An electronic payment system is a way of making transactions or paying for goods and services through an electronic medium, without the use of checks or cash. It’s also called an electronic payment system or online payment system.
What Is Secure Electronic Transaction (SET)?
Secure electronic transaction (SET) was an early communications protocol used by e-commerce websites to secure electronic debit and credit card payments. Secure electronic transaction was used to facilitate the secure transmission of consumer card information via electronic portals on the Internet. Secure electronic transaction protocols were responsible for blocking out the personal details of card information, thus preventing merchants, hackers, and electronic thieves from accessing consumer information.
General scenario of electronic transaction
Participants in Secure Electronic Transaction(SET)
In the general scenario of online transaction, SET includes the following participants:
- Cardholder – customer
- Issuer – customer financial institution
- Acquirer – Merchant financial
- Certificate authority – Authority which follows certain standards and issues certificates(like X.509V3) to all other participants.
Requirements in SET
SET protocol has some requirements to meet, some of the important requirements are :
It has to provide mutual authentication i.e., customer (or cardholder) authentication by confirming if the customer is intended user or not and merchant authentication.
It has to keep the PI (Payment Information) and OI (Order Information) confidential by appropriate encryptions.
It has to be resistive against message modifications i.e., no changes should be allowed in the content being transmitted.
SET also needs to provide interoperability and make use of best security mechanisms.
- Merchant Authentication – To prevent theft, SET allows customers to check previous relationships between merchant and financial institution. Standard X.509V3 certificates are used for this verification.
- Customer / Cardholder Authentication – SET checks if use of credit card is done by an authorized user or not using X.509V3 certificates.
Provide Message Confidentiality : Confidentiality refers to preventing unintended people from reading the message being transferred. SET implements confidentiality by using encryption techniques. Traditionally DES is used for encryption purpose.
Provide Message Integrity : SET doesn’t allow message modification with the help of signatures. Messages are protected against unauthorized modification using RSA digital signatures with SHA-1 and some using HMAC with SHA-1
How Secure Electronic Transaction Works?
Step 1: Customer Open an Account: The customer opens a credit card account like a master card or visa with a bank i.e. issuer that supports electronic payment transactions and the secure electronic transaction protocol.
Step 2: Customer Receive a Certificate: Once the customer identity is verified (Verification can be done by using a passport, business documents or other documents), it receives a digital certificate which is issued by CA (Certificate Authority). This certificate contains customer details like name, public key, expiry date, certificate number, etc.
Step 3: Merchant Receives a Certificate: The merchant who wants to accept certain brands of a credit card must process a digital certificate for trustworthiness.
Step 4: Customer Place an Order It is a shopping cart process, where customers borrowed an item from the available list, can search the specific item according to requirements, and place the order. Once the customer places the orders, the merchant in return sends the details of the order such as a list of items selected, their quantity and price, total bill, etc. to maintain a record of order at the customer site.
Step 5: Merchant is Verified: Merchant also sends a digital certificate to the customer to ensues the customers that he or she is dealing with an authorized or valid merchant.
Step 6: The Order and Payment Details Are Sent: Along with the customer’s digital certificate customer also sends an order and payment details to the merchant. The order part is used to confirm the transaction with the reference of items that are mentioned in the order form. The payment part contains the credit card( master card or visa) details. This payment information is in encrypted form, even merchant cannot read it. The customer certificate ensures the merchant of a customer’s identity.
Step 7: Merchant Requests Payment Authorization: Once the merchant gets the payment details from the customer, it transfers it to the payment gateway via the acquirer and requests the payment gateway to authorize the payment details. This process ensures start the customer credit card is valid and the credit limit is not breached.
Step 8: Payment Gateway Authorizes the Payment: Using the credit card information which is received from the merchant, payment gateway cross verify the credit card of the customer with the help of the issuer. Based on the verification result, it either authorizes the payment or rejects the payment.
Step 9: Merchant Confirm the Order: Assuming that the payment gateway authorizes the payment, merchants send confirmation of order to the customer.
Step 10: Merchant Provides a Goods and Services: Now the merchant provides goods and services according to the customer’s order.
Step 11: Merchant Request Payment: The merchant sends a request to the payment gateway for making payment. After that, payment gateway interacts with various financial organizations such as issuer, acquirer and the clearinghouse to effect the payment from the customer’s account to the merchant’s account.