Smart cards are currently used for many business transactions. A smart card is typically a plastic card the size of a credit card that is imbedded with a microprocessor chip that makes it “smart.” A smart card is capable of adding, deleting, and otherwise manipulating information on the card. In order to use a smart card for a stored value purchase, information representing a load or monetary value must be transferred to the chip imbedded in the card. Normally, the load value is transferred from a host on-line system of a financial institution, such as a bank, to provide an audit trail and to secure a load key. The load key is a secret code used in verifying and authorizing a transaction. There are a number of ways in which on-line connections are made. Generally, an on-line connection is made when a smart card is inserted into any device that is directly or wirelessly connected to the host system. The card can be inserted, for example, into an automated teller machine (ATM) or a merchant terminal which is connected to the host system. Further, the card can be inserted into a card reader attached to a personal computer (PC) which is networked into or connected to the host system.
A load value may also be transferred between two smart cards remotely, or off-line. A remote or off-line transaction is generally made by inserting a card into a device that is not connected to the on-line system at the time the transaction occurs. For example, an electronic purse or wallet, a remote ATM, a merchant terminal, or a PC may be utilized to perform off-line transactions between smart cards. Other similar methods and devices, such as smart card compatible cellular phones, are also used in off-line transactions between cards. Such off-line card-to-card transfers, however, allow for inaccuracies between the host on-line system and the cards involved in the off-line transaction. Additionally, these off-line transfers create opportunities for fraud.
Generally, a smart card transaction results in an immediate update of the load value on the card. With an on-line transaction, the updated load value on the card is also immediately reconciled with the on-line host system of the financial institution or bank which tracks the load value of the card. With an off-line or remote transaction, however, the updated load value of the card is not immediately known by the host on-line system. Thus, a remote transaction between cards potentially may never be known by the on-line system. For example, when an electronic purse or wallet is used to make an off-line transfer between two smart cards, the off-line electronic purse or wallet transfers all or part of the load balance of one smart card to another smart card. A memo documenting the transaction is posted to the transaction log within the memory of each of the smart cards. The smart card transaction log, however, has only a limited capacity to store transaction memos. For example, a VISA Cash Smart Card may be used for up to 32,000 transactions, but the transaction log within the smart card memory is capable of storing only the last 10 transactions. Once the transaction log is filled, a new or succeeding transaction bumps the oldest preceding transaction off the transaction log. Thus, only a very small percentage of the total number of transactions is available for accounting purposes.
This limited ability to store transactions is problematic when a later attempt is made to reconcile and audit account balances after an off-line transaction has occurred. If the transaction memo for the particular off-line transaction is bumped from the transaction log before the smart card connects with the on-line system, then the load balances between the smart card and the on-line system will be different and there is no ability to trace the particular off-line transaction. This problem is compounded since questions and problems associated with one or more transactions are frequently not discovered until well after the transactions have occurred. This increases the likelihood that any record of the transaction in question has already been bumped from the smart card transaction log by the time the question arises. Thus, if something did not go right during the transaction, or if a fraudulent transaction was generated, there is little, if any, ability to trace the transaction because of the limitations of the smart card transaction log.
There is a current need to provide a method and system for tracking off-line smart card transactions, such as off-line card-to-card transactions, which provides an audit trail of the transactions.