The Secure Electronic Transaction protocol was struck a body blow last week with the news that it will be completed a month later than planned.
This setback was swiftly followed by another as one of SET's biggest backers slammed its level of security.
The protocol, which won't now be ready until 31 May, came under attack from Steve Mott, senior vice president of electronic commerce and new ventures for MasterCard International.
Speaking at last week's Internet Commerce Expo in California, he said the underlying SET cryptography, which includes the public encryption key RSA, was too easy to decode and could let hackers in within a year.
Mott also said the code was too difficult to upgrade, prompting rumours that the technology, which has been in the labs for two years, could be dumped for a faster encryption system called Elliptic Curve, from US developer Certicom.
However, Phillip Deck, Certicom's president and chief executive officer, said the system would probably work alongside the SET protocol.
Deck explained: "Low-key public keys, such as RSA, are easier to break than Elliptic Curve. Elliptic Curves are far more efficient computationally - it is like having a faster engine in a car."
SET was originally expected to be completed last autumn by its two biggest backers, VISA and Mastercard, but has come up against several technical issues. As a result both companies have chosen not to recommend the Internet as a safe environment for financial transactions until the protocol is complete.
Insecticides based on sulfoxaflor might be as bad for bees as neonicotinoids
Intel teases forthcoming new graphics card accompanied by the text "We will set our graphics free"
Think your password manager is completely secure? Think again...
ARM plans 7nm 'Deimos' for 2019 and 5nm and 7nm 'Hercules' for 2020