JP2002042028A - Fraudulent use preventive system for card and the like - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a card system having high safety by a fraudulent use preventive system and a settling method of card and the like. SOLUTION: In a system or a method for settling commercial transactions by using a card, a card holder previously informs a certification center of the use form of settling the card, and accesses the certification center side on the settling side at settling time, and confirms the use form of settling the card, and settles the card on the basis of the confirmed use form. The use form of settling the card includes either of a kind of using card, a time zone for using the card, an amount settleable by the card, an area for using the card and a kind of card usable member store. The use form is previously informed to the center by a cellular phone.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a card system and, more particularly, to provide a card system excellent in preventing unauthorized use of cards and the like and a settlement method for cards and the like.

[0002]

2. Description of the Related Art Conventionally, for example, a credit card has been used as a settlement means at the time of purchasing a restaurant or a product, but it is necessary to distinguish whether a person presenting the credit card is the owner of the card or a mere holder. Can not.

[0003] Although a signature is used as a means of verifying the identity, the payment side often does not sufficiently verify the payment, and there is a risk that the payment may be made with a false signature. In addition, there is an inconvenience that cannot be used by anyone other than the person in the case of expensive payment requiring a signature.

[0004] Debit cards and bank cards are
If the personal identification number is stolen with the card, or if the personal identification number can be found from a birthday, a telephone number, or the like, there is always a danger that the user will only be able to hold the card and withdraw it freely to the limit of use.

[0005] Accordingly, the non-life insurance given to the card is also set at a high premium calculated from the above risk.

[0006]

SUMMARY OF THE INVENTION An object of the present invention is to eliminate the above-mentioned drawbacks of the conventional card system and to provide a highly secure card system.

It is another object of the present invention to provide a fraudulent use prevention system for cards and the like and a settlement method for fraudulent use of cards and the like which can reduce the insurance premium and reduce the card operation support system by reducing the risk.

[0008]

SUMMARY OF THE INVENTION The present invention relates to a system or method for settling a commercial transaction using a card or the like.
The holder of the card or the like notifies the authentication center in advance of the use form of the card or the like, and the settlement side at the time of the settlement accesses the authentication center side to confirm the use form of the card or the like. The payment of the card or the like is performed based on the usage form. The card is a credit card, a bank card, or a mobile phone having a settlement function.

[0009] Further, the use form of settlement by the card or the like is as follows.
Type of card to use, time of day to use the card, etc.
The amount that can be settled with a card, the area where the card is used,
Includes any of the merchant types that can use cards etc.,
The authentication center is a certification body, and performs identity verification using an ID number and a password at the time of advance notification of the use form to the authentication center, and issues another ID for confirming the advance notice content of the use form after personal authentication. It is characterized by the following.

[0010] It is recommended that a system in which the advance notification of the use form to the center is made by a mobile phone. ADVANTAGE OF THE INVENTION According to this invention, since the owner of a card etc. can specify the content which can be settled by a card etc. beforehand, and use other than that is prohibited, there exists an effect which can settle the card etc. with very high security.

[0011] Since the above-mentioned advance notice is performed by the mobile phone normally held, the trouble of the advance notice is not so much.
In addition, because of high security, proxy use can be easily performed even if the user is not the person himself / herself.

[0012] In addition, the increase in security reduces casualty insurance premiums and reduces the burden of card operation. This has the effect of reducing the monthly fee for using a card or the like.

[0013]

Embodiments of the present invention will be described below in detail with reference to the drawings. FIG. 1 shows an overall hardware configuration of a system for preventing unauthorized use of a card or the like according to the present invention. The authentication center (certification institution) 12 is connected to each terminal such as the personal computer 2 and the mobile phone 3 via the Internet 1. The authentication center has an information processing server 20 or lower, a customer DB, a password DB, an authentication ID / D
B, a WWW server, a member store DB, and the like.
The authentication center 12 is connected to a card center or a credit card center (hereinafter, referred to as a card center) 13 of a bank by a dedicated line. The card center 13 is provided with an information processing server 5, a customer DB 6, a usage record DB 7, a member store DB 8, a credit management DB 9, and the like. Is provided in the authentication center. As will be described later, the authentication center is provided with a base station 17 for notifying in advance of a use mode by a mobile phone.

[0014] The above-mentioned prior notification method may be performed via the Internet 1. Also, for the security, the above-mentioned advance notice can be made only via the base station 17,
In this case, the authentication center 12 need not be connected to the Internet. Each member store 15 is provided with a card settlement terminal 15, and the user can present the bank card 10 and the credit card 11 held by each member store to each member store and receive payment for services and product purchases. . If necessary, the member store terminal is connected to the authentication center through a mobile phone 16 or another line via the Internet.
In the present invention, when simply referring to a "card",
The “card” includes a mobile phone or a mobile terminal having a payment function.

A feature of the present invention is that an authentication center is provided in cooperation with the card center, and a terminal of a user at the time of settlement accesses the authentication center in advance.

Hereinafter, preferred embodiments of the present invention will be described step by step. 1. Registration with the certification center (certification body) The user registers the following items in the certification center in advance. a. Name, gender, age, etc. b. Card / number to be registered (a plurality of cards can be registered) c. Password used for authentication center The authentication center receives the registration application, issues an ID number, and stores the registration content in the customer DB. This customer D
An example of B is shown in FIG. 2. Prior credit setting when the user uses the card (see FIG. 2) The user (card holder, that is, the registrant) notifies the authentication center of the use of the card according to the following procedure before using the card. The card user is not necessarily a card holder, but may be a person entrusted by the card holder to use the card.

A. The user accesses the authentication center using a mobile phone, for example, and inputs an ID number and a password.
(Steps 23 and 24 in FIG. 2) It is preferable that the mobile phone used at this time transmits a radio wave that cannot identify the mobile phone in order to enhance security.

B. Next, the number of the card to be used is input. At this time, it is recommended that the user simply input the first six digits of the card number. (Step 26 in FIG. 2) c. Specify the time zone to use. (For example, specify the time from the time of access when the card can be used. For example, 2 hours,
3 days, 3 weeks, etc. (Step 27 in FIG. 2) d. Specify the region to use. (Specify the area where the card can be used. Example: Country unit, prefecture unit, city unit, etc.) (FIG. 2)
Step 28) e. Specify the merchant to use. (Specify a member store that accepts cards. Examples: restaurants, department stores, e-shops
etc. In this case, in addition to the individual member stores, a member store group may be specified or a type of the member store (for example, a restaurant) may be specified. (Step 29 in FIG. 2) f. Specify the upper limit of the amount to be used. (Step 3 in FIG. 2)
0) In addition, the above-mentioned card use form does not have to be entirely specified but may be partially specified. In particular, the specification of the time zone, the region, and the member store may be only one of the partial specifications, since the security is remarkably improved. For example, from now on 2
Only the condition that it is used within 4 hours may be used.

These usage conditions are stored in the pre-registration DB 19 of the authentication center, as shown in FIG.
It is also stored in the customer DB (6 in FIG. 1) of a bank or a credit center as needed.

In another embodiment, a limit for unconditional use may be set. That is, one day
If the number is within one million, the card can be used unconditionally without prior specification of the use form of the card or the like. This is convenient because it is not necessary to access the authentication center one by one for pre-registration in the case of small usage. The unconditional use setting can also be set for the area, time, and the like. For example, "Only Chuo-ku can be used unconditionally",
Or "It can be used unconditionally in Mitsukoshi only on Sundays in Tokyo". This unconditional use condition setting is stored in the customer DB 6 or the credit management DB 9 in FIG. At the card center, the unconditional usage data is checked before accessing the authentication center and checking the pre-registered credit data. In the check, if it is determined that the use form of the currently inquired card is within the above-mentioned unconditional use setting condition, the card center authenticates to the member store terminal without checking the pre-registered credit data. Notify OK. The condition setting data for unconditional use is stored in the customer DB on the authentication center side in FIG. 1, and the authentication center determines whether or not the use mode is within the setting conditions for unconditional use. Is also good. 3. Processing at the authentication center (see FIG. 3) The authentication center receives the above access from the user and performs the following processing.

A. When access from the user terminal is approved (step 32 in FIG. 3), an ID number is requested (step 3).
3) Issue a timed ID number from the authentication center. (Steps 34 and 35 in FIG. 3) If this time-limit ID number is used as an ID number at the time of card settlement, the security of the transaction is further enhanced. However, for convenience, the ID at the time of registration may be used as it is. Also, time I
The user may select whether to use the D number or to use the ID at the time of registration as it is.

FIG. 7 shows an example of a flow between the card center and the authentication center in this case. That is, when there is an authentication request from the user terminal, the card center transfers the input card data to the authentication center (step 6).
1) The authentication center issues a request to the card center to transfer the card number, the card credit usage amount and the usage condition data input from the user terminal to the authentication center (step 62). When these data are received (step 63), the authentication center checks whether or not the credit permission previously input by the card holder has been issued (step 64).
If the conditions such as the credit amount are OK, the authentication permission is notified to the card center (step 67). Note that the pre-input credit permission may include the condition data of the unconditional use.

The communication network used for communication between the devices is not limited to the Internet, and any known communication network such as a dedicated line, a telephone network, and a data communication network can be used. In particular, in the above embodiment, the authentication access of the use condition to the authentication center was performed via the card center.
The authentication access to the center is limited to the original card authentication only.
As shown in FIG. in this case,
The mobile phone 16 is, for example, a base station 17 of the authentication center 12.
Is accessed directly. 4. Processing at the member store (see FIG. 4) The processing for using the card at the member store is as follows. a. The card presented at the store is received, and the card information is read by a card reader. (Step 42 in FIG. 4) b. Next, in FIG. 1, the member store terminal 15 connects to a bank or a credit center (card center) 13 and reads the authentication data of the card. (FIG. 4
Step 43) At this time, the bank or credit center 1
Reference numeral 3 connects to the authentication center 12 via a dedicated line, obtains authentication data, and transmits the authentication data to the member store terminal 15 together with ordinary operation data of a credit card or the like.
The above-mentioned authentication data describes the pre-credit setting conditions when the user uses the card as described above. c. When the authentication of the card is confirmed (step 46), a slip is entered (step 47), and the settlement is completed.

5. Processing of Bank or Credit Center (see FIG. 5) Details of processing of the bank or credit center are as follows. In FIG. 1, when there is an inquiry access from the member store terminal 15 to the bank or the credit center 13, a. The bank or credit center 13 connects to the authentication center 12 via a dedicated line (step 53 in FIG. 5) and notifies the card number (steps 54 and 55). b. The authentication center searches the customer DB for the file of the card number, confirms whether or not the user has pre-registered with the authentication center (step 56), and checks the inquiry date and time and the member store information transmitted at the time of the inquiry access. The credit setting conditions are compared in advance, and an approval notice is issued if the use conditions match.
(Step 58) In the above processing, the access from the member store terminal to the authentication center is performed through a bank or a credit center. The authentication center may be directly accessed from the member store terminal via a line. In this case, first, after a normal authentication process such as validity of the card to a bank or a credit center, pre-registration information from the authentication center to the authentication center from the user (the pre-credit setting conditions when the user uses the card) ) And confirm it on the terminal side.

Further, in the embodiment of FIG. 1, a configuration is adopted in which one authentication center is provided for a plurality of card centers existing in each company and connected by a dedicated line. Since extra time is required to access the center, an authentication center may be provided for each card center in order to speed up the access response. In this case, the above access time is almost gone,
Although the access response is quick, there is a disadvantage that the input destination of the pre-usage condition input differs for each card because there are a plurality of authentication centers. This method is convenient when the mobile phone itself is used in place of a card because the above-mentioned drawbacks are eliminated because a form in which a base station unique to the mobile phone is automatically accessed is usually assumed.

In the system for preventing unauthorized use of a card according to the present invention, the card holder input information and the card information need to match at an authentication center (authentication institution), and in particular, security concerning ID is important.

For this reason, the following measures are recommended for implementing the present invention. (1) Cellular phone with additional functions-In addition to the normal calling function, a calling function dedicated to notification of an authentication center (certification institution) is added to the mobile phone. -This transmission function is a signal common to all mobile phones, so that even if radio waves are intercepted in any way, the caller cannot be identified. That is, the mobile phone number is usually used for the ID in many cases, and when the mobile phone itself is used instead of a credit card in the future, it is assumed that the mobile phone number is used as the ID.
In this case, if the caller can be identified by displaying the caller number or the like, the ID may be stolen during transmission. However, if the ID is transmitted using a common signal as described above, the caller cannot be identified and the ID is stolen during transmission. Even if it is rare, the user cannot be specified, so it is not possible to deal with the card and it is safe. In addition, in the same meaning as above, if it is assumed that the authentication center is accessed from the personal computer 2 in FIG. 1, it is desirable to add a common signal transmission function dedicated to the notification of the authentication center to the personal computer 2 as well. .・ Incidentally, the increase in the manufacturing cost of the mobile phone to which the above functions are added is slight. -Notification may be made not from a common signal but from a general telephone (mobile phone), a public telephone, etc., but the security level is reduced. (2) Double ID system ・ In order to eliminate unauthorized access to the ID from the financial institution when matching the ID from the user notified in advance to the inquiry from the financial institution at the certification institution, the certification institution In the above, another ID corresponding to the user ID is assigned to the inquired card and used. This ID is preferably a timed ID. Further, it is better to store the registration contents of the pre-use conditions in a plurality of servers or DBs as described below, and match the actual user ID with the inquiry information offline. That is, in FIG. 1, the authentication center uses the authentication ID DB when performing card authentication, and uses the pre-registration DB when matching with the user ID, and separates the user ID at this time.

For example, when a plurality of servers are provided and managed, the configuration is as follows. a) Card user connection server ID notification contents are saved. b) Financial institution connection server Inquiry contents are saved with another ID. c) Offline servers a and b verify availability.

The present invention can be applied not only to the following embodiments but also to management of information relating to Internet banking and personal privacy.

[0030]

As described above, the present invention has the following effects. -Since the cardholder can specify in advance what can be settled with the card, and other uses are prohibited, there is an effect that extremely secure card settlement can be performed. That is, fraudulent use of a credit card alone is not possible.・ If the above-mentioned advance notice is made using the mobile phone that is normally held, the trouble of the advance notice is not so much, and since it is highly secure, it is possible to easily use it as a substitute even if you are not yourself, so This has the effect of greatly expanding the range of use compared to the past.・ In addition, increased security for card companies will reduce non-life insurance premiums and reduce the burden of card operations.
This has the effect of reducing the monthly fee for card use. -In the case of a debit card, a large amount of deposits may be stolen because the upper limit of unauthorized use is the bank balance, but according to the present invention, the debitable amount can be arbitrarily specified by using a certification organization And convenience and safety are improved. -The concept that credit and debit cards can be used anywhere for 24 hours changes from the concept that they can not be used for 24 hours without notification to the certification body, and it is also possible to set a period of time that can not be used on an hourly or daily basis It is. This will revolutionize the card culture and spread the use of the card to people who do not use the card in the past, or expand the use of the card by entrusting it to other people, and expect the effect of the spread of the card use. it can.・ Even if a mobile phone is equipped with a card function in the future, the provision of a dedicated calling function separated from the card function will further enhance security.・ The use of credits when purchasing goods on the Internet is much more secure than conventional ones.

[Brief description of the drawings]

FIG. 1 is a diagram showing an overall hardware configuration of a system for preventing unauthorized use of a card according to the present invention.

FIG. 2 is a diagram showing a flow of prior credit setting when a user uses a card according to the present invention.

FIG. 3 is a diagram showing a flow of issuing a timed ID number to a user of the present invention.

FIG. 4 is a diagram showing a flow of processing on the member store side of the present invention.

FIG. 5 is a diagram showing a flow of processing on the bank or credit center side of the present invention.

FIG. 6 is a diagram showing a file structure of a customer DB.

FIG. 7 is a diagram showing a flow of processing on the authentication center side of the present invention.

[Explanation of symbols]

 1 Internet 2 Personal computer 3 Mobile phone 5 Information processing server 6 Customer DB 7 Usage record DB 8 Merchant DB 9 Authentication server 10, 11 Card 12 Authentication center 13 Bank or credit center

 ──────────────────────────────────────────────────続 き Continued on the front page F term (reference) 2C005 HA01 HA14 HB09 JB33 LB32 3E044 DD01 DE01 5B049 AA05 BB11 CC00 CC05 CC36 CC39 EE00 GG00 GG06 5B055 CC00 EE27 FA00 FB00 JJ00 KK00

Claims (9)

[Claims] In a system for performing settlement of a commercial transaction using a card or the like, a holder of the card or the like notifies the authentication center in advance of a usage form of the settlement of the card or the like, and the settlement side at the time of settlement sets the authentication center side. , The usage of the card or the like is confirmed, and the payment of the card or the like is performed based on the confirmed usage. 2. The system according to claim 1, wherein the card is a credit card, a bank card, or a mobile phone having a settlement function. 3. The type of use of the card or the like for settlement includes the type of the card or the like to be used, the time zone for using the card or the like, the amount that can be settled by the card or the like, the area where the card or the like is used, and the member store where the card or the like can be used. 3. The system for preventing unauthorized use of a card or the like according to claim 1, wherein the system includes one of the following types. 4. The authentication center is a certification body, and performs identity confirmation based on an ID number and a password at the time of advance notification of the use form to the authentication center. The system for preventing unauthorized use of a card or the like according to any one of claims 1 to 3, wherein the ID is issued. 5. The system for preventing unauthorized use of a card or the like according to any one of claims 1 to 4, wherein advance notification of a use form to the authentication center is performed by a mobile phone. 6. A method for performing settlement of a commercial transaction using a card or the like, wherein a holder of the card or the like notifies the authentication center of the use form of the settlement of the card or the like in advance, and the settlement side at the time of settlement sets the authentication center side. A method of preventing unauthorized use of a card or the like, wherein the method of accessing the card or the like is confirmed, and the settlement of the card or the like is performed based on the confirmed usage. 7. A method of using the card or the like for payment includes a type of the card or the like to be used, a time zone for using the card or the like, an amount of money to be settled by the card or the like, an area where the card or the like is used, and a member store where the card or the like can be used. 7. The method for preventing unauthorized use of a card or the like according to claim 6, wherein the method includes one of the following types. 8. The authentication center is a certification body, and performs identity verification using an ID number and a password at the time of advance notification of the use form to the authentication center. 8. The method for preventing unauthorized use of a card or the like according to claim 6, wherein the ID is issued. 9. The method for preventing unauthorized use of a card or the like according to any one of claims 6 to 8, wherein prior notification of a use mode to the authentication center is performed by a mobile phone.