JP2001306806A - Method and system for preventing wrong use of card and recording medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a method and a system which prevent a card from being wrongfully used by a third person by identifying a user at the time when the user uses the card. SOLUTION: When the card user who will use the card in a member shop is identified as a card owner himself or herself, a center of a card company receives a card number read by a member shop terminal and retrieves the telephone number of a mobile communication terminal of the user, which is previously registered in a database of the center, in accordance with the card number and transmits this telephone number to the mobile communication terminal of the card user, and when permission of the use of the card inputted from the mobile radio terminal of the user, it is judged that the user has been identified, and the use of the card is permitted.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a method and a system for preventing unauthorized use of a card, and more particularly to a method and a system suitable for preventing unauthorized use of a card such as a credit card used by a card member for payment of goods and financing. The present invention relates to a method and a system, and a recording medium.

[0002]

2. Description of the Related Art Credit cards are widely used as the third currency after cash and checks, and the credit card business is now widely used in credit, banking, retail and petroleum industries. I have. At present, proposals have been made for the common use (unification) of credit cards, cash cards, and debit cards.

[0003] When using a credit card, a card member
Present your credit card to the merchant, read the credit card at the merchant terminal (Card Authorization Terminal), and read the credit card information and sales details from the terminal via the communication line to the card company. Is transmitted online to the host computer of the card management center, and authorization is performed as necessary, such as checking the credit of the credit card.

If there is no problem with the authorization result and the card can be used, the card user completes a series of product purchase procedures using the card by entering a signature at a predetermined portion of the usage statement slip, and completing the product purchase. Is paid by a credit card company or the like, and thereafter, the fee is deducted from the bank account of the user together with a predetermined fee.

[0005]

By the way, as long as the credit card is genuine, even if it is not a card member, the credit card is illegally used by another person and the credit card is stolen due to loss or theft. The used member loses money, and even if it is a fake credit card, if the authorization is passed, fraudulent use such as purchase of goods, financing, etc. is performed with the fake credit card, and the card company loses the loss. Will suffer.

[0006] As security management against unauthorized use of these cards, the following procedure is typically taken to confirm the identity of the card when the card is used.

[0007] That is, if the credit card company detects that the card user purchases a product of a predetermined amount or more using the credit card, the person in charge of the credit card company sends the card to the member store. The person in charge asks the card user who contacts the telephone and answers the telephone at the member store to confirm his / her identity based on the personal information of the member. This question is usually a question that cannot be answered immediately and naturally only by the user, such as the user's work telephone number.

[0008] When the card user can correctly answer the question of the person in charge, it is confirmed that the card user is the member who owns the card, and as a result, the use of the card (payment by the card) is reduced. Allowed.

However, when a card user purchases a product or the like, a person in charge of the card company asking the card user to confirm his / her identity by telephone while looking at the member information is difficult in terms of man-hours. It can be said that it is inefficient.

[0010] In the future, it is expected that the number of card use will increase drastically. Therefore, it is desired that the card company automates and saves the work of verifying the identity without lowering the accuracy of the identity verification.

[0011] Furthermore, the above-mentioned conventional identity verification work is performed by:
As a credit card user, the credit card company or the store staff at the merchant store will make you feel suspicious of yourself until the identity is confirmed. It can be said that there is no possibility that the user of the card will be offended. As a result, sufficient customer satisfaction (CS)
May not be available, which may have the adverse effect of sales promotion activities.

[0012] Therefore, the present invention has been made in view of the above problems, and a main object of the present invention is to make it easier for a center to confirm that a card user is a member who owns a card. Another object of the present invention is to provide a method, an apparatus, a system, and a recording medium for preventing unauthorized use by a third party.

Another object of the present invention is to prevent the illegal use of a card, suppress the increase in development costs and capital investment, reduce the burden on member stores and card companies, maintain high security, and promote sales activities. It is an object of the present invention to provide a contributing method, apparatus and system and recording medium.

[0014]

SUMMARY OF THE INVENTION According to the present invention, which achieves the above object, a card user who uses a card at a member store confirms that the card user owns the card by reading the card at the member store terminal. At the center receiving the card number transmitted from the member store terminal, the telephone number of the card member's mobile communication terminal registered in advance in the storage means of the center is searched based on the card number, and the card number is retrieved. The mobile communication terminal of the telephone number corresponding to the above is called, and when the use of the card is input from the mobile communication terminal, the use of the card is permitted.

In the present invention, if the called mobile communication terminal does not respond, or if the calling mobile communication terminal indicates that the card cannot be used, it is determined that the identity cannot be confirmed. Inform the member store that the use of the card is not permitted.

In the present invention, preferably, a password is input from the mobile communication terminal of the card user,
The password may be compared with a password registered in a storage device at the center, and if the passwords match, use of the card may be permitted.

Further, in the present invention, a password is inputted from the member store terminal or a card user's fingerprint is inputted, and the fingerprint information is collated at the center with the characteristic information registered in the database. Identity verification may be performed. And, as will be apparent from the following description, the above object is similarly achieved by the present invention described in each claim.

[0018]

Embodiments of the present invention will be described below. In one preferred embodiment of the present invention,
The authorization database installed at the center of the card company that is connected to the merchant terminal,
In correspondence with the card number (card ID), the telephone number of a mobile communication terminal such as a mobile phone or a PHS (Personal Handy Phone System) terminal owned by the card member is registered as personal information of the card member.

In the card creation procedure, the user writes the telephone number of the mobile communication terminal possessed by the user as required information in the application form when the card is created. As a result of examination of the application form by the card company, if the card is issued to the user, this phone number is a card number (ID) for uniquely identifying the issued card
Is registered in the database of the card company as member personal information. The password described in the application is also registered in the database in association with the card number (ID). If the card number of the mobile communication terminal owned by the card member is changed, the card member
Notifying the card company of that fact, the contents of the center database are updated.

In order to prevent unauthorized use of the card, whether or not to perform identity verification processing by calling the mobile communication terminal can be selected when the card is created. It is assumed that the setting as to whether or not to perform the identity verification process by calling can be changed. If the personal identification is not performed by calling the mobile communication terminal at the time of using the card, the personal identification will be performed according to the conventional procedure. Therefore, a member who does not have a mobile communication terminal can use the card as it is.

When a user uses a card at a member store, the center sends a call to the mobile communication terminal at the time of card use from a database based on the card number of the information transmitted from the member store terminal to the center. It is checked whether or not the mode is set to perform the identity verification. If the mode is to perform the identity verification by calling the mobile communication terminal when using the card, the telephone number corresponding to the card number is searched from the database.

At the center, a call is sent to the searched telephone number. In this case, preferably, the retrieved telephone number (calling telephone number) is set in the automatic dial transmitting device, so that the telephone is automatically transmitted to the mobile communication terminal.

When the user goes off-hook (ie, presses the talk button) upon receiving an incoming call notification (ringing or vibrator vibration) to the mobile communication terminal owned by the user, the user responds as to whether or not the card can be used. As described above, the mobile communication terminal is notified by voice guidance or character display.

[0024] A user operates the operation unit of the mobile communication terminal.
When the information indicating that the card is usable is input, the center that receives the information determines that the identity has been confirmed, and transmits a card usable notification to the member store to the terminal.

On the other hand, if the mobile communication terminal does not respond to the call from the center to the mobile communication terminal, and if the call cannot be connected even after performing a predetermined retry if necessary, Notify the member store that the card cannot be used.

When the user inputs information indicating that the card cannot be used from the operation unit of the mobile communication terminal, the center that has received the information transmits a notification that the card cannot be used to the member store terminal.

For example, when a third party steals a card member's card for unauthorized use or uses a forged card, the card member receives a call from a card company center to a mobile communication terminal, and the card member receives a call. Other than
The user can recognize that his / her card has been illegally used, and input information indicating that the card cannot be used from the mobile communication terminal to notify the center side.

[0028] In one embodiment of the present invention, the information indicating that the card can be used, which is input from the mobile communication terminal, may be a code specified in the guidance notified by the mobile communication terminal.

In this embodiment, the card user possesses a mobile communication terminal having a telephone number registered in advance when using the card in accordance with the contract (card usage rule). Answering the call to the mobile communication terminal of
It is assumed that the identity could be confirmed because the card usage was entered. When a cardholder makes a card payment for a product with a predetermined amount or more in a contract at the time of card creation, etc., he / she has confirmed that personal identification will be performed using a mobile phone, and has selected the personal identification mode using a mobile phone. In addition, since a large number of people have mobile phones today, it can be said that there is almost no burden on users to carry mobile phones.

In order to further enhance security, when the user receives an incoming call notification to the mobile communication terminal and goes off-hook, the user is provided with voice guidance or character display so that the user enters a password. The user who notifies the mobile communication terminal and recognizes the notification inputs a password of a predetermined number of digits from the mobile communication terminal, and the password is transmitted to the center side, and registered in the database at the center. The identity may be verified by comparing the password with the password.

Further, in another embodiment of the present invention, a password is inputted from the member store terminal instead of the password from the mobile communication terminal, and the password is transmitted to the center via a communication line. It may be. Also in this case, security can be improved by combining the system with a system for transmitting a call to the mobile communication terminal when receiving the card, receiving the response, and confirming the identity.

Further, in another embodiment of the present invention, the member store terminal includes a fingerprint input means, wherein the fingerprint information of the user is inputted from the fingerprint input means, and the inputted fingerprint information is transmitted to a communication line. , And may be transmitted to the center side, collated with the fingerprint information registered in the database corresponding to the card number, and the identity may be confirmed. At present, a device for performing authentication by fingerprint collation instead of inputting a user ID and password at the time of logging in to a computer has been developed, and the time required for fingerprint collation has been shortened. .

Further, in another embodiment of the present invention, when confirming that a card user who uses a card at a member store is a member who owns the card,
The center receiving the card number transmitted from the member store terminal searches the card member's e-mail address registered in advance in the center database based on the card number and transmits an e-mail asking whether the card can be used. When the user receives a reply mail indicating that the card can be used from a mobile communication terminal or the like having an e-mail sending / receiving function, the use of the card may be permitted.

In the above-described embodiment, when the card user does not succeed in making a call or the like to the mobile communication terminal possessed by the card member even though the card user is the person himself, The identity verification work is performed according to the conventional processing procedure, and the inconvenience of the user due to the introduction and operation of the system of the present invention (a situation in which the card cannot be used) does not occur.

In one embodiment of the present invention, a center that is communicatively connected to a member store terminal equipped with a card reading device and manages the card is associated with the member's card number and as the member's personal information, A database for storing and holding telephone numbers of mobile communication terminals owned by the member; (a) when a card user uses a card at a member store, based on the card number of information transmitted from the member store terminal, Searching the database to obtain a telephone number corresponding to the card number; (b) automatically transmitting a call to the mobile communication terminal of the obtained telephone number; When the mobile phone receives an incoming call notification to the mobile communication terminal and goes off-hook, transmits guidance information to the mobile communication terminal to instruct whether to use a card. Processing, and (d) when the user inputs a card usable from the mobile communication terminal, receives the card usable information via a wireless communication line and a telephone network, and notifies the card usable. To the member store terminal, on the other hand, when the user inputs the card unusable information from the mobile communication terminal, receives the card unusable information via a wireless communication line and a telephone network,
Transmitting a notification to the effect that the card cannot be used to the member store terminal. Each of the processes (a) to (d) is realized by executing a program on a computer at the center.

[0036] In another embodiment of the present invention, a center which is communicatively connected to a member store terminal equipped with a card reading device and manages the card is associated with the member's card number and used as the member's personal information. A database for storing and holding the telephone number and password of the mobile communication terminal owned by the member, and (a) when the user uses the card at the member store, the card number of the information transmitted from the member store terminal (B) searching the database to obtain a telephone number corresponding to the card number; (b) automatically sending a call to the mobile communication terminal of the obtained telephone number; When the user goes off-hook in response to the incoming call notification to the mobile communication terminal, the user transmits guidance information for instructing the user to input a password to the mobile communication terminal. Processing, (d) when the user inputs a password from the operation unit of the mobile communication terminal, receives the password transmitted via a wireless communication line and a telephone network, and refers to the database from the password The password registered in correspondence with the card number, and as a result of the collation, if the password matches, a notification that the card can be used is transmitted to the member store terminal;
If the passwords do not match, a process of transmitting a notification to the effect that the card cannot be used to the member store terminal is executed. Each of the processes (a) to (d) is realized by executing a program on a computer at the center.

In still another embodiment of the present invention, a center for communication and management of a card, which is connected to a member store terminal provided with a card reading device, associates the member's personal information with the member's card number. A member having a mobile communication terminal having an e-mail transmission / reception function is provided with a database for storing the e-mail address of the member, and (a) transmitted from the member store terminal when the card user uses the card at the member store Searching the database based on the card number of the information to obtain the mail address corresponding to the card number; (b)
A process of automatically sending an e-mail for inquiring of the use of a card to the e-mail address, and (c) the user retrieves the e-mail transmitted from the center by the mobile communication terminal, When returning a card-usable mail, a notification to the effect that the card is usable is transmitted to the member store terminal, while, when the user returns a card-unusable mail from the mobile communication terminal, Transmitting a notification to the effect that the card cannot be used to the member store terminal. Each of the processes (a) to (c) is realized by executing a program on a computer at the center.

In the above embodiment, each of the above processes is
A recording medium (FD (floppy (registered trademark) disk)), a CD-ROM, a DVD (digital versatile disk) storing a program to be executed by the computer of the center.
sk), an HDD (hard disk medium), a magnetic tape, a semiconductor memory, etc.), read the program to a computer, execute the program, or download the program from a remote server device or the like to a computer at the center via a communication medium, install the program, and install the program. The present invention can be carried out by executing.

[0039]

BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a block diagram showing an embodiment of the present invention;

FIG. 1 is a diagram showing a system configuration according to an embodiment of the present invention. Referring to FIG. 1, one embodiment of the present invention includes a member store terminal 2 equipped with a credit card reader, a credit card company center 1 connected to the member store terminal 2 via a communication line 3, and performing card management. , Is provided. The center 1 of the credit card company, which is communicatively connected to the member store terminal 2, is connected, for example, by a dedicated communication line 3. In addition to a terrestrial network such as a public network,
You may connect by a satellite communication line etc. Although FIG. 1 shows one member store terminal 2 for simplicity, usually,
A plurality of member store terminals 2 are connected to the center 1. As the member store terminal 2 provided with the credit card reader, a terminal having a well-known configuration is used, and in the present embodiment, an existing terminal in the member store is used as it is.

The outline of the processing operation of the embodiment of the present invention is as follows.

When the user 7 uses the card for payment at the time of purchasing a product at a card member store, the card 8 of the user 7 is used.
To the clerk (not shown) of the member store, the card information is read by the member store terminal 2, and the card information and the sales information are transmitted from the member store terminal 2 to the center 1 via the communication line 3. .

The center 1 retrieves the telephone number of the user's mobile phone registered in advance from the card number transmitted from the member store terminal 2 and transmits the telephone number to the user's mobile phone 6.

The call from the center 1 arrives at the mobile telephone 6 of the user 7 via the telephone network 4 and the wireless base station 5 for managing the zone of the mobile telephone 6. The user is a mobile phone 6
The call is connected in response to the incoming call notification, and the use of the card is permitted when a message indicating that the card can be used is input from the mobile phone 6.

Although a mobile telephone will be described as an example of a mobile communication terminal carried by a user, a PHS (Personal Handy Phone System) terminal (simple mobile telephone) may of course be used.

FIG. 2 is a diagram showing an example of the configuration of the center 1 in one embodiment of the present invention. FIG. 2 shows only components related to the card unauthorized use prevention function, which is a main part of the present invention, in the center 1, and other components are omitted.

Referring to FIG. 2, the center 1 in one embodiment of the present invention registers a member's mobile phone number, password, etc. as member information in association with a card number (ID) for each member. And a communication line interface 18 for providing an interface for transmitting and receiving data between the member store terminal 2 via the communication line 3 and a communication for receiving card information transmitted from the member store terminal 2 A card number acquiring unit 10 for receiving card information from the line interface 18 and acquiring a card number;
The card number acquired by the card number acquiring unit 10 is received, the database 12 is searched from the card number, and from the record data corresponding to the card number, it is determined whether or not the mode for performing the personal identification by the mobile phone is set. A personal identification necessity determining unit 11 for confirmation, and a mobile telephone number acquiring unit 1 for acquiring a telephone number corresponding to the card number from a database 12 when personal identification is performed by a mobile phone.
3 and the telephone terminal interface 15 to automatically send a call to the card user's mobile phone based on the telephone number passed from the mobile phone number acquisition unit 13, and send a response and guidance from the card user's mobile phone. And a telephone call / answer control unit 14 for managing a card user and a cellular phone 6 of a card user.
The card use availability determination unit 16 that determines whether the card can be used based on the input information from the operation unit, and the determination result of the card availability determination unit 16 are transmitted to the communication line interface 1.
And a card-usability notifying unit 17 that transmits the card-usability information to the member store terminal 2 via the terminal 8. The processing and functions of the above-described units in the center 1 are realized by program control executed on a computer in the center 1. Note that the communication line 3 may be a telephone network.

When the portable telephone 6 responds to the call from the center 1 to the portable telephone 6 (see FIG. 1) and the card usable information is inputted, the card usable information is transmitted to the telephone network 4. Based on the information received from the telephone call / answer control unit 14 via the telephone, the card use determination unit 16 determines that the card can be used.

On the other hand, if information indicating that the card cannot be used is input from the mobile phone 6, or if the mobile phone 6 does not respond to a call to the mobile phone 6 (including out of service area, power off, etc.), the card Usability judgment unit 1
No. 6 disables card use. The telephone transmission / response control unit 14 has a timeout management function for receiving an incoming call response to a call of the mobile phone 6.

At the time of card creation, the user must specify in the application whether or not to perform identity verification using a mobile phone, and when performing identity verification using a mobile phone, the telephone number and password of the mobile phone possessed by the user. And the telephone number of the mobile phone and, if necessary, the password are registered in the database 12 in association with the card number (ID).

A cardholder who already has a card can receive the service of the system according to the present invention only by notifying the card company of the mobile phone number owned by the cardmember, and can newly receive the card. There is no need to issue it.

FIG. 3 is a diagram schematically showing an example of the configuration of the database 12 for managing card members in one embodiment of the present invention. Referring to FIG. 3, in addition to the card number (identification information) and personal information such as the name, gender, age, and address of the card member, information as to whether or not personal identification is performed by the mobile phone when using the card, Includes the phone number of the member's mobile phone, password information, and the like in the case of performing identity verification according to each entry. In addition to the above, the database 12 includes history information of card use and various kinds of information for credit check. However, since these information are not directly related to the subject of the present invention, none of them is omitted. I have.

FIG. 4 shows a user 7 (mobile phone 6), a member store terminal 2, and a center 1 in one embodiment of the present invention.
FIG. 4 is a diagram for explaining the processing flow of FIG. 1 to 4
The operation of one embodiment of the present invention will be described with reference to FIG.

When the user 7 uses a card at a member store (step S1), the card is read at the member store terminal 2 (step S2), and card information and sales information are transmitted to the center 1.

The center 1 receives the information from the member store terminal 2 and notifies the user that the card can be used when identification is not required, for example, when the usage amount is low. This is performed (NO in step S3).

On the other hand, in the case of payment of a high price by a card, the center 1 refers to the database 12 and
Based on the card number, it is checked whether or not the mode for performing identity verification using the mobile phone when using the card is set (step S4). If the mode for performing identity verification using the mobile phone is not set, the center 1 is assigned as before. The user calls the user to a telephone port installed in the member store to perform identity verification and the like (step S5).

If the mobile phone is set to the mode for personal identification, the phone number of the mobile phone registered corresponding to the card number is searched and acquired from the database 12 (step S6). Is automatically dialed (step S7).

When the user depresses the call button (off-hook) in response to the ringing of the mobile phone 6 (step S8), the center 1 receives this response ("respond" in step S9). Guidance transmission is performed (step S10). The guidance may be audio or text information. For example, in the case of voice guidance, such guidance information as "Thank you for using our credit card. If you can use the card for now, please enter the permission." The storage and transmission control of the guidance information is performed by the telephone call / answer control unit 16 and the telephone terminal interface 15.

This guidance information may be notified of store information of a member store where the card is used. When the card user is a person other than the card member, the card member can recognize from the guidance information that the card has been illegally used and the location thereof.

The user inputs, from the mobile phone 6, an input indicating whether or not the card can be used (numbers and # agreed with the card company) (step S11). The input information on whether the card is usable or unusable may be a number (for example, 1 for usable and 0 for non-usable) determined at the time of card creation or a predetermined operation button.

The center 1 judges the card use information transmitted from the mobile phone 6, judges the use of the card (step S12), and notifies the member store terminal 2 of the result of the use judgment.

By the way, users who have used this system many times and are already accustomed to inputting whether or not a card can be used with a mobile phone and who do not need to give detailed guidance notification can simplify or omit the guidance information. You may make it. Guidance necessity / unnecessity for each member is registered and managed as needed in the database 12 of the center 1 for each member.

The user 7 inputs the card-usable information from the mobile phone 6 and a notification (card-usable notification) to the effect that the user is confirmed to be the identity is transmitted to the member store terminal 2. Then, the payment is made by the card. That is, the user enters a signature on the statement slip, and the product purchase processing using the card is completed.

On the other hand, as a result of waiting for an incoming call response in step S9 of FIG. 4, if there is no response from the mobile phone 6 due to a timeout or the like (including out of service area, power-off, etc., the center 1) will The terminal 2 is notified that the card cannot be used.

In one embodiment of the present invention, if the user is a card member and the mobile phone is not carried at the time of using the card, or the mobile phone cannot respond due to battery exhaustion, etc. Via a conventional method, the card is used after confirming the identity with the card company. Note that, in the above-described embodiment, an example is described in which a configuration in which a call is automatically sent to the telephone number of the mobile phone retrieved from the card number is used. However, an operator or the like manually operates based on the telephone number of the mobile telephone retrieved from the card number. The present invention is, of course, applicable to a business operation mode in which a call is transmitted to a mobile phone.

Next, a second embodiment of the present invention will be described. In the second embodiment of the present invention, a card user inputs a password from the mobile phone 6 in response to a call made from the center 1 to the mobile phone 6 for identification. In the second embodiment of the present invention, the basic configuration of the system is the same as that shown in FIG.

FIG. 5 is a diagram showing the configuration of the center 1 according to the second embodiment of the present invention. Referring to FIG. 5, in the second embodiment of the present invention, the card use determination section 16 of the first embodiment is replaced with a password authentication section 19. In the second embodiment of the present invention, the configurations of the card number acquisition unit 10, the identity confirmation necessity determination unit 11, the mobile phone number acquisition unit 13, and the telephone call / answer control unit 14 are basically the same as those of the first embodiment. Are identical. The processing and functions of the above-described units in the center 1 are realized by program control executed on a computer in the center 1.

In the second embodiment of the present invention, the center 1 of the card company, which has received the card number read by the member store terminal 2, automatically sends the telephone number of the user's mobile phone 6, When a password of a predetermined number of digits is input from the telephone 6, the telephone terminal interface 15, which has received the password as a PB (push button) signal from the telephone network 4, receives the password via the telephone transmission / response control unit 14. Password (converted to text code)
The password is supplied to the password authentication unit 19.

The password authentication unit 19 checks the received password against the password registered in the database 12 corresponding to the card number, and if they match, determines that the identity can be confirmed and determines that the card can be used. .

On the other hand, if the passwords are not identical in the password authentication unit 19, guidance such as a predetermined number of retry inputs is transmitted via the telephone transmission / response control unit 14 to the portable telephone 6.
And the password input and collation processing is performed again. If the passwords do not match even after retry input, it is determined that the card cannot be used. The card availability notification unit 17 notifies the member store terminal 2 of the card availability / card unusability based on the determination result of the password authentication unit 19.

FIG. 6 is a diagram for explaining the processing flow of the user 7 (mobile phone 6), the member store terminal 2, and the center 1 in the second embodiment of the present invention. 6, the description of the same processing as in FIG. 4 is omitted, and only the differences will be described below.

When the center 1 sends a call to the mobile phone 6 (step S7) and the mobile phone 6 goes on-hook and receives a response, the center 1 transmits guidance information on password entry to the mobile phone 6 (step S1).
0). When the user inputs a password (for example, a four-digit number) from the operation unit of the mobile phone 6, the password is transmitted to the center 1, the password is verified by the password authentication unit 19 (step S14), and the authentication is OK (OK). (Step S1
5) The center 1 notifies the member terminal 2 that the card can be used.

If the passwords still do not match after the predetermined number of retries, the password authentication unit 19 determines that the password authentication is NG (impossible) (NO in step S15), and notifies the member store terminal 2 of a card unusable notification.

As described above, according to the second embodiment of the present invention, when the user 7 is notified of an incoming call to the portable telephone 6 and goes off-hook, the voice guidance or the character The user notifies the mobile phone 6 by the display, and the user who recognizes the notification inputs a password of a predetermined number of digits from the mobile phone 6, and the password is transmitted to the center 1 side. The identity is verified by comparing the password with a password registered in the database 12, thereby improving security.

In each of the above-described embodiments, the existing terminal can be used as a member store terminal as it is. In carrying out the present invention, an increase in development cost and a burden on the member store are required. Is restrained from increasing.

The present invention can be variously modified in addition to the above embodiment. As a modified example, a third embodiment of the present invention will be described. The third embodiment of the present invention is a modification of the second embodiment of the present invention in which user authentication is performed using a password input from a member store terminal. FIG. 7 is a diagram for explaining a third embodiment of the present invention.

Referring to FIG. 7, when the user 7 uses the card, the card information obtained from the card reader of the member store terminal 2 is received by the center 1 and the user 7 calls the mobile phone 6 until the user 7 calls the mobile phone 6. It is the same as the embodiment. When the user 7 responds to the incoming call to the mobile phone 6 and inputs that the card can be used, a first-stage identity verification is performed, and at this time, the call connection between the center 1 and the mobile phone 6 is disconnected.

Subsequently, when the user 7 inputs his / her own password from the password input unit 21 such as the keyboard or numeric keypad of the member store terminal 2, the password information is transmitted to the center 1 and registered in the database 12. Is checked against the existing password.

Next, a fourth embodiment of the present invention will be described. In the fourth embodiment of the present invention, the authentication of the user is performed by comparing the fingerprint information registered in the center 1 in advance at the time of card creation or the like. FIG. 8 is a diagram for explaining a fourth embodiment of the present invention.

At the time of using the card, the user 7 replaces the password input of the third embodiment with the fingerprint input device 22.
A predetermined finger is placed on the device to input a fingerprint. Fingerprint input device 22
From the fingerprint information (image information) input from, predetermined characteristic information is extracted in the fingerprint input device 22, and the extracted characteristic information is transmitted to the center 1. The personal information is collated with the fingerprint characteristic information registered as the personal information, and the identity is confirmed. In addition, an image input device is provided as the fingerprint input device 22, and the fingerprint image information acquired by the image input device is transmitted to the center 1, and the center 1 performs fingerprint collation processing from the received fingerprint image information. It may be configured.

When the payment amount using a credit card or the like becomes large, security management is improved by a combination of calling of a mobile phone, fingerprint collation, and the like.

Next, a fifth embodiment of the present invention will be described. FIG. 9 is a diagram showing the configuration of the fifth embodiment of the present invention. Referring to FIG. 9, in the fifth embodiment of the present invention, when a card member possesses a mobile phone or a PHS terminal having an e-mail function, the identity verification is performed from the center 1 by the card member. When a card user sees this e-mail and sends a reply mail to the center 1, the card user is permitted to use the card.

Referring to FIG. 9, a portable telephone 6 is connected to a server (SMTP (Simple Mail Tr
(Ansfer Protocol) server, a mail server such as a POP server, a DNS server) 51, and the Internet 9. In the wireless packet service,
The wireless base station 5 is connected to the Internet via a packet controller, a gateway, and a router (not shown).

In confirming that the user 7 who uses the card 8 at the member store is the member who owns the card, the center 1 receiving the card number transmitted from the member store terminal 2 uses the card number based on the card number. Then, the mail address of the card member registered in advance in the database of the center 1 is searched, and an e-mail is sent to the mail address to inquire about the availability of the card.

The user 7 retrieves the received mail from the mail server (not shown) using the mobile phone 6 having the electronic mail sending / receiving function, and if the card can be used, sends a reply mail to the center 1 to that effect. Send. When the center 1 receives the reply mail from the mobile phone 6, the use of the card is permitted.

On the other hand, when a person other than the card member illegally uses the member's card, etc., the card member who knows this fact by e-mail taken out from the mobile phone 6 sends a reply mail indicating that the card cannot be used to the center 1. Send to When the center 1 receives a reply e-mail from the mobile phone 6 indicating that the card cannot be used, the center 1 notifies the member store that the use of the card is not permitted. If an e-mail cannot be sent to the registered e-mail address of the member, or if a reply e-mail is not returned to the center, the member store is notified that the card cannot be used.
In this case, the above-described conventional identity verification procedure is performed.

FIG. 10 is a diagram showing the configuration of the center according to the fifth embodiment of the present invention. Referring to FIG. 10, the center 1 differs from the configuration of the embodiment shown in FIG. 2 in that a mail address obtaining unit 23, a mail transmitting / receiving unit 24, and an Internet protocol communication unit 25 serving as an interface with the Internet 9 are provided. And

The database 12 stores mail addresses of members having mobile communication terminals having transmission / reception functions.

The mail address acquiring section 23 retrieves and acquires a mail address corresponding to the card number from the database 12 based on the card number.

The mail transmission / reception section 24 automatically sends an e-mail of the content for inquiring of the use of the card to the mail address obtained by the mail address obtaining section 23 and manages the reception of the reply mail.

The card-usability judging section 16 correctly sends the mail transmitted by the mail transmitting / receiving section 24 to the destination, receives a reply mail from the destination (user's mobile phone 6), and finds that the card is usable. It is determined whether the card is unusable.

[0092] When a card usable e-mail is returned from the mobile phone 6, the card use propriety notifying section 17 transmits a notice indicating that the card is usable to the member store terminal 2, while the card is used by the user. When a mail indicating that the card cannot be used is returned from the telephone set 6, or when the reply mail cannot be received within a predetermined time, a notification that the card cannot be used is transmitted to the member store terminal 2. Also in the present embodiment, the processing and functions of the above-described units in the center 1 are realized by program control executed on the computer of the center 1.

In the mobile communication terminal equipped with a simple browser function and capable of accessing the server group and the Internet, when entering a password, the mobile communication terminal accesses the website of the center 1 (user ID). , Password input), the center 1 may recognize this access and perform identity verification.

In the above embodiment, the use of a credit card has been described as an example. However, the “card” in the present specification is not limited to a credit card issued and managed by a credit card company. It is applicable to any card as long as it is a member card that can purchase goods at a card member store and receive a loan.

The configuration of the center shown in the drawings is only an example of the functional configuration, and the present invention is not limited to the configuration of the above-described embodiment. It goes without saying that various changes and modifications that can be made by those skilled in the art are included in the scope of the claims of the present invention.

[0096]

As described above, according to the present invention, the following effects can be obtained.

The first effect of the present invention is that when a user uses a card, the user's mobile communication terminal is called from the telephone number of the member's mobile communication terminal registered in advance at the center, and the card is used. By using a configuration that checks whether or not it can be used, labor for identity verification can be reduced, and development costs,
This means that unauthorized use of the card can be prevented while suppressing an increase in capital investment.

The second effect of the present invention is that, by appropriately using a combination of input of card use / non-use from a mobile communication terminal, input of a password, and fingerprint information which characterizes an individual, a desired security level can be obtained. It is possible to build a system that eliminates unauthorized use.

[Brief description of the drawings]

FIG. 1 is a diagram schematically illustrating a system configuration according to a first embodiment of the present invention.

FIG. 2 is a diagram showing a configuration of a center in the first embodiment of the present invention.

FIG. 3 is a diagram schematically illustrating an example of a database of a center according to the first embodiment of the present invention.

FIG. 4 is a diagram for explaining a processing flow of the first embodiment of the present invention.

FIG. 5 is a diagram showing a configuration of a center according to a second embodiment of the present invention.

FIG. 6 is a diagram illustrating a processing flow according to a second embodiment of the present invention.

FIG. 7 is a diagram schematically showing a system configuration according to a third embodiment of the present invention.

FIG. 8 is a diagram schematically illustrating a system configuration according to a fourth embodiment of the present invention.

FIG. 9 is a diagram schematically illustrating a system configuration according to a fifth embodiment of the present invention.

FIG. 10 is a diagram showing a configuration of a center according to a fifth embodiment of the present invention.

[Explanation of symbols]

 1 Center 2 Merchant terminal 3 Communication line 4 Telephone network 5 Wireless base station 6 Mobile communication terminal (mobile phone, PHS terminal) 7 User (user) 8 Card (credit card) 9 Internet 10 Card number acquisition unit 11 Identity verification Necessity determination unit 12 Database 13 Mobile phone number acquisition unit 14 Call origination / answer control unit 15 Telephone terminal interface 16 Card availability determination unit 17 Card availability notification unit 18 Communication line interface 19 Password authentication unit 21 Password input unit 22 Fingerprint input Device 23 E-mail address acquisition unit 24 E-mail transmission / reception unit 25 Internet protocol communication unit

────────────────────────────────────────────────── ───

[Procedure amendment]

[Submission date] December 25, 2000 (200.12.
25)

[Procedure amendment 1]

[Document name to be amended] Statement

[Correction target item name] Claims

[Correction method] Change

[Correction contents]

[Claims]

Claims (22)

[Claims] Claims: 1. To confirm that a card user who uses a card at a member store is a member who owns the card, the card number read by the member store terminal and transmitted from the member store terminal is received. In the center, based on the card number, retrieves the telephone number of the mobile communication terminal of the card member registered in advance in the storage means of the center, calls the mobile communication terminal of the telephone number corresponding to the card number, A method for preventing unauthorized use of a card, wherein the use of the card is permitted when a message indicating that the card can be used is input from the mobile communication terminal. 2. When the mobile communication terminal does not respond to the call, and when the mobile communication terminal responding to the call inputs that the card cannot be used,
The center determines that the identity cannot be verified,
Notify the member store that the card cannot be used,
2. The method for preventing unauthorized use of a card according to claim 1, wherein: 3. In order to confirm that a card user who uses a card at a member store is the member who owns the card, a card number read by the member store terminal and transmitted from the member store terminal is received. In the center, based on the card number, retrieves the telephone number of the mobile communication terminal of the card member registered in advance in the storage means of the center, calls the mobile communication terminal of the telephone number corresponding to the card number, When the password is input from the mobile communication terminal, the center receiving the password replaces the received password with the password of the member corresponding to the card number, which is registered in advance in the storage means of the center. And, if these passwords match, the use of the card is permitted. Positive use prevention method. 4. A method according to claim 1, wherein said calling mobile communication terminal does not respond, and a password input from said calling mobile communication terminal corresponds to said card number registered in a storage means of said center in advance. 4. The unauthorized use of a card according to claim 3, wherein if the password does not match the member's password, it is determined that the identity cannot be confirmed, and the member store is notified that the card cannot be used. Prevention method. 5. The center which is connected to the member store terminal and manages the card by associating with the card number of the member, and as the member's personal information, the telephone number of the mobile communication terminal possessed by the member. When a user uses a card at a member store, the center that has received the card number read by the member store terminal searches the database based on the card number. First to get the phone number corresponding to the number
And a second step of transmitting from the center to the mobile communication terminal of the obtained telephone number, and receiving the incoming call from the center to the mobile communication terminal, When the information corresponding to the card use is input from the operation unit of the mobile communication terminal, and the center side receives the information corresponding to the card use from the mobile communication terminal, it is confirmed that the user is the principal. A third step of transmitting, from the center, a notification to the effect that the card can be used to the member store terminal; and a case where the called mobile communication terminal does not respond, and When information indicating that the card cannot be used is input from the mobile communication terminal and the center receives the information that the card cannot be used, the center notifies the card that the card cannot be used. , Fourth to be transmitted to the member store terminal
And fraudulently preventing the card. 6. The center which is connected to the member store terminal for communication and manages the card by associating the member's card number with the telephone number of the mobile communication terminal owned by the member as personal information of the member. A database for storing and storing passwords is provided. When a user uses a card at a member store, the center receiving the card number read by the member store terminal searches the database based on the card number. , Obtaining a telephone number corresponding to the card number
And a second step of transmitting from the center to the mobile communication terminal of the obtained telephone number, and receiving the incoming call from the center to the mobile communication terminal, When a password is input from the operation unit of the mobile communication terminal and the password transmitted from the mobile communication terminal is received on the center side, the received password is registered in the database in advance. The center checks the password of the member corresponding to the number, and if the passwords match each other, the center permits a use of the card, a third step, wherein the called mobile communication terminal does not respond, and The password entered from the called mobile communication terminal corresponds to the card number registered in the database in advance. If the password does not match the member's password, the center determines that the identity cannot be verified, and notifies the member store that the card cannot be used. Card fraud prevention method. 7. The user inputs a password from the member store terminal in place of the password input from the mobile communication terminal, and the input password is transmitted to the center via a communication line. 7. The card fraud prevention method according to claim 6, wherein password authentication is performed on the center side. 8. A fingerprint input means is provided on the member store terminal side, and fingerprint information of the user is inputted from the fingerprint input means, and the inputted fingerprint information is transmitted to the terminal via a communication line. The identity is transmitted to a center side, and the center performs identity verification by collating the fingerprint information with fingerprint information registered in the database in association with the card number. Item 6. The card fraud prevention method according to Item 5. 9. When confirming that a card user who uses a card at a member store is the member who owns the card, the card number read by the member store terminal and transmitted from the member store terminal is received. The center searches the card member's e-mail address registered in the storage means of the center in advance based on the card number, and sends an e-mail asking whether the card can be used. Receiving a reply e-mail indicating that the card can be used from the company, permitting the use of the card. 10. A device which is communicatively connected to a member store terminal to prevent unauthorized use of a card at the member store, wherein the member possesses personal information of the member in association with the card number of the member. A storage unit for storing and holding a telephone number of the mobile communication terminal; when a card user uses a card at a member store, the storage unit searches the storage unit based on the card number among information transmitted from the member store terminal. Means for acquiring a telephone number corresponding to the card number; means for automatically transmitting the acquired telephone number to a mobile communication terminal; and responding to an incoming call to the mobile communication terminal, When the card use information is input from the operation unit of the mobile communication terminal, the input information is received via a wireless communication line and a telephone network, and a notification that the card can be used is transmitted to the member store terminal. Means, when the mobile communication terminal does not respond, and when the user inputs card unusable information from the mobile communication terminal, and transmits the card unusable information via a wireless communication line and a telephone network. Means for transmitting, when received, a notification that the card cannot be used to the member store terminal, a card unauthorized use prevention control device. 11. A device which is communicatively connected to a member store terminal to prevent unauthorized use of a card at said member store, wherein said member possesses personal information of said member in association with a card number of said member. A storage unit for storing and holding the telephone number of the mobile communication terminal and the password of the member, when the card user uses the card at the member store, of the information transmitted from the member store terminal, based on the card number, Means for searching the storage means and obtaining a telephone number corresponding to the card number; means for automatically transmitting the obtained telephone number to a mobile communication terminal; and responding to an incoming call to the mobile communication terminal. Then, when the user inputs a password from the operation unit of the mobile communication terminal, receives the password transmitted via a wireless communication line and a telephone network, and The storage means is compared with the password registered in association with the card number, and when the passwords match, a notification that the card can be used is transmitted to the member store terminal, while, when the passwords do not match, Means for transmitting a notification that the card cannot be used to the member store terminal. 12. An apparatus which is communicatively connected to a member store terminal to prevent unauthorized use of a card at the member store, wherein the member possesses personal information of the member in association with the card number of the member. A storage unit for storing and holding an e-mail address for a mobile communication terminal; when a card user uses a card at a member store, the storage unit is searched based on the card number in information transmitted from the member store terminal Means for acquiring an e-mail address corresponding to the card number; means for automatically sending an e-mail inquiring whether the card can be used to the acquired e-mail address; and wherein the user is transmitted from the center. When a mail is taken out by the mobile communication terminal and a card usable mail is returned from the mobile communication terminal, a notice to the effect that the card can be used is sent to the member. Means for transmitting to the member terminal, sending a notification indicating that the card cannot be used to the member store terminal when the user replies to the mobile communication terminal with a mail indicating that the card cannot be used. A control device for preventing unauthorized use of a card. 13. A system for preventing unauthorized use of a card in a card authorization system, comprising: a member store terminal provided with a card reading device; and a center which is connected to said member store terminal and manages cards. A database that stores the telephone number of the mobile communication terminal possessed by the member as personal information of the member in association with the card number of the member; Means for searching the database based on the card number out of the information transmitted from the shop terminal, and acquiring a telephone number corresponding to the card number; and automatically transmitting the acquired telephone number to the mobile communication terminal of the acquired telephone number. Sending means; and a card usable when the user goes off-hook upon receiving an incoming call notification to the mobile communication terminal. Means for transmitting guidance information for instructing input of the card to the mobile communication terminal to the mobile communication terminal; and when the user inputs information indicating that the card can be used from the operation unit of the mobile communication terminal, the card can be used. Means for receiving information via a wireless communication line and a telephone network, and transmitting a notification to the effect that the card can be used to the member store terminal, and in a case where the mobile communication terminal does not respond to a call from the center, And, when the user inputs card unusable information from the operation unit of the mobile communication terminal and receives the card unusable information via a wireless communication line and a telephone network, the card is unusable. And means for controlling transmission of the notification to the member store terminal. 14. A card unauthorized use prevention system in a card authorization system, comprising: a member store terminal provided with a card reading device; and a center which is connected to the member store terminal and manages cards. A database for storing and holding the telephone number and password of the mobile communication terminal owned by the member as personal information of the member in association with the card number of the member; Means for searching the database based on the card number of the information transmitted from the member store terminal to obtain a telephone number corresponding to the card number, and for the mobile communication terminal of the obtained telephone number Means for automatically transmitting a call to the mobile communication terminal; Means for transmitting guidance information for instructing input of a word to the mobile communication terminal; and, when the user inputs a password from the operation unit of the mobile communication terminal, via a wireless communication line and a telephone network. Receiving the password transmitted by the user, referring to the database from the password, collating the password with the password registered corresponding to the card number, and as a result of the collation, if the password matches, the card is usable. Means for transmitting a notification to the effect that the mobile communication terminal does not respond to the call from the center, and, if the password does not match as a result of the password verification, the card A means for controlling the transmission of a notification that the card cannot be used to the member store terminal. Prevention system. 15. A card unauthorized use prevention system in a card authorization system, comprising: a member store terminal provided with a card reading device; and a center which is connected to said member store terminal and manages cards. A database for storing and holding a mail address for the mobile communication terminal for a member having a mobile communication terminal having a mail transmission / reception function as personal information of the member in association with the card number of the member; Means for searching the database based on the card number of the information transmitted from the member store terminal when the user uses the card at the member store, and obtaining an e-mail address corresponding to the card number; Automatically send an e-mail to the specified e-mail address asking if the card can be used And when the user retrieves the mail transmitted from the center with the mobile communication terminal and returns a card-usable mail from the mobile communication terminal, notifies the card that the card can be used. Means for transmitting to the member store terminal; if there is no response from the mobile communication terminal, and if a mail indicating that the card cannot be used is returned from the mobile communication terminal, a message indicating that the card cannot be used. Means for controlling transmission of a notification to the member store terminal. 16. The database has an area for recording, for each of the members, whether or not to perform identity verification by calling a mobile communication terminal when using a card, and perform identity verification by calling a mobile communication terminal. The system for preventing unauthorized use of a card according to any one of claims 13 to 15, wherein the setting of whether or not the card is allowed to be changed can be freely changed. 17. A fingerprint input device connected to the member store terminal for inputting fingerprint information, wherein the fingerprint information of the user is input from the fingerprint input device, and the input fingerprint information is stored in the member store. The terminal transmits the fingerprint information to the center side via a communication line. The center compares the fingerprint information with fingerprint information registered in the database in association with the card number, thereby identifying the user. 15. The system for preventing unauthorized use of a card according to claim 13 or 14, wherein confirmation is performed. 18. The member store terminal includes a password input means, and the user inputs a password through the password input means of the member store terminal instead of inputting a password from the mobile communication terminal. Password
Transmitted to the center side via a communication line, the center receives the password, refers to the database from the password, and matches the password registered with the card number. The system for preventing unauthorized use of a card according to claim 14, characterized in that: 19. A center which is communicatively connected to a member store terminal provided with a card reading device and manages cards, in correspondence with the member's card number, and as the member's personal information, the telephone number of the mobile communication terminal (A) when a card user uses a card at a member store, searches the database based on the card number among the information transmitted from the member store terminal, and responds to the card number (B) automatically transmitting a call to the mobile communication terminal with the obtained telephone number; and (c) receiving an incoming call notification to the mobile communication terminal. Transmitting to the mobile communication terminal guidance information for instructing the user to input whether or not the card can be used when the user goes off-hook. When the card usable information is input from the operation unit of the mobile communication terminal, the card usable information is received via a wireless communication line and a telephone network, and a notification that the card is usable is transmitted to the member store terminal. On the other hand, when the user inputs the card unusable information from the operation unit of the mobile communication terminal, the card unusable information is received via a wireless communication line and a telephone network, and the card cannot be used. A recording medium on which is recorded a program for transmitting a notification to the effect that a notification to the effect is sent to the member store terminal, and a program for executing each of the processes (a) to (d) on a computer at the center. 20. A center which is connected to a member store terminal equipped with a card reading device and manages cards, wherein the personal information of the member is associated with the telephone number of the mobile communication terminal in association with the member's card number. (A) When a user uses a card at a member store, the database is searched based on the card number among the information transmitted from the member store terminal, and a database is stored. A process of obtaining a corresponding telephone number; (b) a process of automatically transmitting a call to the mobile communication terminal of the obtained telephone number; and (c) a notification of an incoming call to the mobile communication terminal by the user. A process of transmitting, to the mobile communication terminal, guidance information for instructing a password to be input when the mobile communication terminal receives the off-hook; When the password is input from the operation unit of the communication terminal, the password transmitted via the wireless communication line and the telephone network is received, and the database is referred to from the password and registered corresponding to the card number. Check with the password, and if the result of the check is a match, a notification to the effect that the card can be used,
Sent to the merchant terminal, if the password does not match,
A recording medium storing a program for transmitting a notification that the card cannot be used to the member store terminal, and a program for causing the computer of the center to execute each of the processes (a) to (d). . 21. A mobile terminal having a mail transmitting / receiving function as a member's personal information in correspondence with a member's card number in a center for managing cards connected to a member store terminal provided with a card reader. A database that stores the mail address of the member having the communication terminal; and (a) when a card user uses a card at a member store, based on the card number of the information transmitted from the member store terminal, A process of searching a database to obtain the mail address corresponding to the card number; (b) a process of automatically sending an e-mail to the mail address asking whether the card can be used; and (c) the user. Retrieves the mail transmitted from the center by the mobile communication terminal and uses the card from the mobile communication terminal. If a reply is sent to the member store terminal, a notification indicating that the card is usable is sent to the member store terminal.If the user returns a mail indicating that the card cannot be used from the mobile communication terminal, the card is returned. A recording medium on which is recorded a program for causing the member store terminal to transmit a notification indicating that the service cannot be used, and for executing the processes (a) to (c) on a computer at the center. 22. The recording medium according to claim 19, wherein the fingerprint information of the user input from a fingerprint input device connected to the member store terminal is transmitted from the member store terminal to the member store terminal. Transmitted to the center side via a communication line, and the center performs identity verification by comparing the fingerprint information with fingerprint information registered in the database in association with the card number. A recording medium on which a program for causing a computer of the center to execute processing is recorded.