The Secure Electronic Transaction protocol was struck a body blow last week with the news that it will be completed a month later than planned.
This setback was swiftly followed by another as one of SET's biggest backers slammed its level of security.
The protocol, which won't now be ready until 31 May, came under attack from Steve Mott, senior vice president of electronic commerce and new ventures for MasterCard International.
Speaking at last week's Internet Commerce Expo in California, he said the underlying SET cryptography, which includes the public encryption key RSA, was too easy to decode and could let hackers in within a year.
Mott also said the code was too difficult to upgrade, prompting rumours that the technology, which has been in the labs for two years, could be dumped for a faster encryption system called Elliptic Curve, from US developer Certicom.
However, Phillip Deck, Certicom's president and chief executive officer, said the system would probably work alongside the SET protocol.
Deck explained: "Low-key public keys, such as RSA, are easier to break than Elliptic Curve. Elliptic Curves are far more efficient computationally - it is like having a faster engine in a car."
SET was originally expected to be completed last autumn by its two biggest backers, VISA and Mastercard, but has come up against several technical issues. As a result both companies have chosen not to recommend the Internet as a safe environment for financial transactions until the protocol is complete.
Electronics and computer chain the latest high street retailer to fall into difficulties
Incisive Media and Investec Asset Management supported fundraiser crosses Atlantic in 40 days
Alphabet's health sciences division Verily have been messing with AI algorithms