SlideShare a Scribd company logo

Secure electronic transactions (SET)

Download as PPT, PDF
Omar Ghazi, profile picture
Omar Ghazi

Secure Electronic Transaction (SET) is an open encryption and security specification designed to protect credit card transactions on the Internet. It provides confidentiality, integrity, authentication of cardholders and merchants, and uses public key infrastructure. SET involves certificates, dual signatures to link orders and payments, purchase requests from customers to merchants to payment gateways for authorization, and capture of funds transfer. The payment gateway verifies all parties and encrypts/decrypts information before authorization and funds transfer.

Education
1 of 22
Downloaded 107 times
1
2
3
4
Most read
5
Most read
6
7
8
9
10
11
12
Most read
13
14
15
16
17
18
19
20
21
22
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Omar Ghazi
Secure Electronic Transaction (SET)
Agenda -Introduction for Secure Electronic Transaction (SET( ? -Requirement for SET -Key Features of SET -SET components -SET Transaction -Dual Signature -Purchase Request -Payment Gateway Authorization -Payment Capture -Reference
Secure Electronic Transaction (SET( SET is an open encryption and security specification designed to protect credit card transactions on the Internet. The current version, SETv1, emerged from a call for security standards by MasterCard and Visa in February 1996. A wide range of companies were involved in developing the initial specification, including IBM, Microsoft, Netscape, RSA, Terisa, and Verisign. Beginning in 1996, there have been numerous tests of the concept, and by 1998 the first wave of SET-compliant products was available. SET is not itself a payment system. Rather it is a set of security formats and protocols like (Secure Sockets Layer (SSL(, Microsoft's Secure Transaction Technology (STT(, and Secure Hypertext Transfer Protocol (S- HTTP(. SET uses so me but not all aspects of a public key infrastructure (PKI( (that enables users to employ the existing credit card payment infrastructure on an open network, such as the Internet, in a secure fashion. In essence, SET provides three services:
Secure Electronic Transactions (SET( (Cont’d(. -Provides a secure communications amongst parties. -Provides trust by the use of X.509v3 digital certificates. -Ensures privacy the restricted info to those who need it.
Requirement for SET -Provide confidentiality of payment and ordering information -Ensure the integrity of all transmitted data -Provide authentication that a cardholder is a legitimate user of a credit card account -Provide authentication that a merchant can accept credit card transactions through its relationship with a financial institution -Ensure the use of the best security practices and system design techniques to protect all legitimate parties in an electronic commerce transaction -Create a protocol that neither depends on transport security mechanisms nor prevents their use -Facilitate and encourage interoperability among software and network providers
Key Features of SET  Confidentiality of information  Integrity of data  Cardholder account authentication  Merchant authentication
SET Components
SET Transaction We now look at some of the cryptographic details describe the sequence of events that are required for a transaction. 1.The customer opens an account. The customer obtains a credit card account, such as MasterCard or Visa, with a bank that supports electronic payment and SET. 2.The customer receives a certificate. After suitable verification of identity, the customer receives an X.509v3 digital certificate, which is signed by the bank. The certificate verifies the customer's RSA public key and its expiration date. It also establishes a relationship, guaranteed by the bank, between the customer's key pair and his or her credit card. 3.Merchants have their own certificates. A merchant who accepts a certain brand of card must be in possession of two certificates for two public keys owned by the merchant: one for signing messages, and one for key exchange. The merchant also needs a copy of the payment gateway's public-key certificate. 4.The customer places an order. This is a process that may involve the customer first browsing through the merchant's Web site to select items and determine the price. The customer then sends a list of the items to be purchased to the merchant, who returns an order form containing the list of items, their price, a total price, and an order number. 5.The merchant is verified. In addition to the order form, the merchant sends a copy of its certificate, so that the customer can verify that he or she is dealing with a valid store.
SET Transaction(Cont’d(. 6.The order and payment are sent. The customer sends both order and payment information to the merchant, along with the customer's certificate. The order confirms the purchase of the items in the order form. The payment contains credit card details. The payment information is encrypted in such a way that it cannot be read by the merchant. The customer's certificate enables the merchant to verify the customer. 7.The merchant requests payment authorization. The merchant sends the payment information to the payment gateway, requesting authorization that the customer's available credit is sufficient for this purchase. 8.The merchant confirms the order. The merchant sends confirmation of the order to the customer. 9.The merchant provides the goods or service. The merchant ships the goods or provides the service to the customer. 10.The merchant requests payment. This request is sent to the payment gateway, which handles all of the payment processing.
Dual Signature Dual Signature: The purpose of the dual signature is to link two messages that are intended for two different recipients. In this case, the customer wants to send the order information (OI) to the merchant and the payment information (PI) to the bank. The merchant does not need to know the customer's credit card number, and the bank does not need to know the details of the customer's order. The customer is afforded extra protection in terms of privacy by keeping these two items separate. However, the two items must be linked in a way that can be used to resolve disputes if necessary. The link is needed so that the customer can prove that this payment is intended for this order and not for some other goods or service.
Construction of Dual Signature
Purchase Request Before the Purchase Request exchange begins, the cardholder has completed browsing, selecting, and ordering. The end of this preliminary phase occurs when the merchant sends a completed order form to the customer. All of the preceding occurs without the use of SET. The purchase request exchange consists of four messages: -Initiate Request. -Initiate Response. -Purchase Request. -Purchase Response.
Purchase Request – Customer
Purchase Request – Customer The cardholder prepares the Purchase Request message and generates a one- time symmetric encryption key, Ks. The message includes the following: 1. Purchase-related information. This information will be forwarded to the payment gateway by the merchant and consists of - The PI - The dual signature, calculated over the PI and OI, signed with the customer's private signature key - The OI message digest (OIMD) The (OIMD) is needed for the payment gateway to verify the dual signature, as explained previously. All of these items are encrypted with Ks. The final item is - The digital envelope. This is formed by encrypting Ks with the payment gateway's public key-exchange key. It is called a digital envelope because this envelope must be opened (decrypted) before the other items listed previously can be read. The value of Ks is not made available to the merchant. Therefore, the merchant cannot read any of this payment-related information.
Purchase Request – Merchant
Purchase Request – Merchant When the merchant receives the Purchase Request message, it performs the following actions 1. Verifies the cardholder certificates by means of its Certification authority (CA) signatures. 2. Verifies the dual signature using the customer's public signature key. This ensures that the order has not been tampered with in transit and that it was signed using the cardholder's private signature key. 3. Processes the order and forwards the payment information to the payment gateway for authorization (described later). 4. Sends a purchase response to the cardholder.
Payment Gateway Authorization The payment authorization ensures that the transaction was approved by the issuer. This authorization guarantees that the merchant will receive payment; the merchant can therefore provide the services or goods to the customer. The payment gateway performs the following tasks: 1.verifies all certificates 2.decrypts digital envelope of authorization block to obtain symmetric key & then decrypts authorization block 3.verifies merchant's signature on authorization block 4.decrypts digital envelope of payment block to obtain symmetric key & then decrypts payment block
Payment Gateway Authorization(Cont’d(. 5. verifies dual signature on payment block 6. verifies that transaction ID received from merchant matches that in PI received (indirectly) from customer 7. requests & receives an authorization from issuer 8. sends authorization response back to merchant
Payment Capture • merchant sends payment gateway a payment capture request • gateway checks request • then causes funds to be transferred to merchants account • notifies merchant using capture response
Reference • Stallings, William. Cryptography and network security: principles and practices. Pearson Education India, 2006. • LI, Yang; WANG, Yun. Secure Electronic Transaction (SET protocol). 2014. • http://searchfinancialsecurity.techtarget.com/definition • https://en.wikipedia.org/wiki/Secure_Electronic_Transa
Secure electronic transactions (SET)

More Related Content

PPT
Set Secure Electronic Transaction (SET)
Suraj Dhalwar
 
PPTX
SSL
Badrul Alam bulon
 
PDF
symmetric key encryption algorithms
Rashmi Burugupalli
 
PDF
Classical encryption techniques
Dr.Florence Dayana
 
PPTX
Rc4
Amjad Rehman
 
PPTX
online restraunt ..buisness plan
Anirban Mazumdar
 
PPTX
Restaurant Business Plan
Samrat Alam
 
PPTX
business plan
Arushi Yashi
 
Set Secure Electronic Transaction (SET)
Suraj Dhalwar
 
SSL
Badrul Alam bulon
 
symmetric key encryption algorithms
Rashmi Burugupalli
 
Classical encryption techniques
Dr.Florence Dayana
 
Rc4
Amjad Rehman
 
online restraunt ..buisness plan
Anirban Mazumdar
 
Restaurant Business Plan
Samrat Alam
 
business plan
Arushi Yashi
 

What's hot (20)

PPTX
Email security
Baliram Yadav
 
PPTX
Hash Function
Siddharth Srivastava
 
PPTX
5. message authentication and hash function
Chirag Patel
 
PDF
Web Security
Dr.Florence Dayana
 
PPT
Message Authentication Code & HMAC
Krishna Gehlot
 
PDF
Email security presentation
SubhradeepMaji
 
PDF
Network security - OSI Security Architecture
BharathiKrishna6
 
PPTX
Types of firewall
Pina Parmar
 
PPTX
Kerberos
Rahul Pundir
 
PPT
Email Security : PGP & SMIME
Rohit Soni
 
PPT
X.509 Certificates
Sou Jana
 
PPTX
Symmetric and asymmetric key cryptography
MONIRUL ISLAM
 
PPT
secure electronics transaction
Harsh Mehta
 
PPT
Digital Signature
saurav5884
 
PPT
Pretty good privacy
Pushkar Dutt
 
PPT
Email security
Indrajit Sreemany
 
PDF
Intruders
Dr.Florence Dayana
 
PPTX
Authentication(pswrd,token,certificate,biometric)
Ali Raw
 
PPTX
public key infrastructure
vimal kumar
 
PDF
Electronic mail security
Dr.Florence Dayana
 
Email security
Baliram Yadav
 
Hash Function
Siddharth Srivastava
 
5. message authentication and hash function
Chirag Patel
 
Web Security
Dr.Florence Dayana
 
Message Authentication Code & HMAC
Krishna Gehlot
 
Email security presentation
SubhradeepMaji
 
Network security - OSI Security Architecture
BharathiKrishna6
 
Types of firewall
Pina Parmar
 
Kerberos
Rahul Pundir
 
Email Security : PGP & SMIME
Rohit Soni
 
X.509 Certificates
Sou Jana
 
Symmetric and asymmetric key cryptography
MONIRUL ISLAM
 
secure electronics transaction
Harsh Mehta
 
Digital Signature
saurav5884
 
Pretty good privacy
Pushkar Dutt
 
Email security
Indrajit Sreemany
 
Intruders
Dr.Florence Dayana
 
Authentication(pswrd,token,certificate,biometric)
Ali Raw
 
public key infrastructure
vimal kumar
 
Electronic mail security
Dr.Florence Dayana
 
Ad

Similar to Secure electronic transactions (SET) (20)

PPTX
Electronic transaction final
ShikhaLohchab1
 
PPTX
NETWORK SECURITY-SET.pptx
Dr.Florence Dayana
 
PPTX
E transaction
Zeeshan Ahmed
 
PPTX
Secure Electronic Transaction (SET)
Ajmi Siraj
 
PDF
Online Payment Solutions UK
Noirepay
 
PPT
E Payment
Ankit Saxena
 
PDF
Analysis of Security Algorithms used in E-Commerce and ATM Transactions
IJERD Editor
 
PPT
SET (1).ppt
chandrakaren21
 
PPT
Electronic payment by ahmad
Mohd. Ahmad Siddiqi
 
PPT
Electronic Payment System
Ritesh Goyal
 
PDF
Payment gateway testing
Atul Pant
 
PDF
electronicpaymentsystem-12697023522629-phpapp01.pdf
UjwalReddyPB
 
PDF
Mb2420032007
IJERA Editor
 
PDF
An Improvement To The Set Protocol Based On Signcryption
ijcisjournal
 
PDF
Security Architecture for On-Line Mutual Funds Trading With Multiple Mobile A...
CSCJournals
 
PPTX
Payment gateway/payment service providers and future trends in mobile payment...
Danail Yotov
 
PDF
Payment Integration A Comprehensive Guide to Payment Gateway
Inexture Solutions
 
PPTX
Cyber cash
Chitra Lekha
 
PPTX
SSL TSL;& SET
Ramesh Ogania
 
PPT
Payer Authentication Solutions For Verified by VISA
First Atlantic Commerce
 
Electronic transaction final
ShikhaLohchab1
 
NETWORK SECURITY-SET.pptx
Dr.Florence Dayana
 
E transaction
Zeeshan Ahmed
 
Secure Electronic Transaction (SET)
Ajmi Siraj
 
Online Payment Solutions UK
Noirepay
 
E Payment
Ankit Saxena
 
Analysis of Security Algorithms used in E-Commerce and ATM Transactions
IJERD Editor
 
SET (1).ppt
chandrakaren21
 
Electronic payment by ahmad
Mohd. Ahmad Siddiqi
 
Electronic Payment System
Ritesh Goyal
 
Payment gateway testing
Atul Pant
 
electronicpaymentsystem-12697023522629-phpapp01.pdf
UjwalReddyPB
 
Mb2420032007
IJERA Editor
 
An Improvement To The Set Protocol Based On Signcryption
ijcisjournal
 
Security Architecture for On-Line Mutual Funds Trading With Multiple Mobile A...
CSCJournals
 
Payment gateway/payment service providers and future trends in mobile payment...
Danail Yotov
 
Payment Integration A Comprehensive Guide to Payment Gateway
Inexture Solutions
 
Cyber cash
Chitra Lekha
 
SSL TSL;& SET
Ramesh Ogania
 
Payer Authentication Solutions For Verified by VISA
First Atlantic Commerce
 
Ad

More from Omar Ghazi (7)

PPTX
Genetic programming
Omar Ghazi
 
PPT
Discovery methods for HCI
Omar Ghazi
 
PPTX
Virtual Reality
Omar Ghazi
 
PDF
Volumetric Medical Images Lossy Compression using Stationary Wavelet Transfor...
Omar Ghazi
 
PDF
Hybrid compression based stationary wavelet transforms
Omar Ghazi
 
PDF
Lossy Compression Using Stationary Wavelet Transform and Vector Quantization
Omar Ghazi
 
POTX
Presentation of Lossy compression
Omar Ghazi
 
Genetic programming
Omar Ghazi
 
Discovery methods for HCI
Omar Ghazi
 
Virtual Reality
Omar Ghazi
 
Volumetric Medical Images Lossy Compression using Stationary Wavelet Transfor...
Omar Ghazi
 
Hybrid compression based stationary wavelet transforms
Omar Ghazi
 
Lossy Compression Using Stationary Wavelet Transform and Vector Quantization
Omar Ghazi
 
Presentation of Lossy compression
Omar Ghazi
 

Recently uploaded (20)

PPTX
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
PPTX
master seminar digital applications in india
ananyaray35
 
PDF
Trump Administration's workforce development strategy
Mebane Rash
 
PDF
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
PDF
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
PPTX
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
PDF
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
PPTX
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
PDF
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
PPTX
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
PDF
Yogi Goddess Pres Conference Studio Updates
LDMMia Reiki Lectures
 
PDF
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
PDF
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
PDF
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
PDF
A GUIDE TO GENETICS FOR UNDERGRADUATE MEDICAL STUDENTS
DrBincy A. S
 
PDF
Computing-Curriculum for Schools in Ghana
abigailanane203
 
PDF
Classroom Observation Tools for Teachers
Nicaramirez
 
PDF
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
PPTX
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
PDF
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
master seminar digital applications in india
ananyaray35
 
Trump Administration's workforce development strategy
Mebane Rash
 
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
Yogi Goddess Pres Conference Studio Updates
LDMMia Reiki Lectures
 
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
A GUIDE TO GENETICS FOR UNDERGRADUATE MEDICAL STUDENTS
DrBincy A. S
 
Computing-Curriculum for Schools in Ghana
abigailanane203
 
Classroom Observation Tools for Teachers
Nicaramirez
 
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 

Secure electronic transactions (SET)

  • 1. Cryptography and Network Security Third Edition by William Stallings Lecture slides by Omar Ghazi
  • 3. Agenda -Introduction for Secure Electronic Transaction (SET( ? -Requirement for SET -Key Features of SET -SET components -SET Transaction -Dual Signature -Purchase Request -Payment Gateway Authorization -Payment Capture -Reference
  • 4. Secure Electronic Transaction (SET( SET is an open encryption and security specification designed to protect credit card transactions on the Internet. The current version, SETv1, emerged from a call for security standards by MasterCard and Visa in February 1996. A wide range of companies were involved in developing the initial specification, including IBM, Microsoft, Netscape, RSA, Terisa, and Verisign. Beginning in 1996, there have been numerous tests of the concept, and by 1998 the first wave of SET-compliant products was available. SET is not itself a payment system. Rather it is a set of security formats and protocols like (Secure Sockets Layer (SSL(, Microsoft's Secure Transaction Technology (STT(, and Secure Hypertext Transfer Protocol (S- HTTP(. SET uses so me but not all aspects of a public key infrastructure (PKI( (that enables users to employ the existing credit card payment infrastructure on an open network, such as the Internet, in a secure fashion. In essence, SET provides three services:
  • 5. Secure Electronic Transactions (SET( (Cont’d(. -Provides a secure communications amongst parties. -Provides trust by the use of X.509v3 digital certificates. -Ensures privacy the restricted info to those who need it.
  • 6. Requirement for SET -Provide confidentiality of payment and ordering information -Ensure the integrity of all transmitted data -Provide authentication that a cardholder is a legitimate user of a credit card account -Provide authentication that a merchant can accept credit card transactions through its relationship with a financial institution -Ensure the use of the best security practices and system design techniques to protect all legitimate parties in an electronic commerce transaction -Create a protocol that neither depends on transport security mechanisms nor prevents their use -Facilitate and encourage interoperability among software and network providers
  • 7. Key Features of SET  Confidentiality of information  Integrity of data  Cardholder account authentication  Merchant authentication
  • 9. SET Transaction We now look at some of the cryptographic details describe the sequence of events that are required for a transaction. 1.The customer opens an account. The customer obtains a credit card account, such as MasterCard or Visa, with a bank that supports electronic payment and SET. 2.The customer receives a certificate. After suitable verification of identity, the customer receives an X.509v3 digital certificate, which is signed by the bank. The certificate verifies the customer's RSA public key and its expiration date. It also establishes a relationship, guaranteed by the bank, between the customer's key pair and his or her credit card. 3.Merchants have their own certificates. A merchant who accepts a certain brand of card must be in possession of two certificates for two public keys owned by the merchant: one for signing messages, and one for key exchange. The merchant also needs a copy of the payment gateway's public-key certificate. 4.The customer places an order. This is a process that may involve the customer first browsing through the merchant's Web site to select items and determine the price. The customer then sends a list of the items to be purchased to the merchant, who returns an order form containing the list of items, their price, a total price, and an order number. 5.The merchant is verified. In addition to the order form, the merchant sends a copy of its certificate, so that the customer can verify that he or she is dealing with a valid store.
  • 10. SET Transaction(Cont’d(. 6.The order and payment are sent. The customer sends both order and payment information to the merchant, along with the customer's certificate. The order confirms the purchase of the items in the order form. The payment contains credit card details. The payment information is encrypted in such a way that it cannot be read by the merchant. The customer's certificate enables the merchant to verify the customer. 7.The merchant requests payment authorization. The merchant sends the payment information to the payment gateway, requesting authorization that the customer's available credit is sufficient for this purchase. 8.The merchant confirms the order. The merchant sends confirmation of the order to the customer. 9.The merchant provides the goods or service. The merchant ships the goods or provides the service to the customer. 10.The merchant requests payment. This request is sent to the payment gateway, which handles all of the payment processing.
  • 11. Dual Signature Dual Signature: The purpose of the dual signature is to link two messages that are intended for two different recipients. In this case, the customer wants to send the order information (OI) to the merchant and the payment information (PI) to the bank. The merchant does not need to know the customer's credit card number, and the bank does not need to know the details of the customer's order. The customer is afforded extra protection in terms of privacy by keeping these two items separate. However, the two items must be linked in a way that can be used to resolve disputes if necessary. The link is needed so that the customer can prove that this payment is intended for this order and not for some other goods or service.
  • 12. Construction of Dual Signature
  • 13. Purchase Request Before the Purchase Request exchange begins, the cardholder has completed browsing, selecting, and ordering. The end of this preliminary phase occurs when the merchant sends a completed order form to the customer. All of the preceding occurs without the use of SET. The purchase request exchange consists of four messages: -Initiate Request. -Initiate Response. -Purchase Request. -Purchase Response.
  • 15. Purchase Request – Customer The cardholder prepares the Purchase Request message and generates a one- time symmetric encryption key, Ks. The message includes the following: 1. Purchase-related information. This information will be forwarded to the payment gateway by the merchant and consists of - The PI - The dual signature, calculated over the PI and OI, signed with the customer's private signature key - The OI message digest (OIMD) The (OIMD) is needed for the payment gateway to verify the dual signature, as explained previously. All of these items are encrypted with Ks. The final item is - The digital envelope. This is formed by encrypting Ks with the payment gateway's public key-exchange key. It is called a digital envelope because this envelope must be opened (decrypted) before the other items listed previously can be read. The value of Ks is not made available to the merchant. Therefore, the merchant cannot read any of this payment-related information.
  • 17. Purchase Request – Merchant When the merchant receives the Purchase Request message, it performs the following actions 1. Verifies the cardholder certificates by means of its Certification authority (CA) signatures. 2. Verifies the dual signature using the customer's public signature key. This ensures that the order has not been tampered with in transit and that it was signed using the cardholder's private signature key. 3. Processes the order and forwards the payment information to the payment gateway for authorization (described later). 4. Sends a purchase response to the cardholder.
  • 18. Payment Gateway Authorization The payment authorization ensures that the transaction was approved by the issuer. This authorization guarantees that the merchant will receive payment; the merchant can therefore provide the services or goods to the customer. The payment gateway performs the following tasks: 1.verifies all certificates 2.decrypts digital envelope of authorization block to obtain symmetric key & then decrypts authorization block 3.verifies merchant's signature on authorization block 4.decrypts digital envelope of payment block to obtain symmetric key & then decrypts payment block
  • 19. Payment Gateway Authorization(Cont’d(. 5. verifies dual signature on payment block 6. verifies that transaction ID received from merchant matches that in PI received (indirectly) from customer 7. requests & receives an authorization from issuer 8. sends authorization response back to merchant
  • 20. Payment Capture • merchant sends payment gateway a payment capture request • gateway checks request • then causes funds to be transferred to merchants account • notifies merchant using capture response
  • 21. Reference • Stallings, William. Cryptography and network security: principles and practices. Pearson Education India, 2006. • LI, Yang; WANG, Yun. Secure Electronic Transaction (SET protocol). 2014. • http://searchfinancialsecurity.techtarget.com/definition • https://en.wikipedia.org/wiki/Secure_Electronic_Transa