1. Technical Field
The present invention relates generally to an improved data processing system and in particular to a method and apparatus for managing data within a data processing system. More particularly, The present invention relates to the field of encryption technology. Still more particularly, the present invention relates to encryption key management for securing credit and debit card transactions.
2. Description of Related Art
For years now, credit and debit cards have proven to be an efficient and convenient transaction medium for consumer to business transactions. Consumers have grown to rely heavily on these cards as a transaction medium in lieu of currency especially when carrying large sums of currency is either impractical or unsafe. Travelers have long understood the benefits for using credit and debit cards as currency for their convenience and security over physical currency.
Some consumer transactions do not lend themselves well to physical currency, bank checks or bank drafts. It is difficult or impossible to conduct real time consumer transactions for tele-commerce businesses, e-commerce businesses and certain vending business applications using currency or checks. Merchants necessarily require a means for instantaneously debiting a valid consumer account prior to completing the transaction. On the other hand, consumers require real time responses from merchants and do not want to be troubled by carrying large sums of currency. Both the consumers and merchants suffer when currency, checks or other drafts are lost during transportation from the consumer to the merchant. Thus, many consumer/merchant transactions rely on credit and debit cards for completing the transaction.
However, in many instances losses resulting from theft and fraud of credit and debit cards or their account information, are not recovered but rather shifted from the consumer and/or merchant to a financial institution that issued the card. Thus, while the consumer/merchant transactions seem more secure and less prone to fraud and theft, many times the losses are only transparent to the consumer and merchant utilizing credit and debit card technologies. In fact, the entire traditional and e-commerce markets are plagued with fraud and security holes that cannot be overcome by current tools and applications designed to tighten security around credit and debit cards. Examples of fraud range from stealing physical cards, card numbers, or forging signatures to intercepting critical data related to the card.
A typical example of credit card fraud involves a cashier ‘swiping’ a customer's card in a valid card reader and then re-swiping the card in a clandestine card reader. By the time that issuing financial institutes realize that the card numbers are being used for illegal transactions, several thousand card numbers may have been stolen. Tracking the source of such an operation is difficult, moreover identifying which cards used at the location that have been compromised is virtually impossible because of the extreme volume of financial institutions issuing credit cards.
Another example of fraud involves e-commerce transactions. e-commerce facilities are not always secure from hackers. A hacker may attack the merchant's server, proxy or website to gain credit card information. Once a facility is compromised, credit card numbers can be used by the hacker or others for fraudulent transactions. In one recent case, a website was compromised and numerous credit card numbers were posted on a public website. This required the financial institutions that issued the credit cards to invalidate those card numbers, stop/verify pending transactions, and issue new card numbers to their account holders.
Although not fraud per se, another credit card related concern is the potential for privacy violations. One type of such violation is the practice of “customer profiling”. Customer profiling is a means for identifying potential new customers based upon predicting individual's future buying habits. These habits are developed into a “customer profile” by collecting and analyzing records of the customer's past credit card transactions. Customer profilers create such customer profiles and make the information available to merchants. The targeted customers may be subject to bombardment with junk mail circulars, telephone solicitation, unsolicited e-mail or the like.
The current customer-merchant-bank methodology lends itself to theft or misuse of credit card information. Therefore, it would be advantageous to reduce the ease at which credit and debit cards and their information is misappropriated or misused.