The SET or Secure electronic transaction protocol is a security measure implemented on eCommerce platforms to protect electronic payment data over a specific network.
As eCommerce refers to buying and selling goods and services over the internet, the SET protocol is crucial for ensuring a safe and secure online transaction environment for all parties involved.
But what is a secure electronic transaction protocol exactly? The following section explains the SET protocol’s function in protecting electronic payment data.
What is Secure Electronic Transactions Protocol?
SET is a protocol that ensures the security and integrity of online transactions. Initially adopted by e-commerce websites, SET was designed to secure electronic payments surrounding debit and credit cards.
Furthermore, merchants cannot view personal details transferred to your credit company for verification and authentication. SET isn’t a gateway or payment system. Still, it is a set of protocols that utilize Public Key Infrastructure (PKI) elements to address privacy, authenticity, and security concerns in e-commerce.
Its primary goal is to protect debit or credit card transactions that take place online, offering a secure and confidential environment for all parties involved in the transaction, including customers and merchants.
SET also authenticates users through digital certificates. The development of SET was sparked by the rise of e-commerce and was jointly designed by Visa and Mastercard to secure browsers for transactions.
The protocol was later supported by various organizations, including technology firms such as Microsoft and IBM and companies such as Verisign, specializing in internet services and network infrastructure.
Additionally, web services firm Netscape also played a role in SET’s development, with Microsoft providing the STT and Netscape contributing to the SSL technology.
Key Takeaways for SET
- Secure Electronic Transaction (SET) is a protocol that started in 1996 to secure credit card and electronic debit payments made on e-commerce websites
- SET allows merchants to verify customers’ card information without seeing it, providing an added layer of security to protect customers against hacking, account theft, and other illegal activities
- Other security protocols for credit card and online debit transactions emerged after SET was first developed in the 1990s
- Visa was one of the first companies to adopt a standard of protocols called the 3-D Secure, which first developed in different forms by Discover, Mastercard, and American Express
How Does Secure Electronic Transactions Protocol Work?
Secure Electronic Transaction (SET) protocols are designed to provide secure electronic access to funds from a bank account or credit line. Each time an electronic purchase is made, an encrypted certificate is made for the merchant, financial institution, or customer.
This certificate comes with matching digital keys used to verify the transaction and confirm the certificate’s authenticity.
SET algorithms ensure that only authorized participants with the key can confirm the transaction, providing an additional layer of security to protect customers’ card details from potentially malicious online actors.
This added security measure helps to prevent unauthorized access to sensitive information and ultimately protects the privacy and financial information of the customers.
SET is a system developed to provide secure and confidential transactions for all parties involved in the e-commerce transaction, including the customer and merchant.
History of SET Protocol
The emergence of e-commerce in the mid-1990s, particularly consumer-driven online purchases, led to the development of secure electronic transaction protocols.
As conducting business on the internet was a relatively new concept, the security measures free to protect the transactions were still evolving and had varying levels of effectiveness.
The protocols established by SET standards enabled payment systems to be utilized by financial institutions and retailers, as they had the necessary software to securely process and decrypt digital transactions.
In 1996, a group comprising VISA and Mastercard, along with IBM, GTE, Microsoft, Netscape, RSA, Terisa Systems, and VeriSign, aimed to merge incompatible protocols into one standard.
Subsequently, other security protocols for online credit and debit card transactions emerged. As an early advocate of SET, Visa eventually adopted a new protocol that is called 3-D Secure for secure digital payments and commerce of its customers.
Based on extensible markup language (XML), this protocol is designed to provide a security layer for online debit and credit card transactions.
Secure Electronic Transactions Protocol Architecture
The SET protocol was created to address the security gaps in SSL and Transport Layer Security (TLS) in protecting sensitive consumer data.
It achieves this by utilizing 56-bit session long keys, which are transmitted asymmetrically, as well as symmetric Data Encryption Standard (DES) encryption and Public Key Infrastructure (PKI) for key management.
SET’s Digital Wallet
When a customer enters a password to activate their digital wallet, SET initiates self-authentication before the payment.
After self-authentication, the customer’s device (mobile phone, tablet, or computer) sends the purchase and payment details to the merchant. Once the customer is authenticated, and the merchant is notified, the issuer communicates payment authorization to the acquirer.
SET’s Dual Signatures
SET employs digital signatures to achieve card authentication. Each time a customer initiates a transaction electronically, an encrypted digital signature is generated for the merchant, customer, and associated financial institutions.
SET’s Digital Certificates
By manipulating transactional information, digital certificates authenticate the customer and merchant’s identities to reduce the risk of fraud.
Typically, the Certificate Authority (CA) assigns digital certificates to the card issuer or other associated financial institution, meaning both the acquirer and the issuer are involved in implementing digital certificates.
Conclusion
Secure Electronic Transactions (SET) protocol is designed to secure electronic debit and credit card payments made on e-commerce websites.
Developed in the mid-1990s in response to the rise of e-commerce, SET uses digital certificates, encryption, and Public Key Infrastructure (PKI) to provide a secure and confidential environment for all parties involved in the transaction, including customers and merchants.
SET’s main objective is to protect credit/debit card transactions as they take place online, preventing unauthorized access to sensitive information and ultimately protecting customers’ privacy and financial information.
SET protocol filled the gap left by SSL and Transport Layer Security (TLS) concerning securing sensitive consumer data. SET’s digital wallet, dual signatures, and digital certificates all work together to achieve card authentication and reduce the risk of fraud. E-commerce websites initially adopted SET, but other security protocols later emerged.
