This invention relates to the electronic processing of transactions completed by transmitting and receiving transaction information among customers, merchants and payment processors. This includes, but is not limited to, credit card transactions made over the internet. The invention is more specifically directed to how sensitive customer information, e.g. credit card data, is handled during electronic-based transactions in communications among the customer, merchant and payment processor.
Credit and/or debit card transactions made over data networks, e.g. internet, provide an ever-increasing percentage of transactions especially for retail customers. A credit cardholder is required to input his credit card information when purchasing goods or services from a merchant's web site. The merchant transmits the credit card number (and any other required information, e.g. expiration date) along with information concerning the merchandise being purchased to a gateway of the payment processor. The gateway converts the credit card transaction information into a format and signaling protocol required by a credit card payment processor associated with the institution or association that issued the cardholder's credit card. The gateway transmits the converted information to the credit card processor for validation and acceptance of the transaction. The result of the transaction is transmitted from the processor back through the payment gateway to the originating merchant. Typically the merchant will provide the customer with an acknowledgement of completion of the transaction.
This electronic transaction process is similar to a customer making a credit card purchase during the checkout process in the store of a merchant, e.g. paying for groceries at a grocery store. In both an in-person purchase and an electronic purchase, the customer's credit card information is provided to the merchant who forwards it to the payment processor for authorization of the subject purchase. While this process has generally proved satisfactory, there are examples where the customer's credit card information has been compromised either intentionally or unintentionally by the merchant or by the handling and/or storage of this information by the merchant.