Electronic Fund Transfer and Secure Electronic Transaction protocol for Credit card payment

Electronic Fund Transfer (EFT) is a system of transferring money from one bank account directly to another without any paper money changing hands. One of the most widely known applications of EFT is the direct deposit of paychecks into bank accounts. EFTs are used both for single and recurring transactions, such as online bill payments.

EFT transactions are processed through various networks that allow banks to communicate financial transactions securely and efficiently. These transactions include, but are not limited to, direct deposits, direct debits, ATM withdrawals, point-of-sale (POS) transactions, and online payments.

Technology used in Electronic Fund Transfer (EFT) for credit card payment:

1. Encryption

Encryption is fundamental in securing electronic fund transfers, ensuring that sensitive data such as credit card numbers and personal information are converted into a secure code during transmission. Technologies like Transport Layer Security (TLS) encrypt data in transit, preventing unauthorized access or interception.

2. Tokenization

Tokenization replaces sensitive card details with a unique identifier, or token, that has no exploitable value. This token is used to process transactions without exposing actual credit card details, reducing the risk of data breaches. Tokenization is widely used in mobile wallet transactions and online payments to enhance security.

3. Authentication Protocols

Authentication protocols verify the identities of parties involved in a transaction. For credit card payments, this often involves methods such as 3-D Secure (e.g., Verified by Visa, Mastercard SecureCode), which adds an additional layer of authentication by requiring the cardholder to enter a password or a code sent to their mobile device.

4. Payment Gateways

Payment gateways are e-commerce services that process credit card payments for online and traditional brick-and-mortar stores. They use SSL encryption to secure data and may employ additional security measures such as fraud detection algorithms to protect against unauthorized transactions.

5. EMV Technology

EMV (Europay, MasterCard, and Visa) technology is used for chip-based credit and debit cards. It enhances security for in-person transactions by generating a unique transaction code for each payment, which cannot be reused. While EMV technology is primarily associated with physical card transactions, it also impacts EFT by setting high-security standards that reduce card fraud.

6. Near Field Communication (NFC)

NFC technology allows two devices placed within a few centimeters of each other to exchange data. In the context of EFT, NFC enables contactless payments through mobile devices or credit cards, making transactions faster and more secure without the need for physical contact.

7. Banking Networks and Protocols

EFT transactions rely on banking networks and protocols such as the Automated Clearing House (ACH) for processing electronic payments and money transfers. These networks are regulated and offer a secure infrastructure for executing a wide range of transactions, including direct deposits and bill payments.

8. Financial Messaging Systems

Systems like SWIFT (Society for Worldwide Interbank Financial Telecommunication) provide a network that enables financial institutions worldwide to send and receive information about financial transactions in a secure, standardized, and reliable environment. While more relevant for international transfers and bank-to-bank communications, they underpin the global infrastructure for EFTs.

Secure Electronic Transaction (SET) Protocol

Secure Electronic Transaction (SET) protocol was developed to secure electronic credit card transactions over the internet. It was introduced in the mid-1990s by a consortium including Visa, Mastercard, and several major technology companies. SET was designed to ensure confidentiality, integrity, and authenticity in online transactions. It utilizes a system of digital certificates that authenticate the identity of each party involved in the transaction — the cardholder, the merchant, and the bank.

Key Features of SET:

1. Authentication:

SET uses digital certificates, issued by trusted certificate authorities (CAs), to authenticate the identities of all parties involved in a transaction. This prevents fraud by ensuring that only legitimate entities can participate in the transaction process.

2. Encryption:

SET encrypts the credit card information during the transaction process. This ensures that the card details are only accessible to the issuing bank and not visible to the merchant or any other third party, enhancing the security of sensitive information.

3. Integrity:

SET ensures that the data transmitted cannot be altered during transmission. Digital signatures are used to verify that the message received is exactly what was sent, ensuring the integrity of the transaction data.

4. Non-repudiation:

SET provides mechanisms that prevent parties from denying their involvement in a transaction. This is important for dispute resolution and fraud prevention.

Technology used in Secure Electronic Transaction (SET) Protocol for credit card payment:

1. Digital Certificates

SET used digital certificates to authenticate the identity of all transaction participants, including the cardholder, the merchant, and the payment gateway. These certificates were issued by trusted Certificate Authorities (CAs), ensuring that each party in a transaction was legitimate.

2. Public Key Infrastructure (PKI)

At the heart of SET was the Public Key Infrastructure (PKI), which provided the framework for encryption and digital signatures used in the protocol. PKI involves the use of a pair of keys (a public key and a private key) for the encryption and decryption of messages. Public keys are openly distributed, while private keys are kept secret by the owner.

3. Dual Signature

The dual signature technology in SET was designed to protect the privacy of the transaction while ensuring that both the merchant and the bank could authenticate the transaction independently. The cardholder’s order information was encrypted in such a way that only the merchant could decrypt it, and the payment information was encrypted so only the bank could access it. The dual signature linked these two pieces of information for verification purposes without allowing either party to access the other’s encrypted information.

4. Encryption

SET used strong encryption methods to secure all communications between the transaction participants. Data encryption ensured that sensitive information, such as credit card numbers, was protected during transmission over the internet.

5. Hash Functions

SET utilized hash functions to create a unique digital fingerprint of the transaction data. This hash was then used to generate digital signatures, ensuring data integrity by allowing parties to verify that the data had not been altered in transit.

6. Digital Signatures

Digital signatures were used to provide non-repudiation and to verify the integrity of the transmitted data. By using the private key to sign transaction data, the sender could assure the receiver that the data was sent by the claimed sender and had not been tampered with.

7. Secure Sockets Layer (SSL)

While SET itself provided a comprehensive security framework, it was often implemented in conjunction with Secure Sockets Layer (SSL) encryption for added security during the transmission of data over the internet. SSL provided an encrypted link between the web server and browser, ensuring that all data passed between them remained private.

8. Certificate Authorities (CAs)

CAs played a crucial role in the SET protocol by issuing and managing digital certificates. They verified the identity of entities requesting a certificate and provided the necessary infrastructure for revoking certificates and managing the lifecycle of digital identities.

Despite its robust security features, SET was not widely adopted due to its complexity and the reluctance of consumers and merchants to switch from simpler, albeit less secure, methods of online payment. The protocol’s requirement for consumers to install additional software and obtain digital certificates was seen as a significant barrier to its widespread use. As a result, simpler protocols, such as SSL/TLS with additional layers of security (like 3-D Secure technology), became the standard for securing online credit card transactions.

Today’s online payment security has evolved with technologies like EMVCo’s 3-D Secure (3DS), tokenization, and end-to-end encryption, which provide secure transaction environments while offering a more user-friendly experience. These technologies focus on balancing security with convenience, addressing the limitations that affected the adoption of the SET protocol.