1. Field of the Invention
This invention relates to a credit card system and method, and more particularly, to a credit card system and method offering reduced potential of credit card number misuse.
2. Related Art
The development of retail electronic commerce has been relatively slow in spite of the perceived demand for such trade. The single greatest deterrent to the expansion of retail electronic commerce is the potential for fraud. This potential for fraud has been a major concern for the credit card companies and financial institutions as well as the customers and the providers of the goods and services.
The former are concerned about fraud because essentially the financial institutions have to bear the initial cost of the fraud. Additionally, the credit card companies have an efficient credit card system which is working well for face to face transactions, i.e., xe2x80x9ccard presentxe2x80x9d transactions where the credit card is physically presented to a trader and the trader can obtain the credit card number, compare signatures and in many cases photographs before accepting a particular credit card.
The latter are equally concerned about fraud being well aware that ultimately the user must pay for the fraud. However, there are particular personal concerns for the consumer in that the fraudulent use of the credit card by misuse of the credit card number by a third party may not become apparent for some time. This can happen even if the card is still in his or her possession. Further, when fraud does occur the consumer has the task of persuading the credit card provider that fraud by another did indeed occur.
There is also the additional fear of being overcharged on a credit card. There are thus particular risks for those credit card holders who have relatively high spending limits, in that if fraud should occur, it may be some considerable time before it is detected. One particular form of fraud referred to as xe2x80x9cskimmingxe2x80x9d is particularly difficult to control. What happens is that the card holder proffers his or her card at an establishment to make a transaction, the relevant information is electronically and/or physically copied from the card and the card is subsequently reproduced. This can be a particular problem with travelers particularly during an extensive period of travel as the fraudulent card may turn up in other places and it may be some considerable time before the fraud is detected.
For remote credit card use, the credit card holder has to provide details of name, master credit card number, expiration date and address and often many other pieces of information for verification; the storing and updating of the information is expensive but necessary. This of itself is a considerable security risk as anybody will appreciate that this information could be used to fraudulently charge goods and services to the card holder""s credit card account. Such fraudulent use is not limited to those people to whom the credit card information has been given legitimately, but extends to anybody who can illegitimately obtain such details. A major problem in relation to this form of fraud is that the credit card may still be in the possession of the legitimate holder as these fraudulent transactions are taking place. This is often referred to as xe2x80x9ccompromised numbersxe2x80x9d fraud. Indeed all this fraud needs is one dishonest staff member, for example in a shop, hotel or restaurant, to record the credit card number. It is thus not the same as card theft.
The current approaches to the limiting of credit card fraud are dependent on the theft of a card being reported and elaborate verification systems whereby altered patterns of use initiate some enquiry from the credit card company. Many users of credit cards have no doubt received telephone calls, when their use of the card has been exceptional, or otherwise unusual in the eyes of the organization providing the verification services.
Thus, there have been many developments in an effort to overcome this fundamental problem of fraud, both in the general area of fraud for ordinary use of credit cards and for the particular problems associated with such remote use.
One of the developments is the provision of smart cards which are credit card devices containing embedded electronic circuitry that can either store information or perform computations. Generally speaking they contribute to credit card security systems by using some encryption system. A typical example of such a smart card is disclosed in U.S. Pat. No. 5,317,636 (Vizcaino).
Another one of the developments is the Secure Electronic Transaction (SET) protocol which represents the collaboration between many leading computer companies and the credit card industry which is particularly related to electronic transmission of credit card details and in particular via the Internet. It provides a detailed protocol for encryption of credit card details and verification of participants in an electronic transaction.
Another method that is particularly directed to the Internet is described in U.S. Pat. No. 5,715,314 (Payne et al.). U.S. Pat. No. 5,715,314 discloses using an access message that comprises a product identifier and an access message authenticator based on a cryptographic key. A buyer computer sends a payment message that identifies a particular product to a payment computer. The payment computer is programmed to receive the payment message, to create the access message, and to send the access message to a merchant computer. Because the access message is tied to a particular product and a particular merchant computer, the access message can not be generated until the user sends the payment message to the payment computer. Because the access message is different from existing credit card formats, the access message is ill-suited for phone/mail orders and other traditional credit card transactions.
There are then specific electronic transaction systems such as xe2x80x9cCyber Cash,xe2x80x9d xe2x80x9cCheck Freexe2x80x9d and xe2x80x9cFirst Virtual.xe2x80x9d Unfortunately, there are perceived problems with what has been proposed to date. Firstly, any form of reliance on encryption is a challenge to those who will then try to break it. The manner in which access has been gained to extremely sensitive information in Government premises would make anyone wary of any reliance on an encryption system. Secondly, a further problem is that some of the most secure forms of encryption system are not widely available due to government and other security requirements. Limiting the electronic trading systems and security systems for use to the Internet is of relatively little use. While electronic commerce is perceived to be an area of high risk, in practice to date it is not.
Additionally, various approaches have been taken to make xe2x80x9ccard presentxe2x80x9d transaction more attractive. For instance, Japanese Patent Publication No. Hei 6-282556 discloses a one time credit card settlement system for use by, e.g., teenage children of credit card holders. This system employs a credit card which can be used only once in which various information such as specific personal information, use conditions, and an approved credit limit identical to those of the original credit card are recorded on a data recording element and displayed on the face of the card. The one-time credit card contains the same member number, expiration date, card company code, and the like as on existing credit card, as well as one-time credit card expiration date not exceeding the expiration date of credit card, available credit limit for the card, and the like. The one-time credit card makes use of some of the same settlement means as the conventional credit card. However, the system also requires use permission information to be recorded on the credit card, the information permitting the credit card to be used only once or making it impossible to use the credit card when the credit limit has been exceeded. A special card terminal device checks the information taken from the card for correctness and imparts use permission information for when the card is not permitted to be used on the transmission to the credit card issuing company. The use permission information takes the form of a punched hole on the card itself. This system has obvious drawbacks, such as the card terminal having to be modified for additional functions (e.g., punching holes, detected punched holes, imparting additional information, etc.). Also, such a system offers little additional security insofar as fraud can still be practiced perhaps by covering the holes or otherwise replacing the permission use information on the credit card. Further, such a system would require a change in nearly all card terminal equipment if it were adopted.
U.S. Pat. Nos. 5,627,355 and 5,478,994 (Rahman et al.) disclose another type of system that uses a plurality of pin numbers which are added to a credit card number on an electronic display. U.S. Pat. No. 5,627,355 discloses a credit card having a memory element containing a series of passwords in a predetermined sequence. These passwords are identical to another sequence stored in a memory of a host control computer. Further, the card contains a first fixed field containing an account number (e.g., xe2x80x9c444 222 333xe2x80x9d). In operation, the memory element of the credit card device provides a unique password from the sequence with each use of the credit card device. This permits verification by comparing the account number and the password provided with each use of the device with the account number and the next number in sequence as indicated by the host computer. The host computer deactivates the password after the transaction. Among the drawbacks with this type of system is the need for a power supply, a display, a memory device, a sound generator and the need to recycle a limited sequence of pin numbers. Such a system is not readily adapted to current credit card transactions because it lacks the ability of providing a check sum of the card number and cannot be read by a standard card reader. Also, if the card is lost or stolen, there is little to prevent a person from using the card until it is reported to be lost or stolen by the correct holder. See, also, U.S. Pat. No. 5,606,614 (Brady et al.).
Other attempts have been made to make funds available to an individual, but with limitations. For example, U.S. Pat. No. 5,350,906 (Brody et al.) and U.S. Pat. No. 5,326,960 (Tannenbaum et al.) disclose issuing temporary PINs for one time or limited time and limited credit access to an account at an ATM. These patents disclose a currency transfer system and method for an ATM network. In this system, a main account holder (i.e., the sponsor) sets up a subaccount that can be accessed by a non-subscriber by presenting a fixed limit card associated with the subaccount and by entering a password corresponding to the subaccount. Once the fixed limit is reached, the card can no longer be used. The fixed limit card contains information on its magnetic stripe pertaining to the sponsor account.
One of the problems with all these systems is that there are many competing technologies and therefore there is a multiplicity of incompatible formats which will be a deterrent to both traders and consumers. Similarly, many of these systems require modifications of the technology used at the point of sale, which will require considerable investment and further limit the uptake of the systems.
Many solutions have been proposed to the problem of security of credit card transactions. However, none of them allow the use of existing credit cards and existing credit card formats and terminal equipment. Ideally, as realized by the present inventors, the solution would be to obtain the functionality of a credit card, while never in fact revealing the master credit card number. Unfortunately, the only way to ensure that master credit card numbers cannot be used fraudulently is to never transmit the master credit card number by any direct route, i.e. phone, mail, Internet or even to print out the master credit card number during the transaction, such as is commonly the case at present.
According to exemplary embodiments, the present invention is directed towards improving the existing credit card system by providing a more secure way of using existing credit cards and in particular to providing an improved way of using existing credit cards in remote credit card transactions. The present invention is further directed towards providing a more secure way of using existing credit cards generally which will not require any major modifications to existing credit card systems. It is further directed towards providing an improved credit card system that will be more user friendly and will provide customers with a greater confidence in the security of the system.
Further the invention is directed towards providing an improved credit card system, in one embodiment, that will not necessarily require the use of expensive and potentially fallible encryption systems. The present invention is also directed towards providing an improved credit card system which will enable a user to obtain the functionality of a credit card while never revealing the master credit card number.
Further the invention is directed towards overcoming as far as possible the incidence of skimming and compromise numbers frauds.
These and other objects of the present invention are satisfied by a first exemplary embodiment, which pertains to a credit card technique involving: maintaining a pool of credit card numbers which share identical formatting; assigning at least one credit card number from the pool of credit card numbers to be a master credit card number; assigning at least one credit card number from the pool of credit card numbers to be a limited-use credit card number which is deactivated upon a use-triggered condition subsequent; and associating the master credit card number with the limited-use credit card number, while ensuring that the master credit card number cannot be discovered on the basis of the limited-use credit card number.
The technique further comprises: receiving notification that the limited-use credit card number has been used in a credit card transaction; determining whether a limited-use event has occurred based on the notification, and if so, generating a deactivation command; and deactivating the limited-use credit card if a limited-use event has occurred, based on the deactivation command which is generated upon a use-triggered condition subsequent. In one embodiment, the limited-use event is satisfied when the limited-use credit card is used only once. In another embodiment, the limited-use event is satisfied when the limited-use credit card is used to accrue charges which are greater than a prescribed monetary amount, which are greater than a prescribed frequency of use, and/or a combination of use frequency, individual transaction amount and total amount.
In one embodiment of the invention, the additional limited-use credit card numbers are allocated automatically as soon as the credit card holder uses more than a preset amount of limited-use credit card numbers. The advantage of this is that the master credit card holder does not have to request the credit card numbers each time they are required.
In another embodiment, a technique for performing a credit card transaction based on one of a master credit card number and a limited-use credit card number is provided, wherein the limited-use credit card number is randomly chosen with respect to the master credit card number, but the limited-use credit card number includes identical formatting to the master credit card number and is associated with the master credit card number. The technique comprises: entering a transaction on the basis of the master credit card number or the limited-use credit card number to generate a transaction message; and receiving the transaction message and processing the transaction. The step of processing the transaction includes: authorizing or denying the transaction; determining whether to deactivate the limited-use credit card number when the limited-use credit card number was used to perform the transaction, and generating a deactivation command in response thereto, wherein the determining step determines whether to deactivate the limited-use credit card number based on whether a limited-use event pertaining to the use of the limited-use credit card number has occurred, and if so, generates the deactivation command when the limited-use event has occurred; and deactivating the limited-use credit card number based on the deactivation command.
One advantage of the above-described techniques is that the credit card holder obtains the functionality of a credit card without ever in fact revealing the master credit card number in the course of a transaction. More specifically, according to a preferred embodiment, there is no mathematical relationship between the limited-use credit card number and the master credit card number. This is attributed to the fact that the numbers are randomly selected from a queue of available limited-use credit card numbers based upon the requests and/or needs of different customers. It is thus virtually impossible to predict which customers are looking for numbers at any time or how they will be allocated.
Further, the technique can use a limited-use credit card number, and hence the possibility of compromised numbers credit card fraud may be eliminated or at least greatly reduced. Additionally, in one embodiment of the credit card technique, a preset credit limit, etc. is allocated. Irrespective of how the trader behaves (for example, by fraudulently overcharging or providing additional goods) the total risk to the credit card holder is directly related to the preset credit limit, and thereby can be minimized.