In today's world of commerce there are two dominant methods of making purchases. One is categorized as “card-present”, where the card holder and payment card are physically present at the time of transaction, and the other is “card-not-present”, where the card holder is not physically present during the transaction. The former transactions typically occur at a physical establishment (e.g., store, restaurant, gas station, etc.), while the latter typically occur during making purchases over the Internet (also referred to as “ecommerce” purchases) or making purchases via phone or mail-order. Card-present transactions typically enjoy far less fraud than card-not-present transactions. This is often attributed to the ability to prove credential authenticity (i.e., authenticity of the payment card being used) and card holder legitimacy (i.e., the individual making the transaction is the card holder or an authorized agent of the card holder). The enforcement of these two attributes is typically the responsibility of a physical point of sale (POS) terminal and/or other like computing device that can verify correctness of the information contained on the card and identity authentication, which is generally a personal identification number (PIN), a card holder signature, and the like.
Most ecommerce transactions require a user to input payment card information and cardholder identification information into text fields of a web-based user interface. Additionally, most phone-order purchase require customers to recite payment card information and cardholder identification information over the phone. This is because in most card-not-present transactions, the terminal-based authentication methods are usually not available. Furthermore, most current fraud prevention measures for card-not-present transactions, such as typing/reciting the account number contained on the front of a payment card plus other identifying information like a 3-digit cardholder verification value (CVV) on the back of most payment cards, have been demonstrated to not reduce fraud to the level experienced by card-present transactions. Moreover, the attempts to strengthen cardholder presence assurances for card-not-present transactions has resulted in the introduction of online authentication protocols, such as the XML-based 3D Secure (which is also known by various trade names including Visa® Verified by Visa, MasterCard® SecureCode, American Express® SafeKey, and JCP International® J/Secure). These protocols introduce an additional authentication step in the payment checkout process that verifies cardholder identity through the card-issuing bank. However, the additional verification steps introduced by the aforementioned protocols tend to result in customer frustration in the form of online shopping cart abandonment, which may lead to a loss of revenue for ecommerce merchants.
Accordingly, it may be desirable to bring the user experience and transaction security aspects of a physical POS terminal (i.e., card-present transactions) to online, phone-order, and/or mail-order transactions (i.e., card-not-present transactions). Furthermore, it may be desirable to provide transaction security for card-not-present transactions while reducing a number of steps for providing payment card verification and cardholder authorization.