Building SET Applications for Secure Transactions

How to implement the SET Standard for safe and secure credit card payments on the Internet.

Endorsed by Mastercard, Visa, American Express, IBM, Microsoft, and Netscape, SET is the only fool-proof method available for protecting on-line payments against fraud and theft. Designed for Web developers, this complete guide provides vital information to both IT and general business managers.

Written by experts who are among the few with hands-on experience building SET applications and managing their development, Building SET Applications for Secure Transactions shows you how to:

• Build new payment applications and modify existing ones
• Purchase and install SET compliant server components
• Design, build, and test SET compliant payment applications
• Coordinate with such external parties as banks and third-party Internet service providers
• Authenticated all parties to payment transactions
• Prevent theft by keeping payment contents secret
• Fully understand the cryptographic techniques used with SET
• Properly implement all of the necessary SET software and hardware
• Use Digital Certificates and key management

1. What's At Stake?
• Why SET?
• Web trends: less Hype, More Hyperspeed
• The Roots of SET
• SET's Features Make It Happen
• SET's Benefits Know No Bounds
• Where SET Stands
2. Payment Systems 101
• Charge It!
• A Brief History of Payment Cards
• Payment Cards Today
• Steps in a Payment Card Transaction
• SET's Role in an On-line Payment Card Transaction
• Steps in a SET Payment Card Transaction over the Internet
• SET to Integrate into the Internet
3. SET's Participants
• What Are Digital Certificates?
• Certify Me, Please!
• Cardholders
• Merchants
• Acquirer Payment Gateways
• Payment Card Brand Associations
• Certificate Authorities
4. An Overview of Cryptography
• Some Basic Terms and Concepts
• Cryptosystems — Yesterday and Today
• SET's Applied Cryptography
5. SET's Application of Cryptography
• SET Is Designed for Independence
• SET Message Pair Notation
• A Brief Introduction to ASN.1/DER
6. Hardware or Software Cryptography?
• Encryption Is an Abstract Process
• Hardware-assisted Cryptography
7. SET's Hierarchy of Trust
• SET's Certificate Management Architecture
• SET's Hierarchy for Certificate Authorities
8. SET Key Management Principles
• Environment Security Assumptions
• Key and Certificate Validity Periods
• Private Key Storage
• Attacks on CA Systems
• Certificate Practice Statements
• Payment Gateway and CA Key Compromise Recovery
9. Electronic Wallets and Consumer Digital Certificates
• Why Wallets?
• Show Me Your ID, Please
10. Merchant SET POS Software and Merchant Digital Certificates
• Merchant Digital Certificates
• SET-compliant POS Software for Merchant Servers
11. SET Message Flow Protocols
• Certificate Issuance Protocols
• Payment System Flows
• Gateway Certificate Request and Batch Administration Protocols
• Error Messages
12. SET Message Pairs
• SET Message Pair Overviews
• SET Message Pair Definitions
13. Planning
• A Call to Arms
• Justify Yourself
• Shopping for a SET Merchant Bank
• Transaction Processing and Fulfillment Options
• Preparing for Detailed Analysis and Design
14. Analysis
• Object-Oriented Analysis and Design
• Applying OOA&D to Your SET Project
15. Designing Your SET System
• Designing the Components for SET
• Benefits from Distributing SET Processing
16. SET Installation and Configuration
• Another View of the SET POS Architecture
• POS Components
• Preinstallation Checklist
17. Testing and Certifying Your SET Environment
• Underwriting the SET Standard
• Interoperability Testing
• End-user SET Testing and Certification
18. Operating Your SET Environment
• Capturing Transactions
• Settling Your Differences!
• Care and Feeding of Your SET Server Environment
• Exceptional Transactions!
• Pruning Your Databases
• POS System Reporting
• Monitoring the Environment
19. Intranets, Extranets, and SET
• Three Kingdoms of Internet Security
• Intranets and Extranets
• Basic Threats to Intranets and Extranets
• SET's Role in Intranets and Extranets
• Roll Your Own Policies
20. Commercial Purchasing and Open Buying on the Internet (OBI)
• An Overview of Commercial Buying
• Open Buying on the Internet
• Who Needs OBI?
• OBI System Requirements
• OBI Technical Requirements
• Piloting OBI
21. SET for the Future
• Elliptical Curveballs?
• SmartCards and ECC
• Applying SET Internationally
• I'm OK. You're Not OK. Or Are You?
• Challenges and Beyond

• Web Resources Appendix

Advertising book about a failed project. You are guaranteed to not being able to do what the title says after having read it. Crap meets trash.