1 / 28

Banesto Easy SET Project

Banesto Easy SET Project. 6th of July, 2,000 víspera de San Fermín. Julián Inza jinza@banesto.es Technological Strategy Director http://www.banesto.es. Agenda. Banesto: early involvement in SET Some criticism to SET SET trends SET flavours (Classic, MIA, Easy)

minh
Download Presentation

Banesto Easy SET Project

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. BanestoEasy SET Project 6th of July, 2,000 víspera de San Fermín Julián Inza jinza@banesto.es Technological Strategy Director http://www.banesto.es

  2. Agenda • Banesto: early involvement in SET • Some criticism to SET • SET trends • SET flavours (Classic, MIA, Easy) • Easy SET project: standard and alternate hierarchies • Payment scenarios • Banesto Virtual POS and SET in VPOS • Wath EasySET working for you • Action plan • Fee arrangement proposal • EasySET portal: www.easy-set.org

  3. Early involvement in SET SET Facil adoption (500.000 cardholders, including other banks) 2000+ virtual shops SET-Facil Release Initial SET deployment Banesto & IBM initiate a SET Trial with Banesto Virtual Cash Card 1996 1997 1998 1999 2000 2001 Banesto begin “SET Facil”- “Easy SET” Project 1000 virtual shops 50.000 cardholders First Spanish SET transaction (with Banesto Virtual Cash Card)

  4. SET Criticism • SET is complex • Wallets usually weights 4-6 Mb • Users need to install software in their PC • Certificates are hard to get and take some time • Versions are not easily maintained • SET infrastructure is expensive • Interoperability is not guaranteed • Issuer banks don´t support SET

  5. SET Trends • SET can be easy (in fact it is easier to use than SSL, once you have the certificate) • Light Wallets and Plug-ins for Server Wallets weight under 600Kb • Users still need to install software in their PC, but this include additional features • You should get your Certificate in a 1-step process • Versions should be updated transparently • SET infrastructure is expensive ( but for some projects you can use Easy SET alternate root) • Interoperability is not guaranteed • Issuer banks don´t support SET

  6. “Classic” SET Issuing Bank Digital Certificate Digital Wallet (1) Root CA Transaction Information Verification of SET Certificates through the chain of trust Payment Gateway Merchant Server (2) (3) Payment Acquirer or Merchant’s Bank

  7. MIA SET Security Weak Point: End-User Id. + Auth. Security Weak Point:CC Number Transfer Issuing Bank Root CA Transaction Information + Credit Card Number SSL Security Weak Point:CC Number Storage Verification of SET Certificates through the chain of trust Payment Gateway Merchant Server (2) (1) Payment Acquirer or Merchant’s Bank

  8. Easy SET Payment Gateway Safelayer Wallet(500k) Issuing Bank Card Clearing Network Catalog selection and shopping carrt SET Payment CA hosted by Classic Authorisation and Settlement transaction Merchant Storefront Payment Server SET transaction Payment Server and Payment Gateway hosted by

  9. SET Hierarchy Root CA (SET Co) Brand CA (MasterCard, Visa) Geo-Political CA (optional) (only for VISA) Cardholder CA (Banesto) Merchant CA (Banesto) Payment Gateway CA (MasterCard, Banesto in VISA) Payment Gateway Cardholder Merchant Hosted by

  10. Alternate SET Hierarchy Alternate Root CA (Eurociber with Safelayer SW) Brand CA (Private Cards) Geo-Political CA (optional) Cardholder CA (Brand X) Merchant CA (Brand X) Payment Gateway CA (Brand X) Payment Gateway Cardholder Merchant

  11. Classic B2C payment scenario Cards clearing system “Linear” B2C payment scenario Catalog browsing Auth request Secure form Card # is stored in merchant DB

  12. Spanish B2C payment scenario Cards clearing system “Triangular” B2C payment scenario Catalog browsing Payment triangle Secure form Internal secure communication Gateway

  13. Spanish SET payment scenario Cards clearing system Payment Server “Triangular” B2C payment scenario allows transparentSET deployment in the merchant side Catalog browsing Secure form Internal secure communication Wallet allows SET payment with or without certificates SET Gateway

  14. Banesto SET payment scenario Cards clearing system “Easy SET” is a brand in the merchant side and a special RA-wallet communication enhacement to allow easy certificate download Catalog browsing Secure form Internal secure communication Easy SET Wallet allows easy certificate download SET Gateway Payment Server

  15. SET Facil - Easy SET • 1,500 sites SET enabled by end Y2K (most of them at http://www.escaparate.com) • 500 Kb Wallet (Alternate SET root available) • Merchant can be unaware they are SET enabled • 50,000 potential cardholders with SET access • 1-step certificate download • Easy SET Wallet allows remote transparent upgrade • Easy SET Wallet will include ECML extensions to allow automatic form filling (Name, address,...) • Merchant benefits: lower fees, no chargebacks • Cardholder benefit: better security perception

  16. Banesto Easy SET Registration Scenario The bank shows card list to the user in an authenticated internet banking system. User Click on one of then and get inmediatelly the certificate Card selection in Banesto Internet banking service Wake up message redirection Extended wake up message Internal secure communication with card data Easy SET Wallet allows easy certificate download Extended wake-up message includes PAN card number, expiration date and one-time password. The wallet doesn´t need to ask known data to the user and proceeds according to standard SET registration process CA hosted by

  17. SET Registration in the Internet Banking system

  18. Choose the card, click and you are done Several cards

  19. Where to buy: www.escaparate.com

  20. Choose the shop (www.bookonhand.com)

  21. Standard SSL form at Banesto Click to enterSET Portal(www.easy-set.org) - get info - download walet - get certificate Download the wallet You can choose either SET payment,eitherSSL payment

  22. SET form at Banesto When you click on the button you wake up the Easy SET wallet

  23. Wallet wakes up Several users can share the wallet on the same computer

  24. Whatch everything flowing Choose the card with which you want to pay

  25. SET End of transaction

  26. Action Plan • 300 merchants by summer 2000 • 1,500 merchants by end 2000 • 50,000 potential cardholders by summer 2000 • Easy SET downloadable wallet for everybody • Banesto Merchants could allow SET initiated transaction without cardholder certificate (Wallet mandatory) • SET Portal: www.easy-set.org (EasySET demo inside)

  27. Fee arrangement proposal • SET enabled merchants should benefit from SET fees and no-chargeback even for SSL transactions • SSL transactions should not pay fee to issuer • SSL-only merchants should pay the higher fees and suffer chargebacks

  28. More Info about Easy SET • You can get the wallet and try Easy SET in our EasySET Portal • The demo allows you to get the Tiger Card and purchase some goods (sorry, it is a demo and the goods will not be delivered) http://www.easy-set.org

More Related