are held on the computers at each end. It would require a determined attempt to intercept
such a message and decrypt it. SSL is more widely used than the rival S-HTTP method.
The detailed stages of SSL are as follows:1 Client browser sends request for a secure connection.
2 Server responds with a digital certificate which is sent for authentication.
3 Client and server negotiate session keys, which are symmetrical keys used only for the
duration of the transaction.Since, with enough computing power, time and motivation, it is possible to decrypt
messages encrypted using SSL, much effort is being put into more secure methods of
encryption such as SET. From a merchant’s point of view there is also the problem that
authentication of the customer is not possible without resorting to other methods such
as credit checks.Secure Electronic Transaction (SET)
Secure Electronic Transaction (SET)was once touted as the way forward for increasing
Internet security, but adoption was limited due to the difficulty of exchanging keys and
the time of transaction, with most e-commerce sites still using SSL. SET is a security pro-
tocol based on digital certificates, developed by a consortium led by Mastercard and
Visa, which allows parties to a transaction to confirm each other’s identity. By employ-
ing digital certificates, SET allows a purchaser to confirm that the merchant is legitimate
and conversely allows the merchant to verify that the credit card is being used by its
owner. It also requires that each purchase request include a digital signature, further
identifying the cardholder to the retailer. The digital signature and the merchant’s digi-
tal certificate provide a certain level of trust.Alternative payment systems
The preceding discussion has focused on payment using credit card systems since this is
the prevalent method for e-commerce purchases. Throughout the 1990s there were
many attempts to develop alternative payment systemsto credit cards. These focused on
micropaymentsor electronic coinage such as downloading an online newspaper, for
which the overhead and fee of using a credit card was too high. One system that has suc-
ceeded is PayPal (www.paypal.com) which was purchased by eBay and is a major part of
their revenue stream since it is used for payment by those who don’t have access to
credit cards. BT has launched BT ‘Click and Buy’ for micropayments which is successful
within the UK.Reassuring the customer
Once the security measures are in place, content on the merchant’s site can be used to
reassure the customer, for example Amazon (www.amazon.com) takes customer fears
about security seriously judging by the prominence and amount of content it devotes to
this issue. Some of the approaches used indicate good practice in allaying customers’
fears. These include:
use of customer guarantee to safeguard purchase;
clear explanation of SSL security measures used;
highlighting the rarity of fraud (‘ten million customers have shopped safely without
credit card fraud’);CHAPTER 3· THE INTERNET MACRO-ENVIRONMENT
Secure Electronic
Transaction (SET)
A standard for public-
key encryption intended
to enable secure e-
commerce transactions
lead-developed by
Mastercard and Visa.
Payment systems
Methods of transferring
funds from a customer
to a merchant.
Micropayments
Small-denomination
payments.