[go: up one dir, main page]

GB2378294A - Credit card security system - Google Patents

Credit card security system Download PDF

Info

Publication number
GB2378294A
GB2378294A GB0119040A GB0119040A GB2378294A GB 2378294 A GB2378294 A GB 2378294A GB 0119040 A GB0119040 A GB 0119040A GB 0119040 A GB0119040 A GB 0119040A GB 2378294 A GB2378294 A GB 2378294A
Authority
GB
United Kingdom
Prior art keywords
credit card
account
mobile phone
server
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0119040A
Other versions
GB0119040D0 (en
Inventor
Izidore Codron
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
HALTFERN Ltd
Original Assignee
HALTFERN Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by HALTFERN Ltd filed Critical HALTFERN Ltd
Priority to GB0119040A priority Critical patent/GB2378294A/en
Publication of GB0119040D0 publication Critical patent/GB0119040D0/en
Priority to PCT/GB2002/003485 priority patent/WO2003015043A1/en
Publication of GB2378294A publication Critical patent/GB2378294A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/22Payment schemes or models
    • G06Q20/24Credit schemes, i.e. "pay after"
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3223Realising banking transactions through M-devices
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • G06Q20/425Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Telephonic Communication Services (AREA)

Abstract

A credit card security system which to reduce the fraudulent use of a card. A security server 4 responds to the initiation of a card transaction 1 by instantly transmitting an SMS text message or an email, to the credit card holder's cellular mobile phone 1, or computer 8 respectively. The security server preferably includes a register of email address and mobile phone numbers which correspond to each credit card account. Alternatively, this information may be stored on the cards themselves. The card holder's mobile phone may preferably be used to respond to the message with a default stop or proceed message to stop or expedite the transaction.

Description

<Desc/Clms Page number 1>
A Credit Card Security System.
The present invention is concerned with a credit card security system which is able to reduce the fraudulent use of a card The problem of fraudulent use of a credit card will be familiar to most and is becoming more serious as credit card and like transactions become more commonplace. A frequent problem results from a credit card or card data being stolen and used fraudulently for hours or even days, while the card holder is unaware of the abuse and so unable to alert the card issuer.
In the ordinary course of implementing a credit card transaction it is commonplace that the transaction will be recorded immediately to a server, if the transaction takes place in a conventional shop this is usually achieved by swiping the card through a transaction machine and the machine then addresses a remote card credit checking server provided by the credit card issuer and interrogates a database in the remote credit checking server for credit worthiness. The credit checking server will then respond by issuing signals to the transaction machine either approving the transaction or rejecting the transaction. In the case of remote transactions, it is usual that the credit card details are logged directly to a vendor's in house transaction system, either manually if the transaction is a telephone sale or directly if the sale IS via the world wide web. The present invention seeks to take advantage of the existing system of processing credit card transactions and so improve credit card security at minimal cost Accordingly the present invention provides a credit card security system having: a credit card beanng data corresponding to a card holder account a security server arranged to receive said card holder account data when a credit card account transaction is initiated and responsive to receipt of said data to
<Desc/Clms Page number 2>
transmit a message immediately to at least one of a mobile phone account in the name of said card holder or an email account in the name of said cardholder.
According to a second aspect of the present invention there is provided a method of improved credit card security comprising the steps of: initiating a transaction by communicating data corresponding to a card holder account to a vendor, said vendor communicating said card holder account data to a security server, said security server responding to said credit card holder account data by addressing at least one of mobile phone account data or email account data previously provided by the credit card holder, and sending at least one of an SMS message or emall to said mobile phone or email account By immediately transmitting a message to the legitimate card holder's mobile phone and/or email account the legitimate card holder is Immediately (often in a period of less than 30 seconds and usually less than 300 seconds) warned that use is being made of his card. By conventional means the credit card user may be unaware of the abuse of his card until he receives the monthly card balance probably days or weeks later, even then the abuse may not be instantly obvious. Thus the present invention gives a clear and immediate warning if the credit card account is being used fraudulently and this will give the legitimate card holder a very early opportunity to alert the credit card provider to the fraudulent use so that steps can be taken to prevent further abuse.
The mobile phone account data and/or email account data may be presented on the card in which case it is preferable that the data is encrypted and in machine readable form, such as the conventional magnetic strip or electronic memory.
However, it is preferred that the credit card provider pre-loads the mobile phone and/or email account data onto the security server The credit checking server or a server in close communication with the credit checking server may conveniently serve as the
<Desc/Clms Page number 3>
credit checking server. In this way the mobile phone data and email account data is not available to a thief and the mobile phone and email data can be readily managed by the credit card provider in cooperation with the credit checking service provider In this preferred embodiment of the invention the security server has means to receive said card holder account data when a credit card account transaction is initiated, memory means which holds card holder account data, and memory means holding at least one of mobile phone account data or email account data. The security server is responsive to receipt of said card holder account data to recover at least one of the mobile phone account data or email account data corresponding to said card holder account data received from memory and has transmission means to transmit a message immediately to at least one of the mobile phone account or email account corresponding to said card holder.
It is preferred that the message is a text message.
The secunty system and method may be further enhanced by enabling the card holder's mobile phone to respond to the message with a default stop or proceed message to stop or expedite the transaction. A stop message might then be retransmitted from the security server to the vendor so that if the transaction is fraudulent the transaction can be stopped by the vendor. Preferably the mobile phone would be adapted to present the message in a way which allows the credit card holder to respond to the message from a soft key, selecting proceed or stop, alternatively one or two of the phone keys may be used to transmit a default, proceed or stop message to the security server. The security system may be set to allow a transaction to proceed if no response is received from the mobile phone within a predetermined period, for example, ninety seconds. This will allow transactions to proceed where the mobile phone is out of service for any reason.
Embodiments of a credit card security system constructed and operated according to the system and method of the present invention will now be describe, by
<Desc/Clms Page number 4>
way of example only, with reference to the accompanying illustrative drawings, In which: Figure 1 is a first embodiment of the system, and Figure 2 is a second embodiment of the Invention.
Figure 1 shows a credit card transaction being implemented using the security system At 1 data indicative of the credit card account is input to a vendor's transaction computer/server 2. The data input may be via a card reader, by manual input, direct input via internet access or by any other conventional means. This data is processed in the usual way and communicated via normal telecommunication 3 to security server provided in this example by a card credit checking server 4 in two way communication with the vendors server 2. The card credit checking server 4 includes a register of email addresses and cellular mobile phone numbers which correspond to each credit card account. Upon receipt of the credit card account data the card credit checking server addresses the corresponding mobile phone account number and/or email address and forwards a predetermined message to an internet server 5 and/or a cellular network server 6 and hence to the credit card holder's mobile phone 7 or computer 8. The message will preferably be a text message and may In addition to an indication that a transaction has been implemented include further information data such as the location, time and value of the transaction. Particularly if this further information is delivered to a PC or other handheld type device this will allow credit card holders to maintain nearly instant monitoring of their credit card account balance in addition to enhancing the security of the account.
Although this specification refers particularly to credit cards, it should be appreciated that the term credit card may also include debit cards and other forms of payment card. It may also have application where card like devices are used in smart security systems as a key to provide access to restricted areas, in such instances the unauthorised use of an authorised key would be alerted to the authorised user.
<Desc/Clms Page number 5>
Figure 2 diagrammatically illustrates a second embodiment of the invention. The components of the system common to the first embodiment are similarly numbered and only the differences between the two embodiments will be described. When the security server 6 generates a message to the mobile phone 7a the message includes code to generate one of two response messages from the phone. Thus when a message such as that illustrated on the phone display is received it includes that the message is a"credit card transaction alert" here abbreviated to"CC TRNS ALT"the date and time and the tocation"@XXXXXXX"there is additionally a question "PROCEED ?" 9. The message establishes a softkey 9 option"YES"to respond with a proceed message and option "NO" to respond with a stop message. In the figure,"NO" is selected which message 10 is transmitted to the cellular network server 6. The message from the phone will include code to identify the phone. This is then retransmitted to the card credit checking and security server 4 which matches the phone to the transaction in issue by correlation with a register of mobile phone account data. Thus a stop message reaches the vendor's transaction server 2 where steps may be implemented in a conventional manner to stop the transaction. The security server 4 will ordinarily wait for a period, for example ninety seconds, before emitting a proceed message based on conventional card credit criteria. Thus the proceed message may expedite a transaction. Conversely a stop message from the mobile phone or any stop transaction message based on other critena will take priority.

Claims (15)

  1. Claims 1. A credit card security system having : a credit card bearing data corresponding to a card holder account a security server arranged to receive said card holder data when a credit transaction is requested and responsive to receipt of said data to transmit a message immediately to at least one of a mobile phone account corresponding to said card holder or an email account in the name of said cardholder.
  2. 2. A credit card security system according to claim 1 wherein the security server has ; means to receive said card holder account data when a credit card account transaction is initiated, and memory means holding at least one of mobile phone account data or emall account data addressed according to the card holder account data, said security server being responsive to receipt of said card holder account data to recover at least one of the mobile phone account data or email account data corresponding to said card holder account data received and having transmission means to transmit a message immediately to at least one of the mobile phone account or email account corresponding to said card holder.
  3. 3. A credit card security system according to claim 1 or claim 2 wherein the security server is provided by the credit card issuer.
    <Desc/Clms Page number 7>
  4. 4. A credit card security system according to any one of the preceding claims wherein the security server is downstream of a vendor's transaction server to receive the account data from the vendor's transaction server
  5. 5. A credit card security system according to claim 4 wherein the security server is provided by a card credit checking server.
  6. 6 A credit card security system according to claim 1 wherein the credit card holder's mobile phone account number or email address are encoded on the credit card and the data is recoverable from the card when the card is swiped in a transaction machine by a vendor to be used by the security server in communication with the transaction machine to transmit the message.
  7. 7. A credit card security system according to any one of the preceding claims wherein the security server has means to receive a predetermined stop message from the mobile phone encoded to indicate that the transaction should be stopped.
  8. 8. A credit card security system according to claim 7 wherein the security server has means adapted to respond to receipt of a predetermined stop message to transmit a message to the vendor to stop the transaction.
  9. 9. A credit card security system according to claim 7 or 8 wherein the security server has means to receive a predetermined message from the mobile phone to indicate that the transaction should proceed, and means adapted to respond to receipt of the proceed message to send a proceed message to the vendor.
    <Desc/Clms Page number 8>
  10. 10. A method for improving credit card security when a card transaction is initiated comprising the steps of a card holder communicating data corresponding to a card holder account to a vendor, said vendor communicating said data to a security server, said security server responding to said credit card holder account data by addressing at least one of mobile phone account data or email account data corresponding to said card holder account and previously provided by the credit card holder, and sending one of an SMS message or email to said mobile phone or email account.
  11. 11. A method according to claim 10 comprising the step of the credit card issuer providing the security server
  12. 12. A method according to either one of claims 10 or 11 wherein said security server responding to a predetermined stop message from the account holder's mobile phone by transmitting a stop message to the vendor to stop the transaction.
  13. 13. A method according to any one of claims 10 to 12 wherein the security server mobile phone is adapted to send a proceed message to the security server in response to the transaction message, said server responding by transmitting a proceed message to the vendor.
  14. 14. A method according to claim 10 wherein the mobile phone data or email data is encrypted on the credit card and comprising the step of the data being read from the credit card when the credit card is swiped in a transaction machine provided by a vendor,
    <Desc/Clms Page number 9>
    said transaction machine communicating said mobile phone or email data to a server, said server communicating an SMS message or email to the address of the credit card holder.
  15. 15. A server adapted to receive data identifying a credit card account, said server having a register reloaded with a mobile phone account number and/or email address corresponding to the holder of the credit card account, said server being adapted to respond to data indicating that a transaction is to be implemented using said credit card account by recovering a mobile phone and/or email address corresponding to the credit card account and said server being provided with communication means to issue a message to said mobile phone account or email address.
GB0119040A 2001-08-03 2001-08-03 Credit card security system Withdrawn GB2378294A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
GB0119040A GB2378294A (en) 2001-08-03 2001-08-03 Credit card security system
PCT/GB2002/003485 WO2003015043A1 (en) 2001-08-03 2002-07-29 A credit card security system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0119040A GB2378294A (en) 2001-08-03 2001-08-03 Credit card security system

Publications (2)

Publication Number Publication Date
GB0119040D0 GB0119040D0 (en) 2001-09-26
GB2378294A true GB2378294A (en) 2003-02-05

Family

ID=9919808

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0119040A Withdrawn GB2378294A (en) 2001-08-03 2001-08-03 Credit card security system

Country Status (1)

Country Link
GB (1) GB2378294A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1465124A3 (en) * 2003-04-03 2004-11-17 Nec Corporation Mobile communication terminal including non-contact IC card and method of transferring transaction information
GB2459850A (en) * 2008-05-07 2009-11-11 Keith Hall Using a mobile phone for fraud prevention in credit card transactions
EP2410479A1 (en) * 2010-07-20 2012-01-25 WU, You-Jhang Method of credit card transaction authorization using VolPoW phone
EP2613287A1 (en) * 2012-01-04 2013-07-10 Barclays Bank PLC Computer system and method for initiating payments based on cheques
US8943548B2 (en) 2005-12-21 2015-01-27 Vasco Data Security, Inc. System and method for dynamic multifactor authentication

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH06100868A (en) * 1992-09-18 1994-04-12 Nippon Koole Oil Kk Method for hydroliquefaction of coal
US5739512A (en) * 1996-05-30 1998-04-14 Sun Microsystems, Inc. Digital delivery of receipts
US5878337A (en) * 1996-08-08 1999-03-02 Joao; Raymond Anthony Transaction security apparatus and method
US6064990A (en) * 1998-03-31 2000-05-16 International Business Machines Corporation System for electronic notification of account activity

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH06100868A (en) * 1992-09-18 1994-04-12 Nippon Koole Oil Kk Method for hydroliquefaction of coal
US5739512A (en) * 1996-05-30 1998-04-14 Sun Microsystems, Inc. Digital delivery of receipts
US5878337A (en) * 1996-08-08 1999-03-02 Joao; Raymond Anthony Transaction security apparatus and method
US6064990A (en) * 1998-03-31 2000-05-16 International Business Machines Corporation System for electronic notification of account activity

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1465124A3 (en) * 2003-04-03 2004-11-17 Nec Corporation Mobile communication terminal including non-contact IC card and method of transferring transaction information
US7195174B2 (en) 2003-04-03 2007-03-27 Nec Corporation Mobile communication terminal including non-contact IC card and method of transferring transaction information
US8943548B2 (en) 2005-12-21 2015-01-27 Vasco Data Security, Inc. System and method for dynamic multifactor authentication
US10555169B2 (en) 2005-12-21 2020-02-04 Onespan North America Inc. System and method for dynamic multifactor authentication
GB2459850A (en) * 2008-05-07 2009-11-11 Keith Hall Using a mobile phone for fraud prevention in credit card transactions
EP2410479A1 (en) * 2010-07-20 2012-01-25 WU, You-Jhang Method of credit card transaction authorization using VolPoW phone
EP2613287A1 (en) * 2012-01-04 2013-07-10 Barclays Bank PLC Computer system and method for initiating payments based on cheques

Also Published As

Publication number Publication date
GB0119040D0 (en) 2001-09-26

Similar Documents

Publication Publication Date Title
US7533047B2 (en) Method and system for securing card payment transactions using a mobile communication device
US10121134B2 (en) Payment terminal messaging
US6023682A (en) Method and apparatus for credit card purchase authorization utilizing a comparison of a purchase token with test information
US20040177046A1 (en) Credit card protection system
US20030191945A1 (en) System and method for secure credit and debit card transactions
CA2505920A1 (en) System and method for secure credit and debit card transactions
US20020116329A1 (en) Systems and methods for approval of credit/debit account transactions using a wireless device
US20150227920A1 (en) Management of identities in a transaction infrastructure
GB2398159A (en) Electronic payment authorisation using a mobile communications device
US7428987B2 (en) Cashless vending system
US20210406909A1 (en) Authorizing transactions using negative pin messages
US20230153465A1 (en) Retrieving hidden digital identifier
WO2003015043A1 (en) A credit card security system
EP1705605A1 (en) Personal information storage device and mobile terminal
GB2378294A (en) Credit card security system
EP1147497A2 (en) Universal electronic transaction system and method therefor
KR20030002534A (en) Method for notification and management of credit card approvement using mobile phone
WO2000042794A1 (en) Apparatus and method relating to authorisation control
GB2374711A (en) A mobile telephone for financial transactions
US20040059675A1 (en) System and method for replacing identification data on a portable transaction device
KR100574044B1 (en) Payment terminal device and cash transaction processing method
US20050010813A1 (en) Security in data communication networks
US20150339657A1 (en) Anti-fraud computer implemented method for financial card transaction
US20070156606A1 (en) Method of securing a check transaction
KR20010028575A (en) Method for Prevention of leakage Individual Information

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)