On Jul 14, 2005, at 8:13 PM, Rich Salz wrote:
If you had two products ... both effectively performing the same
function, one you already had deployed, which was significantly
cheaper,
significantly simpler, and significantly faster, which one would
you choose?
I was told that one of the reasons SSL took off was because Visa
and/or MC
told merchants they would "for the time being" treat SSL as card-
present,
in terms of fraud penalties, etc. If this is true (anyone here
verify?
My source is on the list if s/he wants to name themselves), then
SSL/SET
is an interesting example of betting on both sides.
On the contrary, merchants were (and maybe still are) being charged
MOTO (mail order/telephone order) rates for using SSL. Even SET was
going to charge MOTO rates until just before it was finalized. The
payment card companies weren't getting enough interest for SET and
decided to offer card-present rates to get more interest in SET. SSL
took off because it was free, in over 90% of the browsers (Netscape
own the browser market then), and it was easy to integrate into
shopping carts. As a merchant, basically your only cost was your
VeriSign cert.
But you are correct in that the payment card companies were in an
interesting position: on one hand they charge higher rates for using
SSL but on the other hand, the "perception" was that something more
secure than SSL was needed.
One other point, SET did NOT require certs for the consumers. The
client-merchant protocol supported clients without certs.
Respectfully,
Aram Perez
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
