As methods and devices for engaging in financial transactions have increased, old problems such as fraud and counterfeiting persist.
One of the primary sources of fraud, which is prevalent in the credit card industry, is skimming. Skimming refers to the electronic copying of a card's electronically stored data to create counterfeit cards. Once the counterfeit card is made, there is potential that it can be used with impunity for as long as the user or the issuing entity does not realize or report that the transaction card's information has been compromised. This problem is particularly prevalent in card-not-present transactions, such as online purchases and transactions where a counterfeiter need not be identified by a photo-ID that matches the information imprinted or stored on the transaction card or other portable consumer device.
To combat such counterfeiting or other unauthorized use for online or other traditional card-not-present transactions, some issuing entities have started issuing contact and contactless card verification tokens, also referred to as verification tokens, to be used in conjunction with a user's computer. The card verification token can verify that the user performing the transaction is in physical possession of the transaction card. This stops potential fraud in which the fraudster has only obtained the information and not the transaction card itself. However, even the use of a verification tokens can allow various forms of fraud.
One such potential method of fraud is for counterfeiters or fraudsters to manufacture their own version of the card reader devices or verification tokens that are physically and operationally similar to the authorized versions so as not to raise the suspicions of end users. The fraudster can then distribute these fraudulent card reader devices or verification tokens to users that are configured to skim user data from the transaction cards whenever it is used in a transaction and have that data sent to a site or server operated by the counterfeiter. As such, there is a need to verify card reader devices or verification tokens are authorized devices manufactured by a trusted source and not a fraudulent skimming device made and distributed by a counterfeiter or fraudster.
Embodiments of the invention are directed to addressing these and other issues.