Today is the era of information technology. Nowadays online shopping increase in market, use of E-payment gives more important benefits to merchants as well as customers. All online transactions must pass through a Payment Gateway to be processed. In effect, Payment Gateways act as a bridge between the merchant’s website and the financial institutions that process the transaction. Nowadays the payment approaches via the internet and the network has been growing at a furious pace. In this way, the variety of the electronic payment systems consists of a numerous types to achieve a strong level of the security. Electronic payment is the very important step of the electronic business system, and its security must be ensured.
Overview of Secure Electronic Transaction (SET)
The Secure Electronic Transaction protocol also known as SET is a method for providing secure credit card transactions on the Internet. The SET protocol is designed to operate both in real time, as on the World Wide Web, and in a store-and-forward environment, such as e-mail. Furthermore, as an open standard, SET is designed to allow consumers, merchants, and banking software companies to independently develop software for their respective clienteles and to have them interoperate successfully.
However, in order for secure transactions to work, SET must possess the following qualities:
- Confidentiality: others cannot eavesdrop on an exchange.
- Integrity: the messages received are identical to the messages sent.
- Authenticity: you are assured of the persons with whom you are making an exchange.
- Non-Reputability: none of the involved parties can deny that the exchange took place.
With the SET protocol, a transaction has three players: the customer, the merchant and the merchant’s bank. Not only are orders and card numbers sent from the customer to the merchant over the Internet, but also the authorization request sent from the merchant to merchant’s credit card bank is sent over the Internet. The SET protocol has three principle features:
- All sensitive information sent between the three parties is encrypted.
- All three parties are required to authenticate themselves with certificates.
- The merchant never sees the customer’s card number in plaintext.
Secure Electronic Transactions (SET) relies on the science of cryptography – the art of encoding and decoding messages. Cryptography dates back many centuries – even in the time of Julius Caesar, encryption was used to preserve the secrecy of messages. Preserving the secrecy of transactions is no different, though stronger encryption algorithms are used, as well as significantly stronger encryption keys. Encryption advancements have come about through its application by the military, and by advances in computing power and mathematics.
Secure Electronic Transaction Components
Figure 1 shows the Components in the SET system:
Figure 1: Components of Secure Electronic Transaction
- Cardholder:In the electronic environment, consumers and corporate purchasers interact with merchants from personal computers over the Internet. A cardholder is an authorized holder of a payment card (MasterCard, Visa, and so on) that has been issued by an issuer.
- Merchant:A merchant is a person or organization with goods or services to sell to the cardholder. Typically, these goods or services are offered via a web site or by electronic mail. A merchant that accepts payment cards must have a relationship with an acquirer.
- Issuer:This is a financial institution, such as a bank, that provides the cardholder with the payment card. Typically, accounts are applied for and opened by mail or in person. Ultimately, the issuer is responsible for the payment of the debt of the cardholder.
- Acquirer:This is a financial institution that establishes an account with a merchant and processes payment card authorizations and payments. Merchants will usually accept more than one credit card brand but don’t want to deal with multiple bankcard associations or with multiple individual issuers. The acquirer provides authorization to the merchant that a given card account is active and that the proposed purchase does not exceed the credit limit. The acquirer also provides electronic transfer of payments to the merchant’s account. Subsequently, the acquirer is reimbursed by the issuer over some sort of payment network for electronic funds transfer.
- Payment Gateway:This is a function operated by the acquirer or a designated third party that processes merchant payment messages. The payment gateway interfaces between SET and the existing bankcard payment networks for authorization and payment functions. The merchant exchanges SET messages with the payment gateway over the Internet, while the payment gateway has some direct or network connection to the acquirer’s financial processing system.
- Certification Authority (CA):This is an entity that is trusted to issue X.509v3 public-key certificates for cardholders, merchants, and payment gateways. The success of SET will depend on the existence of a CA infrastructure available for this purpose. A hierarchy of CAs is used, so that participants need not be directly certified by a root authority.
 Siamak Solat, “Security of Electronic Payment Systems: A Comprehensive Survey”, arXiv preprint arXiv: 1701.04556 (2017).
 “Secure Electronic Transaction Protocol”, available online at: http://www.eecg.toronto.edu/~jacobsen/courses/sec/cache/set-resources.html
 Houssam El Ismaili, Hanane Houmani and Hicham Madroumi, “A Secure Electronic Transaction Payment Protocol Design and Implementation”, (IJACSA) International Journal of Advanced Computer Science and Applications, Volume 5, Number 5, 2014
 William Stallings, “Introduction to Secure Electronic Transaction (SET)”, available online at: http://www.informit.com/articles/article.aspx?p=26857&seqNum=3