FIG. 1 illustrates schematically a payment method often used for making payments by payment card, such as a credit or debit card.
The payment card 102 is a smart card having a built-in chip 103, and is presented by a customer at a point of sale. The card is placed in a chip reader 104, which reads the chip and requests that the customer types his/her PIN (personal identification number). The correct PIN is stored on the electronic chip 103 and thus the chip reader 104 is able to immediately verify whether the PIN has been correctly entered. The card details and transaction details are then transmitted to a credit card clearing house (CCCH) 106, for example via a telephone line, and the credit card clearing house settles both the customer's account and the merchant's account, by transferring money from customer's bank 108 to the merchant's bank 110.
One drawback of this method for payment is that by handing over a payment card, which is inserted into the merchant's card reader at the point of sale, the customer risks having personal details such as the payment card number, expiry date, and importantly the PIN, stolen. In particular, there is a risk that the vendor's card reader has been tampered with, allowing the payment card to be cloned, and the PIN copied when entered by the customer. Furthermore, it is often only necessary for a fraudster to obtain the card number in order to make a fraudulent transaction, making even handing over a payment card risky for a customer.
Additionally, where vendors retain card or bank account information, for example for making repeat orders, there is a risk to the customer that this personal information is stolen by fraudsters.