There is a need for more secure data transfer when paying for goods and services using payment cards such as debit and credit cards.
In a typical payment transaction, a user may use a credit card to purchase an item at a merchant or enter his account information into a payment page of a merchant's website. The merchant then generates an authorization request message using a POS (point of sale) terminal when the user is present at the merchant location. Alternatively, for an online transaction, the merchant website may generate an authorization request message for card-not-present (CNP) transactions. In either instance, the authorization request message is passed to the issuer computer of the credit card, and the issuer computer may approve or deny the request to authorize the transaction.
There are a variety of methods by which fraudsters attempt to obtain account information of users for conducting fraudulent transactions. To address this problem, payment transactions can be made partially dependent on data that are not part of the account information stored in a user's debit or credit card, or data that are not part of information that are typically provided by a user to a payment page of a merchant's website.
However, modifications to combat the fraudsters can be costly. For example, it can be costly to modify all issuer computers to accommodate such fraud prevention measures. Therefore, there is a need for systems and methods which can provide for more security for payment transactions without requiring issuer to modify their computers.
Embodiments of the invention address these and other problems, both individually and collectively.