There is another security system that can be used to secure the online data transmission, and it is called SET. As of today, this technology is still being used for credit card payment online only. Many known financial institutions such as VISA, MasterCard and Amex have adopted SET and hope that this system can be widely used by many people.
SETCO, a company which manages specifications, supervises Software Compliance Testing, and helps companies in adopting SET, has a good explanation that can be found in their website on why SET is a better way to protect websites:
The SET protocol utilizes cryptography to provide confidentiality of information, ensure payment integrity, and identity authentication. For authentication purposes, cardholders, merchants, and acquirers will be issued digital certificates by their sponsoring organizations. Digital certificates (also known as electronic credentials or digital Ids) are digital documents attesting to the binding of a public key to an individual or entity. They allow verification of the claim that a given public key does in fact belong to a given individual or entity.
The website also explains that there are 4 parts involved in the process of transaction. The first component is the “Cardholder Application”, which is a software installed to the customer’s computer so that a secure payment card transaction can be done safely through the Net. The second component is “Merchant Server,” which is owned by the e-commerce companies. The application installed in the merchant’s server is used to process the payment and the authorizations. The next part is “Payment Gateway,” where a third party has a component to process the authorization of the merchants and connect to the financial institution’s networks. The last component is “Certificate Authority,” which is software in the financial institution that verifies the certificate from the purchasers, merchants, and the payment gateway.
The way SET works is too complex, and this prevents the technique to be utilized by growing companies that do not really have enough budget to begin with. Nevertheless, this form of data transmission is better and safer than SSL. This is possible because according to the IT’s Encyclopedia in what’s?.com, once an order is placed by a customer, a message verifying the validity of the merchant will be sent to the customer’s browser. Merchants will never get the credit card numbers of the customers because they only receive the digital signature contained in a chip on a customer’s card. This signature can only be verified by a designated bank institution. So instead of sending out a credit card number as in SSL process, SET eases insecure feelings by transmitting a digital signature that doesn’t contain anything that can be used by unauthorized individuals. However, this process is so expensive because all parties have to have SET installed into their computers and servers. Not too many people are willing to get into this trouble and expense.