1. Technical Field
The present disclosure generally relates to electronic transaction authorization and, more particularly, to facilitating secure entry of a personal identification number (PIN), such as at an automatic teller machine (ATM), point of sale, or public web browser.
2. Related Art
The use of a personal identification number (PIN) to facilitate the identification of a person is well known. For example, a user can enter a PIN to make a purchase at a point of sale, to use an automatic teller machine (ATM), to use a public web browser at an Internet café, to use a kiosk such as Coinstar, or to share a console such as an Xbox game for multiple players.
According to contemporary practice, the PIN is entered using a numeric keypad. That is, the user manually presses a series of keys on the keypad that correspond to the numbers of the PIN.
A user frequently needs to enter the PIN where other people may be able to view the PIN entry. Entering the PIN needs to be done securely. It is important that entry of the PIN not be observed by others. When the PIN is entered via the keypad, such entry is susceptible to being observed visually. That is, a bystander can watch the user enter the PIN. This can be referred to as shoulder surfing. The bystander can use a video camera record the PIN entry and to help the bystander later determine the PIN.
It is not uncommon for a surveillance camera to overlook the numeric keypad used for PIN entry. The images provided by such surveillance cameras can be accessed and used to determine a user's PIN. Such surveillance cameras and recorded archives are not always secure from unauthorized access. Also, an unauthorized surveillance camera can be installed by a fraudster who later returns to access the images captures thereby.
It is also possible for malware (malicious software) to be present on a device into which a user enters a PIN. The user will not know that the device can not be trusted and will enter the PIN. For example, a keystroke logger or other program that captures the PIN can be used to provide the PIN to an unauthorized person for later misuse.
It is desirable to provide a way for a user to enter a PIN that is substantially less susceptible to being observed or captured. Making it more difficult for fraudsters to obtain a user's PIN can substantially reduce misuse of the user's account.