Mobile communication devices have been gaining in popularity and prevalence in recent years. As mobile communication devices have gained in popularity and familiarity, technology has advanced such that mobile communication devices can now perform many functions that used to be devoted to other systems, including initiating and performing transaction functions. Digital “wallets” or mobile payment applications on mobile communication devices store a user's financial information and allow a user to perform transactions from their mobile communication device. Mobile payment applications are gaining popularity along with mobile communication devices. However, mobile payment applications require the use of sensitive financial and personal information that may be susceptible to theft before, during, and after transactions.
During mobile payment transactions today, a customer chooses, or an issuer or payment processing network provides to the customer, a mobile payment application passcode as a number of digits which is then stored within the mobile payment application. Due to limited capabilities for customers to remember many passcodes, the customer may choose a passcode identical to their automatic teller machine (ATM) personal identification number for their companion credit or debit card. This increases the risk of unauthorized disclosure of the ATM personal identification number. For example, Trojan horses, rogue applications, or other viruses on a portable communication device may sniff a consumer's key strokes during passcode or personal identification number code entry and report the passcode to a third party. As such, important and sensitive passcode and/or personal identification number information pertinent to the security of the consumer's financial accounts may be compromised. Accordingly, there is a need to provide independent passcode generation to separate sensitive information for different payment methods or transactions (e.g. ATM transaction vs. mobile payment application transaction). The use of separate passcodes will ensure that if one passcode is compromised, the other is not.
Another potential security problem that can occur when using a mobile payment system that includes a wireless communication capability is that of protecting the consumer from rogue applications/malware pretending to be the genuine payment application. Rogue applications and malware are designed to trick consumers into giving away their passcode. Mobile communication devices are typically not secure devices and rogue application may easily be installed on the device. Accordingly, there is a need to authenticate an application to a user prior to a user providing sensitive information during a mobile payment transaction using a mobile payment application on a mobile communication device.
Fraudulent transactions are a strain on system resources of payment processing systems as well as the other entities in a mobile payment transaction system. Payment processing networks devote system resources to determining and halting fraudulent transactions before a transaction is completed. Additionally, when a user's sensitive data is stolen by rogue applications or malware and transactions occur using their legitimate account information, the process of determining whether the transaction was fraudulent, who may bear the financial costs of the fraudulent transaction, and the further clearance and settlement required by the system further waste system resources. Accordingly, there is a need to stop fraudulent transactions before a typical transaction is initiated.
Embodiments of the invention address these problems and other problems individually and collectively.