CRITICISM (OR IS IT HERESY?) DOGS THE SET PROTOCOL

Some of the things being said about SET - the Secure Electronic Transactions specification for Internet credit card payments - call its relevance into question.

Typical was a recent comment by William Melton, chief executive officer of Cybercash Inc., who found SET's slow-paced, standards-like consensus and acceptance process inimical to the strategic demands of electronic commerce.

Despite optimism at MasterCard and Visa that SET would by now be a boon to on-line business, and despite progress by vendors like GTE, RSA, and Verisign on providing tool kits and digital signature components, SET will still be in test mode for months.

"The problem is that SET is a very elaborate, complicated, multifaceted process," said card technology consultant Jerome Svigals. "At the same time, you don't see any great demand developing for it."

Transactions do take place on the Web. Purchasers can phone, fax, or E-mail their card numbers or transmit them via cryptographic protocols like SSL (Secure Sockets Layer) that were designed for other purposes and lack SET's bells and whistles. (The most important of the latter is that merchants don't see credit card numbers, closing off a major source of fraud.)

Mr. Melton advises bankers to tell customers that "security is essentially done. Tell them, 'Don't worry, we'll take care of it.' "

Victor Wheatman of the Gartner Group in San Jose, Calif., advised clients to "hold back SET deployment" unless they have "compelling needs to gain experience with this developing protocol. SSL and existing credit card practices" will suffice for consumer payments "until more stability is gained, missing business functions added, and duplication removed."