GTE Brings Secure Credit Card Transactions Closer to Reality; Begins On-line Testing of First Digital Certificates

NEEDHAM, Mass. - Marking a major step toward secure credit-card transactions on the Internet, GTE today announced it has initiated on-line testing of the first digital certificates to fully comply with the latest Secure Electronic Transaction (SET) specifications. The tests, which are being conducted through GTE's CyberTrust' Partner Forum site on the World Wide Web, are designed to ensure the interoperability of digital certificates and other SET software products under the SET Certificate Management Protocol.

GTE has been an active participant in developing the SET specification, the only MasterCard- and Visa-approved method for transmitting bank card information over the Internet. The two vital components of the SET system are electronic payment and security. GTE is providing the security component during the tests by issuing SET-compliant digital certificates to major financial institutions and SET product vendors, such as VeriFone.

"This is an important step toward a secure Internet payment system. The issuance of electronic credit cards for the cardholder and digital certificates for merchants and banks removes a major barrier from realizing secure electronic commerce," said Tom Carty, director, Security and Electronic Commerce, GTE. "Through the Partner Forum, we are issuing digital certificates that are the security core of the SET protocol. With digital certificates, the parties in an electronic transaction can verify each other's identities and credit card information is protected, establishing a secure transaction. The business relationship can then be conducted with confidence."

"The promise of secure electronic commerce is now closer than it has ever been," said Steve Mott, senior vice president, Electronic Commerce/New Ventures, MasterCard. "The SET protocol depends to a large degree on fast, efficient messaging and authentication. With GTE's years of experience developing and managing large certification authority systems, we are confident that a fully operational SET payment system will be on-line in the very near future."

"GTE has demonstrated a strong commitment to implementing SET on several different levels," said Roger Bertman, vice president and general manager, VeriFone Internet Commerce Division. "VeriFone has been successfully collaborating with GTE over the past several months to deliver practical payment solutions for Web merchants and financial institutions. GTE's aggressive posture in this certificate management area is an extremely important step toward mainstream adoption of secure payments."

SET was developed by MasterCard and Visa in cooperation with GTE, IBM, Microsoft, Netscape and others to provide greater protection to credit card information sent over the Internet. The SET Certificate Management Protocol is a messaging system through which consumers, merchants and financial institutions can obtain verifiable information about the identity of their counterparts in an electronic transaction. This information is provided by means of digital certificates.

Digital certificates are electronic credentials issued by a trusted third party, known as a Certification Authority (CA), that bind identification or account information to a public key, which is stored on a computer hard drive or a hardware token, such as a smart card. The certificate can then be used like an electronic passport to verify the identity of the holder. Digital certificates are also able to protect sensitive information using public key encryption techniques.

The GTE CyberTrust Partner Forum is a unique service designed to support developers and integrators of public key-enabled products requiring test certificates and technical support prior to release. GTE's CyberTrust Partner Forum will issue SET-compliant digital certificates to financial institutions and software developers for use throughout the SET interoperability tests. Qualified users can obtain a MasterCard brand test certificate through the SET messaging system using their cardholder, merchant or payment gateway software product or by using their Web browser to download a certificate through the Partner Forum.

Software developers, merchants and financial institutions can request access to the CyberTrust SET Partner Forum by sending e-mail to pfset@cybertrust.gte.com.

GTE CyberTrust is a complete family of products and services that combine public key cryptography with a high-assurance certificate management infrastructure. CyberTrust digital certificates are designed for use by financial institutions, healthcare providers, software publishers and other corporate enterprises in a wide range of applications, including secure network access, credit card purchases on the Internet and software distribution. GTE is currently the only company offering both CA products and services for public use. More information about CyberTrust can be found on the World Wide Web at http://www.cybertrust.gte.com.

With revenues of $20 billion in 1995, GTE is one of the largest publicly held telecommunications companies in the world. GTE is also the largest U.S.-based local telephone company and a leading cellular-service provider -- with wireline and wireless operations that form a market area covering about one third of the country's population.

Outside the United States, where GTE has operated for more than 40 years, the company serves over 6 million customers. GTE also is a worldwide leader in government and defense communications systems and equipment, aircraft-passenger telecommunications, directories and telecommunications-based information services and systems.