DESCRIPTION
A METHOD TO CARRY OUT ECONOMIC TRANSACTIONS THROUGH A TELECOMMUNICATIONS NETWORK.
OBJECT OF THE INVENTION.
This invention refers, as the title suggests, to a method to carry out economic transactions through a telecommunications network and whose aim is to prevent the fraudulent use by third parties of the identification codes assigned to any of the users by an issuing entity, whether this be financial or credit.
BACKGROUND OF THE INVENTION.
It is a well-known fact that nowadays the possibility exists of carrying out economic operations through telecommunications networks, either from a computer terminal or from a telephony terminal .
Currently to carry out this type of operation, the user must provide a series of identification data, generally the credit card number or current account number, and these are used by the provider to carry out the relative charge or deposit. In addition, in operating procedures with financial entities a user code is normally used to consult balances or order any type of account movement .
Carrying out these operations through a communications network has the disadvantage of transmitting the identification data mentioned, which can be intercepted in the network and used fraudulently by third parties or even by the actual provider.
Therefore, currently carrying out economic operations through open telecommunications networks does not give the users the necessary security and confidentiality with respect to transmitting their identification codes or data.
DESCRIPTION OF THE INVENTION
To solve the problem set out, a method to carry out economic transactions through a telecommunications network has been designed, being able to carry out these transactions between companies, between companies and individuals or with bank or credit entities .
This method includes the following steps or phase: a. Each user is assigned an identification code and/or a generic code by the issuing entity, which permits the identification of this issuing entity by any other issuing entity or organisation and the identification of the relative user only by his issuing entity and, optionally a password or access key to establish a secure connection through a telecommunication network, b. The generation by the user's issuing entity or by any other issuing entity or organisation of an operation code and/or individual transaction codes so as to identify the possible operation and/or transactions to be carried out, c. The handing over of the operation and/or transaction codes to the user, either directly or either through a third party (customer or supplier of the user) , d. The validation by the user of those codes that only correspond to the operation or transactions he wishes to authorise. e. The execution by the user's issuing entity of those operations and transactions authorised by the user by validating codes.
This method is applicable both to carrying out purchases on the Internet, and in brick and mortar business, telephone bookings or purchases, as well as carrying out transactions with banking and financial entities. The terms used respond to the following definitions:
OPERATION: Group of one or more transactions, managed simultaneously or during the same connection.
TRANSACTION: Each one of the payments, collections, corrections or movements of any other kind requested. ISSUING ENTITY: Entity through which the economic transactions are carried out. This may be a banking or financial entity, a telephony operator or a management centre that one or more of the above are attached to.
Several operating procedures are permitted in the invention method. A first case considers that an operation code and/or individual transaction codes can be generated by the user's issuing entity following notification to the issuing entity by the user, either directly or through a third party, of the possible operation and/or transactions to be carried out.
In this case the validation by the user of those codes corresponding to the operations or transactions he wishes to authorise, can be carried out by later safe connection of the user with the issuing entity.
It has also been foreseen that the validation of the codes corresponding to the operations or transactions to be authorised can be carried out by the user obtaining a validation code through a code management program provided by the issuing entity, after entering a password or access key into this identification code management program assigned to the user by the issuing entity, and the operation or transaction code to validate.
If the user uses a code management program to obtain validation codes he must give the issuing entity the validation codes provided by the code management program and obtained from those operation or transaction codes corresponding to the operations or transactions the user wishes to authorise. The user may hand over the validation codes by the issuing entity by any means, as these codes can only be
related to the relative operation codes by the issuing entity.
The validation, by the user, of the code assigned to a certain operation or transaction by means of a different validation code to the previous one and which is obtained through a specific code management program based on some fixed and other variable parameters, so that this validation code can be related unequivocally by the issuing entity to the relative operation or transaction code, permits authorising a certain transaction by means of a validation code, which does not include the user's identification data.
This code management program will be given to the user by the entity in charge of assigning the operation or transaction codes and carrying out the operations or transactions assigned to them once the respective validation codes have been received from the user.
The aforementioned code management program can be installed in a telephony terminal, in a computer terminal, in a card reader or in any other appliance equipped with the necessary hardware to be able to execute it.
In order for the code management program to be able to generate the validation code of a certain operation or transaction it will be necessary to enter a series of identification data, the password or access key provided by the issuing entity and the transaction or operation code to be validated, the aforementioned program carrying out, with its specific software, the calculation of the validation code corresponding to the operation or transaction code.
In a second operating procedure the invention method considers that the generation of operation codes by the user's issuing entity or by any other issuing entity or organisation and its delivery, on the user's or a third party's request, is carried out based on the prior identification of the user's generic code.
As the generic code mentioned only permits the identification of the user by his own issuing entity it is necessary to notify the user's issuing entity of those operation codes provided by other issuing entities or
5 organisation, for their later validation by the user
The aforementioned generic code provides other advantages such as the possibility of establishing a route to the user's issuing entity with it, as if it were his payment data, with the difference that this generic Q code only permits obtaining operation or transaction codes that must be validated or accepted later by the user in order to carry out the operations associated with them.
Therefore, this generic code has an essential 5 difference, with respect to the payment data or a customer or user. This is that it cannot be used to order an operation, but only to obtain operation codes, which will not become effective if the issuing entity does not receive their validation by the relative user. 0 τhe use or this generic code means that the operation or transaction code can be the same as that used by the card payment entities for their internal communication and that the procedure in question can be applied to any commercial transaction without modifying 5 the seller's collection terminals, either by purchases in brick and mortar businesses, telephone bookings or purchases or by Internet, as the user's generic code may coincide in its configuration, with those used to pay with card or payment against accounts related to normal Q mobile devices today.
In a user's operating procedure with his bank, the generic code can be presented to a third party for him to order a collection or payment against the user's account, the user authorising this collection or payment by means