As regards question 3, the most relatively secure environment for purchase transactions remains a merchant's store, in which a buyer and seller can interact face to face,
multiple forms of identification can be reviewed, and the opportunities for theft of private information are generally limited.
Here, the opportunities for fraud and the theft of private information are relatively high.
Further, there is a prevailing public
perception that electronic
purchasing environments (for example, virtual storefronts or
Internet auctions) are inherently insecure in regard to the transmission and / or storage of private information.
In some cases the burden of implementing, learning and using falls on the merchant or other provider of goods, services, or funds, as well as the account holder.
In the case of
credit card transactions, the merchant is then charged back for the value of the disputed transaction and may also be charged a dispute investigation fee, resulting in a loss of profits and goods.
Such systems and methods do not protect against card theft or hacking (should such CVV2 / CVC2 / CID data flow from the
consumer to the merchant or card processor electronically, or are stored on an intermediate system), because they authenticate only that certain data from the physical card match data stored in the
authorization system, without authenticating the identity of the
card holder / user, and without verifying the intentions of the true card owner or other co-authorizing party (if different).
Further, they do not provide the
advantage of notification of the true card owner or other co-authorizing or auditing parties of the occurrence of a transaction, and in particular a high-risk transaction.
Finally, such systems and methods also fail to provide for any additional
automated data gathering,
authentication, and
verification for and by the party regarding the opening, closing, or modification of an account remotely.
Such a system and method have the
advantage of partially isolating private
payment information across two different communication links, but do not address the problem of notification or
authentication of the legitimate account holders or other parties having a potential interest in the transaction, nor
verification of the intent and approval of said legitimate account holders or other parties having approval authority for the transaction.
Such a system and method, which require purchasers to take additional proactive steps to complete remote transactions, have had limited adoption by consumers and merchants due to the complexity they add to all affected transactions.
This system and method are further limited to collecting
payment data, such as a
credit card number, for
processing by the merchant's point-of-sale or ordering system, under the
purchasing party's control.
They do not provide for any additional data gathering,
authentication, and
verification for and by the party attempting to collect
payment or open, close, or modify an account remotely, nor for and by any
third party whose approval is normally required to conclude the transaction.
As has been noted, systems and methods based on dummy transaction or account number codes have had limited
consumer acceptance because of the complexity to set up and use them.
Nor do such systems and methods provide for any additional data gathering, authentication, and verification for and by the party attempting to collect payment or open, close, or modify an account remotely, nor for and by any
third party whose approval is normally required to conclude the transaction.
As has been noted, systems and methods of this type have extremely narrow application because of the need for the affected parties' physical presence, the associated cost of implementation and on-going support, and general public concerns over personal privacy when biometric devices are employed.
However, such systems and methods do not provide protection against the use of stolen account information, nor against the use of stolen dummy account information such as said
telephone number and PIN.
Nor do such systems and methods provide for any additional data gathering, authentication, and verification for and by the party attempting to collect payment or open, close, or modify an account remotely; nor for and by any
third party whose approval is normally required to conclude the transaction.
Because the PIC is communicated through the same process and media as the transaction itself, said personal identification code, particularly for e-commerce transactions, is vulnerable to theft via hacking of the merchant's systems or interception of the merchant's communications to the payment-
processing bank or applicable
credit card processing network.
Such systems and methods also fail to provide for any additional data gathering, authentication, and verification for and by any third party whose approval is normally required to conclude the transaction.
Therefore, the utility of this method is limited to cases wherein both a purchaser and a merchant are independently willing and able to establish an advance relationship with, exchange private information (such as account information for the purchaser and merchant processing information for the merchant) with, and allow debiting / crediting of their accounts by, such a processing center prior to entering into a purchase transaction between themselves.
The method is also limited to purchases, and particularly to purchases involving a single customer and a single merchant.
The need for a preparatory process occurring over the second network, the need to use the second network to perform all steps to prepare and conclude a transaction other than the step of the customer's placing of his / her order, and the need to establish a processing center, also limit the utility of this method.
Because the purchaser does not actually supply his / her payment information to the merchant, the method further creates an opportunity for fraud perpetrated within processing center,
stemming from its unique position of trust between the two other parties.
If, however, the processing center is not independent of the merchant, then any utility derived from the separation of the processing center from the merchant, such as the assurance to the customer that his / her private account information need never be transmitted directly to the merchant, is lost.
The method also adds the complication of the merchant having to provide a new and additional or alternative form of
customer identification information to the processing center in order to receive a customer's payment.
The method also fails to provide for any additional
automated data gathering, authentication, and verification for and by a party regarding non-purchase transactions, such as the opening, closing, or modification of an account remotely; nor for and by any third party whose approval is normally required to conclude a purchase transaction.
The method also fails to address purchases or non-purchase transactions initiated other than via a network.
Additional weaknesses and limitations of the prior art in general include:
This solution is therefore highly limited in the scope of its application.
Systems and methods using CVV2 / CVC2 / CID codes: Systems and methods utilizing such codes are presently limited to credit card accounts only, do not protect against the loss or theft, such as by hacking, of credit or debit-and-credit cards or card account numbers along with such codes, and do not prevent the fraudulent creation or subsequent modification of an account.
Systems and methods using verification of private knowledge: Such systems and methods are vulnerable to theft of private information via hacking, and
identity theft.
This is particularly troublesome internationally, where the most common type of private knowledge checking in the U.S. for credit card transactions, namely, an account's billing addresses, is rarely possible today abroad.
Systems and methods using smart cards: While smart cards add
password (PIN) features and can also create dummy credit card numbers
usable for one transaction only, systems and methods utilizing smart cards require the installation and use of a
smart card reader by the user, and have thus had limited adoption by consumers.
Systems and methods using
digital signature information (“E-Wallets”): As with smart cards, systems and methods for e-wallets require specialized
software to be installed on the computing device of the e-wallet's owner, and therefore have not been widely adopted by consumers.
Other limitations and weaknesses in the prior art: Notification of a transaction, and any interaction with the actual party or parties who are truly authorized to conclude and approve it, as opposed to interaction with parties who are perpetrating fraud by representing themselves as said actual, authorized parties, is generally left unaddressed by the prior art.
Prior art which attempts to address the objective of verification of a transaction before it is concluded adds prohibitive requirements for the establishment, registration with, and use of intermediaries such as processing centers between customers and merchants, fails to address the objectives of notification and approval of or by third-parties, and fails to address the class of transactions comprising the opening, closing, and modification of accounts.