The use of portable payment devices in financial transactions has seen a steady increase within the last few years. Currently, a variety of portable payment devices are commercially available. However, despite their initial popularity, one of the technical challenges which has limited the level of general acceptance of certain password token type portable payment devices is that several of these devices are dependent on a fixed internal power supply (e.g. battery) for sustained operations. This apparent limitation and the requirement for easy access to an internal power source renders some of these portable payment devices (e.g. credit cards) difficult to manufacture in a way that is in compliance with certain industry recognized manufacturing standards, such as, for example, International Standard Organization (ISO) standards; or in certain cases, the rigorous internal manufacturing standards of branded payment tokens.
Recently, the vulnerability of the static “user ID and password” during e-commerce and/or financial transactions has become increasingly apparent as identity theft and unauthorized access to private and confidential user data is increasingly prevalent. The traditional static “user ID and password” system is subject to security breach and/or password leakage during a variety of processes, including logon, password generation, storage and distribution. Current measures to enhance the security of the static “user ID and password” system include the use of one-time password systems that substitute the static password with a dynamic password. One-time passwords (OTPs), which may be generated randomly, automatically, and then displayed, typically can be used only once. They provide an additional level of security against breach of password security. However, certain technical challenges remain in delivering a one-time password in connection with the use of these password tokens as traditional one-time password systems are typically closed systems. Hence, the user may be inconvenienced with subscriptions to more than one service provider. Each service provider may also require a different token due to variations of individual service provider authentication servers. Further, some payment devices require a Personal Identification Number (PIN) to operate and the user must remember the PIN for each different device, which adds to the difficulty in implementation and possible reduced consumer usage.
Furthermore, if these initial hurdles are to be overcome and the usage of these portable payment devices become more prevalent, there is an additional need for the ability to prevent unintended radio frequency (RF) transmissions to protect user data when the RF-enabled password tokens are in transit while being delivered to the account holder or when the account holder is in an environment wherein the suspicion and/or the risk of security breach via unintended broadcast or signal capture is high.
Additionally, many account holders of portable payment devices are often unaware of the current account balance on their respective portable payment devices. While some issuer and acquirers mandate support for balance inquiries for some devices such as, for example, gift cards and incentive cards, such support is optional at merchants.