In order to ensure a secure transaction, a conventional system may request a user to input the user's account information together with a password, such as a personal identification number (PIN). A PIN is typically a four to eight digit number, which can be used to authenticate the transaction. A conventional system of this type allows the requested transaction to occur when there is a match between the entered PIN number that is input into the system at the time of the request and the PIN number that is stored in the system in association with the user's account information.
There are some drawbacks, however, to the conventional system. One drawback is that a PIN serves as a numeric password for the user to gain access to system, but the PIN itself does not uniquely identify a user. Therefore, the conventional system is configured to authorize a transaction for an unauthorized user when provided with the correct information, including the PIN. So the conventional system is not configured to discriminate between an authorized user and other individuals who are not authorized to access the account.
Furthermore, with increases in electronic and remote transactions, as well as data theft, these conventional systems, which rely primarily on entering the correct PIN, are unable to ensure that the individual accessing the account is an authorized user or an unauthorized user. In the event of fraudulent activity, the failure of the conventional system to make this distinction may result in unnecessary losses to at least the account holders and the organizations that employ these conventional systems.