Theft or unauthorized use of credit or bank cards and forgery are significant problems. To combat forgery, card issuers have put, for example, holograms or other designs on the faces of the cards, which are difficult to forge. To combat theft or use by persons who are not authorized, most bank cards, for example, require use of a "PIN" or "personal identification number" which the user maintains separate from the card. Each card has associated therewith information, either in a magnetic strip or other storage arrangement which may be laminated on the card or in a central database, which may be used to check the PIN when the card is used. When the user wishes to use the card, he or she has to provide the PIN, which is checked against the information and a transaction is authorized if they conform. This arrangement, however, requires the user to remember the PIN, or maintain it separately from the card itself.
Other arrangements have also been proposed. In one particular arrangement, information is stored on the card which may be read by a magnetic reader, from which an image may be displayed representing personal indicia of the authorized user. The clerk may visually observe the user and the image and if they compare favorably may perform the transaction.
In any case, if information is maintained on the card, it is typically encrypted to ensure that an unauthorized person cannot store substitute information which might allow him or her to use the card. The information may be encrypted using a "private key-public key" encryption mechanism, in which the information is encrypted using a key that is known only by the card issuer, but may be used or decrypted using a key that may be publicly known. In that situation, the card reader where the information is used, either in determining the information conforms to the PIN or to generate the image, may have the public key information to facilitate decryption. However, since the encryption key, which is used to encrypt the information for storage on the card, is known only by the card issuer, only the card issuer may store valid information on the card. If an unauthorized user stores information on a card, unless he or she knows the private encryption key, or in the unlikely event that he or she correctly guesses the private encryption key, the information will likely not decrypt properly, in which case the clerk can refuse to perform the transaction.