1. Field of the Invention
The present invention relates to a payment card, and more particularly to payment cards with internally generated virtual personal account numbers that are visible to a user so as to enable Internet purchases, and that have an internally writeable magnetic data stripe which is machine-readable by point-of-sale legacy card readers.
2. Description of Related Art
Credit card and debit card use have become ubiquitous throughout the world. Originally, credit cards simply carried embossed numbers that were pressed against a carbon copy bank draft in a mechanical card-swiping machine. Merchants simply accepted any card presented, but then fraud became widespread. The used carbons could even be gathered from trashcans to glean account numbers for unauthorized transactions.
Imposing spending limits and issuing printed lists of lost/stolen cards proved ineffective in preventing fraud and other financial losses. So merchants were subsequently required to telephone a transaction authorization center to get pre-approval of a transaction.
These pre-approvals were initially required only for purchases above a certain limit, but as time went on the amounts needing authorization dropped lower and lower. The volume of telephone traffic grew too great, and customers were too impatient to wait for such calls to be completed.
Automated authorization systems appeared everywhere that allowed faster, easier, and verified transactions by using the magnetic stripes on the backs of the cards. The card readers and computers used very much improved speed and accuracy. They also allowed near real-time control of fraudulent card usage. But detecting and reacting appropriately to fraud remained a problem.
Several of the elements which are embossed and magnetically recorded on MasterCard, Visa, and other typical payment cards are there to uniquely identify the account holder. A standardized personal account number (PAN) comprises four fields, e.g., a system number, a bank number, a user account number, and a check digit. Typically, 16-digits in all, in which 7-digits are dedicated and essentially fixed from the perspective of the issuing bank. An expiration date is associated with the PAN and comprises a month and year code, e.g., four more digits, but with limited range. The account holder's name or business usually appears on the face of the card in the embossing and is magnetically recorded on the back.
In order to reduce fraud, a 3-digit card verification code (CVC) has been introduced that appears only as a printed number, e.g., on the signature area on the back of the card. The CVC is not embossed nor magnetically recorded on the card, and many systems cannot report the CVC during a transaction request authorization. The CVC is used with “credit” transactions rather than “ATM” transactions to verify the user is really holding the issued card and not a copy. It's sort of a visual personal identification number (PIN) that is spoken on the phone or written in an Internet order. The traditional PIN for ATM-type transactions is 4-digits and keyed into a machine.
There are two major types of transactions, “online” with the Internet, and “offline” with point-of-sale (POS) use of the card. Offline transactions involve magnetic card readers and always use the full 16-digit PAN and the 4-digit expiration date. Online transactions require the user to read the embossed PAN and expiration date digits, and sometimes also the CVC number.
A principal way to stop the fraudulent use of a stolen or compromised account number has been to simply cancel the old account number and issue a new one with a new expiration date. So the issuing banks put in place a mechanism to invalidate old account numbers and to issue new numbers to existing users. But getting the new card could sometimes take weeks, and the delay would greatly inconvenience the user and cause a lull in spending.
American Express introduced a service called “Private Payments,” and Orbiscom (New York) has “Controlled Payment Numbers”. Such allow cardholders to shop online without having to transmit their actual card details over the Internet. Discover Desktop and Citibank (New York) have similar products referred to as a “Virtual Account Numbers,” that generates substitute credit card numbers for secure online purchasing. Such allows credit card holders to get a virtual account number online that can be used only once. The virtual number generator is either downloaded to the user's computer or accessed online. The user returns to the website for another new virtual number for subsequent transactions. Neither the merchant nor a card-number skimmer can use the number after its first use. So seeing or having the virtual account number will do them no good if the user has already completed the intended transaction. The user is thus protected from fraudulent transactions because the virtual number is moved to an exclusion list. This also prevents an authorized merchant from automatically initiating future charges that a user may not have really agreed to nor been aware of.
A limitation with the Virtual Account Numbers is it requires the use of the Internet or at least a personal computer to get each new number, and the transactions must be online. POS use with magnetic card readers still obtain the real account number and continue to be subject to fraud.