The expression “payment card” is used to designate any bank card with a delayed or immediate debit, any credit card, etc., issued by a bank or a specialised establishment.
The safety of deals made with payment cards is today based on two points: the checking of the signature genuineness as written by the buyer on the invoice, a handwritten or electronic signature, and the checking of the card validity by questioning the establishment who issued the card in order to obtain permission to accept this card.
This double checking is always made by the supplier when he can physically have the payment card. Checking the handwritten or electronic signature is easy, the same applying to the prior authorisation request. There are also card-reading payment terminals that are adapted to execute automatically such checking.
The buyer types on the keyboard of such terminal the secret code for his card, also called PIN code (Personal Identification Number). The electronic circuits then compare the secret code typed by the buyer with the code registered on the card in a cryptic manner and they validate the current deal if they coincide. Also, starting from the data read on the card, the terminal is able to question through a telecommunication network, a management server for payment cards who confirms that the card is valid and not imposed with interdiction. This checking as to the card validity may be made on line by calling the server at the time of the deal, or off line through the regular downloading of lists of forbidden cards (black lists) and/or true card lists (white lists). It should be noted that the use of cards with electronic circuits enables a direct checking of the card genuineness.
Consulting the management servers to find out the status of a payment card and the use of a secret code known only by the card owner considerably reduce the possibility of frauds.
It is not however so when the buyer and the seller are distant one from the other and it is then no more possible to use, to check the card, a payment terminal that reads cards.
As, in order to execute a deal when the buyer and the seller are away from each other, for example when buying by mail, or if a booking is made by phone, or when a deal is executed on the Web, the seller only asks for the card number and the validity date of the buyer's payment card.
Communicating this information alone is sufficient to validate an invoice that the supplier then sends to his bank for payment.
The simplicity of the present mechanism for payment by card for deals executed away is the source of many frauds, as any person knowing the number of a payment card and its validity date may use this information in an illegal manner to buy goods or services and this, as long as the actual card owner is not aware of the misuse caused to him and does not stop payments at the card issuing institution. Also, such system allows improper refusals by dishonest buyers who refuse to have their account debited under the false excuse that the deals were executed unknown to them. This is particularly true for electronic deals executed over Internet, as on such an open communication network, it is rather easy to collect information there exchanged. Such lack of safety is today a strong brake for the Internet trading.
Many tries have been made to eliminate this inconvenience and make the distant deals safer, especially the electronic deals.
Among such tries, there should be mentioned the SET type systems that consist in coding the information exchanged on Internet. With such systems, the bank card numbers are no more openly communicated, and cannot therefore be intercepted. The implementation of such systems is however impaired by the availability for most people of means specifically provided for the safety of deals, such as card readers for computers, coding means in computers or in readers, and standardising the protocols selected by various operators. Also, if numbers can no more be directly intercepted during the communication between the buyer and the Web site, they may still be intercepted on the Web site where the card numbers are stored in a clear manner and they may be intercepted on the computer of the person from spying resident programmes adapted to record information typed by the person on his keyboard.
Another way consists in using a temporary payment card or one with a limited use. Such a card is generally made by the financial institution of the buyer, on his request. This card, the life of which is generally limited for one deal or a given sum of money, is mainly using the same ISO formats as the buyer's main payment card (Visa, Mastercard, etc.)
This solution thus requires the transmission to the buyers, in a secure way, of temporary card numbers. The solution that is generally chosen by the banks consists in using coded SSDL-type connections between the computers of the buyers and the bank servers. This method still has fraud risks, as the methods developed by the cheaters on Internet are more and more performing.
The purpose of this invention is therefore to offer an alternative for transmitting in a confidential way to users the identification data of temporary cards, such as numbers and validity dates, an alternative that should be together safe and easy to operate.