The present invention can be used in a variety of terminals for processing transactions involving credit cards, debit cards, bank convenience cards or other personal transaction identification devices. In particular the present invention is applicable to terminals and transactions involving "smart cards", which are personal identification devices which include data memories and microprocessor devices for processing data during a transaction.
Smart card identification devices have the capability of providing greater security against fraudulent transactions in transaction formats wherein the transaction terminal equipment operates "off-line", i.e. without having data communication with a central computer system for verifying the authenticity of the card or the identification of the card user. The security provisions which enable such off-line transactions require the use of specialized terminal software which operates in conjunction with smart card circuitry to verify the authenticity of the card and identity of the card user. Such security provisions may include cryptographic software and cryptographic keys which are under the control of the card issuing organization. It is anticipated that as smart cards come into general use, each card issuing organization will develop its own security software and keys and will maintain these in high security.
In the case of a transaction terminal, for example in a retail store, hotel or restaurant, the implementation of smart card technology by various card organizations would require the installation of separate and non-compatible equipment for accommodating the different security formats which are to be accepted. Unlike non-secure credit card systems, it is unlikely that common formats will be developed or adapted, because issuing organizations would be reluctant to release to others any knowledge or control over the security process that prevents fraudulent use of their cards.
In addition, while the use of smart cards is being introduced into the transaction system, it is desirable that the transaction terminal be capable of accommodating transactions using conventional credit cards having non-secure magnetic stripe data memories.
It is therefore an object of the present invention to provide new and improved transaction equipment for use with diverse personal transaction identification devices, each having different transaction format requirements.
It is a further object of the present invention to provide such equipment wherein the structure, programming and data used in security operations of the terminal for various issuing organizations is maintained under the separate control of each issuing organization.