Secure transmission of data is provided between a plurality of computer systems over a public communication system, such as the Internet. Secure transmission of data is provided from a customer computer system to a merchant computer system, and for the further secure transmission of payment information from the merchant computer system to a payment gateway computer system. The payment gateway system formats transaction information appropriately and transmits the transaction to the particular host legacy system. The host legacy system evaluates the payment information and returns a level of authorization of credit to the gateway which packages the information to form a secure transaction which is transmitted to the merchant which is in turn communicated to the customer by the merchant. The merchant can then determine whether to accept the payment instrument tendered or deny credit and require another payment instrument. An architecture that provides support for additional message types that are value-added extensions to the basic SET protocol, is provided by a preferred embodiment of the invention.