NoteVerse

Secure Electronic Transaction

Comprehensive study notes, diagrams, and exam preparation for Secure Electronic Transaction.

Secure Electronic Transaction (SET)

Definition

Secure Electronic Transaction (SET) is a communication protocol standard developed by Visa and MasterCard in 1996. It was designed to provide a secure method for processing credit card payments over open networks like the Internet, ensuring the confidentiality and integrity of payment data while authenticating the identities of all parties involved.

Main Content

1. The Core Objective: Security and Trust

  • SET ensures that sensitive credit card information is not accessible to merchants, protecting the consumer from potential fraud.
  • It provides non-repudiation, meaning neither the buyer nor the seller can deny the transaction after it has occurred.

2. The Players in SET

  • Cardholder: The consumer using a credit card to make an online purchase.
  • Merchant: The entity selling goods or services.
  • Payment Gateway: The bank or financial institution that processes the transaction and communicates with the cardholder’s bank.

3. Key Security Technologies

  • Public Key Encryption: Used to encrypt payment instructions and sensitive data.
  • Digital Signatures: Used to verify the identity of the participants and ensure the message hasn't been tampered with.
Basic SET Architecture Model
[Cardholder] <---> [Merchant] <---> [Payment Gateway]
      |               |                   |
      +---------------+-------------------+
             (Certified Authority/Trust)

Working / Process

1. Purchase Request

  • The customer browses the merchant’s website and selects items, then decides to pay.
  • The customer's software sends a "Purchase Request" to the merchant, which includes encrypted payment information that the merchant cannot read.

2. Payment Authorization

  • The merchant forwards the encrypted payment request to the Payment Gateway.
  • The Gateway decrypts the information, communicates with the cardholder's bank to verify funds, and sends an authorization back to the merchant.

3. Capture and Settlement

  • Once authorized, the merchant completes the order for the customer.
  • The merchant sends a request for payment (capture) to the Payment Gateway to transfer the funds from the cardholder’s bank to the merchant’s bank account.

Advantages / Applications

  • Increased Privacy: Merchants only receive the order information and not the actual credit card numbers.
  • Strong Authentication: Through the use of digital certificates, both the customer and the merchant are verified, reducing the risk of identity theft.
  • Integrity: The use of cryptographic hashing ensures that the transaction details have not been altered in transit.

Summary

Secure Electronic Transaction (SET) is a specialized security protocol that uses digital certificates and encryption to protect credit card transactions conducted online. By separating the identity of the user from the sensitive payment data, it creates a secure bridge between the consumer, the merchant, and the financial institutions.

Important terms to remember: Digital Certificates, Public Key Infrastructure (PKI), Non-repudiation, Payment Gateway, and Encryption.

← Prev: Web security TLS SSL
Next: Firewall and its types →