WO2003036576A2 - Method and system of additional securing of payment card payments - Google Patents

Method and system of additional securing of payment card payments

Info

Publication number
WO2003036576A2
WO2003036576A2 PCT/PL2002/000075 PL0200075W WO03036576A2 WO 2003036576 A2 WO2003036576 A2 WO 2003036576A2 PL 0200075 W PL0200075 W PL 0200075W WO 03036576 A2 WO03036576 A2 WO 03036576A2
Authority
WO
WIPO (PCT)
Prior art keywords
card
terminal
authorization
payment
transaction
Prior art date
Application number
PCT/PL2002/000075
Other languages
French (fr)
Other versions
WO2003036576A3 (en
WO2003036576B1 (en
Inventor
Wojciech Wojciechowski
Original Assignee
Wojciech Wojciechowski
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wojciech Wojciechowski filed Critical Wojciech Wojciechowski
Priority to EP02783868A priority Critical patent/EP1454305A2/en
Priority to AU2002347691A priority patent/AU2002347691A1/en
Publication of WO2003036576A2 publication Critical patent/WO2003036576A2/en
Publication of WO2003036576A3 publication Critical patent/WO2003036576A3/en
Publication of WO2003036576B1 publication Critical patent/WO2003036576B1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • G06Q20/425Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3224Transactions dependent on location of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4016Transaction verification involving fraud or risk level assessment in transaction processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/27Individual registration on entry or exit involving the use of a pass with central registration

Definitions

  • the subject of the invention is the method and system of additional securing of payments made with payment cards, complementing the known methods and systems of authorization of transactions made with payment cards.
  • the collective term "payment card” includes all types of cards enabling making transactions, debit cards and credit cards in particular. There are, generally speaking, two types of payments. The first one that requires a physical presence of the card in the payment system and the second one, in which such a presence is not required, it is enough only to provide some card-related information, such as e.g. its number and validity date.
  • a payment system is any system requesting an operation of debiting, immediately or at a certain moment in the future, the balance of the bank account related to the payment card in exchange for a service provided, goods delivered, etc.
  • the physical presence of the card in the payment system is ensured by the so called payment terminal, which is a part of the system.
  • Cash drawing via an automated telling machine is also considered to be a card payment, where the automated telling machine and the related banking system are examples of a payment system whereas the automated telling machine is an example of a payment terminal.
  • a local payment is an operation made without referring to an external system of payment authorization and most frequently consisting in checking locally whether it is possible to make the transaction using the information included in the card itself, for example, the information in magnetic strip or the electronic memory system built into the card. In that case, the information on the payment card account debit is transferred to the authorization center with certain delay.
  • An authorized payment is an operation referring to an external authorization system, also called card authorization center.
  • the payments are made without physical presence of the payment card in the payment terminal or in the card scanner, for example the transactions made via the Internet, it is necessary only to provide a few pieces of information related to the card, such as its number and validity date.
  • a connection with the authorization center can be made to check if, e.g. the card has not been stolen, or whether it is sill valid.
  • the system checks, according to specified criteria whether the transaction is permitted or not. Such information as for example the maximum cumulative amount of the payments made with the card or the balance of the bank account can also be checked. The payment will not be made if the authorization system does not permit it.
  • the authorization system can be provided by the bank that issued the payment card or by a unit established by the banks and working for the establishing banks, or by any specialized financial organizations.
  • the growth of the payment cards market is accompanied by increased number of crimes and frauds related to that type of payments. It results in significant financial losses and causes some distrust of customers concerning making payments with credit cards, which means that there is a considerable demand for additional systems and methods of securing such transactions.
  • the invention is to complement the known techniques of payments with payment cards, such as for example using PIN, that is elimination or at least considerable reduction of the number of crimes and frauds related to the use of payment cards and increased trust of the customers.
  • the method according to the invention provides that, before the transaction is made, the information about the card the transaction is based on is taken from the card information database, then an authorization question is asked and sent to the communication terminal assigned to the card. When the answer comes from the communication terminal, it is forwarded to card authorization center, and if there is no answer from the terminal, an automatic authorization answer is sent to card authorization center.
  • an identification question is sent to the communication terminal apart from the authorization question.
  • the identification answer received from the terminal is compared with the standard.
  • the positive authorization answer received from the terminal is forwarded to card authorization center only if the identification answer is compliant with the standard.
  • Another variation of the method according to the invention provides that, before the decision on sending an authorization question to the communication terminal it is checked on whether the transaction is to be made with the use of the payment terminal. Then, based on the data from information database on the transactions made with cards and on the information on the geographical position of payment terminal, the time-spatial distance from the previous transaction made via payment terminal with the same card is calculated. The calculated distance is compared with the standard and, depending on the result of the comparison, and possible additional rules, the transaction authorization is refused, or the authorization is granted automatically without any further questions, or the authorization question sent to the communication terminal is respectively modified.
  • Still another variation of the method according to the invention provides that the location of the localizable terminal assigned to the card of the transaction is additionally identified, and then the spatial distance between the payment terminal in which the transaction is made and the . localizable terminal is calculated. After the distance has been calculated, it is checked whether it is small enough and, depending on the result of the check and possible additional rules, the transaction authorization is refused, or the authorization is granted automatically without any further questions, or the authorization question sent to the communication terminal is respectively modified.
  • the method according to the invention can be complemented by a stage of sending to the communication terminal the information on the events related to the card assigned to that terminal.
  • the system according to the invention works with the basic card authorization center.
  • Each payment card serviced by the system is assigned at least one communication terminal.
  • the system contains card information database modifiable with a modification interface by the card information management system, authorization interface for communication with card authorization center, telecommunications interface providing for connection with the communication terminal and control & calculation module.
  • the communication between the communication terminal and the communication interface is implemented via a voice server.
  • the card information database contains standard identification answers of the users of the cards taken from communication terminals.
  • Next variation of the system according to the invention contains card information database on the transactions made with cards, an interface working as an intermediary in providing information on available payment terminals and their geographical position, a calculation module.
  • the module calculates the time- spatial distance of the current transaction from ihe previous transaction made with the same card via the payment terminal.
  • Another variation of the system according to the invention additionally contains a location module providing to the system the information on the location of the localizable terminal assigned to the card taking part in the authorized transaction.
  • the calculation module in this variation of the system also calculates the spatial distance between the payment terminal in which the transaction is made and the
  • the communication terminal and localizable terminal used in the system of the invention can be one device.
  • an information module providing to the communication terminal, via a communication interface, the information on the events related to the card to which the terminal is assigned.
  • Fig. 1 shows the block diagram of the system in its basic version.
  • Fig. 2 shows the block diagram of the basic system complemented by a module to detect irregularities and an information module.
  • Fig. 3 shows a flow chart illustrating activities taken to execute a method according to the invention.
  • Fig. 4 shows a flow chart illustrating operation of the basic authorization (BA).
  • Fig. 5 shows a flow chart illustrating operation of the irregularities detecting module (IDM).
  • Fig. 6 shows a flow chart illustrating operation of the information module (IM).
  • the present invention can make use of generally available telecommunications services, in particular voice transmission, automatic voice server, text messages transmission (SMS - Short Message Service), multimedia message transmission, electronic mail (e-mail) and "instant messaging".
  • the telecommunications services are accessible via a communication terminal which is held by the payment card user.
  • a mobile phone or, to a smaller extent, "pager” are typical examples of such terminals.
  • the invention also makes use of the' so called localizable terminals, that is the terminals whose geographical position can be located. Any portable device, independent or working with other devices enabling identification of geographical position at any selected moment can be a localizable terminal.
  • a mobile phone can be a typical example of a localizable terminal, since telephone network enables pretty precise identification of the current location of the mobile phone by using the information on the mobile phone or mobile phones in the network the range of which the given mobile phone is currently in.
  • the invention can also make use of PDA (Personal Digital Assistant) and specialized tracking devices.
  • Localizable terminals can also make use of various location technologies, both using the infrastructure of mobile telephone networks and the ones independents of such networks (e.g. GPS - "Global Positioning System") or mixed technologies (e.g. GPS supported by mobile telephone network).
  • a terminal can be at the same time a communication and a localizable terminal, thus becoming a universal terminal.
  • User preferences are a set of quantitative and/or qualitative features defining how the sen/ice of additional authorization is to be provided. For example, user preferences can define whether the given securing procedure is to be implemented or not (qualitative parameter) and the lowest amount from which the service of additional securing is to be provided (qualitative parameter).
  • the basic element of the system 1 is the control & calculation module 2.
  • the module is connected to the card information database 5.
  • the system 1 has three interface modules (8,9 and 11 ) enabling communication with external systems.
  • the communication interface 11 enables contact with the basic card authorization center 13 in order to receive authorization questions and send authorization answers.
  • the modification interface 8 it is possible to provide to the database 5 always updated payment card information coming from card information management system 15.
  • the database 5 depending on how extended the system 1 is, collects, for example, payment cards identifiers and identification numbers of communication, localizable or universal terminals related to those cards.
  • the database 5 also stores definitions on payment securing and related user preferences, as well as quantitative parameters of that service (for example the lowest amount from which the payment is to be controlled) and qualitative parameters of the elements of the service (for example, request for systematic refusal of authorization if the localizable terminal cannot be located).
  • Communication interface 9, via telecommunications systems 16 ⁇ . provides contact with the communication terminal.
  • the authorization center sends to control & calculation module 2 via interface 11 an authorization question.
  • the module retrieves from the database 5 the information related to the payment card for which additional securing is requested, and then the conditions triggering the procedure of additional authorization are checked. If the conditions are not met, for example, the amount of the transaction or the cumulative value of the amounts within a specified time period does not exceed a specified limit, then control & calculation module 2 sends back to authorization center 13 the answer with the automatic permit to make the operation. The answer is sent back via interface 11.
  • control & calculation module 2 identifies the communication terminal related to the payment card that the transaction authorization is related to. Depending on the capacity of the communication terminal and/or the description of the user preferences related to the given terminal, control & calculation module 2 tries to communicate with the holder of the terminal, using relevant communication technique.
  • voice communication is the communication technique
  • a component element of the system 1 is a voice server 17. The server then asks the user of the communication server for granting authorization for the planned payment.
  • Granting authorization by the user can be done in any way, depending on the capacities of the voice server. In the simplest case, it can be pressing by the user a selected key on the terminal: e.g. ⁇ 0> key to grant authorization and ⁇ 1> key to refuse it, or ⁇ 2> to refuse authorization and cause blocking the card thus making its further use impossible.
  • the answer is given by the user with voice, and the voice server 17 recognizes the answer by speech analysis. After the user answer has been obtained and recognized, the system 1 transfers it to the basic authorization center 13 which takes an adequate action, i.e. grants or refuses authorization for the requested payment.
  • control & calculation module 2 An important feature of the control & calculation module 2 is also the way of its operation in the case when it is not possible to obtain an answer from the terminal user.
  • Three potential reactions have been envisaged for such a situation, i.e. a systematic authorization refusal, systematic authorization granting and a choice between authorization refusal and granting.
  • the choice between authorization refusal and granting depending on a certain criterion, suc as for example the amount of the operation or the cumulative amount of payments in a specified period of time.
  • the decision on which of the three possible answers will be sent to card authorization center 13 is made by the operator of the security system or directly by the terminal user in the description of preferences.
  • other communication techniques for example multimedia messages, SMS or "instant messaging" can be used to obtain the user authorization answer.
  • control & calculation module 2 formulates and sends to the communication terminal also the question that is to identify the user.
  • the user has to provide the answer via the terminal and the answer is compared with the standard of that answer stored in the database 5.
  • the positive authorization answer is taken into consideration only if the user has correctly answered the identification question.
  • Exemplary identification questions include request for PIN related to the card or another number or text code.
  • Another version of the system 1 is additionally equipped with a calculating irregularity detecting module 3 (IDM - fig. 5), used to detect irregularities of authorization of payments requiring the use of a payment terminal.
  • the system 1 in this version also contains an information database on the previous transactions made with cards 6 and two additional module interfaces 7 and 10.
  • Interface 10 works as an intermediary in contacts with the payment terminals systems 12 managing the information on payment terminals, providing information on available payment terminals and their geographical positions.
  • the location interface 7 enables connections with location modules 14 providing the service of locating localizable terminals.
  • Irregularity detecting module 3 detects some illegal operations made with duplicated or forged cards, and its use can be conditional and depend on many factors, such as for example the amount of the payment to be made.
  • Operation of the irregularity detecting module 3 consists in knowing the geographical position of payment terminals and in the assumption that two subsequent payments made with the same card must take place within a time span big enough for the card holder to be able to move between the geographical positions in which the payment terminals u$ed to make the two subsequent payments are used. Based on the theoretical and/or empirical data, the standard (i.e. the smallest physically possible) time-spatial distance between the two payment terminals is calculated. Any request for additional authorization of the payment to be made with the payment terminal after confirming that the conditions of starting additional authorization are met (e.g. the amount of the operation exceeds the specified limit) is sent not directly to the control & calculation module 2 as was the case in the basic version of the system, but to irregularity detecting module 3.
  • the question sent from authorization center 13 additionally contains a payment terminal identifier.
  • Irregularity detecting module 3 retrieves from the database 6 information on the previous transaction made with the given card, that is the date and time of the payment and geographical position of the then used payment terminal. Then from the payment terminal system 12, via the interface 10 information on the geographical position of payment terminal that the additional authorized current payment is related to is retrieved. The information on the location of the payment terminal can be also included in the authorization question and then the payment terminal system 12 and the interface 10 are not used. After the necessary data have been retrieved, the time-spatial distance between the current payment operation and the previous operation related to the same card is calculated and compared with the standard distance.
  • the first of the possible reactions of the system can be triggering the basic procedure of additional authorization described above (BA - fig. 4), i.e. obtaining consent to or refusal of authorization from the user himself of the communication terminal related to the given card.
  • the user is informed about the detected irregularity.
  • the second possible reaction is direct forwarding to the basic authorization center 13 the information on the detected irregularity and on the necessity to refuse authorization for the current payment.
  • the third reaction of the system is direct forwarding to authorization center 13 the information on the necessity to block the card in order to prevent its further use..
  • the request for additional authorization can undergo the previously described basic procedure performed by control & calculate module 2.
  • the decision on performing the procedure or not can depend, for example, on the configuration of the system set by the operator, on the description of user preferences, on the amount of the payment and on the cumulative payment amount for the selected period.
  • the procedure is triggered if the planned transaction meets the specified conditions, for example, if the amount of the operation exceeds the specified limit.
  • the procedure consists in comparing the geographical position of the localizable terminal with the location of the payment terminal involved in the protected transaction. If the distance between the localizable terminal and the payment terminal is too big, it can be assumed that the payment card is probably used by another person. The comparison of the locations mentioned above can be done in two' ways.
  • the location system 14 provides to the system 1 the information on the current location of the selected localizable terminal, and the irregularity detecting module 3 compares the given location of the terminal with the location of payment terminal in which the transaction is being made.
  • irregularity detecting module 3 provides to the location system 14 the information on the location of the payment terminal, localizable terminal identifier and the qualitative parameters describing the rules of comparing locations. The comparison itself is made by the location system 14, which provides to the system 1 only the result of the comparison. If, as a result of the operations mentioned above, it turns out that the localizable terminal is not close to payment terminal, then the irregularity detecting module 3 considers the payment being authorized to be incorrect. The next part of the procedure is similar to the procedure of checking the time-spatial distance described above.
  • the system according to the invention can be also complemented by an information module 4 (IM - fig. 6).
  • Role of the module is to supply, one-way, information to the card user.
  • the one-way of sending information means that the system sends information to the user but does not expect any answer from the user.
  • Information module 4 enables providing the user with the information related to payments with the card, the information that the user did not obtain as a result of the communication with the other modules of the system described above.
  • that additional information can be information on the payment transaction made, information on payment refusal and information on detected irregularity.
  • Providing that information can depend on various criteria, for example, on the payment amount.
  • the information cari be provided to, for example, the communication terminal or to a specified ' electronic mail address.
  • the system of additional payment securing can be a separate system or it can operate as a part of the basic card authorization system. It can operate on the machines shared with other systems or it can have one or more machines for its exclusive use.
  • the system can be implemented on two Sun E240 type of machines working in high availability mode. Both machines communicate with each other via a multiplied local network Ethernet, via which the communication with the basic card authorization center 13 is also made.
  • the communication with the voice sever 17 of the telecommunications system 16 is done via the wide network of X25 type with multiplied connections.
  • the communication with the location modules 14 is based on a specialized protocol LIF (XML/HTTP).
  • the card information management systems 15 are information systems about the customers of the banks that offer payment cards. The systems provide information on the customers using the service of additional payment securing, on the scope of the service and the customer preferences, and the information can be obtained in the batch mode by transfer of files using FTP protocol.
  • the authorization interface 11 can be based both on local communication taking place within one machine and using the mechanisms of queues, shared memory or triggering procedures, and on any network communication protocol, for example TCP/IP or X25.
  • the communication interface 9 is based on the protocols offered by the operators of telecommunications systems 16 and depends on the type of the telecommunications service used. In particular, they can be ISDN, X25 or TCP/IP protocols.
  • a voice server 17 x the communication with the interface 9 can be performed in the way similar to the communication between interface 11 and aut orization center 13.
  • the location interface 7 is to identify the location of the localizable terminal when the system obtains from the authorization center 13 an authorization question and is based on the protocols offered by location systems. )n particular, they can be HTTP or TCP/IP protocols.
  • the modification interface 10 can be based on any type of local or network communication, just as in the case of the authorization interface 11 described above.
  • the information that are provided by the systems 12 could also be provided to system 1 together with the tasks of additional securing coming from authorization center 13. Then, from the point of view of the invention, the system of 12 type becomes identical with card authorization center 13, and the modification interface 10 becomes identical with the identification module 11.
  • the system according to the invention functionally has two databases 5 and 6, but in a concrete implementation those databases can belong to the same database, or each of them can be broken down into a number of various databases.
  • the software of the system can be in C/C++ and ProC languages, using Oracle database.

Abstract

In the system a payment card can be assigned a communication terminal which provides for connection with the user and which can be remotely located. Before the payment is made, at least one additional authorization question can be formulated and sent to the communication terminal and the decision on transaction processing is made based on the answer provided by the user of the terminal. It can be checked whether the current geographical location of the communication terminal is close enough to the geographical position of payment terminal, or whether it is feasible that the card holder can move from the previous payment terminal to the current one. In its basic version, the system contains an information database about the cards (5) modifiable via a modification interface (8) by the system of card information management, authorization interface (11) for communication with the card authorization center, telecommunications interface (9) providing connections with terminals and a control and calculation module (2). The system can also contain information database about the transactions made with cards (6), interface (10) working as an intermediary in providing information on available payment terminals and their geographical position, location module (14) providing the system with the information on terminal locations and calculation module (3) calculating the time-spatial distance of the current transaction from the previous transaction made with the same card via payment terminal or the spatial distance between the payment terminal in which the

Description

Method and System of Additional Securing of Payment Card Payments
Technical Field
The subject of the invention is the method and system of additional securing of payments made with payment cards, complementing the known methods and systems of authorization of transactions made with payment cards.
Background Art
The collective term "payment card" includes all types of cards enabling making transactions, debit cards and credit cards in particular. There are, generally speaking, two types of payments. The first one that requires a physical presence of the card in the payment system and the second one, in which such a presence is not required, it is enough only to provide some card-related information, such as e.g. its number and validity date. A payment system is any system requesting an operation of debiting, immediately or at a certain moment in the future, the balance of the bank account related to the payment card in exchange for a service provided, goods delivered, etc. The physical presence of the card in the payment system is ensured by the so called payment terminal, which is a part of the system. Cash drawing via an automated telling machine is also considered to be a card payment, where the automated telling machine and the related banking system are examples of a payment system whereas the automated telling machine is an example of a payment terminal. From the point of view of transaction security, there are two types of payment operations made with a payment card, that is local payments and authorized payment. A local payment is an operation made without referring to an external system of payment authorization and most frequently consisting in checking locally whether it is possible to make the transaction using the information included in the card itself, for example, the information in magnetic strip or the electronic memory system built into the card. In that case, the information on the payment card account debit is transferred to the authorization center with certain delay. An authorized payment is an operation referring to an external authorization system, also called card authorization center. If the payments are made without physical presence of the payment card in the payment terminal or in the card scanner, for example the transactions made via the Internet, it is necessary only to provide a few pieces of information related to the card, such as its number and validity date. A connection with the authorization center can be made to check if, e.g. the card has not been stolen, or whether it is sill valid. Upon authorization of transactions during which the card is physically present in the payment system, the system checks, according to specified criteria whether the transaction is permitted or not. Such information as for example the maximum cumulative amount of the payments made with the card or the balance of the bank account can also be checked. The payment will not be made if the authorization system does not permit it. The authorization system can be provided by the bank that issued the payment card or by a unit established by the banks and working for the establishing banks, or by any specialized financial organizations.
The growth of the payment cards market is accompanied by increased number of crimes and frauds related to that type of payments. It results in significant financial losses and causes some distrust of customers concerning making payments with credit cards, which means that there is a considerable demand for additional systems and methods of securing such transactions. The invention is to complement the known techniques of payments with payment cards, such as for example using PIN, that is elimination or at least considerable reduction of the number of crimes and frauds related to the use of payment cards and increased trust of the customers.
Disclosure of Invention
The method according to the invention provides that, before the transaction is made, the information about the card the transaction is based on is taken from the card information database, then an authorization question is asked and sent to the communication terminal assigned to the card. When the answer comes from the communication terminal, it is forwarded to card authorization center, and if there is no answer from the terminal, an automatic authorization answer is sent to card authorization center.
In variation of the method according to the invention, an identification question is sent to the communication terminal apart from the authorization question. The identification answer received from the terminal is compared with the standard. The positive authorization answer received from the terminal is forwarded to card authorization center only if the identification answer is compliant with the standard.
Another variation of the method according to the invention provides that, before the decision on sending an authorization question to the communication terminal it is checked on whether the transaction is to be made with the use of the payment terminal. Then, based on the data from information database on the transactions made with cards and on the information on the geographical position of payment terminal, the time-spatial distance from the previous transaction made via payment terminal with the same card is calculated. The calculated distance is compared with the standard and, depending on the result of the comparison, and possible additional rules, the transaction authorization is refused, or the authorization is granted automatically without any further questions, or the authorization question sent to the communication terminal is respectively modified.
Still another variation of the method according to the invention provides that the location of the localizable terminal assigned to the card of the transaction is additionally identified, and then the spatial distance between the payment terminal in which the transaction is made and the . localizable terminal is calculated. After the distance has been calculated, it is checked whether it is small enough and, depending on the result of the check and possible additional rules, the transaction authorization is refused, or the authorization is granted automatically without any further questions, or the authorization question sent to the communication terminal is respectively modified.
The method according to the invention can be complemented by a stage of sending to the communication terminal the information on the events related to the card assigned to that terminal.
The system according to the invention works with the basic card authorization center. Each payment card serviced by the system is assigned at least one communication terminal. The system contains card information database modifiable with a modification interface by the card information management system, authorization interface for communication with card authorization center, telecommunications interface providing for connection with the communication terminal and control & calculation module. In variation of the system according to the invention, the communication between the communication terminal and the communication interface is implemented via a voice server.
In another variation of the system according to the invention, the card information database contains standard identification answers of the users of the cards taken from communication terminals.
Next variation of the system according to the invention contains card information database on the transactions made with cards, an interface working as an intermediary in providing information on available payment terminals and their geographical position, a calculation module. The module calculates the time- spatial distance of the current transaction from ihe previous transaction made with the same card via the payment terminal.
Another variation of the system according to the invention additionally contains a location module providing to the system the information on the location of the localizable terminal assigned to the card taking part in the authorized transaction. The calculation module in this variation of the system also calculates the spatial distance between the payment terminal in which the transaction is made and the
1 localizable terminal and compares it with the standard.
The communication terminal and localizable terminal used in the system of the invention can be one device.
In yet another variation of the system according to the invention, there is an information module providing to the communication terminal, via a communication interface, the information on the events related to the card to which the terminal is assigned.
Brief Description of Drawings
The invention is schematically presented on the accompanying drawings in which:
Fig. 1 shows the block diagram of the system in its basic version.
Fig. 2 shows the block diagram of the basic system complemented by a module to detect irregularities and an information module.
Fig. 3 shows a flow chart illustrating activities taken to execute a method according to the invention.
Fig. 4 shows a flow chart illustrating operation of the basic authorization (BA). Fig. 5 shows a flow chart illustrating operation of the irregularities detecting module (IDM).
Fig. 6 shows a flow chart illustrating operation of the information module (IM).
Mode for Carrying Out the Invention
The present invention can make use of generally available telecommunications services, in particular voice transmission, automatic voice server, text messages transmission (SMS - Short Message Service), multimedia message transmission, electronic mail (e-mail) and "instant messaging". The telecommunications services are accessible via a communication terminal which is held by the payment card user. A mobile phone or, to a smaller extent, "pager" are typical examples of such terminals. The invention also makes use of the' so called localizable terminals, that is the terminals whose geographical position can be located. Any portable device, independent or working with other devices enabling identification of geographical position at any selected moment can be a localizable terminal. A mobile phone can be a typical example of a localizable terminal, since telephone network enables pretty precise identification of the current location of the mobile phone by using the information on the mobile phone or mobile phones in the network the range of which the given mobile phone is currently in. The invention can also make use of PDA (Personal Digital Assistant) and specialized tracking devices. Localizable terminals can also make use of various location technologies, both using the infrastructure of mobile telephone networks and the ones independents of such networks (e.g. GPS - "Global Positioning System") or mixed technologies (e.g. GPS supported by mobile telephone network). In some special cases, a terminal can be at the same time a communication and a localizable terminal, thus becoming a universal terminal.
For the purpose of securing payments, the so called user preferences are defined. User preferences are a set of quantitative and/or qualitative features defining how the sen/ice of additional authorization is to be provided. For example, user preferences can define whether the given securing procedure is to be implemented or not (qualitative parameter) and the lowest amount from which the service of additional securing is to be provided (qualitative parameter). The basic element of the system 1 is the control & calculation module 2. The module is connected to the card information database 5. In its basic version, the system 1 has three interface modules (8,9 and 11 ) enabling communication with external systems. The communication interface 11 enables contact with the basic card authorization center 13 in order to receive authorization questions and send authorization answers. Thanks to the modification interface 8 it is possible to provide to the database 5 always updated payment card information coming from card information management system 15. The database 5, depending on how extended the system 1 is, collects, for example, payment cards identifiers and identification numbers of communication, localizable or universal terminals related to those cards. The database 5 also stores definitions on payment securing and related user preferences, as well as quantitative parameters of that service (for example the lowest amount from which the payment is to be controlled) and qualitative parameters of the elements of the service (for example, request for systematic refusal of authorization if the localizable terminal cannot be located).
Communication interface 9, via telecommunications systems 16^. provides contact with the communication terminal. Before the transaction that is to be additionally secured is made, the authorization center sends to control & calculation module 2 via interface 11 an authorization question. The module then retrieves from the database 5 the information related to the payment card for which additional securing is requested, and then the conditions triggering the procedure of additional authorization are checked. If the conditions are not met, for example, the amount of the transaction or the cumulative value of the amounts within a specified time period does not exceed a specified limit, then control & calculation module 2 sends back to authorization center 13 the answer with the automatic permit to make the operation. The answer is sent back via interface 11. If the conditions triggering additional transaction authorization are met, control & calculation module 2 identifies the communication terminal related to the payment card that the transaction authorization is related to. Depending on the capacity of the communication terminal and/or the description of the user preferences related to the given terminal, control & calculation module 2 tries to communicate with the holder of the terminal, using relevant communication technique. In the basic case, voice communication is the communication technique, and a component element of the system 1 is a voice server 17. The server then asks the user of the communication server for granting authorization for the planned payment.
Granting authorization by the user can be done in any way, depending on the capacities of the voice server. In the simplest case, it can be pressing by the user a selected key on the terminal: e.g. <0> key to grant authorization and <1> key to refuse it, or <2> to refuse authorization and cause blocking the card thus making its further use impossible. In a more advanced case, the answer is given by the user with voice, and the voice server 17 recognizes the answer by speech analysis. After the user answer has been obtained and recognized, the system 1 transfers it to the basic authorization center 13 which takes an adequate action, i.e. grants or refuses authorization for the requested payment. An important feature of the control & calculation module 2 is also the way of its operation in the case when it is not possible to obtain an answer from the terminal user. Three potential reactions have been envisaged for such a situation, i.e. a systematic authorization refusal, systematic authorization granting and a choice between authorization refusal and granting. The choice between authorization refusal and granting depending on a certain criterion, suc as for example the amount of the operation or the cumulative amount of payments in a specified period of time. The decision on which of the three possible answers will be sent to card authorization center 13 is made by the operator of the security system or directly by the terminal user in the description of preferences. Apart from voice communication with the terminal and card user, of course, also other communication techniques, for example multimedia messages, SMS or "instant messaging" can be used to obtain the user authorization answer.
To increase transaction security, there can be used a version of the control & calculation module 2, which formulates and sends to the communication terminal also the question that is to identify the user. The user has to provide the answer via the terminal and the answer is compared with the standard of that answer stored in the database 5. The positive authorization answer is taken into consideration only if the user has correctly answered the identification question. Exemplary identification questions include request for PIN related to the card or another number or text code.
Another version of the system 1 is additionally equipped with a calculating irregularity detecting module 3 (IDM - fig. 5), used to detect irregularities of authorization of payments requiring the use of a payment terminal. The system 1 in this version also contains an information database on the previous transactions made with cards 6 and two additional module interfaces 7 and 10. Interface 10 works as an intermediary in contacts with the payment terminals systems 12 managing the information on payment terminals, providing information on available payment terminals and their geographical positions. The location interface 7 enables connections with location modules 14 providing the service of locating localizable terminals. Irregularity detecting module 3 detects some illegal operations made with duplicated or forged cards, and its use can be conditional and depend on many factors, such as for example the amount of the payment to be made. Operation of the irregularity detecting module 3 consists in knowing the geographical position of payment terminals and in the assumption that two subsequent payments made with the same card must take place within a time span big enough for the card holder to be able to move between the geographical positions in which the payment terminals u$ed to make the two subsequent payments are used. Based on the theoretical and/or empirical data, the standard (i.e. the smallest physically possible) time-spatial distance between the two payment terminals is calculated. Any request for additional authorization of the payment to be made with the payment terminal after confirming that the conditions of starting additional authorization are met (e.g. the amount of the operation exceeds the specified limit) is sent not directly to the control & calculation module 2 as was the case in the basic version of the system, but to irregularity detecting module 3. The question sent from authorization center 13 additionally contains a payment terminal identifier. Irregularity detecting module 3 retrieves from the database 6 information on the previous transaction made with the given card, that is the date and time of the payment and geographical position of the then used payment terminal. Then from the payment terminal system 12, via the interface 10 information on the geographical position of payment terminal that the additional authorized current payment is related to is retrieved. The information on the location of the payment terminal can be also included in the authorization question and then the payment terminal system 12 and the interface 10 are not used. After the necessary data have been retrieved, the time-spatial distance between the current payment operation and the previous operation related to the same card is calculated and compared with the standard distance. If the distance is smaller than the standard one, it can mean that it is likely that there exist two copies of the same card and that there is an attempt of a; fraud. Further operations that the system can take in the circumstances are defined by the operator of the system and/or in the description of the user preferences. The first of the possible reactions of the system can be triggering the basic procedure of additional authorization described above (BA - fig. 4), i.e. obtaining consent to or refusal of authorization from the user himself of the communication terminal related to the given card. The user is informed about the detected irregularity. The second possible reaction is direct forwarding to the basic authorization center 13 the information on the detected irregularity and on the necessity to refuse authorization for the current payment. The third reaction of the system is direct forwarding to authorization center 13 the information on the necessity to block the card in order to prevent its further use..
If the irregularity detecting module 3 finds that'the time-spatial distance is correct, the request for additional authorization can undergo the previously described basic procedure performed by control & calculate module 2. The decision on performing the procedure or not can depend, for example, on the configuration of the system set by the operator, on the description of user preferences, on the amount of the payment and on the cumulative payment amount for the selected period.
If the card user has a localizable terminal, it is possible to start an additional checking procedure before the transaction authorization with the payment terminal described above. As in the previous cases, the procedure is triggered if the planned transaction meets the specified conditions, for example, if the amount of the operation exceeds the specified limit. The procedure consists in comparing the geographical position of the localizable terminal with the location of the payment terminal involved in the protected transaction. If the distance between the localizable terminal and the payment terminal is too big, it can be assumed that the payment card is probably used by another person. The comparison of the locations mentioned above can be done in two' ways. In the first case, the location system 14 provides to the system 1 the information on the current location of the selected localizable terminal, and the irregularity detecting module 3 compares the given location of the terminal with the location of payment terminal in which the transaction is being made. In the second case, irregularity detecting module 3 provides to the location system 14 the information on the location of the payment terminal, localizable terminal identifier and the qualitative parameters describing the rules of comparing locations. The comparison itself is made by the location system 14, which provides to the system 1 only the result of the comparison. If, as a result of the operations mentioned above, it turns out that the localizable terminal is not close to payment terminal, then the irregularity detecting module 3 considers the payment being authorized to be incorrect. The next part of the procedure is similar to the procedure of checking the time-spatial distance described above.
The system according to the invention can be also complemented by an information module 4 (IM - fig. 6). Role of the module is to supply, one-way, information to the card user. The one-way of sending information means that the system sends information to the user but does not expect any answer from the user. Information module 4 enables providing the user with the information related to payments with the card, the information that the user did not obtain as a result of the communication with the other modules of the system described above. In particular, that additional information can be information on the payment transaction made, information on payment refusal and information on detected irregularity. Providing that information can depend on various criteria, for example, on the payment amount. The information cari be provided to, for example, the communication terminal or to a specified' electronic mail address. If the information is sent to the communication terminal, it can be available, for example in the form of voice, multimedia message, SMS, e-mail or Website. The system of additional payment securing can be a separate system or it can operate as a part of the basic card authorization system. It can operate on the machines shared with other systems or it can have one or more machines for its exclusive use.
In the exemplary implementation of the system according to the invention, it can be implemented on two Sun E240 type of machines working in high availability mode. Both machines communicate with each other via a multiplied local network Ethernet, via which the communication with the basic card authorization center 13 is also made. The communication with the voice sever 17 of the telecommunications system 16 is done via the wide network of X25 type with multiplied connections. The communication with the location modules 14 is based on a specialized protocol LIF (XML/HTTP). The card information management systems 15 are information systems about the customers of the banks that offer payment cards. The systems provide information on the customers using the service of additional payment securing, on the scope of the service and the customer preferences, and the information can be obtained in the batch mode by transfer of files using FTP protocol. Due to the confidentiality requirement, the files are encrypted, just as the most significant information in the databases 5 and 6 is. The authorization interface 11 can be based both on local communication taking place within one machine and using the mechanisms of queues, shared memory or triggering procedures, and on any network communication protocol, for example TCP/IP or X25. And the communication interface 9 is based on the protocols offered by the operators of telecommunications systems 16 and depends on the type of the telecommunications service used. In particular, they can be ISDN, X25 or TCP/IP protocols. In the case of a voice server 17x the communication with the interface 9 can be performed in the way similar to the communication between interface 11 and aut orization center 13. The location interface 7 is to identify the location of the localizable terminal when the system obtains from the authorization center 13 an authorization question and is based on the protocols offered by location systems. )n particular, they can be HTTP or TCP/IP protocols. The modification interface 10 can be based on any type of local or network communication, just as in the case of the authorization interface 11 described above. The information that are provided by the systems 12 could also be provided to system 1 together with the tasks of additional securing coming from authorization center 13. Then, from the point of view of the invention, the system of 12 type becomes identical with card authorization center 13, and the modification interface 10 becomes identical with the identification module 11. The system according to the invention functionally has two databases 5 and 6, but in a concrete implementation those databases can belong to the same database, or each of them can be broken down into a number of various databases. The software of the system can be in C/C++ and ProC languages, using Oracle database.

Claims

12Claims
1. The method of additional securing of payment card payments made via the basic card authorization center characterised in that before the transaction is made, the information about the card the transaction is based on is taken from the card information database (5), then an authorization question is asked and sent to the communication terminal assigned to the card and when the answer comes from the communication terminal, it is forwarded to card authorization center, and if there is no answer from the terminal, an automatic authorization answer is formulated for card authorization center.
2. The method according to claim 1 characteriszed in that an identification question is sent to the communication terminal apart from the authorization question and then the identification answer received from the terminal is compared with the standard and the authorization answer from the terminal is forwarded to card authorization center only if the identification answer is compliant with the standard.
3. The method according to claim 1 or 2, characterised in that before the decision on sending an authorization question to the communication terminal is made it is checked whether the transaction is to be made with the use of the payment terminal, and then, based on the data from information database on the transactions (6} and on the information on the geographical location of payment terminal, the time-spatial distance from the previous transaction made via the payment terminal with the same card is calculated and then compared with the standard and, depending on the result of the comparison, and possible additional rules, the transaction authorization is refused, or the authorization is granted automatically without any further questions, or the authorization question sent to the communication terminal is respectively modified.
4. The method according to claim 3 characterised in that the location of the localizable terminal assigned to the card of the transaction is additionally identified, and then the spatial distance between the payment terminal in which the transaction is made and the localizable terminal is calculated, and after the distance has been calculated, it is checked whether it is small enough and, depending on the result of the check and possible additional rules, the transaction authorization is refused, or the authorization is granted automatically without any further questions, or the authorization question sent to the communication terminal is respectively modified.
5. The method according to claim 1 or 2 or 3 or 4 characterised in that the information on the events related to the card assigned to that terminal is sent to the communication terminal.
6. The system of additional securing of payment card payments working with the basic card authorization center, characterised in that to each payment card serviced by the system is assigned at least one communication terminal and that it contains contain card information database (5) modifiable with a modification interface (8) by the card information management system, authorization interface (11) for the communication with the card authorization center, telecommunications interface (9) providing for the connection with the communication terminal and a control & calculation module (2).
7. The system according to claim 6, characterised in that the communication between the communication terminal (9) and the communication interface is implemented via a voice server.
8. The system according to claim. 6 or 7, characterised in that the card information database (5) contains standard identification answers of the users of the cards taken from communication terminals.
9. The system according to claim 6 or 7 or 8, characterised in that it contains card information database on the transactions made with cards (6), an interface (10) working as an intermediary in providing information on available payment terminals and their geographical location and a calculation module (3) calculating the time-spatial distance of the current transaction from the previous transaction made with the same card via the payment terminal.
10. The system according to claim 9, characterised in that it contains a location module (14) providing to the system the information on the location of the localizable terminal assigned to the card taking part in the authorized transaction and the calculation module (3) calculates the spatial distance between the payment terminal in which the transaction is made and the localizable terminal and compares it with the standard.
11. The system according to claim 10, characterised in that the communication terminal and localizable terminal are a one device.
12. The system according to claim 6 or 7 or 8 or 9 or 10 or 11 , characterised in that it contains an information module (4) providing to the communication terminal, via a communication interface (9), information on the events related to the card to which the terminal is assigned.
PCT/PL2002/000075 2001-10-20 2002-10-21 Method and system of additional securing of payment card payments WO2003036576A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP02783868A EP1454305A2 (en) 2001-10-20 2002-10-21 Method and system of additional securing of payment card payments
AU2002347691A AU2002347691A1 (en) 2001-10-20 2002-10-21 Method and system of additional securing of payment card payments

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
PL01350218A PL350218A1 (en) 2001-10-20 2001-10-20 Method of and system for providing extra security of payments effected by means of cheque cards
PLP.350218 2001-10-20

Publications (3)

Publication Number Publication Date
WO2003036576A2 true WO2003036576A2 (en) 2003-05-01
WO2003036576A3 WO2003036576A3 (en) 2003-11-27
WO2003036576B1 WO2003036576B1 (en) 2004-03-25

Family

ID=20079557

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/PL2002/000075 WO2003036576A2 (en) 2001-10-20 2002-10-21 Method and system of additional securing of payment card payments

Country Status (5)

Country Link
EP (1) EP1454305A2 (en)
AU (1) AU2002347691A1 (en)
PL (1) PL350218A1 (en)
RU (1) RU2004115391A (en)
WO (1) WO2003036576A2 (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2402792A (en) * 2003-06-11 2004-12-15 Sanjay Hora Verifying identity and authorising transactions
WO2005073889A1 (en) * 2004-01-28 2005-08-11 Saflink Corporation Electronic transaction verification system
WO2005073934A1 (en) * 2004-01-28 2005-08-11 Aron Matalon Method and system for authenticating credit transactions
EP1810235A2 (en) * 2004-09-17 2007-07-25 Digital Envoy, Inc. Fraud risk advisor
EP1835468A2 (en) * 2006-03-15 2007-09-19 Omron Corporation User equipment, authentication system, authentication method, authentication program and recording medium
EP1729254A3 (en) * 2005-05-06 2010-01-20 Robert Bosch Gmbh Data transfer method and system
WO2011076438A1 (en) * 2009-12-23 2011-06-30 Wolfram Doering Method for electronically communicating bank orders and communication system for carrying out the method
US8171288B2 (en) 1998-07-06 2012-05-01 Imprivata, Inc. System and method for authenticating users in a computer network
GB2511112A (en) * 2013-02-25 2014-08-27 Licentia Group Ltd Authentication method & system
EP3244358A1 (en) * 2016-05-10 2017-11-15 Danal, Inc. Methods and systems for identity verification at self-service machines
CN108701297A (en) * 2016-01-19 2018-10-23 三星电子株式会社 Electronic device for executing payment and method
WO2019122556A1 (en) * 2017-12-22 2019-06-27 Orange Method for obtaining a complementary item of information associated with a characteristic of a bank transaction

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0601659A1 (en) * 1992-12-07 1994-06-15 Koninklijke KPN N.V. Method for protecting a smart card system
US5335265A (en) * 1991-11-08 1994-08-02 Electronic Data Systems Corporation Apparatus for detecting and preventing subscriber number cloning in a cellular mobile telephone system
WO1996041488A1 (en) * 1995-06-07 1996-12-19 The Dice Company Fraud detection system for electronic networks using geographical location coordinates
US6097938A (en) * 1997-07-11 2000-08-01 Northern Telecom Limited Authentication and tracking system for a cellular telephone

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5335265A (en) * 1991-11-08 1994-08-02 Electronic Data Systems Corporation Apparatus for detecting and preventing subscriber number cloning in a cellular mobile telephone system
EP0601659A1 (en) * 1992-12-07 1994-06-15 Koninklijke KPN N.V. Method for protecting a smart card system
WO1996041488A1 (en) * 1995-06-07 1996-12-19 The Dice Company Fraud detection system for electronic networks using geographical location coordinates
US6097938A (en) * 1997-07-11 2000-08-01 Northern Telecom Limited Authentication and tracking system for a cellular telephone

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8171288B2 (en) 1998-07-06 2012-05-01 Imprivata, Inc. System and method for authenticating users in a computer network
GB2402792A (en) * 2003-06-11 2004-12-15 Sanjay Hora Verifying identity and authorising transactions
WO2005073889A1 (en) * 2004-01-28 2005-08-11 Saflink Corporation Electronic transaction verification system
WO2005073934A1 (en) * 2004-01-28 2005-08-11 Aron Matalon Method and system for authenticating credit transactions
EP1810235A2 (en) * 2004-09-17 2007-07-25 Digital Envoy, Inc. Fraud risk advisor
JP2015092404A (en) * 2004-09-17 2015-05-14 デジタル エンボイ, インコーポレイテッド Illegal risk adviser
JP2008513893A (en) * 2004-09-17 2008-05-01 デジタル エンボイ, インコーポレイテッド Fraud risk advisor
EP1810235A4 (en) * 2004-09-17 2009-07-08 Digital Envoy Inc Fraud risk advisor
US8812650B2 (en) 2005-05-06 2014-08-19 Robert Bosch Gmbh Method and device for describing data transmissions through supplementary data
EP1729254A3 (en) * 2005-05-06 2010-01-20 Robert Bosch Gmbh Data transfer method and system
US8301116B2 (en) 2006-03-15 2012-10-30 Omron Corporation User equipment, authentication system, authentication method, authentication program and recording medium
EP1835468A3 (en) * 2006-03-15 2009-09-30 Omron Corporation User equipment, authentication system, authentication method, authentication program and recording medium
EP1835468A2 (en) * 2006-03-15 2007-09-19 Omron Corporation User equipment, authentication system, authentication method, authentication program and recording medium
WO2011076438A1 (en) * 2009-12-23 2011-06-30 Wolfram Doering Method for electronically communicating bank orders and communication system for carrying out the method
GB2511112A (en) * 2013-02-25 2014-08-27 Licentia Group Ltd Authentication method & system
CN108701297A (en) * 2016-01-19 2018-10-23 三星电子株式会社 Electronic device for executing payment and method
EP3244358A1 (en) * 2016-05-10 2017-11-15 Danal, Inc. Methods and systems for identity verification at self-service machines
WO2019122556A1 (en) * 2017-12-22 2019-06-27 Orange Method for obtaining a complementary item of information associated with a characteristic of a bank transaction
FR3076037A1 (en) * 2017-12-22 2019-06-28 Orange METHOD FOR OBTAINING COMPLEMENTARY INFORMATION ASSOCIATED WITH A CHARACTERISTIC OF A BANK TRANSACTION

Also Published As

Publication number Publication date
PL350218A1 (en) 2003-04-22
EP1454305A2 (en) 2004-09-08
AU2002347691A1 (en) 2003-05-06
WO2003036576A3 (en) 2003-11-27
WO2003036576B1 (en) 2004-03-25
RU2004115391A (en) 2005-06-10

Similar Documents

Publication Publication Date Title
JP4036649B2 (en) Transaction method and sales system
US7610040B2 (en) Method and system for detecting possible frauds in payment transactions
EP0493895B2 (en) Telephone network credit card calling apparatus and method of operation
KR100573532B1 (en) System and method for managing prepaid wireless service
RU2116008C1 (en) Mobile telephone communication system, payment technique for terminal equipment of mobile telephone exchange, and system implementing it
US10032156B2 (en) System and method for conducting financial transactions using a mobile device
CN1112821C (en) Subscriber identity module mobile station and method for performing a smart card function
US20090204524A1 (en) Security system
WO2002059727A2 (en) Security system and method for providing a user with an authorisation code for accessing a service
EP1454305A2 (en) Method and system of additional securing of payment card payments
EP1416456B1 (en) Methods for maintaining prepaid account information and for supporting transactions in an e-Commerce system
WO2008015637A2 (en) Mobile payment method and system
EP1348185A1 (en) Payment system
EP1313075A2 (en) Electronic money processing method and program
KR100342723B1 (en) The notification method of bank account updating
KR20050010606A (en) Method for preventing illegal use of service informations registered and System using the same
KR20050030307A (en) Method for dealing a banking using a mobile phone
US20050246277A1 (en) Transaction processing system
KR100864995B1 (en) A system and a method for banking service in which drawing one&#39;s savings from the bank is only possible with approval of the member
KR100399776B1 (en) credit card cash service method using a cellular phone
EP1544816A1 (en) Method and system for authorising computer network rendered services
KR20050019318A (en) Method for preventing illegal use of web-site service information registered and System using the same
EP1554701B1 (en) Transaction processing system
GB2379045A (en) Account controller
JP2007200144A (en) Card use system, card use method, and unauthorized use determination device for card use system

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LU MC NL PT SE SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
B Later publication of amended claims

Effective date: 20031023

WWE Wipo information: entry into national phase

Ref document number: 2002783868

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2002783868

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP

WWW Wipo information: withdrawn in national office

Ref document number: 2002783868

Country of ref document: EP