Archives
  Columns
  Features
  Print Archives
1994-1998
  Special
  BYTE Digest
  Michael Abrash's Graphics Programming Black Book
  101 Perl Articles
  About Us
  How to Access BYTE.com
  Write to BYTE.com
  Advertise with BYTE.com

Newsletter
Free E-mail Newsletter from BYTE.com
 
    
  HOME   ABOUT US   ARCHIVES   CONTACT US   ADVERTISE   REGISTER
Visit the home page Browse the four-year online archive Download platform-neutral CPU/FPU benchmarks Find information for advertisers, authors, vendors, subscribers Request free information on products written about or advertised in BYTE Submit a press release, or scan recent announcements Talk with BYTE's staff and readers about products and technologies

ArticlesSecure Internet Credit-Card Processing

April 1997 / BYTE Software Lab Report / Hanging Out an Internet Shingle / Secure Internet Credit-Card Processing

Security continues to be the fly in the Internet commerce ointment. Secure protocols such as Secure Sockets Layer (SSL) and S-HTTP can protect credit-card data as it passes over the Internet between the consumer and the merchant. However, they do nothing to ensure that the merchant accepts payments only from the authorized cardholder or to protect consumers against theft of decrypted credit-card numbers.

Ideally, order information, confirmation, and charge approvals are all digitally signed by the entities generating them. Encrypting all the transaction messages adds protection from prying eyes. While Secure Electronic Transaction (SET) is designed to satisfy merchants, consumers, and especially the credit-card issuers that transactions are hand led securely, lack of a firm specification has hindered efforts to implement it (though IBM, MasterCard, and Danish Payment Systems began live tests of SET in December 1996).

For those who couldn't wait, CyberCash began secure credit-card transactions in April 1995, using a combination of digital signatures and public-key encryption. All three of the storefront packages support CyberCash, which will change from its own protocol (documented in RFC 1898) to SET once the specification is in place.

The credit-card purchase process using CyberCash goes like this:

1. The consumer decides to make a purchase from a Web merchant's store, based on transaction information provided by the merchant.

2. The consumer clicks on a Pay button , launching the CyberCash digital wallet, which prompts for a choice of credit card. T he transaction information is digitally signed by the consumer's wallet, encrypted, and sent to the merchant.

3. The merchant server signs, encrypts, and forwards the transaction information to the CyberCash server. Credit-card numbers are encrypted with the CyberCash public key, so merchants never have to handle them directly.

4. The CyberCash server decrypts and certifies the transaction data and forwards it through a private network to the merchant's bank for authorization.

5. The merchant's bank processes the charge automatically. The bank then returns an approval or denial to CyberCash, which passes it on to the merchant. Finally, the merchant passes it on to the consumer.

Most transactions take fewer than 20 seconds. CyberCash also offers the CyberCoin service for small transactions (under $10) linked to a consumer's checking account.

Up to the BYTE Software Lab Report section contentsGo to previous article: Secure Internet Credit-Card ProcessingGo to next article: High-End Commerce ServersSearchSend a comment on this articleSubscribe to BYTE or BYTE on CD-ROM  
Flexible C++
Matthew Wilson
My approach to software engineering is far more pragmatic than it is theoretical--and no language better exemplifies this than C++.

more...

BYTE Digest

BYTE Digest editors every month analyze and evaluate the best articles from Information Week, EE Times, Dr. Dobb's Journal, Network Computing, Sys Admin, and dozens of other CMP publications—bringing you critical news and information about wireless communication, computer security, software development, embedded systems, and more!

Find out more
BYTE.com Store

BYTE CD-ROM
NOW, on one CD-ROM, you can instantly access more than 8 years of BYTE.
 
The Best of BYTE Volume 1: Programming Languages
The Best of BYTE
Volume 1: Programming Languages
In this issue of Best of BYTE, we bring together some of the leading programming language designers and implementors...

Copyright © 2005 CMP Media LLC, Privacy Policy, Your California Privacy rights, Terms of Service
Site comments: webmaster@byte.com
SDMG Web Sites: BYTE.com, C/C++ Users Journal, Dr. Dobb's Journal, MSDN Magazine, New Architect, SD Expo, SD Magazine, Sys Admin, The Perl Journal, UnixReview.com, Windows Developer Network