Assume that a customer has a SET-enabled browser such as Netscape or Microsoft's Internet Explorer and that the transaction provider (bank, store, etc.) has a SET-enabled server.

• The customer opens a Mastercard or Visa bank account. Any issuer of a credit card is some kind of bank.
  
  
• The customer receives a digital certificate. This electronic file functions as a credit card for online purchases or other transactions. It includes a public key with an expiration date. It has been digitally signed by the bank to ensure its validity.
  
  
• Third-party merchants also receive certificates from the bank. These certificates include the merchant's public key and the bank's public key.
  
  
• The customer places an order over a Web page, by phone, or some other means.
  
  
• The customer's browser receives and confirms from the merchant's certificate that the merchant is valid.
  
  
• The browser sends the order information. This message is encrypted with the merchant's public key, the payment information, which is encrypted with the bank's public key (which can't be read by the merchant), and information that ensures the payment can only be used with this particular order.
  
  
• The merchant verifies the customer by checking the digital signature on the customer's certificate. This may be done by referring the certificate to the bank or to a third-party verifier.
  
  
• The merchant sends the order message along to the bank. This includes the bank's public key, the customer's payment information (which the merchant can't decode), and the merchant's certificate.
  
  
• The bank verifies the merchant and the message. The bank uses the digital signature on the certificate with the message and verifies the payment part of the message.
  
  
• The bank digitally signs and sends authorization to the merchant, who can then fill the order.