Secure Electronic Transaction(SET)
SET is an open encryption and security specification designed to protect credit
card transaction on the Internet. The current version, SETv1, emerged from a
call for securtity standards by MasterCard and Visa in February 1996. A wide
range of companies were involved in developing the initial specification
including IBM, Microsoft, Netscape, RSA, Terisa, and Verisign. Beginning in
1996, there have been numerous tests of the concept, and by 1998 the first wave
of SET-compliant products was available. SET is not a payment system. Rather
it is a set of security protocols and formats that enables users to employ the
existing credit card payment infrastructure on an open network, such as the
Internet, in a secure fashion. In essence, SET provides three services:
•Provides a secure communication channel among all parties involved in
a transaction.
•Provides trust by the use of X.509v3 digital cetificates
•Ensures privacy because the information is only available to parties in a
transaction when and where necessary SET is complex specification
defined in three books issued in May of 1997:
•Book1: Business Description
•Book2: Programmer’s Guide
•Book3: Format Protocol Defination
Requirements:
•Provide confidentiality of payment and ordering information
•Ensure the integrity of all transmitted data
•Provide authentication that a cardholder is a legitimate user of a credit
card account
•Provide authentication that a merchant can accept credit card transaction
through its relationships with financial institutions.
•Ensure the use of the best security practices and system design techniques
to protect all legitimate parties in an electronic commerce transaction
•Create a protocol that neither depends on transport security mechanisms
nor prevents their use.
•Facilitate and encourage interoparability among software and network
providers
