SET Protocol

Secure Electronic Transaction (SET) was a communications protocol standard for securing credit card transactions over insecure networks, specifically, the Internet. SET was not itself apayment system, but rather a set of security protocols and formats that enabled users to employ the existing credit card payment infrastructure on an open network in a secure fashion. However, it failed to gain attraction in the market. VISA now promotes the 3-D Secure scheme.

Transactions over a commerce server are attractive to the customer for two reasons:

1. The customer's card number is encrypted, so that a third party cannot acquire it by sniffing the Internet.
2. The merchant is required to send the customer a certificate, which can be used to authenticate the merchant.

With the basic commerce server, once the merchant receives the customer's card number, the merchant performs an authorization request by traditional means.

The SET  (Secure Electronic Transactions) protocol provides several interesting features in addition to the above two. Moreover, it is endorsed by VISA and MasterCard, and therefore has an excellent chance at playing a central role in Internet commerce.

With the SET protocol, a transaction has three players: the customer, the merchant and the merchant's bank. Not only are orders and card numbers sent from the customer to the merchant over the Internet, but also the authorization request sent from the merchant to merchant's credit card bank is sent over the Internet. The SET protocol has three principle features:

1. All sensitive information sent between the three parties is encrypted.
2. All three parties are required to authenticate themselves with certificates.
3. The merchant never sees the customer's card number in plaintext.

This last feature actually makes Internet commerce more secure than traditional credit card transactions, such as credit card transactions over the phone. Indeed, if you were to order a sweater over the phone, you would leave your card number with the merchant. Someone working for the merchant could then obtain your card number and make purchases at your expense. But with the SET protocol, only the merchant's bank gets to see the card number in plaintext.

In what follows, we give a highly simplified description of the SET protocol. In reality, the protocol is substantially more complex. If you would like a more in-depth description of the SET functions please choose one of the two following links:

1. The Steps required to make a SET Credit Card Purchase -- This site lists a more comprehensive list of steps focusing SET to purchase over the Internet.
2. SET Specifications -- This site allows you to download the literature that Visa & Mastercard have made available on SET. The Business Specifications are easiest to read and understand and will give you the most in-depth description of a large variety of functions of SET.