This invention relates to a security system which protects against misuse and counterfeiting associated with banking transactions in particular, such as manual or automatic dispensing of money, by using identificands, such as credit cards, check cards, machine-read cards and the like, which bear identification and card use data which can be read visually and by machine, and by utilizing an individual distinguishing device, such as a personal identification number (PIN), to check whether the user is entitled to use the identificand.
As the system of the invention is not limited to the use of a card, but can also employ a key, a coded token, or the like, the generic term "identificand" consequently is used hereinafter for the element usable with the system, and includes either a card of the mentioned type, a coded token, or a key, or the like.
In systems of this general type, the intention is to protect the identificand from misuse and counterfeiting, and such systems have been the subject of many previous proposals, patented and otherwise. Thus, some known systems of cash dispensing may use, for example, the account number as an identification and, for protection, a personal reference number or personal identification number which correlates with the account number. The user has to insert his card into a verifying means, such as a machine, and "key in" his personal reference number (PIN) in order to prove or check his right to use the identificand. Obviously, in such a case, evidence of tampering cannot be checked, so that it is easy for a potential criminal to counterfeit cards if he is able to decipher the correlation between the account number and the identification number. Deciphering is made easier by the fact that, in all known machine cards, the personal identification number (PIN) entered on the identificand can be easily determined either visually or by machine reading, regardless of whether it is encoded or printed.
Moreover, the identificands carry still other data which might be of interest to a criminal, namely, use data. Use data includes the expiration time or date, the amount of money available to the rightful owner of the identificand, such as a card, and the conditions of use of the identificand. Not only the rightful owner of the card, but also a potential criminal, can easily change, to his or her advantage, this use data, especially if the use data is recorded on a magnetic strip, known to the art as "magstrip", on the card, such magstrips being characteristic of machine-read cards only.
While the state of this art is contained in volumes of technical literature, it is sufficient to mention, in particular, German Offenlegungsschrift No. 1,945,777, U.S. Pat. Nos. 3,891,830, 3,868,057, 3,934,122, and 3,702,464, and also British Patent No. 1,197,183. All the machine-read cards covered by the prior art technical literature, however, have the disadvantage that the personal identification number (PIN), even if not always easily deciphered, can be determined, and furthermore, the machine-read cards can also be misused by the rightful owner by changing the use data. In other words, the information contained in these cards is externally accessible to either the rightful owner or to a potential criminal.