1. Technical Field
The present invention relates generally to financial transactions where payment is made via a credit/debit card, and more specifically, to a method and system for securing card payment transactions using a mobile communication device.
2. Description of the Related Art
Credit and debit card payment systems are under increasing scrutiny as the cost of fraudulent transactions rise. Most card agreements, as well as commercial statutes, provide protection for the card user from unlimited financial loses due to fraudulent use of their card. However, the cost to financial institutions and the inconvenience and possible temporary unavailability of funds to the customer make it necessary to take steps to further secure card payment transactions.
Recent methods that have been employed to further secure card payment transactions include association of a card with a personal identification number (PIN) that is not printed on the card, and/or inclusion of additional verification numbers on the card itself. Such techniques are proof against the misappropriation of card information from copies made by an older carbon-copy type card swipe unit, but not against misappropriation of the card itself or of information entered in an electronic entry system such as an automated teller machine (ATM) or an Internet form page.
Other security methods that have been employed, typically by mail-order/telephone sellers and in some cases Internet sellers, include verification of card user information that is not available on the card at all, such as an address or telephone number associated with the card, or historical information regarding the card owner.
However, even the above techniques are not proof against deeper forms of identity theft that include acquiring knowledge of card user personal information, and with respect to Internet sites, the information used for confirmation is typically also part of the form entry data, and may be additionally present in databases on Internet servers and/or located on a user's machine, e.g., in the form of local cookies. The proliferation of card user data in present systems makes it necessary to provide further protection for both the card user and the financial institution issuing the card.
Still other techniques that have been employed to secure card transactions are the inclusion of photo identification and smart chips in or on the cards. While photo identification provides a much stronger form of protection, not all vendors are able to visually identify the customer, for example mail-order and Internet sales sites. Inclusion of a smart chip is similar to association of a PIN number with the card. Once the card itself is misappropriated, the smart chip is also obtained.
Finally, one-time use cards have been used to prevent the use of a card in one transaction from compromising card user information. Such cards are only usable once, with the consequent disadvantage that the user must obtain a card for each purchase. The one-time use cards limit the flexibility of having a payment card, and generally a card user will still have retain another card for emergency or other uses.
Therefore, it would be desirable to provide a method and system for securing card payment transactions that is not compromised by the misappropriation of the card, PIN or card user information. It would be further desirable to provide such a method and system that operates with a single re-useable card.