> SET failed due to the complexity of distributing the software and setting > up the credentials. I think another reason was the go-fast atmosphere of > the late 90s, where no one wanted to slow down the growth of ecommerce. > The path of least resistance was simply to bring across the old way of > authorizing transactions by card number.
I think your other reason was in fact the primary reason. And, of course, the primary enablers of the go-fast approach were, in fact, the very same credit card companies. They made a conscious business decision to treat online transactions the same as conventional transactions -- I forget the details, but it was pretty risk-free for a merchant to do online credit cards, getting low surchage rates. That, coupled with the US law that limited consumer liability to $50, made CCard-over-SSL a no-brainer over SET. >From a consumer viewpoint, CC/SSL is more secure then SET ever was. Since it wasn't a CCard transacdtion, my liability under SET was unlimited (at least until Congress caught up to the technology). Looking at the risk management aspect, SET was a big loser for the customer. /r$ -- Rich Salz Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]