The present invention is directed, in general, to financial authorization systems. More particularly, and not by way of limitation, the present invention is directed to a system and method for providing secure credit or debit transactions across unsecure data networks.
Conventionally, financial transactions such as credit and debit transactions have been performed by swiping the magnetic stripe on a credit or debit card through a magnetic reader, which reads the account number encoded magnetically on the card and transmits the account number over the Internet to an authorization server. With the growth in the number and sophistication of hackers on the Internet, the conventional method has become extremely dangerous. A primary weakness in the conventional method is that the same account number is transmitted time after time. For credit transactions, this is all the information a hacker needs to perform fraudulent transactions.
One proposed prior art solution uses a credit card with an embedded microchip. The card still has a static account number, but during each transaction, the customer presses a small button on the card to activate the microchip. The microchip calculates a new string of additional electronic digits, which are displayed on the card and are added to the static digits of the account number. Thus, a dual-factor account number is created, which changes for each transaction. A hacker who tries to use the digits from a previous purchase will be unsuccessful because the previous dual-factor account number has expired. The customer may also be required to enter a Personal Identification Number (PIN) to guard against a thief using a stolen card.
This solution, however, fails to address several key threats present on the Internet today. For example, an active hacker may intercept and alter the data packet containing the dual-factor account number and PIN sent from the customer to the authentication server, preventing the original packet from arriving at the server. The active hacker may then alter the data contents of the packet or may alter address information, thereby posing as the authorized user. The above solution of adding a new string of additional electronic digits to the user's static account number does not defeat this type of active hacker. Even if the additional electronic digits have a short predetermined life span, the above solution does not defeat this type of active hacker if the hacker can access the server while the new string of additional electronic digits is still valid.
Also, merchant terminals are becoming more like computers. While this provides them with increased capabilities, it also provides opportunities for hackers to download virus programs such as key-logging (Trojan) programs that monitor and report all of the keystrokes on the keypad. Nothing in the prior art solution prevents a hacker from obtaining the customer's PIN with a key-logging program. Alternatively, if the hacker only intercepts the dual-factor account number, he can use a brute-force attack (trying hundreds or thousands of combinations per second) to guess the customer's PIN. PINs are normally only four digits, so they are not very difficult to defeat with a brute force attack. The hacker then has all the information he needs to perform a fraudulent transaction.
The customer may also use the prior art dual-factor credit card to purchase goods or services directly from Internet websites. In another type of active hacking, the hacker intercepts and alters the destination address of the client's data packet to a fake website which simulates the website the user was trying to reach. In an alternative form of this technique, known as phishing, the hacker sends an e-mail to the user posing as his credit card issuer's security department and asks the user to click on a link to verify his account information. The link takes the user to a fraudulent phishing site where the user is asked to enter his account number and his PIN. If the customer enters his dual-factor account number and his PIN, the hacker operating the fishing site then has all the information he needs to perform a fraudulent transaction. The prior art solution does not address this problem.
Currently, there is no known solution for countering all of the above hacker threats. Therefore, a need exists in the art for an improved system and method for providing secure credit and debit transactions, which overcomes the shortcomings of the prior art. The present invention provides such a system and method.