View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
April 22, 1997updated 05 Sep 2016 12:42pm

SET PROTOCOL LOOKS CERTAIN OF SUCCESS

By CBR Staff Writer

Seeking to address users’ demands for transaction security on the Internet, a consortium of financial and software companies, led by MasterCard International Inc and Visa International Inc, last year proposed a technical specification. The first draft of the Secure Electronic Transaction, SET, protocol was published in June 1996, and the first version should be released in June 1997. But because of the importance of credit card shopping to the suppliers, companies such as IBM Corp, Netscape Communications Corp and Microsoft Corp are already implementing SET.

By Jessica Twentyman

SET members decided that to provide adequate security for Internet transactions, three main issues must be addressed. First, the authenticity of both cardholder and merchant must be established. Second, the integrity of the order data must be maintained across the network. Last, the data must be delivered in such a way that only the intended recipient has access to it. SET is almost guaranteed success. It fulfills all the criteria for a successful standard; it is open, can be easily adopted by any supplier, is consistent with the existing infrastructure for credit card payments, and has the backing of a number of influential participants. Along with MasterCard and Visa, the protocol has already been endorsed by American Express, Discovery and JCB credit card organizations. Furthermore, SET is already being incorporated into ‘merchantware’ products, the server-based software used by traders to support Internet transactions. The backing of these major vendors, say analysts, will help to legitimize the concept of Internet shopping. Unlike the Secure Socket Layer, SSL, security protocol, which is currently supported in products such as Netscape’s Navigator, SET attempts to solve several problems, such as authentication, encryption, and providing a method of linking to settlement systems. The SET protocol has been developed using security systems developed for use in electronic data interchange, EDI, private networks. The first stage of a SET transaction is for the buyer and the seller – the consumer and the merchant – to identify each other.

Trusted third party

This is done using a digital certificate – an encrypted, tamper proof registration number buried in a piece of software. The certificate also contains name, address and other credit details. The certificate is issued by a trusted third party – usually the credit card company, such as MasterCard or Visa. Once installed on a personal computer, or other device, it will be automatically accessible from a browser. Before making a transaction, a user will also have to use a password or PIN number. The encryption technique uses the widely accepted public/private key method. The public key, which can be a long (between 40 and 1,000-bit) number, is what is sent over the Internet and is known as the SET ID. But it is useless unless the recipient also knows the private key, which only the number issuer – credit card company or bank – knows. The merchant never gets to see the credit card number, but simply matches its SET traders number with the SET ID and sends the two numbers off for authentication, for authorization and for settlement. This processing is done by the credit card issuers, which carry out their communication over the secure private networks, such as VisaNet or BankNet. No-one is arguing that SET is absolutely foolproof. Certainly, it is far safer than traditional credit card use.

This article is taken from a longer piece that appeared in the April 1997 edition of our sister publication Computer Business Review.

Content from our partners
Why food manufacturers must pursue greater visibility and agility
How to define an empowered chief data officer
Financial management can be onerous for CFOs, but new tech is helping lighten the load

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU