Abstract-Secure Electronic Transactions (SET) is a security protocol for an electronic payment system that utilises PKI to address e-commerce security and privacy concerns. Although PKI technologies used by the SET protocol were proven to be effective in addressing security issues in e-commerce, several implementation issues were found from SET applications de-signed to support security mechanisms ofPKI. SET failed to be implemented by e-commerce end-users. This paper studies how SET was predicted, designed, and rejected by e-commerce end-users. PKI issues associated with SET implementation in B2C e-commerce are also reviewed. Although e-commerce end-users are concerned about security issues, usability is a more dominant factor than security for a secure system project to be adopted by the users. although e-commerce provided many benefits to consumers (e.g., convenience, greater choice, lower prices and more information). In order to address e-commerce security requirements, well-established cryptography was believed to be a 'magic pill'. An apparently secure e-commerce website would, in theory, convince potential e-commerce customers to become regular e-commerce customers. According to Giff [5], "[a]n example of increasing security to increase trust comes from people being more willing to engage in e-commerce if they are assured that their credit card numbers and personal data are cryptographically protected". In this light, PKI (Public Key Infrastructure) [6] was pointed out as a solution to e-commerce security and privacy concerns.
Index Terms-CertificationAccording to Farrell and Zolotarev [7], PKI is vital for e-commerce security, since many applications that use PKI are not Web services and PKI is the only choice available for connecting business relationships to keys and identities when more than one domain is involved. In addition, Piper [8, p.24] stated that "Security is obviously a major concern for all potential users of E-commerce and the use of (public key) cryptography is an important issue". PKI is the subject of standardization by a number of bodies, including the IETF, ITU-T and ISO/IEC. PKI is the infrastructure