Electronic transactions—such as for payments or access to a facility or computer—can be conducted using electronic portable transaction devices, such as smart cards or mobile devices. A smart card is a device that includes an embedded integrated circuit chip that can be either a secure processing module (e.g., microprocessor, microcontroller or equivalent intelligence) operating with an internal or external memory or a memory chip alone. Smart cards can provide identification, authentication, data storage, and application processing. Smart cards can serve as credit or ATM debit cards, phone or fuel cards, and high-security access-control cards for granting access to a computer or a physical facility. Smart cards can authenticate identity of the user by employing a token, such as public key infrastructure (PKI) and one-time-password (OTP). In addition, smart cards can be configured for a biometric authentication to provide an additional layer of security.
Similarly, mobile devices such as smartphones, PDAs, tablets, and laptops can provide a platform for electronic transactions. For example, a user of a mobile device can conduct an electronic transaction for purchase of a product or service using an application that communicates with a mobile payment service. Mobile devices can be configured for a token-based authentication and/or a biometric authentication.
These methods, however, are not immune to identity theft. For example, an identity thief can potential steal a token associated with a smart card or a mobile device and use the token to conduct a fraudulent transaction. What is needed is an additional layer of security that can eliminate or reduce risk for such a fraudulent transaction.