Internet merchants are rubbing their hands in anticipation of the holiday season, but one key element of online shopping remains missing. It won't be a SET Christmas.
SET (Secure Electronic Transactions) is protocol for secure online credit card purchases. Visa and Mastercard, who shepherded SET through two-plus years of development, say it's critical to confidence in e-commerce.
But this week, American Express, which endorses SET, launched its online initiative largely sans SET. Instead, Amex is promoting credit card purchases by having buyers send their card numbers across the Net using the widely accepted Secure Sockets Layer (SSL) protocol. When SET is ready, said Amex, it'll add the spec.
Indeed, consumers are already spending millions on the Net without SET. Bookseller Amazon.Com, which makes virtually all its sales through credit cards numbers sent over the Net, reported $65.8 million in revenue in the last six months.
Overall usage of credit cards online is hard to quantify, largely because the card companies don't separate online sales from other kinds. Jupiter Communications estimated that online shopping generated $706 million last year and will reach $7.3 billion by the year 2000, when half of the online purchases will be made with cards.
Harold Wolhandler, research director at market researcher ActivMedia, projects about $1 billion in credit card sales over the Net this year.
In other words, consumers aren't waiting for SET--they're buying now.
"The importance of SET is not the technical value but the full endorsement of the financial institutions of the United States behind Internet commerce," said Wolhandler, who argues that mainstream consumers are still waiting for their banks to deem Internet commerce safe.
"They're still engaged in the myth that it's not safe to shop online," said Wolhandler, who has proprietary research for Visa on consumer attitudes about online shopping. "I think of SET as extremely important as a starting point for psychological reasons."
Indeed, he estimates that Web-related sales this year will top $4 billion, many of them from buyers who identify purchases at a Web site, then dial an 800 number to complete the purchase.
What's holding up SET?
First, it took longer to finalize the spec than either Visa or Mastercard expected. Version 1.0 was finalized June 1, and very small-scale field trials began then.
But virtually all the trials have been based on an earlier version of the protocol. On October 15, Visa announced the world's first transaction using the 1.0 version of the specification. This week MasterCard declared that SET's pilot phase is over, and it's moving into implementing SET 1.0.
But implementation isn't likely to come quickly. Even if SET merchant software is ready now, as IBM and several other vendors insist, U.S. merchants are now entering their busiest season of the year. Most don't want the added burden of setting up SET software until at least January.
Buyers also need special software, both a "wallet" and a digital certificate, to conduct a SET transaction. Wallets will be built into Web browsers and available from many banks, but it will take time to widely proliferate the special software.
In fact, most of the limited number of SET digital certificates issued for SET trials around the globe will expire November 15. Anyone with a 0.0 certificate must upgrade to version 1.0 after mid-November to make any purchases.
Integral to SET is the notion that any buyer's software wallet will work with any merchant's SET "cash register," but interoperability issues remain. After an all-day session Wednesday with SET developers, Visa announced a "summit meeting" next month on interoperability testing.
For reasons like those, American Express isn't waiting for SET to begin its e-commerce push. It has "gateways" in place for both SET and SSL transactions to connect Internet merchants to the Amex processing system.
"We endorse both SET and SSL," said John Galifi, director of e-commerce for American Express' merchant unit. "As soon as we are comfortable with SET in fully implementable mode for both card members and merchants, we will have it."
Amex has been far quieter about SET than Visa or Mastercard, but Galifi insists American Express isn't lagging behind its bigger rivals.
"Those associations announce a lot of capabilities before there's an actual tangible product," Galifi said. "We do not announce or release information until it's available to the marketplace. We don't announce vaporware."
The two bigger card companies haven't thrown their full weight behind online shopping yet. Though, officially, they still discourage consumers from using their cards online, neither is shouting that message anymore.
Instead, they're stuck in the ambiguous position of saying SET is necessary for safe commerce while processing millions of dollars in non-SET card purchases.
"Large volumes of transactions are being done through SSL encryption only, and it'll be quite a while before the world is using SET for card standards," said Scott Smith, e-commerce analyst at Current Analysis. "I've given up trying to guess when."
In the end, SET's success depends on Visa and Mastercard, who created the spec on behalf of their member banks.
"It's the payment associations' cards, so it's their network and their ballgame," said Smith. "They could do more to speed Internet commerce by pushing harder. This is one of those environments where messages are important, for both merchants and consumers."