Payment cards such as credit or debit cards are ubiquitous. For decades, such cards have included a magnetic stripe on which the relevant account number is stored. To consummate a purchase transaction with such a card, the card is swiped through a magnetic stripe reader that is part of a point of sale (POS) terminal. The reader reads the account number from the magnetic stripe. The account number is then used to route a transaction authorization request that is initiated by the POS terminal.
In pursuit of still greater convenience and more rapid transactions at POS terminals, payment cards have more recently been developed that allow the account number to be automatically read from the card by radio frequency communication between the card and a so-called “proximity reader” which may be incorporated with the POS terminal. In such cards, often referred to as “proximity payment cards” or “contactless payment cards”, a radio frequency identification (RFID) integrated circuit (IC, often referred to as a “chip”) is embedded in the card body. (The term ‘RFID’ should be understood to encompass ISO14443 communication or any other contactless communication technique used by proximity payment cards.) A suitable antenna is also embedded in the card body and is connected to the RFID chip to allow the chip to receive and transmit data by RF communication via the antenna. In typical arrangements, the RFID chip is powered from an interrogation signal that is transmitted by the proximity reader and received by the card antenna.
MasterCard International Incorporated, the assignee hereof, has established a widely-used standard, known as “PayPass”, for interoperability of contactless payment cards and proximity readers.
It has been proposed that the capabilities of a contactless payment card be incorporated into a mobile telephone, thereby turning the mobile telephone into a contactless payment device. Typically a mobile telephone/contactless payment device (also referred to as a “payment-enabled mobile telephone”) includes integrated circuitry with the same functionality as the RFID IC of a contactless payment card. In addition, the mobile telephone/contactless payment device includes a loop antenna that is coupled to the payment-related IC for use in sending and/or receiving messages in connection with a transaction that involves contactless payment.
As with all payment devices, it is desirable that certain security measures be taken to prevent unauthorized use of payment-enabled mobile telephones. For example, it may be required, at least for relatively high-value transactions, that the user enter a personal identification number (PIN) into the phone keypad before entering into a transaction using the payment-enabled mobile telephone. The present inventors have now recognized that is may be desirable to provide improved security in connection with procedures in the payment-enabled mobile telephone relating to PIN entry and verification and/or relating to validity of other time sensitive data (e.g., acknowledgment (ACK) status, transaction context).