Financial transactions conducted via computers and computer networks are susceptible to fraud or theft of confidential financial information. Computer software engineers continuously strive to improve the security of computer systems in an effort to prevent theft and thereby calm users' fears. Various encryption schemes have been used to provide a layer of security for confidential information, however, for every effort toward increased security, new techniques are developed by hackers to break into encrypted information. Specifically, hackers want to steal credit card numbers and associated personal information.
FIG. 1 shows how a typical credit card transaction is conducted over the Internet. A credit cardholder (purchaser) 102, contacts a merchant's web site 104 over the Internet. The cardholder 102 makes a shopping selection from the merchant's web site as shown at 108. Next, the cardholder 102 provides the merchant with a valid credit card number and related personal information, such as expiration date, shipping address and so forth, as shown at 110.
The merchant 104 receives the cardholder's personal credit information and contacts the cardholder's credit card company 112 to charge the cost of the selected items, as shown at 114. If the charge against the credit card is successful, the merchant is notified and forwards an order confirmation 116 to the cardholder. The merchant then ships the selected goods to the cardholder. A short time later, the card company makes a payment to the merchant for the cost of the order as shown at 118. Finally, the card company provides a bill to the cardholder for the cost of the purchase and any accrued interest charges, as shown at 120.
In the above example, it is easy to see that the cardholder has provided confidential information over the Internet to the merchant. There is a risk when a cardholder transmits this information, since it may travel through several computer systems prior to reaching the merchant. This places the information at risk of being stolen. The merchant stores this information in its internal database, and at some point, the information may be used to generate mailing lists for future product offerings. To generate additional revenues, the merchant may sell all or a portion of the information to third parties. Even if the merchant tries to protect the information, the merchant's database is subject to unauthorized access, which may also put the cardholder's personal information at risk. Although some merchants may take steps to prevent unauthorized access to their internal databases, other merchants may not use adequate security measures. As a result, the cardholder's credit card number and other personal information may be compromised.
Organizing merchants worldwide to adopt consistent security measures has been largely unsuccessful. The secure electronic transaction (SET) protocol, while having promise, has been abandoned by key players in the industry. At this point in time, secure socket layer (SSL) is the fall back position, particularly on the Internet. Other "pre-Internet" problems continue to exist with regard to credit/debit cards. Employee theft, merchant fraud, recurring charges, and theft by others cause massive expense and hardship, such as with identity theft. These problems have had a chilling effect on electronic commerce. Reports estimate that 70%-80% of Internet purchases are left uncompleted. Either the cardholder backs out of the electronic transaction completely or telephones the company directly to verbally place the order.
The threshold for merchants to accept and process credit card purchases remains high. Merchants, for the most part, still rely on phone and fax orders. They must buy terminal software and subscribe to third party processing companies. Internet merchants pay the highest discount rates and are limited to methods of shipping that require a signature evidencing receipt. Additionally, Internet merchants are unsupported in charge back disputes, which may occur if a product is shipped to an address other than the credit card billing address.