Field of the Invention
The present disclosure relates to exchanging sensitive information over a distributed network.
Description of the Related Art
The rise in popularity of the Internet has resulted in an increase in the exchange of sensitive information over distributed networks. Despite issues with security, more and more businesses are opting to conduct business online due to the ease of conducting business by presenting a universal digital presence that can be accessed at any time from any location by any user over the Internet. For example, users prefer to do their shopping online due to the convenience, availability, and ease of use.
When conducting business online, users often need to provide sensitive information. Sensitive information can include debit or credit card account numbers and verification codes, for example, but could also include medical history, test results, or any other information a user might desire to keep private. As more and more business is conducted over the Internet, it is becoming increasingly evident that sensitive information has to be secured to avoid identity theft in order to attract the users and to retain the current user base.
Sensitive financial information represents an important subset of all sensitive information exchanged online. For example, to assist in securing the personal and financial data of users, the Payment Card Industry (PCI) has defined a set of Data Security Standards (DSS) that any business that conducts electronic commerce and collects payment card information need to comply with in order to protect the identity of the consumers and keep the payment card information secure. While protecting payment card information, the PCI DSS, in particular, puts a burden on merchants. For example, merchants collecting the payment card information are subjected to frequent PCI audits to ensure that the payment card collection service engaged by these merchants are DSS compliant and are not exposing the user information to unwanted external elements. Identity theft is becoming a major issue for merchants and users alike.
The majority of businesses conducting business online do not have in-house expertise or resources to satisfy security standards, such as the PCI DSS requirements. Although these businesses acknowledge the ease of use of the web or mobile applications, they do not want to deal with the complexities that arise with accepting and maintaining secure user interfaces and networks. Further, most businesses want to focus on growing by retaining their current customer base and driving towards acquiring new customers. For example, a medical care organization, such as a hospital or managed care organization, may want to be able to communicate with patients through a website without having to maintain its own specialized personnel and infrastructure necessary to maintaining security of patient medical information. A need exists for improved methods and systems for exchanging sensitive information over distributed networks.