Electronic shopping, commonly referred to as e-commerce, has revolutionized how consumers purchase goods and information from merchants. Through the Internet and, more recently, the personal data assistant (“PDA”) and the wireless phone, merchants are able to bring their products into the living room (and hands) of the consumer. This ability to reach the consumer has produced a financial windfall for both new start-ups and more traditional brick-and-mortar companies.
Security concerns, however, are among the most important issues confronting today's electronic shopping models. Because most of these transactions are completed using credit or debit cards, there exists a danger that valuable information could be misappropriated.
Unlike traditional telephone and in-store credit card processing machines, today's wireless and Internet-related communications mediums do not provide adequately secure means for transmitting sensitive data. Traditional telephone communications on a “hard-line” use switched networks to offer a certain measure of security, because the caller is connected directly to the receiver by physically switching nodes until a caller-to-receiver network is created. Traditional telephone communications, however, fail to remedy the security concerns facing today's Internet and wireless communications.
Attempts have been made that are known in the art to make Internet and wireless transactions secure. With respect to Internet transactions, attempts have been made to encrypt credit card and debit card information. Although most consumers use a switched network to dial-in to the Internet, once data reaches the nodal network, the data is transmitted in packets. The packets are routed from a source Internet Protocol Address (“IP Address”) through a nodal layer, commonly referred to as the TCP/IP layer, until the destination IP Address is reached. Because both the source and destination addresses can be manipulated, changed, or intercepted, data carried in packets, such as financial information, can be re-routed and misappropriated.
To combat these security problems a Secure Sockets Layer (“SSL”) can be substituted for the standard TCP/IP layer. The SSL stands between the purchaser and the server permitting the secure transmission of data packets. To enable the secure transmission a merchant must obtain a Digital Certificate, such as those provided by VeriSign, Inc., that is acceptable to the purchaser's web browser. This is to ensure that the party receiving the data is actually the merchant the purchaser wishes to contact. Once the certificate is verified, the data is encrypted and transmitted to the merchant. The SSL arrangement, however, cannot confirm the integrity of the certified merchant or ensure that the merchant is equipped to prevent leakage of valuable financial information.
In other systems, such as the systems disclosed by Rose et al., U.S. Pat. No. 5,757,917, and Stein et al., U.S. Pat. No. 5,826,241, a payment system receives and sends messages to and from the seller and the buyer regarding a transaction. The messages contain information including the parties' identities, which are represented by a “card number” specific to the party but unrelated to financial information. The payment system then contacts a bank card processor that interacts with credit card companies to complete the transaction. These systems, however, fail to provide security features preventing theft or fraudulent use when computer-hackers learn the parties' “card number” or illegally tap into a computer system storing the credit and debit card information. Moreover, such systems fail to control the delivery component of the transaction. These systems merely concern themselves with billing which may take place after the product has been shipped.
Consequently, security in effectuating such transactions continues to be a problem for companies soliciting electronic purchases. According to a ZDNet article, dated Jan. 12, 2000, a computer hacker gained access to a well-known e-commerce web-site and misappropriated thousands of credit cards. (See http://www.zdnet.com/filters/printerfriendly/0,6061,24211377-2,00.html). The hacker then released the credit card numbers to the public on a web-site. Thus, despite numerous attempts to provide for the secure communication and storage of credit and debit card numbers, theft or fraudulent use of such information remains prevalent.
The Internet, however, is not the only means by which merchants can reach the consumer. Many merchants use multiple channels to communicate product offerings, such as print catalogs, newspaper advertisements, and the like. Consumers viewing these traditional means of advertisement may desire to make purchases electronically while away from home or when access to a hard-line telephone is unavailable. Presently known systems and methods of securing electronic transactions fail to embrace such purchases.
Accordingly, there is need for a system and method that securely stores financial information, such as credit and debit card numbers, and disincentivises theft of information used to make purchases by permitting secure electronic transactions over a variety of communication mediums.