In their strongest, most unified show of support for Internet payment security, the top four global card companies said they will form a joint venture to coordinate and promote the Secure Electronic Transactions program.
The venture, tentatively called SETCo, will be responsible for technical and administrative aspects of the SET 1.0 standard that MasterCard International and Visa International published last February.
The bank card associations will be joined in SETCo by American Express Co. and the Japanese issuer JCB Company Ltd. Announcing their agreement this week, the four said the united front could accelerate consumer confidence and acceptance of the data encryption and related security techniques embodied in the SET approach.
While the specification is complete and some of its backers are thinking about an enhanced SET 2.0 version, personal computer and server software capable of handling the complex algorithmic calculations have been slow to market.
In a sign of vendors' desire to speed the process, competitors International Business Machines Corp. and Verifone Inc., a Hewlett-Packard Co. subsidiary, said Nov. 11 that they would propose a standard method to assure that all companies' SET components are interoperable.
Like the credit and charge card groups coalescing in SETCo, IBM and Verifone said agreement on a technical baseline would help them focus competitive energies where they would yield the most value to them and to customers.
"We all came individually to the same conclusion-that to compete on differences in security would fragment and confuse the marketplace," said Andrew Bartels, vice president of electronic commerce at American Express in New York.
"We did our own analysis of the risk of Internet transactions and found we needed something more robust than the SSL security between the cardholder and merchant," Mr. Bartels said, referring to the Secure Sockets Layer protocol for Internet communications.
The challenge for SET advocates is to make their system as common as SSL became in browser technology. Despite active development support from the likes of IBM, Microsoft Corp., Netscape Communications Corp., GTE Corp., and RSA Data Security Inc., SET seems to cry out for more and more coordination.
MasterCard and Visa officials said they are getting there.
The SETCo alliance "validates our belief that we have created a truly open, global standard for secure electronic commerce," said Steve Mott, MasterCard senior vice president of electronic commerce/new ventures.
"The support of these well-recognized payment brands is a strong endorsement that SET is gaining acceptance around the world," said Steve Herz, Visa's senior vice president of electronic commerce. He said the goals of replicating conventional card presentment and processing procedures while allowing a wide range of competing system and software choices "are becoming a reality."
Financial commitments to SETCo were not disclosed and some operational details are still being worked out. Two priorities for SETCo were spelled out: creation, management, and maintenance of a root key certificate authority; and coordination of software testing and compliance, including the issuance of a mark to signify that a given system has passed the tests.
