1 and the composition of SET payment system
SET payment system mainly consists of six parts: cardholder, merchant, issuing bank, acquiring bank, payment gateway and certification body. Accordingly, the online shopping system based on SET protocol at least includes electronic wallet software, merchant software, payment gateway software and certificate issuing software.
2. workflow of 2.SET protocol
1) Consumers use their personal computers to choose goods to buy through the Internet and enter orders on the computers. The order should include the online store, the name and quantity of the purchased items, the delivery time and place, and other relevant information.
2) Contact the relevant online shop through the e-commerce server, and the online shop will reply and inform the consumer whether the information such as unit price, payable amount and delivery method in the order is accurate and whether there is any change.
3) The consumer chooses the payment method and confirms the payment instruction issued by the order. At this point, SET began to intervene.
4) In SET, consumers must digitally sign orders and payment instructions, and at the same time adopt double signature technology to ensure that merchants can't see the account information of consumers.
5) After the online store accepts the order, it requires the consumer's bank to conduct payment approval. The information goes to the acquiring bank through the payment gateway, and then to the electronic money issuing company for confirmation. After the transaction is approved, the confirmation information is returned to the online store.
6) The online store sends the order confirmation information to the consumer. The client software can record the transaction log for future query.
7) The online store delivers goods or provides services and informs the acquiring bank to transfer money from the consumer account to the store account, or notifies the issuing bank to demand payment. There is generally a time interval between authentication operation and payment operation, such as asking the bank to settle accounts for one day before going to work every day.
The first two steps have nothing to do with SET. From the third step to the sixth step, SET has clear regulations on communication protocol, request information format and data type definition. At every step of the operation, consumers, online stores and payment gateways verify the identity of the communication subject through CA (Authentication Center) to ensure that the communication partner is not an impostor. Therefore, it can be simply considered that the SET specification gives full play to the role of authentication center to maintain the authenticity and confidentiality of information provided by e-commerce participants on any open network.