A financial transaction system, as used herein, is a system that allows a merchant to use, for example, a mobile device, to accept payment for selling a product, a service, or a rental to a purchaser.
In one example, the financial transaction system includes a mobile device (e.g., a tablet computer, a smartphone, etc.) and a card reader. The card reader is in the form of an accessory and couples to the mobile electronic device (e.g., the card reader couples to the mobile device through the audio jack of the mobile device). In this example, a purchaser uses a financial transaction card (e.g., a credit card, a debit card, a pre-paid gift card, etc.) to purchase the seller's product or service by allowing his/her credit card to be swiped through the card reader. The card reader communicates the card's data to the mobile device, allowing the mobile device to confirm the authenticity of the card and further to initiate authorization of the purchase transaction. In another example, the financial transaction system may include a mobile device that accepts card-less payments from purchasers. In this example, a purchaser may convey his/her credit card information to the seller through a direct or indirect form of wireless communication with the seller's mobile device. A person of any skill in this space would easily be aware of countless other mechanisms that allow similar financial transactions to proceed in the context of such “mobile” payments.
While such mobile payment opportunities offer convenience and ease of use to both the seller and the purchaser, there are scenarios that may present new security concerns. For example, as part of the transaction flow, the purchaser may sometimes be required to enter a PIN code as an additional layer of security. Such PIN codes are required, for example, in debit card-based purchases and even in some credit card-based (e.g., Europay, MasterCard, Visa (EMV) card-based) purchases. In such scenarios, the financial transaction system needs to protect the PIN from being discovered by, for example, malware or other phishing events.
The figures depict various embodiments of the present invention for purposes of illustration only. One skilled in the art will readily recognize from the following discussion that alternative embodiments of the structures and the methods illustrated herein may be employed without departing from the principles of the disclosure described herein.