Embodiments of the invention relate in general to payment transactions, and can apply to card present (CP) and card not present (CNP) transactions involving payment devices such as credit, debit or prepaid cards, as well as non-card forms, associated with an account identifier.
In order to protect financial institutions, consumers, and merchants from fraud, the financial services industry has developed and introduced many static features designed to reduce fraud and counterfeiting such as holograms, special over-layers, and watermarks. Nonetheless, many of these features are proving to be less effective as financial transactions are increasingly being conducted in a CNP, remote (e.g., a kiosk) or wireless environment. Similarly, as financial instruments are increasingly being employed on electronic devices, rather than physical plastic cards, the ability to use techniques such as a consumer signature or holograms to authenticate a payment device is becoming less available.
Therefore, one of the primary means to protect against fraud is to include data in the financial transaction that dynamically changes from transaction to transaction or on a periodic basis. Dynamically changing data makes compromised data essentially worthless for subsequent transactions because such transactions will require alternate data. Dynamically changing data serves as a verification value for transaction data because if the verification value does not meet an expected verification value, the transaction will not be processed.
However, applying dynamic changing verification values to the financial transaction record requires different processes and algorithms depending on the payment channel, device, or method used. For example, dynamic verification values may be implemented differently on a credit card than on a payment application residing on a cell phone.
Therefore, what is needed is a system and method for authenticating a payment device that accommodates a plurality of processes for generating dynamic verification values. There is a further need for a system and method for authenticating a payment device in a manner that does not require significant updates or changes to the existing payment infrastructure.
Embodiments of the invention address the above problems, and other problems, individually and collectively.