http://commons.oreilly.com/wiki/index.php?title=Beautiful_Trade/Secure_Electronic_Transaction&action=history Revision history for this page on the wiki en MediaWiki 1.11.0 Thu, 23 May 2013 02:46:03 GMT http://commons.oreilly.com/wiki/index.php?title=Beautiful_Trade/Secure_Electronic_Transaction&diff=24536&oldid=prev <p>New page: '''Secure Electronic Transaction''' Secure Electronic Transaction (SET) is a protocol Visa and MasterCard developed in 1996 for securing credit card transactions over insecure networks ...</p> <p><b>New page</b></p><div>'''Secure Electronic Transaction''' <br /> <br /> Secure Electronic Transaction (SET) is a protocol Visa and MasterCard developed in 1996 for <br /> securing credit card transactions over insecure networks such as the Internet. SET utilizes <br /> X.509 certificates and extensions, along with public key cryptography to identify each party <br /> within the e-commerce transaction and transmit the data while maintaining confidentiality. <br /> SET’s unique binding algorithm substitutes a temporary certificate for the consumer’s account <br /> number, so that the online merchant never needs access to this sensitive information. Each <br /> party is required to preregister with the certificate authority (CA), allowing the card issuer to <br /> perform due diligence before it allows the merchant to perform e-commerce transactions, and <br /> then authenticating all parties in the transaction. <br /> <br /> On the consumer end, SET creates a hash value of the order information together with the <br /> payment information. The payment information is sent to the bank along with the signed hash <br /> of the order information. The consumer-side software also sends the order information to the <br /> merchant with the signed hash of the payment information. Both the cardholder and the <br /> merchant create equivalent hashes, compared when they are received by the bank or payment <br /> gateway. <br /> <br /> This protocol offers a number of different protections for the transaction: <br /> <br /> • It authenticates all parties in the initial transaction at time of registration with the CA. <br /> • It performs additional authentication at transaction time through the exchange of <br /> certificates with the consumer, merchant, and payment gateway. <br /> • Sensitive data such as the account number is shared only between the consumer and the <br /> bank and kept on a “need to know” basis, freeing the merchant from the need to store or <br /> transmit this information. <br /> <br /> SET transactions <br /> <br /> The sequence of events required for a transaction follow: <br /> <br /> 1. The customer obtains a credit card account with a bank that supports electronic payment <br /> and SET. <br /> <br /> 2. The customer receives an X.509 v3 digital certificate signed by the bank. <br /> <br /> 3. The customer places an order. <br /> <br /> 4. Each merchant has its own certificate, which it sends to the customer so his software can <br /> verify that it’s a valid store. <br /> <br /> 5. The order and payment are sent. <br /> <br /> 6. The merchant requests payment authorization from the issuing bank. <br /> <br /> 7. The merchant confirms the order. <br /> <br /> 8. The merchant ships the goods or provides the service to the customer. <br /> <br /> 9. The merchant requests payment. <br /> <br /> '''Evaluation of SET''' <br /> <br /> Unfortunately, due to the amount of overhead involved in the massive Public Key <br /> Infrastructure (PKI) and registration process required by SET, it will never be widely adopted. <br /> The complexities with managing it become unbearable given the size of the e-commerce <br /> market.</div> Tue, 30 Jun 2009 02:22:10 GMT Ebellis http://commons.oreilly.com/wiki/index.php/Talk:Beautiful_Trade/Secure_Electronic_Transaction