150 likes | 449 Views
Electronic Payment Systems: Secure Electronic Transaction (SET). Contents. Secure Electronic Transaction Secure Electronic Transaction : Protocol Parties in SET Certificate of Participants SET Transaction Process Advantages of SET Disadvantages of SET. Secure Electronic Transaction.
E N D
Electronic Payment Systems: Secure Electronic Transaction (SET)
Contents • Secure Electronic Transaction • Secure Electronic Transaction : Protocol • Parties in SET • Certificate of Participants • SET Transaction Process • Advantages of SET • Disadvantages of SET
Secure Electronic Transaction BACK An application-layer security mechanism, consisting of a set of protocols. Protect credit card transaction on the Internet. Companies involved:– MasterCard, Visa, IBM, Microsoft, Netscape, RSA, Cyber Cash. Not an ordinary payment system. It has a complex technical specification
Secure Electronic Transaction : Protocol BACK Confidentiality: All messages are encrypted Trust: All parties must have digital certificates Privacy: information made available only when and where necessary Developed by Visa and MasterCard Designed to protect credit card transactions
Parties in SET 1 4 2 3 BACK
Certificate of Participants Cardholder certificates: Cardholder certificates function as an electronic representation of the payment card. Because they are digitally signed by a financial institution, they cannot be altered by a third party and and can only be generated by a financial institution. Merchant certificates :This includes the technology required to communicate securely with cardholders and their financial institutions. These certificate are approved by the acquiring financial institution and provide assurance that the merchant holds a valid agreement with an Acquirer.
Payment Gateway Certificates:Payment gateway certificates are obtained by Acquirers or their processors for the systems that process authorization and capture messages. The gateway’s encryption key, which the cardholder gets from this certificate, is used to protect the cardholder’s account information. Acquirer Certificates:An Acquirer must have certificates in order to operate a Certificate Authority that can accept and process certificate requests directly from merchants over public and private networks. Issuer Certificates: An Issuer must have certificates in order to operate a Certificate Authority that can accept and process certificate requests directly from cardholder over public and private networks.
SET Transactions process BACK • The customer opens an account with a card issuer. • MasterCard, Visa, etc. • The customer receives a X.509 V3 certificate signed by a bank. • X.509 V3 • A merchant who accepts a certain brand of card must possess two X.509 V3 certificates. • One for signing & one for key exchange • The customer places an order for a product or service with a merchant. • The merchant sends a copy of its certificate for verification.
Advantages of SET BACK Provide confidentiality of payment information. Ensure the integrity of all transmitted data. Provide authentication that a cardholder is a legitimate user of a branded payment card account. Provide authentication that a merchant can accept . Branded payment card transactions through its relationship with an acquiring financial institution. The goal of SET is to ensure that the payment process is private, convenient and most important of all secure.
Disadvantages of SET BACK Implementing SET is more costly than SSL/TLS for merchants as well. Business banks must hire companies to manage their payment gateways, or install payment gateways by themselves. SET employs complex cryptographic mechanisms that may have an impact on the transaction speed. The overheads associated with SET are heavy.
THANKS BACK TO INDEX