1998 could be year of SET

Up to 10,000 merchants could be using credit card transactions under the SET protocol this year, a MasterCard executive says.

3 min read
SAN FRANCISCO--As many as 10,000 Internet merchants could be accepting online credit card transactions under the Secure Electronic Transactions protocol by year's end, MasterCard's top executive for Internet commerce predicted today.

"Frankly, I think 1,000 merchants would be enough for widespread commerce," MasterCard vice president Steve Mott said in an interview. If major players such as WalMart, Lands' End, and big bookstores back SET, consumers could buy a wide range of goods online. He figures 1,000 Web storefronts could sell 80 to 90 percent of what consumers want to purchase.

George Hoyem, a vice president at major SET vendor VeriFone, thinks 10,000 SET-enabled merchants by year's end is "highly likely." But he measures SET success as hitting 200,000 SET merchants, not 1,000.

Both MasterCard, owned by banks offering the cards, and VeriFone, now a division of Hewlett Packard, will benefit financially if SET takes off.

Speaking here at the RSA Data Security conference, Hoyem also strongly urged MasterCard and Visa, architects of the SET protocol, to move quickly to offer Internet merchants incentives to do SET transactions, saying efforts to date by the card companies fall short of what is needed.

"We are encouraging the credit card companies to lower the exchange rates," said Hoyem, referring to the rates banks charge merchants for handling card transactions. "People are not going to make the jump to SET unless card companies advantage the transactions."

Hoyem argues SET transactions are safer than presenting a credit card in person, so merchants should pay less for SET payments than so-called card present transactions.

MasterCard's Mott also argued that widespread use of SET is important not for the protocol itself, but as a proxy for online purchasing, which can benefit both buyers and sellers.

"Frankly, if SET serves as a metaphor for online transactions, I don't care how many SET transactions get done," he said.

Mott also disclosed that MasterCard and a major U.S. bank will launch a pilot in March to test the use of elliptic curve cryptography (ECC) with the SET protocol. That would have broad implications for rivals of encryption powerhouse RSA, whose crypto algorithms are the only kind now supported under SET version 1.0.

Mott said the pilot will compare the speed of SET transactions using RSA encryption and three different forms of elliptic curve crypto, which many regard as faster and more appropriate for certain uses.

Separately, another MasterCard source said the card company will launch a U.S. smart card pilot in April that allows multiple uses of smart cards--frequent-user loyalty programs, for example--in addition to e-cash.

That trial will involve using the so-called MultoOS operating system from Mondex, an e-cash firm in which MasterCard owns a controlling interest. The new trial would supplement one currently under way in Manhattan to let 40,000 consumers use e-cash on smart cards for purchases with local merchants.

Mott said the March SET trial with elliptic curve crypto illustrates how future versions of the SET protocol will evolve.

Finalized in May 1997, SET 1.0 is only now being used in trials--earlier this week, NationsBank (NB) announced the first 1.0 transaction in the U.S. Most SET trials have used test version 0.0.

Instead of rushing into version 2.0, Mott said, the card companies intend to extend version 1.0 to test new elements that might be added: non-RSA algorithms, e-cash smart cards, debit cards, and simplification of version 1.0.

In fact, both European and Japanese banks are using SET 1.0 extensions to test debit cards. And France's Consortium e-Comm expects to test micropayments--generally a term for transactions under $5--beginning in June. SET-based micropayments will be tested with real merchants and buyers through the end of the year.

Mott predicted an advanced draft of version 2.0 will be circulated by the end of 1998.

For nearly a year, MasterCard has campaigned for adding elliptic curve crypto to SET, and RSA itself announced this week that its flagship BSafe toolkit will support three kinds of elliptic curve by mid-year.