Abstract: A system for privacy management of customer data is provided. The system includes a data store, a plurality of applications, a central broker and a distributed component. The data store maintains customer privacy data used by the applications. The central broker provides the applications with customer data and manages the customer privacy data according to a set of rules regarding access to the customer privacy data. The distributed component is distributed from the central broker and is operable to communicate with the central broker to obtain at least some of the customer data. The distributed component provides at least some of the customer privacy data to the applications according to the set of rules regarding access to the customer privacy data.

Abstract: Embodiments of a portable wagering game machine and a stationary wagering game machine are described herein. In one embodiment, a plurality of portable wagering game machines are associated with a stationary wagering game machine. Group wagering game data is displayed on the stationary wagering game machine. The group wagering game data includes wagering content for viewing by multiple players. At each of the plurality of portable wagering game machines, individual wagering game data is displayed. The individual wagering game data and the group wagering game data relate to a wagering game.

Abstract: Computer-implemented system and methods for authenticating the identity of a person, for example a customer (1) of an E-Commerce web site (15). The web site or other verification “client” (110) contacts a verification engine (10, 100) (“Authentex”), which may be implemented as a web server (604). The verification engine (10), in turn, has limited access to a plurality of independent, third-party secure databases (21, 112) which are maintained by Trusted Validators (3, 610, 620, etc), which are entities such as banks that have a pre-existing relationship with customer (FIG. 4), and due to that relationship, acquire and maintain “out-of-wallet” data (4) that may be useful to authenticate the identity of the customer. That confidential customer data—held by the third-party “Trusted Validators”—is not disclosed.

Abstract: The Gaming System With End User Feedback enables a reverse path feedback architecture wherein the forward path multicasted gaming content transmitted by a gaming site can be dynamically modified as a result of end user interaction or feedback, wherein each end user has a private bidirectional link to the gaming site to enter their moves, optionally receive private data from the gaming site to enable the end user's device to display private data that is hidden from the other players, and to communicate privately with another member or members of a sub-group.

Abstract: In order appropriately to prevent leakage of an authentication symbol string such as a credit card number, and for it to be possible for a user to be authenticated as a legitimate user: an ID issuance server 20 receives the first eight digits of the credit card number from a portable telephone device 10 of the user and issues a one-time ID to the portable telephone device 10; a service provision server 30 receives the last eight digits of the credit card number and the one-time ID from a PC 11, and transmits the one-time ID and those last eight digits to a number construction and authentication processing server 40; and the number construction and authentication processing server 40 receives the one-time ID and the last eight digits from the service provision server 30, communicates with the ID issuance server 20 and acquires the first eight digits which correspond to the one-time ID, reconstructs the credit card number, and performs authentication with the credit card number.

Abstract: Methods and systems for providing integrated mobile/server applications are provided. An application may be received at a server from a third party. A request for information may be received at the server from a user's device and a token that identifies a user on the user's device, wherein the request and the token were transmitted by the user's device. It may be determined, by the server, that the user is authorized to make a request of the application. A response to the request using the application may be generated using the application. Accounting may be performed by the server so that the user can be billed according to a billing preference of the third party.

Abstract: Fraud and identity theft are enabled by two faulty assumptions about the way that the identity of a person is verified in our society. The first is that someone who demonstrates knowledge of certain items of personal or financial information about a particular person is presumed to be that person. The second assumption, which gives rise to the first assumption, is that these items of information can be kept confidential. Because fraudsters and identity thieves often seek to use their victim's personal and financial information, this invention proposes a direct authentication system and method that does not depend on these assumptions. The proposed method enables businesses to determine whether the customer is truly the person who he says he is by adopting a new “two-factor” authentication technique and authenticating customer's identity utilizing customer's trusted authenticator.

Abstract: Exemplary embodiment of the present invention would provide systems, including Internet-based systems, and computer-implemented methods, for providing online Buyers and Sellers who physically transact an exchange of an item at a local meeting place, indicia of confirmation of the exchange on which to base a background online payment. In particular, exemplary embodiments of the present invention would provide a way for Buyers and/or Sellers to input an identifier for online authentication to confirm that a physical exchange of an item sold had been transacted and that would accordingly provide an online system with a basis to charge the relevant Buyer's account for a sale amount and pay the Seller for the item sold.

Abstract: A method and system is provided by a Central-Entity, for identification and authorization of users over a communication network such as Internet. Central-Entity centralizes users personal and financial information in a secure environment in order to prevent the distribution of user's information in e-commerce. This information is then used to create digital identity for the users. The digital identity of each user is dynamic, non predictable and time dependable, because it is a combination of user name and a dynamic, non predictable and time dependable secure code that will be provided to the user for his identification. The user will provide his digital identity to an External-Entity such as merchant or service provider. The External-Entity is dependent on Central-Entity to identify the user based on the digital identity given by the user. The External-Entity forwards user's digital identity to the Central-Entity for identification and authentication of the user and the transaction.

Abstract: A framework for maintenance, repair and overhaul business management includes a first layer identifying business areas in an MRO business, a second layer identifying one or more processes within each business area and a third layer identifying one or more sub-processes within each process wherein the business area include flight operations management, maintenance execution, maintenance management, engineering and maintenance support, material management, product development, enterprise management, strategic management, and demand generation.

Abstract: Herein is described a tokenless biometric method for processing electronic transmissions, using at least one user biometric sample, an electronic identicator and an electronic rule module clearinghouse. The steps for processing of the electronic transmissions comprise of a user registration step, wherein a user registers with an electronic identicator at least one registration biometric sample taken directly from the person of the user. A formation of a rule module customized to the user in a rule module clearinghouse, wherein at least one pattern data of a user is associated with at least one execution command of the user. A user identification step, wherein the electronic identicator compares a bid biometric sample taken directly from the person of the user with at least one previously registered biometric sample for producing either a successful or failed identification of the user.

Abstract: A random number generating algorithm is seeded with an unpredictable number. The seed value is computed by subjecting variable data to a Secure Hashing Algorithm, and truncating the right most, or left most, 16 bytes from the message digest generated. The algorithm generates the unpredictable number by using the seed value as a counter value in the random number generator, and performing a data encryption standard operation. In one exemplary embodiment, the unpredictable number is modified to a predetermined maximum unpredictable number value as determined by the sender and receiver of the unpredictable number.

Abstract: Parties involved in a transaction in an E-marketplace identify characteristics of a transaction that they are willing to accept and/or that they can provide. To do this, an attribute certificate is created for each party that contains the attributes of a buyer, seller, or third-party participant who will be transacting business in the particular E-marketplace. The attributes pertain to specifics of the transaction. The party submitting the attribute also identifies alternative conditions which, if they exist would be acceptable for conducting the transaction. Once these criteria, in the form of the attribute certificates, are received by the E-marketplace, the E-marketplace verifies the attributes. A server in the E-marketplace is configured to determine various combinations of participants that can match the deal criteria. In this manner, the E-marketplace “choreographs” the transaction to meet the needs of all.

Abstract: A system and method facilitates purchase transactions over a computer network, including the purchase of electronically storable items. The embodiments herein encrypt “customer information” in an encryption stream and cause the encryption stream to be transferred from the customer to a merchant in the purchase transaction. A verification entity receives the encryption stream which is sent by the merchant for identity verification and payment authorization. Then, the verification entity verifies the identifiers contained in the encryption stream and transfers an identity verification and payment authorization from the verification entity to the merchant. The encryption stream or unique transaction identifier can be added, by the merchant, to a purchased electronic item to create a personalized electronic item.

Abstract: Peculiar identification information to identify a recording medium itself is recorded onto the recording medium on which contents information as a target of a reproduction deadline management is recorded. At least the identification information recorded on the recording medium as mentioned above is read by a terminal apparatus and transmitted to a server apparatus. In the server apparatus, a reproduction possible deadline of the contents information recorded on the recording medium is managed on the basis of reproduction possible deadline information indicative of the reproduction possible deadline regarding the contents information recorded on the recording medium on the basis of at least the identification information. Thus, when the reproduction deadline of the contents recorded on the recording medium is managed, the operation for allowing the server apparatus side to set registration information such as personal information or the like of the user as in the conventional system is unnecessary.

Abstract: A reputation server is coupled to multiple clients via a network. Each client has a security module that detects malware at the client. The security module computes a hygiene score based on detected malware. The security module provides the hygiene score and an identifier of a visited web site to a reputation server. The security module also provides identifiers of files encountered at specified web sites to the reputation server. The reputation server computes secondary hygiene scores for web sites based on the hygiene scores of the clients that visit the web sites. The reputation server further computes reputation scores for files based on the secondary hygiene scores of sites that host the files. The reputation server provides the reputation scores to the clients. A reputation score represents an assessment of whether the associated file is malicious.

Abstract: A method and system to verify the identity of a user are described. The system may include a communications module to receive a billing telephone number and a private data segment associated with a user; an address detector to obtain a street address associated with the user; a private data processor to obtain one or more identification records, utilizing the obtained street address and the private data segment; and a matching module to compare the one or more identification records with the private data segment associated with the user to generate a match result.

Abstract: A change management system coordinates information of a transaction tool managed by a transaction tool management system. The system includes a receiver that receives, over a communications network, activity information and/or lifecycle event information for the transaction tool. The system also includes a storage that stores the received information. Additionally, the system includes a processor that manages a change in a status of the transaction tool based on the received information.

Abstract: A system and method for servicing at least one lottery player while protecting an identity of the at least one lottery player. The system includes a server platform of a third party organization that facilitates the method. The method includes receiving a client request at the server platform via a communications network. The method further includes the third party organization obtaining at least one lottery ticket in response to the client request, and securely holding the at least one lottery ticket for the at least one lottery player specified in the client request. The method also includes the third party organization determining a status of the at least one lottery ticket via the server platform and the communications network. The method further includes the third party organization transforming the at least one lottery ticket into a monetary amount if a status of the at least one lottery ticket is or changes to a winning status.

Abstract: A Globally Unique IDentifier (GUID) is used to match an authorization request with an authorization response for a transaction between a merchant and a consumer upon an account within a payment processing system where the payment amount is unknown until after the merchant receives the authorization response that includes the GUID. After receiving the authorization response and when the payment amount is known, the merchant forms a transmission that has information for delivery to an issuer of the account. This information is sufficient for the issuer to forward the payment amount from the account to pay the merchant for the transaction. While including the GUID and the payment amount, the information does not include an identifier of the account.

Abstract: A method of authorizing a commercial transaction between a customer and a provider of goods or services over a network, wherein the provider of goods or services requests that the customer provide authentication by activating a fingerprint identification device, and the provider of goods or services receives at least an authentication code of the customer over the network from the fingerprint identification device, the method comprising the steps of: providing the customer with the fingerprint identification device which produces the authentication code when a fingerprint of the customer matches a stored fingerprint within the fingerprint identification device; receiving at least the authentication code from the provider of goods or services over the network; and authorizing the transaction if at least the authentication code is valid.

Abstract: A method for verifying a software application to a user of a device such as a mobile phone. The device receives (102) the software application, for example a Java ME MIDIet, and checks (104) a signature associated with the software application. Where the signature is recognized, the phone indicates (108) this status to the user, for example by displaying the familiar padlock icon. The mobile phone then establishes (110) a secure code known only to the user and a trusted entity, the entity being for example the manager of the Java ME environment. The device identifies (114) the software application to the trusted entity which then checks (116) the status of the software application. If the status is verified, the entity sends (118) the status to the device; which in turn indicates (120) the secure code to the user, for example as an additional displayed number, pictogram or the like.

Abstract: Online ordering systems allow a user to submit sensitive information such as payment card information to a merchant in encrypted form. A payment card processor server may be used to provide the user's web browser with code for an encryption function, a cryptographic key, and a key identifier. The web browser may encrypt the payment card information by executing the encryption function and using the key. The encrypted payment card information may be supplied to the merchant over the internet. A key identifier that identifies which cryptographic key was used in encrypting the payment card information may be provided to the merchant without providing the merchant with access to the key. The merchant can forward the encrypted payment card information to the credit card processor server with the key identifier. The processor server can use the key identifier to obtain the key and decrypt the payment card information for authorization.

Abstract: A method of securely processing a transaction includes storing a plurality of encrypted financial transaction instrument identifiers in a memory wherein there is no decryption key for these stored in the memory and further wherein the encrypted financial transaction instrument identifiers are each associated with a mobile communications device. Receiving at a server a request to process a transaction, the request including an identification of a mobile communications device. Retrieving from the memory the encrypted financial transaction instrument identifier associated with the mobile communications device identified in the request. Transmitting the retrieved encrypted financial transaction instrument identifier to the mobile communications device. Receiving from the mobile communications device transaction data and using the received transaction data to effect a financial transaction.

Abstract: In embodiments of the present invention improved capabilities are described for identifying a classification scheme associated with product attributes of a grouping of products of an entity, receiving a record of data relating to an item of a competitor to the entity, the classification of which is uncertain, receiving a dictionary of attributes associated with products, and assigning a product code to the item, based on probabilistic matching among the attributes in the classification scheme, the attributes in the dictionary of attributes and at least one known attribute of the item.

Abstract: Certain embodiments of the present invention provide systems and methods for managing medical information. Certain embodiments provide a local electronic medical record system including a local personal health record (PHR) client, the PHR client downloading encrypted patient documents from a remote PHR server and parsing the downloaded encrypted patient documents to form a local PHR database. The example system also includes an interface receiving user input including an encryption key to decrypt the downloaded encrypted patient documents and displaying patient medical information to the user based on the downloaded decrypted patient documents.

Abstract: Systems and methods have been developed for managing multiple catalogs of files on a network. The systems and methods may manage a catalog of files with rights for sale and a catalog of rights presented for free public use. The systems and methods may manage these multiple catalogs via determining when one file should be moved from one catalog into another. The systems and methods may manage rights presented in the files, including rights offered for sale, rights offered for free use, where the managing may include changing the classification of those rights based on data relating to the files. The systems and methods may provide the ability to a user to research whether rights in the file are for sale.

Abstract: Various embodiments of the invention provide a more secure financial transaction system for e-commerce sectors that (1) more securely processes payment transactions, (2) helps to protect merchants and banks against fraudulent transactions, money laundering, and underage gambling, and (3) helps to limit other abuses in areas of e-commerce that are perceived to pose special risks, such as Internet gaming, travel, and consumer purchasing of electronic goods. To accomplish the above goals, various embodiments of the financial transaction system (1) establish operating and transaction processing protocols for merchants, Internet payment service providers, acquiring banks, and card schemes and (2) provide automated systems for monitoring and securely processing payment and financial transactions.

Abstract: An embodiment of the invention includes a secure server. A user at a terminal, communicatively coupled to the secure server by a secure link, can obtain web pages from web sites in a network, in encrypted form, via the secure link. Addresses associated with the web pages are altered to make it appear as if the web pages come from the secure server rather than from the web sites. Spoofing units may be used as alternative access points to the secure server, with the secure server sending the requested web pages directly to the terminal. In general, address rewriting and other manipulation can be performed on the requested web pages, such that the true sources of the web pages are disguised and such that subsequent communications from the terminal are directed to the secure server and/or spoofing unit, rather than to the true source of the web pages. Components of the user's privacy may be sold, or advertisements may be provided, in exchange for protection of the user's identity.

Abstract: Provided are a method and system for providing services based on authentication of college students. According to the present invention, a verification code is transmitted to an email account that is provided by a college, a college student who inputs the same verification code is authenticated, and the authenticated college student provides the services including an essay providing service or an essay review service, based on the verified identity of the college student.

Abstract: A secure protocol for transactions, such as electronic commerce transactions, is described that provides improved security through exploiting an independent (where this independence is logical and/or physical) communication path (e.g., between a customer and a back-end financial institution), ensuring that key financial information remains within the back-end financial institutions themselves. Hence, this protocol directly reduces cyber-crime risks through improvements to transaction security. In addition, various implementations of the secure protocol provide non-repudiation for one or more of the entities involved in the transaction.

Abstract: A system and method for method for implementing a discounted printing is disclosed. In one embodiment, a method for implementing discounted printing includes creating a sponsored document including a digital signature using a cryptographic protocol provided in an application by an enterprise, sending the sponsored document including the digital signature to a client computing system including a sponsored printer for printing by the enterprise, dynamically verifying the digital signature by a trusted service provider upon the enterprise sending the sponsored document to the sponsored printer, and printing the sponsored document by the sponsored printer upon a successful verification of the digital signature. The method may also include crediting an end user associated with the sponsored printer by an amount that substantially subsidizes cost associated with the printing of the sponsored document.

Abstract: A method and apparatus for processing credit card transactions over the Internet includes an application program interface (API) that converts a simple ASCII transaction message from the merchant to the message spec required by the transaction processor. The API also encrypts the transaction message so that the transaction is secure over the Internet and manages the message traffic between the merchant and transaction processor. In a second preferred embodiment, a merchant sends a simple ASCII transaction message via a SSL (secure sockets layer) Internet connection. In preferred embodiments, redundant connections are set up between the merchant and the transaction processor, allowing a transaction to continue being processed if one of the connections fails.

Abstract: A system and method for verifying the existence of a deposit account, such as a checking account, are provided. The system and method may also be used to determine whether the deposit account is configured to receive automatic transactions for withdrawal. For example, a lender may extend an offer of credit to a borrower where payments of principal and interest are to be made by automatic withdrawals. Prior to transferring the principal, the lender verifies the existence and configuration of the borrower's deposit account by charging a fee to establish the line of credit and retrieving the fee by automatic withdrawal. Once the transaction clears and the lender receives the fee, the lender is assured that the account does exist and is configured to receive automatic transactions. Two exemplary methods of retrieving the fee are electronic funds transfer and remote creation of a paper negotiable instrument.

Abstract: Computer-implemented system and methods for authenticating the identity of a person, for example a customer (1) of an E-Commerce web site (15). The web site or other verification “client” (110) contacts a verification engine (10, 100) (“Authentex”), which may be implemented as a web server (604). The verification engine (10), in turn, has limited access to a plurality of independent, third-party secure databases (21, 112) which are maintained by Trusted Validators (3, 610, 620, etc), which are entities such as banks that have a pre-existing relationship with customer (FIG. 4), and due to that relationship, acquire and maintain “out-of-wallet” data (4) that may be useful to authenticate the identity of the customer. That confidential customer data—held by the third-party “Trusted Validators”—is not disclosed.

Abstract: A system and method for conducting verifiably correct auctions that preserves the secrecy of the bids while providing for verifiable correctness and trustworthiness of the auction is disclosed. Some of the elements of the method and apparatus are that the auction operator accepts all bids submitted and follows the published rules of the auction. In one embodiment, the bids are maintained secret from the auctioneer and all bidders until the auction closes and no bidder is able to change or repudiate her bid. In another embodiment, the auction operator computes the auction results and publishes proofs of the results' correctness. In yet another embodiment, any party can check these proofs of correctness via publicly verifiable computations on encrypted bids.

Abstract: A bank (or merchant) hosts and operates an online money transfer service (or “portal”). A sender logs into the portal and enters payment card and money transfer details and then submits the transaction. An authentication window appears displaying the sender's transaction details and the sender is prompted to enter his or her password. Upon successful authentication, the bank seeks authorization from the card issuer. Upon successful authorization, the bank credits the recipient's local bank account or existing payment card. The recipient can also receive a check, a draft, a prepaid card or cash. The money transfer service is used both cross-border and domestic to effect person-to-person money transfer. The money transfer service uses the “Verified by Visa” authentication service and VisaNet for authorization. Messages over VisaNet are used to deliver funds to a recipient.

Abstract: Authenticating the identity and validating the profile of an individual who presents himself to another party as having a certain identity and corresponding profile data occurs during an Internet transaction. A trusted party gives a definitive answer regarding the authentication of identity and validity of profile data. The trusted party can be a financial institution that has an established relationship with the individual. For example, the financial institution can be a bank that issues a debit or credit card to the individual. The trusted party can also provide the profile data of the individual to the other party, rather than have the individual provide such data. The trusted party can also update the individual's profile data held by the other party when such data is no longer current.

Abstract: A reputation server is coupled to multiple clients. Each client has a security module that detects submissions of personally identifiable information (PII) from the client to a web site. The security module reports the identity of the web site and the type of submitted PII to the reputation server. The reputation server computes a reputation score for the web site based on the number and type of PII submissions to it. The reputation score represents an assessment of whether the web site is trustworthy. The reputation server provides the reputation scores for the web site to a client. The security module at the client evaluates the reputation score of the web site and optionally generates an alert advising the user not to submit PII to the web site because the site is untrustworthy.

Abstract: A random number generating algorithm is seeded with an unpredictable number. The seed value is computed by subjecting variable data to a Secure Hashing Algorithm, and truncating the right most, or left most, 16 bytes from the message digest generated. The algorithm generates the unpredictable number by using the seed value as a counter value in the random number generator, and performing a data encryption standard operation. In one exemplary embodiment, the unpredictable number is modified to a predetermined maximum unpredictable number value as determined by the sender and receiver of the unpredictable number.

Abstract: A mobile device includes an antenna and at least one control device coupled to the antenna. The at least one control device is selectively operable in a first mode and in a second mode. In the first mode, the at least one control device transmits a payment card account number via the antenna to a point of sale terminal. In the second mode, the at least one control device transmits a message to the point of sale terminal via the antenna to request that the point of sale terminal download transaction information to the mobile device.

Abstract: A payment authentication service authenticates the identity of a payer during online transactions. The authentication service of the present invention allows a card issuer to verify a cardholder's identity using a variety of authentication methods, such as the use of passwords. Also, the only system participant requiring a certificate is the issuing financial institution. One embodiment of the invention for authenticating the identity of a cardholder during an online transaction involves querying an access control server to determine if a cardholder is enrolled in the payment authentication service, requests a password from the cardholder, verifies the password, and notifies a merchant whether the cardholder's authenticity has been verified. In another aspect of the invention, a chip card and the authentication service independently generate cryptograms that must match in order for the service to verify that the correct chip card is being used by the cardholder.

Abstract: A buyer (110) wishes to use a payment instrument as part of an online commerce transaction with a seller (120) and it is desired to authenticate that the buyer (110) has authority to use the payment instrument. A separate authentication service (130) determines whether the buyer (110) has access to certain secret information without revealing the secret information to the seller (120). Access to the secret information would verify that the buyer (110) has authority to use the payment instrument. The authentication service (130) informs the seller (120) whether the buyer (110) is authorized to use the payment instrument.

Abstract: For an organization having a central station and a plurality of distributed outlets, each of the outlets having a cashier's terminal, each of the cashier's terminals coupled to a respective point-of-sale (POS) controller, a method of permitting a billee to pay an invoice issued by a biller is disclosed.

Abstract: Control system of an electronic instrument for metrological measurements, comprising an electronic local processing unit including a handling application of said instrument. The system includes a control application for said handling application, which can be associated with said local processing unit, said control application being suitable for generating a univocal certification code for the application.

Abstract: A network arrangement is provided for processing credit transactions. A financial network is used to route communications securely between interfaces with the financial network. Merchant systems are coupled with the interfaces, with each merchant system transmitting requests for authorization of credit transactions through the financial network. An issuer system authorizes credit transactions in response to receipt of requests that specify at least a credit account to be used to support a particular credit transaction and a transaction amount for the particular credit transaction. A guarantor system separate from the issuer system determines whether to guarantee credit transactions in response to the requests and transmits responses indicating whether specific credit transactions are to be guaranteed through the financial network to the merchant systems.

Abstract: An improved interactive network system is provided that allows the Network Operator to control the transfer of information to and from the network end users, the system preferably using triggers or markers embedded within the programming broadcast to users via the network. As a consequence of this system, the Network Operator is able to efficiently garner revenues from third parties transacting business over the network and to control the look and feel of programming offered to network users. Additionally the system can be used as a means of limiting network access, filtering programming, providing on-screen graphics or audible signals for particular programming types or providers, bookmarking programming, profiling network users, targeting advertising, and simplifying network transactions.

Abstract: A system and method for facilitating electronic transactions using an intelligent instrument is disclosed. An authorization server enables users to obtain authorization credentials through the use of the intelligent instrument by issuing a challenge to an intelligent token of the intelligent instrument. The intelligent token generates a challenge response and transmits the challenge response to the authorization server, which assembles credentials including a key for the electronic transaction upon validating the response. The authorization server sends the assembled credentials to the intelligent instrument and the intelligent instrument transmits the assembled credentials to the authorization server during a subsequent transaction. The authorization server validates the assembled credentials and provides authorization for the transaction in response to the validating the assembled credentials.

Abstract: In accordance with one embodiment, a method and apparatus for linking businesses to customers through a trusted source network includes creating and providing an authenticated rating and review/referral database. The authenticated rating and review/referral database is then used as a central hub to distribute authenticated ratings and reviews to various interested parties in one or more trusted source networks and/or through one or more portals linked to existing trusted source networks.

Abstract: An electronic commerce process that facilitates online transactions among multiple participants, that prevents consumer fraud due to pirated payment card numbers, with calculated risk, involving at least one trusted payment card host (3), where buyer's payment card number is registered and corresponding secret keys are set up. The buyer (1b) initiates an online transaction by selecting a host from a list of hosts that served by the seller's web server (2a). Then, the buyer participant (1a) sends an order online (4), SSL encrypted. The seller participant (2a) receives and decrypts the order, confirms the availability of ordered items, assigns an orderID to the order, and sends a response (5a), SSL encrypted, to the buyer participant (1a) with the assigned orderID. The buyer participant (1a) encrypts and notifies the selected host (3) of this order and orderID, and authorizes the payment (6a) using secret keys.