This disclosure relates in general to secure Internet transactions using an open loop debit card network and, but not by way of limitation, to enrollment and authentication of Automatic Teller Machine (ATM) cardholders or debit card cardholders for Internet transactions amongst other things. In this context, electronic funds transfer (EFT) networks refer to financial networks that primarily process ATM and point-of-sale transactions that require PIN entry for authentication, as opposed to networks that primarily require signatures for cardholder authentication. EFT networks are additionally known for their single message, guaranteed-funds transaction processing architecture.
The development of the Internet and Internet shopping in particular has led to increased developments in Internet security and secure transactions in eCommerce. Most Internet transactions are completed using credit cards, signature debit cards or other payment schemes such as PayPal or Google Checkout. Due to the high cost of introducing PIN-protecting hardware or software, ATM/Debit card payments that require PIN entry have been limited on the Internet. Security experts have advised against allowing PIN entry on PCs due to the risk of fraudsters capturing this information. Fraudsters may then use the transaction card and PIN information to create fraudulent plastic cards to obtain cash at an ATM, thus draining the victims' checking or savings accounts. Moreover, for at least these reasons, ANSI standards do not permit PIN entry for Internet transactions. EFT networks do allow ATM/Debit cardholders to make card payments—without entering the associated PIN—to companies that cardholders already have relationships with and who perform the authentication—such as utilities, which mitigates the risk of fraud. Debit card network transactions are typically authenticated, often using a PIN, which is validated at a financial institution.
Due to the spread of eCommerce and the desire to incorporate more security and transaction efficiencies, there is a general need for a technical solution to handle ATM/Debit card transactions over an EFT network with greater transaction security.