Secure Electronic Transactions (SET

Secure Electronic Transactions (SET)

One of the biggest impediments to growth in e-business and e-commerce is the customer’s fear that their credit card information may be intercepted by a third party. This issue has been recognised as a threat to e-business for some time. In 1996 Visa and Mastercard jointly developed the Secure Electronic Transaction (SET) protocol. The SET protocol uses cryptography to provide confidentiality of information, ensure payment integrity, and confirm the authenticity of cardholder and seller. Both buyer and seller in a transaction receive a digital certificate (or key) from a trusted certification authority (CA). In the UK there are a number of certificate authorities including the Post Office (ViaCode) and BT (Trust Wise). Of the commercial certificate authorities, Verisign (www.verisign. com) is the most commonly used. These certificate authorities are essentially trusted third parties. Each certificate is stored in a ‘wallet’ at the relevant machine and the credit card details held within can only be decrypted by the issuing credit card company. The digital certificate confirms the legitimacy of the seller and the provision of digital signatures confirms the legitimacy of the buyer. Combined, these provide a level of trust and security that forms the basis for secure transactions. There have been a number of problems associated with SET that have hampered its use. SET constitutes an additional operational process to an e-commerce transaction. Users are faced with the cost of installing additional software to operate the SET protocol. Users also need to acquire digital certificates and install them on their client machine. This restricts online transactions to one machine per certificate. The development of Smartcards is designed to overcome this barrier to e-commerce. Smartcards are physical rather than virtual cards that can be inserted into a Smartcard reader in any location with an internet connection. Nevertheless, the lack of portability has been a limiting factor in the use of SET. As noted previously, most transactions are conducted under the SSL encryption technique. There is competition between SET and SSL for dominance in the market for secure systems. Sellers have to install SET software on their server. The cost of this may be absorbed by the firm or be passed on to customers in the form of higher prices. Either way it may be deemed a barrier to competitive advantage. Also, it is known that SET is slower than SSL in verifying transactions. SET also requires the issuing of a huge number of certificates and this can prove burdensome. However, one key advantage of SET is that credit card details are not stored on the seller’s server, thereby reducing the risk of fraud. One of the key differences between SET and SSL is the allocation of risk in the transaction process. SET places the onus on the buyer to verify credentials whereas, with SSL, the onus is on the seller to authenticate the buyers’ identity and their ability to pay. This makes SET attractive to sellers because otherwise they run the risk of users simply denying that they have undertaken transactions.