In the modern world, payment instruments are more and more taking the place of cash in commercial transactions. Additionally, an increasing percentage of commerce and commercial transactions is taking place at a distance, over untrusted networks such as the Internet.
While the use of such payment instruments and such networks makes it increasingly convenient to engage in commerce at any place and time, these instruments are subject to theft and fraudulent use. A thief may, by obtaining physical access to a payment instrument such as a credit card or cancelled check, often obtain sufficient information so as to allow him or her to engage in fraudulent transactions. It is often possible for a thief to engage in such fraudulent transactions before the rightful owner of the payment instrument is even aware that the instrument has been compromised.
One method known in the art to reduce these risks is to require the use of a secondary verification method, such as a password or “PIN” known only to the rightful instrument holder, with every transaction. This is inconvenient, however, as a particular instrument holder may have to remember multiple PINs for multiple payment instruments. It may also require payment systems to be redesigned.
Another method known in the art is for the desired target of a payment instrument transaction to initiate a verifying transaction using the instrument, for example, a de minimis deposit or debit of unpredictable amount. Only by contacting the financial or other institution associated with the payment instrument and authenticating one's identity can one learn the nature and amount of the “test” transaction. The user of the payment instrument submits this information back to the desired target of the payment instrument transaction, who then can be certain that other party is authorized to use the payment instrument. One problem with this method is that an actual transfer of value may take place, or multiple transactions may be required. This method may require financial institutions to perform systems integration, process changes, and retraining of customer service staff. Another problem is that, in theory, the amount of the transaction or transactions could be guessed or otherwise predicted.
It would be desirable to have methods and systems for verifying a party's authority to use a payment instrument or financial account.
The present disclosure is directed to solving or overcoming one or more of the problems described above in the context of remote transactions, though much of the distinct functionality of the described methods and systems also has unique value in face-to-face transactions.