Using crypto against Phishing, Spoofing and Spamming...
Rich Salz
rsalz at datapower.com
Thu Jul 15 08:42:39 EDT 2004
> SET failed due to the complexity of distributing the software and setting
> up the credentials. I think another reason was the go-fast atmosphere of
> the late 90s, where no one wanted to slow down the growth of ecommerce.
> The path of least resistance was simply to bring across the old way of
> authorizing transactions by card number.
I think your other reason was in fact the primary reason. And, of course,
the primary enablers of the go-fast approach were, in fact, the very same
credit card companies. They made a conscious business decision to treat
online transactions the same as conventional transactions -- I forget the
details, but it was pretty risk-free for a merchant to do online credit
cards, getting low surchage rates. That, coupled with the US law that
limited consumer liability to $50, made CCard-over-SSL a no-brainer over
SET.
>From a consumer viewpoint, CC/SSL is more secure then SET ever was. Since
it wasn't a CCard transacdtion, my liability under SET was unlimited (at
least until Congress caught up to the technology). Looking at the risk
management aspect, SET was a big loser for the customer.
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list