Purchases are often made using an electronic device called a Point Of Sale (POS) terminal. The POS terminal is typically coupled to a financial institution via an electronic communication link. A customer in a store may, for example, present a debit card, credit card, cash card or smart card to the store's cashier for payment. Consider an example of a transaction with a smart card. The customer presents the smart card to the cashier of the store. The cashier pushes the smart card into a smart card reader port on the POS terminal and the POS terminal reads an account number stored in the smart card. The customer then, for identification purposes, typically enters a Personal Identification Number (PIN) into a keypad device coupled to the POS terminal. The customer may also enter other identification information. The customer may, for example, provide a signature on a signature capture device coupled to the POS terminal.
The POS terminal then uses an encryption key stored in the POS terminal to encrypt the account number (from the smart card), the identification number (for example, the PIN number), and other information about the transaction such as the amount of the transaction and the date of the transaction. The encrypted information is sent from the POS terminal to the financial institution via a modem or other electronic communication link.
The financial institution receives the encrypted information and uses an encryption key to decrypt the information and recover the account number, identification information, and information about the transaction. In the case where the transaction is a debit transaction, the bank account of the customer is debited. A confirmation of the transaction is then encrypted using the encryption key and the encrypted confirmation is communicated from the financial institution back to the POS terminal. The POS terminal uses the encryption key stored in the POS terminal to decrypt the confirmation. Typically, the confirmation is printed out as part of a transaction receipt and a copy of the receipt is provided to the customer.
Accordingly, it is seen that sensitive financial and identification information is entered into and passes through the POS terminal. Encryption keys are typically stored in the POS terminal so that the POS terminal can communicate with the financial institution in a secure manner. Moreover, as the POS terminal is used, information about customers is stored in and/or passes through the POS terminal. Such information may include bank account and credit card numbers of customers and their associated PIN numbers. If, for example, a thief were to learn of the bank account number of a customer and the account's associated PIN number, then the thief may be able to use the information to steal money from the customer and/or to make unauthorized purchases by masquerading as the customer. It is therefore important for POS terminals to have security features that prevent thieves from obtaining this sensitive information from POS terminals. Various techniques and circuits have been employed to prevent such security breaches. Unfortunately, rings of thieves are now using ever more sophisticated and advanced electronics techniques to foil the security measures built into POS terminals. Techniques for making POS terminals more secure are desired.