Racal Security and Payments has introduced a new e-commerce solution, WebSentry
TM, designed to offer system integrators an inexpensive way to provide the cryptographic functionality necessary to support the SET
TM (Secure Electronic Transaction) standard for both merchant and acquirer bank (payment gateway) applications.
The product offers an infrastructure to designed to accommodate the widest range of throughput requirements of merchants and acquirer banks in a SET environment. Racal says that it also meets the mandatory requirements of highly secure hardware security imposed on acquirer bank platforms.
The system is scaleable to meet the needs of small merchants as well as multi-national corporations handling numerous SET transactions per second. Connected externally to the host servers via an Ethernet connection, multiple modules may be employed to increase the transactions per second. Significant
performance improvements in transaction processing are achieved as the server application offloads the cryptographic processing to the system.
Easily tailored to meet specific user environments, the hardware modules support a variety of PC/server operating systems and platforms including Windows NTTM, Sun SolarisTM and HP-UXTM. In addition to the comprehensive installation and management tools, a library of cryptographic software Application Program Interfaces (APIs) for interfacing to SET payment systems and applications are available. Performance updates may be added, to meet new requirements and address future cryptography standards, with minimal impact on the existing infrastructure and effectively extending its useful life.
To provide physical security, the module is housed in a tamper-resistant and tamper-evident case. No plain text keys are exposed outside the tamper-resistant circuitry and battery-backed, tamper- protected memory is housed inside the case . Operation, module management and access control are under smart card and PIN protection. The modules also use smart card components to form Local Master Keys (LMK) that are used to protect certain cryptographic keys when outside the tamper-resistant circuitry.
WebSentry's management application with its graphical user interface (GUI) is used primarily for installation and configuration and is not involved in the day-to-day operation of the system.
How Does It Work?
In the SET Payment environment, the cardholder uses a PC and a payment card that has been issued by an issuer to interact with a merchant when using electronic shopping. SET ensures that the merchant is not able to gain access to the cardholder account details.
Financial organizations, known as "issuers," establish the cardholder accounts and issue the payment cards. They are responsible for managing the payment of authorized transactions that have been made with
the payment cards. A merchant, in exchange for payment provides goods and services.
SET implicitly enables the merchant-to-cardholder link to be secure. The merchant cannot take part in the
scheme unless he has a trusted relationship with an acquirer (the financial institution that establishes an account with a merchant and controls the authorization and payment of transactions). An acquirer or a designated third party uses a device called a Payment Gateway that processes payment instructions from cardholders and payment messages from merchants.
The Transaction Process:
A transaction involves the three main parties, namely cardholder, merchant and acquirer. WebSentry provides the hardware security for both merchant and acquirer systems.
It takes place in three stages:
- Purchase Request Phase
The cardholder and merchant confirm the details of the transaction goods or services and payment.
- Payment Authorization Phase
The merchant checks with the acquirer that the cardholder payment will be made from the designated account at the end of the transaction.
- Payment Capture Phase
The merchant transfers the full transaction details to the acquirer who then completes the financial transfers.
The goods or services can be released at any point after the completion of the second stage. The
cardholder is involved only during the first stage and the acquirer is involved in the second and third stages. The merchant is involved in all stages. Encryption and digital signatures are involved throughout the processing.
Racal Security and Payments, a wholly-owned business of Racal Electronics, Plc, is a manufacturer of POS terminals and management systems, secure payment systems and network encryption solutions. During the past two decades, the company has developed a full range of security and payments products designed for secure remote access, electronic commerce, EFTPOS (electronic fund transfer at point-of-sale), and encryption of enterprise networks. For more information on the company and its products, visit http://www.racalitsec.com.