This invention relates to payment cards that are used for malting contactless payment transactions. In particular, the invention relates to techniques for fraud prevention in proximity, contactless or smart card payment systems.
Proximity payments are used in situations where, although the purchaser is present, it is useful or at least more convenient to be able to make a payment without having to make physical contact with the vendor/payee. The purchaser, for example, may use a contactless “smart card” to make a proximity payment without having to manually swipe a card through a conventional point-of-sale device (i.e., a magnetic strip card reader). An exemplary contactless smart card is MasterCard PayPass™. card. This card is an enhanced payment card that features a hidden embedded microprocessor chip and antennae (i.e. a miniature Radio Frequency (RF) transceiver chip and an antenna). The MasterCard PayPass provides a purchaser with a simpler way to pay. The purchaser can simply tap or wave his or her MasterCard PayPass payment card on a specially equipped merchant terminal that then transmits payment details wirelessly using radio frequency signals, eliminating the need to swipe the card through a reader. Account details are communicated directly to the specially equipped merchant terminal and are then processed through MasterCard's highly trusted acceptance network. Moments after the purchaser taps the terminal with his or her MasterCard PayPass card, they receive payment confirmation and are on their way.
Proximity payment systems based on smart cards (such as MasterCard PayPass) may be advantageously implemented in traditional cash-only environments where speed is essential, (e.g., quick serve and casual restaurants, gas stations and movie theaters). Purchaser information, which may be stored in a microchip on the smart card, is sent directly from the microchip to a point-of-sale (POS) device or other wireless reader device, which may be up to about 10 cms away. Proximity payments also may be made using other payment devices (e.g., a mobile phone, PDA, or handheld computer), which are suitably configured to carry a microchip that stores and retransmits stored or processed account information when required. Common industry infrared or wireless protocols (e.g., Bluetooth) may govern communication between the payment device and the vendor/payee's wireless reader or POS device.
As with electronic payment transactions conducted over the Internet and other e-commerce transactions, both parties to a proximity payment transaction will have security concerns. Payers need reassurance that the vendor/payees are not unscrupulous criminals who will misuse payer information, the vendor/payees need to know that the payers are legitimate and both parties need to know that unauthorized third parties cannot intercept the transaction information. A number of techniques, which address at least some of these security concerns, are available. Data encryption techniques, for example, can be used to secure transaction information during transmission.
The proximity and smart card payment systems take advantage of the new on-card chip technology to deploy cardholder verification methods to make secure transactions. Purchases made with the cards can be verified, for example, uses of a personal identification number, or PIN. The proximity and smart cards aim to cut fraud by including an on-card microchip, which can store more information than the usual magnetic strips, and also by having users verify transactions by keying in a personal identification number (PIN) rather than signing a receipt. However, as with any technology, the security provided by on-card chip technology is not infallible. Fraudsters can find new ways of illegally accessing cardholder information to breach security.
Consideration is now directed toward improving schemes for safeguarding cardholder information to prevent, for example, fraudulent use of stolen or lost payment cards. In particular, attention is directed to securing the information contained in proximity, contactless or smart payment cards.