What is SET?


Secure Electronic Transaction (SET) is a suit of protocol that has been developed and promoted by a consortium of Visa and MasterCard to ensure security of online financial transactions.  The idea with SET is that a combination of digital certificates is used to ensure the security requirements of transactions between the consumer, merchant, financial institutions, and the payment gateways.


In absence of SET credit card transactions between the consumer, merchant, and financial institutions take place as indicated in the diagram:

  1. Issuer (could be consumer's High street bank) issues consumer with the credit card
  2. Cardholder (consumer) presents the merchant with his credit card for payment along with the order
  3. Merchant requests and receives authorisation of payment from the credit card brand (could be Visa, MasterCard, American Express, etc) before processing the order
  4. Having received authorisation from the brand, merchant initiates the process of capture of monitory funds through the acquirer (could be Merchant's High street bank)
  5. Acquirer forwards authorisation details to the brand and requests settlement from the brand
  6. Having received payment from the brand, acquirer credits Merchant's account with the funds
  7. Brand bills the consumer for the funds


The process described above is followed whether or not transaction is online.  One major problem with this process is that consumer's sensitive information (credit card information) is divulged to the merchant with potential privacy implications for the consumer.  There is also the issue of authentication of both the consumer (is the consumer the true cardholder) and the merchant (is the merchant who the consumer believes to be or is the Web front merely a front to the adversary's website).  SET is designed to overcome these issues through authentication of all bodies with the use of digital certificates.


SET works as shown in the diagram above:

With this strategy merchant can only access the order information and the financial institutions can only access the payment details.  Note that SET protocol uses SSL for the secure communication.  Integrity and non-repudiation is ensured through creation of two digital signatures, one for the merchant (by encrypting the message digest of order information) and the other for the issuer (by encrypting the message digest of payment information).  This concept is called the dual signature.




For more, see:




What's the difference between SET and SSL?





What is SETco?





What is the improvement in protection with SET?





What are the key benefits of SET for merchants?






What is SET mark?







How can you tell if a website has SET technology?