Want CNET to notify you of price drops and the latest stories?

Commerce alliance SET

American Express and three other companies will demonstrate a secure credit card transaction over the Internet with a smart card.

2 min read
Four companies in the Internet commerce realm next week will demonstrate a secure credit card transaction over the Internet with a smart card, the first U.S. transaction to use technologies from so many parties under the draft Secure Electronic Transactions protocol.

The four firms are encryption company RSA Data Security, credit card issuer American Express, Web commerce software vendor Open Market, and French smart card manufacturer GemPlus.

Last month, Wells Fargo Bank announced that some of its Internet merchants have begun processing credit card payments over the Net using SET.

The demonstration will take place Tuesday during RSA's annual developers' conference in San Francisco.

"We will demonstrate a full exercise of all the aspects of SET protocol," RSA's Scott Schnell, vice president of marketing, told CNET. It will use SET-based software for the buyer, a Web storefront (which will be a customer of Open Market or American Express), and the American Express "gateway" that connects to the credit card company's secure private network.

"It's now safe to get in the water," Schnell added. Use of a smart card gives a higher level of security and authentication for the transaction, partly because hardware security is considered stronger than just software.

"We believe smart cards will very quickly become a de facto requirement in the commercial sector because they provide additional levels of tamper-proof fraud prevention," said Schnell.

RSA also will announce that its SET toolkit, due to ship by the end of March, has gone into beta testing. Open Market used an early version of that toolkit to build the merchant software to handle the credit card payment.

American Express used other RSA tools called BSafe; Schnell said having independent implementations of SET done by separate vendors will demonstrate interoperability under the security protocol.

An important element of the security protocol is the use of "digital certificates" to vouch for the identity of the parties in the transaction. RSA will generate the digital IDs for the demonstration, but most buyers will probably get theirs from an independent certificate authority.

Visa and Mastercard are finalizing the SET protocol, which they expect to release in final form by July. Both card associations also plan pilot testing, with most announced trials in Europe and Asia.