In a typical banking transaction authentication scenario, after the holder or the cashier swipes the banking card through a reader, the EDC (Electronic Data Capture) software at the POS (point-of-sale) terminal dials a stored telephone number via a modem to call an acquirer. An acquirer collects credit-authentication requests from merchants and provides the merchants with a payment guarantee. When the acquirer gets the banking-card authentication request, it checks the recorded data on the magstripe of the banking card for: Merchant ID, Valid card number, Expiration data and Credit limit. Single dial-up transactions are typically processed at 1,200 to 2,400 bits per second (bps), while direct Internet attachment may use much higher speeds via this protocol. In this system, the cardholder may enter a PIN (personal identification number) code, which is, for example, a password set by the user when opening the account, (or account password) using a keypad or other similar input device, though many transactions are done without use of the PIN. For example, before getting cash from an ATM, the ATM typically encrypts the Pin entered and sends it to a remote database to see if there is a match. During the whole process, PIN codes are “static”, i.e. the same PIN codes are used for several months, if not years. Due to the popularization of on-line transactions, banking accounts and PIN codes will be easily thieved or stolen. Thus, there is a strong weakness in the existing electronic banking transaction process using a static PIN code.
On the one hand, since only static PIN codes pre-set by users are present in the existing credit-card transaction mode, during setting static PIN codes, users need to increase the complexity of PIN codes which must be easy to memorize, in order to avoid leakage of privacy. If users want to re-set static PIN codes or forget static PIN codes, they must go to the card issuer's bank outlet for pertinent transaction, thereby great inconvenience. Additionally, users usually set the same codes for different banking cards, thereby reduction of privacy. If users set different codes for different banking cards, then how to effectively record or memorize these codes will become a thorny problem.
On the other hand, the existing banking system typically uses magnetic cards for electronic transactions, and the magnetic card records account information and other user information via the magstripe, which can be easily read, or a magnetic card on which the same information is recorded can be easily made in accordance with the account information. As a result, the user's account is stolen. One solution for enhancing security is to replace magnetic cards with smart IC cards. Due to the extensive use of magnetic cards, if magnetic cards are replaced with IC cards, then all the existing magnetic cards and magnetic-card readers must be replaced with IC cards and IC-card readers. Apparently, such solution demands huge costs and are even infeasible. Therefore, there is a wish to enhance the transaction security on the basis that no alteration is made to the existing worldwide infrastructure used for the magnetic tape card reading of the data and its transmission over the network.