This invention relates to systems and methods for facilitating communications and or commercial transactions over a public network, such as the Internet. More particularly, this invention relates to systems and methods for conducting secure online transactions.
Due to the development of the World Wide Web (xe2x80x9cWebxe2x80x9d), online commerce over the Internet has experienced dramatic growth in recent years. The Internet is used to conduct a broad range of commercial and financial transactions. Parties often use the communication capabilities of the Internet to enter into contracts or conduct business electronically and use electronic fund transfers (EFTs) to satisfy the resulting financial obligations. An EFT involves the movement of funds from one bank account to another in response to electronically-communicated payment instructions.
For example, an increasing number of merchants are developing websites that consumers may access and use to purchase goods and/or services. It is now common for a consumer to browse a merchant""s online catalog, select a product, place an order for the product, and pay for the product all electronically over the Internet.
Although the Internet offers a fast, reliable, and efficient way to communicate and conduct business, information transmitted over the Internet of other global networks may be vulnerable to security breaches. For example, consumers typically pay for the goods and/or services ordered over the Internet with a credit card. During the online transaction, the merchant sends an order form and asks the consumer to enter personal data such as his name, address, and telephone number, and credit card information such as an account number and expiration date. The consumer returns the completed order form containing the credit card information to the merchant over the Internet. The merchant verifies that the credit card information is valid and that the card can be charged the payment amount. The card verification is usually conducted over a proprietary card verification network, such as the VisaNet network.
One problem with traditional online credit card transactions is the lack of signature verification. Presently, an online merchant has no way to verify that the individual providing the credit card number is authorized to use the card. The card number may be from a stolen card or merely copied from an old credit card receipt. Another problem concerns the security of the credit card data as it travels over the Internet. The credit card information can be intercepted in route, copied into a database and used to make unauthorized purchases. In an automated environment, a thief can repeatedly use the stolen credit card information to readily conduct many online transactions before the consumer ever becomes aware that the credit card data has been stolen.
The CD-ROM credit card system and method of the present invention substantially improves on the prior art online commerce model. With the CD-ROM credit card, data is securely transmitted over the Internet, and even if stolen, the data cannot be used by the thief to make unauthorized online transactions. In addition, the credit card includes a user verification feature. Further, the CD-ROM credit card is entirely compatible with existing systems for settling accounts.
The present invention credit card comprises a wallet sized CD-ROM with account data encrypted using standard encryption technology by an issuing financial institution. The CD-ROM credit card includes all of the information typically found on an ordinary credit card such as a consumer""s account number and credit limit. The CD-ROM credit card further includes an executable program, such as a Java application, which may be loaded onto the consumer""s computer and allows the consumer""s CD-ROM drive to be accessed by a corresponding program located on a merchant""s website. In one embodiment, the executable program is self-installing.
The method for using the card is as follows. Initially, a consumer applies for a CD-ROM credit card from an issuing financial institution or an authorized third party. The issuing institution mails the CD-ROM credit card containing encrypted account data to the consumer. Typically, the consumer either may be assigned a PIN number or may choose a PIN number. The PIN is typically communicated to the consumer in a separate mailing or electronic communication. Prior to first use, the consumer accesses a website owned or controlled the issuing financial institution. The website may also be operated by a third party under the direction of the issuing financial institution. The website requests that the consumer insert the CD-ROM credit card into the consumer""s CD-ROM drive. The self executing program loads itself onto the consumer""s computer or modifies properties of the consumer""s computer operating system enabling the consumer""s CD-ROM drive to be read from the financial institution""s website or remote computer. The website requests the consumer""s PIN number to confirm the consumer""s identity and upon confirmation activates the account.
Subsequent to having the card activated, the consumer may go shopping online. For example, the consumer proceeds to an online merchant and selects several items to purchase. The merchant""s website instructs the consumer to insert his CD-ROM credit card into his CD-ROM drive. The merchant""s website reads the encrypted card holder data from the CD-ROM credit card and transmits it to the issuing institution identified on the card through currently available communications infrastructure. In addition, the merchant""s web site redirects the consumer to in a separate secured session to the issuing institution.
Upon receipt of card holder data, the issuing bank""s computer system prompts the consumer for a PIN number over the secure link. Upon receiving the correct PIN number the transaction is authorized (assuming the transaction comports with other standards set by the issuing bank, i.e., the purchase does not exceed the consumer""s credit limit). The encrypted data transmitted via the merchant""s gateway to the issuing financial institution is transmitted using a standard secure sockets layer (xe2x80x9cSSLxe2x80x9d) protocol or a directed point to point connection over a private circuit. One feature of the above system, is that in the path between the consumer""s computer and the issuing financial institution""s computer, the data on the CD-ROM credit card is not decrypted. Only the issuing financial institution has the key required to decrypt the data. This feature, and the identity verification feature provided by requiring the use of a PIN number, provide a degree of security which is not available in online credit card transactions involving only a credit card number. These and other features of the invention will become more apparent from the following detailed description of the invention, when taken in conjunction with the accompanying exemplary drawings.