Most transactions at a retailer's POS (Point of Sale) system require the presence of a physical token to gain access or authorization. Tokens such as magnetic ink encoded paper checks, smart cards, magnetic swipe cards, identification cards or even a personal computer programmed with resident user-specific account data, are “personalized” because they are each programmed or encoded with data that is unique and personalized to the authorized user. The customer then enters the account number from the physical token through a magnetic stripe reader, through a contactless transmission (Radio Frequency or Infrared), or through the manual entry via a numeric keyboard. Whether a consumer is buying groceries with a debit card, shopping in a department store with a credit card or earning free frequent flyer miles over the internet, at the heart of that transaction is an electronic transfer of funds or benefits enabled by the token, which acts to identify both the consumer as well as the financial account being accessed.
Also, there are transactions where the physical token is not required and the retailer allows payment by utilizing identifiers such account numbers, passwords, and/or personal identification numbers (PINs) to identify authorized users and control access to specific locations. Unfortunately, such methods for authorizing transactions or for controlling access can be easily compromised. Account numbers, passwords, PINs, etc. can be discovered by non-authorized persons or can be willingly disclosed by authorized users to non-authorized persons.
The growing field of biometrics provides one technological answer to this need for more reliable identification. Biometric technologies measure and characterize some unique feature of a person's anatomy, which is then used to identify that person.
A number of biometric identification devices already exist. These include fingerprint readers, hand geometry readers, iris imagers, retinal cameras, voice recognition, and face recognition devices. The biometric identification devices are used to verify that a person presented is indeed that person by comparing the presented person's biometric data to biometric data stored for the person specified. Authentication can be done for any purpose, such as security, tracking, crime prevention, customization of other systems to user preferences, communication and other purposes. Each of these biometric identification devices has its own problems and strong points.
Various token-based biometric technologies also exist. These suggest using smart cards, magnetic swipe cards, or paper checks in conjunction with fingerprints, hand prints, voice prints, retinal images, facial scans or handwriting samples. Biometrics are generally either stored in electronic and reproducible form on the token itself, or used in tandem with the user directly using magnetic swipe cards, paper checks or a PC. Therefore, a significant risk of fraud still exists because the comparison and verification process is not isolated from the hardware and software directly used by the payer attempting access.
There is a need to decrease the time required for transaction, to simplify the process where the customer is no longer required to present a physical token to identify themselves, and to simultaneously minimize the risk of fraud. It would be desirable to have an identification system that recognizes a customer based upon an “identifier” and a biometric sample for the purpose of authorizing a purchase or making changes to a record including the protection of a customer's account. Accordingly, the present invention is directed to these, as well as other, important ends.