View
232
Download
0
Tags:
Embed Size (px)
Citation preview
BanestoEasy SET Project
Julián [email protected]
Technological Strategy Director
http://www.banesto.es
6th of July, 2,000víspera de San Fermín
Agenda
Banesto: early involvement in SET Some criticism to SET SET trends SET flavours (Classic, MIA, Easy) Easy SET project: standard and alternate hierarchies Payment scenarios Banesto Virtual POS and SET in VPOS Wath EasySET working for you Action plan Fee arrangement proposal EasySET portal: www.easy-set.org
1997 19991998
First Spanish SET transaction (with
Banesto Virtual Cash Card)
2000 2001
Banesto & IBM initiate a SET Trial
with Banesto Virtual Cash Card
Banesto begin “SET Facil”- “Easy SET”
Project
1996
SET Facil adoption (500.000 cardholders, including other banks)2000+ virtual shops
1000 virtual shops50.000
cardholders
SET-Facil Release
Initial SET deployment
Early involvement in SET
SET Criticism
SET is complex Wallets usually weights 4-6 Mb Users need to install software in their PC Certificates are hard to get and take some time Versions are not easily maintained SET infrastructure is expensive Interoperability is not guaranteed Issuer banks don´t support SET
SET Trends
SET can be easy (in fact it is easier to use than SSL, once you have the certificate)
Light Wallets and Plug-ins for Server Wallets weight under 600Kb
Users still need to install software in their PC, but this include additional features
You should get your Certificate in a 1-step process Versions should be updated transparently SET infrastructure is expensive ( but for some projects
you can use Easy SET alternate root) Interoperability is not guaranteed Issuer banks don´t support SET
“Classic” SET
Merchant ServerMerchant ServerPayment GatewayPayment Gateway
Payment Acquirer or Merchant’s Bank
Issuing Bank
Root CAVerification of SET Certificates through the chain of trust
Transaction Information
Digital Wallet
Digital Certificate
(2) (3)
(1)
Merchant Server
Merchant Server
Payment GatewayPayment Gateway
Payment Acquirer or Merchant’s Bank
Issuing Bank
Root CA
Verification of SET Certificates
through the chain of trust
Transaction Information
+Credit Card
Number
(2)(1)
SSL
Security Weak Point: End-User Id. + Auth.
Security Weak Point:CC Number Storage
Security Weak Point:CC Number Transfer
MIA SET
Payment ServerPayment Server Payment GatewayPayment Gateway
Issuing Bank
Merchant Storefront
Safelayer Wallet (500k)
Catalog selection and shopping carrt
SET transaction
CA hosted by
SET Payment
Classic Authorisation and Settlement transaction
Card Clearing Network
Payment Server and Payment Gateway hosted by
Easy SET
Root CA (SET Co)
Geo-Political CA (optional)(only for VISA)
Brand CA(MasterCard, Visa)
Merchant CA(Banesto)
Cardholder CA (Banesto)
Cardholder
Payment Gateway CA(MasterCard, Banesto in VISA)
Merchant Payment Gateway
SET Hierarchy
Hosted by
Alternate Root CA (Eurociber with Safelayer SW)
Geo-Political CA (optional)
Brand CA(Private Cards)
Merchant CA(Brand X)
Cardholder CA (Brand X)
Cardholder
Payment Gateway CA(Brand X)
Merchant Payment Gateway
Alternate SET Hierarchy
Classic B2C payment scenario
Cards clearing system
Catalog browsing
Secure form
Auth request
Card # is stored in merchant DB
“Linear” B2C payment scenario
Spanish B2C payment scenario
Inte
rnal
secu
re
com
mun
icatio
n
Gateway
“Triangular” B2C payment scenario
Catalog browsing
Secure form
Cards clearing system
Payment triangle
Spanish SET payment scenario
Inte
rnal
secu
re
com
mun
icatio
n
SET Gateway
“Triangular” B2C payment scenario allows transparentSET deployment in the merchant side
Catalog browsing
Secure form
Cards clearing system
Payment Server
Wallet allows SET payment with or without certificates
Banesto SET payment scenario
Inte
rnal
secu
re
com
mun
icatio
n
SET Gateway
“Easy SET” is a brand in the merchant side and a special RA-wallet communication enhacement to allow easy certificate download
Catalog browsing
Secure form
Cards clearing system
Payment Server
Easy SET Wallet allows easy certificate download
SET Facil - Easy SET
1,500 sites SET enabled by end Y2K (most of them at http://www.escaparate.com)
500 Kb Wallet (Alternate SET root available) Merchant can be unaware they are SET enabled 50,000 potential cardholders with SET access 1-step certificate download Easy SET Wallet allows remote transparent upgrade Easy SET Wallet will include ECML extensions to allow
automatic form filling (Name, address,...) Merchant benefits: lower fees, no chargebacks Cardholder benefit: better security perception
Banesto Easy SET Registration Scenario
Inte
rnal
secu
re
com
mun
icatio
n with
card
data
The bank shows card list to the user in an authenticated internet banking system. User Click on one of then and get inmediatelly the certificate
Card selection in Banesto Internet banking service
Extended wake up message
Easy SET Wallet allows easy certificate download
Wake up message redirection
Extended wake-up message includes PAN card number,
expiration date and one-time password. The wallet doesn´t
need to ask known data to the user and proceeds according to
standard SET registration process
CA hosted by
Standard SSL form at Banesto
You can choose either
SET payment,either
SSL payment
Download the wallet
Click to enterSET Portal(www.easy-set.org)
- get info
- download walet
- get certificate
Action Plan
300 merchants by summer 2000 1,500 merchants by end 2000 50,000 potential cardholders by summer 2000 Easy SET downloadable wallet for everybody Banesto Merchants could allow SET initiated
transaction without cardholder certificate (Wallet mandatory)
SET Portal: www.easy-set.org (EasySET demo inside)
Fee arrangement proposal
SET enabled merchants should benefit from SET fees and no-chargeback even for SSL transactions
SSL transactions should not pay fee to issuer SSL-only merchants should pay the higher fees and
suffer chargebacks