A multimode system for receiving data in a retail environment includes: a secure input module for receiving high security input and low security input from a customer, the high security input to be communicated by the secure input module in cipher text, and the low security input to be communicated by the secure input module in plaintext. The multimode system is adapted to operate in a high security mode and a low security mode. The multimode system is adapted to enter the low security mode upon detection by the multimode system of a security breach condition. In the high security mode, the secure input module accepts low security input and high security input. In the low security mode, the secure input module accepts the low security input and does not accept the high security input.

A multimode system for receiving data in a retail environment includes: a secure input module for receiving high security input and low security input from a customer, the high security input to be communicated by the secure input module in cipher text, and the low security input to be communicated by the secure input module in plaintext. The multimode system is adapted to operate in a high security mode and a low security mode. The multimode system is adapted to enter the low security mode upon detection by the multimode system of a security breach condition. In the high security mode, the secure input module accepts low security input and high security input. In the low security mode, the secure input module accepts the low security input and does not accept the high security input.

Card including a substrate, at least one biometric data entry device on the substrate to receive biometric data about an individual holding the substrate, a memory component on the substrate and containing biometric data about an individual possessing the card and at least one private key, and a processor configured to compare biometric data received via the biometric data entry device to biometric data contained in the memory component to determine whether they match. When there is a biometric data match, a process requiring use of the private key(s) is initiated for authorized use of the card. A chassis intrusion detector system detects tampering with the card and upon such detection, causes deletion of the private key(s) to thereby prevent unauthorized use of the card.

The invention relates to an enabling card as well as a system and method for completing a financial transaction in a P.O.S. terminal comprising: a processor carried by the enabling card for: establishing a connection with a mobile device; receiving secure information from a mobile device and generating a digital signal; a coil carried by the enabling card for generating a magnetic field in response to the digital signal to simulate the swipe of card in the P.O.S. terminal and complete the financial transaction.

The loyalty system allows a consumer to accumulate general loyalty points from one or more merchants, and convert any desired subset of general points to loyalty dollars associated with a specific merchant. The system stores, for each consumer, the merchant loyalty dollars (or monetary equivalent) by merchant within a remotely-accessible host database or within a smart card database. Upon conducting a purchase at a particular merchant, the consumer may utilize a code key to facilitate access to the consumer's own loyalty dollars for the particular merchant. The loyalty dollars are then applied to the purchase transaction as a discount or rebate. The consumer may also re-load the merchant loyalty dollar accounts.

A system may include a point-of-sale system that gathers payment card track data from a payment card and a payment gateway that processes the track data to authorize purchase transactions. Discretionary data in a discretionary field of the track data may be compressed to create space that may be used to accommodate additional security data. The sensitive information may be moved to the discretionary field. The compressed discretionary data and the sensitive information may be encrypted using a structure preserving encryption algorithm and a managed encryption key. The managed encryption key or other additional security data may be added the discretionary field. Track data that has been modified in this way may be conveyed to the payment gateway for processing. The payment gateway may extract the key management data, decrypt the encrypted data, and reconstruct the original track data by decompressing the discretionary data and replacing the sensitive track data.

A system may include a point-of-sale system that gathers payment card track data from a payment card and a payment card gateway that processes the track data to authorize purchase transactions. The point-of-sale system may remove sensitive data such as a portion of a primary account number from the track data and may compress the removed data. The compressed version of the data may be appended to a discretionary field in the track data. The discretionary field may be encrypted following insertion of the compressed data. Track data that has been modified in this way may be conveyed to the payment gateway for processing.

In a method for using and maintaining user data stored on a smart card, a smart card receives a user data request for the user data stored on the smart card. The smart card determines whether the user data request is a data maintenance request or a data use request. A data maintenance request is for modifying user data stored on the smart card. A data use request is for read only access to user data stored on the smart card. The smart card uses a first process to determine whether to allow the user data request when the user data request is determined to be a data maintenance request. The smart card uses a second process, different from the first method, to determine whether to allow the user data request when the user data request is determined to be a data use request.

A verification method and a transaction verification method are provided. The verification method applicable for a secure device and an unsecure device utilizes the secure device to generate a match information for a user to see one-to-one substitution relations between a plurality of first verification data and a plurality of second verification data. When the user, after seeing the match information, selects the plurality of second verification data on the unsecure device, the unsecure device transmits a plurality of input data to the secure device, and the secure device converts the plurality of input data into a plurality of to-be-verified passwords according to the match information. The secure device then determines whether or not the plurality of to-be-verified passwords match with a plurality of pre-stored password data in the secure device.

A system for accepting the input of a PIN comprises a first device receiving a randomized PIN layout derived on a fourth device. The randomized PIN layout is displayed on a display of the first device. A second device comprises an input for accepting a series of key presses to produce a PIN token. The PIN token indicating each of the series of key presses. A third device is in communication with the second device. The third device derives the randomized PIN layout and receives the PIN token from the second device without the PIN token being present on the first device. The third device combines the PIN layout and the PIN token to produce a PIN. The PIN is used to authenticate a transaction. The fourth and third devices each store a shared secret used to independently derive the randomized PIN layout on the fourth and third devices.