Secure
Electronic Transactions (SET)
SET
became a reality when Visa and MasterCard joined forces to create a secure form
of Internet transacting for customers and merchants. The result was a secure line of encryption between customers,
merchants and financial institutions. In addition to encrypting
payment information, SET makes online transactions even safer by using digital
certificates to verify that consumers and merchants are both authorized to use
and accept Visa and Master cards.
Besides
Visa and MasterCard, the other major player in SET technology is SETCo. When Visa and MasterCard joined forces to
forge the “development of a single technical standard for safeguarding payment
card purchases made over open networks” they created SET Secure Electronic
Transaction LLC (SETCo) (www.setco.org). SETCo was formed to implement the SET™
Specification.” SETCo is the
standardization organization that oversees the development of the SET
software.
SETCo
hired in Tenth Mountain Systems, Inc. to act as the Software Compliance
Administrator (SCA) for SET. Tenth
Mountain Systems, Inc. develops the testing and certification standards
required to do business with the SET software.
They created the SET Compliance Test software to help e-business
merchants obtain the SET certification for their Internet software.
According
to MasterCard (www.mastercard.com/shoponline/set/set.html),
the procedures involved with this type of transaction require the buyer and
seller to use industry-established standards of authentication. In order for a consumer to make a purchase
on-line, they will need a “digital wallet” and a “digital certificate”.
Merchants also need to be certified in order to use SET security measures. The merchant needs the certification in order to carry the necessary SET software used to identify itself as an authorized seller. The Certificate Authority (CA) gives SET certificates to a card issuing company recognized by Visa or MasterCard. The buyer and merchant also obtain SET certificates that allow them to interact with each other over the Internet.
The
first thing a cardholder has to do, in order to use SET, is to obtain the
aforementioned digital wallet to communicate with a manufacturer or merchant
that participates in the SET program.
The software automatically detects that a merchant is an authorized
member of the SET program and has a trusted relationship with a financial
institution. The customer can obtain
the digital wallet from a number of software vendors online. One such vendor is Bank One
(http://www.bankonewallet.instabuy.com/).
The bankonewallet safely stores the customers preferred payment and
shipping information online. When a
customer is ready to purchase from a merchant affiliated with SET, the customer
selects the method of payment and uses the bankonewallet to easily fill out
forms and pay for merchandise.
Next, a cardholder would obtain a digital certificate. A digital certificate is an electric form of
identification issued to cardholders
and merchants by Visa and Master Card’s member financial institutions. When the consumer is ready to make a
purchase, their SET software validates who both the merchant and the cardholder
say they are before payment information is exchanged.
Third, the merchant will send the
customer an online order form to fill out along with their merchant
certificate. This is where the
customers’ digital wallet would ease the process. The customer would select their method of payment, fill out the
merchant order form and submit their information. The customers SET software encrypts the payment and order
information and submits the information to the merchant. The payment information stays encrypted
until it reaches the merchant’s financial institution for verification of
sufficient funds. This process keeps
the payment information out of the hands of possible inside thieves or sniffers
awaiting information going to that particular merchant.
The fourth process involves
authorization and approval from the merchant’s financial institution. The payment information is received from the
customer at the merchant’s bank and decrypted.
The payment information is verified with the customer’s issuing bank and
approval of the purchase is granted.
Approval of purchase if forwarded to the merchant and confirmation of
the sale is sent to the cardholder.
SET is a secure technology that has a number of checks in place to make sure that cardholders and merchants alike are authorized to use the software. The benefits of SET are the security measures taken throughout the transaction cycle. The financial information provided by the buyer goes directly to the bank for authorization and the order information (which is also encrypted) goes only to the merchant. Challenges to SET can be the problem of theft from the merchant to the bank. Even though the buyer information is encrypted, it is still being sent over a medium that can be tapped by a thief. Also, internal theft at the bank might still be an issue. However, the amount of security available using SET is still very reliable considering the level of certification and testing required to be an authorized user of the SET technology.
Benefits available to merchants are the increased sales from existing online shoppers who will now travel to more sites with more confidence in the level of security available. Another benefit is the increase in the amount of customers who traditionally feared Internet shopping due to the threat of theft. A reduction in costs associated with fraud and theft is another possible benefit.
Benefits
to customers include ease of shopping with the implementation of digital
wallets. The customer doesn’t have to
continue to type the same information over and over when ordering from
merchants participating in SET technology.
The digital wallets store the billing and payment information and can be
instantly captured in an order form.
Another benefit is the overall security available with SET. The entire process is designed to send
payment and order information to the appropriate parties. The credit card information goes only to the
banks and the product order information goes to the merchant only. This ensures the customer that no personal
credit information goes to the merchant.
It was stated in one of the resources, that SET information such as passwords and cryptographic keys are stored in the consumers PC’s. If this is the case, is SET necessarily safe. Programs could be written to attack a user’s computer using scripts to search out SET software and return what is found to the hacker. With the information stored on the user’s computer, nothing is safe. However, it was mentioned that the software must be accessed by passwords. Hopefully this means that the software that is installed on the consumer’s PC is password protected and can only be accessed by the user logging into their computer. This would add another dimension of security versus storing the information without any barriers on the PC.
Resources
www.mastercard.com/shoponline/set/set.html