Implementation Aspects of SET/EMV

Jarupunphol, Pita; Mitchell, Chris J.

doi:10.1007/978-0-387-35617-4_20

Cited by 2 publications

(2 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…After SET experienced significant resistance from e-commerce participants, several SET extensions were introduced in order to address complexity and facilitate greater adoption of SET [34], [35], including the PIN [29], chip [28], and server-based wallet extensions [33].…”

Section: Attempted Solutions To Set Problemsmentioning

confidence: 99%

See 1 more Smart Citation

Secure Electronic Transactions (SET): A Case of Secure System Project Failures

Jarupunphol¹,

Buathong²

2013

IJET

Self Cite

View full text Add to dashboard Cite

Abstract-Secure Electronic Transactions (SET) is a security protocol for an electronic payment system that utilises PKI to address e-commerce security and privacy concerns. Although PKI technologies used by the SET protocol were proven to be effective in addressing security issues in e-commerce, several implementation issues were found from SET applications de-signed to support security mechanisms ofPKI. SET failed to be implemented by e-commerce end-users. This paper studies how SET was predicted, designed, and rejected by e-commerce end-users. PKI issues associated with SET implementation in B2C e-commerce are also reviewed. Although e-commerce end-users are concerned about security issues, usability is a more dominant factor than security for a secure system project to be adopted by the users. although e-commerce provided many benefits to consumers (e.g., convenience, greater choice, lower prices and more information). In order to address e-commerce security requirements, well-established cryptography was believed to be a 'magic pill'. An apparently secure e-commerce website would, in theory, convince potential e-commerce customers to become regular e-commerce customers. According to Giff [5], "[a]n example of increasing security to increase trust comes from people being more willing to engage in e-commerce if they are assured that their credit card numbers and personal data are cryptographically protected". In this light, PKI (Public Key Infrastructure) [6] was pointed out as a solution to e-commerce security and privacy concerns. Index Terms-CertificationAccording to Farrell and Zolotarev [7], PKI is vital for e-commerce security, since many applications that use PKI are not Web services and PKI is the only choice available for connecting business relationships to keys and identities when more than one domain is involved. In addition, Piper [8, p.24] stated that "Security is obviously a major concern for all potential users of E-commerce and the use of (public key) cryptography is an important issue". PKI is the subject of standardization by a number of bodies, including the IETF, ITU-T and ISO/IEC. PKI is the infrastructure

show abstract

Section: Attempted Solutions To Set Problemsmentioning

confidence: 99%

“…SET/EMV was proposed to reduce the complexity of SET end-user initialization, but retain SET's security features [35]. There is no need for consumers to generate a key pair specifically for SET, since the key pair and certificates already contained in the EMV smart card can be used instead.…”

Section: Attempted Solutions To Set Problemsmentioning

confidence: 99%