A. Technical Field
The present invention relates to a point-of-sale (POS) system, and more particularly, to systems, devices and methods of making secure payments using a mobile device in addition to a POS terminal that may be an insecure payment device exposed to various tamper attempts under certain circumstances. The mobile device is involved in a trusted transaction between a central financial entity, e.g., a bank, and the payment terminal, such that the insecure payment terminal may be further authenticated based on rolling codes, two-way or three-way authentication, or an off-line mode enabled by incorporation of the mobile device.
B. Background of the Invention
A point of sale (POS), also referred to as point of purchase or checkout, is the location where transactions of purchase and payment occur. At each POS terminal, appropriate hardware and software are used to manage a selling process by a salesperson, and allows creation and printing of purchase receipts. FIGURE (hereinafter, “FIG.”) 1 illustrates a conventional POS system 100 that relies on communication between a payment terminal 102 and a central financial entity, e.g., a bank 104. The bank 104 issues a payment token 106 to a user. The payment terminal 102 reads the payment token 106 to extract account information which is further communicated to the bank 104. The bank 104 requests a signature or personal identification number (PIN) from the user, and authorizes a payment upon user authentication. Examples of the payment token 106 include a credit card issued by a credit card company, a debit card associated with a bank account, and a prepaid cash card, and the payment token 106 may be read by swiping through or touching the payment terminal 102.
The user has to carry a physical debit or credit card which is embedded with a magnetic strip or chip. The magnetic strip or chip is used to store the customer's personal account information. In most debit or credit cards, authentication of a cardholder is still limited to the cardholder's signature, a password and/or a short PIN, such that minimum efforts are required from the cardholder and the technical barrier may be significantly reduced for average people. Despite convenience for use, credit cards are faced with tremendous security threats. Once a thief steals a card, he or she may conveniently fake the signature, or decipher the password or PIN that sometimes includes only four digits.
Furthermore, once the payment terminal 102 is compromised, an adversary may capture a personal data, while the payment token is read by the payment terminal 102 during a trusted transaction. When the user enters his personal data, e.g., account information, signature, password and PIN, into a conventional POS terminal, he or she is supposed to trust the device based on its brand name and mandatory device security certification. However, in many places over the world, this trust is not guaranteed. The payment terminal 102 may be tampered with, and a counterfeit terminal may have been installed to replace the legitimate payment terminal 102. The counterfeit terminal easily captures the confidential personal data when the payment token is processed at the terminal, and the data may be used by a thief to make unauthorized purchases and payments, or alter the amount charged to the payment token. Therefore, a conventional payment terminal may only be regarded as an untrusted device that sustains a limited security level for processing trusted transactions.