Hi!
Any of you have ever worked with SET on FQ?

Any comments? Recommendations?

Justin? Terra?

TYA

Alfredo

SET, being a financial transaction (client-server) protocol, is really independent of the server on which it is used. However, the scripts which implement SET are not (C vs. perl vs asp, etc.).

For the most part SET is going nowhere fast although it is being implemented in almost all new products. For the client-server security, it provides no additional security that the current (and much more widely used) SSL provides.

The true power of SET comes when the consumer also has a certificate (called "wallets") to provide an additional level of trust to reduce fraud. Unfortunatly, consumers have been reluctant to adopt the wallet philosophy. This is primarily because the industry seems to want to only produce proprietary wallets, rather than adopting a universal wallet. Consumers do not want to have 10-20 or more wallets to manage just to use their credit cards.

As a merchant, if you require the use of a wallet, you are going to lose lots of money because consumers refuse to use them. Without the wallets, SET is just another SSL/cert combination and most merchants feel they don't need another protocol when the current one is not broken.

Rich

Thanks Rich. Your explanations have led me to a better undestanding of what SET really is... the point is that I'm looking forward to develope a merchant site, and many of the banks which I have asked credit card processing facilities are asking me to have SET compatible merchant software at my site... thus I'm a little confused (and concerned) because I'm not quite sure of what they want from me... I can't even assure that THEY know exactly what that means to have a SET compatible software.

I've looked on several SET solutions, and they're all commercial and very expensive... And even when SET protocol and info is on VISA.COM site dated 97', I haven't found any non-commercial or open source implementation of set software for the merchant site... maybe I've not searched for it enough yet. Maybe there are some legal interims I'm obviously missing.

Any comments? Suggestions (besides of talking to the bank again and asking more detail, which I'm onto)? Experiences?

Alfredo