On a key element of payment security for the Internet the Secure Electronic Transaction (SET) protocol American Express, MasterCard and Visa are of one mind.
They made a show of unity recently about the SET standard for securing credit card transactions on the Internet before a high-tech industry gathering in New York.
Mr Steve Herz, senior vice-president of Internet Commerce at Visa International said, "merchants can use SET to broaden their trust in the marketplace. The merchant can actually leverage the trust of global payment system and make more sales."
For consumers, said Mr Jim Degracia, vicepresident of electronic commerce for American Express, "SET provides many benefits" including "assured privacy of their messages. It really is appropriate to embrace the robustness of SET. It provides authentication for both sides of the transaction.
"SET allows one way of doing business that satisfies everyone," said Mr Alan Glass, senior vice-president of electronic commerce at MasterCard International. "It is global and universal."
The trio were clearly aware of the sniping about SET's technical merits and slowness to market. Some critics say the current version, SET 1.0, is already outmoded and must quickly give way to a more sophisticated 2.0 level which is due out sometime this year. Others say the effort could just as well be scrapped.
"Had they got this out last year, it would have been a great thing," said Mr David Weisman, new media research analyst for Forrester Research in Cambridge, Massachusetts. "But their whole approach, from the technology to the marketing, has been bungled."
Supporters maintain that SET will eventually prevail because it replicates payment habits and relationships from the physical world, meets financial industry risk management requirements, and will otherwise prove superior to the most common current Internet security method a protocol called Secure Sockets Layer, or SSL.
For now, consumers can buy goods over the Internet using SSL which is a channel encryption that stops eavesdroppers when data is in transit. SET, an enhanced version of that protocol, protects data when it is idle as well as in transit. It can also verify if a seller is a bona fide merchant.
As a single standard SET is supported by the payment industry. About 880 organisations in more than 80 countries provided input to devising the standard and 150 financial institutions in 34 countries are in pilot. There are currently about one million SET cardholders in Brazil and several thousand in Europe.
What the payment industry is hoping to do, in effect, is transpose the best ways with which people pay in the physical world to the virtual world. Paying in the virtual world shares some of the characteristics of conducting mail/telephone orders and ATM transactions.
The main concerns, though, are how to make a payment and process it when it's a small dollar amount. Electronic cash or a chip card could be efficient for micropayments and cost-effective for merchants. But the benefit of SET, the proponents say, is that it can support any transaction made by any payment method.
While consumers can feel comfortable that SET will keep their credit card numbers off the global network, "the bottom line from the financial institution's position is that SET's infrastructure will allow the guaranteed payment", said Mr Degracia of American Express.
He contended that with a shift of liability towards merchants for fraudulent transactions, they will come to prefer SET over SSL transactions.
Mr Herz pointed out that Visa and MasterCard do not have to worry about a key aspect of SET issuing digital certificates for authentication of buyers and sellers, which is a card-issuer responsibility. American Express, as an issuer directly to consumers, is in a position to make a difference here.
"Expect to see a flurry of [certificate] activity in the next three to six months," said Mr Degracia.
For now, Mr Herz said, Visa is focusing on merchant and consumer education about SET. "I anticipate it will accelerate over the coming months as more financial institutions adopt it. You are not seeing financial institutions drive a massive rollout yet, but eventually you'll see them put communication muscle behind it.
"We tend to write rules on how products and services work, but not when," said Mr Glass. But he added, "we're looking for ways to push, pull and spiral to get cards activated".
