> SET failed due to the complexity of distributing the software and setting
> up the credentials.  I think another reason was the go-fast atmosphere of
> the late 90s, where no one wanted to slow down the growth of ecommerce.
> The path of least resistance was simply to bring across the old way of
> authorizing transactions by card number.

I think your other reason was in fact the primary reason.  And, of course,
the primary enablers of the go-fast approach were, in fact, the very same
credit card companies.  They made a conscious business decision to treat
online transactions the same as conventional transactions -- I forget the
details, but it was pretty risk-free for a merchant to do online credit
cards, getting low surchage rates.  That, coupled with the US law that
limited consumer liability to $50, made CCard-over-SSL a no-brainer over

>From a consumer viewpoint, CC/SSL is more secure then SET ever was.  Since
it wasn't a CCard transacdtion, my liability under SET was unlimited (at
least until Congress caught up to the technology).  Looking at the risk
management aspect, SET was a big loser for the customer.


Rich Salz                  Chief Security Architect
DataPower Technology       http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview      http://www.datapower.com/xmldev/xmlsecurity.html

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to