There is a need for more secure data transfer when paying for goods and services using payment cards such as debit, credit, and stored value cards.
In a typical payment transaction, a user may use a credit card to purchase an item at a merchant. The user may swipe his credit card through a POS (point of sale) terminal, and the POS terminal may generate an authorization request message including the account number, expiration date, and card verification value (CVV) associated with the credit card. The authorization request message may pass to the issuer of the credit card, and the issuer may approve or deny the request to authorize the transaction.
If information such as the account number, expiration date, and card verification value is obtained by an unauthorized person, the unauthorized person could potentially purchase goods and services using the obtained information. Such information could theoretically be intercepted by the unauthorized person during a transaction (e.g., as the account information passes from the merchant to the payment processing network) or it could be surreptitiously obtained from the card while it is with the authorized user.
There is a need for improved data security systems. Embodiments of the invention address these and other problems, individually and collectively.