SCAN implements the possibility for end-users to modify the data flow encryption algorithm during a connection in progress, and the possibility to keep the encryption algorithm choice confidential. Moreover a flexible implementation is offered allowing future users to develop their own security protocols and their own ATM security monitoring applications.