The use of a token, an inanimate object which confers a capability to the customer presenting it, is pervasive in today's financial world. Whether a customer is buying groceries in a supermarket, or withdrawing money from an ATM, at the heart of the transaction is a money transfer enabled by a token, such as a plastic debit or credit swipe card, which acts to identify both the customer as well as the financial account being accessed.
From their inception in the late 1970s, token-based systems for accessing financial services have grown increasingly more prevalent in the banking industry. However, as token-based systems access have become more popular with customers, they have also become more popular with criminals intent on perpetrating fraud. Currently, fraud losses in the financial industry stem from many different areas, but they are mainly due to either stolen or counterfeit cards.
Generally, debit cards are used in conjunction with a personal identification number (PIN). The PIN helps to prevent lost or stolen cards from being used by criminals, but over time various strategies have been used to obtain PINS from unwary cardholders. Such strategies include Trojan horse automated teller machines (ATMs) in shopping malls that dispense cash but record the PIN, to fraudulent debit devices that also record the PIN, to criminals with binoculars that watch cardholders enter PINS at ATMs. The subsequently manufactured counterfeit debit cards are then used in various ATM machines to fraudulently withdraw funds until the account is emptied.
Customer-based fraud for debit cards is also on the rise. Customers intent on this sort of fraud will claim that they lost their card, say that their PIN was written on the card, and then withdraw money from their account using card, and then refuse to be responsible for the loss.
The financial industry is constantly taking steps to improve the security of tokens, such as debit cards and new smartcards. However, the linkage between the customer and his token remains tenuous, and that is the fundamental reason behind the increasing card fraud.
One solution that would reduce counterfeit-card fraud involves using a smartcard that includes a biometric. In this approach, authenticated biometrics are recorded from a customer of known identity and stored for future reference on a token. In every subsequent account access, the customer is required to physically enter the requested biometric, which is then compared to the authenticated biometric on the token to determine if the two match in order to verify customer identity.
Various biometrics have been suggested for use with smartcards, such as fingerprints, hand prints, voice prints, retinal images, handwriting samples and the like. However, the biometrics are generally stored on a token in electronic form, and thus the biometrics can be fraudulently copied and reproduced. Because the comparison and verification process is not isolated from the hardware and software directly used by the customer attempting access, a significant risk of fraud still exists.
An example of another token-based biometric smartcard system can be found in U.S. Pat. No. 5,280,527 to Gullman et al. In Gullman's system, the user must carry and present a credit card sized token (referred to as a biometric security apparatus) containing a microchip in which is recorded characteristics of the authorized user's voice. In order to initiate the access procedure, the user must insert the token into a terminal such as an ATM, and then speak into the terminal to provide a biometric sample for comparison with an authenticated sample stored in the microchip of the presented token. If a match is found, the remote terminal signals the host computer that the account access should be permitted, or may prompt the user for an additional code, such as a PIN which is also stored on the token, before authorizing the account access.
Although Gullman's reliance on comparing biometrics reduces the risk of unauthorized access as compared to PIN codes, Gullman's use of the token as the repository for the authenticating data combined with Gullman's failure to isolate the identity verification process from the possibility of tampering greatly diminishes any improvement to fraud resistance resulting from the replacement of a PIN with a biometric. Further, the system remains inconvenient to the customer because it requires the presentation of a token in order to authorize an account access.
Uniformly, the above patents that disclose financial authorization systems teach away from biometric recognition without the use of tokens. Reasons cited for such teachings range from storage requirements for biometric recognition systems to significant time lapses in identification of a large number of individuals, even for the most powerful computers.
Furthermore, any smartcard-based system will cost significantly more than the current magnetic stripe card systems currently in place. A PIN smartcard costs perhaps $3, and a biometric smartcard will cost $5. In addition, each station that currently accepts existing debit cards would need a smartcard reader, and if biometrics are required, a biometric scanner will also have to be attached to the reader as well.
This costly price tag has forced the industry to look for additional applications of the smartcard beyond simple banking and debit needs. It is envisioned that in addition to storing credit and debit account numbers and biometric or PIN authentication information, smartcards may also store phone numbers, frequent flyer miles, coupons obtained from stores, a transaction history, electronic cash usable at tollbooths and on public transit systems, as well as the customer's name, vital statistics, and perhaps even medical records.
The net result of this “smartening” of the token is increasing centralization of functions and increasing dependence on the token itself, resulting in increased vulnerability for the customer. Given the number of functions that the smartcard will be performing, the loss or damage of this all-important card will be excruciatingly inconvenient for the cardholder. Being without such a card will financially incapacitate the cardholder until it is replaced. Additionally, losing a card full of electronic cash may also result in a real financial loss as well.
Thus, after spending vast sums of money, the resulting system will be somewhat more secure, but will levy heavier penalties on the customer for destruction or loss of the card, To date, the banking industry has had a simple equation to balance: in order to reduce fraud, the cost of the card must increase. This cost is passed along to customers.
As a result, there has long been a need for an ATM access system that is highly fraud-resistant, practical, convenient for the customer, and yet cost-effective to deploy. There is also a need for an ATM access system that identifies the customer, as opposed to merely verifying a customer's possession of any physical objects that can be freely transferred. This will result in a dramatic decrease in fraud, as only the authentic customer can access his or her account.
A further need in an account access system is ensuring customer convenience by providing access without forcing the customer to possess, carry, and present one or more man-made memory devices in order to authorize an account access. All parties intent on fighting fraud recognize that any system that solves the fraud problem must take the issue of convenience into account, however the fundamental yet unrecognized truth of the situation is, the card itself is extremely inconvenient for the customer. This may not be initially obvious, but anyone who has lost a card, left a card at home, or had a card stolen knows well the keenly and immediately-felt inconvenience during the card's absence.
Yet another need in the industry is for a system that greatly reduces or eliminates the need to memorize cumbersome codes in order to access all of his accounts.
Yet another need in the industry is for a system that eliminates the need to memorize PIN codes.
There is further a need for a system that affords a customer the ability to alert authorities that a third party is coercing the account access without the third party being aware that an alert has been generated. There is also a need for a system that is able to effect, unknown to the coercing third party, temporary restrictions on the types and amounts of account accesses that can be undertaken.
Lastly, such a system must be affordable and flexible enough to be operatively compatible with existing networks having a variety of electronic access devices and system configurations.