Payment cards such as credit cards and debit cards are very widely used for all forms of financial transaction. The use of payment cards has evolved significantly with technological developments over recent years. Many payments are made at retail locations, typically with a physical payment card interacting with a point of sale (POS) terminal to support a transaction authorization. These payment cards may interact with a POS by swiping through a magnetic stripe reader, or for a “chip card” or “smart card” by direct contact with a smart card reader (under standard ISO/IEC 7816) or by contactless interaction through local short range wireless communication (under standard ISO/IEC 14443).
Greater understanding and better measurement of user behaviour has allowed for more sophisticated fraud detection in payment device transactions. A further development has been for users to determine their own allowed or predicted behaviour, thus setting boundaries on the use of group cards or a single card guaranteed by a party other than the user, and allowing for stronger fraud detection when activity has been outside a user-set boundary. This can be achieved, for example, with the proprietor's “In Control” solution—a card issuer provides a web site or mobile app using “In Control” that enables a user to set a variety of different limits and permissions for cards under that user's control.
This approach is very useful to allow effective use of group cards or cards for which an owner has delegated limited authority to a purchaser—the owner can set purchase limits or other constraints on behaviour, and a transaction will only be authorised by an issuer if these limits or constraints are met. There are however many situations in which a more flexible solution would be desirable. The purchaser may operate within the allowed limits but still make purchasing decisions that the owner would not choose to approve, or the purchaser may wish to make purchases that the owner would readily approve but be unable to do so until the owner takes steps to modify existing limits and constraints. It would be desirable to handle delegated purchasing responsibility of this type in a more flexible way.