There is a need for more secure data transfer when paying for goods and services using payment cards such as debit and credit cards.
In a typical payment transaction, a user may use a credit card to purchase an item at a merchant or enter his account information into a payment page of a merchant's website. The merchant then generates an authorization request message using a POS (point of sale) terminal when the user is present at the merchant location. Alternatively, for an online transaction, the merchant website may generate an authorization request message for card-not-present (CNP) transactions. In either instance, the authorization request message is passed to the issuer of the credit card, and the issuer may approve or deny the request to authorize the transaction.
There are a variety of methods by which fraudsters attempt to obtain account information of users for conducting fraudulent transactions. To address this problem, there is a need for making electronic transactions partially dependent on data that are not part of the account information stored in a user's debit or credit card, or part of information that are typically provided by a user to a payment page of a merchant's website.
Embodiments of the invention address these and other problems, individually and collectively.