| Q: | What exactly is STT -- is it only a specification or is it software being developed by Microsoft? |
| A: | Secure Tiansaction Technology (STT) is a specification which
provides Ihe foundation for security and authentication for bankcard
transactions over open networks such as the Internet. The
specification is available to any software developer to use. Microsoft
and other software developers will design and introduce proprietary
software based on STT.
|
| Q: | Are Visa and Microsoft working jointly on software? |
| A: | Visa and Microsoft have worked jointly oil developing the STT
standard, with each company bringing expertise in it's core
competencies to the collaboration. In developing software
applications that use this technology standard, Microsoft is building
software for both consumers and merchants -- beyond working on
the specification, Visa is not involved in this part of the development.
In developing software for the payment server and the credential
authority server -- both key elements to enabling electronic
commerce -- Visa and Microsoft are collaborating.
|
| Q: | This specification is an open one -- what exactly does that mean? |
| A: | The specification is open to the public and available to any software
developer -- free of charge -- who wishes to use it to develop their
own security solutions. To further define what we mean by "open,"
we mean that any competent programmer should be able to program
software compliant to the specification without requiring Microsoft
or Visa proprietary technology.
|
| Q: | Why do an open specification -- why not make it proprietary? |
| A: | The fastest, easiest and safest way to build an electronic commerce
market is to have one secure payment standard for all to use. Visa
and Microsoft have been working together for almost a year to build
a foundation for that payment standard. In the spirit of openness
that characterizes the Internet -- and for the good of the industry -
we want STT to be available to all to use for this purpose.
|
| Q: | Why are Microsoft and Visa interested in "the good of the industry"? |
| A: | Protecting the good of the industry means protecting our brand.
The possibility for excessive fraud means a denigration of the
Visa brand. Consumers and merchants expect a high level of
security and quality whenever they use or accept a Visa card and it's our responsibility to
protect that trust. By protecting our brand in this manner, we are also |
| | protecting the industry. Additionally, the "good of the industry" is
servied by providing a catalyst for the electronic commerce marketplace
that will increase competition and ensure realization of the enormous
potential of this market.
|
| Q: | If it's openly available, doesn't that mean that hackers will be able to break
it? How do you protect against that? |
| A: | The fact that the specification is openly available has no affect on whether
or not hackers will be able to break it. The STT spec is merely the
foundation on which security applications can be built -- the actual
security features are in the form of public and private keys.
No security system can be absolutely foolproof against criminals
determined to break in - just as no lock or key in the physical world is
absolutely foolproof. Anyone who claims that a specification or system is
foolproof is speaking rashly. A security specification must be sound,
reliable and as foolproof as possible -- which STT is. We will remain alert
to the threat of criminals and hackers and continue to enhance the security
of our specification as necessary - as we do for all Visa systems today.
|
| Q: | How will STT be made available? |
| A: | The specification will be available to download from either the Microsoft
(www:/microsoft.com) or the Visa (www:/visa.com) website.
|
| Q: | What will it cost for software developers?
|
| A: | The specification will be provided free of charge to all. Software
developers will then differentiate their offerings by wrapping value-added
services around the basic security specification.
|
| Q: | What will it cost for merchants?
|
| A: | Merchants will be able to buy software based on this technology from any
software developers who choose to use it. The price for this software will
be set by the individual software vendor. The specification will be
provided free of charge.
|
| Q: | What will it cost for consumers? |
| A: | Consumers will be able to buy software based on this technology from
any software developers who choose to use it. The price for this software
will be set by the individual software vendor. The specification will be
provided free of charge.
|
| Q: | If this standard is open and free to everyone, how are Visa and Microsoft
making money on this? |
| A: | Visa is paying Microsoft for the development of STT. We are doing
this through a usage-based fee that Visa - and not Visa members - is
paying. |
| | This fee pays Microsoft for the cost of the development of payment server and
credential server software -- it is not sharing transaction fees. Visa realizes
revenue by increased card usage and reduced fraud. Additionally, Visa
protects its current revenue by aggressively protecting its brand.
|
| Q: | When will consumers and merchants be able to use this? |
| A: | The specification will be available on-line or through the mail beginning today
(Wednesday, September 27). Microsoft plans to release products based on STT
by early next year and other software developers will be following suit.
|
| Q: | Does this specification give Microsoft or Visa a competitive advantage in the electronic commerce marketplace? |
| A: | This specification is available for any software developer, payment card
company, financial institution or other qualified user -- free of charge. After
today, the marketplace will decide who makes the best use of it- Any
competitive advantage Microsoft and Visa may have is a result of the lead
time garnered from our year of joint work on the specification.
|
| Q: | What exactly is the relationship between Visa and Microsoft? |
| A: | Visa and Microsoft have been working together for almost a year to
develop a specification for secure transactions over open networks. This
specification is being published today.
|
| Q: | Are you working together on other projects besides STT? |
| A: | While there are no additional joint efforts between Microsoft and Visa for
public announcement, both companies are always exploring ways to extend
and expand their individual brands in a quickly evolving marketplace and are
building alliances and relationships with many industry players. With that
in mind, future joint efforts can not be ruled out.
|
| Q: | Do you expect companies such as Netscape to use this technology? |
| A: | The specification is available for any software developer free of charge. We
expect and hope that developers such as Netscape will adopt this technology,
thereby helping to ensure the electronic commerce marketplace has one
secure transaction standard.
|
| Q: |
Will this technology correct software flaws such as the one
in the Netscape browser disclosed earlier this week in The New
York Times? |
| A: | Unfortunately, no security system can be absolutely foolproof against
criminals determined to break in -- just as no lock or key in the physical
world is absolutely foolproof. Anyone who claims that a specification or
system is foolproof is speaking rashly. A security specification must be
sound, reliable and as foolproof as possible -- which STT is. We will
remain alert to the threat of criminals and hackers and continue to |