Electronic Credit Card Payment Technology
Essay Preview: Electronic Credit Card Payment Technology
Report this essay
Electronic Credit Card Payment Technology
Secure Socket Layer (SSL)
SSL is a protocol developed by Netscape which has become a standard in all common browsers.
As soon as a customer connects to a merchants server the customers browser receives the merchants certificate and key. A certificate is used to verify that a user is who he claims to be and, furthermore, to provide the receiver with the means to encode a reply. At this point the browser generates a session key for a symmetrical encryption. This session key is now encrypted with the open/public key of the merchant and is sent to him.
From this point on, the whole communication between the customer and the merchant is encrypted as well as decrypted with the key that is known to both parties.
Secure Electronic Transaction (SET)
A development of the SSL protocol is SET. SET is a protocol for the secure transmission of credit card information – especially on the internet. This system uses digital signature.
When the customer gets into contact with the merchant his wallet sends the merchant an initialisation request. The request contains the credit card brand as well as the first six digits. This information is needed to ascertain the relevant payment gateway.
In the next step the merchants software generates an unmistakable transaction ID. This ID is sent back to the customer (Init Response) together with the encryption certificate of the payment gateway and the merchants certificate.
The wallet checks the validity of the received certificate and the integrity of the message by means of the digital signature. The customer now enters the product and credit card information. Both parts are encrypted and sent separately