Currently, commercial credit card transactions and similar electronic financial transactions are handled in a manner that provides only a minimum level of security wvith respect to protection of the owner of the credit card. In most retail operations, there are two methods of receiving approval of credit card sales: (1) the magnetic card reader method, and (2) the keypad entry method. Generally, approvals for credit card payments will be obtained on most transactions by sliding a credit card through a magnetic card reader. In some instances the magnetic stripe on the reverse side of the credit card cannot be read by the card reader, and it is necessary to enter the account number of the card holder through the keypad using the keypad method. For all authorized transactions, a sales slip must be imprinted with the customer's credit card and fully completed with detailed transaction information. Typically, a printer is connected to the terminal and the terminal is programmed for printing receipts such that the customer automatically receives a sales receipt.
With respect to security, the only possible way to authenticate the credit card owner is by the visual comparison of the signature on the sales draft to the signature on the back of the credit card. This comparison is restrictive and of limited value since it relies entirely on the training and competence of the sales clerk. The signature can easily be forged, thereby completely circumventing the system and allowing the possibility of fraud to occur which is common place.
Another security problem with current credit card processing relates to printed receipts that consumers obtain. Currently, printed receipts have consumers' signatures and credit card numbers on them. This receipt or carbons of the receipt can easily fall into the hands of someone who can use this information to make unauthorized purchases. As is evident, existing credit card processing has virtually no security for protecting credit card owners from unauthorized uses if credit cards are lost or stolen.
In recent years, the use of personal memory cards, also commonly known as "Smart Cards", has increased for financial transactions and other personal information uses. For example, personal memory cards have been used for managing financial transactions, and for storing personal information such as medical information, insurance information, etc. Memory cards are based on microprocessor technology and typically have a memory structure that includes both an EPROM type memory in which data can only be written and never erased or updated, and an EEPROM type memory in which data can be erased and updated. One type of memory card known as the Memory Chip Operating System (MCOS) card includes sufficient memory for a single application, such as a debit card account at a particular bank. MCOS cards typically have a memory size on the order of 2K to 3K bytes.
Another type of memory card available in the industry is known as the Multi-application Payment Card Operating System (MPCOS) card. MPCOS cards have the important advantage over MCOS cards of having an operating system that is dedicated to multiple electronic payment or other information applications. For example, an MPCOS card could contain information that would allow a user to use the card in connection with a bank payment system as well as credit card transactions for credit cards such as Master Card, Visa, American Express, etc. MPCOS cards are certainly not limited to two applications, but can include additional applications depending on the memory size available.
For security purposes, existing MCOS cards and MPCOS cards and other handheld cards typically use personal identification numbers (PIN) or passwords as the means to initiate or gain access to the card or the application being protected. Thus, a user must enter a unique PIN or password in order to access the stored information and commence a transaction. Although the use of PINs certainly provides an added measure of security over manual signature verification for credit card transactions as discussed above, the use of PINs or passwords to protect card owners is certainly not foolproof. For example, if a user keeps his or her PIN number written down in a purse or wallet in which the memory card is kept, a thief could gain easy access to the information stored in the memory card in this instance. Additionally, it is generally known among unscrupulous people that methods have been developed for lifting PIN numbers directly from memory cards.
Particularly as electronic financial transactions continue in growth, there is an ever-increasing need for strengthened security measures to adequately protect users of memory cards. With such increased security, users would then feel comfortable using memory cards for a wider range of applications, including multiple credit card accounts and bank accounts as swell as other personal financial or medical information. In this regard, memory cards could be used as all purpose financial and informational cards with the appropriate level of security, which has heretofore been unavailable for this type of application.