Secure Electronic Transaction (SET) was a protocol standard for securing credit card transactions over the internet. It involved companies like MasterCard, Visa, IBM and provided a secure communication channel and digital certificates to ensure privacy and trust. The SET process involved customers getting certificates and placing orders with merchants who also had certificates. The merchant would then request payment authorization from the bank. Dual signatures were used to link messages between customers, merchants and banks for security. Payment gateways verified certificates and digital signatures and requested authorizations from card issuers.
2. Secure Electronic Transactions (SET):
•Secure Electronic Transaction (SET) was a communications protocol
standard for securing credit card transactions over insecure networks,
specifically, the Internet.
• Companies involved:
o MasterCard, Visa, IBM, Microsoft, Netscape, RSA, Terisa
and Verisign
• Not a payment system.
• Set of security protocols and formats.
3. SET Services:
• Provides a secure communication channel in a
transaction.
• Provides trust by the use of digital certificates.
• Ensures privacy.
4. SET Participants:
1. The customer opens an account.
2. The customer receives a certificate.
3. Merchants have their own certificates.
4. The customer places an order.
5. The merchant is verified.
6. The order and payment are sent.
7. The merchant request payment authorization.
8. The merchant confirm the order.
9. The merchant provides the goods or service.
10. The merchant requests payments.
5. Dual Signature
The purpose of the dual signature is to link two messages that are intended
for two different recipients.
In this case, the customer wants to send the order information (OI) to the
merchant and the payment information (PI) to the bank.
Dual signature can also mean the use of encryption with two electronic
signatures as a security measure for delivering an electronic message in a
Secure Electronic Transaction (SET).
8. Purchase Request Transaction
Initiate Request
• The costumer requests the
certificates
• The message includes other
informations
Initiate Response
• The merchant includes the
certificates
• The message includes other
informations
8
Purchase Request
•Verifies the merchant and
gateway certificates
Purchase Response
Give the purchase response
message
costumer merchant
9. Tasks performed by Payment Gateway
1. verifies all certificates
2. decrypts digital envelope of authorization block to obtain symmetric
key & then decrypts authorization block
3. verifies merchant's signature on authorization block
4. decrypts digital envelope of payment block to obtain symmetric key
& then decrypts payment block
5. verifies dual signature on payment block
6. verifies that transaction ID received from merchant matches that in
PI received (indirectly) from customer
7. requests & receives an authorization from issuer
8. sends authorization response(*) back to merchant
9
(*) - Authorization-related information
- Capture token information (to effect payment later)
- Certificate