Online transactions between customers and merchants over the Internet are becoming increasingly more common. Such transactions can comprise the purchase of products in electronic form such as software, video, images, text, data and any other material available in electronic form that can be delivered over a network such as the Internet. The transactions can also be for conventional goods in which case the goods are delivered offline.
The problem with online transaction systems is ensuring secure payment for the purchased goods. One form of payment which has been adopted widely is payment by credit or debit cards. This method of payment is particularly suited to electronic payments over the Internet since it only requires the transmission of a credit card number. However, this method of payment has received a great deal of publicity because it fails to provide security since the customer's credit card number is exposed over the Internet to fraudsters. Although a great deal of effort has been expended in increasing the security of transactions using credit card numbers for example using encryption, digital certificates and secure communication channels (e.g. the secure socket layer), there is still an inherent weakness in that the credit card number is transmitted for payment and held by servers.
Products provided over the Internet can range greatly in price. For transactions of a threshold value e.g. a dollar or more, a credit card transaction is commercially viable. However, where purchases made over the Internet have a much lower value, the payment for individual transactions by credit card is not commercially viable because of the transaction cost charged by the credit card companies. Thus micro payment systems have been developed in order to make micro payments by customers to merchants and to aggregate micro payments to make the billing of customers e.g. by credit card commercially viable.
An example of a prior art micro payment system is the QPass system disclosed in WO 00/33221. In this system customers and merchants register for the service. The customer and merchants are interconnected over a transaction network to which is connected a payment processor. When a customer wishes to make a purchase from a merchant, they log in to the system using a user name and password. The user name used need not be unique and is selected by the user during the process of registering for the service. A unique ID is generated for the user during registration and this is stored as a cookie on the customer's computer. Thus when a user logs on and enters their user name and user ID, the cookie is read from their computer and their unique ID is compared to the user's database. Once a user has logged on, a session cookie is stored on the user's computer and this is valid for a period of time. This enables the user to enter into transactions with merchants and the transactions are recorded at the payment processor. In this way payments made by customers for goods from merchants can be aggregated and the customer can be billed by the payment processor when appropriate e.g. when the aggregate amount reaches a threshold.
Although the QPass system provides a transaction network that enables users to register and be authenticated so as to allow aggregation of micro payments, the system relies on cookies. Cookies provide a low level of security since these can be read and accessed readily. Further, this system requires a user to set their browser to enable cookies.