This invention uses separate, parallel communication channels to authorise
and authenticate a transaction. A primary data channel (PSTN, radio or
the like) is used to communicate between the merchant terminal and the
bank, and a parallel data channel (a mobile phone network for instance)
is used for the authentication process. In the example, the transaction
is initiated (on a primary data channel), using a POS terminal as a
transaction processing client. The transaction processing server and
financial services provider fulfill their normal functions. At this
point, the process loops into a transaction authorisation component using
the parallel data channel, that requires authentication of the
transaction initiator (the card holder). In the example, communications
on the parallel data channel are by way of SMS. In the authorisation
process, the card holder receives an SMS requesting authorisation of the
transaction. If the card holder is not the transaction initiator, the
card holder can cancel the transaction. If the transaction can be
authorised, an authentication process is initiated in which the mobile
phone is programmed to require the entry of a normally secret code (such
as a personal identification number (PIN)) that serves to authenticate
the card holder and to give final authorisation of the transaction.