Secure Electronic Transaction (SET) is a security technology proposed by Visa and MasterCard to allow for more secure credit card transaction possibilities than what is currently available. SET has been waiting in the wings for full implementation and acceptance as a standard for quite some time. Although SET provides an effective way of transmitting credit card information, businesses and users do not see it as efficient because it requires more parties to coordinate their efforts, more software installation and configuration for each entity involved, and more effort and cost than the widely used SSL method.
SET is a cryptographic protocol and infrastructure developed to send encrypted credit card numbers over the Internet. The following entities would be involved with a SET transaction, which would require each of them to upgrade their software, and possibly their hardware:
• Issuer (cardholder’s bank) The financial institution that provides a credit card to the individual.
• Cardholder The individual authorized to use a credit card.
• Merchant The entity providing goods.
• Acquirer (merchant’s bank) The financial institution that processes payment cards.
• Payment gateway This processes the merchant payment. It may be an acquirer.
To use SET, a user must enter her credit card number into her electronic wallet software. This information is stored on the user’s hard drive or on a smart card. The software then creates a public key and a private key that are used specifically for encrypting financial information before it is sent.
Let’s say Tanya wants to use her electronic credit card to buy her mother a gift from a web site. When she finds the perfect gift and decides to purchase it, she sends her encrypted credit card information to the merchant’s web server. The merchant does not decrypt the credit card information, but instead digitally signs it and sends it on to its processing bank. At the bank, the payment server decrypts the information, verifies that Tanya has the necessary funds, and transfers the funds from Tanya’s account to the merchant’s account. Then the payment server sends a message to the merchant telling it to finish the transaction, and a receipt is sent to Tanya and the merchant. At each step, an entity verifies a digital signature of the sender and digitally signs the information before it is sent to the next entity involved in the process. This would require all entities to have digital certificates and participate in a PKI.
This is basically a very secure way of doing business over the Internet, but today everyone seems to be happy enough with the security SSL provides. They do not feel motivated enough to move to a different and more encompassing technology. The lack of motivation comes from all of the changes that would need to take place to our current processes and the amount of money these changes would require.
Source: http://www.logicalsecurity.com/resources/resources_articles.html
Review full Cryptography Chapter at www.LogicalSecurity.com
http://logicalsecurity-ls.blogspot.com/2009/03/secure-electronic-transaction.html
Tags: CISSP, CISSP Article, CISSP Articles, CISSP Course, Cryptography, Electronic Transaction, Information Security Articles, logical security, network security, Secure Electronic, Secure Electronic Transaction, security, Transaction
Logical Security 
Leave a comment