Seeking to address users’ demands for transaction security on the Internet, a consortium of financial and software companies, led by MasterCard International Inc and Visa International Inc, last year proposed a technical specification. The first draft of the Secure Electronic Transaction, SET, protocol was published in June 1996, and the first version should be released in June 1997. But because of the importance of credit card shopping to the suppliers, companies such as IBM Corp, Netscape Communications Corp and Microsoft Corp are already implementing SET.
By Jessica Twentyman
SET members decided that to provide adequate security for Internet transactions, three main issues must be addressed. First, the authenticity of both cardholder and merchant must be established. Second, the integrity of the order data must be maintained across the network. Last, the data must be delivered in such a way that only the intended recipient has access to it. SET is almost guaranteed success. It fulfills all the criteria for a successful standard; it is open, can be easily adopted by any supplier, is consistent with the existing infrastructure for credit card payments, and has the backing of a number of influential participants. Along with MasterCard and Visa, the protocol has already been endorsed by American Express, Discovery and JCB credit card organizations. Furthermore, SET is already being incorporated into ‘merchantware’ products, the server-based software used by traders to support Internet transactions. The backing of these major vendors, say analysts, will help to legitimize the concept of Internet shopping. Unlike the Secure Socket Layer, SSL, security protocol, which is currently supported in products such as Netscape’s Navigator, SET attempts to solve several problems, such as authentication, encryption, and providing a method of linking to settlement systems. The SET protocol has been developed using security systems developed for use in electronic data interchange, EDI, private networks. The first stage of a SET transaction is for the buyer and the seller – the consumer and the merchant – to identify each other.
Trusted third party