My Blog.

Secure Electronic Transaction

Secure Electronic Transaction (SET): Overview and Importance

Secure Electronic Transaction (SET) is a protocol developed by Visa and MasterCard in the mid-1990s to ensure the secure processing of online credit card transactions. Although it is no longer widely used today, it played a significant role in shaping modern secure payment systems.

Overview

SET Protocol:

  • Designed to provide confidentiality, authentication, and integrity for electronic transactions over the internet.
  • Based on cryptographic techniques to secure payment information and ensure the authenticity of parties involved in the transaction.
  • Involves several key participants: cardholders, merchants, payment gateways, and certificate authorities.

Key Components:

  1. Cardholder: The individual making the purchase.
  2. Merchant: The entity selling goods or services.
  3. Issuer: The bank that issues the credit card to the cardholder.
  4. Acquirer: The merchant's bank that processes the credit card payment.
  5. Payment Gateway: A service provider that connects merchants to the acquirer for transaction processing.
  6. Certificate Authority (CA): A trusted entity that issues digital certificates to parties involved in the transaction to ensure their identities.

Importance

1. Security:

  • Confidentiality: SET uses encryption to protect payment information during transmission, ensuring that sensitive data such as credit card numbers are not exposed to unauthorised parties.
  • Authentication: Digital certificates and signatures verify the identities of all parties involved, ensuring that cardholders, merchants, and banks are legitimate.
  • Integrity: Digital signatures ensure that the transaction details cannot be altered during transmission.

2. Trust:

  • Mutual Authentication: Both the cardholder and the merchant authenticate each other, building trust in the transaction process.
  • Certificate Authorities: Trusted CAs issue digital certificates, providing a higher level of trust in the identities of transaction participants.

3. Privacy:

  • Dual Signatures: SET uses a dual signature mechanism to ensure that the cardholder’s payment information and order information are kept separate but linked, protecting the cardholder's privacy.

4. Fraud Prevention:

  • Non-repudiation: Digital signatures provide proof of transaction, preventing parties from denying their involvement in the transaction.
  • Transaction Integrity: Ensures that transaction details cannot be tampered with, reducing the risk of fraud.

SET Protocol Process

The SET protocol involves several steps to ensure secure electronic transactions:

  1. Initialization:

    • Certificate Request: Cardholders and merchants obtain digital certificates from a CA.
    • Certificate Issuance: The CA verifies identities and issues digital certificates.

  2. Purchase Request:

    • Order Information (OI): The cardholder sends the merchant the details of the purchase.
    • Payment Information (PI): The cardholder sends encrypted payment information to the merchant, which includes the credit card details. This is encrypted so that only the payment gateway can read it.

  3. Authorization Request:

    • Authorization Request: The merchant forwards the payment information to the payment gateway for authorization.
    • Authorization Response: The payment gateway verifies the payment details with the card issuer and sends an authorization response back to the merchant.

  4. Payment Capture:

    • Capture Request: Once the merchant confirms the goods/services are delivered, they send a capture request to the payment gateway to finalize the payment.
    • Capture Response: The payment gateway processes the payment and credits the merchant's account.

  5. Confirmation:

    • Confirmation Message: The merchant sends a confirmation message to the cardholder, acknowledging the transaction's completion.

Summary

Secure Electronic Transaction (SET) was a pioneering protocol aimed at securing online credit card transactions through encryption, authentication, and digital signatures. While it is not widely used today, the principles and technologies it introduced have influenced modern e-commerce security protocols and standards. SET's importance lies in its comprehensive approach to transaction security, addressing confidentiality, integrity, and authentication to protect against fraud and build trust in online payments.

If you have any further questions or need additional details, feel free to ask!