Credit cards, debit cards store cards and gift cards are examples of cards that are used for financial transactions throughout the world. Further, other types of cards such as passes, tags and small booklets (which may be referred to collectively as transaction documents) are used for various financial and non-financial transactions. For example, some jurisdictions require proof of age cards for transactions such as purchasing alcohol or entering into age restricted venues. Other examples of proof of age, or proof of identity, documents include driver licenses which are sometimes used for authentication in respect of transactions. In some countries, passports and/or other similar identification documents are issued in the form of a card, or a small booklet, and can be used for transactions where identification is required including, travel across borders or establishing a bank account.
Many transaction documents have a magnetic stripe, which can be encoded with information such as a unique identification number, expiry dates or other numerical or alphanumerical information. Other types of transaction documents include contactless stored value smart cards, for example, closed loop transport cards, such as Myki in Melbourne, Australia, and the Octopus Card in Hong Kong.
Transaction documents may include a chip, smart chip, or smart card chip (in this specification, such chips or devices and other similar types of microcircuit will be referred to generally as Digital Transaction Processing Units, or DTPUs). DTPUs typically include one or more of a Central Processing Unit (CPU), Read Only Memory (ROM), Random Access Memory (RAM), Electrically Erasable Programmable Read Only Memory (EEPROM), a crypto-coprocessor and an Input/Output (I/O) system. For example, credit cards often use an EMV device (where EMV is an abbreviation for Europay, MasterCard, and Visa). The EMV device (or other type of DTPU) contains encrypted data relevant to the type of transaction(s) for which the document will be used. The EMV device may be read by a scanner (for example, using contactless, close proximity communications according to ISO/IEC 14443 which is referred to as Near Field Communication (NFC throughout the specification)), by direct contact with chip connected electrodes, or by other means to obtain data from the chip. Such transaction documents enabled for use in digital transactions by means of a chip, a magnetic stripe, a chip and magnetic stripe, or Radio-Frequency IDentification (RFID) are referred to throughout this specification as digital transaction documents.
Digital transaction documents are configured to work with various components in a digital transaction system including terminals. For example, credit and debit cards work with EFTPOS (Electronic Funds Transfer at Point Of Sale) terminals for Point Of Sale (POS) transactions, and ATM (Automatic Teller Machine) terminals. Other digital transaction documents are configured to work with other types of terminals. Such terminals may be operably connected to financial institutions or other third party organizations to enable digital transactions to occur by authorizing the transaction or performing associated processing to enable the transaction.
In another example, identification cards, such as a proof of age cards, are implemented with a chip (or DTPU) containing some, or all, of the information of the card owner, along with verification information to confirm the authenticity of the card. Identification cards may be used in a digital transaction, whereby it is inserted into, swiped, or waived near, a terminal to confirm the age of the person holding the card. Other non-financial transactions can be implemented in a similar manner.
Terminals used for transactions with digital transaction documents are referred to throughout this specification as digital transaction system devices. For “Card-Present” transactions, the digital transaction system devices may include, for example, POS/EFTPOS terminals, ATMs, and network connected or stand-alone readers for reading other types of non-financial transaction documents. The digital transaction devices may also be suitable for “Card-Not-Present” transactions, for example, online transactions, Mail Order/Telephone Order (MOTO) transactions, and may include internet connected personal computers, smartphones, and tablets. Further, digital transaction system devices include telephones used to communicate with an operator who uses, for example, a network connected terminal to enter transaction document data.
Digital transaction documents have a unique IDentification (unique ID), typically having a number, an alphanumeric ID, or a unique name. The unique ID may be located on, or in, the digital transaction document, for example, printed or embossed on the document. The unique ID is also typically recorded on a database, controlled, for example, by the issuer of the digital transaction document, and accompanied by other information, such as name, address, age, and/or financial information relevant to the user/owner of the digital transaction document. Where a digital transaction document has a chip, an EMV device or other type of DTPU, the unique ID is typically stored on the chip, EMV device or DTPU, respectively.
Credit cards are typically embossed or printed with a Personal/Primary Account Number (PAN) to uniquely identify the account card holder. A standardized PAN has four fields, namely, a system number, a bank/product number, a user account number, and a check digit. This type of PAN typically has 16 digits, but may have between 13 and 19 digits (for example, an American Express PAN has 17 digits). The first digit is the card issuer type (for example, Visa, MasterCard or American Express), and the next 5 to 7 digits is generally referred to as a Bank Identification Number (BIN) and represents the card network, the bank and the product for this bank. The last digit is reserved for a checksum of the previous digits of the PAN. An expiration date is associated with the PAN and generally includes a month and year code having four digits, but with limited range. The card holder's PAN, name or business, and the card's expiry date typically appear embossed or printed on the face of a card. Previously, some types of credit card had a magnetic stripe encoding some or all of the card information.
More recently, financial transaction cards have carried a Card Verification Value (CVV) or Card Verification Code (CVC) on the magnetic stripe to make it more difficult to replicate a card for fraudulent purposes. The CVC is usually a unique cryptogram, created based on the card data, for example, including the card PAN and expiry date, and a bank's (or a personalization bureau's) master key, and printed on the card after personalization data is entered on the card. As a consequence, a person seeking to use a card for fraudulent purposes requires possession of the card for a sufficient period of time to make a copy of the magnetic stripe in order to duplicate the card, or to read the card and manually record the card number, expiry date, and other details printed on the card.
The same principle was subsequently adopted for a second CVC, sometimes called Card Verification Value 2 (CVV2), which is commonly printed in the signature panel on the back of the card. The CVV2 is used primarily to help secure e-Commerce and MOTO transactions. This is a second unique cryptogram created from card data and the bank's master key (although this is a different cryptogram as compared with the magnetic stripe CVC). The CVV2 is not present on the magnetic stripe.
Some credit cards also have an associated Personal Identification Number (PIN) code, which is primarily used for “Card-Present” transactions. The PIN must generally be kept confidential, and must be entered on secure and certified terminals to make sure that no-one can gain access to the PIN. Further, in modern credit cards, the PIN can be stored on the chip (for example, an EMV device) in an encrypted form within a cryptogram block.
There are two main classifications of transactions for which credit cards are used including: “Card-Not-Present” transactions, when using the Internet or MOTO; and “Card-Present” transactions, such as used with POS/EFTPOS and ATM terminals. Card-Present transactions involve EMV device readers (including physical contact readers using electrode pins on a card and contactless reading using, for example, Near Field Communications (NFC)) and/or magnetic stripe readers. These transactions generally use the full 13 to 19 digit PAN and the 4-digit expiration date. Card-Not-Present transactions generally require the user to read out to an operator, or enter into a computer, the PAN and expiration date digits. In some instances, the CVC/CVV2 number is also required.
Other types of digital transaction documents may use various forms of security, such as PINs, passwords, and the like. However, some other types of digital transaction documents do not use such external security, and rely only upon the authenticity of the document itself, for example, using holograms and other security devices that are difficult to copy. Further, some types of non-credit card digital transaction documents may use chips for security, including chips similar to EMV devices.
Cards (or other digital transaction documents) may have data stolen, for example, using a Radio Frequency (RF) signal to power the card's EMV internal microprocessor and related transmitter. Generally, the card data, such as the PAN, expiration date and cardholders name are transferred to a wireless terminal. The terminal can be a portable or stationary wireless terminal, and once near a card, uses the RF signal to energize the card to firstly, extract the card data and copy some to a memory storage device, or to online storage, such as, the cloud, and secondly, use a portable terminal in close proximity to the card to extract monies as a contactless payment (for example, a PayWave and/or tap payment, such transactions being referred to by traders as tap-and-pay or tap-and-go), in accordance with a level of transaction that does not require any authorization. Subsequently, stolen card data can be uploaded to a duplicate “fake card” or used in online transactions to make fraudulent purchases. Yet another method used to steal card data for fraudulent use involves hacking into computer databases that store card data. This data is then used for transactions, and a card owner may only become aware of this when they see a statement detailing the transactions made with their card, or card data.
Other ways card data is stolen include phishing scams where the card holder is tricked into entering a security code along with other card details via a fraudulent website. Phishing therefore reduces the effectiveness of security codes as an anti-fraud means. However, merchants who do not use security codes are typically subjected to higher card processing costs for transactions, and fraudulent transactions without security codes are more likely to be resolved in favor of the cardholder, which increases costs for merchants. Yet other ways that security of transactions may be compromised is by skimming and man-in-the-middle attacks.
With the emergence of e-Commerce, an increasing number of transactions are Card-Not-Present type transactions. However, this type of transaction is subject to an increasing number of attacks from fraudsters including attacks that have resulted in increased verification that has caused a “failure positive” result where the card holder is legitimate but the transaction is rejected.
Several solutions have been developed to address this growing fraud, including use of virtual account numbers, authentication of cardholders separately from the transaction, and use of a hardware token to authenticate the user. Another proposed solution comprises an institution, such as a bank sending a code to the user, typically by SMS to the user's smartphone, which can then be used to authenticate a Card-Not-Present transaction. This arrangement is generally referred to as an Out-Of-Band (OOB) message which unfortunately has been recently hacked. In any event, many of these solutions require expensive infrastructure changes, which merchants prefer to avoid and may only provide protection for a limited time until the arrangement is hacked.
With the increasing number of Card-Not-Present transactions, a suggested means of conducting such transactions is the electronic wallet (e-wallet), also known as a digital wallet. An e-wallet provides users with a means to pay for purchases from enabled on-line merchants. Upon registration, a user can store their card, billing and shipping information on a site hosted by a suitable document, such as a bank, and can access that information to pay for goods or services. However, e-wallets on an NFC enabled device, such as a smartphone, do not operate in a large percentage of Card-Present transactions, for example, POS/EFTPOS or ATM transactions since these network transaction devices generally do not support contactless payments and amongst the presently available contactless payment arrangements, different back end processes and merchant agreements are involved. As a result, the establishment and use of e-wallets has experienced limited commercial success and whilst they remain available to consumers, only approximately 10% of consumers have elected to install an e-wallet although the take-up rate by consumers is now starting to drop.
A user may prefer to have, and to carry around with them, many of their available credit cards, debit cards, store cards, government agency cards and loyalty cards since they prefer to physically hold and control the possession of those cards. Further, a user may require an identity card, driver's license, age verification card or passport. Carrying around a large number of individual digital transaction documents can be very inconvenient. Moreover, the person, having so many physical transaction documents, may become confused regarding the location of a particular digital transaction document, for example, a particular credit card, among all the other digital transaction documents.
An alternative solution to e-wallets that addresses the problem of users carrying a large number of credit or debit cards has been developed, wherein a credit card sized device has a keyboard (or touch pad arranged as a simplified keyboard) and a small limited function Graphical User Interface (GUI), which are used to select one card amongst a number of cards stored on the device, and to enter data for various transactions. However, the keyboards are of limited functionality due to their limited number of keys in the relatively small space available on the card (being the area of an average credit card). The keyboards are also considered difficult to use because of their small size, and as a result a large number of keystrokes may be required to effect any particular function. Further, the keyboard on a credit card is not a solution for other types of digital transaction document such as those documents used for proof of identity or proof of age. Other attempted solutions include products, such as Plastc, Coin, Final, and Wocket. However, the Plastc solution has some operational limitations, and the Wocket solution requires a specific Wocket device. None of these solutions has gained wide commercial acceptance. Moreover, it has been found that cards including a keyboard have an unacceptably high failure rate when given to customers in view of the repeated, perhaps daily, usage. It is suggested that the high failure rate may be, at least in part, due to the complications of having the keyboard on a card, which has limited space for such a complex electronic device.
Another problem with attempting to accommodate multiple credit cards, debit cards or other digital transaction documents on a single card are the limitations caused by the use of proprietary or standardized chips. Such chips or DTPUs are configured to securely store information for one digital transaction document only. For example, a credit card chip, such as an EMVCo standard chip, securely holds information typically including the credit card PAN, the expiry date, a security code (such as the CCV2 number), and a PIN. Transaction devices, such as POS/EFTPOS terminals, securely communicate with the DTPU to obtain some, or all, of the information from the DTPU for a transaction to be authorized and verified. Many DTPUs are also configured to resist attempts to write to the DTPUs secure record memory (which may also be referred to as a secure element, or part of a secure element), as many such attempts are made by those seeking to use the card fraudulently. It will be understood that a secure element may comprise secure memory and an execution environment, and is a dynamic environment in which application code and application data can be securely stored and administered. Further, it will be understood that, in a secure element, secure execution of the application can occur. A secure element may be located in a highly secure crypto chip (otherwise known as a smart card chip). The security of the DTPU may also prevent legitimately introducing one or more new digital transaction documents (including PANs, tokens expiry dates, PINs and other data attributes of those documents) into the secure record memory (secure element) of the DTPU so that the DTPU cannot take on another document's personality (a term which is used herein to describe a digital transaction document (or logical digital transaction document) and its attributes).
Accordingly, it has been difficult to instigate use of single physical cards having multiple personalities (multiple credit and/or debit cards expressed or expressible on a single physical card), given the change in infrastructure required, including modified DTPUs (such as the EMVCo device), modified digital transaction devices (for example, modified POS/EFTPOS terminals), along with any other modification required in other parts of the credit/debit card payment infrastructure. Apart from the technical problems, Card Association Scheme providers such as Visa and MasterCard have various additional requirements including the presence of a hologram and logo of the Card Association Scheme on the physical card.
In this regard, it is desirable to provide a single EMV (or EMV type device), or other type of DTPU, on a Digital Transaction Card (DTC), for example, a credit card sized card, which is able to selectively assume the personality of a number of different digital transaction documents (or logical digital transaction documents). For example, a user may seek to use MasterCard account for one transaction, but to a use Visa account for a different transaction. Alternatively, a user may seek to use the DTC as a credit card, but to subsequently use it as an age identity card.
However, to-date, there has not been a sufficiently effective, efficient, and/or secure means and/or method for adapting a DTPU (such as an EMVCo specified device) to embody different personalities as compared with the personality of the DTPU that was initially installed.
Another problem with present digital transaction documents is the ability to obtain data from a credit card or other transaction document. Although devices such as EMV devices have been introduced in an attempt to limit data theft, such arrangements have not proved to be entirely successful in preventing this type of crime. Increasing credit card fraud may incur cost for a bank, a merchant, a user, or all three parties. Further, identity theft is an increasing concern for users since a stolen identity can be used to commit fraudulent financial transactions, and other types of crime.
For some digital transaction documents, such as credit cards, tokens are sometimes used to enhance security for transactions. For credit cards, tokens are typically numbers that are the same length as the credit card's PAN, and are substituted for the PAN in a transaction. The token should not be feasibly decryptable to obtain the original PAN by a person seeking to use the credit card fraudulently, and so that person is unable to mimic the credit card, and unable to use the credit cards PAN and a card holder's other personal details for on-line transactions. Accordingly, if using a credit card in a high risk, low security environment, tokens are a means of protecting sensitive data. The security of the token is based primarily on the infeasibility of determining the original PAN (or other data) whilst knowing only the surrogate token value. Tokenization may be used instead of, or in conjunction with, other encryption techniques in transactions with digital transaction documents.
A token (or digital token) may be generated by a third party, such as a credit card issuer, a financial institution, or a security provider for the credit card. Tokens are also used for securing other non-financial transactions, such as those involving drivers' licenses. The token may be generated as a cryptogram using inputs from a selection of, for example, the credit card's PAN (or some other unique ID of a digital transaction document), and/or the card's expiry date. The token for a transaction may be selected from a number of tokens in a pool based on the ID of the merchant or the terminal where the transaction is occurring, the date of the transaction, the time of the transaction, or various other criteria. De-tokenization to retrieve the original PAN typically occurs during the processing of a transaction, and is usually performed by the credit card issuer, financial institution, or security provider who issued the token.
Usually, tokens are generated during the process of creating and issuing a credit card to its owner/user. Each card may have one or more associated tokens. Where a card has multiple tokens, each token can be selectively used for different transactions or different transaction types.
Tokens have a number of problems, including not being selectable by the user to allow the user control over security and how tokens are used. For example, a user may seek to be able to select tokens for certain transactions or transaction types. Another problem is that the same token may need to be used for a number of different transactions, thus limiting the security afforded by the token. This is especially the case for a digital transaction document such as a credit card. Even if a digital transaction document has a number of associated tokens, those tokens will need to be reused or reissued after a number of transactions. It is difficult to issue new tokens, for example, to a credit card, since the infrastructure for issuing new tokens has been developed to issue those new tokens at a time of creation and issuance of a new credit card.
One way to prevent fraudulent use of a stolen or compromised credit card or other types of transaction document is to simply cancel the document, including cancelation of that document's unique identifier (for example, cancelling the account number of a credit card), and issue a new document with a new expiration date. Providers of the document may have a mechanism to invalidate old documents (for example, invalidating old account numbers), and to issue new numbers to existing users. However, it can sometimes take a substantial amount of time to deliver a new document (for example, delivering a credit card through the mail), and the delay greatly inconveniences the user. In the instance of a credit card, the issuance of a new card causes a temporary cessation of the user's ability to maintain payments by auto debit from credit accounts.
Further, document owners generally prefer instant or near instant (“real time”) feedback of information regarding use of their card for financial transactions or other types of transaction, such as use of a card or other such documents for identification, traveling and other purposes. Card owners may also prefer real time feedback regarding account balances and other information related to their card, or other digital transaction documents. Further, owners of cards and other digital transaction documents may prefer the ability to block usage of a document in real time, or with minimal delay. This may be useful if the owner becomes aware of, or suspects, fraudulent transaction(s) with the use of one or more of their digital transaction document(s).
Presently, banks only communicate via the predefined user interface which usually comprises a numerical keypad when a credit/debit card is inserted into a bank approved ATM or a bank approved card reader or reader/writer. The infrastructure currently in operation prevents any interaction with the EMV chip outside of the approved external keypad.
Single-Factor Authentication (SFA) is based on a single category of identifying credential. The most common SFA method is the user name and password combination. The security of SFA relies to some extent upon the diligence of users. Best practices for SFA include selecting strong passwords and refraining from automatic or social logins.
Two-Factor Authentication (2FA) is a security process in which a user provides two means of identification from separate categories of credentials; one is typically a physical token, such as a card, and the other is typically something memorized, such as a security code. In this context, the two factors involved are sometimes referred to as “something you have” and “something you know”. A common example of two-factor authentication is a credit card: the card itself is the physical item and the PIN is the data that goes with it. Including those two elements makes it more difficult for someone to access a user's bank account, for example, since they would need the physical item in their possession and also know the PIN.
Multi-Factor Authentication (MFA) involves two or more independent credentials for more secure transactions. Some have suggested that MFA is rated the same as 2FA for security.
The current financial tokenization and cryptograms used in financial transactions have place-marks for Three-Factor Authentication (3FA), which typically involve possession of a physical credit card, a PIN used in conjunction with biometric data, such as fingerprint scanning or a voice print or some other biometric data. However, credit cards currently in use have no way of providing biometric information. Further, most smartphones used in an e-wallet (NFC) RFID transaction are unable to provide secure biometric data in a format that is defined in an established and open standard.
Presently there is no universally-accepted technical and legal standard for the interoperability of systems and consumer biometric data protection. In other words, there is currently a lack of established open standards that define the requirement for any biometric data for use in respect of with financial transactions.
One solution suggests “replacing” PINs with biometric authentication. One example is the Zwipe MasterCard. However, this approach does not increase security from 2FA to 3FA by adding biometric authentication as a factor.
Another proposed solution for RFID (NFC) transactions only is ApplePay. ApplePay has been developed for IPhones that have a biometric reader on the smartphone. ApplePay adds biometric data to the cryptogram for an enhanced level of security within a financial transaction.
Most previously proposed solutions apply to magnetic stripe cards and require changes to POS/EFTPOS terminals and ATM (verified on terminal from an image stored in a bank) to implement the proposed solution. However, changes to infrastructure are expensive as the change must be applied to a large number of digital transaction devices, such as POS/EFTPOS terminals and ATMs. Any proposal to change infrastructure is therefore undesirable.
It is an object of the present invention to overcome, or at least ameliorate, at least one of the above-mentioned problems in the prior art, and/or provide at least a useful alternative to prior art devices, systems and/or methods.