Secure Electronic Transaction ( SET ) was a communications protocol standard for securing credit card transactions over insecure networks , specifically, the Internet . SET was not itself a payment system , but rather a security system. However, it failed to gain attraction in the market. VISA now promotes the 3-D Secure scheme.

History and development

The SET Design Team at Visa International offices in Foster City, California, July, 1996 in a picture to commemorate the publication of the work, which was followed by a lunch on San Francisco Bay.

SET was developed by the SET Consortium , established in 1996 by VISA and MasterCard in cooperation with GTE , IBM , Microsoft , Netscape , SAIC , Terisa Systems, RSA , and VeriSign. [1] The consortium’s goal was to combine the card associations’ similar but incompatible protocols (STT from Visa / Microsoft and SEPP from MasterCard / IBM) into a single standard.

SET allowed parties to identify themselves to each other securely. Binding of identities was based on X.509 certificates with several extensions. [2] SET used a cryptographic blinding algorithm that, in effect, would have a merchants substitute for a user’s credit-card number. If SET were used, the merchant itself would never have had to know the credit-card numbers being sent from the buyer.

SET was intended to become the de facto standard payment method on the Internet between the merchants, the buyers, and the credit-card companies.

Key features

To meet the business requirements, SET incorporates the following features:

  • Confidentiality of information
  • Integrity of data
  • Cardholder account authentication
  • Merchant authentication

Participants

A SET system includes the following participants:

  • Card holder
  • Merchant
  • Issuer
  • acquirer
  • Payment gateway
  • Certification authority

How it Works

Both cardholders and merchants must register with CA (certificate authority) first, before they can buy or sell on the Internet. Once registered, the cardholder and merchant can initiate transactions, which involve the basic steps in this protocol, which is simplified.

  1. Customers who bought this product also bought
  2. Customer Sends Order and Payment Information, which includes 2 parts in one message:
    1. at. Purchase Order – this part is for merchant
    2. b. Card Information – This part is for merchant’s bank only.
  3. Merchant forwards card information (part b) to their bank
  4. Merchant’s bank checks with Issuer for payment authorization
  5. Issuer send authorization to Merchant’s bank
  6. Merchant’s bank send authorization to merchant
  7. Merchant completes the order and sends confirmation to the customer
  8. Merchant captures the transaction from their bank
  9. Issuer credit card bill (invoice) to customer

Dual signature

As described in (Stallings 2000):

An important innovation in SET is the dual signature . The purpose of the dual signature is to link two messages that are intended for two different recipients. In this case, the customer wants to send the order information (OI) to the merchant and the payment information (PI) to the bank. The merchant does not need to know the customer’s credit-card number, and the bank does not need to know the details of the customer’s order. The customer is afforded extra protection in terms of privacy by keeping these two items separate. However, the two items should be used to resolve disputes if necessary. This link will take you to another Web site. This link will take you to another Web site.

The message digest of the OI and the PI are independently calculated by the customer. The dual signature is the encrypted MD (with the customer’s secret key) of the concatenated MD’s of PI and OI. The dual signature is sent to both the merchant and the bank. The protocol arranges for the MD of the PI without seeing the PI itself, and the bank sees the MD of the OI but not the OI itself. The dual signature can be verified using the MD of the OI or PI. It does not require the OI or PI itself. Its MD does not reveal the content of the OI or PI, and thus privacy is preserved.

Note

  1. Jump up^ Merkow p.248
  2. Jump up^ SET Specification Book 2 p.214

References

Mark S. Merkow (2004). “Secure Electronic Transactions (SET)”. In Hossein Bidgoli. The Internet Encyclopedia . John Wiley & Sons. pp. 247-260. ISBN  978-0-471-22203-3 .

Stallings, William (Nov. 1, 2000). “The SET Standard & E-Commerce” . Dr. Dobbs .

SET Secure Electronic Transaction Specification (V1.0) Book 1 (PDF) . Mastercard and Visa. May 1997.

SET Secure Electronic Transaction Specification (V1.0) Book 2 (PDF) . Mastercard and Visa. May 1997.

SET Secure Electronic Transaction Specification (V1.0) Book 3 (PDF) . Mastercard and Visa. May 1997.

External Interface Guide to SET Secure Electronic Transaction (PDF) . Mastercard and Visa. September 1997.

SETco Main Page , SETco, archived from the original on 2002-08-02 , retrieved 2013-11-07