Existing credit and debit card processing systems utilize a card processing terminal, which is connected to a processing network, such as a private network for credit and/or debit card processing. In the prior art, a merchant desiring to accept credit and/or debit card payment from customers, applies for a merchant account with a data processor or bank. Upon reviewing and accepting the application, the merchant is required to purchase a card processing terminal. The merchant can also use a terminal already in his/her possession. A representative of the data processor/bank visits the merchant's location and configures the terminal for use with the processing network. Alternatively, a representative of the data processor/bank can also provide instructions to the merchant in writing or over the phone on how to configure the terminal. Such configuration information includes the merchant's account number, telephone numbers to access the processing network, passwords, business information, and information as it appears on a customer's receipt. After configuring the terminal and testing the settings, a merchant has the ability to accept credit and/or debit cards from consumers.
A consumer desiring to make payments for goods or services purchased at a retail location would typically present his/her credit or debit card to a representative of the merchant at the check out counter. The representative at the check out counter would swipe the card across a card reader which is typically attached to, or part of the processing terminal. Once the card is swiped, information associated with the transaction is transmitted via a private network maintained by private network operators, such as FIRST DATA CORP., to a server associated with the private network. The private network server in turn sends information associated with the transaction to a server associated with the bank issuing the card (the issuing bank), again through a private network maintained by the private network operator. The issuing bank then sends back authorization for charging the card to the server maintained by the private network operator, which in turn sends the authorization to the retail location.
Upon receiving authorization from the issuing bank, a printer associated with the host computer which is typically separate from the card processing terminal would print a receipt for the customer to sign. The merchant provides a copy of the signed receipt to the customer and keeps the original receipt for bookkeeping or other purposes.
If a merchant wishes to add additional terminals to the same location or other location, then it is necessary for the merchant to obtain the required number of terminals and once again seek assistance from a representative of the data processor/bank as described above to configure the terminal.
FIG. 1 shows a schematic of a card processing terminal 10 of the prior art. Card processing terminal 10 includes a microcontroller with different components, such as a processor, random access memory, read only memory, I/O control unit, clock, etc. being part of the microcontroller 11. Microcontroller 11 is connected to a communications device 12, such as a modem for communication with an external network, such as the above mentioned private network. The microcontroller is also connected to a card reader, such as a magnetic card reader or a magnetic ink character reader 13. A printer 14 is optionally connected to the microcontroller to print a receipt for the transaction once authorization is received from the issuing bank. Thus, in FIG. 1, the aforementioned components are part of the same device or card processing terminal. The card processing terminal 10 described above is capable of conducting credit card transactions over a private network. However, it does not have any capability for performing secure transmissions over the private network. The capability for secure transmission in not necessary in the card processing terminal of FIG. 1 because it is adapted to work over a private network. However, in order to provide secure communications using the card processing terminal 10 of FIG. 1, the terminal 10 would have to be attached to an external computer capable of providing the desired secure communication over the private network.
FIG. 2 shows a schematic of another card processing terminal 20 of the prior art. Card processing terminal 20 is designed for use as a peripheral to a host computer system. Card processing terminal 20 includes a microcontroller with different components, such as a CPU, a random access memory, read only memory, I/O Control Unit, clock, etc. being part of the microcontroller 21. Microcontroller 21 is connected to a card reader 23, such as a magnetic card reader or a magnetic ink character reader. An operating system running on the card processing terminal 20 includes a communications protocol stack such as TCP/IP 24. Card processing terminal 20 further includes a communication port 22 for connecting the terminal to a local host computer. However, it does not include a communication device, such as an Ethernet card, a modem, or the like, that would enable it to connect directly with a private network. Moreover, the card processing terminal 20 is not intended for use as a standalone device. It interfaces with a local host computer through communication port 22.
Because of the presence of the card reader 23, terminal 20 is capable of accepting information from cards by means of card swipes. Typically when a peripheral card processing terminal, like terminal 20 is used, the communication over the private network is performed by the local host computer, which takes transaction information from the peripheral and passes it through the private network to the private network servers. Thus, once the card processing terminal 20 accepts the card swipe, it transmits that information associated with a particular transaction to the local host computer, which then passes the information to a private network for authorization.
The card processing terminal 20 along with the host computer described above is capable of conducting credit card transactions over a private network. However, terminal 20 of FIG. 2 does not include a printing device capable of printing receipts once a transaction is complete. Accordingly, a separate printer has to be attached to the local host computer to print the receipts upon receiving authorization from the issuing bank.
A significant amount of effort is involved in provisioning and configuring the card processing terminals of FIGS. 1 and 2 so that they may be used for credit and/or debit card processing. Because of this complexity, a representative of the data processor/bank is required on site or over the telephone during the configuration process, thereby creating an expensive process the cost of which is generally borne by the merchant.
It should be clear that the use of existing card processing terminals requires a merchant to make a large initial investment in the purchase of various services and equipment in addition to the card processing terminal, such as application fees, setup fees, reprogramming fees, a receipt printer and/or a local host computer connected to the card processing terminal and/or a printer. Moreover, there are additional costs associated with leasing the communication lines from private network operators, such as FIRST DATA CORP. Leasing the equipment is also an option for merchants. However, leasing requires an on-going expense for the merchant in terms of the cost of the lease and adds to the overhead costs associated with operating a business. Furthermore, existing private network operators typically require multi-year contracts from merchants desiring to provide credit card processing facilities at their retail locations. Moreover, most card processing terminals currently in use that require a local host computer system for operation require some kind of custom software in order for them to be properly integrated with the host computer.
Because of the costs associated with leasing and/or purchasing the various equipment needed for implementing a card processing system, and the costs associated with installing a card processing system, such systems are not being used by many small office/home office (SOHO) type businesses. However, because of the preference of many consumers for using credit cards and the inherent risks associated with carrying large amounts of cash, many consumers avoid patronizing businesses that do not accept credit cards. Thus, small businesses that do not provide credit card processing facilities lose a substantial amount of business to large businesses that provide such credit card processing facilities.
Therefore, there is a need in the art for a system and method for secure transaction processing over a public or private network, such as secure provisioning and configuration of a transaction processing device, that can be used by both large businesses and SOHO type businesses.