The great popularity achieved by the Internet in the last few years has created a new form of commerce, which goes under the names of electronic commerce (shortly, e-commerce) or virtual shopping. Surfing on the Internet, the public can visit a vast variety of so-called virtual shops, web sites of electronic or virtual vendors offering for sale products and/or services (or even information), compare the products and/or services offered by different virtual vendors and purchase the preferred goods and/or services. All this is available without the burden of materially going shopping.
The most practical way of payment in e-commerce is by credit card: once the purchaser has completed the virtual shopping cart by selecting the desired goods and/or products, he/she transmits to the virtual shop web site the credit card data (typically, the credit card number and expiration date). This method is also preferred by electronic vendors over other payment methods such as checks, and allows completing the transaction in a very short time.
Despite the simplicity of this payment method, the potential risk inherent to transmitting credit card data over the Internet inhibits many people from routinely making electronic purchases. E-commerce is as a matter of fact seen as insecure: due to the open character of the Internet, people worry that sensitive information such as the credit card data could be fraudulently intercepted by someone, and be then fraudulently used without the card holder's consent.
Such a worry is not unjustified: payments by credit card in contexts different from e-commerce rely on the physical presence of both the material credit card and the credit card holder; companies providing credit card payment services rely on the physical presence of the material credit card when the transaction is executed. In e-commerce, these two prerequisites are presently not indispensable: in order to complete a purchase, the purchaser, per-se unknown, simply has to communicate electronically to the vendor the credit card number and expiration date.
The adoption of security coding mechanisms for encrypting the information to be transmitted over the Internet is not seen by the potential purchasers as a sufficient measure: clamorous cases of “hackers” who were able to crack even sophisticated security schemes have been reported. People expect more.
Several solutions have been proposed in the attempt to make electronic transactions over the Internet more secure.
In general, a class of known solutions addresses the problem of verification of the purchaser's identity, but not the problem of security of sensitive information transmitted over an open communication network such as the Internet. Some examples of this class of solutions are listed below.
U.S. Pat. No. 6,282,522 B1 discloses an Internet payment system in which consumer client terminals interface to smart-card readers.
U.S. Pat. No. 6,014,636 discloses a point-of-sale (POS) payment system. The customer can make a POS payment either by authorizing direct debit from his bank account or by authorizing a charge to his credit card account. The customer's debit and credit card account information is collected by swiping the customer's debit or credit card through a magnetic stripe reader at the customer's location at the moment of sale.
Both these systems require a new device (the smart card reader or the magnetic stripe reader) to be bought by the users and to be interfaced to the users' personal computers. Additionally, the system of U.S. '522 does not work with most of the existing credit cards, which are not smart cards. Moreover, the sensitive information, albeit encrypted, is again transmitted over the Internet, and is thus prone to be fraudulently intercepted and cracked for future, unauthorised use.
U.S. Pat. Nos. 5,987,140 and 5,757,917 disclose payment systems requiring a mediator entity other than the customer and the vendor, such as a payment gateway that validates the customer's identity and authorizes the transaction, or a manager of a database in which the customers and the vendors need to be registered in order to operate. This adds costs that have to be absorbed by the vendors.
Another class of known solutions addresses the problem of inherent insecurity of information transmitted over an open communication network.
For example, U.S. Pat. No. 5,778,173 discloses a mechanism for enabling secure electronic transactions on the open Internet. According to that mechanism, in response to a user's request to make a purchase, the vendor web server transmits a purchase order number to both the user over the world-wide web (WWW) and to a transaction server, isolated from the Internet, over a communication system isolated from the Internet. The user subsequently pays for the purchase by initiating a communication between the user computer and the transaction server over a communication system isolated from the WWW. The user provides the purchase order number to the transaction server and proceeds to complete the purchase by providing a credit card number. The transaction server then transmits the complete order to the vendor.
A major problem of the above-described mechanism is that, although no credit card number travels on the Internet, the transaction server does not verify the identity of the purchaser. A user who has fraudulently come in possession of a credit card number can place a valid order. Another problem is that two servers at the vendor's side are needed: one is the server connected to the WWW, and the other is the transaction server, needed to receive from the user the credit card number. In order to allow potential customers to exploit the service, the vendor has to provide a number of transaction servers disseminated worldwide.
Other systems that aim at solving the problem of insecurity of information transmitted over an open network are for example described in U.S. Pat. Nos. 6,199,165 and 6,252,869.