Hace 10 años que se publicó este artículo sobre Easy SET, una iniciativa que impulsamos desde Banesto, para mejorar la seguridad de los medios de pago y facilitar su uso, y que no pudo tener continuidad por el giro de la industria hacia el 3D Secure.
Sigue estando disponible la presentación que preparé entonces y que se utilizó en un estudio de Celent.
EasySET
By Mark Merkow, CCP, CISSP
September 7, 2000
EasySET is an implementation of the Secure Electronic Transactions standard from the Spanish bank, Banesto. EasySET, hosted at Banesto, answers many of the criticisms of «classical SET» by lightening the weight of consumer wallets and centralizing the complex processing of the point-of-sale (POS) system and the acquirer payment gateway system into a service model implementation. This service model approach to SET takes the processing load off the merchant e-commerce systems while offering the advantages of improved transaction security and faster processing.
Banesto»s involvement with SET began as early as 1996 with a pilot project using the Banesto Virtual@Cash card. In mid-1997, the first Spanish SET transaction was run, and a couple of years later the SET Facil, or EasySET project was launched. Banesto expects over 1,000 virtual shops supporting over 50,000 cardholders by year»s end.
The EasySET Wallet supports SET transactions for Eurocard Mastercard and Visa cards issued by Banesto. The wallet is a free download for Banesto»s customers via a »click-and-go» interface that enables a one-step download for SET cardholder certificates.
Download and installation of the SafeLayer Wallet proceeds as follows:
- Upon requesting the wallet software from the online bank, the user is authenticated by whatever means they choose
- Users select which of their active credit card(s) they wish to activate for SET
- Upon clicking the link for the selected card(s), request messages include the bank-sourced card information that the user would otherwise need to enter into the wallet
- Since the EasySET wallet has all the needed information, the cardholder can download, install, and configure the wallet with the SET certificate(s) in less than 5 minutes
- Shopping proceeds directly
When customers select an SET-enabled credit card for payment, the EasySET POS system and Payment Gateway go to work at the Banesto site. Because the heavy-lifting work needed by the wallet is housed and maintained on Banesto»s system, any upgrades needed to the software are completely transparent to users. Additionally, the SafeLayer Wallet supports the Electronic Commerce Markup Language (ECML)to speed up checkout processing through auto-fill features on merchant Web forms.
Banesto has further simplified the activities for bringing a new e-commerce site online by offering the CiberTienda shopping cart system for free and Virtual POS as open source downloads under the GNU public license. The systems are available for Linux, and will soon be available for Solaris, Irix, and Windows NT.
How EasySET Works
In compliance with the SET specification, the EasySET system offers the full complement of the SET messaging protocol to keep credit card information from falling into the wrong hands. It also supports the uses of SSL where SET is unavailable on cardmember registered cards. Cardmembers need to download and install the SafeLayer Wallet (around 500Kbytes) and register their cards for SET-enablement. Merchants download and install the Banesto Virtual POS, along with the CiberTienda shopping system, or within their existing e-commerce software. Multiple merchants can share the same POS software, provided that each merchant obtains and manages their own pairs of SET digital certificates needed to conduct transactions and settlement steps. The Virtual POS module consists of a manual, a CGI script, a daemon or service component, and a pair of certificates to identify the supplier and the business. Banesto serves as the Merchant Certificate Authority (CA) and Cardholder CA.
To integrate the Virtual POS, merchants run the CGI script and enter some data that will identify transactions from them. The POS communicates via SSL with Banesto and a secure server there displays the forms of payment possible to the cardholder»s browser. These forms of payment choices can be personalized for each merchant site. The traditional authorization request is then sent to an authorizing center where it is processed and validated.
The bank communicates the result of the transaction back to the merchant site daemon using SSL. In addition to SSL payment, Banesto offers the SET mode payment to help guarantee the identity of the parties involved. In these cases, when the client proceeds to checkout processing, he chooses the SET payment processing option on the merchant Web site and the wallet application starts automatically. From this point on, SET request-response message pairs are prepared and communicated appropriately.
Added benefits from the Banesto Virtual POS include:
- Sending e-mail to confirm payments and order authorization codes
- The option of establishing maximum daily limits for each credit card number
- The ability to audit merchant data from the beginning of a transaction to the return result of the operation
- Access to the Extractos (statements) application to view transactions that have been completed. Extractos also permits on-line adjustments and credits as needed for business operations
- A daily automatic totaling and balancing service to compare bank records with merchant records
Fees, Costs, etc.
EasySET software is available as a free download to both merchants and cardholders. Since SET-based transactions carry lower risks with a higher assurance of participant identities, Banesto offers no-chargebacks on transactions conducted using EasySET. Other than typical set-up costs for merchant services, there are no added fees or costs associated with EasySET, and possibly reduced discount fees due to card-present transaction rules.
Overall
EasySET indeed simplifies and eliminates many of the criticisms of Classical SET, and its price is certainly hard to beat! As future success of the service model for SET is proven out, EasySET may well become a popular choice for issuer banks across the globe.
Pros
EasySET shows great promise as a SET implementation that»s reliable, repeatable, and easy to maintain and operate. Because EasySET Virtual POS supports both SSL and SET it seems a natural choice for those desiring a higher level of security and assurance of Internet-based credit card purchases.
Cons
EasySET is only available in Spain by Banesto and can only be used by Banesto customers (merchants and cardholders).
Links:
Banesto shopping cart software
EasySET example of CiberTienda system
A Leaner and Meaner SET Lowers Merchant Barriers To Entry
Mark Merkow is an E-commerce Security Specialist and technology author. His books include Building SET Applications for Secure Transactions, Thin Clients Clearly Explained, Virtual Private Networks for Dummies, and The Complete Guide To Internet Security. Mark can be reached at mmerkow@internet.com
Todo es electrónico 