Modified SET protocol for mobile payment: An empirical analysis

The wide spread of using handheld devices offers an opportunity for mobile devices to be used as a universal payment method. However, some issues impede the widespread acceptance of mobile payment; for example: privacy protection, limited capability of mobile devices, and limited bandwidth of wireless networks. In ecommerce payment, Secure Socket Layer (SSL) protocol has been used to establish a secure channel between customers and merchants to secure the payment and the order information. SSL has some disadvantages regarding customer privacy that the customer payment information is revealed to the merchant. Secure Electronic Transaction (SET) has resolved SSL protocol disadvantages by dividing order message into: 1) order information which is revealed to merchant M, 2) payment information which is revealed to Payment Gateway (PG). Both SSL and SET assume the existence of Public Key Infrastructure (PKI) where extensive computations are carried out. In mobile payment, the same protocols of ecommerce payment are used but their application is limited due to heavy computations over wireless and GSM networks. A Modified Secure Electronic Transaction (MSET) protocol is proposed to minimize the extensive computations of SET protocol through replacing time consuming public key encryption and decryption algorithms by symmetric key cryptography.