Chapter 12

SET for E-Commerce Transactions

The Secure Electronic Transaction (SET) is a protocol designed for protecting credit card transactions over the Internet. It is an industry-backed standard that was formed by MasterCard and Visa (acting as the governing body) in February 1996. To promote the SET standard throughout the payments community, advice and assistance for its development have been provided by IBM, GTE, Microsoft, Netscape, RSA, SAIC, Terisa, and Verisign.

SET relies on cryptography and X.509 v3 digital certificates to ensure message confidentiality and security. SET is the only Internet transaction protocol to provide security through authentication. It combats the risk of transaction information being altered in transit by keeping information securely encrypted at all times and by using digital certificates to verify the identity of those accessing payment details. The specifications of and ways to facilitate secure payment card transactions on the Internet are fully explored in this chapter.

12.1 Business Requirements for SET

This section describes the major business requirements for credit card transactions by means of secure payment processing over the Internet. They are listed below:

1. Confidentiality of information (provide confidentiality of payment and order information). To meet these needs, the SET protocol uses encryption. Confidentiality reduces the risk of fraud by either party to the transaction or by malicious third parties. Cardholder account ...

Get Wireless Mobile Internet Security, 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.