Differences between SET and SSL
Unlike the real world where the parties to a transaction can inexpensively find out each other’s identities, internet allows greater levels of anonymity. Secure Sockets Layer (SSL) and Secure Electronic Transaction (SET) are internet security protocols to ensure safe and secure online data exchange. SSL was developed by Netscape to enable secure client-server communications over the internet while SET was specifically developed by MasterCard and Visa to handle electronic transactions.
In SSL, the clients and the servers authenticate and communicate with each other using public cryptography and certificates and all the information between the clients and the servers is encrypted. SSL can be employed by any application layer protocol running over the Transmission Control Protocol (TCP) including Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), Telnet, and the e-mail protocols (SMTP, POP3, IMAP4). The most common application of SSL is for securing HTTP communication which can often be seen as https:// in internet browsers’ URLs. SSL was not specifically developed for commercial transactions involving online payments but instead for securing all types of internet communications.
SET, on the other hand, was specifically developed for electronic payments and the primary motive behind the development of SET was fraud prevention. SET does a better job of secure online commercial transactions because in addition to encrypting transactions, SET provides rigorous authentication measures. In the case of SSL, only the server provides an authentication certificate prior to securing the communication channel. Only after the communication channel is secured, the merchant can verify consumer’s authenticity through his credit card information which means stolen credit cards can be used. SET addresses this shortcoming of SSL because in addition to merchants’ server certificates, consumerss are also required to obtain certificates to prevent identity theft.
SET also provides a higher degree of privacy to consumers than SSL. SET encrypts the payment information so only the bank has access to customer financial data and not the merchant. The merchant only sees the order details in an unencrypted form and passes the payment instructions in an authorization request to the payment gateway for authentication. In the case of SSL, the merchants have access to the customers’ financial data and unlike SET, customers’ data such as credit card account information is processed by and stored in the merchants’ databases.
Despite the fact that SET is relatively more secure than SSL for payment transactions, it has failed to gain the same level of acceptance as SSL because SSL is more user-friendly. Almost all internet browsers and web servers have SSL built into them and simple installation of digital certificates will turn on the SSL capabilities of the browsers and the web servers. This cannot be said about SET that requires greater efforts and costs to be implemented. SET requires consumers to digitally sign payment instructions while SSL doesn’t. SET also requires all parties to be certified by a third trusted party. Thus, it is also a matter of convenience that has allowed SSL to gain widespread acceptance as compared to SET.