SET is a system for ensuring the security of financial transactions on the Internet. Mastercard, Visa, Microsoft, Netscape and others support it. With SET, a user is given an 'electronic wallet' (digital certificate) and a transaction is conducted and verified using a combination of digital certificates and digital signatures among the purchaser, the vendor, and the purchaser's bank in a way that ensures privacy and confidentiality. SET uses SSL. The following steps outline what happens using SET:
- The customer opens a Mastercard or Visa bank account. Any issuer of a credit card is a bank.
- The customer receives a digital certificate. This 'electronic file' functions as a credit card for online purchases or other transactions. It includes a public key (keys will be covered later) with an expiration date. It has been through a digital switch to the bank to ensure its validity.
- Third-party vendors also receive certificates from the bank. These certificates include the vendor's public key and the bank's public key.
- The customer places an order over a Web page, by phone or some other means.
- The customer's browser receives and confirms from the vendor's certificate that the vendor is valid.
- The browser sends the order information. This message is encrypted with the vendor's public key, the payment information, which is encrypted with the bank's public key (which can't be read by the vendor) and information that ensures the payment can only be used with this particular order.
- The vendor verifies the customer by checking the digital signature on the customer's certificate. Referring the certificate to the bank can do this.
- The vendor sends the order message to the bank. This includes the bank's public key, the customer's payment information (which the vendor can't decode), and the vendor's certificate.
- The bank verifies the vendor and the message. The bank uses the digital signature on the certificate with the message and verifies the payment part of the message.
- The bank digitally signs and sends authorisation to the vendor, who can then fill the order.