A secure data entry device includes an integrated imaging device (e.g. a digital camera) that captures at least one image of a user during a transaction which includes reading data from a payment instrument. The image is processed in order to generate a biometric pattern. The image may capture the user's face and the processing could involve applying a facial recognition algorithm, or alternatively the users finger or iris. The data entry device may be a personal identification number (PIN) entry device (PED), a contactless card reader with a near field communication controller (NFC), a magnetic stripe or chip reader, or a signature scanner, and can be part of an unattended or self-service sale terminal. The biometric pattern can be compared with a database of trusted patterns to authorise the payment, or stored in a database along with a payment account reference (PAR) to be accessible to a third party (e.g. a law enforcement agency) to track fraudulent use of the payment method or chargeback fraud by the authorised user.
