Ecommerce Implementation  «Prev  Next»
Lesson 11 SET protocol
ObjectiveDescribe the SET protocol.

SET protocol (Description)

Created by Visa and MasterCard specifically for the use in financial transactions, the SET protocol requires that all participants have certificates for identification. In the SET protocol, the merchant never sees the credit card number because the information is encrypted for the merchant's bank only. In a SET, the software components required by the various participants are:
  1. Card holder wallet application
  2. Merchant SET point-of-sale software
  3. Payment gateway software
  4. CA software
SET supports activities such as credits, returning of goods, reverse authorizations, and chargebacks.

Concept of Trust Chaining used in ecommerce

The concept of "Trust Chaining" in ecommerce involves establishing a chain of trust through various means like certifications, third-party validations, or user reviews to enhance the credibility of transactions or platforms. Here's how it's generally applied:
  • Certifications and Badges: Websites often display security badges (like SSL certificates) or affiliations with well-known organizations to assure users of their legitimacy and security.
  • User Reviews and Ratings: Products or services accumulate trust through positive reviews and high ratings from a large number of users, which can influence potential buyers' decisions.
  • Third-party Verifications: Services like VeriSign or TRUSTe provide seals that businesses can display to show they meet certain standards of privacy or security.
  • Social Proof: Endorsements from influencers, media mentions, or partnerships with established brands can also form part of a trust chain.

As of my latest updates, these methods are still very much in use in ecommerce, adapting to new technologies and consumer behaviors:
  • Blockchain and Cryptocurrency: Trust chaining has evolved with blockchain technology where trust is decentralized. For instance, smart contracts automatically enforce trust by executing agreements when conditions are met without needing a central authority.
  • AI and Machine Learning: These technologies are used to analyze patterns in user behavior, detect fraud, or personalize experiences, thereby building trust through tailored security and service.
  • Privacy Concerns: With increasing awareness of data privacy, trust chains now also include how well companies protect user data, with GDPR compliance or similar privacy laws playing a significant role.

Trust chaining

SET uses the concept of trust chaining[1] . All the parties trust each other and can exchange information with each other. What is more, each party in the transaction processes only that information that directly concerns it. For example, the merchant never learns the credit card number of the client. The merchant simply trusts the merchant bank to inform it that the bank authorized the transaction. One of the important differences between a SET and other e-commerce transactions that occur in the United States is that SET provides for the use of an acquirer to verify the card holder's credit card instantly. The Slide Show below is an abbreviated presentation of a SET.

Cardholder Merchant Transaction

1) Set Transaction1
1) Cardholder indicates to merchant a willingness to make a credit card procedure.

2) Set Transaction2
2) Merchant sends the buyer an invoice, his certificate, and the certificate of his bank (i.e. the issuer).
These are encrypted and with CA's private key.

3) Set Transaction3
3) Cardholder uses CA's public key to decrypt the information.

4) Set Transaction4
4) Cardholder generates order information and sends to merchant (encrypted with the merchant's public key)

5) Set Transaction5
5) Merchant generates authorization request and sends it to his acquirer (encrypted with the banks public key)

6) Set Transaction6
6) Merchant's bank sends a request for payment authorization from the issuer through the acquirer or traditional bank card channels.

7) Set Transaction7
7) The acquirer sends a settlement response to the merchant's bank after receiving a response from the issuer (cardholder's bank)

8) Set Transaction8
8) Once the cardholder's bank authorizes payment, the merchant's bank sends a response to the merchant (encrypted using the merchant's public key). This response includes the transaction identifier. This completes the transaction

Order Steps Set - Exercise

Click the Exercise link below to review the steps required in a SET.
Order Steps Set - Exercise

Set Protocol - Exercise

Click the Exercise link below to complete the course project for this module. You will create and certify a certificate to enable SSL encryption.
Set Protocol - Exercise
The next lesson concludes this module.

[1] Trust chaining: The ability for businesses to work together and process only that information they need. Each business along the chain must trust the other implicitly for the entire process to work.

SEMrush Software 11 SEMrush Banner 11