Following its acquisitions of Digital and Tandem, as well as an alliance with GlobeSET, Compaq has found itself in a position to capitalise on the promise of the Secure Electronic Transaction (SET) protocol presented by Visa and MasterCard. The protocol is designed to apply additional security to Internet transactions. The company intends to provide hardware for SET through Compaq, while GlobeSET will provide SET software and Digital will supply services needed to assist financial institutions in implementing SET. But is SET - recently on the slow track - really going to happen? IDG's Matthew Nelson recently talked with Roger Mathews, electronic commerce strategy manager at Compaq, about the protocol and Compaq's role in its development, deployment, and ultimate success in Internet commerceIDG: How has SET changed since it was introduced two years ago?
Mathews: It's slowing down from initial expectations. I think every body expected that, [for example], someone comes to the table with SET as a spec in a book and next year we're going to have products all over the world doing SET. That's not a reasonable expectation. And so I think it's coming out at about the pace of a normal large-scale long-term standard.
How important is SET to Compaq?
It's quite important because Compaq is really interested in electronic commerce. In the long term, SET is going to be the dominant payment method. That's our belief, and it's the belief of the banks. The trick, though, is the word "when". My guess is that by 2001 we will see a ramp of payments based on SET.
It's really a chicken-and-egg kind of thing because SET is aimed at the large industrial-strength, high-volume environments. When the environment goes that way, then SET will become important. It's the most secure of all the methods, and when transaction rates get high, fraud becomes rampant, and then you want to choose the best method to avoid fraud. Right now, SSL [Secure Sockets Layer] is perfectly good; because the fraud rate is low, the security need is lower.
Many SET supporters have thought that SET would see rapid adoption, but now they are more cautious. Is that becoming a prevailing attitude among your colleagues?
Absolutely, I haven't talked to anybody in the "SET community" in the last four months that hasn't begun to say: "Oh, this is going slower than we thought."
Why is it going slower than we thought? It's going slow because it's not something better or there's no demand. I think the volume requirement in the market is low enough now that SSL is just fine for right now. SET is going to be fine when there's a large volume.
SET is going to be pushed by the financial institutions that ultimately bear the fraud problem. Merchants will then be interested in it because they'll get reduced transaction rates from the financial institutions when they use something that has a higher security factor to it.
The financial institutions will offer lower transaction rates and then the merchants will be making their decisions based on cost - transaction cost. Right now they're making their decisions on software cost. SSL is cheaper than SET.
Recently both Visa and MasterCard offered incentives to banks to adopt SET. What does Compaq see as the interest within banks for SET right now and in the future?
We see an increasing interest, but when I say that, you have to put it into context. We are entering a new phase. There are some 200 SET pilots in the world today, so some of the pioneer banks have been doing this for some time. Then there was a great levelling off [during] the December  through April period. I'm now seeing banks beginning to get interested again, and I think part of it is based on the actions of MasterCard, and particularly Visa.
How are the merchants going to get on board and is it likely that the banks will start offering incentives for SET?
I believe the banks will offer incentives for SET because the value of SET is more for the people that run the infrastructure than for the people out at the end.
Now it's true that the merchants ultimately, as users of the system, pay the price [for] fraud. But they pay it in terms of transaction rates, whereas before they paid it directly.
The banks believe that SET is more secure and there would be less fraud with SET than there would be with other methods. So the banks want to do this, and if the banks want to do it, they've got to [give incentives for] people to do it. They'll [create incentives] with low transaction rates.
What are going to be some of the pitfalls or stumbling blocks for banks implementing SET technology?
SET's got three or four barriers standing in its way. You develop a standard and the standard has an implied implementation. People build the first products against the implied implementation. When you go to the marketplace, you find out that that's not a practical implementation. So you still use the standard but you implement it in a different way. That is what's happening now.
The initial implied implementation is a wallet, a big fat chunky code that sits out at the consumer's site and it's really hard to distribute and it's hard to install. What we need is a way for that technology to be brought back to a service point and for thin clients to be used to do those functions. And that's what's happening now.
What's going to push SET forward?
There are two things. The real driver is an increase in shopping transactions. Shopping grows hugely year by year, but it's still small compared to the number of electronic transactions by month.
When it gets large enough to be profitable to commit fraud in that area, fraud will run in. Then people will want to apply an answer to fraud and they'll apply SET. That's the big driving thing, and that really applies to SSL or anything else. SET's barriers, however, are the barriers of customer acceptance, merchant acceptance, performance on the part of the banks, and the roll-out of the certificate authority infrastructure.