Disclaimer: This information comes from sources that cannot be verified. As such, make no assumptions about its completeness or accuracy. We endeavor to keep this information up to date as much as possible. Feel free to send comments/ updates to the Security News Editor.

October 27, 1997, Section: News & Analysis

MasterCard Gets SET For Online Business

By Matthew Friedman

SET is open for business.

The Secure Electronic Transactions protocol is now available to MasterCard's member banks, ending the long wait for a standard security and authentication scheme for online credit card transactions.

Steve Mott, MasterCard's senior vice president for electronic commerce, said last week that the company has completed its trials and is authorizing the use of SET to member banks and, in turn, its merchant and consumer customers.

"We plan to press a mass deployment program to get thousands of merchants up in the coming year," Mott said.

To do that, MasterCard is launching a series of merchant promotions and consumer education campaigns, he said. Among the campaigns are the "Shop Smart" promotion, which encourages consumers to patronize online merchants employing what Mott calls "best security practices," as well as a program to encourage merchants to move to systems based on SET 1.0, a specification published in June.

But David Marshak, a vice president at the Patricia Seybold Group, said intangibles such as market acceptance and merchants' perceptions of security will be a far greater challenge than SET's technological development.

"Even if the technology works as advertised, without confidence from consumers and merchants, it's not important," he said. "The perception of security is far more important than the reality."

Moreover, it would take just one security breach to derail the implementation process. Still, Marshak is confident that MasterCard and other credit card companies will be able to deploy SET and encourage merchants and consumers to use it, pointing out that it will be the credit card companies' logos and reputations-and not the protocol itself-that will create the market's confidence.

"It's not going to be insecure Internet commerce one day and then suddenly secure commerce the next," he said. "There will be a gradual increase in confidence before SET builds critical mass-and that's going to take some time."

Visa International, which co-developed SET, is moving more slowly. "We're not in a race," a spokesman said. "Deployment will happen when the software and tools become available."