Payment cards such as credit or debit cards are ubiquitous. For decades, such cards have included a magnetic stripe on which the relevant account number is stored. More recently, payment cards have been introduced which include integrated circuit (“IC”) chips and memory. These chip payment cards can communicate with point of transaction devices via contact or contactless technology. Merchants around the world have point of sale terminals and card readers that allow payment card holders to easily purchase goods or services using their payment cards.
When a payment cardholder uses his or her physical payment card at a merchant location, the payment transaction is referred to as a “card present” transaction. Card present transactions are generally considered to have less likelihood of fraud or charge back risk because the full payment card details can be read by the merchant point of sale terminal during the transaction. For example, a point of sale terminal can read the “track 1” and “track 2” magnetic stripe data from a card. Chip card terminals can read (or receive wirelessly) similar detailed data from the chips in chip payment cards. This information serves to increase confidence that the cardholder is legitimate, the payment was intended, and that the card was valid. Also, in many situations, the cardholder is required to sign or confirm acceptance of the transaction before the transaction is completed.
Unfortunately, card present transactions have not been available for purchases made over the Internet. Instead, Internet transactions involving payment cards are considered to be “card not present” transactions. In a typical on-line purchase transaction, a cardholder interacts with a merchant Website and selects one or more products to purchase. The order details are commonly placed in an online “shopping cart”. When the cardholder is ready to complete the transaction, he or she selects a payment mechanism (e.g., he or she may choose to pay with a Visa® payment card, a MasterCard® payment card, an American Express® payment card, or some other payment means). The cardholder then enters their name, billing address, payment card number, and, in some situations, a control value printed on the face of the payment card (sometimes referred to as a “Card Verification Value or CVV”, a “Card Verification Code or CVC”, etc.). The cardholder then clicks “submit” and the payment information is forwarded to the payment card issuer (or issuer agent) for authorization processing. If the transaction is authorized, the goods are shipped and the transaction is complete.
Such “card not present” transactions involve a number of different risks. First, from the cardholder's perspective, there is a risk that the merchant inappropriately stores or uses the cardholder's payment card information (e.g., to defraud the customer, or to inadvertently allow the payment card information to be stolen or misused). On the Internet, it is difficult for consumers to know the reputation of the merchant they are transacting with.
Further, merchants are frequently exposed to high charge back risks. It is relatively easy for a cardholder to dispute online transactions and cause a charge back or return. Charge backs hurt merchants in lost sales, as well as higher interchange rates with their issuer or issuer processor. Further, high charge back rates can cause a merchant to lose their merchant account and their ability to accept payment cards.
It would be desirable to provide an ability to conduct “card present” types of transactions in online commerce.