Conventional payment card infrastructures rely on a number of integrated elements. These infrastructure elements include personalized payment cards provided to consumers by various card issuers (e.g., Chase®, Bank of America®, and Citibank®) pursuant to rules established by card brands (e.g., VISA®, MasterCard® and American Express®). The card brands set rules for issuing cards, acceptance of cards and compliance with their rules. The card brands also set substantial fees for each payment card transaction. The infrastructure elements further include merchant point of sale systems, gateway processors, and acquirers. The merchant point of sale systems are used to process financial transactions initiated by consumers. The gateway processors can collect electronic payment data from the merchants and interact with acquirers for authorization and settlement. The acquirers can act on behalf of card issuers to authorize transactions and fund settlement monies to merchant accounts.
The Payment Card Industry Security Standards Council (PCI) sets general rules for protection of card data, and specific compliance requirements for merchants and gateway processors. The card data can include personalization information commonly displayed and/or recorded on a personalized payment card such as the card holder's name, account number (e.g., payment account data or Primary Account Number), expiration dates and card verification values (CVVs). This personalization information is both sensitive to the card holder and often targeted for theft for use in fraudulent transactions. As such, strict PCI rules require careful handling of personalization information displayed on, or stored on, payment cards.)
The PCI security requirements can be difficult and costly for merchants and gateway processors to meet. Further, the interchange/transaction fees charged by card brands can be relatively high and can therefore handicap merchants with low profit margins. In addition, true card authentication security is generally lacking from these conventional systems. As a result, risk and liability for transactions remains high and provides the basis for the high interchange/transaction fees charged by the card brands. As such, an improved system for meeting the requirements of PCI while reducing interchange/transaction fees is needed.