Intranets are networks built on Internet-based technology that limit access to people within the originating organization and that may or may not link to the external Internet.
Services   Books   About   New   Contact   Home  
> About
> Bio Profile
> Photos
> Resumé
> News
 
> Events
> Public Agenda
 
> Publications
> Articles
> Books
> New
> Presentations
 
> Services
> Consulting
> Executive Ed.
> Associates
 
> Contact

The Business Internet and Intranets:

Extract (10): Glossary of Terms: Secure Electronic Transaction (SET)

Extract's Table of Contents:

Go To Top Secure Electronic Transaction (SET)

Secure Electronic Transaction (SET) The SET protocol provides the full set of message formats and security procedures required for Internet-based transactions among consumers, merchants, and banks, including authentication and assurance of the integrity and privacy of the payment information transmitted. Jointly spearheaded by Visa and MasterCard, SET is intended to solve the problem of consumers' continuing reluctance to use their credit cards on the Internet to purchase goods and services spontaneously from previously unknown providers.

Credit card companies, early on in the Internet revolution, shared and exacerbated consumers' fears about security and liability. Visa, for example, in the days before SET, made the following explicit statement on its Web site:

PLEASE NOTE: Until now there has been no readily available, secure way to prevent fraud or theft when giving out a Visa card number or other sensitive information over an open network, such as the Internet. For this reason, we strongly encourage consumers, merchants, and financial institutions to avoid using Visa card accounts over open networks until there is a secure transaction system in place. 49



The first end-to-end credit-card purchase using the Secure Electronic Transaction (SET) protocol was a thriller: In December 1996, under a pilot program, Carl Christian Aegidius, IBM's Nordic Director; purchased the Stephen King novel Rose Madder, a story about a woman on the run from her husband. 		Translated from cautious officialese to plain language, this statement reads "Don't even think about using your credit card over the Internet when we're ready, we'll let you know."

Today, the SET protocol is being incorporated into several payment options, including digital cash, smart cards, credit cards, debit cards, electronic checks, and more, and Visa now lets consumers know that using a credit card on the Internet is safe. A number of technology vendors offer SET tool-kits that allow companies to incorporate the SET protocol into their own applications.

Visa and MasterCard have jointly issued a statement describing SET's goals and parameters:

SET is a payment protocol designed to protect consumers' bankcard information when they choose to use bankcards to pay for goods and services on the Internet and other open networks. SET does not go beyond that scope or explore areas that are being addressed by the computer industry; specifically, it does not define the shopping or ordering process; it does not define payment method selection such as credit card, check or mail device or operating system. 50

For consumer shopping, SET works like this:

  1. The cardholder fills out a registration form online on the PC screen, responding to requests for basic information such as name, card account number, card expiration date, billing address, and whatever is deemed necessary for authenticating the respondent's identity. Once transmitted, this information is encrypted and securely sent to the computers of the card-issuing financial institution. The issuer verifies that the account is valid and then issues an electronic certificate by adding its digital signature to the applicant's. This certificate will henceforth authenticate the consumer's credit card and can be stored on the consumer's PC for future use.

  2. Merchants similarly register to participate in secure shopping. They simply fill out basic information, including their merchant ID numbers, on a PC screen. The merchant's bank then issues them a digital certificate for the conduct of electronic commerce.

  3. Once consumers have registered and received their digital certificates, they can begin shopping. To verify their identities to customers, merchants present their SET certificates, either by sending a copy to the cardholder by electronic mail or by publishing a copy on the Internet that anyone can easily inspect. After confirming that a merchant has a valid digital certificate, consumers can make their purchases. First, an order is sent electronically to the merchant, who then seeks authorization for the dollar amount of the purchase. After receiving approval, the merchant processes and confirms the order. The whole transaction can take just a few seconds, and after shipping of the product, whether physically or electronically, the purchase is soon in the purchaser's hands.

Uncertainty remains in the marketplace over how SET will coexist with current credit card company business practices. These companies have been accused by some industry analysts and merchants as being slow to adjust to the rapid release cycle of Web-based products. "The security was easy," said a source close to the development. "It's the business problems that have proven to be difficult.'' 51

49.Lynch and Lundquist, Digital Money, 135-136.
 50.Ibid., 136.
 51.Walid Mougayar, Opening Digital Markets: Advanced Strategies for Internet-based Commerce, 1st ed. (Toronto: CYBERManagement, 1996), 184.
Order from: Amazon Order from: Barnes & Noble
 
Books | Contact/Feedback | Forthcoming | Home

(c) 2005 Peter Keen
Web: ceBerg | Graphic Design: Tal Trachtman