Scribd
Upload
134 views

Secure Electronic Transaction (SET) : E-Commerce

Secure Electronic Transaction (SET) is a protocol developed by Visa and MasterCard to securely process credit card transactions online. It provides confidentiality through encryption, trust through digital certificates, and privacy by limiting information access. SET ensures authentication of buyers and merchants, integrity of data, and uses the best security practices like encryption, digital signatures, and separation of order and payment information. It supports common credit card transactions like purchases, returns, and account management.

Uploaded by

Praveen Bhardwaj
Copyright
© © All Rights Reserved
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
134 views

Secure Electronic Transaction (SET) : E-Commerce

Secure Electronic Transaction (SET) is a protocol developed by Visa and MasterCard to securely process credit card transactions online. It provides confidentiality through encryption, trust through digital certificates, and privacy by limiting information access. SET ensures authentication of buyers and merchants, integrity of data, and uses the best security practices like encryption, digital signatures, and separation of order and payment information. It supports common credit card transactions like purchases, returns, and account management.

Uploaded by

Praveen Bhardwaj
Copyright
© © All Rights Reserved
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 12

Secure Electronic Transaction(SET)

E-COMMERCE

BY
PRAVEEN KUMAR BHARDWAJ N208
Credit Cards on the Internet
Problem: communicate credit card and purchasing data
securely to gain consumer trust
◦ Authentication of buyer and merchant
◦ Confidential transmissions
Systems vary by
◦ Type of public-key encryption
◦ Type of symmetric encryption
◦ Message digest algorithm
◦ Number of parties having private keys
◦ Number of parties having certificates
Credit Card Protocols
SSL 1 or 2 parties have private keys
TLS (Transport Layer Security)
◦ IETF version of SSL

i KP (IBM)
SEPP (Secure Encryption Payment Protocol)
◦ MasterCard, IBM, Netscape OBSOLETE
STT (Secure Transaction Technology)
◦ VISA, Microsoft

SET (Secure Electronic Transactions)


VERY SLOW
◦ MasterCard, VISA all parties have certificates
ACCEPTANCE
Secure Electronic Transaction (SET)
Developed by Visa and MasterCard
Designed to protect credit card transactions
Confidentiality: all messages encrypted
Trust: all parties must have digital certificates
Privacy: information made available only when and where necessary
Participants in the SET System
SET Business Requirements
Provide confidentiality of payment and ordering information
Ensure the integrity of all transmitted data
Provide authentication that a cardholder is a legitimate user of a credit
card account
Provide authentication that a merchant can accept credit card
transactions through its relationship with a financial institution
SET Business Requirements (cont’d)
Ensure the use of the best security practices and system design
techniques to protect all legitimate parties in an electronic commerce
transaction
Create a protocol that neither depends on transport security mechanisms
nor prevents their use
Facilitate and encourage interoperability among software and network
providers
SET Transactions
SET Transactions
The customer sends order and payment information to the
merchant.
The merchant requests payment authorization from the
payment gateway prior to shipment.
The merchant confirms order to the customer.
The merchant provides the goods or service to the
customer.
The merchant requests payment from the payment
gateway.
Key Technologies of SET
Confidentiality of information: DES
Integrity of data: RSA digital signatures with SHA-1 hash codes
Cardholder account authentication: X.509v3 digital certificates with RSA
signatures
Merchant authentication: X.509v3 digital certificates with RSA signatures
Privacy: separation of order and payment information using dual signatures
Dual Signature for SET

Concept: Link Two Messages Intended for Two Different


Receivers:
◦ Order Information (OI): Customer to Merchant
◦ Payment Information (PI): Customer to Bank
Goal: Limit Information to A “Need-to-Know” Basis:
◦ Merchant does not need credit card number.
◦ Bank does not need details of customer order.
◦ Afford the customer extra protection in terms of privacy by
keeping these items separate.
This link is needed to prove that payment is intended for this order
and not some other one.
SET Supported Transactions

 card holder registration  purchase notification


 merchant registration  sale transaction
 purchase request  authorization reversal
 payment authorization  capture reversal
 payment capture
 credit reversal
 certificate query
 purchase inquiry

You might also like