Japan Gets SET for E-Commerce
NTT Data Introduces a Secure Electronic Transaction-based Online Shopping Infrastructure

- by Noriko Takezaki -

One reason that online shopping has not yet become popular in Japan is public concern over the security of Internet-based transactions. Many experts predict that introduction of a secure, industry-wide standard for electronic commerce will spur the growth of Internet transaction business here. Thus, the worldwide popularity of the SET (Secure Electronic Transaction) standard has attracted the interest of Japanšs largest financial infrastructure service provider, NTT Data.

NTT Data is scheduled to launch commercial operation of a SET-compliant credit card payment network in January by creating a SET-compliant payment gateway as part of its existing CAFIS (Credit And Finance Information System) online transaction network. The new service, tentatively named the CAFIS Internet Shopping Service, has been under operational trials since December 1997 with participation of three online shopping malls (IBM Japan's ShopFiesta, ShopIBM, and People World's Super Mall), two stores (City Publications Inc. and Vector Inc.), and three credit card companies (CD Card, Credit Saison, and Nippon Shinpan). One additional company (Japan Computing System) and four more credit card companies (UC Card, Million Card Service, Orient Corp., and NTT Lease Corp.) are scheduled to join when commercial service is started. "We decided to support SET because we believe that all Internet shopping will soon be SET-based," says Masao Yuri, a manager in NTT Data's financial network division. "We hope this infrastructure will allow business-to-consumer electronic commerce to become widespread in Japan."

How it works

The original CAFIS network was built in 1984 to connect credit card companies, financial institutions, and merchants online. With some 1,500 corporate users and 500,000 terminals, the CAFIS network has been supporting authorization and data collection for credit card transactions as well as banking POS (point-of-sale) and in-house cash dispensing.

The new CAFIS Internet Shopping Service scheme is built on top of the existing CAFIS network infrastructure. In the CAFIS network center, a SET-compliant payment gateway translates SET-format messages sent by merchants over the Internet into CAFIS-format messages, then relays these translated messages to credit card companies either via the existing CAFIS interface or through an interface for CDS (Credit Data-transfer System), used for transferring credit card-related information such as sales data files and invalid card information.

To use the CAFIS Internet Shopping Service, a cardholder uses his or her PC to send purchase order information to the merchant's server. When the merchant's server receives the purchase order, it sends a SET-format authorization request to the CAFIS payment gateway, which translates this authorization request into a CAFIS-format sales request. This sales request is passed along to the cardholder's credit card company, which processes the request and returns a CAFIS-format sales response to the CAFIS payment gateway. The payment gateway then translates the sales response into a SET-format authorization response and sends it to the merchant.

For authentication of transactions, a digital certificate is issued for each cardholder, merchant, and payment gateway. These digital certificates enable cardholders to verify that merchants are authorized to accept payment via credit card, and allow merchants to ensure that customers have valid credit card accounts. "The use of digital certificates makes SET more powerful than other methods, such as SSL (Secure Socket Layer)," says NTT Data's Yuri. "We used to use SSL for transaction security. But while SSL encrypts all data sent between a Web browser and Web servers, it does not specify the identity of the sender."

The software used for the CAFIS Internet Shopping Service by cardholders, merchants, and the CAFIS payment gateway will be compatible with SET version 1.0, with a Japan Payment Option (JPO) to cover credit transactions unique to Japan (such as semiannual bonus-based payments and installment payments). In addition, the software must be interoperable among cardholders, merchants, and the CAFIS payment gateway.

Ensuring smooth operation

For cardholders, credit card companies are offering a free SET-compliant application called Wallet. For the CAFIS payment gateway, IBM Japan's Payment Gateway (part of the IBM Payment Suite) is installed. And for merchants, although several SET-compatible programs are available, so far the only three products confirmed to be interoperable with Wallet and Payment Gateway are IBM Japan's Payment Server, Maithean's NetPay Merchant, and Toyo Information Systems' DOSET Merchant.

"The biggest task for the CAFIS Internet Shopping Service is to confirm the interoperability of SET-compliant software for merchants," says Yukiko Ohmi, a staff chief in NTT Data's financial systems sector. "There is a lot of software on the market claiming to be SET-compliant. But when we test their interoperability with the software to be used by cardholders and the CAFIS payment gateway, we find that these products are not always interoperable, in spite of vendor claims. It seems that each vendor has its own interpretation of the SET specifications."

To ensure smooth operation of the CAFIS Internet Shopping Service, NTT Data says it will continue to carry out interoperability testing of software, even though this is a very time-consuming process. One of the evaluation points for NTT Data is whether a product has been approved by Secure Electronic Transaction LLC (SETCo), established by Visa International and MasterCard International. SETCo conducts compliance testing and gives software vendors permission to display the trademarked SET logo to signify SET-compliance for products that pass the testing.

The next version of SET, version 2, is currently being studied by SETCo. It is said to offer vendors increased convenience and greater security, such as incorporation of chip-card technology and the adoption of multiple encryption technologies. NTT Data says that the company will incorporate future version upgrades of SET promptly for the CAFIS Internet Shopping Service.

NTT Data is convinced that it can set the stage for rapid expansion of electronic commerce in Japan. Perhaps SET could even be the hit that re-energizes the long-stagnant Japanese economy.





Back to the table of contents