Secure Electronic Transaction (SET) is a communications protocol standard for securing credit card transactions over networks, specifically, the Internet. SET was not itself a payment system, but rather a set of security protocols and formats that enabled users to employ the existing credit card payment infrastructure on an open network in a secure fashion
It uses different encryption and hashing techniques to secure payments over internet done through credit cards. SET protocol was supported in development by major organizations like Visa, Mastercard, Microsoft which provided its Secure Transaction Technology (STT) and NetScape which provided technology of Secure Socket Layer (SSL).
SET protocol restricts revealing of credit card details to merchants thus keeping hackers and thieves at bay. SET protocol includes Certification Authorities for making use of standard Digital Certificates like X.509 Certificate.
■ SET Authenticates cardholder and merchant identity through use of digital certificates
■ SET is An open standard developed by MasterCard and Visa
■ SET Transaction process similar to standard online credit card transaction, with more identity verification
■ Thus far, has not caught on much, due to costs involved in integrating SET into existing systems, and lack of interest among consumers
Requirements in SET :
SET protocol has some requirements to meet, some of the important requirements are :
- It has to provide mutual authentication i.e., customer (or cardholder) authentication by confirming if the customer is intended user or not and merchant authentication.
- It has to keep the PI (Payment Information) and OI (Order Information) confidential by appropriate encryptions.
- It has to be resistive against message modifications i.e., no changes should be allowed in the content being transmitted.
- SET also needs to provide interoperability and make use of best security mechanisms.
How it works
Both cardholders and merchants must register with the CA (certificate authority) first, before they can buy or sell on the Internet. Once registration is done, cardholder and merchant can start to do transactions, which involve nine basic steps in this protocol,
- Customer browses the website and decides on what to purchase
- Customer sends order and payment information, which includes two parts in one message: a. Purchase order – this part is for merchant b. Card information – this part is for merchant’s bank only.
- Merchant forwards card information (part b) to their bank
- Merchant’s bank checks with the issuer for payment authorization
- Issuer sends authorization to the merchant’s bank
- Merchant’s bank sends authorization to the merchant
- Merchant completes the order and sends confirmation to the customer
- Merchant captures the transaction from their bank
- Issuer prints credit card bill (invoice) to the customer