Point-of-sale (POS) terminals and automated teller machines (ATM) have been widely used in conjunction with various types of cards issued to users for sale or credit transactions. For example, banks regularly issue account cards which have a magnetically coded number stored on a stripe for accessing the user's account through ATM terminals. Credit cards which have coded magnetic stripes are inserted in ATM or POS terminals to access a central account system for authorization of a credit transaction. There also have been proposals to use cards which have large non-volatile memories, e.g. magnetic, integrated circuit (IC), or optical memory storage, for storing and retrieving information specific to the user, such as a medical history, biographical history, maintenance of an account balance and transaction history, etc.
These conventional systems generally employ a card which has a passive memory that is read in a card reader or computerized terminal maintained by a vendor. The security of the cards is problematic since most account cards used conventionally are passive and do not authenticate themselves or the particular transactions for which they are used. Instead, on-line access through a terminal to a central account system, such as bank or credit card account records, is required for confirmation of each transaction. This requirement places an access time and cost burden on vendors, such as bank branches and retail stores, which must maintain the terminal facilities, as well as on the operator of the central account system, which must provide sufficient on-line access for all the users of the system and ensure the security of the entire system.
By comparison, off-line transactions, i.e. between a user with an authorized card and a terminal not connected to a central account system, have the advantage that the vendor does not have to confirm each transaction. A card bearer merely inserts the card in a terminal to pay for a purchase and the authorized amount of the card is debited for the amount of the transaction. In off-line transactions, the vendor's responsibility can be reduced and the transaction process simplified, so that a transaction can be completely automated through the use of widely distributed user cards and automated terminals.
However, off-line transactions are more vulnerable to the use of counterfeit cards and to tampering with the terminals. Thus, the cards have to be made secure and the transactions limited to small amounts. As an example of conventional card security measures, a memory card can be divided into a number of separately validatable sectors of limited value which are irreversibly debited with each transaction, as disclosed in U.S. Pat. Nos. 4,204,113 and 4,256,955 to Giraud et al. A personal identification number (PIN) can be written into the card's memory at the time of issuance and requested of the user with each transaction. Terminals are generally made secure by maintaining them in areas to which access is restricted or supervised. However, these requirements increase the cost of operating the system and at the same time decrease its utility.
The sophistication of card counterfeiting and credit fraud has increased with the widespread use of account and credit cards, and even greater security measures are currently needed to ensure the validity of card transactions. Conventional microprocessor cards employ resident programs to control access to data stored on the card, store a selected user PIN to confirm an authorized user, and prevent use of the card if an unauthorized user is detected, such as after a limited number of incorrect PIN entries. Although such microprocessor cards provide greater security than passive cards, the overall system is still vulnerable in that, once a valid user's PIN has been ascertained, a stolen card can be used for unauthorized transactions in any terminal, and the terminals themselves are subject to penetration. These vulnerabilities can be offset by limiting the authorized amount of the card, controlling access to the terminals, or requiring on-line confirmation of transactions. However, such measures again increase the cost of the system and decrease its utility.
One potential area of application of automated systems employing account or credit cards is in postage vending and metering machines. Purchases of postage and mailing transactions are made primarily in person with cash through tellers at post offices. Only limited types of postage stamps can be purchased from public vending machines. Most private postage metering machines have limited operational features and must have their metering devices removed periodically to a post office for refilling. The size and weight of the metering devices make them inconvenient to carry. Some metering systems can be refilled by a remote computer, but the caller must still phone the computer center and execute the operator's instructions on the postage meter manually.
The elimination of cash purchases, in-person mailing transactions, unnecessary limitations on automated postal services, and physical refilling of postage metering machines could greatly reduce the waiting lines at post offices and facilitate the wider dissemination of postage vending and metering machines for the convenience of users and provide greater access to postal service. The use of account or credit cards for automated postal machines has been considered. However, the security problems of conventional card automated systems would require that user cards be validated only for relatively small amounts of prepaid postage, that vending and metering machines provide limited postal products and be refilled with limited total postage amounts, and that access to the machines be strictly controlled. These restrictions are a substantial obstacle which contribute to the difficulty of implementing an automated postal transaction system.