How to tell a proposed networking standard will be DOA:

• An entire industry issues press releases in support of a standard before it can demonstrate working code
• The documents that describe the standard are more than 800 pages long
• The standard is demonstrated in rigged demos at trade shows
• There is a better, cheaper alternative to the standard that is already in widespread use

If I were writing this in 1987, I would probably be writing about OSI, the infamous Open Systems Interconnect that was designed by committee and mandated by world governments, but which turned out to be a nightmare for the people who actually tried to make it work. But it's 1997, and I'm writing about SET, the Secure Electronic Transactions protocol. This time, the standard is being mandated by banks and credit-card companies as the only true way to promote electronic commerce while simultaneously protecting credit-card numbers from theft and abuse.

The merchant decrypts the half that contains the information on what the consumer wishes to buy, and sends the other half off to its bank. The merchant's bank decrypts that other half, verifies the consumer's credit-card information, authorizes the charge, and encrypts and sends a reply to the merchant. The merchant decrypts the reply from the bank, verifies it, and then sends a confirmation to the consumer.

Sound complicated? It is. SET is a full-employment act for highly paid software engineers, who just happened to have designed it. As a result, it's a technically sweet solution to a number of problems that don't exist in the real world of electronic commerce.

First, SET was supposed to let merchants process credit cards without giving them access to credit-card numbers. Theoretically, this would have allowed hundreds of thousands of new companies like Jim's Midnight Software to accept credit-card numbers without going through extensive screening by banks. What the engineers didn't realize is that it isn't very hard for a legitimate business to jump through these hoops, and most banks would rather not deal with businesses and individuals that can't or won't. Hell, even phone-sex operators and prostitutes can take Visa and MasterCard these days. The fact is, if you can't pass a bank's screening procedures to become a credit-card merchant, then the bank isn't likely to make that much money by working with you.

Merchants are doing business on the Web without SET just fine, thank you, by having consumers type their credit-card numbers into forms and then transmitting the payment information using SSL. SET also pales when compared with First Virtual's payment system, which provides security by keeping credit-card numbers completely off the Net in the first place.

But the real reason I think SET is doomed is that I don't think consumers will feel comfortable typing their credit-card numbers into a computer and then just clicking a button to buy something: I think consumers want the control that comes with taking out their wallets, typing in their credit-card numbers, and clicking a button to send the information.