The present invention relates to systems that allow debit cards, credit cards, Direct Check/ACH and other financial transaction instruments to be used in networked purchasing environments between a merchant, customer, and a third party processor. The third party processor acts as an intermediary or clearinghouse for transactions.
Debit cards such as those typically provided by financial institutions such as banks or credit unions require the card to be encoded or the system to be encoded to recognize the card/Personal Identification Number (PIN) combination. When used at an ATM or point of sale terminal, the system contacts the financial institution or a representative thereof with the user's account number and PIN number. The account is checked to determine whether sufficient funds exist for the purchase or cash request. The system records the parameters of the transaction to make the updates to the accounts such that the funds are transferred between parties of the transaction.
Prior art systems utilize various data encryption methods to secure the transmission of the customer's debit card/account number, customer's PIN number, the merchant's ID or code, to the various banking and transaction clearing systems that are checked at the point of sale such that an approval number is received by the merchant indicating that the transaction has been approved. The point-of-sale system or a separate card reader is used to connect directly to the clearing system.
While this type of transaction allows a user to directly pay for purchases at the point of sale, it allows the potential for an unscrupulous merchant, or a party intercepting communications to have access to the user's account number and PIN number.
In an e-commerce environment, the user accesses a merchants web site, indicates the items to be purchased and is requested to supply some means to pay for the items during the checkout process. The user typically enters the credit card number and the expiration date of the card to secure the credit transaction and shipping preferences. The merchant receives this information and generates a request that is transmitted to a credit clearing system that requests approval for the purchase and transfers back an approval code to the merchant. The merchant may at this point indicates to the customer that the purchase was successful and supplies an approval page to the customer.
Since the transaction occurs over the Internet, users have concerns over the privacy and security of the information entered. These privacy and security issues limit the amount of customers that use these forms of commerce at this time. Businesses have been trying to generate more robust security mechanisms to calm nervous customers, but these system still require the customer to provide the complete billing information to the merchant to complete the sale. Robust encryption processes help to reduce the customer's anxiety to some extent.
While credit cards are commonly used in point-of sale and on-line transactions, the merchant is charged a variable fee for the transaction by the credit authorization system based on the risk of the purchase. A higher rate for example, may be charged where the user is not at the point of sale, but is instead making the purchase at a remote location via a computer. The potential for fraud may be increased when the customer is not visible. Since the credit card company has power to act against unscrupulous merchants and to protect the consumer against fraud by merchants, customers are less concerned about the credit transaction that they would be regarding a debit transaction.
In contrast to credit purchases, there are no intermediaries to protect a customer when a debit transaction occurs. Debit transactions in contrast cause direct modifications to the clients bank account or financial assets held in a financial institution. The customer is vulnerable to direct funds transfer and withdrawal activity if someone performs these types of transactions without the customer's knowledge.
What is desired therefore is a system for allowing a customer to purchase items where the customer is not required to give the PIN number of the debit card to a merchant during an on-line purchase. It is another object of the present invention that the merchant or any party intercepting a communication between the customer and merchant, never has access to the customer's PIN number throughout the transaction. It is a further object of the present invention that all the information required to complete a transaction never exists in one transmission on the public network.
It is an object of the invention to provide a system where a third party trusted verification system is contacted during the purchase process by the merchant to request the processing of a customer's debit transaction where the merchant only knows the card number (or a portion of it). The trusted verification system separately receives the PIN number from the customer and processes the transaction with the credit/debit processing system. The functionality performed by the trusted verification system may be performed by the debit card organization/bank directly.