Visa and Microsoft took a bold strategic step last week in proclaiming the availability their on-line transaction security standard.

There was just one problem: Critics - and there are many - say they jumped the gun.

Some wonder if, in their rush to produce the standard before MasterCard and others signed on, Visa and its powerful software partner might have shot themselves in the foot.

They certainly caused a flap.

The announcement last Thursday came three months after Visa International and MasterCard International pledged to develop common specifications for card payments over the Internet and other open networks. Because they are easily accessible through millions of personal computers, these networks require advanced security methods to protect card numbers and other sensitive information.

But in the event, Visa and Microsoft Corp. stood alone, producing 81 pages of specifications for their Secure Transaction Technology, or STT.

MasterCard and others it has been working with on payment security - International Business Machines Corp. and Netscape Communications Corp. - denounced the "unilateral" action. They said Visa and Microsoft acted prematurely, their document falling short of enabling electronic merchants to accept any form of plastic - or, more precisely, "virtual plastic."

And so ended what had been an unusually friendly period in MasterCard- Visa relations. Their chief executive officers, Eugene Lockhart of MasterCard and Edmund Jensen of Visa, repeatedly emphasized that security standards were in their mutual interest.

Even as Visa was hooking up last year with Microsoft to begin work on STT while MasterCard went in another direction with Netscape, Mr. Lockhart and Mr. Jensen said they eventually would converge on a single standard that would replicate in on-line systems the universal acceptability of cards at conventional points of sale.

After last week's developments, it may take them time to heal the wounds and get back on a cooperative course.

But Paul Lambert, director of interactive services for Jacksonville, Fla.-based Barnett Banks Inc., said Visa may have done the right thing.

STT will "present the Visa brand that is familiar to consumers" surfing the net, possibly encouraging on-line purchases, Mr. Lambert said. But while secure technology "may help in lowering one of the barriers" to electronic commerce, he said, "there are still others."

He and other observers of the security fray remain confident that a single on-line security standard will eventually take hold.

Mr. Lambert was one of the few willing to be quoted here by name. One who wasn't viewed the dispute as a simple flare-up of "intense rivalries between two card associations and two software companies."

Another banker said MasterCard would probably make an announcement soon, if only to keep up appearances, while intending all along to finish the work it started with Visa.

Michael Homer, vice president of marketing at Netscape, aimed his ire at the fact that the STT specifications, made available at Visa's and Microsoft's World Wide Web sites, lack "source code." Without it, he said, programming companies would have to license data encryption technology directly from RSA Data Security Inc., the patent holder, at considerable expense.

Mr. Homer accused Visa and Microsoft of "sleight of hand," saying their approach puts Microsoft in a position "to exact a toll for every payment on the Internet" from the pockets of card-issuing banks.

Answering charges that STT is not as "open" as it should be, Warren T. Dent, Microsoft's director of business development, said, "Publishing those specifications is sufficient openness."

He also clarified the company's position on "tolls": "Because we wish we could get a part of the transaction fee doesn't mean we can."

Mr. Lambert of Barnett was unconcerned, saying, "No pricing model on the Internet is final today. The market is setting those values as we speak."

Robert Howe, IBM's general manager of banking and finance, said any system that purports to be open and available to the Internet community should be governed by an independent body or consortium - not STT's "committee of two."

Andrew G. Parker, director of business development for Spyglass Inc., Naperville, Ill., said Visa and Microsoft began a healthy winnowing-down process. Spyglass, a competitor of Netscape in Internet software, will license the Microsoft technology.

All competing technology companies will have to support STT to accept Visa cards, Mr. Parker said. MasterCard will either have to put forth its own standard or endorse STT, he said. "Once that's done, the number of competing protocols gets significantly smaller, which is good for the industry."

KPMG Peat Marwick consultant Richard Crone said, "Standards will be set by market share," and the field is "wide open." Visa and Microsoft "put it into fifth gear. The competitive process is working just the way it should."

Subscribe Now

Access to authoritative analysis and perspective and our data-driven report series.

14-Day Free Trial

No credit card required. Complete access to articles, breaking news and industry data.