Which of the following is a cryptographic protocol and infrastructure developed to send encrypted credit card
numbers over the Internet?

A.
Secure Electronic Transaction (SET)

B.
MONDEX

C.
Secure Shell (SSH-2)

D.
Secure Hypertext Transfer Protocol (S-HTTP)

Explanation:
Secure Electronic Transaction (SET) is a security technology proposed by Visa and MasterCard to allow for
more secure credit card transaction possibilities than what is currently available. SET has been waiting in the
wings for full implementation and acceptance as a standard for quite some time. Although SET provides an
effective way of transmitting credit card information, businesses and users do not see it as efficient because it
requires more parties to coordinate their efforts, more software installation and configuration for each entityinvolved, and more effort and cost than the widely used SSL method.
SET is a cryptographic protocol and infrastructure developed to send encrypted credit card numbers over the
Internet. The following entities would be involved with a SET transaction, which would require each of them to
upgrade their software, and possibly their hardware:
Issuer (cardholder’s bank) The financial institution that provides a credit card to the individual.
Cardholder The individual authorized to use a credit card.
Merchant The entity providing goods.
Acquirer (merchant’s bank) The financial institution that processes payment cards.
Payment gateway This processes the merchant payment. It may be an acquirer.
Incorrect Answers:
B: MONDEX is a payment system that uses currency stored on smart cards. This is not what is described in the
question.
C: Secure Shell (SSH-2) was not developed to send encrypted credit card numbers over the Internet.
D: Secure Hypertext Transfer Protocol (S-HTTP) is an early standard for encrypting HTTP documents. S-HTTP
was overtaken by SSL. This is not what is described in the question.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 856