The structure of most credit and debit transactions today is based on the original form of a standard credit card transaction. Such a transaction typically involved the use of a physical card and a physical signature as a means of protection against misuse. In an era of face-to-face transactions, this structure provided adequate security against improper and/or fraudulent purchases. Advancing technology and purchaser demand, however have led to new variations of the standard credit card transaction that do not require either the physical presentment of the card or the signature of the purchaser. Although these new techniques provide purchasers and vendors with increased convenience, they also reduce security and increase the probability of fraudulent purchases.
Strains on the security of the standard credit card transaction began to appear, when it became possible to make credit card purchases over the phone. In a telephone transaction, the only information necessary to complete a purchase is the account number (i.e., credit or debit card number), the account expiration date and, sometimes, an additional security code (i.e., typically 3 or 4 additional digits). As a result, any person able to acquire the account number, expiration date and security code of a credit or debit account is able to make fraudulent telephone purchases on the account. Internet purchases suffer from the same security flaws as telephone purchases, though amplified by the nature of the Internet medium. Like telephone transactions, Internet transactions can be completed with only the account number, expiration date and security code associated with an account. In an Internet transaction, however, this information is transmitted over the Internet or other public network, creating additional opportunities for the theft of account information. The transmission itself is subject to interception, either in transit or at the purchaser's machine (i.e., via a Trojan horse, spyware, or other malware). Further many vendors retain purchasers' account information on the vendors' own systems. Accordingly, a purchaser's account information is at the mercy of security precautions taken by each vendor with which the purchaser does business. Still newer purchasing technology threatens to further undermine the security of credit and debit transactions. Recently there has been a push to use mobile phones and other hand-held devices in place of credit cards, allowing for purchases over the Internet and in-store using WIFI and other mobile networks. The use of mobile networks creates additional opportunities for the misappropriation of account information.
Various attempts have been made to address the security shortcomings of the standard credit card transaction. For example, there has been a proliferation of gift cards, and prepaid cash equivalents. The fixed balance of these cards limits that amount that can be lost to theft, however, it also limits the usefulness of the card to legitimate purchasers. Further, many gift cards are usable only with a certain vendor or vendors. Also, some Internet purchases now utilize high security proxies to perform transactions and transmit payment information to the vendor. These methods, however, are often complicated and require the involvement of a third party (i.e., the high security proxy).