Electronic transaction systems are used today to permit consumers to conduct many day-to-day transactions in an efficient and rapid manner. For example, banks have recognized the importance of personalized direct electronic access of bank account information by individual customers by use of automatic teller machines (ATM). These machines provide customers with the ability to make inquiries as to their account balances and to direct that simple banking transactions be performed.
In this discussion, the term "transaction" will mean that activity for which a credit account is established to promote, e.g., the completion of a bank transaction through an automatic teller machine (ATM), the successful line connection between a calling party and the called party, or the unlocking of a door to a protected structure such as a building or automobile. The term "credit account" will be used as a generic term for any kind of account that is accessible to a user by entering account information and an access code. Such credit accounts include, but are not to be limited to, credit card accounts and telephone credit card accounts.
The above transactions are generally conducted by an authorized user entering account information and/or an access code by pressing a series of numerals and/or alphanumeric characters on a keypad which resembles, for example, a standard telephone keypad. Hence, such a keypad is generally found in an ATM, public telephones, and a door to a protected structure such as a building or automobile.
A critical problem arising as a result of conducting transactions via the abovementioned electronic transaction systems is the inevitable access of unauthorized users to certain credit accounts. As an example, telephone fraud has become a multimillion dollar per year revenue loss which is primarily paid for indirectly by its authorized users. In the Visa and MasterCard and Department Store credit card industries, the dollar losses are commensurate. To date, there is no apparent solution or countermeasure available to relieve these serious crimes. The bulk of the crimes come from the use of credit cards or credit card numbers that are stolen by the people through whose hands a credit card, or credit card number, passes, or by a person who observes someone making use of account information and a user identification code such as at a public telephone. It is not unusual for a credit card or credit card number to pass through a thousand hands per year.
Security of credit account systems has been improved in the last several years by the use of personal identification numbers (PINs). Although any of the aforementioned types of credit accounts could be used, the telephone credit card or "calling card" will be used to exemplify prior attempts to improve the security of credit accounts.
In the use of a calling card, the caller will enter the telephone number to be charged to his or her account. The system will then respond with a prompt for entry of the PIN. The PIN is a 4-digit number which is then compared against a stored 4-digit number in the computer of the phone company, and if a match is made between the entered PIN and the stored PIN, completion of the call will be made, and the cost for the call will be charged against the account recognized by the computer as being associated with the entered user phone number. If the incorrect PIN is entered, another request is made by the computer for entry of an appropriate PIN. If a successful match is made on the second or subsequent time, the call will be completed. After a certain number of attempted tries without success, any further attempts to enter a PIN will be rejected, even if a match would otherwise be made. The reason for not accepting entered PINs after a certain number of failures is to prevent unauthorized users from entering a large number of PINs at random in order to gain access to the account by a lucky match.
A similar system is employed by many banks in their ATM apparatus. Again, a user is prompted, after inserting his or her credit card into a slot, for a PIN, and upon a proper match, access to the account is made.
The problem with the above described systems is that it is not too difficult for one to gain access to an account by looking over the shoulder of a user entering numbers on a keypad which is usually mounted on a vertical panel and is easily seen by one who is serious about gaining access to an account. Although an ATM would require reading of the physical card prior to the user entering the PIN, telephone credit card account information and its access code can be obtained by an unauthorized user simply by observing the digits being entered and memorizing them or writing them down for future reference. This unauthorized observer is known as a phone surfer. In a more extreme, although not uncommon, situation, an unauthorized user might steal a calling card or rob its owner of such card after the unauthorized user learns the access code or PIN.
The result of an unauthorized user successfully entering a credit account is that he is rewarded and encouraged to try again with another credit account. Further, once the access code for a particular account is known, the unauthorized user can repeatedly use the account over and over until such time as he or she is caught, decides to move on to another account, or exhausts the credit limit of the legitimate owner of the account.
In an attempt to reduce the possibility of an unauthorized user gaining access to an account by looking over the shoulder of a legitimate user entering the account information into an electronic access system, the following solutions have been proposed: make access codes longer, thus rendering it more difficult for unauthorized users to observe and memorize or write down account information; cancel the codes of employees once they leave a company; train personnel to recognize the signs of rip-off schemes; block all calls to countries in which the company has no dealings; monitor calling on a daily basis; increase hired security personnel to guard protected structures; and the like. Not only have these attempted efforts resulted in excessive costs to industries providing credit account services, but they have also failed to make a significant reduction in such crimes.
It would therefore be an improvement in this industry to provide a security device for frustrating or eliminating the ability for an unauthorized user to gain access to a protected structure or credit account.
It is an object of the present invention to provide a security device for improving the security in electronic access transactions and in some cases to completely eliminate the possibility of fraudulent access.
Another object of the present invention is to provide a security device which is relatively small and compact and light in weight for convenience in handling and which significantly restricts unauthorized access yet keeping legitimate accessing simplistic for an authorized user.
It is yet another object of the present invention to provide a security device which is extremely simple and durable in structure for high reliability throughout a long useful life, and which can be economically manufactured for sale at a reasonable price.