More particularly, the invention relates to a method and system for authenticating cardholders while carrying out credit card transactions.

Background of the Invention Credit cards have become common means for payment for merchandise and services and carrying out business transactions. Most often, all that is required is that the cardholder provides a valid credit card which includes the details of the bank account to be charged. Fig. 1 is a block diagram illustrating <BR> <BR> a typical process of credit-card transaction. The card-acceptor (e. g. , merchant) swipes the credit-card 13 through a card-reader 10, at the Point-of-Sale (POS) <BR> <BR> 18 terminal. The POS 18 communicates (e. g. , via a modem) to the Acquirer 15, that checks the validity of the transaction (e. g. merchant ID) and of the credit- <BR> <BR> card, utilizing the details read from its magnetic stripe (e. g. , card number, expiration date, etc.).

Acquirers are organizations that collect credit-authentication requests and data relating to the transactions being carried out, provide the merchants with a payment guarantee and initiate an interchange system. The records of the Acquirer are updated with the credit-card details provided by the card Issuers. Once the cardholder's credit is verified the payment money is transferred to the bank account (16) of the card-acceptor and the card Issuer 17 is updated with the transaction details.

Usually, once the Acquirer 15 confirms the transaction, it is completed by the cardholder signing a receipt containing the transaction details. The card- acceptor may attempt to verify the cardholder's identity, for example, by comparing the cardholder's signature to the signature appearing on the credit card, as required by some of the Issuers, or possibly by inspecting an identification certificate (e. g. , identity card) of the cardholder to verify that it matches the cardholder's details appearing on the credit-card.

However, signatures and identification certificates can be forged and the merchants usually do not favor the inspection of customers before each transaction carried out. Therefore stolen credit-cards can be easily used for carrying out financial fraudulent transactions in the name of the legitimate cardholders. In addition, the information on the magnetic stripes of credit- cards can be read, written, deleted or changed utilizing commercial equipment which is commonly available nowadays. Consequently, the forgery of credit- cards is no longer a difficult task to those such as computer hackers, who may unlawfully gain access to credit-card databases.

The vulnerability of credit-card transactions is even greater when carrying out financial transactions via wired Public Switched Telephone Networks (PSTN), wireless telephony (e. g. , cellular phones), or Internet-based e-commerce implementations. In such transactions the cardholder and the merchant are not in any direct contact and it is therefore almost impossible to authenticate the identity of the parties involved.

There is a long standing need for authentication solutions which would allow transparently authenticating cardholders in a simple and easy manner to both cardholders and merchants in order to overcome the difficulties which were discussed hereinabove, It is an object of the present invention to provide a method and system for authenticating the identity of individuals involved in business transactions while the transactions are being carried out.

It is another object of the present invention to provide a method and system for authenticating cardholders during credit-card transactions.

It is a further object of the present invention to provide a method and system for detecting and preventing fraudulent credit-card transactions.

It is yet another object of the present invention to provide a method and system for transparently identifying the presence of individuals at certain locations such as point-of-service locations.

Other objects and advantages of the invention will become apparent as the description proceeds.

Summary of the Invention The following terms are defined as follows: Acquirer: financial organization which acquires from the card-acceptor the data relating to the transaction, authenticates the cardholder credit, and initiates that data into an interchange system.

Cardholder: the individual or entity wishing to carry out a business transaction utilizing a credit-card.

Issuer: financial organization such as banks which issue their customers credit-cards.

Card-acceptor: the entity receiving the payment in a credit-card transaction.

In one aspect the present invention is directed to the authentication of credit- card transactions carried out at a Point-of-Sale. The method comprises providing cardholders with Personal-Units including means for storing a unique identifier and means for transmitting the identifier upon receipt of a unique Triggering-Signal, providing the Point-of-Sale with a Personal-Unit- Detector including means for transmitting the unique Triggering-Signal, receiving a corresponding transmission from a Personal-Unit and extracting the identifier carried therein, obtaining credit-card information, and transmitting a unique Triggering-Signal associated with the credit-card. If a corresponding transmission from a Personal-Unit is received authenticating the card by checking if the unique identifier of the transmission is associated with the card, and confirming the transaction if it is so. Otherwise, if the identifier is not associated with the card the transaction is aborted, similarly if the transmission from the Personal-Unit is not received the transaction is aborted.

The authentication may further comprise authenticating the credit of the credit-card. The Personal-Unit may be equipped with a Keypad including one or more keys for confirming transactions by cardholders by typing a key or a unique sequence of keys. Optionally, the transmittal of the unique identifier is conditioned by the typing of a certain key or a sequence of keys.

The authentication can be performed by the Personal-Unit-Detector, by the Point-of-Sale, or by an Acquirer linked to the Point-of-Sale via a communication channel.

The communication between the Point-of-Sale and the Acquirer, and/or between the Personal-Unit-Detector and the Personal-Unit, is preferably carried out over a secured channel. In a preferred embodiment of the invention information is transferred in a concealed form.

Optionally, credit-card information is stored in the Personal-Units and transmitted upon receipt of the unique Triggering-Signal for carrying out the authentication (off-line authentication). The transmission from the Personal- Unit-Detector to the Personal-Unit may further include instructions to the Personal-Unit to erase the credit-card information stored therein (change into on-line authentication mode).

The authentication of the transactions may further comprise the confirmation of a matching Transaction Code received with the Personal-Unit transmission.

Preferably, the Personal-Unit is provided with a new Transaction Code for the next transaction whenever a transaction is confirmed.

According to another preferred embodiment of the invention the authentication of the credit-card transactions is carried out utilizing cardholders'cellular communication means (e. g. , cellular phone). Credit-card and Point-of-Sale information are used for obtaining information concerning the cellular communication means of the cardholder and the location of the Point-of-Sale. The respective Cellular Network is then enquired for the location of the cardholder's communication means. If it is determined that the cardholder's communication means is located in the vicinity of the Point-of- Sale the transaction is confirmed, otherwise it is aborted. This may be carried out by checking if the Pont-of-Sale and the cardholder's communication means are locate within the same cellular cell.

Optionally, the cardholder's communication means are provided with a GPS, and in such implementation the confirmation of transactions is preferably carried out by determining if the cellular communication means is located in the vicinity of the Point-of-Sale by checking if it resides within a circular area defined by the location of the Point-of-Sale and a predefined radius. One or more locations may be defined for the Point-of-Sale in order to confirm transactions carried out via wired and or wireless communication means.

Further confirmation of transactions may be carried out via the cellular communication means by transmitting a predetermined pressed key, or a sequence of pressed keys, which may be transmitted via a SMS.

The authentication of the transactions may further comprise the confirmation of a Transaction Code transmitted by the cellular communication means upon receipt of a request for the same. Preferably, the cellular communication means are provided with a new Transaction Code for the next transaction whenever a transaction is confirmed.

The preferred embodiment of the invention may utilize a predefined radius for confirming transaction by determining if the cellular communication means is located in the vicinity of the Point-of-Sale by checking if it resides within a radii defined by the location of the Point-of-Sale and said predefined radius.

The Point-of-Sale may be a computer terminal linked to a data network, or alternatively it may be a regular wired telephone or a cellular phone.

Optionally, several predefined locations of the Point-of-Sale can be used for confirming transactions.

Brief Description of the Drawings In the drawings: - Fig. 1 is a block diagram illustrating a typical process of credit-card transaction; - Fig. 2 is a block diagram illustrating a credit-card transaction according to a preferred embodiment of the invention; - Fig. 3 is a flowchart illustrating the authentication process according to the preferred embodiment of the invention ; - Figs. 4A and 4B are block diagrams illustrating preferred embodiments of the PU and PUD of the invention; - Fig, 5 is a block diagram illustrating a preferred embodiment of the invention based on cellular telephony; and - Fig. 6 is a flowchart illustrating a process for conforming credit-card transaction utilizing cellular telephony.

Detailed Description of Preferred Embodiments The present invention is directed to the authentication of credit-card payments. The invention provides means for authenticating the identity of cardholders and thereby provides cardholders increased protection from being impersonated by others who may have access to their credit-cards. The authentication of cardholders will of course also add protection to merchants from fraudulent transactions, assist in guaranteeing the payment for merchants and services charged via credit-card, and improve detection of fraudulent credit-card transactions.

In the preferred embodiment of the invention the cardholders are provided with a Personal Unit (PU) containing information identifying the cardholder and optionally, information of one or more credit-cards of the cardholder. The PU of the invention is capable of transmitting the identifying information (and optionally, credit-card information), upon receipt of a signal demanding said information. The demanding signal is preferably transmitted by a Personal Unit Detector (PUD) at the Point of Sale (POS), which is also capable of receiving the PU transmission. The authentication of the cardholder is carried out by determining if the information transmitted by the PU matches the information read from the card by a card-reader at the POS. It is important that the PU be always kept in the possession of the individual to whom it is coupled, and it should not be held separately from that individual or given to another.

Fig. 2 is a block diagram illustrating a preferred embodiment of the invention for authenticating individuals coupled with a Personal Unit (PU) 20. In a typical implementation of the invention the PU is used for validating credit- card transactions by authenticating the cardholder identity. The PU is <BR> <BR> preferably a small transceiver (e. g. , radio transceiver) that is used for transmitting signals including identifying information (ID) related to the individual to whom it is coupled. The transmission of the PU can be a short range transmission that will be received by the Personal Unit Detector (PUD) 25.

The PU 20 may be embedded in the identity card, or driving license of the cardholder. Alternatively, it may be integrated into any other device carried by the cardholder such as a watch or mobile phone, or even carried by the cardholder as an epidermal implant. In any case, the credit-card 13 (hereinafter the card) and the PU should be kept separately to prevent the access of unauthorized personals to both the PU and the credit-card.

The POS 18 is linked to the PUD 25 which is preferably located in the vicinity of the card-reader 10 or possibly integrated into the POS 18. The PUD 25 is a small transceiver that is used for transmitting triggering signals which are addressed to the PU 20 of the cardholder, and for retrieving PU-signals from PUs 20. A preferred process for authenticating cardholders is illustrated in the flow chart of Fig. 3 which will be now discussed in conjunction with Fig. 2. The process is initiated in step 30 wherein the card 13 is swiped through the card- reader 10 at the POS 18, whereby the POS 18 obtains the Card Information (CI) from the magnetic stripe of the card 13 for authenticating the cardholder's credit.

In step 31 the POS 18 contacts the Acquirer 15 and provides it with the CI for authenticating the cardholder. In this step the Acquirer 15 reads from its Database (DB) the cardholder's record containing details identifying the cardholder (hereinafter cardholder-ID) and other information that is used to authenticate the cardholder's credit and for obtaining information related to the PU-Triggering-Signal of the PU to be provided to the POS 18. In a preferred embodiment of the invention each PU 20 is activated upon receipt of a unique PU-Triggering-Signal (PTS) 21, which is used by the PUD 25 for triggering the PU 20 of the cardholder. The PTS 21 is transmitted by the PUD 25 in step 32, and upon receipt of said unique PTS 21 in step 33 the PU 20 of the cardholder is activated and transmits its PU-signal 22 which carries PU Identity information (PU-ID) related to the individual carrying it. Each PTS is associated with a particular PU which eliminates scenarios such as those in which a plurality of PU-signals 22 are transmitted concurrently by different PUs 20 being present in at the same time in the vicinity of a POS 18.

In the next step (34) the PUD 25 enters a wait state for the receipt of the PU- signal 22. If PU-signal 22 is not received within a predetermined period of time, the transaction is aborted in step 35 and the POS 18 provides the card- acceptor with a corresponding indication, typically via the POS 18 display unit. The PUD 25 may be optionally programmed to perform steps 32-34 for some predefined number of additional times in a loop (retry, indicated by a dashed line) until a PU-signal 22 is received or until said loop is exhausted.

If in step 34 the PUD 25 receives a PU-signal 22, in step 36 the PUD extracts the PU-ID carried by the PU-signal 22. In step 37 the cardholder is authenticated by checking if there is a match between the PU-identifier (PU- ID) and the cardholder-ID details. The authentication step 37 is preferably carried out by the Acquirer 15 by checking if there is a match between the PU- ID received by the PUD 25 and the cardholder-ID information maintained in the Acquirer's DB records. The Acquirer's DB records may include the PU-ID of each cardholder, such that the PU-ID check can be carried out simply by comparing the cardholder's PU-ID received by the PUD 25 and the PU-ID of the corresponding DB record. Alternatively, the cardholder-ID in the DB records may include a permutation and/or a one-way transformation (e. g., hash function) of the PU-ID, and in this case the authentication step should also include performing the required permutation and/or transformation before checking if there is a match. As will be discussed in details hereinafter, the authentication step 37 can be carried out in various ways via the PUD 25, the POS 18, or the Acquirer 15.

If it is determined in step 37 that the details of the cardholder-ID and the PU- ID do not match, the transaction is aborted in step 35. The authentication process may include some predefined number of additional retries in a loop (retry, indicated by a dashed line) until a matching PU-ID is received or until said loop is exhausted, in order to eliminate aborting a transaction in a situation in which the PU-signal transmitted from another PU to a nearby POS was received by the PUD.

If it is determined in step 37 that the details of the cardholder-ID and the PU- ID do match, the transaction is confirmed in step 38 and completed by the POS 18 by issuing a receipt including the transaction details, to be signed by the cardholder. The authentication step 37 is critical for the approval of each transaction, and the result of this step is used by the POS 18 and the Acquirer 15 to determine if the transaction can be carried out.

In a preferred embodiment of the invention the authentication step 37 is performed by the Acquirer 15 by providing it with the PU-ID obtained by the POS via the PUD 25 in step 36. The Acquirer 15 preferably maintains a DB including records of cardholder-IDs, PU-IDs, their matching PTS information, and possibly some additional information.

The communication between the POS 18 and the Acquirer 15 is preferably <BR> <BR> carried out over a secured communication channel (e. g. , SSL). Security may be enhanced by encrypting the secured information transferred between the Acquirer 15 and the PUD 25, for instance by utilizing public key cryptography.

In this way the PTS information can be delivered from the Acquirer 15 to the PUD 25 via the POS 18 in a concealed (encrypted) form to prevent exposure to eavesdropping attempts. Similarly, in such an implementation the PU-ID transferred from the PUD 25 to the Acquirer 15 via the POS 18 may also be encrypted by the PUD 25 prior to its transfer.

Obviously, the establishment of a secure channel and cryptographic key exchange requires carrying out steps which are not shown in Fig. 3, but which may be easily combined into this process by persons skilled in the art.

Accordingly, encryption and decryption steps should be added corresponding to each communication of concealed (encrypted) information.

It should be noted that secured communication between the PU 20 and the PUD 25 may be established by utilizing ciphered transmissions as used in encoded communication methods such as Phase Shift-Keying (PSK), spread spectrum communication (e. g. , CDMA), and the like.

As was earlier discussed hereinabove, the authentication step 37 may be carried out by the POS 18 or by the PUD 25. For example, in such implementation the Acquirer may provide in step 31 the PUD 25 (via the POS 18) with the PTS information and the corresponding PU-ID maintained in its DB records. After receiving the PTS and PU-ID information, the PUD 25 transmits the PTS 21 in step 32, and if a corresponding PU-signal 22 is received in step 34 the PUD 25 extracts the PU-ID in step 36 and performs the authentication step 37. The results of the authentication step 37 are then transferred to the POS 18 and Acquirer 15 which will instruct the card- receiver to confirm or abort the transaction accordingly. Obviously, the PTS and PU-ID information are preferably transferred to the PUD 25 concealed in an encrypted form.

Similarly, the authentication step 37 can be carried out by the POS 18, however in such implementation it is preferable that secured information transferred between the PUD 25 and the POS 18, and between the Acquirer 15 and the POS 18, be carried out in a concealed manner to avoid exposure of PU-ID and PTS information. In this case the acquirer provides the POS 18 with the PTS and PU-ID information in step 31. The POS 18 transfers the PTS information to the PUD 25 for transmittal of the PTS 21 as shown in step 32. Upon receipt of a corresponding PU-signal 22 in steps 36, the PUD 25 provides the POS 18 the PU-ID obtained, which is then used for carrying out the authentication step. Of course, ciphering and deciphering steps should be performed whenever secured information is transferred in a concealed form between the POS 18 and the Acquirer 15, and between the PUD 25 and the POS 18.

The PUD 25 of the invention may be composed from a transceiver 45 (Fig. 4B) for transmitting PTSs 21 and receiving PU-signals 22, and an Interface 47 for interfacing between the PUD 25 and the POS 18. The PTS information for transmitting the PTS 21, the PU-signal 22 received by the PUD 25, and optionally any additional data, are transferred directly between the POS 18 and the PUD 25 via the Interface 47, and any further processing required for these operations is preferably carried out by the POS 18. However, in a preferred embodiment of the invention the PUD 25 also requires computational capabilities, and therefore a CPU 46 and a Memory 48 are also required as shown in Fig. 4B.

The interface 47 should be realized to suit the specific implementation in which the PUD 25 is utilized. For example, in Internet-based e-commerce applications the Interface 47 should provide the PUD 25 the capability to communicate with a PC (e. g. , UART), and in telephony applications it should be able to communicate with the POS 18 over the communication channel that is being used (e. g. , modem).

A preferred embodiment of the PU 20 is illustrated in Fig. 4A. Transceiver 40 is used for transmitting PTSs 21, receiving PU-signals 22, and other optional signals as will be discussed herein below. The PU-ID, operation code (software), and any other information which may be required for PU 20 operation are stored in the Memory 41. A small power source (not shown) is also required in the PU 20, if an external power source is not available.

The CPU 43 may be used for carrying out a variety of tasks including identifying PTS transmissions cryptographic operations, and authentication if the implementation so permits. In one such implementation the POS 18 provides the PUD 25 with the PTS and PU-ID information of the cardholder, as obtained from the Acquirer, and the authentication step is performed by the PU 20 by comparing the PU-ID transmitted by the PUD 25 to the PU-ID stored in Memory 41. In such implementation the communication between the PUD 25 and the PU 20 can include several steps including a step of activating the PU by transmittal of the respective PTS 21, receipt of an activation signal from the PU 20 acknowledging its activation, transmittal of PU-ID and any other information which may be required by the PU 20 for carrying out the authentication step 37, and transmittal of authentication results from the PU 25. Communication of secure information is preferably performed in a concealed form.

The PU 20 may optionally also include a Keypad 42 including one or more keys, which may be used for introducing additional conditions for completing the authentication. For instance, the cardholder may be required to enter a Personal Identification Number (PIN) for conditioning the transaction confirmation. In such an implementation the cardholder's PIN should be stored in the PU Memory 41 for carrying out this further authentication, or alternatively, the PU 20 may transmit the PIN entered by the cardholder for carrying out this further authentication at the POS 18 or at the Acquirer 15.

The security of the authentication process can be further improved by introducing a verification step in which a Transaction Code (TC) is checked for conditioning transaction confirmation. The TC should be stored in the PU Memory 41 and maintained in the corresponding record of the cardholder at the Acquirer 15. In this case the TC is also transmitted by the PU Transmitter 45 after it is activated by the PTS 21. The PUD 25 forwards the Acquirer 15 the TC for verification via the POS 18, and if the authentication and verification are completed successfully confirming the transaction, the Acquirer provides the PUD 25 via the POS 18 with a new TC for the next transaction. This new TC is transmitted by the PUD 25 to the PU 20 where it is stored in Memory 41.

The authentication step may also include additional steps for improving the security of this process. For instance, the transmittal of the PU-signal may be <BR> <BR> conditioned by typing a certain key (e. g. , OK button) in Keypad 42, or a certain sequence of cardholder's PIN keys. The PU may include means for indicating (e. g. , audible and/or visual such as a speaker and/or a LED) to the user that the PTS was received and that a keypad key, or a sequence keys, should be pressed in order to transmit the PU-signal.

Alternatively, the authentication step may include a simplified process in which the POS 18 provides the PUD 25 with identifying information read from the card 13, and said information is transmitted to the PU 20 for confirmation.

In such an embodiment some or all of the information of the magnetic stripe of card 13 is also stored in the PU Memory 41. This embodiment of the invention may be used to allow off-line authentication of cardholders, namely, without requiring Acquirer intervention. In this case the information stored in the PU 20 includes also CI which is transmitted to the PUD 25 for authentication.

The off-line authentication may be carried out by the PU 20 and in this case the PUD transmits the CI read by the card-reader 10 to the PU 20, where it is checked if it matches with the CI stored in its memory. The PU 20 then issues a transmission to the PUD for confirming or aborting the transaction according to the authentication results.

The implementation of the off-line authentication may be based on determining the PTS for activating the PU 20 by the PUD 25. In this case the PTS of the PU is preferably generated utilizing the CI or the cardholder's identifying information, or their combination, read from the card by the card reader. In addition, the PU may be programmed to erase the CI upon receipt of such instructions form a PUD during an authentication process which in response will eliminate any further off-line authentications. In this way the authentication method of the invention may be implemented in an off-line- mode in which the authentication is based on the CI, and an on-line-mode in which the authentication is based on the Acquirer's DB records. These operation modes can be utilized to establish a two stage integration process which includes an initiation period, in the first step, in which the PU is mainly used in the off-line-mode, and after expiration of the initiation period, erasing the IC information stored in the PU memory 41 and performing only on-line- mode authentications.

The invention may be used to authenticate cardholders in various applications as will be described hereinafter. The Issuer 17 may use PUDs 25 at point of service locations for authenticating the cardholders requesting different services. For example, PUDs can be used in self service locations to guarantee that only cardholders who were authenticated via their PUs can enter and approach such locations and services. Typically, the authentication should include swiping cards 13 in a card reader linked to a PUD. Similarly, PUDs may be also used to authenticate cardholders by tellers in banks or other service points, and by Automated Teller Machines (ATM). <BR> <BR> <P>The invention may be also used in online (e. g. , e-commerce, wireless commerce) transactions to secure transactions and allow issuers, merchants and consumers to conduct business online with security and confidence. In this case the POS 18 may be any Personal Computer (PC) linked to a PUD 25 (e. g., USB), that can be used for carrying out Internet-based e-commerce credit-card transactions once the cardholder is authenticated, while protecting the transactions from fraud.

Similarly, the invention can be used to authenticate transactions carried out via telephones in which the credit-card number is typed on the phone keypad by the cardholder. In such an implementation the telephone should be equipped with a PUD for authenticating the cardholder. The PTS, PU-ID, and any additional information which may be required are transferred between the PUD and the POS over the telephone line utilizing state of the art <BR> <BR> methods (e. g. , DTMF). Alternatively, the PU may be equipped with a<BR> transducer (e. g. , piezoelectric) for transmitting over the telephone line the PU- signal in the form of a sonic or ultrasonic transmission. In this case the PUD is located at the POS and is adapted to receive such sonic or ultrasonic transmissions and extract the PU-ID included therein.

It should be noted that the PU of the invention may be used to authenticate numerous credit-cards issued by one or more issuers to the same cardholder.

Of course, if the PU should include credit-card information, than it should include the information of each credit card that was issued to a cardholder.

According to another preferred embodiment of the invention the PUs of a group of individuals may be able to authenticate one or more cards. Such definitions are preferably implemented by the Acquirerl5 by associating DB records of a group of individuals with a certain card.

The PU and the PUD of the invention may be designed to transmit and/or receive information utilizing different transmission methods. In particular, <BR> <BR> PUs belonging to a group of cardholders (e. g. , belonging to a specific issuer) may be designed to communicate utilizing a specific communication method <BR> <BR> (e. g. , CDMA) In this case the PUD should be capable of transmitting/receiving information utilizing the various communication methods that are used.

The PU and the PUD of the invention may be implemented utilizing Bluetooth technology or Wi-Fi technology, and in this case the PU of the invention may be integrated into devices that are equipped with means based on such <BR> <BR> technologies (e. g. , mobile phones, PDAs, laptops, and the like). This embodiment of the invention simplifies the PU implementations by utilizing communication means available via such devices. The integration of the PU into such devices may be realized by the addition of one or more software modules and preferably does not include the addition of hardware.

As was discussed herein before, the PU of the invention may be embedded into a mobile phone carried by the cardholder. In this embodiment of the invention the identifying information contained in the PU may be transferred to the Acquirer via the telephony infrastructures (e. g. , cellular networks). In this way an additional layer of security may be added by confirming that the identifying information is received via the cardholder's mobile phone.

According to another preferred embodiment of the invention the operations performed by the PU and PUD is carried out utilizing cellular telephony, as shown in Figs. 5 and 6. In this embodiment the authentication process is initiated in step 60 by the reading of the details of the credit-card 13 via the card reader 10. After reading the card 13 details, in step 61 the POS 18 contacts the Acquirer 15 (e. g. , via modem) and provides the Acquirer 15 with details of the Card 13 and of the POS 18. In step 62 the Acquirer enquire its BD records and extracts the location of POS 18 and details pertaining to the Cardholder's cellular phone 52 (e. g. , service provider, phone number).

The details pertaining to the Cardholder's cellular phone are used in step 63 by the Acquirer 15 to enquire at the respective Cellular Network 51 for the location of the Cardholder's cellular phone 52. In the authentication step 64 the Acquirer 15 checks if the phone 52 is located in the vicinity of the POS 18 at the time of the transaction. This step may be carried our, for instance, by comparing the location of the POS 18 with the location of the Cardholder's phone 52 and determines whether said POS and phone are located within the same cellular cell 53.

If it is determined in step 64 that the Cardholder's cellular phone 52 is not located in the vicinity of the POS 18, the transaction is aborted in step 65. The Acquirer 15 may send corresponding indications to the POS 18, and also to the phone 52. If it is determined in step 64 that the Cardholder's cellular phone 52 is located in the vicinity of the POS 18, the transaction is confirmed in step 67, and the Acquirer 15 provides a corresponding indication to the POS 18, and possibly also to the phone 52.

The security may be further enhanced by carrying out step 66, before the transaction is confirmed, wherein the Cardholder's confirmation is requested via the cellular phone 52. This step may be carried out by sending the phone 52 a message (e. g. , SMS-Short Message Service) including details of the transaction to be confirmed. In order to confirm the transaction the Cardholder is then required to press a key or a combination of keys (e. g., PIN) on the keypad of phone 52. The Acquirer 15 is provided with the pressed <BR> <BR> key (s) via the Cellular Network 51 (e. g. , via SMS) and completes the authentication of the cardholder accordingly. Namely, if the pressed key (s) which were received match those expected to be received from the respective Cardholder, the transaction is confirmed in step 67, otherwise it is aborted in step 65.

Additional security may be obtained by utilizing a TC to be transmitted to the Acquirer 15 by the phone 52 upon receipt of a request. If the TC received match the TC for the current transaction as reflected by the Cardholder's DB record at the Acquirer 15, the transaction is confirmed and the Cardholder's DB record and phone 52 (via network 51) are then updated with a new TC for the next transaction. <BR> <BR> <P>It should be noted that although, the location of a mobile station (i. e. , cellular phone) in Cellular Networks 51 is typically determined in terms of Cellular Cells 53, this preferred embodiment of the invention may take advantage of more precise positioning technologies available nowadays via the cellular telephony services, or even utilizing GPS techniques.

If phone 52 is equipped with GPS poisoning, a more precise determination can <BR> <BR> be carried out by providing the Acquirer with precise location (e. g. , spatial or geographic definition such as the two dimensional coordinates) of the POS and of the phone 52. The confirmation in this case preferably includes a predefined radius for determining that the Cardholder's phone 52 is located in the vicinity <BR> <BR> of the POS 18, e. g. , by checking if the pone 52 is located within the radii defined by said radius and the POS location. Of course, if the GPS system of <BR> <BR> the phone 52 malfunctions (e. g. , there is no communication with the GPS satellites), the authentication step can proceed according to the cellular cell 53 in which the phone 52 is located.

This authentication method can be also employed in Internet-based e- commerce implementations and/or in transactions carried out via the telephone. In the case of Internet-based e-commerce the location of the POS should be defined to be the computer terminal from which the transaction is performed, and for telephony transactions the POS location should be defined to be the location of the cardholder's telephone. In addition, to allow more flexibility for transaction carried out utilizing cellular/wireless communication <BR> <BR> means, it may be preferable to define one or more locations (e. g. , house, work,<BR> etc. ) in which the transaction can be confirmed.

It should be noted that the cardholders'authentication according to the present invention can be implemented with the credit card systems that are currently in use. These systems should be modified by providing the POSs with a PUDs, the cardholders with PUs, and updating the Acquirers'DBs with the pertinent information for carrying out the authentication of the invention.

The above examples and description have of course been provided only for the purpose of illustration, and are not intended to limit the invention in any way.

As will be appreciated by the skilled person, the invention can be carried out in a great variety of ways, employing techniques different from those described above, all without exceeding the scope of the invention. For example, the functionality of the Acquirer, the Bank, and/or the Issuers may be implemented by a single entity (e. g. , the Bank).