DOI: http://dx.doi.org/10.26483/ijarcs.v8i8.4567 Volume 8, No. 8, September-October 2017 International Journal of Advanced Research in Computer Science RESEARCH PAPER Available Online at www.ijarcs.info © 2015-19, IJARCS All Rights Reserved 5 ISSN No. 0976-5697 E-COMMERCE SECURITY WITH SECURE ELECTRONIC TRANSACTION PROTOCOL : A SURVEY AND IMPLEMENTATION Prof. Prathamesh Churi Department of Computer Engineering SVKM’s NMIMS Mukesh Patel School of Technology Management and Engineering Mumbai, India Abstract: This paper presents review about transaction processing on ecommerce website using Secure Electronic Transaction (SET) protocol. SET is a very comprehensive security protocol, which utilizes cryptography to provide confidentiality of information, ensure payment integrity, and enable identity authentication. It relies on cryptography, digital certificate and authentication by SMS to ensure message confidentiality and security. First the report introduces about ecommerce websites and how to build it. It then explains how SET works and the components involved in it. Then the report gives out a design and implementation of this protocol. Keywords: SET; E-Commerce; SSL; Security. I. INTRODUCTION E Commerce stands for electronic commerce and caters to trading in goods and services through the electronic medium such as internet, mobile or any other computer network [1,2,3]. With the growing use of internet worldwide, Electronic Data Interchange (EDI) has also increased in humungous amounts and so has flourished ecommerce with the prolific virtual internet bazaar inside the digital world which is righty termed as e-malls [17 18 19 20] With e-commerce then, you can buy almost anything you wish for without actually touching the product physically and inquiring the salesman n number of times before placing the final order. Here is a beautiful picture depicting how has human life evolved to adapt to the digital world and hence trading over the internet. Most of online purchases are paid for by a credit card. Merchants like credit card payments because an instant authorization guarantees that the card is valid (as opposed to a check which may bounce). Customers like paying by credit cards because they can easily cancel a transaction in case when they don't receive products or services according to the agreement in the transaction. While some of credit card payments for online services are performed by phone, most of such payments are made by filling in an online form. Credit card information submitted by the customer is sent to the bank which has issued the credit card to verify. If the transaction is approved, the merchant notifies the customer that the order has been placed. The actual transfer of money from the credit card bank to the merchant may happen in a few hours, or even in a few days. Merchants who accept credit card payments pay fee (between 1 and 7 percent of the card charge) for each card charge. In addition, in some cases merchants pay authorization fee for each credit card authorization attempt, as well as other fees related to credit card processing. This massive increase in the uptake of ecommerce has led to a new generation of associated security threats, but any ecommerce system must meet four integral requirements i.e. privacy, integrity, authentication and nonrepudiation [21 22 23 24 25]. A protocol designed to ensure the security and integrity of online communications and purchases, Secure Electronic Transaction (SET) uses digital certificates, issued to merchants and other businesses and customers, to perform a series of security checks verifying that the identity of a customer or sender of information is valid. SET provides the basic framework within which many of the various components of securing digital transactions function. Digital certificates, digital signatures, and digital wallets all function according to the SET protocol. A. SET Protocol [4,5,6,7, 33] Electronic commerce, as exemplified by the popularity of the Internet, is going to have an enormous impact on the financial services industry. No financial institution will be left unaffected by the explosion of electronic commerce. Even though SSL is extremely effective and widely accepted as the online payment standard, it requires the customer and merchant to trust each other. An undesirable requirement even in face-to face transactions, and across the Internet it admits unacceptable risks. MasterCard and VISA developed SET in collaboration from leading technology companies, which includes Microsoft, IBM, Netscape, SAIC, GTE, RSA, Terisa Systems and VeriSign. On February 1st 1996 these companies announced the single technical standard for safeguarding the payment purchases made over open networks. This standard is called as the SET Secure Electronic Transaction specification. SET specification includes, digital certificates, which is a verifying the actual identity of the parties participating in the transaction. By using these sophisticated cryptographic techniques, SET protocol, aims to make cyberspace a safer place for conducting business and thereby increase consumer confidence in E- Commerce. SET was developed to address these major requirements in the online shopping industry: [8] • Provide confidentiality of information -- accomplished by the use of message encryption • Ensure the integrity of all transmitted data – accomplished by the use of digital signatures • Authenticate a cardholder meaning that he is the legitimate user of the branded payment card – accomplished by the use of digital signatures and cardholder certificates