Skip to main content

Secure Electronic Transactions (SET)

Introduction
Secure electronic transactions are a protocol for encrypted credit card Introduction payment transfers. Secure Electronic Transactions (SET) is an open protocol that has the potential to emerge as a dominant force in the securing of electronic transactions. Jointly developed by Visa and MasterCard, in conjunction with leading computer vendors such as IBM, SET is an open standard for protecting the privacy, and ensuring the authenticity, of electronic transactions. This is critical to the success of electronic commerce over the Internet; without privacy, consumer protection cannot be guaranteed, and without authentication, neither the merchant nor the consumer can be sure that valid transactions are being made.

Features of SET 1) Confidentiality of Information: Cardholder's account and payment information is secured as it travels across the network. An interesting and important feature of SET is that it prevents the merchant from learning the cardholder's credit card number; this is only provided to the issuing bank. Conventional encryption by DES is used to provide confidentiality. 2) Integrity of Data: Payment information sent from cardholders to merchants includes order information, personal data, and payment instructions. SET guarantees that these message contents are not altered in transit. RSA digital signatures, using SHA-1 has codes, provide message integrity. Certain messages are also protected by HMAC using SHA-1. 3) Cardholder Account Authentication: SET enables merchants to verify that a cardholder is a legitimate user of a valid card account number. SET uses X.509v3 digital certificates with RSA signatures for this purpose. 4 Merchant Authentication: SET enables cardholders to verify that a merchant has a relationship with a financial institution allowing it to accept payment cards. SET uses X.509v3 digital certificates with RSA signatures for this purpose.

Working of SET Protocols 
Assume that a customer has a SET-enabled browser such as Netscape or Microsoft's Internet Explorer and the transaction provider (bank, store, etc.) has a SET-enabled server. The basic steps are as follows: 
1) The customer opens a MasterCard or Visa bank account. Any issuer of a credit card is some kind of bank.

2) The customer receives a digital certificate. This electronic file functions as a credit card for online purchases or other transactions. It includes a public key with an expiration date. It has been through a digital switch to the bank to ensure its validity.
 
3) Third-party merchants also receive certificates from the bank. These certificates include the merchant's public key and the bank's public key.
 
4) The customer places an order over a Web page, by phone, or some other means.
 
5) The customer's browser receives and confirms from the merchant's certificate that the merchant is valid.
 
6) The browser sends the order information. This message is encrypted with the r merchant's public key, the payment information, which is encrypted with the bank's public key (which can't be read by the merchant), and information that ensures the payment can only be used with this particular order.
 
7) The merchant verifies the customer by checking the digital signature on the customer's certificate. This may be done by referring the certificate to the bank or to a third-party verifier. 

8) The merchant sends the order message along to the bank. This includes the bank's public key, the customer's payment information (which the merchant can't decode), and the merchant's certificate.
 
9) The bank verifies the merchant and the message. The bank uses the digital signature on the certificate with the message and verifies the payment part of the message.
 
10) The bank digitally signs and sends authorization to the merchant, who can then fill the order.


Is SET a Failure 
SET is fails because of following reasons: 
1) It is not ready for use yet. The SET protocol was just released for public comment in February 1996.
 
2) Buyers and merchants will need to install software which allows SET transactions processing. Acquiring banks will either need to contract with a company to run a SET Internet gateway for them, or install a SET Internet gateway themselves.
 
3) Merchants will need to have an account with an acquiring bank or card processor that is set up to accept SET transactions.
 
4) SET did not propagate as fast as most people expected because of its complexity, slow response time and the need to install digital wallet in the customer's computer.

Previous Next

 


Labels:

Comments

Post a Comment

Popular Post

Advantages of EDI

1) Shortened Ordering Time : Paper orders have to be printed, enveloped and sent out by the customer's post room, passed through the postal service, received by the supplier's post room and input to the supplier's order pocessing system. To achieve all this, reliably, in under three days would be to do very well. EDI orders are sent straight into the network and the only delay is how often the supplier retrieves messages from the system. Orders can be in the supplier's system within a day, or if there is urgency, the messages can be retrieved more frequently, for example every hour.  2) Cost Cutting : The use of EDI can cut costs. These include the costs of stationery and postage but these will probably be fully matched by the costs of running the EDI service. The principle saving from the use of the EDI is the potential to save staff costs. For example, if the orders are directly input to the system there is no need for an order entry clerk.  3) Elimination of Errors :...
Post a Comment
Read more

Infrastructure for EC

Introduction The e-commerce infrastructure is defined here as the supporting capabilities for online trading between multiple companies which include hardware, software, networks, online payment technologies, security and encryption technologies, online trading business models, legal and regulatory framework, and managerial and organisation capabilities.  Infrastructure is the shared human, informational , and technical resources on which the work system relies in order to operate, even though these resources exist and are managed outside of the work system.  To evaluate the interdisciplinary aspects of construction e-commerce infrastructure, one proposes using a four pillar approach. Figure 5.1 illustrates the skeleton for the proposed integrated construction e-commerce infrastructure. The proposed integrated e-business infrastructure can be broken down into the following four groups of components:  1) Technological Infrastructure : Technology infrastructure is a work...
1 comment
Read more

Business Strategy - E-Commerce Strategy Inputs

E-Commerce Strategy Inputs Traditionally an IT strategy would be subservient to the business strategy. For e- commerce the IT strategy becomes a central component (or the determinant factor) in business strategy.  Inputs to an e-commerce business strategy are: Technology An E-commerce technology includes:  EDI : Streamline supply logistics and facilitate decreases in trade cycle times.  Electronic Markets : Re-define the operation of a market sector.  Internet E-Commerce : Provides new direct sales opportunities and novel business to business and business to consumer applications.  Internet e-commerce can be used to improve, transform and re-define business value:  Organisation  Source of Business value  i) Improve it a) Product promotion b)New direct sales channel c)Direct saving d)Time to market e)Customer service f)Brand image  ii)Transform it a)Technological and organizational learning b)Customer relations  iii)Re-define it a)New pro...
Post a Comment
Read more