How It Works in
Payment Processing
1. The customer requires a
SET-enabled browser such as Netscape or Microsoft's Internet Explorer and
that the transaction provider (bank, store, etc.) has a SET-enabled server.
2. The consumer opens a
MasterCard or Visa bank account. Any issuer of a credit card is some kind of
bank.
3. The customer receives a
digital certificate, which is an electronic file functioning as a credit
card for online purchases or other transactions. It includes a public key
with an expiration date and has been through the bank to ensure its
validity.
4. Third-party merchants also
receive certificates from the bank. These certificates include the
merchant's public key and the bank's public key.
5. The customer places an order
over a Web page and the customer's browser receives and confirms from the
merchant's certificate that the merchant is valid.
6. The browser sends the order
information. This message is encrypted with the merchant's public key, the
payment information, which is encrypted with the bank's public key (which
can't be read by the merchant), and information that ensures the payment can
only be used with this particular order.
7. The merchant verifies the
customer by checking the digital signature on the customer's certificate.
This may be done by referring the certificate to the bank or to a
third-party verifier.
8. The merchant sends the order
message along to the bank. This includes the bank's public key, the
customer's payment information (which the merchant can't decode), and the
merchant's certificate.
9. The bank verifies the
merchant and the message. The bank uses the digital signature on the
certificate with the message and verifies the payment part of the message.
10. The bank digitally signs and
sends authorisation to the merchant, who can then fill the order.
More information about SET can
be found on the MasterCard Web site including an excellent interactive demo
and an online SET payment processing demonstration.
http://www.mastercardintl.com/newtechnology/set/
|
