CISA Certified Information Systems Auditor – Question1544 - CISA Certified Information Systems Auditor

Which of the following is a distinctive feature of the Secure Electronic Transactions (SET) protocol when used for electronic credit card payments?

A. The buyer is assured that neither the merchant nor any other party can misuse their credit card data.
B. All personal SET certificates are stored securely in the buyer's computer.
C. The buyer is liable for any transaction involving his/her personal SET certificates.
D. The payment process is simplified, as the buyer is not required to enter a credit card number and an expiration date.

Correct Answer: C

Explanation:

Explanation:
The usual agreement between the credit card issuer and the cardholder stipulates that the cardholder assumes responsibility for any use of their personal SET certificates for e- commerce transactions. Depending upon the agreement between the merchant and the buyer’s credit card issuer, the merchant will have access to the credit card number and expiration date. Secure data storage in the buyer’s computer (local computer security) is not part of the SET standard.
Although the buyer is not required to enter their credit card data, they will have to handle the wallet software.