A government agency began an Internet commerce experiment Wednesday, boosting two technologies that have gotten only lukewarm support from the U.S. banking community.
Displaying its official enthusiasm for electronic payment alternatives, the Treasury Department assembled a system that relies on smart cards and the credit card industry's SET standard to secure on-line transactions.
The combination of chip cards with SET, which stands for Secure Electronic Transaction, is a first for North America. In a three-month pilot, Treasury's Bureau of Engraving and Printing will fulfill collectibles orders submitted by up to 200 cardholders with special card readers and related software on their personal computers.
Rep. Michael Castle, the Delaware Republican and Banking Committee member who has held several hearings on emerging forms of money and commerce, performed a ceremonial first transaction Wednesday.
The smart card with its embedded computer chip has been touted as ideal for personal payment security, because it is portable and has the number- crunching capacity for complex data encryption operations.
Bankers in the United States have been sluggish in their embrace of chip cards, in part for reasons of expense that the federal pilot attempts to address with a variation on data encryption known as elliptic curve cryptography, being supplied by Certicom Corp. of Canada.
SET has also failed to generate much movement among bankers or retailers, but at least two banks and a host of technology suppliers are rallying around the government trial in hopes of demonstrating that the security standard is viable and capable of evolving to accommodate new wrinkles like elliptic curve.
"We are trying to learn as much as we can about emerging payment technologies," Gary Grippo, program manager, electronic money in Treasury's Financial Management Service, said in an interview this week.
The department has supported experimentation in areas ranging from purchasing card systems to electronic benefits transfer, or the automation of food stamps, welfare, and other entitlements. Mr. Grippo said the government wants to encourage open and flexible security technologies and standards for Internet commerce, and views the Engraving and Printing trial as a step toward that end.
Treasury worked with Mellon Bank and MasterCard on other Internet and SET projects, such as savings bond purchases, and those companies are also involved in the new effort.
Mellon serves as Engraving and Printing's merchant-processing bank. Zions First National Bank of Utah, the flagship of Zions Bancorp., is issuing the chip-based MasterCard cards, primarily to people at organizations involved in the trial.
Zions affiliate Digital Signature Trust Co. will issue the digital certificates at the core of SET exchanges among cardholders, merchants, and banks. Other participating vendors include Schlumberger, the smart card supplier; Litronic Inc., provider of the card readers; and GlobeSet Inc., a specialist in SET software that is a spinoff of Bankers Trust Corp.
"The smart card in the SET environment is the ideal consumer delivery vehicle because of its simplicity, ease of distribution, readily proven security, and portability," said David Karpenske, vice president of marketing, Schlumberger Test & Transactions. He said the diversity of technology contributors promises "to break through the consumer's security- confidence barrier that has impeded growth of electronic commerce."
"This goes to show how very interested the government is in electronic commerce and the promotion of it, and it is extremely positive for our industry," said Arthur D. Kranzley, newly appointed senior vice president of electronic commerce at MasterCard International, Purchase, N.Y.
With endorsements from both a U.S. cabinet-level department and SETCo, the card industry entity responsible for managing the Secure Electronic Transaction protocol, the experiment is "pioneering the exploration of alternative technologies for secure electronic commerce while protecting current investments," said Philip C. Deck, president and chief executive officer of Certicom Corp., which has a U.S. base in San Mateo, Calif.
MasterCard, Visa, and the SET establishment-also including technology leaders like Microsoft Corp. and International Business Machines Corp.-have been criticized for being slow off the mark with an Internet payment standard, called SET 1.0, that was already outmoded when it hit the market early this year.
The critics are impatient for an SET 2.0 that could accommodate enhancements like chip cards and elliptic curve cryptography. A formal 2.0 upgrade is at best months away. The government trial affords an immediate opportunity to see how these components might shape up.
Calfornia-based consultant and SET gadfly Jerome Svigals said he is pleased to see progress beyond 1.0 with chip-card integration, but he is still concerned about the integrity of the certificate-issuing process.
"SETCo and these companies are looking to the future," Mr. Kranzley said. "SET is not a temporary solution. It will evolve and support a variety of payment products," including credit cards and debit cards with both old magnetic stripe and new chip-based information storage.
The introduction of elliptic curve "gives us the ability to use lower- cost smart cards, which we see as a critical component of electronic transaction security," said Mr. Deck, one of the cryptographic technique's vocal champions.
He said cards Certicom and Schlumberger have worked on, at potential unit costs of $4 to $6, can handle cryptographic operations equivalent to those that would cost $20 and operate less efficiently with conventional RSA algorithms-those historically associated with a Certicom competitor, RSA Data Security Inc.
But Mr. Deck and others stressed that interoperability and "backward compatibility" are essential. "This is a multi-algorithm experiment," he said. "We are showing you can add elliptic curve alongside legacy RSA systems."
"We believe in hardware-based security," which smart cards provide, said Mr. Grippo of Treasury. "We need the highest level of security and integrity, through open architectures and multiple algorithms."
Though the trial is small and a consumer card-reading infrastructure is still lacking, the show of corporate force impressed Dan Cunningham, president of the Smart Card Industry Association. "It is good to see these companies leading the way," he said. "This puts it all together for the first time in a nice, neat package."
