A transaction is conducted by a user. Confirmation element data and a corresponding confirmation element identifier are generated for the transaction. The confirmation element data and an authorization response message for the transaction are then associated by the confirmation element identifier. The confirmation element data and the confirmation element identifier are sent to a mobile device of the user. The user enters a user personal identifier at the mobile device, which generates modified confirmation element data comprising the user personal identifier. The modified confirmation element data is sent with the authorization response message to a processing entity.