MODULE 1

E-Commerce:

E-commerce, or electronic commerce, refers to the buying and selling of goods or services over the
internet. It involves conducting transactions using digital technologies such as websites, mobile apps,
or other online platforms. It involves the use of electronic devices such as computers, smartphones,
and tablets to conduct transactions between buyers and sellers.

Types of e-commerce:

Advantages of ecommerce:

• Increased reach: E-commerce enables businesses to reach a wider audience beyond their
physical location, allowing them to tap into new markets and expand their customer base.
• Convenience: Consumers can shop from anywhere, at any time, and on any device, making
e-commerce more convenient than traditional brick-and-mortar shopping.
• Cost-effective: E-commerce can reduce overhead costs for businesses, such as rent and
utility bills, and often allows for more efficient inventory management.
• Personalization: E-commerce businesses can use customer data to personalize marketing
efforts, such as targeted advertising and personalized email campaigns.
• 24/7 availability: E-commerce businesses can remain open 24/7, allowing consumers to
shop at any time.

Disadvantages of ecommerce:

• Security concerns: E-commerce transactions can be vulnerable to security breaches, which

can result in the loss of sensitive customer data or financial information.
• Lack of personal interaction: E-commerce can lack the personal touch of face-to-face
interaction, which can be important for building customer relationships.
• Dependence on technology: E-commerce businesses are dependent on technology, which
can be subject to technical glitches, internet outages, and other issues that can disrupt
operations.
• Shipping costs: E-commerce requires shipping products to customers, which can add to the
overall cost and lead to shipping delays and other logistical challenges.

1
 • Competition: E-commerce has led to increased competition among businesses, with many
companies competing on price rather than quality, which can make it challenging for
businesses to stand out and succeed.

EDI (ELECTRONIC DATA INTERCHANGE):

Electronic data exchange (EDI) is a computer-to-computer exchange of business documents in a

standard electronic format between business partners. EDI enables the exchange of data between
different computer systems without the need for human intervention.

EDI has been widely adopted by businesses for a variety of transactions such as purchase orders,
invoices, shipping notices, and payment information.

Benefits of EDI:

• Improved accuracy and efficiency: EDI eliminates the need for manual data entry, reducing
the risk of errors and saving time.
• Faster processing: EDI can speed up the processing of transactions, allowing businesses to
respond to orders and requests more quickly.
• Cost savings: EDI can reduce administrative and paper-based processing costs, such as
printing and postage.
• Improved customer service: EDI can help businesses respond more quickly to customer
orders and inquiries, improving customer satisfaction.
• Increased visibility: EDI provides businesses with real-time visibility into their transactions,
allowing them to track and monitor orders, shipments, and payments.
• Increased security: EDI can provide more secure transmission of sensitive data compared to
traditional methods such as email or fax.
• Environmentally friendly: EDI can help businesses reduce paper usage and waste,
contributing to environmental sustainability.

Components of EDI:

• Sender and receiver: EDI involves two parties - the sender and the receiver - who exchange
electronic documents. The sender creates and sends the document in a standard EDI format,
and the receiver receives and processes the document.
• Translation software: The electronic documents exchanged in EDI are in a standard format
that can be understood by both parties. However, the internal systems of the sender and
receiver may use different formats. Translation software is used to convert the electronic
document from one format to another.
• Communication protocols: EDI documents are transmitted over a communication network
using specific protocols, such as AS2, FTP, or VAN. These protocols ensure secure and
reliable transmission of data.
• Mapping: Mapping is the process of defining the relationship between data elements in the
EDI document and the corresponding data elements in the internal system of the sender or
receiver. Mapping ensures that the data in the EDI document is correctly processed by the
internal systems.
• Standards: EDI standards define the format, structure, and content of electronic documents.
Standards ensure that documents are consistent and can be understood by different parties.
• Acknowledgments: EDI documents may require acknowledgments to confirm that they have
been received and processed successfully. Acknowledgments can be automated or manual.

2
 MODULE 2
UN/EDIFACT:

United Nations Electronic Data Interchange For Administration, Commerce and Transport is a global
standard for electronic data interchange (EDI) developed by United Nations. It provides standardized
format for the exchange of business document between trading partners, enabling companies to
exchange information electronically in structured and standardized way.

It covers a wide range of business document including purchases orders, invoices, shipping address
etc. It provides a common set of data element, segment and messages that enable different
computer system to communicate with each other. It is widely used in international trade.

EDIFACT Message Interchange Structure:

The EDIFACT message interchange structure defines how electronic business messages are
exchanged between trading partners using the UN/EDIFACT standard. The structure consists of three
main components: interchange, group, and message.

• Interchange: An interchange is the highest-level component in the EDIFACT structure. It

represents a complete exchange of EDI messages between two trading partners. An
interchange consists of one or more messages that are grouped together for transmission.
Each interchange is identified by a unique interchange control header and interchange
control trailer, which include information about the sender, receiver, and date and time of
transmission.
• Group: A group is the second-level component in the EDIFACT structure. It represents a
collection of messages that are related to a specific business transaction or process. A group
may contain one or more messages. Each group is identified by a unique functional group
header and functional group trailer, which include information about the type of messages
included in the group.
• Message: A message is the third-level component in the EDIFACT structure. It represents a
specific business document, such as a purchase order, invoice, or shipping notice. Each
message is identified by a unique message header and message trailer, which include
information about the type of message and the sender and receiver of the message.

Within each message, the data elements are organized into segments, which are groups of related
data elements. Segments are identified by a three-letter code that indicates the type of data
included in the segment, such as the name of the sender or the price of an item. Each segment
includes a set of data elements, which are individual pieces of information that describe the
transaction.

UN/EDIFACT message directories:

UN/EDIFACT message directories are reference guides for businesses and organizations that use the
UN/EDIFACT standard for electronic data interchange. The directories are maintained by the United
Nations Centre for Trade Facilitation and Electronic Business (UN/CEFACT) and are designed to help
businesses and organizations navigate the complex world of electronic data interchange.

There are two main types of UN/EDIFACT message directories:

3
 • Message directories: These directories provide information about the different message
types used in the UN/EDIFACT standard. Each message type is identified by a unique code
and includes a description of the purpose of the message, the segments and data elements
included in the message, and any special instructions or guidelines for implementing the
message.
• Data element directories: These directories provide information about the different data
elements used in the UN/EDIFACT standard. Each data element is identified by a unique
code and includes a description of the data element, its data type (such as alphanumeric or
numeric), and any special formatting rules or guidelines.

MODULE 3
Internet & Extranet:

The Internet is a global network of interconnected computers and other devices that use
standardized communication protocols to exchange data and information. It is a public network that
is accessible to anyone with an internet connection and a device that supports internet protocols. It
is also the foundation for many other technologies and services, such as the World Wide Web, email,
and cloud computing.

An extranet, on the other hand, is a private network that is accessible only to authorized users and
organizations. It uses the same communication protocols and technologies as the Internet, but it is
restricted to specific users and organizations. It may also include features such as authentication and
access control to ensure that only authorized users can access the network.

Commerce over Internet:

Ecommerce, also known as electronic commerce or internet commerce, refers to the buying and
selling of goods or services using the internet, and the transfer of money and data to execute these
transactions.

Commerce over the internet refers to the use of the global network of interconnected computers
and devices, known as the Internet, to conduct business transactions, such as buying and selling
goods and services, marketing products, and delivering customer service.

Commerce over Extranet:

Commerce over an extranet refers to the use of a private network that is accessible only to
authorized users and organizations for conducting business transactions, such as buying and selling
goods and services, sharing information, and collaborating on projects.

Identification & tracking tools:

Identification and tracking tools are essential components of e-commerce, as they help businesses to
monitor and manage their online operations more effectively. Some of the most common
identification and tracking tools used in e-commerce include:

• Cookies: Cookies are small text files that are stored on a user's computer when they visit a
website. Cookies are used to track user behavior, preferences, and browsing history, which
can help businesses to deliver more personalized and relevant content to their customers.
• User accounts: User accounts allow customers to create and manage their own profiles on a
website. User accounts can be used to store customer information, such as shipping and

4
 billing addresses, order history, and payment details, which can help businesses to provide a
more personalized and efficient shopping experience.
• IP tracking: IP tracking allows businesses to track the IP addresses of their website visitors,
which can provide valuable insights into customer behavior, preferences, and location.
• Inventory tracking: Inventory tracking tools allow businesses to monitor their stock levels in
real-time, ensuring that they have sufficient inventory to meet customer demand and avoid
stockouts.
• Order tracking: Order tracking tools allow customers to track the status of their orders, from
placement to delivery. This can help to improve customer satisfaction and reduce customer
inquiries.
• Analytics tools: Analytics tools allow businesses to track and analyze website traffic, user
behavior, and other key performance indicators. This information can be used to improve
website design, marketing campaigns, and overall business strategy.

EAN System:

The EAN (European Article Number) system is a standardized barcode system used to identify
products and track products globally. It was originally developed by the European Article Numbering
Association (EAN) and is now managed by GS1. It is widely used in retail and other industries to
facilitate inventory management.

The EAN system consists of a 13-digit code that is encoded into a barcode. The first three digits of
the code represent the country or region where the product was registered, while the next nine
digits represent the unique product code. The final digit is a check digit that is used to verify the
integrity of the barcode. It was originally used in all countries around the world except for USA and
Canada where the 12 digit UPC is used.

EANCOM:

The EANCOM standard defines a set of messages, data elements, and syntax rules that are used to
exchange business documents, such as purchase orders, invoices, and shipping notices, between
trading partners in a standardized format i.e it uses a standardized message format that includes a
series of data elements arranged in a specific order.

It is a specific subset of the EDIFACT standard that is used for electronic business transactions
between trading partners in the retail industry.

MODULE 4
Business process re-engineering:

Business process re-engineering (BPR) is a management approach that involves the radical redesign
of business processes to achieve significant improvements in performance, efficiency, and customer
satisfaction. The goal of BPR is to fundamentally rethink and improve business processes by
eliminating unnecessary steps, automating manual processes, and leveraging technology to
streamline operations.

BPR can have significant benefits for organizations, including increased efficiency, improved quality,
and reduced costs

It involves four process

5
 • Define the scope and objectives: The first step in BPR is to define the scope and objectives of
the project. This involves identifying the business processes that are in need of improvement
and setting specific goals for the redesign project.
• Analyze and redesign processes: The second step is to analyze the current business
processes and identify areas for improvement. This may involve mapping out the current
processes, identifying bottlenecks and inefficiencies, and redesigning processes to eliminate
unnecessary steps and automate manual processes.
• Implement and test the new processes: The third step is to implement the redesigned
processes and test them to ensure that they are functioning as intended. This may involve
piloting the new processes in a small group or department before rolling them out to the
entire organization.
• Monitor and continuously improve: The final step in BPR is to monitor the new processes and
continuously improve them over time. This involves gathering feedback from employees and
customers, analyzing performance data, and making adjustments as needed to further
improve efficiency and effectiveness.

Strategic Alignment Model:

The Strategic Alignment Model is a framework used in business management that gives a complete
overview of the elements that are relevant to determining a business level strategy.

The Strategic Alignment Model consists of four components:

• Business Strategy: This component refers to the organization's overall goals and objectives,
as well as the strategies that have been put in place to achieve those goals. The business
strategy should drive the design and implementation of business processes, and should be
the primary consideration in any BPR effort.
• Information Technology (IT) Strategy: This component refers to the organization's overall
approach to using technology to support its business processes. The IT strategy should be
aligned with the business strategy, and should be designed to support the goals and
objectives of the organization.
• Organizational Infrastructure: This component refers to the organizational structure, culture,
and processes that support the implementation of business processes. The organizational
infrastructure should be designed to support the business and IT strategies, and should be
flexible enough to adapt to changing business needs.
• IT Infrastructure: This component refers to the technology infrastructure that supports the
organization's business processes. The IT infrastructure should be designed to support the
goals and objectives of the organization, and should be aligned with the IT strategy.

BPR Methodlogy:

BPR (Business Process Reengineering) methodology is a management approach that aims to improve
business processes by rethinking and redesigning them from scratch. It is a powerful tool for
organizations that want to improve their business processes and achieve better performance.

The BPR methodology typically involves the following steps:

• Identify the process to be reengineered: The first step is to identify the process that needs
to be reengineered. This may involve analyzing existing processes, identifying bottlenecks,
and determining which processes have the greatest impact on the overall performance of
the organization.

6
 • Define the goals and objectives of the reengineering project: The next step is to define the
goals and objectives of the reengineering project. This involves identifying the desired
outcomes, such as increased efficiency, reduced costs, improved customer satisfaction, or
better quality.
• Analyze the current process: The third step is to analyze the current process in detail. This
involves mapping the process flow, identifying the inputs and outputs, and documenting the
roles and responsibilities of all stakeholders.
• Design the new process: The fourth step is to design the new process. This involves
identifying opportunities for improvement, eliminating non-value-added steps, and
developing a new process that meets the desired goals and objectives.
• Implement the new process: The fifth step is to implement the new process. This involves
communicating the changes to all stakeholders, providing training and support, and
monitoring the new process to ensure that it is working as intended.
• Measure the results: The final step is to measure the results of the reengineering project.
This involves comparing the performance of the new process to the old process and
assessing whether the desired outcomes have been achieved.

Rapid Re Methodology:

Rapid Re (Rapid Results) methodology is a management approach that aims to achieve quick and
tangible results through the implementation of small, focused, and high-impact projects. The Rapid
Re methodology typically involves the following steps:

• Identify the problem: The first step is to identify the problem or opportunity that needs to
be addressed. This may involve analyzing existing processes, identifying bottlenecks, and
determining which areas have the greatest impact on the overall performance of the
organization.
• Define the goal: The next step is to define the goal that needs to be achieved. This involves
identifying the desired outcomes, such as increased efficiency, reduced costs, improved
customer satisfaction, or better quality.
• Develop a team: The third step is to develop a team of individuals who will work together to
achieve the goal. The team should be composed of individuals who have the necessary skills
and knowledge to address the problem and achieve the desired results.
• Plan and execute the project: The fourth step is to plan and execute the project. This
involves identifying the specific actions that need to be taken to achieve the goal, assigning
responsibilities, and developing a timeline for completion.
• Monitor and evaluate progress: The fifth step is to monitor and evaluate progress. This
involves tracking the results of the project and making adjustments as necessary to ensure
that the desired outcomes are achieved.
• Celebrate success: The final step is to celebrate success. This involves recognizing the
achievements of the team and acknowledging the contribution of all stakeholders.

MODULE 5
Concerns for e-commerce growth: Disadvantages of e commerce

Legal Issue for ecommerce:

E-commerce businesses should also regularly review and update their policies and procedures to
ensure that they remain compliant with changing legal requirements. To address these legal issues,

7
e-commerce businesses should consult with legal experts and ensure that they have policies and
procedures in place to comply with relevant laws and regulations

• Data protection and privacy: E-commerce businesses must comply with regulations related
to data protection and privacy, such as the General Data Protection Regulation (GDPR) in the
European Union and the California Consumer Privacy Act (CCPA) in the United States. These
regulations require e-commerce businesses to obtain consent for the collection and use of
personal data, provide customers with the right to access and delete their data, and ensure
that data is protected from unauthorized access.
• Intellectual property: E-commerce businesses must ensure that they do not infringe on the
intellectual property rights of others. This includes trademarks, copyrights, patents, and
trade secrets. E-commerce businesses should be careful not to use images, text, or other
content without permission or license.
• Consumer protection: E-commerce businesses must comply with consumer protection laws,
which vary by jurisdiction. These laws govern issues such as product labeling and advertising,
pricing, and consumer warranties and guarantees.
• Contract law: E-commerce businesses must ensure that they have legally binding contracts
with customers and suppliers. This includes terms of service, privacy policies, and
agreements with suppliers and partners.
• Sales tax: E-commerce businesses must comply with sales tax laws, which can be complex
and vary by jurisdiction. E-commerce businesses may need to collect and remit sales tax in
multiple jurisdictions, depending on where their customers are located.
• Electronic Transactions Laws: E-commerce businesses must comply with laws related to
electronic transactions, which govern issues such as electronic signatures, records retention,
and authentication of electronic records.

Technology for Authenticating Electronics Document:

There are various technologies available for authenticating electronic documents, including:

• Digital Signatures: A digital signature is an electronic form of authentication that uses

encryption to verify the integrity of a document.
• QR Codes: QR codes can be used to authenticate electronic documents by encoding a unique
identifier that can be scanned to verify the document's authenticity.
• Blockchain: Blockchain technology can be used to authenticate electronic documents by
creating an unalterable record of the document's origin and history. It can provide a high
level of security and tamper-proofing for electronic documents.
• Watermarking: Watermarking involves adding a unique digital image to a document that
can be used to authenticate the document's origin and ownership.
• Encryption: Encryption involves using algorithms to convert data into a code that can only be
deciphered by authorized parties. It is used to protect electronic documents from
unauthorized access and tampering.
• Biometrics: Biometric authentication involves using physical or behavioral characteristics,
such as fingerprints or facial recognition, to authenticate the user and verify the authenticity
of electronic documents.

Laws for E-Commerce/ Legal issues for internet commerce : (Legal Issue for ecommerce…. Laws)

8
 MODULE 6
Cyber Security:

Cybersecurity refers to the measures and practices put in place to protect computer systems,
networks, and digital information from unauthorized access, theft, damage, or other malicious
activities.

Or

Cyber security is the practice of defending computers, servers, mobile devices, electronic systems,
networks, and data from malicious attacks.

Cyber Attack:

A cyber attack refers to an attempt by cybercriminals to gain unauthorized access to computer

systems, networks, or data with the intention of stealing, modifying, or destroying information or
disrupting normal business operations. Cyber attacks can take many different forms, including:

• Malware attacks: These involve the use of malicious software, such as viruses, trojans, and
ransomware, to gain unauthorized access to computer systems or data.
• Phishing attacks: These involve the use of fraudulent emails, text messages, or websites to
trick users into revealing sensitive information, such as usernames and passwords.
• Denial of service (DoS) attacks: These involve flooding a network or website with traffic to
overwhelm the system and prevent legitimate users from accessing it.
• Man-in-the-middle (MitM) attacks: These involve intercepting communication between two
parties to steal or modify data or to gain access to systems or networks.
• Password attacks: These involve attempting to crack or guess passwords to gain
unauthorized access to systems or data.
• Social engineering attacks: These involve using psychological manipulation to trick users
into divulging sensitive information or granting access to systems or data.

Hacking:

Hacking refers to the act of gaining unauthorized access to computer systems, networks, or data
with the intention of stealing, modifying, or destroying information or disrupting normal business
operations. Hackers can be individuals, criminal organizations, or state-sponsored actors, and they
use various techniques and tools to exploit vulnerabilities in computer systems and networks.

Firewalls:

firewall is a network security system designed to prevent unauthorized access to or from a private
network. It can be either a hardware device or a software program that filters traffic between
different networks, such as the Internet and a company's internal network.

Firewalls work by analyzing the traffic that passes through them and blocking traffic that does not
meet specified security criteria. They can use a variety of techniques to filter traffic, including packet
filtering, stateful inspection, and application-level gateways.

Cryptography based solutions:

Cryptography is the practice of securing communication and data by encoding it so that it is not
easily understood by unauthorized parties. Cryptography-based solutions can be used to protect

9
data and communications in a variety of applications, including e-commerce, online banking, email,
and messaging.

Digital Signature:

A digital signature is a cryptographic technique used to provide authentication, integrity, and non-
repudiation for electronic documents and messages. It works by using a combination of public key
cryptography and hashing to ensure that a document has not been altered and that it comes from
the claimed sender.

MODULE 7
Cyber crime:

Cyber crimes are criminal activities that are carried out using the Internet or other computer
networks. These crimes can take many forms and can include theft, fraud, harassment, and more.
Here are some common types of cyber crimes:

• Hacking: This involves gaining unauthorized access to a computer system or network in

order to steal data or cause damage.
• Phishing: This is the use of fraudulent emails, websites, or other electronic communication
to trick people into providing sensitive information, such as passwords or credit card
numbers.
• Identity theft: This is the use of someone's personal information, such as their name, social
security number, or credit card number, to commit fraud or other crimes.
• Cyberstalking: This is the use of electronic communication to harass or threaten someone.
• Malware: This is software that is designed to cause harm to a computer system, such as
viruses, trojans, and worms.
• Denial of service attacks: This involves flooding a network or website with traffic in order to
cause it to crash or become unavailable.
• Cyberbullying: This is the use of electronic communication to harass or bully someone, often
through social media.

Information Technology act 2000:

The Information Technology (IT) Act 2000 is an Indian law that governs electronic commerce and
other activities conducted using computer networks. The Act was passed in response to the growing
importance of electronic commerce and other forms of electronic communication, and it aims to
provide a legal framework for these activities in India.

The offences and the punishments that falls under the IT Act, 2000 are as follows :-

• Tampering with the computer source documents.

• Directions of Controller to a subscriber to extend facilities to decrypt information.
• Publishing of information which is obscene in electronic form.
• Penalty for breach of confidentiality and privacy.
• Hacking for malicious purposes.
• Penalty for publishing Digital Signature Certificate false in certain particulars.
• Penalty for misrepresentation.
• Confiscation.
• Power to investigate offences.

10
 • Protected System.
• Penalties for confiscation not to interfere with other punishments.
• Act to apply for offence or contravention committed outside India.
• Publication for fraud purposes.
• Power of Controller to give directions.

Public Key Infrastructure:

Public Key Infrastructure (PKI) is a system of digital certificates, public key encryption, and other
cryptographic protocols that are used to secure electronic communication and transactions. PKI
allows for the secure exchange of data over the Internet or other networks by using digital
certificates to verify the identity of users and devices.

PKI is widely used in a variety of applications, including secure email, online banking, e-commerce,
and government services. It provides a way to ensure the confidentiality, integrity, and authenticity
of electronic communication and transactions, and it helps to prevent fraud and data theft.

PKI & Certifying Authorities:

PKI (Public Key Infrastructure) is a system of technologies and procedures that uses digital
certificates to establish trust in electronic communications and transactions. Certifying Authorities
(CA) are trusted third-party organizations that issue and manage digital certificates for individuals
and organizations. The CA is a critical component of the PKI system, as it is responsible for verifying
the identity of individuals and organizations requesting digital certificates and ensuring that the
digital certificates are valid and trusted.

The role of the CA in the PKI system can be summarized as follows:

• Verification of identity: The CA verifies the identity of the individual or organization

requesting a digital certificate. This is typically done through a process known as identity
proofing, which may involve the use of documents such as passports, driver's licenses, or
other forms of identification.
• Issuance of digital certificates: Once the CA has verified the identity of the requester, it
issues a digital certificate that contains the requester's public key and identifying
information such as their name and email address.
• Management of digital certificates: The CA is responsible for managing the digital
certificates it has issued, including updating and revoking certificates when necessary.
• Certificate revocation: If a digital certificate is compromised or no longer valid, the CA will
revoke the certificate and update the Certificate Revocation List (CRL) to reflect this change.

MODULE 8
Electronic Payment System:

Electronic Payment System (e-Payment) is a type of payment conducted via electronic or online
mediums. Online payment systems eliminate the need for cash or cheque payments. It is a payment
method that allows to conduct online transactions via digital wallets, bank cards and internet
banking systems. The funds are directly debited your bank account.

Different types of electronic payment systems:

11
 • Credit and debit cards: These are the most common forms of electronic payments, which
allow users to make purchases online or in-store using their credit or debit card details.
• Mobile payments: These allow users to make payments using their smartphones, either
through a mobile wallet app or a mobile banking app. Examples of mobile payment apps
include Apple Pay, Google Wallet, and Samsung Pay.
• Online payments: These allow users to make payments online using a variety of methods,
such as bank transfers, e-wallets, and online payment gateways like PayPal, Stripe, and
Square.
• Cryptocurrencies: These are decentralized digital currencies that use blockchain technology
to facilitate peer-to-peer transactions. Examples of cryptocurrencies include Bitcoin,
Ethereum, and Litecoin.

Payment gateway & Internet Banking:

Payment gateways are designed specifically for e-commerce transactions. A payment

gateway is a service that processes online transactions and securely transfers funds from the buyer's
bank account to the seller's account. Payment gateways typically integrate with online shopping
carts and e-commerce websites to provide a seamless checkout experience. When a user makes a
purchase online, the payment gateway encrypts the transaction information and sends it to the
buyer's bank for verification. Once the transaction is approved, the payment gateway transfers the
funds to the seller's account. Popular payment gateways include PayPal, Stripe etc.

Internet banking, on the other hand, allows users to access and manage their bank accounts
online. Users can check their account balances, transfer funds between accounts, pay bills, and make
other financial transactions through their bank's website or mobile app. Internet banking is typically
provided by banks as a value-added service to their customers. Internet banking provides a more
comprehensive set of banking services.

Secure Electronic Transaction:

Secure Electronic Transaction (SET) is a protocol developed by Visa and Mastercard to secure online
credit card transactions. The SET protocol is designed to ensure that credit card information is
transmitted securely over the internet and is not intercepted or tampered with during the
transaction process. SET protocol restricts the revealing of credit card details to merchants thus
keeping hackers and thieves at bay.

The SET protocol involves three parties: the customer, the merchant, and the bank that issued the
credit card. When a customer makes a purchase using SET, the following steps occur:

• The customer selects the items they want to purchase and proceeds to checkout.
• The merchant's website sends a request for payment authorization to the customer's bank.
• The bank checks the customer's account balance and sends an authorization response back
to the merchant.
• The merchant sends a message to the customer's browser containing the transaction details,
which is encrypted using the bank's public key.
• The customer's browser decrypts the message using their private key and verifies that the
transaction details are correct.
• The customer's browser sends a response back to the merchant, indicating that the
transaction is authorized.

12
 • The merchant sends the authorization response and transaction details to the bank, which
processes the payment.

SET uses digital certificates to authenticate the identity of the parties involved in the transaction and
to encrypt sensitive information, such as credit card details. The protocol also uses digital signatures
to ensure the integrity of the transaction data.

13