UNIT-4

Web security: Requirement, Secure socket layer, Transport layer Security

and Secure electronic transaction

SET( Secure Electronic Transaction) Secure Electronic Transaction (SET) is a communications protocol standard for securing credit card transactions over networks, specifically, the Internet. SET was not itself a payment system, but rather a set of security protocols and formats that enabled users to employ the existing credit card payment infrastructure on an open network in a secure fashion. However, it failed to gain attraction in the market. Visa now promotes the 3-D Secure scheme.

Secure Electronic Transaction (SET) is a system for ensuring the security of financial transactions on the Internet. It was supported initially by Mastercard, Visa, Microsoft, Netscape, and others. With SET, a user is given an electronic wallet (digital certificate) and a transaction is conducted and verified using a combination of digital certificates and digital signatures among the purchaser, a merchant, and the purchaser's bank in a way that ensures privacy and confidentiality

Key features: To meet the business requirements, SET incorporates the following features:

Confidentiality of information

Integrity of data

Cardholder account authentication

Merchant authentication

Participants: A SET system includes the following participants:

Cardholder

Merchant ( A merchant is a person who trades in commodities produced by other people)

Issuer( An issuing bank is a bank that offers card association branded payment cards directly to consumers, such as credit cards, debit cards and prepaid cards. The name is derived from the practice of issuing cards to a consumer)

Acquirer (An acquiring bank (also known simply as an acquirer) is a bank or financial institution that processes credit or debit card payments on behalf of a merchant.[1] The acquirer allows merchants to accept credit card payments from the card-issuing banks within an association. The best-known (credit) card associations are Visa, MasterCard, Discover, China UnionPay, American Express, Diners Club, Japan Credit Bureau and Indian Rupay. )

Payment gateway ( A payment gateway is a merchant service provided by an e-commerce application service provider that authorizes credit card or direct payments processing for e-businesses, online retailers, )

Certification authority ( In cryptography, a certificate authority or certification authority (CA) is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others (relying parties) to rely upon signatures or on assertions made about the private key that corresponds to the certified public key. A CA acts as a trusted third party—trusted both by the subject (owner) of the certificate and by the party relying upon the certificate. The format of these certificates is specified by the X.509 standard.)

How it works:

Both cardholders and merchants must register with the CA (certificate authority) first, before they can buy or sell on the Internet. Once registration is done, cardholder and merchant can start to do transactions, which involve nine basic steps in this protocol, which is simplified.

1. Customer browses the website and decides on what to purchase

2. Customer sends order and payment information, which includes two parts in one message:

a. Purchase order – this part is for merchant

b. Card information – this part is for merchant’s bank only.

3. Merchant forwards card information (part b) to their bank

4. Merchant’s bank checks with the issuer for payment authorization

5. Issuer sends authorization to the merchant’s bank

6. Merchant’s bank sends authorization to the merchant

7. Merchant completes the order and sends confirmation to the customer

8. Merchant captures the transaction from their bank

9. Issuer prints credit card bill (invoice) to the customer