Payment cards containing an electronic circuit capable of performing cryptographic calculations are in widespread use by the payment industry. Payment cards which contain an electronic circuit that communicates with a POS terminal through contacts on the surface of the card typically conform to the international payment card standard EMV. Proximity payment cards and devices also use electronic circuits that have cryptographic capabilities and communicate by wireless radio frequency signals with a proximity reading device included in a POS terminal. Accordingly, proximity payment cards and other proximity payment devices are based on RFID ICs (radio frequency identification integrated circuits). A well known standard for proximity payment cards has been promulgated by MasterCard International Incorporated, the assignee hereof, and is referred to as “PayPass”.
According to EMV, PayPass and similar standards for electronic payment devices, the cardholder's payment device may hold a counter that keeps a running count of the number of times the payment device has been presented to a POS terminal to undertake a payment transaction. This counter, included and described in both EMV and PayPass standards, is sometimes known as the Application Transaction Counter or “ATC”.
In order to prevent certain kinds of card fraud, the value of the ATC is used as an input to cryptographic calculations performed by the cardholder's payment device. A result of the cryptographic calculations is communicated to the authorization server of the issuer financial institution as part of the transaction process. The financial institution, with knowledge of the cryptographic keys held by the electronic payment device, can verify that the transaction has been generated by a particular payment device. This process also allows for detection of transactions that have already been submitted.
To obviate minor discrepancies between the counts maintained in the payment device and the authorization server, the payment device may, as part of the transaction, transmit to the POS terminal the current ATC value stored in the device. At least a portion of the ATC from the payment device may be passed to the authorization server as part of the authorization request from the POS terminal and used, together with the server's transaction count, to recreate the cryptographic calculation performed in the payment device.
In some situations, only low-order digits of the ATC are sent to the authorization server as part of the transaction; accordingly, the authorization server may be required to have an accurate record of the higher-order digits of the current ATC as held by the payment device. However, there may be situations in which the authorization server lacks data that reflects the high-order digits of the ATC as stored in the payment device. For example, authorization processing may be shifted from one transaction processing system to another (e.g., when an existing population of cardholder accounts is acquired by one issuer from another) but it may be infeasible or undesirable for the transaction count synchronization information to be transferred to the new authorization server.