The present invention relates to methods and systems that enable products and services to be purchased by means of electronic payment transactions, such as by means of credit and debit card transactions, and more particularly to methods and apparatuses that protect the data communicated in such transactions against unauthorized access.
The electronic payment industry, which includes the performance of electronic credit and debit transactions, has been in existence for decades. Over this time, protocols and processes have been established to suit the unique transaction requirements of the electronic payment industry. Initially, point-to-point communication methodologies were employed. With the advent of the Internet, additional modifications and capabilities have been provided to make it possible to advantageously utilize this resource to the benefit of the electronic payment industry.
Despite these improvements with advancing technology over the decades, one aspect of electronic payments that has remained relatively unaddressed is the security of sensitive information. A number of exposures have existed, including the communication of sensitive information in an unencrypted form (so-called “cleartext”), that create opportunities for dishonest parties to obtain such information without authorization and potentially use it in criminal ways. Yet it is not a simple task to solve the many technical problems presented when trying to add a layer of security to existing electronic payment architectures.
It is therefore desired to provide methods and apparatuses that address the weaknesses in present electronic payment systems and provide secure ways of handling sensitive information.