This invention relates to electronic transaction systems including credit cards, debit cards, and the like. More specifically, the invention relates to a multi-application card and associated transaction processing system for providing secure access to multiple card accounts.
Financial institutions and commercial companies issue credit and debit cards to individuals, groups of individuals, associations and businesses. In addition, people carry a variety of other types of cards including frequent flyer cards, video club cards, library cards, insurance cards and a driver""s license. A quick count of the cards in one""s wallet reveals how widespread this proliferation of cards has become. Typically, consumers carry numerous cards and accept the inconvenience of bulging wallets.
Even if the annoyance of carrying multiple cards and finding the right card when needed is ignored, a greater problem remains. By carrying numerous cards, the consumer exposes himself to a greater risk of loss or theft. Canceling and replacing lost or stolen credit cards, debit cards and charge cards can create substantial stress for the cardholder. The source of this stress may reside in remembering the lost cards, finding the appropriate account numbers, informing the card issuers and awaiting the issuance of replacement cards. Unauthorized use of a stolen card before cancellation may further exacerbate the stress a cardholder experiences.
Commercial institutions have developed various techniques aimed at reducing fraudulent transactions. Financial institutions, for example, have implemented a Personal Identification Number (PIN) system. This system requires that consumers enter a PIN into an automatic teller machine (ATM) before proceeding with a transaction. While the PIN system may partially reduce fraudulent purchases for debit cards, the application of this system does not cover the broad area of retail purchases. Many charge cards and credit cards only require the PIN when using an ATM, if at all. This poses a security risk to the cardholder because anyone with a lost or stolen card can charge purchases to the card account.
A more recent solution to the security issue is the smart card. While there are various types, most smart cards include an embedded microprocessor and memory that can store substantial cardholder information. This approach supposedly provides merchants more information when deciding if the consumer is the cardholder. Like the PIN system, smart cards partially address the security issue aimed at reducing fraudulent purchases. However, other security concerns emerge such as (1) information on the smart card could be accessed by an unauthorized user (2) unauthorized users could still make purchases and (3) smart cards do not protect privacy. For example, storing information on the card enables anyone with the ability to display the contents of a card to learn information about the cardholder. Even if the smart card could be used as a multi-application card and addresses the issue of too many cards, the inherent security risks inhibit its widespread implementation.
Therefore, there is a need for a system that substantially reduces the number of cards that a cardholder must carry while increasing the security of card-based transactions.
According to a first aspect of the invention, there is provided a system allowing a single card device to be utilized in accessing a plurality of applications. The system comprises a card processing system, a card reader communicatively coupleable to the card processing system, the card reader being operative to read a data identification number from the single card device and to receive an index number selected by a user of the card device through a data interface. The processing system, in response to receiving the data identification number and the index number from the card reader is operative to identify an account number associated with the data identification number and the index number when the index number is within a first subset of index numbers chosen by an authorized holder of the card device from a domain of potential index numbers. The system is also operative to disable the card device from further use when the index number is within a second subset of index numbers chosen by the authorized holder of the card device from the domain of potential index numbers. The system can also re-enable a disabled card device when the index is within a third subset of index numbers chosen by the authorized holder from the domain of potential index numbers.
According to a further aspect of the invention, there is provided a method allowing a single card device to be utilized in accessing a plurality of applications. The method includes reading a data identification number from the single card device and receiving an index number selected by a user of the card device through a data interface. The method identifies an account number associated with the data identification number and the index number when the index number is within a first subset of index numbers chosen by an authorized holder of the card device from a domain of potential index numbers. The method also disables the card device from further use when the index number is within a second subset of index numbers chosen by the authorized holder of the card device from the domain of potential index numbers and re-enables a disabled card device when the index number is within a third subset of index numbers chosen by the authorized holder from the domain of potential index numbers.
The present invention meets the needs described above in a secure multi-application card system. With this system, consumers experience additional convenience by replacing numerous cards with a single multi-application card. This replacement can result in saving time by eliminating the search for the xe2x80x9crightxe2x80x9d card. Using the multi-application card also reduces the space needed by consumers for card storage. With the invented system, a cardholder can carry a single multi-application card, referred to as a xe2x80x9cSupracard,xe2x80x9d and using a simple index, access and invoke the use of multiple cards issued by multiple issuers and serving multiple purposes. Thus, the cardholder can use multiple credit, debit and other non-encoded, magnetically-encoded, bar-coded and microprocessor based cards without having to carry each individual card.
The present invention also provides secure access to one or more card accounts. By storing the cardholder""s record in a location remote from the multi-application card, the invention removes relevant account information, such as account number and expiration date, from easy access by an unauthorized user. To further increase security, the remote database may not contain personal identification numbers of the stored cards. As a result, potential hackers of the database still may not get information needed to use the cards. The invention also includes a lock feature where the multi-application card may be automatically locked from future transactions in the event of predefined actions. As a further advantage, cardholder may purposefully lock the card to prevent future transactions.
Generally described, the invention includes a multi-application card for providing secure access to multiple cards and accounts. The multi-application card stores a readable identification number that corresponds to the card. The invention also includes a database located remotely from the card. The database correlates the identification number with a record associated with the card. The record contains a list of card types, card numbers and expiry dates in positions relative to their associated indexes. The invention also includes a translator that receives a transaction request, which includes the identification number read from the multi-application card and an index obtained from a source other than the multi-application card. The translator then uses the received identification number to access the corresponding record in the database, and uses the received index to retrieve the corresponding card account number and expiry date. The translator then transmits the card account number and expiry date to the originator of the transaction request.
In view of the foregoing, it will be appreciated that the secure multi-application card system improves over the drawbacks of prior systems. The specific techniques and structures employed by the invention to improve over the drawbacks of the prior systems and accomplish the advantages described above will become apparent from the following detailed description of the embodiments of the invention and the appended drawings and claims.