Visa, Wells Fargo Deliver SET Alternatives
(06/03/99, 11:46 a.m. ET)
By Jeffrey Schwartz, InternetWeek
New options for handling credit card transactions over the Web are emerging ascheaper and simpler alternatives to thedormant SET standard.
As merchants continue to call for SET<Picture> alternatives, two financial-services giants -- credit card company Visa International and online banking leader Wells Fargo & Co. -- are trying a new approach: issuing digital certificates for use in SSL<Picture>-based sessions.
Visa, which co-developed SET with MasterCard International, will now let banks issue RSA Data Security X.509 digital certificates to merchants and will provide those banks with data collection, authorization, routing, and settlement services for Internet transactions through its new Visa Payment Gateway.
The gateway, to go live this summer, gives merchants using the Visanet point-of-sale network access to that same network through Web channels. That means there's no legacy-systems integration required by Visa USA's 6,000 member banks, many of which have characterized the SET protocol as a gamble because of the implementation costs.
Visa's gateway arrives just one week after Wells Fargo said it will offer merchants e-commerce services that combine SSL encryption with digital certification. Wells Fargo has partnered with GTE's CyberTrust business unit to issue digital certificates to merchants.
While both Visa and Wells Fargo still support SET, the moves underscore the difficulties that SET has faced.
Data on SET penetration is elusive, but analysts agree that few merchants and banks have installed SET-enabled systems because of their cost and complexity. Also, consumers have little incentive to use the e-wallet applications that SET requires.
Today, most Web storefronts protect credit card data using SSL encryption, but do not validate users' identities with digital certificates.
Royal Bank of Canada installed a SET gateway last year to service Web merchants. The hardware, software, and implementation combined cost the bank more than $1 million, said Adrian Horsfield, senior manager for Internet commerce, adding Royal Bank might have considered Visa's payment gateway as an inexpensive alternative had it been available.
Other merchants and banks welcomed alternatives to SET. "Anything that would expedite the demise of SET would be a welcome relief," said Keith Butler, vice president of Office Depot's online unit.
"SET is one of the biggest non-events in the history of credit card processing," added Steve Dieringer, a vice president at Bank One.
Still, Visa is keeping a stiff upper lip. A Visa official characterized the Payment Gateway as a means to make it easier for banks and merchants to migrate from SSL transactions to those based on SET.
"We think there will be a higher demand for authentication both at the cardholder and merchant level," said Steve Ryan, senior vice president for emerging technologies at Visa. "The market will drive toward SET over time."
Trintech's PayGate software runs on an RS/6000 and supports both SSL and SET. "By using Trintech, they have in hand tools to provide a migration path," said Scott Smith, president of consultancy Tera Group. "They can accept SSL-based payments now and move them to SET-based payments later."
An official at MasterCard agreed that the Visa Payment Gateway can provide a bridge from SSL to SET. "They can support current transactions using SSL, but through the [Gateway's] SET capability, they can support international transactions based on SET," said Arthur Kranzley, MasterCard's senior vice president for e-commerce.
Wells Fargo continues to support SET for international transactions but has seen no demand in the United States, said Michelle Banaugh, the bank's vice president for e-commerce. "We continue to see SSL growing at a more rapid pace," she said.
Meanwhile, Wells Fargo this month will begin promoting the GTE CyberTrust X.509 digital certificates to a subset of its merchants, a move that would assure consumers of the identity of merchants without requiring use of the SET protocol.
Last month, Visa disclosed an agreement with RSA Data Security that will let Visa's member banks issue X.509 digital certificates to its merchants using SSL.
"They have to give the market what the market is willing to work with, and that's SSL," said Theodore Iacobuzio, a senior analyst at the Tower Group, a financial- services IT consultancy.
The Visa Payment Gateway also is an attempt to reclaim merchant relationships from Internet payment developers CyberCash and PaymentNet, Visa officials acknowledged.
"Companies like CyberCash have stepped in to provide services that a lot of the traditional players have not delivered," Ryan said.
Officials at several banks said they need to study the Visa gateway. Wells Fargo already connects to several payment gateways and has not ruled out adding Visa to the list. "The customers will often drive our decisions to figure out which of the payment gateways make the most sense," Banaugh said. <Picture: TW> |
