Use of credit cards, debit cards, and similar payment instruments has become the universally preferred means for consumer purchases of goods and services. At least one current construct for effecting consumer purchases across a financial institution credit network is the limitation of having to use of a single payment instrument in connection with a financial transaction such as a purchase. Presently a consumer must have in the consumer's possession a plastic payment instrument such as a credit card or debit card. The plastic payment instruments may include a magnetic strip or may be “contactless” in nature. In either case, personal financial information of the person to whom or entity to which a payment instrument is issued is embedded in the payment instrument that a point-of-sale device is capable of reading to authorize a financial transaction.
At a point-of-sale, a card reader, terminal, or similar point-of-sale payment device typically is provided, requiring a consumer or user of a payment instrument to successfully “swipe” the payment instrument through the point-of-sale device. In connection with payment instruments having magnetic strips, over time and from repetitive use the magnetic strip on the payment instrument degrades, and the financial data embedded in the magnetic strip may become unreadable due to a variety of causes by a point-of-sale device. Degradation of the magnetic strip may cause payment rejection although the consumer may be the authentic owner of the payment instrument. Authentication or verification of the customer is limited to financial data and information embedded in the magnetic strip of the payment instrument: whoever possesses the payment instrument may affect purchases. The use of personal identification numbers solves the problems neither of customer identification nor customer verification. Customer authentication fails to overcome problems of lost or stolen payment instruments, degraded instruments, or loss of functionality between the payment instrument and point-of-sale payment devices.
In connection with “contactless” payment instruments, the plastic rendition of such a payment instrument generally includes a memory chip and an antenna. Information in the credit card memory chip, referred to in this document as “financial data,” may be encoded in such a manner that a mobile wireless instrument, such as a cellular telephone, may decode the financial data for use by the mobile wireless instrument. Generally speaking, the process of decoding financial data may be done with a computational mechanism, an algorithm, and a decryption key used in a decryption algorithm. Radio waves at a current frequency of 13.56 megahertz, sometimes referred to as the “RFID frequency,” enables the financial data residing and/or embedded in the memory chip to be readable.
The financial data in the memory chip may be encrypted and, as indicated, require an encryption key to decrypt. Members of the credit card industry, such as EMV (Europay, MasterCard and VISA), distribute one or more decryption keys to selected and authorized parties, typically a point-of-sale device. A mobile wireless instrument may be enabled to read the contents of the embedded memory chips.
Standard ISO 7813 defines the standards for payment instruments. Such information may include the name of the primary account holder, the primary account number, a country code, the expiration date of the payment instrument, and a personal identification number (“PIN”), among other data and information pertaining to a user of the payment instrument. Contactless integrated circuit devices, such as those described in this document, frequently are referred to as “proximity cards” and/or “smartcards.” The term “proximity” refers to a present limitation of the near field communications (“NFC”) environment in which the contactless and smart payment instruments are generally used: the distance between the point-of-sale device and either the contactless payment instrument or the mobile wireless instrument currently is limited to ten centimeters or less, although newer technologies seek to increase that distance. More modern proximity cards may also be covered by ISO 1443, the proximity card standard, and a related ISO 15693, the vicinity card standard. A “contactless” payment instrument requires no “PIN” or signature, which raises concerns about security: a lost or stolen payment instrument may be used without verification or authentication. As a person skilled in the art will appreciate and understand, NFC technologies communicate over magnetic field induction, where at least two loop antennas are located within each other's “near field,” effectively forming an air-core transformer that operates within a globally available and unlicensed radio frequency which, as indicated, is an ISM band of 13.56 MHz, with a band width of almost two MHz.
In the field of cryptography, encryption is the process of transforming information, often referred to as “plaintext”, using an encryption algorithm often called a “cipher” to make the result unreadable to anyone except those possessing special knowledge such as an encryption key. The result of the process is encrypted information, often referred to as “ciphertext.” Encryption also refers to the reverse process of decryption. As is known to a person skilled in the art, encryption may protect confidentiality of messages, but other techniques are still needed to protect the integrity and authenticity of a message. For example, verification of a message authentication code or a digital signature may be appropriate. Accordingly, there is a need for the verification aspect of the electronic payment system of this document.
While the use of payment instruments has become ubiquitous across credit card networks, confidentiality verification and authentication remain limitations of the current state of the art. Loss or theft of a payment instrument also remains a significant problem. Loss of a mobile wireless instrument, such as a cellular telephone, having the ability to temporarily read and acquire and collect financial data from a payment instrument, is less likely. In addition, using a combination of storage media within a credit system and within a mobile wireless instrument, the problem of permanency of financial data residing on only a mobile wireless instrument may be controlled.
Accordingly, a need exists in the industry for a new and useful electronic payment system that is capable of providing a mobile wireless instrument that may collect, receive, store, process and transmit not only financial data across a credit network, but also do so in connection with encrypted financial data residing on a payment instrument. There is also a need to be able to transmit to one or more storage media, including a data processor of the mobile wireless instrument, financial data from the payment instrument to a point-of-sale device to enable the user of the mobile wireless instrument to conclude a financial transaction using the financial data.
In addition, the well-known credit and/or debit card credit system is anything but paperless. Despite advent of the customer-not-present (“CNP”) electronic telephone authorizations, the vast majority of customers conduct financial transactions across a credit network using a single payment instrument in the form of a credit or debit card, signing a receipt or similar paper confirmation of the transaction, or perhaps conduct the transaction via a touch screen, indicating the amount of payment that may be charged against only a single payment instrument. Paper confirmations of the transactions must be collected and collated. The apparatus, system, and methods disclosed, illustrated, and claimed in this document obviate paper receipts, and offer the prospect of instant-payment transactions across a credit network.