There is a need for more secure data transfer when paying for goods and services using payment cards such as debit and credit cards.
In a typical payment transaction, a user may use a credit card to purchase an item at a merchant or enter his account information into a payment page of a merchant's website. The merchant then generates an authorization request message using a POS (point of sale) terminal when the user is present at the merchant location. Alternatively, for an online transaction, the merchant website may generate an authorization request message for card-not-present (CNP) transactions. In either instance, the authorization request message is passed to the issuer of the credit card, and the issuer may approve or deny the request to authorize the transaction.
There are a variety of methods by which fraudsters attempt to obtain account information of users for conducting fraudulent transactions. To address this problem, there is a need for making electronic payment transactions partially dependent on devices that are known to be in the possession of the user (account holder) of the credit or debit card.
Embodiments of the invention address these and other problems, individually and collectively.