On your mark, get SET, wait!: Page 2

(Page 2 of 2)

SSL vs. SET: Private lives
and public keys

Secure Sockets
Secure Electronic Transaction

What it does:

Authenticate: Lets Web-enabled browsers and servers authenticate each other;

Limits access: Permits controlled access to servers, directories, files, and services;

Shares information: Lets information be shared by browsers and servers while remaining inaccessible to third parties; and

Protects data: Ensures that exchanged data cannot be corrupted without detection.

What it does:

Digital certificate: Requires parties--cardholder, merchant, bank, and anyone else involved--to obtain a digital certificate;

Authenticate: Requires a certificate authority to authenticate all parties in the transaction;

Electronic wallet: Lets customers keep credit card information in software called an "electronic wallet" on their computers;

Limits merchant's access: Gives merchants no access to credit card information, making SET safer than in-person or phone transactions;

Limits access: Gives the credit card issuer no access to order information, maintaining the customer's privacy;

Immediate verification: Gives a merchant immediate verification of credit availability and customer authenticity, allowing it to fulfill orders without the risk that the transaction will become invalid;

Stronger encryption: Encrypts order and credit card information separately. The card information is of fixed length, so this lets SET use stronger encryption for the card information because Department of State restrictions focus on bulk cryptography.

Secure Sockets
Secure Electronic Transaction

How it works:

SSL uses public-key encryption and digital certificates to set up the interaction and verify that the parties are who they say they are. Then it uses special session keys to encrypt the data being transmitted. Public-key cryptography uses a pair of asymmetric keys, public and private, for encryption and decryption. The digital certificates (issued by a certificate authority) are used to verify that the key pairs belong to a particular entity. Session keys perform the cryptographic work for the data exchange.

How it works:

When a customer wishes to make a purchase, the order information is encrypted via the customer's private encryption key and sent to the merchant, while the credit card information is also encrypted and sent to the card issuer, all accompanied by a unique digital signature. The merchant and card issuer decrypt the information using the customer's public key, allowing them to verify its authenticity and complete the transaction.

Secure Sockets
Secure Electronic Transaction

The downside:

Shallow encryption: SSL can use only relatively shallow encryption (40-bit internationally, 128-bit in the U.S.), due to Department of State restrictions.

Only point-to-point transactions: SSL handles only point-to-point interaction. Credit card transactions involve at least three parties: the consumer, the merchant, and the card issuer.

Risks: With SSL, consumers run the risk that a merchant may expose their credit card numbers on its server, and merchants run the risk that a consumer's card number is fraudulent or that the credit card won't be approved.

The downside:

Rollout: Rollout has been slow.

Lack of testing: Interoperability among SET implementations is only now being tested.

Slow adoption: Consumers may be slow to implement electronic wallets.

Source: BRG Research (http://www.brgresearch.com)

Page 2 of 2

Previous Page
1 2

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.