Most existing payment-processing and transactions-processing systems have been designed by vendors, primarily to serve the vendors. Historically, the ability of a customer to use a payment option other than cash had been viewed as a sufficient concession to the customer. Non-cash payment systems put the vendor at risk of not receiving payment, hence vendors and their associated financial institutions felt justified in specifying stringent criteria for customers to use non-cash payment systems. For face-to-face transactions at the point of sale, a vendor would typically require a picture identification and/or a driver's license, together with a signature to accept a check drawn on a local financial institution. For credit card purchases, a signature and sometimes a picture identification would be required. In both these cases, the vendor, and his/her employees also have access to customer account information associated with the check or credit card.
Although most traditional vendors use the data provided to them by their customers only to secure the payment due to them from the transaction, the data collected has additional valuable potential, even if clearly fraudulent activities—such as using the customer's credit-card data to make unauthorized purchases—are not considered. For instance, a vendor could track the frequency, amount, location, type, and other data about purchases for each particular customer. This data could be used to develop targeted advertising strategies designed to get the customer into the store immediately and/or after a prolonged absence. In addition, mailing lists of customers could be developed that could be sold to financial institutions or other vendors who want to promote their credit cards. Until recently, the cost and tedium involved in compiling and processing such data discouraged aggressive use of personal data. However, due to recent technological advances, this has completely changed. Over the past several years, the plummeting cost of computing hardware, and the increasing sophistication of data warehousing and data mining software, in combination with exponential growth in digitally-processed and internet-processed customer purchase transactions, has put the security and privacy of the customer at extreme risk, despite contrary assertions of many vendors.
With the advent and growth of electronic commerce, the accelerating ease of compiling and processing such data has encouraged and emboldened vendors to collect and exploit ever-greater amounts of personal data from their customers. The widespread use of Secure Sockets Layer (SSL) has dramatically improved the security of the personal and financial data as it is sent from the customer to the vendor. Hence, until recently, many customers have been willing to provide the requested data with little thought as to exactly what the vendor will do with the data. Many customers have little notion as to the value of that data. This is especially true for commercial transactions that exploit the Internet. In such transactions data collection can be automated and the information gathered can be used in real time for targeted advertising. Despite strict privacy policies to the contrary, vendor-collected customer data can (and often is) still sold to mailing lists, where these data and information can be used by companies with whom the customer has no desire to do business. Once customer data is public, the customer often has little or no recourse for retaining the privacy of that information.
According to The Forrester Report (April, 1999 published by Forrester Research Inc.) 48% of both U.S. and European Internet retail companies interviewed indicated that they save customer name, address, and account information for use in an express checkout system. Although such systems help to speed customers through checkout, many of the retail companies admitted, “[their] transactions systems have limited scalability, poor fraud detection, high ongoing costs, and lack of real-time authorization.”
Although retail companies that maintain these customer databases argue that speedier checkout and even targeted advertising are in the customers' interests, the customer is often not clearly informed of what information is being collected and stored and for what purposes. Removing oneself from a customer database, even when possible, can be a time-consuming process.
Perhaps one of the greatest concerns over the warehousing of customer data and information is the highly lucrative target that such a concentration of personal and financial information presents to hackers and other thieves. According to the Washington Post (“Cloaking Devices Designed for Wary Web Shoppers,” The Washington Post, Oct. 19, 2000, page E01), hackers stole 15,600 credit-card numbers from a Western Union web site during the month of September 2000. Credit card fraud represents a huge loss to both the credit-card industry and individual consumers. An estimated 0.06% of point-of-sale credit-card purchases and as much as 1% of online credit-card purchases are fraudulent (“VISA Shores up Web Position, Ends Fees on Theft of Credit Cards,” American Banker, February, 2000; “Equity Research Report on First Data Corp.,” Morgan Keegan, January, 2000.). Other estimates by vendor symposia (e.g., the “Card Tech/Secure Tech” trade show on Dec. 1, 1999) estimate much higher figures, generally estimating that “Card Not Present” transactions experience 6 (six) times greater incidence of fraud than actual physical “Card Present” transactions. Although most individual consumers face limited financial liabilities if unauthorized use of their credit-card information is promptly reported, dealing with instances of fraud can be frustrating and time-consuming. Notwithstanding, in the final analysis, all consumers eventually pay for credit-card fraud in the form of higher vendor prices and less attractive credit-card terms than might otherwise be available.
Numerous alternatives now exist for performing financial transactions over computer networks.
Shawn Abbott (“The Debate for Secure E-Commerce,” Performance Computing February 1999) discusses both SSL and Secure Electronic Transactions (SET) protocols for electronic commerce. As stated in the article, “SSL is widely used because it is built into all major Web browsers and servers and is easy to apply.” However, beyond verifying that the vendor is a bona fide company and that the customer's computer is dealing with the vendor's server, SSL protocol does little more than facilitate encrypted and reliable interaction between computers. On the other hand, SET is a messaging protocol specifically designed by financial institutions to facilitate bankcard transactions over open networks such as the Internet.
To use SET, the customer has a digital certificate that is stored and encrypted using a pass phrase selected by the customer. A SET electronic wallet can be established by combining: (1) a digital certificate with (2) financial account information, (3) a private encryption key and (4) some additional software. To make a purchase, the vendor's server sends a request to open the customer's SET wallet on the customer's computer. The customer is prompted for the pass phrase to authorize use of the SET wallet. After confirmation of the customer's pass phrase, payment instructions, including the customer's account data are bundled into an encrypted and protected message. The message is bundled in such a way that the vendor cannot secretly access or tamper with it. The message, together with an authorization request by the vendor is forwarded to a payment gateway, which typically is a server at the vendor's financial institution. The messages are then decrypted off the open network and the processing between financial institutions occurs as in standard credit or debit card transactions. In the SET protocol all participants hold digital certificates rooted in a common SET key. Hence all participants are assured that the other participants have been approved to act in their required roles.
The use of the SET protocol is more secure than the straightforward use of SSL. Its more widespread use has been slowed by the requirement that special software is required to be installed by all participants and that customers are required to be issued digital certificates. In addition, nagging worries about security still exist. Although each digital certificate is protected by a pass phrase, if the pass phrase is compromised, unauthorized purchases can be made using the digital certificate. To address this issue, the SET protocol has built-in capability to accept digital certificates from personal tokens, such as smart cards. For smart cards to be used for Internet transactions, many more computers require card-reading capability. Although the use of smart cards lessens the possibility of fraud, stolen smart cards could be used like stolen credit cards to impersonate the original owner.
According to Kenneth Kiesnoski (“Digital Wallets,” Bank Systems+Technology, October 1999) both client-based and server-based digital wallets have a number of proponents. The digital wallet is an application that stores financial account information, account-owner names, billing and shipping information, and other information that might typically be required to make an electronic transaction. At the customer's direction, all or part of this set of information is transferred to the vendor at the time of purchase. This saves the customer the trouble of typing all that information and possibly making an error.
In a client-based digital wallet the application program resides on the customer's computer. One difficulty with client-based electronic wallets is their lack of portability. Every time the customer uses a different computer, the information that had been stored in the digital wallet must be reloaded into the same or similar program on the current computer. Another issue is that important personal and financial information resides on the client's computer. Traditionally, personal computers have not been particularly secure machines. Individuals with appropriate computer expertise who have physical access to a particular personal computer can generally extract information from it. Until recently, security breaches of personal computers from the outside were generally limited to viruses and worms embedded in downloads and email messages. Use of cable modems and other devices that facilitate continuous or near-continuous connectivity increases the probability for an increased number of security breaches of personal computers.
A server-based digital wallet resides on a server connected to the Internet. Most server-based digital wallets had been marketed by banks and did not accommodate information from cards issued by competing banks. More recently, the trend has been shifting towards allowing multiple cards backed by different organizations to be included in the digital wallet. Server-based digital wallets provide more flexibility than client-based digital wallets in that they can be accessed from any computer. Presumably, server-based digital wallets are maintained on computers that are more secure than the typical personal computer, however the booty for a successful hacker is multiplied by the number of registrants whose information is stored on that server. In addition, each individual's data is protected only by a simple password, and members of the general public have been notoriously lax in choosing and maintaining passwords.
Hardware developments are also proposed to enable more secure and flexible payments by computers.
Bob Curley (“Paying at the PC,” Bank Systems+Technology, October, 1999) discusses two systems designed to interact with personal computers.
The first is the UTM MACHINE, developed by UTM Systems. A user inserts a credit or debit card into the UTM MACHINE and then slides the UTM MACHINE with the inserted card into a floppy disk drive. The machine uses the heads of the floppy disk drive to read the magnetic stripe on the credit or debit card. An Internet browser is then used to access a World Wide Web (WWW) page at the user's bank. The WWW page simulates the action of an automated teller machine (ATM), complete with personal identification number (PIN) authentication. Vendor identification numbers can be entered on the WWW page to transfer funds to a particular vendor.
The second hardware development discussed by Curley is the INTELLIPACK 100, developed by NetPack. The INTELLIPACK 100 is a keyboard with built-in credit card and smart card readers. Like the UTM MACHINE, the transactions occur without transmitting financial account information to the vendor. These hardware developments can make Internet transactions almost as secure as point-of-sale financial transactions.
Additional hardware developments are further improving the security of all credit and debit card transactions.
In “The Biometrics White Paper,” Ashbourn discusses a large number of generic issues associated with biometric identification for use in security applications. Ashbourn defines biometrics “as measurable physiological and/or behavioral characteristics that can be utilized to verify the identity of an individual. They include fingerprints, retinal and iris scanning, hand geometry, voice patterns, facial recognition and other techniques.” Our use of the term “biometrics” and related forms of the word are intended to be consistent with the above-quoted definition. However, an individual's written signature and/or handwriting are not to be considered biometrics in the context of this application.
The Ashbourn paper also contains reviews of some particular products that are currently or will soon become commercially available.
Precise Biometrics, in cooperation with iD2 Technologies and Miotec Oy is developing technology to enable the use of a fingerprint to enhance the security of Internet transactions. Information on their web site is sketchy, but their proposed scheme apparently uses a smart card and a separate reader that is connected to a personal computer. The smart card would be inserted into the separate reader, which would read the fingerprint data and send the data to the smart card chip. The chip on the smart card would compare the fingerprint with the stored template and if they match, send off an Internet order. The use of a separate reader reduces the flexibility of the approach.
In U.S. Pat. No. 6,011,858 by Stock et al., a programmable memory card is adapted to hold personal information of a user and includes a biometric template of a physical characteristic of the user. The patent also discloses a biometric verification system that includes a biometric scanner configured to generate a biometric template based on a physical characteristic of a user. The biometric scanner is also configured to verify each user's live physical characteristic against the biometric template of the physical characteristic stored on the memory card. A programmable memory card reader is also used. The programmable memory card reader is in communication with the biometric scanner and is configured to receive a memory card and to communicate with the biometric scanner to store the biometric template generated by the biometric scanner to the memory card. The memory card reader is also configured to retrieve the biometric template stored on the memory card and to ensure the security of the information that relates to the applications stored on the card. As with the Precise Biometrics approach, the separation of the biometric scanner from the smart card reduces flexibility of the system.
In U.S. Pat. No. 6,084,968 by Kennedy et al., an apparatus and method are described for providing multiple secure functions in a host or wireless radiotelephone. The determination of the secure function is determined by credential information carried on a smart card or security token. To provide for an authentication function, the smart card may store biometric features of a user. As in the previous patent, the smart card is separate from the device that obtains the live biometric.
In U.S. Pat. No. 6,016,476, Maes et al. describe a portable information and transaction processing system that uses biometric authorization and digital certificate security. The system requires the use of a personal digital assistant (PDA) in which the user stores his or her financial and personal information.