1. Technical Field
Embodiments of the present invention generally relate to secure financial transactions initiated from an electronic device and, more particularly, to the ability to use the phone function (e.g., of a mobile handset) to feed data back to a Trusted Integrity Manager as part of a Mobile Embedded Payment program in the financial industry to authenticate users (e.g., a consumer).
2. Related Art
In direct (face-to-face) or online financial transactions customers may search for and purchase products and/or services from a merchant. In the case of online shopping, transactions are conducted through electronic communications with online merchants over electronic networks. A variety of electronic devices and various electronic techniques may be used to conduct such electronic transactions. Methods of initiating or making financial transactions from an electronic device include, for example, SMS (Short Message Service), radio frequency identification (RFID) or near field communication (NFC) at a point-of-sale (POS), and mobile Internet-based payments, by which customers search for and purchase products and services through electronic communications with online merchants over electronic networks such as the Internet. Such electronic transactions may be conducted via wireless communication, also referred to as “over-the-air” (OTA) communication—which may include ordinary (e.g., longer distance) radio frequency (RF) communication; mid-range communication such as Wi-Fi or Bluetooth; or short-range RFID or NFC, for communication over a distance that is typically less than about 4 inches). Such transactions may be conducted, for example, with a cell phone using the cell phone's normal RF communication or using NFC if the cell phone is NFC-enabled. Other mobile devices, in addition to cell phones, that may provide OTA communication for facilitating such transactions may include, for example, radio frequency-enabled credit and debit cards, key fobs, mobile Internet devices, consumer electronics (not limited to, but as an example, a contactless and proximity enabled personal computer or laptop) and contactless and proximity enabled personal digital assistants (PDA).
When registering a mobile device or conducting a financial transaction via any kind of consumer electronic device (CED), security is generally an issue in that data transferred wirelessly may typically include credit card and financial instrument information such as a user name, account number, a PIN, and a password, for example, that are susceptible to theft or malicious attack. In addition, a number of parties may be involved in the transaction including, for example, a customer or user, a merchant, a mobile network operator (MNO), a service provider (SP), a trusted service manager (TSM), a mobile phone manufacturer, an integrated chip (IC) manufacturer, and application (software) developers. Another central issue with consumer electronic devices—such as a personal computer (PC), a laptop, mobile phone, NFC enabled mobile device, for example, or other CEDs—is the need for cooperation between the many involved parties, in addition to financial institutions, to meet the needs of the customer via a secure over-the-air link.