The present invention relates to a security module for an electronic funds transfer system (EFT), and particularly to such a module that is to be used at a point of sale terminal in an EFT network designed to connect a plurality of disparate retailer's terminals through a switched telecommunications network to a plurality of funds holder's data processing centres.
In an EFT system in which many retailers having separate and different contractual relationships with card issuing funds holders and controllers it is necessary for the point of sale terminal to be able to respond uniquely to the different cards that it receives, and reads, from the card holding users. It is also necessary for the card holders to have confidence in the retailer's terminals and not be concerned that the retailer is trapping secret information, such as personal identification numbers (PINs), for later fraudulent use.
One system that has been proposed to deal with these problems is described in our UK Patent Applications Nos. 83/24916 and 83/24917. This system relies on the use of the so-called smart card in which the security operations, encryption and decryption of PINs etc., are computed in the card holder's personal portable microprocessor mounted in the card. This use of personal portable microprocessors is obviously a very flexible and secure system, but compared with the cost of magnetic stripe cards and considering the numbers involved the cost of the smart card is proving to be a hurdle to its widespread acceptance.