An increasing number of hardware attachments are available to expand upon the functional capabilities of mobile computing devices, such as smart phones. In some instances, card reader attachments, which enable the reading of payment information from a magnetic strip (such as a credit card), can be coupled to a host device via a standard 3.5 mm headphone port. However, such credit cards can be duplicated by copying the data stored on the magnetic strip and storing the data on the magnetic strip of a counterfeit card. Moreover, there is no reliable method for easily authenticating such credit cards based on the information in the magnetic strip. As a result, magnetic strip devices are generally considered to provide only limited security features.
In response to such security issues, credit card issuers have begun providing consumers with integrated circuit credit cards (ICC), sometimes referred to as smart cards or chip cards. ICC's may include the same features present in traditional credit cards (i.e., embossed and printed information, magnetic strip, and signature block), but also include a chip. This chip is essentially a memory device that stores not only account information for the ICC, but also authentication information for the ICC. This information is encrypted to prevent copying or tampering. To process a transaction using an ICC, a point-of-sale (POS) terminal is configured for retrieving and storing public keys (PK) obtained from a certificate authority (CA) or other trusted third party, usually in the form of certificate authority public key tables or indices (CAPK table or index) of available keys for all protocols, detecting the chip (either in a contact or contactless mode), determining an application or protocol associated with the ICC's chip, and finding and using a corresponding public key associated with the protocol to decrypt the data on the chip, authenticating the ICC, and allowing the requested transaction to be carried out once authentication is successful. In some cases, this can require input of a personal identification number (PIN) by a customer into the POS terminal. Additionally, such POS terminals are also typically configured for processing conventional credit card transactions.