The present invention relates in general to portable proximity consumer devices used in wireless payment transactions, and in particular to various embodiments of portable proximity consumer devices, such as credit and debit contactless smart cards, that use secured account numbers for wireless financial transactions.
Generally, portable proximity consumer devices such as contactless smart cards are designed to provide the consumer with a way to engage in purchase transactions by wirelessly connecting the portable proximity consumer devices directly with the merchant's point of sales device, for instance using radio frequency (RF) or infrared (IR) signals. For example, contactless smart cards allow a consumer to store and transmit financial data and other personal data to a merchant device which uses it to effect a payment during a purchase transaction.
Because portable proximity consumer devices operate without requiring direct connection to the accepting device, portable proximity consumer devices are expected to gain popularity over other types of devices that require physical contact and/or physical connections to communicate with other devices and systems. Illustratively, contactless smart cards may be used to replace regular credit cards, as they need not be in contact with a transaction terminal to be operated. Regular credit cards having magnetic stripes and contact smart cards must come in contact with a reader.
Portable proximity consumer devices may wirelessly exchange data with a proximity device reader from a distance, as long as the user is in wireless range of the proximity device reader. Unfortunately, due to the wireless nature of the portable proximity consumer devices, it is possible that proximity device reader may be used for surreptitious interrogation of the portable proximity consumer device by intercepting the portable proximity electronic device's communications. In addition, it is conceivable that a proximity accepting device may be developed or modified to enhance its power and sensitivity and thereby increase its ability to interrogate with and intercept signals from the portable proximity consumer devices from a greater distance than specified in standards used for portable proximity consumer devices.
Theft of sensitive information using wireless interrogation or interception of communications from portable proximity consumer devices is a major concern for consumers and businesses alike. Unfortunately, given the sophistication of the wireless interrogation equipment and the nature of wireless signals, it is easy for wireless interrogation to occur at virtually any time and place. Once the victim of the wireless interrogation discovers that they had sensitive information stolen, it is often too late to discover where the theft took place. The victim must then deal with the consequences and hassle of correcting the unauthorized access and possible uses of the information.
In response to such risk, many payment service providers have instigated safeguards for protecting purchases from fraudulent attacks, for example, by employing encryption technologies to encrypt the primary account number and other data associated with account transactions. Encryption generally involves encrypting transaction data on one end of a transmission with a key, and then regenerating the original transaction data by decrypting the encrypted data received with the same key on the other end of the transmission. While encryption technologies have proven to be highly effective in preventing information theft, implementing or upgrading to the latest encryption technology often requires upgrades by the end user's of payment processing systems. Due to the cost, time, and risk of potential business interruption (e.g., loss of sales), many merchants, for example, resist making necessary upgrades to their procedures and systems to implement such safeguards. Therefore, such safeguards have had limited success as they are generally expensive to implement, can be overcome, and have not been fully accepted by the credit card industry, merchants, payment processors, etc.
Therefore, what is needed is a cost effective device and method that integrates easily with exiting payment processing systems and prevents an unauthorized user from using data wirelessly interrogated or intercepted from a portable proximity consumer devices.