Secure ElectronicTransaction (SET):

1. The problem on e-payment like credit and debit cards are:

2. communicate credit and debit card and purchasing data securely to gain consumer trust

3. Authentication of buyer and merchant

4. Confidential transmissions

5. All the Systems vary by

6. Type of public-key encryption

7. Type of symmetric encryption

8. Message digest algorithm

9. Number of parties having private keys

10. Number of parties having certificates

3. Secure Electronic Transaction (SET)

SET protcal Developed by Visa and MasterCard .It Designed to protect credit and debit card transactions Confidentiality: all messages encryptedTrust: all parties must have digital certificates Privacy: information made available only when and where necessary

4. Participants in the SET System:

5. SET Business Requirements :

• Provide confidentiality of payment and ordering information

• Ensure the integrity of all transmitted data

• Provide authentication that a cardholder is a legitimate user of a credit or debit card account

• Provide authentication that a merchant can accept credit or debit card transactions through its relationship with a financial institution

6. SET Business Requirements :

• Ensure the use of the best security practices and system design techniques to protect all legitimate parties in an electronic commerce transaction

• Create a protocol that neither depends on transport security mechanisms nor prevents their use

• Facilitate and encourage interoperability among software and network providers

7. SET Transactions :

8. SET Transactions :

• The customer opens an account with a card issuer. MasterCard, Visa, etc .

• The customer receives a digital certificate signed by a bank.

• A merchant who accepts a certain brand of card must possess two digital certificates. – One for signing & one for key exchange

• The customer places an order for a product or service with a merchant.

• The merchant sends a copy of its certificate for verification.

• The customer sends order and payment information to the merchant.

• The merchant requests payment authorization from the payment gateway prior to shipment.

• The merchant confirms order to the customer.

• The merchant provides the goods or service to the customer.

• The merchant requests payment from the payment gateway.

10. SET Supported Transactions :

• card holder registration

• merchant registration

• purchase request

• payment authorization

• payment capture

• certificate query

• purchase inquiry

• purchase notification

• sale transaction

• authorization reversal

• capture reversal

• credit / payment reversal

11. Key Technologies of SET:

• Confidentiality of information: 3DES

• Integrity of data: RSA digital signatures with SHA-1 hash codes

• Cardholder account authentication: digital certificates with RSA signatures

• Merchant authentication: digital certificates with RSA signatures

• Privacy: separation of order and payment information using dual signatures