With the advent of the Internet, virtually anything can be bought, sold, or negotiated on-line. Currently, many Web portals offer products and/or services to business entities and consumers. One serious problem facing many of these Web portals is in the area of security. Although some aspects of the security concerns have been resolved or at least reduced using various encryption or related technologies, many fraudulent transactions still occur because the current security measures are generally inadequate to address certain types of security breaches.
Currently, there are at least two major security issues in regard to on-line transactions. The first issue concerns confidentiality, that is, the ability to make a transaction without the transaction being known or intercepted by a third party. For instance, when a consumer purchases a product or service on the Internet using a credit card (i.e., submitting the credit card number and other requested information to the seller), it is imperative that the transaction be confidential such that sensitive information such as the credit card number, expiration date, and the identity of the product or service purchased, not be revealed to unauthorized parties. This aspect of on-line security has been dealt with, and to large extent, resolved, through the encryption technology where the sensitive information is encoded to prevent third parties from reading the data, even if the data were to be intercepted.
The second security issue concerns authentication, that is, the ability to uniquely identify the individual who is making the transaction. For instance, taking the example above where a consumer purchases a product or service on the Internet using a credit card, it is imperative that the seller be able to determine that the person submitting the credit card information is actually the owner of the credit card, or a person authorized by the owner. Failure to do so means that the transaction can be made void by the actual owner. The ability to identify the individual protects against at least two types of fraudulent transactions. One type is the case where an unauthorized person uses the credit card number of others to purchase a good or service on the Internet. The other type is the case where an authorized person uses the credit card, but who later denies having made the transaction. It is a commonly known fact that many credit card transactions result in a default due to a seller's inability to properly authenticate the identity of the individual making the transaction.
Currently, there are many authenticating devices and methods for uniquely identifying individuals which can presumably be used to prevent or limit the fraudulent transactions due to improper authentication. One such system is one employing digital certificate technology where a user obtains an encrypted file from a certificate authority who, before giving out the certificate in a special storage device such as a smart card, authenticates the user by requiring the user to produce an acceptable identification card. A special reader is then attached to the user's PC to read the digital certificate stored in the smart card. When a secure transaction needs to be made, the digital certificate is sent to the transacting party who then verifies the authenticity of the certificate and reads the information provided in the certificate such as the name of the person whom the certificate belongs to.
The fingerprint identification system, on the other hand, employs a fingerprint reading device which is attached to a user's PC. Whenever a secure transaction needs to be made, the user places a finger on the reader, and a digital image of the reader is sent to the transacting party. The image is then compared against a previously stored image in a database to identify the individual.
Although these devices may significantly reduce the on-line fraudulent transactions due to improper authentication, at this time, it is unrealistic to expect consumers to purchase such a device for the sole purpose of conducting a transaction over the Internet, especially, when alternative less-costly options such as offline purchases are available. In addition, because there are currently no single standard or device which is acceptable to all, purchasing such a device does not necessarily ensure that a trusted transaction would be possible.
For these reasons, many types of transactions which can presumably occur on-line are still being done only through the traditional off-line mediums, though conceivably such transactions may be facilitated on the Internet if a trusted method of transaction not requiring the consumers to purchase such authenticating devices were to be available. While many types of transactions would fall under this category, one notable example is the transactions concerning group benefits plans which cater to business entities and other entities such as educational institutions, clubs or associations which have a large base of individuals, e.g. employees, students, club members, etc., who are associated with the entity. These benefits can include services such as insurance coverage of all types, e.g., medical, dental, life, travel; loans with below-market rates; mobile phone service plans; etc. The benefits can also include goods which are sold to the associated individuals at a discounted rate.
A unique characteristic of the group benefits plans is that while the end product or service directly benefits the associated individuals, e.g., employees, club members, etc., the plans are negotiated by the entity whom the individuals are associated with. Take for instance, a company employing a large number of employees. A group benefits plan such as group insurance would be negotiated by the employer, i.e., the company, on behalf of the employees. By having control over a large pool of potential customers, the company is able to negotiate a better deal with the benefit provider than if the employees were to negotiate the benefit directly.
Currently, most aspects of procuring and administering of group benefits are manual in nature. Namely, the employer would have to manually choose and contact the group benefit provider and the group benefits plans are shown and negotiated off-line. Even after the plan is chosen, the details of the plan are generally presented to the employees in a manual manner. The shortcomings of such manual methods are many. First, because the company must manually select and contact each of group benefit providers and individually negotiate the plan, much time and resources are wasted, and thus, only a limited number of providers may be considered. And second, the administration of the benefits plan is inefficient because the employees must often communicate their choices and desires through the employer, even when a direct contact between the benefit provider and the employees would be more sensible and efficient.
While it can be appreciated that there is a need for system and method for facilitating a trusted transaction between business entities and consumers, and one which can be used to efficiently transact group benefits plans, currently, no such systems are known to exist, and certainly, none which are both efficient and trustworthy.