Making Online Credit Card Transactions More Secure
The transactions involved SET technology developed by two different manufacturers. IBM developed the payment gateway linking Citibank to the Internet. VeriSign, using the SET Pilot Root, produced the digital certificates which make it possible for sensitive financial information to be used safely on the Internet. This linking of technologies from separate vendors through the SET standard means that secure electronic commerce transactions on the Internet is well underway.
The Singapore transactions were followed by a similar transaction in Taiwan. A Citibank Visa card in Taiwan was used to purchase items at the same Singapore retailers, the world's first cross-border Visa transaction using SET technology from different manufacturers.
This event also underscores the significance of the SET protocol trust hierarchy in which the SET Root Key is used to sign the Visa-branded certificate; which in turn is used to authenticate or digitally sign the bank's certificates; and finally, the bank's signed certificate is used to sign and authenticate the certificate issued to the cardholder or merchant.
In Singapore, the Chief Executive of Singapore's National Computer Board, Mr. Stephen Yeo, used an electronic version of a Citibank Visa card to make two purchases from SET-certified merchants based in Singapore — a bouquet of flowers from Brel Software's BNN Mall and a designer cup and saucer set from Mentor Internet Solutions' Singapore Mall.
The significance of the Visa transactions is that they move further along the concept of electronic commerce's being an everyday commodity, according to Mr. Dennis M. Goggin, Visa International's President, Asia-Pacific.
He said other SET card transactions had been performed on the Internet but, they had been performed using technology developed by the same manufacturer at either end.
"In the physical world, the parallel would be like being able to use your Visa card only at one retailer or one group of retailers — because the technology is not compatible elsewhere. In the real world, of course, that doesn't happen.
"In the physical world, a variety of vendors manufacture Visa cards and they must be able to work in different terminals, also made by different manufacturers. For example, if you come from Seoul, you want your Visa card to work in Singapore. If you come from Atlanta, you want your Visa card to work in Adelaide, no matter which company built the terminal that you want to use. We call it interoperability.
"The same is true in the virtual, or electronic, world. Users of virtual Visa cards on the Internet want to be able to use their virtual card to purchase goods or services on the Internet — anytime, anywhere regardless of who provides your software.
"The interoperability of today's transactions means that the SET standard takes care of something that many of us take for granted — that our method of payment is accepted around the globe, no matter who built the machinery or the technology that supports that payment.
"Our aim is to ensure that using your "virtual Visa card" at a "virtual store" is as secure and convenient as the millions of face-to-face Visa transactions made every day in the physical world."
Following today's transactions, the SET technology will undergo further trials. Several thousands of Visa cardholders from participating banks in Singapore will be able to make secure SET purchases from a wide range of local merchants.
Visa has almost 60% of the world market in card payments, said Mr. Goggin, more than all other card payment companies combined, and is the leading card payment system in Asia-Pacific. "So, plainly, Visa will play a leading role not only in helping to make secure electronic commerce happen, but also, when people reach for their "virtual card," they will reach for Visa."
In the Asia-Pacific region, Visa has been involved in four SET electronic commerce pilots in Asia; Korea, Singapore, Taiwan and Japan. Other pilots around the globe include Project e:Comm in Europe.
The Singapore SET Pilot is led by the National Computer Board and Visa. It involves about 40 organizations representing banks, technology providers and merchants. Visa plans to link all four SET projects in the region for cross-border transactions in the near future.
SET was developed by Visa and other payment industry and technology companies as a common, global standard for securing payment cards over open networks — such as the Internet. SET 1.0 was finalized in April 1997 and the protocol is published on Visa's Web site.
Visa and its Member financial institutions posted strong growth in the Asia-Pacific region in 1996 with a record Visa payment volume of US$171.8 billion. This comprises card-sales volume growth of 29 percent and a further US$54.5 billion of commercial funds transfers, as reported by member banks in China. Visa is the most widely used card in the Asia-Pacific region where over 101.1 million Visa cards have been issued.