Post on 18-Jan-2016
Electronic Payment Systems:Secure Electronic Transaction
(SET)
Secure Electronic Transaction Secure Electronic Transaction : Protocol Parties in SET Certificate of Participants SET Transaction Process Advantages of SET Disadvantages of SET
An application-layer security mechanism, consisting of a set of protocols.
Protect credit card transaction on the Internet. Companies involved:– MasterCard, Visa, IBM, Microsoft,
Netscape, RSA, Cyber Cash. Not an ordinary payment system. It has a complex technical specification
BACK
Confidentiality: All messages are encrypted Trust: All parties must have digital certificates Privacy: information made available only when and where
necessary Developed by Visa and MasterCard Designed to protect credit card transactions
BACK
1
3 2
4
BACK
Cardholder certificates: Cardholder certificates function as an electronic representation of the payment card. Because they are digitally signed by a financial institution, they cannot be altered by a third party and and can only be generated by a financial institution.
Merchant certificates : This includes the technology required to communicate securely with cardholders and their financial institutions. These certificate are approved by the acquiring financial institution and provide assurance that the merchant holds a valid agreement with an Acquirer.
Payment Gateway Certificates: Payment gateway certificates are obtained by Acquirers or their processors for the systems that process authorization and capture messages. The gateway’s encryption key, which the cardholder gets from this certificate, is used to protect the cardholder’s account information.
Acquirer Certificates: An Acquirer must have certificates in order to operate a Certificate Authority that can accept and process certificate requests directly from merchants over public and private networks.
Issuer Certificates: An Issuer must have certificates in order to operate a Certificate Authority that can accept and process certificate requests directly from cardholder over public and private networks.
BACK
SET Transaction Process
The customer opens an account with a card issuer.◦ MasterCard, Visa, etc.
The customer receives a X.509 V3 certificate signed by
a bank.◦ X.509 V3
A merchant who accepts a certain brand of card must
possess two X.509 V3 certificates.◦ One for signing & one for key exchange
The customer places an order for a product or service with
a merchant. The merchant sends a copy of its certificate for verification.BACK
Provide confidentiality of payment information. Ensure the integrity of all transmitted data. Provide authentication that a cardholder is a legitimate
user of a branded payment card account. Provide authentication that a merchant can accept . Branded payment card transactions through its relationship with an acquiring financial institution. The goal of SET is to ensure that the payment process is
private, convenient and most important of all secure.
BACK
Implementing SET is more costly than SSL/TLS for merchants as well.
Business banks must hire companies to manage their payment gateways, or install payment gateways by themselves.
SET employs complex cryptographic mechanisms that may have an impact on the transaction
speed. The overheads associated with SET are heavy.
BACK
BACK TO INDEX