Techniques for transmitting data securely, and in particular techniques for transmitting payment authorisation data, are becoming increasingly important as cash is used less and less as a means to pay for goods and services.
Conventional techniques include those based on the EMV (Europay, Mastercard, VISA) smartcard system (called “Chip and PIN” in the UK) use a smartcard with a secret personal identification number (PIN) code stored in a microchip embedded on the card. When the card is used it is placed in a merchant terminal and a user enters a PIN. The PIN is then sent by the terminal to the embedded microchip on the card and if the PIN entered by the user matches that stored on the microchip, the microchip returns a “PIN ok” message to the terminal and the transaction is authorised.
In another conventional technique, so-called “contactless payment” is enabled by providing a user's payment smartcard with a radio frequency identification (RFID) tag. To authorise a payment, the user passes their smartcard over an RFID reader on the merchant terminal. The RFID reader detects payment authorisation information present in the RFID tag and if this information is verified, payment is authorised.
Conventional techniques, such as those described above, whilst providing an improvement in security over payment methods authorised only by a user's signature or by information stored on a magnetic strip are still potentially vulnerable to various attacks. In a simple example, if a third party discovers a user's secret PIN and then steals their card, they can potentially make fraudulent payments until the card is cancelled. In another example, the authorisation information stored on the RFID tag of a user's smartcard could be acquired by an unauthorised third party by passing a suitably adapted reader over the user's card. In more sophisticated examples, so-called “man-in-the-middle” attacks can be used in which security data exchanged between the smartcard and the merchant's terminal is intercepted by a third party who then attempts to use this intercepted data to authorise fraudulent payments or perform some other fraudulent activity.
Whilst it is possible to put in place security measures to further reduce the likelihood of smartcard payment systems and other authorisation data transmission systems being compromised, such measures are likely to increase the complexity of the payment system and reduce the convenience for users and merchants. It is therefore desirable to provide a method for securely transmitting authorisation data, such as payment data, with an increased resilience to fraudulent attacks but that is still convenient to use.