February 1, 1996
Group to Unveil Industry Standard for Electronic Payments
Join a discussion on Computers and Society: On-Line Economics.
By JOHN MARKOFF
AN FRANCISCO -- Hoping to remove a major impediment to credit card transactions over the Internet, a business group led by Mastercard International and Visa International plans to announce an industry-standard technology Thursday for protecting the security of electronic payments.
The new technical standard brings together previously warring camps -- one led by the giant Microsoft Corp., the other by an Internet software upstart, Netscape Communications Corp.
The standard, which industry executives expect to go into commercial use before the end of the year, is intended to give merchants of goods and services in cyberspace the convenience of a single, universally employed means for protecting the privacy of on-line credit card transactions.
And for customers, the new technology promises a much higher level of security for electronic purchases than has previously been available on the Internet.
The new approach "is more secure than the system in use in the physical world in which you give your card to a waiter in the restaurant," said Mark Greene, vice president for electronic payments for the Internet division of IBM, which is one of the companies endorsing the new standard.
To the extent that the end of this technology face-off gives a lift to electronic commerce, Netscape can only benefit, since it is the provider of the leading software used for "browsing" the Internet's World Wide Web and for conducting on-line transactions on the Web.
Netscape is already on a financial roll, announcing fourth-quarter revenue Wednesday that was nearly double the level of the previous quarter and profits that exceeded analysts' expectations.
"This will make it a lot easier for consumers to buy and sell things electronically," said Taher Elgamal, chief scientist of Netscape. "We won't have to face the issue of competing standards."
Netscape will be working to incorporate the new technology into its Navigator Web-browsing software. Microsoft, in turn, will be adding the technology to its Explorer software, which competes with Netscape's Web browser.
The software standard, called Secure Electronic Transactions, or SET, will permit a user to send a credit card account numbers to a merchant in a scrambled form.
The scrambled number is supposed to be unintelligible to electronic eavesdroppers and thieves -- and even to the merchants receiving the payment.
But a special code is supposed to enable the merchant to check electronically and automatically with the bank that issued the credit card to make sure that it is a valid card number and that the customer is the authorized user of the card. The number-scrambling part of the system is based on a well-known and widely used national software standard known as the Data Encryption Standard.
Besides being added to Netscape's and Microsoft's Web browser, the SET technology would need to be incorporated into Internet server computers -- the machines that function as storage terminals and gateways that individual users' computers interact with on the global computing network.
Testing of SET will begin this spring, according to Dick Lonergan, executive vice president of Visa, who said that commercial service was expected to begin late this year.
Currently, many powerful types of encryption technology are barred from export because the government fears that foreign enemies or terrorists may be able to conspire electronically. But the new credit card security standard will not be subject to such strictures, its developers said, because it is designed to protect only financial information -- not electronic messages or other types of computer documents.
In addition to Mastercard, Visa, IBM, Microsoft and Netscape, the other big organizations endorsing the new SET standard include GTE Corp. and Science Applications International Corp., a technology and military consulting business. Two other backers include Terisa Systems Inc. and Verisign Inc., both Silicon Valley companies that have developed some of the underlying technology for the SET standard.
Last September, Microsoft and Visa together proposed a security standard known as Secure Transaction Technology, which would have competed directly with a system being developed by a group led by Mastercard, IBM and Netscape.
Shortly afterwards, however, Visa and Mastercard -- the two largest credit card associations -- said publicly that they would pursue a single standard to avoid forcing merchants and consumers to choose between competing technologies.
"We took the best of both technologies," said Edward Hogan, senior vice president for electronic commerce at Mastercard International. "There was a blip in the road, but both associations realized that their memberships wanted a single standard."
Copyright 1996 The New York Times Company