Electronic Funds Transaction Point of Sale (EFTPOS) terminals and systems have operated for many years. Most current EFTPOS terminals function in the same manner in that account data are input to the terminal, usually via a magnetic stripe reading device. A display and keypad are usually integrated with the EFTPOS terminal. The consumer is prompted to enter a personal identification number (PIN) associated with a debit card before the account data are sent to a bank or financial institution for payment authorization. Once authorization is received the transaction continues until completion, for example, by receipt of article purchased and the sales receipt.
EFTPOS systems are highly secure systems that are designed to run a limited number of applications using a dial out modem. The modem is linked to servers that are controlled by financial institutions. Only authorized bank personnel are authorized to install or upgrade software applications residing in the EFTPOS terminals. PIN numbers are not stored in the terminals, and tampering with any EFTPOS terminal is automatically detected and payment transactions through the tampered line are immediately suspended.
EFTPOS terminals are usually located adjacent the cash register in merchant locations for conveniently processing payments. Once the data are input to the terminal, the data are sent via a transaction-switching network to the host computer of the customer's bank to obtain bank authorization. The merchant's bank coordinates the settlement of funds from the customer's bank to the merchant's bank.
Consumers that shop frequently on-line or pay their bills on-line try to balance convenience with risk since these transactions have relatively poor security safeguards. Despite the efforts of on-line vendors to improve the security of purchase transactions, the fact that the transactions are being conducted over a public network, such as the Internet, makes it extremely difficult to prevent others from capturing sensitive information as it is being transmitted over the public network. EFTPOS systems, on the other hand, provide a high level of security in processing payments due to controlled communications lines and complex protocols required by financial institutions. However, these transactions are limited to authorization of payments and electronic funds transfers that are not conducted over the Internet or any other public network. Any attempts to make EFTPOS systems more flexible have been deterred due to the number of different protocols that exist (since each financial institution has its own protocol and guidelines) and the requirement of controlling communications to maintain high levels of security. Personal computers do offer the convenience of entering your credit card number for on-line purchases. However, payment security is compromised as a consequence of such convenience.
Further complicating efforts at improving payment processing security over unsecured communications networks is the advent of new marketing channels offering consumers more purchasing opportunities. For instance, products that are offered for sale via a mobile telephone or a PDA (personal digital assistant) require the consumer to call in to the vendor to effect payment. In another example, sales volume of selling products through cable TV shopping programs could be significantly increased if the payment processing for such purchases is streamlined from the current call-in system. Despite the opportunities that vendors have to access consumers in new ways, vendors and consumers must still transact payments through traditional POS terminals or by communicating credit card information through a traditional call-in system.
A method and a system that address the aforementioned problems, as well as other related problems, are therefore desirable.