Various systems have been proposed for preventing fraud in connection with transactions employing the use of a card, such as a credit card. These systems typically rely on the use of a password which is known only to the user. It is difficult to allow these systems to operate at a large variety of locations, however, because each location must be connected to a central database for matching the information on the card with the password. For example, in an automatic teller system associated with a bank, the ATM is connected with a central database for verifying the use of the card. In the normal credit card transaction, the merchant verifies the card by a telephone connection with a central station primarily to ascertain whether the card has been reported stolen.
The prior art systems do not lend themselves to a secure system capable of operating with a large number of merchants because of the need to connect directly each of the merchants with a central database for verifying the use of the cards. Further, while an ATM may be assumed to be honest because it is under the secure control of the bank, no such assumption can be made with respect to a merchant. Prior art systems do not protect against a merchant who knowingly allows use of a stolen card.