When you make an online purchase on the Internet, your credit card information is vulnerable to interception network sniffers, software that easily recognizes credit card number formats. Several basic security measures are being used to solve this security problem: (1) encrypt (code and scramble) the data passing between the customer and merchant, (2) encrypt the data passing between the customer and the company authorizing the credit card transaction, or (3) take sensitive information off-line.
For example, many companies use the Secure Socket Layer (SSL) security method developed Netscape Communications that automatically encrypts data passing between your Web browser and a merchant’s server. However, sensitive information is still vulnerable to misuse once it’s decrypted (decoded and unscrambled) and stored on a merchant’s server, so a digital wallet payment system was developed. In this method, you add security software add-on modules to your Web browser. That enables your browser to encrypt your credit card data in such a way that only the bank that authorizes credit card transactions for the merchant gets to see it. All the merchant is told is whether your credit card transaction is approved or not. The Secure Electronic Transaction (SET) standard for electronic payment security extends this digital wallet approach. In this method, software encrypts a digital envelope of digital certificates specifying the payment details for each transaction. VISA, MasterCard, IBM, Microsoft, Netscape, and most other industry players have agreed to SET. Therefore, a system like SET may become the standard for secure electronic payments on the Internet.