92% of all transactions on the Internet are conducted with credit cards. A number of problems arise in the use of credit cards, both from the perspective of the customer and the merchants. One of the most serious problems for many on-line merchants comes from the fact that credit card transactions can be reputed with a single phone call. One of the reasons why Internet credit card transactions can be reputed so easily and effectively is that the customer is never authenticated. Particularly where services are concerned, the inability to verify the identity of the customer is a serious flaw in the nature of on-line credit card transactions.
On the other hand, ATM or Debit card transactions, where the transaction has been verified with a PIN can not be reputed. By including PIN entry in a transaction, the identity of the customer can be authenticated. However, the EFT network is governed by rules designed to safeguard the various parties in an ATM transaction. In particular, the security of the PIN is subject to strict controls. Most proposals to introduce the advantages of ATM transactions to the on-line environment, however, fail to adequately protect the PIN from being compromised.
Some solutions approach the PIN security issue by proposing the introduction of additional secure hardware and/or additional communication routes to every customer computer. These types of solutions introduce costs to the system that will be an obstacle to widespread acceptance of the solution by the general public.
What is needed, therefore, is a system and method of providing secure PIN-based transactions over the Internet without requiring additional hardware or communication lines for the customer.