See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/264127297

Design and development of Secure Electronic Transaction on Proposed

Electronic Payment System

Conference Paper · October 2010

CITATIONS READS

0 785

3 authors, including:

Malik Sikander Hayat Khiyal Aihab Khan

Preston University Iqra University
192 PUBLICATIONS   685 CITATIONS    64 PUBLICATIONS   380 CITATIONS   

SEE PROFILE SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Location Estimation View project

Applications of Volunteered Geographic Information (VGI) in Pakistan View project

All content following this page was uploaded by Malik Sikander Hayat Khiyal on 31 May 2016.

The user has requested enhancement of the downloaded file.

 2010 International Conference on Intelligence and Information Technology (ICIIT 2010)
DESIGN AND DEVELOPMENT OF SECURE ELECTRONIC TRANSACTION
ON PROPOSED ELECTRONIC PAYMENT SYSTEM
Sundas Iqbal
Graduate, Department of Software Engineering, Fatima
Jinnah Women University, Rawalpindi, Pakistan
sundas.iqbal87@gmail.com
Aihab Khan
Department of Computer Science, Fatima Jinnah
Women University, Rawalpindi, Pakistan
aihabkhan@yahoo.com
Abstract —People use more and more internet as a purchasing
tool, for doing so they have to communicate their personal
banking information. This is sensible data that is need to be
protected by secure exchanges. For that a secure electronic
payment infrastructure is needed. .In response to this need the
Secure Electronic Transactions (SET) specification has been
proposed by a consortium headed by Visa and Master Card.
The proposed system is made secure enough, so that only
authorized customer can relay fearlessly and make electronic
transactions access it .For this purpose techniques of
encryption and decryption have been applied for the security
of information
Keywords e-commerce, electronic payment system, Secure
electronic transactions (set)
I. INTRODUCTION
In the area of e-commerce payment is one of the major
elements. Generally payment made through e-payment is
mode of on-line transaction. The purpose of on-line
transaction is to allow the purchaser and vendor to made
agreements between them without their physical presence.
For this purpose the vendor and purchaser are provided the
facility of website. Web store manages the transfer of funds
from the internet user to the e-merchant. The money may
come from a mobile phone, from a digital wallet (e-money),
from a credit card, from a prepaid account or from a micro-
billing system. Recently, sudden increase of publicity has
indicated the growth of the Internet and the possibilities for
clients and merchants to experience a new shopping trend
called electronic commerce. In the use of electronic payment
process, the safety factors involved in the six areas, which
include Confidentiality of information, non-repudiation of
information, validity of information, integrity of the
information, Confidentiality of information, authenticity of
the transaction status, reliability of the system[1].
A. Contributions
This analytical research has provided an insight that how
the secure electronic transactions (SET) are implemented on
978-1-4244-813 8-5/10/$26.00 C 2010 IEEE
Dr. Malik Sikander Hayat Khiyal
Chairperson, Department of Computer Science and
Software Engineering, Fatima Jinnah Women University,
Rawalpindi, Pakistan
m.sikandarhayat@yahoo.com
the proposed model of electronic payments for providing
confidentiality of information, ensurance of payment
integrity by authentication of transaction. After studying the
different electronic architectures, the set have been
implemented with its secure characteristics for developing
countries. The system is implemented according to the
requirements available resources, assets and technology of
the local environment.
II. RELATED WORK
Guan et. al. [2] proposed architecture for the Secure
Agent Fabrication Evolution and Roaming (SAFER) that
further facilitate e-commerce using agent technology. In this
paper, the authors explore the electronic payment aspect of
SAFER. For implementation they selected the Secure
Electronic Transaction (SET) protocol and E-cash. On the
basis that SET (Loeb, 1998) protocol satisfies the three
criteria of compatibility, scalability and security has chosen
as the payment scheme. By applying to a local Community
Administration Centre (CAC) a network client can join a
SAFER community. After accepting the application of
applicant, CAC issues a digital certificate to the applicant.
This certificate can be used by trusted remote hosts to
identify clients’ agents that roam to. On member’s request
all agents are fabricated by the Agent Factory under these
organized communities. Individual owners can be controlled
by Agent Butler, a coordinating entity after customization.
In order to separate the communication either the
coordination between the parties at certain stages during
payment process or exchange of all encrypting the messages
among different entities, the SET protocol is more suitable.
In the payment confirmation stage, Certificate Authority,
Payment Gateway, the Owner and Merchant Host are all
involved in message exchanges. In addition, the Certificate
Authority and the Payment Gateway are requested to
validate the Owner’s payment information, then the
Merchant send out the payment confirmation to the SET
payment agent,. The whole process is time consuming. [3]
V2-621
 2010 International Conference on Intelligence and Information Technology (ICIIT 2010)

Figure 1. Simple Encrypted Payment System Model

Hua Jiang, Jing Yang’s [4] proposed Architecture with

implementation of SET. It makes use of encryption
technology to bank cards and other critical information. To
confirm the authenticity message the encrypted digital
signature scheme is used. Also software support services and
Business servers are used.
Figure 2. Proposed Electronic Payment System for Local Environment
III. PRELIMINARIES
Electronic Payment system has changed world to a
The worldwide proliferation of the internet led to the
global village. The forces of globalization have made this
birth of electronic commerce. The SET Secure Electronic
ONE world and ONE economy. Now there is no more
Transaction protocol was jointly developed by Visa and
choice. By keeping an eye on the existing E-payment
MasterCard as a method to secure payment card transactions
systems having SET implementation it can be concluded that
over open networks. SET is being published as an open
every EPS has SET implementation in its own way. Yet still
specification for the industry. This specification is available
no fool proof system has been developed. Pakistan and
to be applicable to any payment card service and may be
developing countries do not have a secure electronic
used by software vendors to develop applications. The SET
payment infrastructure. The electronic payment system
protocol provides three main advantages that put altogether
which we are trying to build will be efficient enough to be
to make it safer than other payment methods [5].
implemented in the local environment. For security
IV. FRAMEWORK OVERVIEW assurance we will implement SET. It is proposed while
keeping in account the available resources present in the
A. Strengths of Architecture Based On SET local environment. Our main focus is on security, Cost
Authentication: Anyone involved in obtaining a digital effectiveness and efficiency gain like atomicity, availability,
signature like cardholder, bank, merchant etc., need anonymity and acceptability.
authentication from Certificate Authority (CA).
Limits merchant’s access: To avoid any inconvenience on V. FLOW DIAGRAMS RELATED TO PROPOSED
ARCHITECTURE
phone transaction, merchant has no access to credit card
information. It makes SET safer. The figure below shows SET plays its role in an online
Limits access: This means to maintain the customer’s transaction.
privacy by not giving access to order information to credit
card issuer.
Immediate verification: This module immediately verifies
the customer authenticity and credit availability by the
merchant, so the merchant fulfill orders without any risk.
Stronger encryption: This module lets SET use stronger
encryption, as the card information is of fixed length. Both
credit card information and encrypts order done separately.
Figure 3. The role of SET in online transaction.

V2-622
 2010 International Conference on Intelligence and Information Technology (ICIIT 2010)

Figure 4. Payment Procedure.

This figure 4 shows the payment procedure. The

entities involved in this process are Cardholder, Merchant,
Issuer Bank, Payment Gateway and Merchant

Figure 5. Flow Chart for Functioning Of SET Transactions

V2-623
 2010 International Conference on Intelligence and Information Technology (ICIIT 2010)

Figure 5. Shows flow chart functioning of SET in the Else

proposed architecture. First customer obtains a credit card Cancel}
account such as Master Card or Visa with a bank that
supports ae-payment and SET. The customer browsed the Authorization
merchants Website and selects items he wants to purchase. If select submit
He sends list of items to be purchased to the merchant who
returns order form. The customer sends the order Go to authorization page
information and payment information. Payment information {
contains the credit card information which is sent to
If credit card number is true
merchant in encrypted form. Then merchant sends payment
information to payment gateway, requesting authorization Then Show message
that the customer’s available credit is enough for this "This Customer is Authorized From Bank."
purchase. After that merchant ends confirmation of
information to the customer and ships the goods and services Else
to the customer. "This Customer is Not Authorized From Bank.}
The complete working of the system is shown in figure 5.
if authorized
VI. ALGORITHM Payment Transfer
The proposed architecture will work using this algorithm. Decrypt credit card number
The merchant and the customer should be registered with the
CA before starting any transaction Then make
Category Payment request through payment gateway
Customer obtains credit card account Response.Redirect("PaymentGateway”
Select Category then Make
Add CategoryId Payment request to issuer}
Choose SubCategoryId Then
Select Item list of selected category Transfer payment to merchant account
If Select (Item} Show
Then "Payment Transfered To Merchant Bank
{Show detail of selected item} End
Buying Phase
If {Want to buy selected item}
VII. CONCLUSION AND FUTURE WORK
Electronic Payment system infrastructure is present in
Then select
third world countries but it is not secure enough. The
{Add to order form} proposed architecture was also lacking the security feature.
Else That architecture is made secure by the implementation of
secure electronic transaction infrastructure. Only authentic
{Go back to category} customer can now purchase goods from merchant’s site
Ordering Phase whose credit card number is valid and credit card amount is
enough to buy the desired product. A trusted third party
If select add to order form
(payment gateway) sis involved who is dealing with all the
do payment settlements. Merchant can not misuse customers’
AddToOrder(SubCategoryId
credit card details because the information send to him is
sent in encrypted form. Only payment gateway can decrypt
go to the information and deal with the customer’s bank. At first
Order form and fill required fields like credit card No., expiry Date, its checked weather the customer is authorized one or not
then the whole transaction takes place.
and telephone , Address Hence the site is made secure enough that any authorized
Select customer can easily rely on it and fearlessly make the
electronic transaction over the internet. we have made a SET
{Submit}
based transaction system but in SET certification of both
{Encrypt} merchant and customer from a certification authority is
Else needed that is not currently done in our project, we have
assumed that both customer and merchant are certified one,
{Continue shopping} that could be done in future so that the system could be fully

V2-624
 2010 International Conference on Intelligence and Information Technology (ICIIT 2010)

SET based. If this system is to be implemented in Pakistan
then strong support of government is needed as there is not
much awareness of credit card based electronic
REFERENCES
[1] UETA Task Force, “Guidelines for the Management of Electronic
Transactions and Signed Records”, Department of Information
Resources and the Texas State Library and Archives Commission,
September 2002
[2] Sheng-Uei Guan, Sin Lip Tan and Feng Hua,” A Modularized
Electronic Payment System for Agent-based E-commerce”,
Journal of Research and Practice in Information Technology,
Vol. 36, No. 2, May 2004
[3] Ganesh Ramakrishnan,” Secure Electronic Transaction (SET)
Protocol“, Information Systems Control Journal, CISA, Volume 6,
2000
[4] Hua Jiang, Jing Yang, “On-line Payment and Security of E-
commerce”, Proceedings of the 2007 WSEAS International
Conference on Computer Engineering and Applications, Gold
Coast, Australia, January 17-19, 2007 545
[5] www.mastercard.com

V2-625

View publication stats