The existence of a black market in credit card information is well known and it is believed that the real extent of this type of crime is much greater than published mainly because of the fear by the victims of negative publicity. Typical is the headline carried by The International Herald Tribune (IHT) of Jan. 11, 2000 “On-line Intruder Steals 300,000 Credit card Files”. The culprit had reportedly stolen the files from a well-known Internet music retailer.
While the IHT report refers to the stealing of credit card information electronically, the phenomenon is not confined to electronic means. Unscrupulous persons obtain the information by sorting through trash, stealing mail, or working in temporary jobs in stores or banks. Once the credit card information falls into the wrong hands the culprit can place multiple orders telephonically or on-line for purchases to any value within the card owners credit limit. In particular when it comes to buying immediate on-line services, the culprit has little if any difficulty. No delivery addresses are required, the service is received and paid for in real-time with a false credit card and there is no recourse to the culprit.
Elaborate methods have been devised to prevent fraud including encryption of card information during passage from user to merchant using systems such as public and private key encryption; in some cases in conjunction with smartcards which provide for greater security in verifying the authenticity of the card and the identity of the card user. A critical problem which has been inadequately addressed until recently is that once the user's name, card number and expiry date have been decrypted, said decrypted information stored on a vendor's computer is prone to abuse. Unauthorized persons who gain access to the information, are able to continue using it to make credit purchases until the relevant card is canceled by the card issuer. This problem is compounded by the delay which may be incurred before a fraud is detected and steps taken to cancel the card. Various “disposable” one-time surrogate card number systems have recently been introduced to overcome this weakness but where the software relating to such systems is stored on user's computer it continues to be exposed to online intruders.
The problem has been aggravated by the growing ease with which so called hackers are able to penetrate computers, decode passwords, read information to which they are not entitled and to present false identities. Nowadays hackers or crackers have access to very sophisticated software known as sniffers, scanners, web bugs and the like which enable them to unravel passwords and read information on individual computers easily and speedily. In addition, e-commerce security systems which are stored on a user's computer can be copied by unauthorized persons on-line or by unauthorized persons who gain physical access to the computer.
In many present systems the validity check does not usually include verification that the person initiating a card transaction is in fact the legitimate owner of the card as passwords are easily broken. Third party certification authorities (CA's) are often engaged to check the legitimacy of credit purchase applications. It has however been authoritatively reported that such screening may lead to unnecessary rejection of legitimate sales.
The prior art of card-enabled transaction authentication has numerous examples of methods designed to raise the level of security against fraud in these transactions.
U.S. Pat. No. 6,012,144 to Pickett utilizes two or more non-secure networks (such as the Internet and the public telephone system) to initiate and validate a transaction. The user uses a non-secure network to contact a card issuer and the card issuer verifies the identity of the user by a telephone callback system. This method can easily become a burden on heavily-trafficked phone systems, especially at peak hours, and is time-consuming.
U.S. Pat. No. 4,961,142 to Elliot et. al. describes the use of multi-user transaction devices, such as various types of credit cards, issued by different credit authorities. These are processed using a number of matching modules which are programmed to read such credit cards.
U.S. Pat. No. 5,478,993 to Derksen discloses a card having four memories including data for doing an identity check of the card ownership and an authenticity check.
U.S. Pat. No. 5,991,738 to Ogram discloses an automated payment system for purchases over the Internet, in which the customers computer is linked to a payment processing computer and the customer's credit card number and transaction amount are transmitted to it. The payment-processing computer automatically contacts the bank for verification, and communicates a self-generated transaction indicator, and a password, to protect the transaction.
U.S. Pat. No. 6,005,939 to Fortenberry, et al., describes a passport type system for use over the Internet for secure transactions or data transfers. It employs a user-initiated process to forward a passport containing encrypted information from a passport agent to a recipient node and forwards a key to the recipient node to unlock the passport information.
U.S. Pat. No. 4,628,195 to Baus for a credit card security system includes a system to generate a security code number determined by the spatial positions of corresponding data in two different forms of encoded data on the card. The system generates the security code number each time a card is used and compares it to a stored security number generated in the same way when the card was first encoded or previously used. The system is described in terms of a card having a familiar magnetic stripe and embossed character encoding, and apparatus for sensing the embossed characters is disclosed.
U.S. Pat. No. 5,163,098 to Dahbara is a system for preventing fraudulent use of credit cards using an encryption algorithm to generate a first encoded text from the card number and a password supplied by the user. The card user is verified by comparison of the first encoded text with an encoded text recorded on the card. When the transaction is completed, the merchant generates a receipt containing a first verification code generated from the date and time of the transaction, the merchant's identification number, the password, and the card number. To receive payment, the merchant presents the receipt to the card authorization center. The card center generates a second verification code from the card number, the password which is retrieved from the central database, the merchant number, and the time and date of the transaction. If the two verification codes match, the merchant is credited with the amount of the transaction.
U.S. Pat. No. 4,630,201 to White discloses a security system which includes a central processor and a portable transaction device both having an internal memory, said system being particularly directed towards providing greater security and reliability in check writing and in which a sequence of transaction numbers and associated random numbers are generated and stored in a portable transaction device. A security code is generated by combining one of the random numbers with a transaction parameter, and this code may be verified by a central processor. In the preferred embodiment, in the on-line operation, the selection of the random number is altered by a random offset number further enhancing security. The system includes the assigning of one of the transaction numbers (e.g., a check number) to each transaction and thereafter generating a security code derived by combining data representative of a transaction parameter and a random number and the random number listed in a table that is associated with the particular transaction number assigned to the present transaction. The user enters a transaction number in order to ascertain the relevant random number. The transaction number and the random number comprise in effect a single new code number of combined length. The system is intended for enhancing security in acceptance of checks and is unsuitable for the types of transactions envisaged by the present invention.
In U.S. Pat. No. 5,883,810 to Franklin et al. and assigned to Microsoft Corporation in March 1999, a physical card is not used, but exists only in digital form. During initial registration, the user downloads a registration module from the card issuer's site on the Web to the user's computer, where it is exposed to online intrusion or by a person who may gain unauthorized physical access to said computer. The system is not portable and use of the module is restricted to said specific computer. Each time the user desires to conduct an online transaction, said user is required to ask the card issuer to issue a proxy transaction number for a single transaction. The issuing institution generates a temporary transaction number and associates it with the permanent account number in a data record. The transaction number has a predetermined finite life (suggested by the inventor between one half hour to two hours).
Therefore, it would be desirable to provide a system which benefits from all the advantages of one time surrogate card numbers, while providing additional security, and in particular, which addresses the aforementioned security weakness of systems which are stored on a user's computer as well as the inherent lack of portability. The aforementioned methods limit the user to use of the system only on the designated computer, and they are therefore unsuitable for use at over the counter locations, for physical access control, or while travelling.