Question

Two security methods are used in the Purchase Request message to protect it from potential passive and active attacks from a Merchant. Name the security methods and describe how they specifically protect the Purchase Request message from the relevant attacks.

Answer 1

Two security methods are used in the Purchase Request message to protect it from potential passive and active attacks from a Merchant are:

1.SET

2.Credit Card Encryption mechanism

The process of purchase request generation requires three inputs:

1.Payment Information (PI)

2.Dual Signature

3.Order Information Message Digest (OIMD)

1.Secure Electronic Transaction :

SET is a system which ensures security and integrity of electronic transactions done using credit cards in a scenario. SET is not some system that enables payment but it is a security protocol applied on those payments. It uses different encryption and hashing techniques to secure payments over internet done through credit cards

SET protocol restricts revealing of credit card details to merchants thus keeping hackers and thieves at bay.

2.Credit Card Encryption:

Credit card encryption is a security measure used to reduce the likelihood of credit or debit card information being stolen.

It makes it impossible to access the purchase request and credit card information without the corresponding encryption key that lets the merchant and financial institution conduct their transactions.

Card issuers use many methods to encrypt credit cards including magnetic strips,PIN numbers,electronic chips and CVV.