An
authentication arrangement for use in a network
payment system for transacting a sale of merchandise over a network using an
Integrated Circuit Card is described, the arrangement comprising: a merchant
server in communication with said network, said merchant
server having at least a first item of merchandise for sale; a
client terminal in communication with said network, said
client terminal having an
output device for reviewing said first item for sale, and an
input device for initiating a purchase transaction to purchase said first item for sale, said
client terminal being arranged to build a purchase message using information relating to a merchant identifier and
financial transaction information obtained from said merchant
server; a
card reader for communicating with said
Integrated Circuit Card, said client terminal having means to generate a challenge message, said challenge message being generated from the information relating to the merchant identifier and an account number, means for receiving the challenge message at the
card reader and for generating a value from the challenge message; said
Integrated Circuit Card having means for generating a cryptographic message from at least a part of said value, the
card reader having means to generate an
authentication token from at least a part of the cryptographic message, and said client terminal having means for transmitting at least part of the
authentication token in a message for transmission via the network.