See Also   Introduction   Encryption   SSL   SET   Smart Cards   Links   FAQ

SET is exempt from the US cryptographic export restrictions and unlike SSL can therefore use strong, 128 bit encryption for credit card numbers world-wide. In order to gain this exemption, the use of strong encryption has to be limited to the financial information only and does not include other elements of the transaction, for example details of the goods being bought and the delivery address.

Like SSL, SET allows for the merchant's identity to be authenticated via digital certificates. However, SET also allows for the merchant to request users authenticate themselves through digital certificates. This makes it much more difficult for someone to use a stolen credit card.

There are many pilot schemes running using the SET protocol but mainstream adoption has been slower than predicted. The main reasons behind this are the growing acceptance of SSL for secure credit card transactions and the complexity and cost of the SET system.

Encryption Process
In a typical SET transaction, there is information that is private between the customer and the merchant (such as the items being ordered) and other information that is private between the customer and the bank (such as the customer's credit card number). SET allows both kinds of private information to be included in a single, digitally signed transaction.

Information intended for the bank is encrypted using the bank's public key whilst information for the merchant is encrypted with the merchant's public key. This means that the merchant has no access to the credit card details and thus a source of fraud is eliminated.

In addition to this encryption, both sets of information are digitally signed. Finally these two signatures are combined to produce one signature that covers the whole transaction.