In the existing Point of Sale (POS) PIN debit card system, the merchant swipes the customer's debit card, which captures the customer's card number (Primary Account Number (PAN)) and enters the amount of the transaction. The customer enters a secret Personal Identification Number (PIN) on a PIN pad, which encrypts the number and sends it with the PAN, the encryption key and the transaction amount to the bank for approval. Typically a different encryption key is used for each transaction. The bank decrypts the PIN, checks the PAN against the PIN and debits the customer's account by the amount of the transaction if the funds are available and sends a message back to the merchant approving or denying the transaction.
A second type of debit card is the signature debit card which is swiped at the merchant location and signed by the purchaser but no PIN number is entered. The system puts the transaction through the credit card system, but the amount of the transaction gets debited a few days later to the user's bank account and not the credit card account. The merchant pays the same commission as for a credit card transaction.
Currently on-line transactions are done by credit card but not PIN debit cards since the POS debit card equipment is not applicable for on-line merchants. However using credit cards for on-line sales causes the on-line merchant to incur the costs of the credit card commissions.
Various systems have been developed to facilitate on-line payments, such as electronic purses or wallets, but none of these have achieved wide acceptance due to a number of factors, including cumbersome procedures, unreasonable costs and unfair assignment of risk. Generally they involve setting up a trusted third party account. For example, United States patent application publication No. US 2002/0016749 discloses a system in which a user registers for an electronic cheque book service, acting as trusted third party in on-line transactions with merchants. The service maintains databases of IDs and passwords for both merchants and customers. United States patent application publication No. US 2003/0200184 A1, discloses a mobile account authentication service in which the customer enrolls with a trusted service which records PIN, PAN and other relevant data including passwords. The trusted service authenticates the customer's identity when he deals with on-line merchants in order to transact purchases.
United States patent application publication No. US 2001/0039535 discloses a method for a shopper to provide confidential payment information such as bank debit card numbers, PIN numbers, expiration dates, and similar data to a trusted third party (“TTP”). When the shopper conducts a transaction on an internet website, the TTP facilitates payment to the merchant without the user having access to the shopper's confidential information.
None of the existing systems provide a method whereby users can make PIN debit card transactions for online payments over the Internet as they would make credit card payments. In the following description, “debit card” will refer to PIN debit cards.
The foregoing examples of the related art and limitations related thereto are intended to be illustrative and not exclusive. Other limitations of the related art will become apparent to those of skill in the art upon a reading of the specification and a study of the drawings.