SET – Secure Electronic Transaction Setting The Stage For Safe Internet Shopping -Jignesh Shah- -Riyaz Malbari-
History/Background: - Internet shopping didn’t quite pick up as consumers considered financial transactions over the internet, unsafe - Lacks the one on one transaction feeling. - Visa & MC came up with the idea what we call as SET.
Advantages: - Privacy: Uses 1024 bit public key cryptography which renders the intercepted message unreadable ! - Integrity: Hashing & signing ensures message sent is unaltered. - Authentication: Uses digital certificates to ensure the parties are really who they claim to be.
How SET Works: Components: Cardholder Merchant Acquirer Gateway Certification Authority
Merchant’s Cardholder’s Bank Bank 1. Cardholder initializes purchase 2. Merchant verifies funds 3. Acquirer authorizes purchase & Verifies merchant’s certificate 5. Requests payment 4. Order is confirmed 6. Makes transfers & provides payment to merchant
How safe is SET? -Uses 1024–bit cipher keys, making it one of the strongest encryption applications. -If we use 100 computers each processing 10 MIPS, it would take 2.8 x years to break just ONE encrypted message !!!! Source:
SET versus SSL -SET was developed specifically for payment transaction. SSL simply encrypts the communication channel between cardholder & merchant website and its not backed by any financial institution. - Compare 128-bit encryption with that to SET !
SET versus SSL: -SET also authenticates each participant as its backed by CA & financial institutions. -SET provides security throughout the entire transaction process. SSL provides security only between cardholder and merchant.
Concept of Dual Signature : AliceBob Bank
Certificate Issuance: Electronic representation of payment card/brand Must be approved by the Acquirer gateway
Payment Processing : Cardholder registeration Merchant registeration Purchase request Payment authorisation Payment capture
Drawbacks: Slow Expensive Not portable
References:
THANK YOU !!!