While the near-universal availability of the Internet to users in every location has created opportunities for many new kinds of businesses, it also has opened new opportunities for fraudulent use of credit card credentials by unscrupulous criminals. In these types of transactions (referred to as “card not present” transactions), the buyer of a product provides the seller with credit card information which cannot physically be verified, because the entire transaction occurs between remote participants and/or computers. Even in cases in which a customer service clerk speaks directly to the buyer to obtain the credit card information, there is no way to verify that the credit card credentials are legitimately obtained, or that the buyer is authorized to use the credentials to effect the transaction.
Various systems have been proposed or implemented in which the buyer is expected to provide information for verification, such as the maiden name of the buyer's mother, some form of biometric information, or a scan of the physical credit card through a remote reader in the buyer's computer. In each case, these types of data may be obtained through outside sources of information, simulated, or impersonated through computer means.