The proliferation of the Internet has resulted in a thriving electronic commerce industry, where more and more products and services are available to consumers in a variety of non-traditional systems (e.g., internet, telephone sales, wireless, interactive TV, and/or the like). For example, in online consumer-merchant transactions, consumers typically provide merchants with transaction account numbers (e.g., charge or credit card numbers) from their existing debit, phone, credit or other transaction accounts (e.g., American Express®, VISA®, MasterCard® and Discover Card®, AT&T®, MCI®, and/or the like). Transmission of transaction numbers via these non-traditional systems has typically created increased opportunities for fraud because of, inter alia, (1) the difficulty in authenticating the possessor of the account number to ensure that he or she is lawfully entitled to use this number, and (2) an increased opportunity for the account number to be intercepted either en route to the merchant or, once at the merchant's site, by an unscrupulous merchant employee or other third party.
Unlike a typical “card-present” transaction where a consumer is present at a merchant's retail establishment and presents a physical charge card to the merchant, the merchant in an online or other remote transaction does not physically see the consumer nor the consumer's charge card. As such, in an online transaction, the merchant is not typically able to appropriately verify the charge number on the card, does not appropriately verify the signature/photograph on the card, and does not have sufficient capability to ask for other forms of identification. Since it has often been difficult to adequately authenticate a person in possession of a charge card in an online transaction, it is often possible for a stolen card to be used over and over again without the merchant having the opportunity to sufficiently verify the cardholder's identity.
However, even if sufficient authentication was practical, the transaction number could still be intercepted in transit to the merchant or stolen at the merchant's location. For example, it is possible for these numbers to be intercepted during transmission, after transmission, or while being stored electronically at the merchant's online or offline location. In light of the increase in fraud involving situations where the physical transaction card is not actually presented to the merchant, consumers are becoming increasingly cautious and reluctant about disclosing their transaction number to merchants (or other unknown third parties asserting to be merchants).
In conducting traditional online purchases, consumers often browse the internet for items to purchase. A consumer generally identifies goods and/or services for purchase by viewing an online advertisement such as a hypertext markup language (HTML) document provided via a World Wide Web (WWW) browser. When the consumer finds an item that he or she is interested in purchasing, the consumer typically selects an item to add to a virtual shopping cart. When the consumer has finished shopping, and desires to purchase an item, the consumer usually proceeds to a virtual checkout, where the consumer is prompted for payment and delivery information. The consumer then typically enters the appropriate delivery and transaction account information, wherein the transaction account number is typically obtained directly from the consumer's physical transaction card. This information is typically transmitted electronically to the merchant over a public network such as the internet via a secure channel such as a secure sockets layer (SSL) connection. The SSL standard is described by, for example, “The SSL Protocol Version 3.0,” dated Nov. 18, 1996, which is available online at http://home.netscape.com/eng/ssl3/draft302.txt, the entire contents of which are incorporated herein by reference. The merchant then processes the transaction account number by, for example, receiving direct authorization from the card issuer, completing the transaction, and submitting a record of charge (ROC) and/or summary of charges (SOC) to the card issuer or acquirer for settlement. While the authorization process (authorization code provided to merchant) may occur contemporaneously with the transaction, the settlement process is generally accomplished by a batch process during periodic intervals.
Although millions of transactions take place every day via the internet, conventional SSL transactions often exhibit a number of marked disadvantages. Although SSL typically provides a secure end-to-end connection that prevents unscrupulous third parties from eavesdropping (e.g., “sniffing”) or otherwise obtaining a purchaser's transaction account number, the protocol does not provide any means for ensuring that the transaction account number itself is valid, or that the person providing the number is legally authorized to do so. Because of the high incidence of fraud in online internet transactions, most charge card issuers consider network transactions to be “Card Not Present” transactions subject to a higher discount rate. Stated another way, because of the increased risk from online or otherwise remote transactions, most transaction card issuers charge the merchant a higher rate for accepting card numbers via electronic means than would be charged if the card were physically presented to the merchant.
To improve the security deficiencies inherent in transporting charge card numbers over unsecured networks, many have suggested the use of “smart cards”. Smart cards typically include an integrated circuit chip having a microprocessor and memory for storing data directly on the card. The data can correspond to a cryptographic key, for example, or to an electronic purse that maintains an electronic value of currency. Many smart card schemes have been suggested in the prior art, but these typically exhibit a marked disadvantage in that they are non-standard. In other words, merchants typically must obtain new, proprietary software for their Web storefronts and point of sale (POS) terminals to accept smart card transactions. Moreover, the administration costs involved with assigning and maintaining the cryptographic information associated with smart cards have usually been excessive to date. Therefore, traditional methods have been impractical and have failed to adequately address the security problems inherent with the transmission of transaction data over a distributed network from the user to the merchant.
Systems to expedite the transaction process typically utilize online digital wallets to store user data and to profile merchant web payment and delivery fields by “scraping” or “crawling” the merchant's website. In other words, the host system physically directs its computer systems to go to the merchant's website and record the payment and delivery fields used by the merchant. This information is then stored by the host system in a database and retrieved as desired when a consumer desires to make a purchase from a given merchant. When the consumer desires to make a purchase from a particular merchant, the host system recognizes the merchant in the database, retrieves the merchant profile, and transfers the appropriate consumer data to the appropriate merchant fields.
One of the problems associated with scraping or crawling the merchant's website to determine the profile of merchant payment and delivery fields is that each merchant's fields are often configured differently. For example, while one merchant may have one continuous web page with all desired information on that web page, other merchants may require the completion of several web pages to complete the transaction process. Complicating the problem of the varying types of web payment pages that must be profiled, is the fact that certain merchants routinely modify their payment web pages without notice to the host system—with some merchants changing their payment web pages weekly or even daily. Therefore, the host system must frequently “scrape” or “crawl” dozens or even hundreds of merchant websites to ensure that the web page field definitions remain up-to-date and that the host system can correctly communicate the appropriate information into the proper locations.
Thus, as more and more merchants have entered the online marketplace, existing online digital wallet technology and merchant profiling has failed to keep pace. As such, traditional transaction automation techniques are inefficient and burdensome.
Therefore, a need exists for a method and system to facilitate an online “card present” transaction and to eliminate the burdensome and inefficient online digital wallet and merchant profiling techniques.