International Journal of Technical Research and Applications e-ISSN: 2320-8163, www.ijtra.com Volume 1, Issue 5 (Nov-Dec 2013), PP. 53-58 53 | Page SECURITY OF ONLINE ELECTRONIC TRANSACTIONS Nikhil Khandare, Dr. B. B. Meshram Dept. of Computer Engineering Veermata Jijabai Technological Institute Mumbai 400019 Abstract— Secure electronic transaction (SET) is a significant e-commerce protocol designed to improve the security of credit card purchases. In this paper we discuss various security measures and protocols which are used till date and are still used for the security of online transaction in which electronic cash flows from buyer to the supplier or merchant. Various issues discussed in this paper are SET protocol, Authenticated and Key Agreement for P2P-Based Networks, Mutual Authentication between Cardholder and Merchant, Biometric Mechanism for enhanced Security of Online Transaction, Using a Mobile Device to Enhance Customer Trust in the Security of Remote Transactions, Digital content mediator for secure P2P online transactions, Sensitive Data Transfer Security Model finally we will see the SMS-Based Authentication Scheme. Index Terms— Digital content mediator, Authentication, P2P- Based Networks, Secure electronic transaction (SET), Sensitive Data, M-commerce. I. INTRODUCTION Protocols in cryptography allow people to communicate securely across an open network, even in the presence of other agents. Such protocols are hard to design and many of researchers have developed ways of finding errors or proving tht the protocol is correct. The verification of the registration protocols of Secure electronic transaction (SET), a large and important protocol for electronic commerce, proposed by Visa and MasterCard and is a industry standard. SET presents two major challenges to previous methods. • It involves many levels of encryption, using many combinations of symmetric cryptography, asymmetric cryptography and hashing. • It does not assume that each agent has his own private key so that the only problem which is remained is the distribution of the public keys, but allows cardholders to decide their asymmetric key. The first challenge comes from SETs is how to use digital envelopes. One part of a digital envelope is the main body of the message. The other part contains that key and is encrypted with the recipient’s public encryption key. The two parts may have some common data, possibly hashed, in order to confirm that they are tied together. This combination of symmetric and asymmetric encryption can be considered more efficient than using asymmetric cryptography alone and it makes a protocol much harder to decide. The second challenging aspect of the SET protocols is the possibility for cardholders and merchants to make public/private key pairs as they want for their electronic credentials. II. SET REGISTRATION PROTOCOLS Everyone normally pay for goods purchased over the Internet by giving the merchant their credit card details. To prevent this information from unwanted people from stealing the card number, the message undergoes a session of the secure sockets layer (SSL) protocol. In this arrangement the cardholder and merchant should trust each other. That requirement is undesirable even in face-to-face transactions, but over the internet it has risks. • The cardholder is protected from eavesdroppers but not from the merchant itself. Some merchants are dishonest. They do not protect the sensitive information. • The merchant also needs to be protected and should have some protection against dishonest cardholders who supply an invalid credit card number. It seems contrary to popular belief that it is the merchant who has the most to lose from fraud. Law in many countries protects the cardholder. The aspect of registration of merchant as well as cardholder is dealt with here. First figure shows the registration of cardholder and the second one show registration of merchant.