1. Technical Field
This disclosure relates to the secure storage and retrieval of confidential information, including credit and debit card information.
2. Description of Related Art
Electronic shopping, commonly referred to as e-commerce, has revolutionized how consumers purchase goods and services from merchants. Because of the Internet and, more recently, the personal data assistant (“FDA”) and the wireless phone, merchants are able to showcase and sell products and services without the customer ever having to leave their home or enter a brick and mortar store.
Security concerns, however, are among the most important issues confronting today's electronic shopping models. Most of these transactions are completed using credit or debit cards. Unlike traditional telephone and in-store credit or debit card processing machines, today's wireless and Internet-related communication systems can be more susceptible to the unauthorized misappropriation and use of this sensitive financial information.
Attempts have been made to make the Internet and wireless transactions more secure. For example, credit and debit card information has been encrypted and/or protected by “tokenization.” Tokenization uses an unrelated string of numbers and/or letters to represent and securely access stored credit or debit card information. The actual credit or debit card information, such as the card number, does not have to be exchanged between merchants and processors over the Internet.
Notwithstanding, a breach of systems at TJX Companies between July 2005 and mid-January 2007 exposed data from more than 45.6 million credit cards. In August 2009, information from more than 130 million credit and debit cards was stolen from Heartland Payment Systems, retailers 7-Eleven and Hannaford Brothers, and two other companies. There have been numerous other break-ins of so-called secure networks. Over the past five years, hundreds of millions of credit cards have been stolen, not during the transaction, but from the computers that had been storing them. Encryption and/or tokenization did not protect this information.