Secure Electronic Transaction

Here's how SET works:

Assume that a customer has a SET-enabled browser such as Netscape or Microsoft's Internet Explorer and that the transaction provider (bank, store, etc.) has a SET-enabled server.

1. The customer opens a Mastercard or Visa bank account. Any issuer of a credit card is some kind of bank.
2. The customer receives a digital certificate. This electronic file functions as a credit card for online purchases or other transactions. It includes a public key with an expiration date. It has been through a digital switch to the bank to ensure its validity.
3. Third-party merchants also receive certificates from the bank. These certificates include the merchant's public key and the bank's public key.
4. The customer places an order over a Web page, by phone, or some other means.
5. The customer's browser receives and confirms from the merchant's certificate that the merchant is valid.
6. The browser sends the order information. This message is encrypted with the merchant's public key, the payment information, which is encrypted with the bank's public key (which can't be read by the merchant), and information that ensures the payment can only be used with this particular order.
7. The merchant verifies the customer by checking the digital signature on the customer's certificate. This may be done by referring the certificate to the bank or to a third-party verifier.
8. The merchant sends the order message along to the bank. This includes the bank's public key, the customer's payment information (which the merchant can't decode), and the merchant's certificate.
9. The bank verifies the merchant and the message. The bank uses the digital signature on the certificate with the message and verifies the payment part of the message.
10. The bank digitally signs and sends authorization to the merchant, who can then fill the order.

Read more about Secure Electronic Transaction: - SearchCIO provides "Best Web Links" to information about SET. - Trintech is a major provider of services based on SET. - SearchSecurity provides "Best Web Links" to more about "Securing Transactions and E-Commerce."

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Protecting third party processes on all levels Financial firms have numerous third party partnerships, but these partnerships come with security risks. Compliance expert Richard Mackey explains how... Case study: How outsourcing services enable PCI DSS compliance Qualified Security Assessor Spyro Malspinas recounts his consulting experience with ACME and explains how a decision to outsource can lead to some... SAML ratification enables vendor interoperability Ratification of the Security Assertion Markup Language (SAML) opens the door for vendors to begin developing and shipping products that support the...

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary CTCI (Computer-to-computer interface)  (SearchFinancialSecurity.com) Computer-to-computer interface (CTCI) is a digital communications protocol that allows customers of the NASDAQ (National Association of Securities... DROP (delivery of real-time execution information protocol)  (SearchFinancialSecurity.com) DROP (delivery of real-time execution information protocol) is a feature of various NASDAQ (National Association of Securities Dealers Automated...