Banesto Easy SET Project Julián Inza Technological Strategy Director 6th of July, 2,000 víspera de San Fermín
Agenda Banesto: early involvement in SET Some criticism to SET SET trends SET flavours (Classic, MIA, Easy) Easy SET project: standard and alternate hierarchies Payment scenarios Banesto Virtual POS and SET in VPOS Wath EasySET working for you Action plan Fee arrangement proposal EasySET portal:
First Spanish SET transaction (with Banesto Virtual Cash Card) Banesto & IBM initiate a SET Trial with Banesto Virtual Cash Card Banesto begin “SET Facil”- “Easy SET” Project 1996 SET Facil adoption ( cardholders, including other banks) virtual shops 1000 virtual shops cardholders SET-Facil Release Initial SET deployment Early involvement in SET
SET Criticism SET is complex Wallets usually weights 4-6 Mb Users need to install software in their PC Certificates are hard to get and take some time Versions are not easily maintained SET infrastructure is expensive Interoperability is not guaranteed Issuer banks don´t support SET
SET Trends SET can be easy (in fact it is easier to use than SSL, once you have the certificate) Light Wallets and Plug-ins for Server Wallets weight under 600Kb Users still need to install software in their PC, but this include additional features You should get your Certificate in a 1-step process Versions should be updated transparently SET infrastructure is expensive ( but for some projects you can use Easy SET alternate root) Interoperability is not guaranteed Issuer banks don´t support SET
“Classic” SET Merchant Server Payment Gateway Payment Acquirer or Merchant’s Bank Issuing Bank Root CA Verification of SET Certificates through the chain of trust Transaction Information Digital Wallet Digital Certificate (2)(3) (1)
Merchant Server Payment Gateway Payment Acquirer or Merchant’s Bank Issuing Bank Root CA Verification of SET Certificates through the chain of trust Transaction Information + Credit Card Number (2) (1) SSL Security Weak Point: End-User Id. + Auth. Security Weak Point: CC Number Storage Security Weak Point: CC Number Transfer MIA SET
Payment Server Payment Gateway Issuing Bank Merchant Storefront Safelayer Wallet (500k) Catalog selection and shopping carrt SET transaction CA hosted by SET Payment Classic Authorisation and Settlement transaction Card Clearing Network Payment Server and Payment Gateway hosted by Easy SET
Root CA (SET Co) Geo-Political CA (optional) (only for VISA) Brand CA (MasterCard, Visa) Merchant CA (Banesto) Cardholder CA (Banesto) Cardholder Payment Gateway CA ( MasterCard, Banesto in VISA) Merchant Payment Gateway SET Hierarchy Hosted by
Alternate Root CA (Eurociber with Safelayer SW) Geo-Political CA (optional) Brand CA (Private Cards) Merchant CA (Brand X) Cardholder CA (Brand X) Cardholder Payment Gateway CA (Brand X) Merchant Payment Gateway Alternate SET Hierarchy
Classic B2C payment scenario Cards clearing system Catalog browsing Secure form Auth request Card # is stored in merchant DB “Linear” B2C payment scenario
Spanish B2C payment scenario Internal secure communication Gateway “Triangular” B2C payment scenario Catalog browsing Secure form Cards clearing system Payment triangle
Spanish SET payment scenario Internal secure communication SET Gateway “Triangular” B2C payment scenario allows transparent SET deployment in the merchant side Catalog browsing Secure form Cards clearing system Payment Server Wallet allows SET payment with or without certificates
Banesto SET payment scenario Internal secure communication SET Gateway “Easy SET” is a brand in the merchant side and a special RA-wallet communication enhacement to allow easy certificate download Catalog browsing Secure form Cards clearing system Payment Server Easy SET Wallet allows easy certificate download
SET Facil - Easy SET 1,500 sites SET enabled by end Y2K (most of them at 500 Kb Wallet (Alternate SET root available) Merchant can be unaware they are SET enabled 50,000 potential cardholders with SET access 1-step certificate download Easy SET Wallet allows remote transparent upgrade Easy SET Wallet will include ECML extensions to allow automatic form filling (Name, address,...) Merchant benefits: lower fees, no chargebacks Cardholder benefit: better security perception
Banesto Easy SET Registration Scenario Internal secure communication with card data The bank shows card list to the user in an authenticated internet banking system. User Click on one of then and get inmediatelly the certificate Card selection in Banesto Internet banking service Extended wake up message Easy SET Wallet allows easy certificate download Wake up message redirection Extended wake-up message includes PAN card number, expiration date and one-time password. The wallet doesn´t need to ask known data to the user and proceeds according to standard SET registration process CA hosted by
SET Registration in the Internet Banking system
Choose the card, click and you are done Several cards
Where to buy:
Choose the shop (
Standard SSL form at Banesto You can choose either SET payment, either SSL payment Download the wallet Click to enter SET Portal ( - get info - download walet - get certificate
When you click on the button you wake up the Easy SET wallet SET form at Banesto
Several users can share the wallet on the same computer Wallet wakes up
Choose the card with which you want to pay Whatch everything flowing
SET End of transaction
Action Plan 300 merchants by summer 2000 1,500 merchants by end 2000 50,000 potential cardholders by summer 2000 Easy SET downloadable wallet for everybody Banesto Merchants could allow SET initiated transaction without cardholder certificate (Wallet mandatory) SET Portal: (EasySET demo inside)
Fee arrangement proposal SET enabled merchants should benefit from SET fees and no-chargeback even for SSL transactions SSL transactions should not pay fee to issuer SSL-only merchants should pay the higher fees and suffer chargebacks
More Info about Easy SET You can get the wallet and try Easy SET in our EasySET Portal The demo allows you to get the Tiger Card and purchase some goods (sorry, it is a demo and the goods will not be delivered)