Welcome Guest. | Log In| Register | Membership Benefits

News In Review

May 31, 1999

It Pays To Be Secure

Safety online: The SET protocol could raise the level of Web-site security.

By Amy K. Larsen

The rise in electronic commerce has paralleled the increased attention paid by online merchants to the security of online transactions. But experts say consumers' confidence can be fragile, and businesses need to be diligent about maintaining and improving Web security.

The two primary means of securing E-commerce transactions are the Secure Sockets Layer protocol and the Secure Electronic Transaction protocol. SSL, the simpler of the two to implement, has emerged as the most commonly used method to protect consumer payment information. Adoption of SET has been slower, but some experts say it's only a matter of time before SET makes many E-commerce sites even more secure.

SSL was developed by Netscape as a communications protocol to encrypt data during the transmission from clients to servers. It's used by the majority of consumer-oriented E-commerce sites to scramble consumer payment in transit so it can't be intercepted.

But some experts think that's not enough. The issue is this: While SSL encrypts data in transit, it doesn't rescramble the data at the server. "The soft spot is the server," says Scott Smith, president of the Tera Group, an analyst firm.

Visa and MasterCard continue to lobby E-commerce merchants to adopt SET, which uses secure IDs to verify the identities of the users involved in a transaction. SET ensures that only the authorized party has access to consumer payment information, protecting data at the server level, too.

Widely deployed in Europe and Asia, SET has been slower to take root in the United States because of its complexity. Implementation requires special software and digital certificates for the buyers, sellers, and merchant banks. Still, online stock trading sites and other financial institutions moving money over the Internet rely on SET to protect transactions, and credit-card companies continue to push for it.

Ultimately, it may be online supply chains that raise the E-commerce security standard. Says Smith, "SET may eventually be forced on the market by companies running business-to-business applications that have no tolerance for insecurity."

Return to main story, "Virtual Cash Gets Real."


Back to This Week's Issue

Send Us Your Feedback

Top of the Page