It has become common practice for individual consumers to use credit cards for conducting transactions not only at conventional point-of-sale (POS) locations, but also for online transactions performed on the Internet. However, the convenience of credit card transactions is often negated by security measures commonly used to prevent fraudulent transactions, since transactions may be unexpectedly denied and additional action must be taken by the user to complete a transaction.
For instance, in POS credit and debit card transactions, a bank or other authorization entity associated with the credit or debit card (hereinafter referred to as “the card”) may deny any requested transactions that fall outside the normal pattern of use for that particular card, such as when the card is used for a transaction in a different city or state than the residence of the card user. When such transaction denials occur, the card user may be required to contact the authorization entity via a customer service phone number for transaction authorization, a procedure that can be time-consuming, frustrating, and, in cases where the user is engaged in foreign travel, quite expensive.
In online credit card transactions, particularly those exceeding a specified dollar amount, an authorization entity associated with the card may require two-factor authentication of the user before authorizing a requested transaction. For example, a personal identification number (PIN) or other alpha-numeric credential may be sent via text message to a mobile subscriber terminal, e.g., a mobile phone, that has been pre-registered as the mobile device of the card user. The user then enters the PIN to verify his or her identity to the authorization entity, which then authorizes the requested transaction. However, two-factor authentication using text messaging can be problematic, since text messaging adds cost to each transaction, is not always reliably received by a targeted mobile device in a timely manner, and not all mobile device users have text messaging plans.
Consequently, more convenient techniques have been used for two-factor authentication of both online and POS transactions. Specifically, the current location of a card user's mobile subscriber terminal has been used for two-factor authentication of card transactions; proximity of the card user's mobile subscriber terminal to the POS or the IP address associated with the transaction can indicate that the actual user of the card is requesting the transaction. Determination of the current location of the card user's mobile subscriber terminal can be a completely automated process, and therefore transparent to the card user, which is a significant benefit. Unfortunately, such two-factor authentication generally requires a card user's mobile subscriber terminal to continuously provide location information to the card's authorization entity, and in light of current concerns about electronic privacy, this requirement may be considered a serious drawback by many consumers.
For clarity, identical reference numbers have been used, where applicable, to designate identical elements that are common between figures. It is contemplated that features of one embodiment may be incorporated in other embodiments without further recitation.