Secure Electronic Transaction (SET) (In E-payment system)

-

  •  Secure Electronic Transaction (SET) is a communications protocol standard for securing credit card transactions over networks, specifically, the Internet. SET was not itself a payment system, but rather a set of security protocols and formats that enabled users to employ the existing credit card payment infrastructure on an open network in a secure fashion.
  • Secure Electronic Transaction (SET) is a system for ensuring the security of financial transactions on the Internet. It was supported initially by Mastercard, Visa, Microsoft, Netscape, and others.
  •  With SET, a user is given an electronic wallet (digital certificate) and a transaction is conducted and verified using a combination of digital certificates and digital signatures among the purchaser, a merchant, and the purchaser's bank in a way that ensures privacy and confidentiality
  • Secure Electronic Transaction(SET) is an open-source encryption and security specification designed to protect credit card transactions on the internet. Remember that a secure electronic transaction is not a payment system; it is a set of security protocols and formats that ensures that using online payment transactions on the internet is secure.
  •  SET provides a secure environment for all the parties that are involved in the e-commerce transaction. It also ensures confidentiality. It provides authentication through digital certificates. In this article, we will discuss the basic concept of Secure Electronic Transaction and its working.
  • Secure Electronic Transaction or SET is a system that ensures the security and integrity of electronic transactions done using credit cards in a scenario. SET is not some system that enables payment but it is a security protocol applied to those payments. It uses different encryption and hashing techniques to secure payments over the internet done through credit cards. 
  • The SET protocol was supported in development by major organizations like Visa, Mastercard, Microsoft which provided its Secure Transaction Technology (STT), and Netscape which provided the technology of Secure Socket Layer (SSL).

  • SET protocol restricts the revealing of credit card details to merchants thus keeping hackers and thieves at bay. The SET protocol includes Certification Authorities for making use of standard Digital Certificates like X.509 Certificate.



Requirements in SET :
The SET protocol has some requirements to meet, some of the important requirements are :
  • It has to provide mutual authentication i.e., customer (or cardholder) authentication by confirming if the customer is an intended user or not, and merchant authentication.
  • It has to keep the PI (Payment Information) and OI (Order Information) confidential by appropriate encryptions.
  • It has to be resistive against message modifications i.e., no changes should be allowed in the content being transmitted.
  • SET also needs to provide interoperability and make use of the best security mechanisms.


SET Business Requirements /Requirements in SET :
• Provide confidentiality of payment and ordering information

• Ensure the integrity of all transmitted data

• Provide authentication that a cardholder is a legitimate user of a credit or debit card account

• Provide authentication that a merchant can accept credit or debit card transactions through its relationship with a financial institution

• Ensure the use of the best security practices and system design techniques to protect all legitimate parties in an electronic commerce transaction

• Create a protocol that neither depends on transport security mechanisms nor prevents their use

• Facilitate and encourage interoperability among software and network providers


SET functionalities :
  • Provide Authentication
- Merchant Authentication – To prevent theft, SET allows customers to check previous relationships between merchants and financial institutions. Standard X.509V3 certificates are used for this verification.

- Customer / Cardholder Authentication – SET checks if the use of a credit card is done by an authorized user or not using X.509V3 certificates.

  • Provide Message Confidentiality: Confidentiality refers to preventing unintended people from reading the message being transferred. SET implements confidentiality by using encryption techniques. Traditionally DES is used for encryption purposes.
  • Provide Message Integrity: SET doesn’t allow message modification with the help of signatures. Messages are protected against unauthorized modification using RSA digital signatures with SHA-1 and some using HMAC with SHA-1,


Key Features of SET

 ♦ Confidentiality of information. 

♦ Integrity of Data. 

♦ Cardholder account authentication. 

♦ Merchant authentication.

 ♦ Confidentiality of information. :- A credit card holder’s personal and payment information is secured as it travels across the network. An interesting feature of SET is that the merchant /seller never sees the credit card number; this is only provided to the issuing bank. Conventional encryption using DES is used to provide confidentiality.

♦ Integrity of Data:- Payment information sent from cardholders to merchants includes order information, personal information, and payment instructions. SET guarantees that these message contents are not altered in transit. RSA digital signatures, using SHA-1 hash codecs, provide message integrity.

♦ Cardholder account authentication:-  SET enables merchants to verify that a cardholder is a legitimate user of a valid card account number. SET uses X.509v3 digital certificates with RSA signatures for this purpose.

♦ Merchant authentication:- SET enables cardholders to verify that a merchant has a relationship with a financial institution allowing it to accept payment cards. SET uses X.509v3 digital certificates with RSA signatures for this purpose.

Key Technologies of SET

• Confidentiality of information: 3DES

• Integrity of data: RSA digital signatures with SHA-1 hash codes

• Cardholder account authentication: digital certificates with RSA signatures

• Merchant authentication: digital certificates with RSA signatures

• Privacy: separation of order and payment information using dual signatures

Comments

Post a Comment

Popular posts from this blog

Discuss classification or taxonomy of virtualization at different levels.

-
Image
Taxonomy of virtualization Virtualization is mainly used to emulate the execution environment, storage, and networks. The execution environment is classified into two: – Process-level – implemented on top of an existing operating system.  – System-level – implemented directly on hardware and does not or minimum requirement of the existing operating system. OR,  Virtualization covers a wide range of emulation techniques that are applied to different areas of computing. A classification of these techniques helps us better understand their characteristics and use  V irtualization is mainly used to emulate  ● Execution Environments: To provide support for the execution of the programs eg. OS, and Application.  ○ Process Level: Implemented on top of an existing OS that has full control of the hardware  ○ System Level: Implemented directly on Hardware and do not require support from existing OS.  ● Storage: Storage vi...
Read more

Suppose that a data warehouse for Big-University consists of the following four dimensions: student, course, semester, and instructor, and two measures count and avg_grade. When at the lowest conceptual level (e.g., for a given student, course, semester, and instructor combination), the avg_grade measure stores the actual course grade of the student. At higher conceptual levels, avg_grade stores the average grade for the given combination. a) Draw a snowflake schema diagram for the data warehouse. b) Starting with the base cuboid [student, course, semester, instructor], what specific OLAP operations (e.g., roll-up from semester to year) should one perform in order to list the average grade of CS courses for each BigUniversity student. c) If each dimension has five levels (including all), such as “student < major < status < university < all”, how many cuboids will this cube contain (including the base and apex cuboids)?

-
Image
a) A Snowflake Shema is shown in figure below: b) The specific OLAP operations to be performed: 1. Roll-up on course from course_id to department. 2. Roll-up on a student from student_id to university. 3. Dice on course, student with department ="CS" and university = "biguniversity" 4. Drill-down on a student from the university to student_name. c) N = 4 dimensions The cube will contain 54 = 625 cuboids.
Read more

Pure Versus Partial EC

-
Image
Pure Versus Partial EC EC takes several forms depending on the degree of digitization (the transformation from physical to digital). Companies utilizing pure EC conduct all of their business online. Businesses utilizing partial EC conduct a portion of their business online and a portion of their business off-line OR,    Pure E-electronic commerce refers to a situation where a business transacts its business activities PURELY online. that is, the goods or services sold do not have any physical presence. take a business that sells software, for example, you just pay and download, or one that sells music files online. Partial E-Commerce on the other hand refers to a slightly opposite situation where a business has an online presence, but still has a physical location for the goods and services it sells. For example, Amazon, Walmart, and any other you can think of. you buy the goods online but receive them physically.                   ...
Read more