JP2005339400A - Illicitness prevention system for transaction terminal device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an illicitness prevention system for transaction terminal device capable of surely preventing a damage by illicit alteration or the like by detecting a state change in a transaction terminal device in advance as a trace of an illicit alteration by illicit action. <P>SOLUTION: A state change in a debit terminal machine 300 is detected by a state change detection part 348, and illicitness detection information for this is transmitted to a maintenance center 500. In the maintenance center 500, permission or non-permission of debit transaction by the debit terminal machine 300 is determined based on the illicitness detection information, and an "operation permission report" for permitting the operation of the terminal machine 300 or an "operation non-permission report" for permitting no operation is transmitted to the terminal machine 300. In the terminal machine 300, control is performed to restart the operation by debit settlement in the case that the "operation permission report" is received, and to perform no restoration until an error release instruction report is transmitted from the maintenance center 500 in the case that the "operation non-permission report" is received. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a fraud prevention system in a transaction terminal device, and in particular, by detecting in advance changes in the state caused by the transaction terminal device itself as evidence that the fraudulent activity has occurred, It is related with the fraud prevention system in the terminal device for transaction which can prevent.

  In recent years, a debit terminal (dealing terminal device) for debit payment has been installed in an amusement store, and cards issued in parallel with this debit terminal by means of payment using a debit card (bank or postal savings cash card) A game media lending system based on debit payment that can purchase a prepaid card for a player's desired amount using a machine has been put into practical use.

  According to this type of game media lending system, the value of the purchased prepaid card is deducted from the account of the player using debit payment on the debit terminal, and the prepaid card purchased by this debit payment is used. A game medium (such as a pachinko ball or a medal) can be borrowed to play a game (see, for example, Patent Document 1).

  Here, in such a debit payment game medium lending system (debit card system), the debit card (cash card) is handled when the debit terminal 300 (FIG. 2) is used. In order to prevent the user from being stolen, a peep prevention plate is attached to the operation input unit for inputting a password from the viewpoint of security, or the main components (communication I / F units 330 and 335, debit) of the debit terminal 300 are installed. Security measures have been implemented in which the control unit 340, the external operation input unit 360, and the debit card processing unit 390) are integrated (black box) inside the housing (hereinafter, this black box is referred to as a control unit 365). .

  That is, the control unit 365 is provided with a cover open / close detection mechanism that detects opening / closing of the housing cover. When the control unit 365 in the black box is opened for the purpose of unauthorized modification such as skimming, the cover is opened. A security mechanism is provided to erase important internal data by operating the open / close detection mechanism. That is, even if the control unit 365, which is an important component of the debit terminal 300, is stolen, and important data and programs in the control unit 365 are analyzed and the user tries to steal, the housing cover of the control unit 365 When you open, you can erase important internal data. As a result, it is possible to prevent the personal identification number and the card information from being stolen by a malicious third party and unauthorized modification such as attachment of skimming parts.

JP 2000-242717 A

  However, in the case of the above-described fraud prevention system using the conventional transaction terminal device, once the mechanism of the cover open / close detection mechanism is analyzed by a malicious third party, the case cover is opened and closed without operating the mechanism. May be. In such a case, there is a risk that fraudulent acts such as analysis of important data or programs stored in the control unit 365 or attachment of skimming parts for stealing the PIN number or card information may be performed. Even if a malicious third party or the like performs some illegal act on the debit terminal 300, there is a problem that the maintenance center 500 cannot detect an abnormality caused by the debit terminal 300.

  Therefore, the present invention has been made to solve the above-described problems caused by the prior art, and detects in advance a change in state caused by a transaction terminal device as evidence that an unauthorized modification has been made by an unauthorized act. Accordingly, an object of the present invention is to provide a fraud prevention system in a transaction terminal device that can reliably prevent damage caused by fraudulent remodeling.

  In order to solve the above-described problems and achieve the object, the invention according to claim 1 is a fraud prevention system in a transaction terminal device including a control device in which individual information related to transaction information is stored, The transaction terminal device includes a state change detection unit that detects a state change with respect to the transaction terminal device, a state change content storage unit that stores the detection content of the state change by the state change detection unit, and the state change detection unit. A transmission means for transmitting the contents of the detected state change as an abnormal state notification to a maintenance center that performs maintenance and inspection of the transaction terminal device when the state change is detected, and the maintenance center is transmitted from the transmission means Based on the abnormal state notification, it is provided with a transaction feasibility judging means for judging whether or not to permit the transaction operation by the transaction terminal device.

  According to a second aspect of the present invention, in the first aspect of the present invention, the state change detection means includes an open / close detection means for detecting opening / closing of a housing cover constituting the control device, and the control device. Control device removal detection means for detecting removal, first connection detection means for detecting removal of an external harness that connects the control device and other devices in the transaction terminal device, and an interior in the control device A second connection detecting means for detecting the removal of the harness, a reading device attaching / detaching detecting means for detecting attachment / detachment of the reading device for reading the transaction information, and a power ON / OFF detecting means for detecting ON / OFF of the power source. It is one of them.

  The invention according to claim 3 is the notification item setting according to the invention according to claim 2, wherein the state change detection content to be notified to the maintenance center is selected and set from the plurality of state change detection content. In the maintenance center where fraud detection content is transmitted from the transaction terminal device, fraudulent acts are efficiently determined by type determination.

  According to a fourth aspect of the present invention, there is provided the invention according to the third aspect, further comprising notification item changing means for changing the notification item set by the notification item setting means.

  The invention according to claim 5 is the invention according to any one of claims 1 to 4, wherein the transaction terminal device is configured to detect the change in state by the state change detection means. Operation stop means for stopping the operation of the apparatus is provided.

  The invention described in claim 6 is characterized in that, in the invention described in claim 5, operation stop canceling means for canceling operation stop by the operation stop means is provided.

  The invention according to claim 7 is the invention according to claim 6, wherein the operation recovery by the transaction terminal device by the operation stop canceling means is performed based on an operation resumption instruction notification from the maintenance center. Features.

  The invention according to claim 8 is the invention according to claim 7, wherein the transaction terminal device includes an operation priority unit that prioritizes operation by the transaction terminal device, and the operation stop unit includes the state A function of stopping the operation by the operation stop unit based on the content of change detection is provided.

  The invention according to claim 9 is the invention according to any one of claims 5 to 8, wherein when the transaction terminal device transmits an abnormal state notification by the transmission means, the maintenance device performs the maintenance. A response time determining means for determining a response time from the center, and when the response time determined by the response time determining means is longer than a predetermined time, The operation of the apparatus is stopped.

  According to invention of Claim 1, it is a fraud prevention system in the transaction terminal device provided with the control apparatus in which the separate information regarding transaction information was stored, Comprising: The said transaction terminal device is with respect to the said transaction terminal device. State change detection means for detecting a state change, state change content storage means for storing the state change detection contents by the state change detection means, and state change detection contents at the time of state change detection by the state change detection means A transmission means for transmitting to the maintenance center that performs maintenance and inspection of the transaction terminal device as an abnormal state notification, and the maintenance center uses the transaction terminal device based on the abnormal state notification transmitted from the transmission means. Since it is equipped with a transaction permission / non-permission determination means that determines whether transaction operations are permitted or not, the maintenance center securely grasps the state of the debit terminal. DOO terms of can, an effect that it is possible to reliably prevent such tampering of the control unit by fraud (skimming mounting part PIN and card information).

  According to a second aspect of the present invention, the state change detection means includes an opening / closing detection means for detecting opening / closing of a housing cover constituting the control device, and a control device removal for detecting removal of the control device. Detection means; first connection detection means for detecting removal of an external harness connecting the control device and another device in the transaction terminal device; and first detecting detection of removal of an internal harness in the control device. 2 is a connection detection means, a reading device attachment / detachment detection means for detecting attachment / detachment of a reading device that reads the transaction information, and a power ON / OFF detection means for detecting power ON / OFF. This has the effect that most of the assumed fraud can be detected as fraud due to a change in the state of the transaction terminal device. Moreover, since the trace of the fraudulent act with respect to the terminal device for transaction can be detected correctly, there exists an effect that it can determine correctly that the illegal modification | remodeling with respect to the control apparatus was actually performed.

  According to the third aspect of the present invention, since there is provided a notification item setting means for selecting and setting the state change detection content to be notified to the maintenance center from the plurality of state change detection content, In the maintenance center to which fraud detection content is transmitted from the terminal device, there is an effect that fraudulent acts can be determined efficiently by type determination.

  According to the invention described in claim 4, since the notification item changing means for changing the notification item set by the notification item setting means is provided, the maintenance center is informed according to the state of occurrence of fraud. The notification item of the fraud detection content to be transmitted can be changed.

  According to the invention described in claim 5, the transaction terminal device includes an operation stop unit that stops the operation of the transaction terminal device when the state change is detected by the state change detection unit. Since the operation is temporarily stopped for transaction terminal devices that have a history of fraudulent acts on the terminal devices for which there is a possibility of unauthorized modification, the security code or card information associated with unauthorized modification is stolen. There is an effect that the damage caused by can be surely prevented.

  Further, according to the invention described in claim 6, since the operation stop canceling means for canceling the stop of the operation by the operation stop means is provided, the operation is intended for a transaction terminal device that is not actually illegally modified. Since the stop state is canceled, there is an effect that it is possible to shorten the transaction stop time associated with the stop of the operation of the transaction terminal device.

  According to the invention described in claim 7, since the recovery of the operation by the transaction terminal device by the operation stop canceling means is performed based on the operation resumption instruction notification from the maintenance center, There is an effect that the damage caused by theft of card information can be surely prevented.

  According to the invention described in claim 8, the transaction terminal device includes an operation priority unit that prioritizes the operation by the transaction terminal device, and the operation stop unit is based on the state change detection content. Since it has a function to stop the operation by the operation stop means, when it is determined that there is a high suspicion of fraud in the transaction terminal device, the operation by the target transaction terminal device can be stopped. There is an effect.

  According to the invention of claim 9, the transaction terminal device further comprises response time determination means for determining a response time from the maintenance center when the transmission means transmits an abnormal state notification. If the response time determined by the response time determination means is longer than a predetermined time, the operation stop means stops the operation for the target transaction terminal device. If there is no response from the maintenance center within a certain period of time after notification to the maintenance center, this transaction terminal device goes down in error, so use of the transaction terminal device until an abnormal state release notification is sent from the maintenance center. Therefore, even if unauthorized modification is performed, the damage caused by the unauthorized modification can be surely prevented.

  Below, with reference to an accompanying drawing, the suitable example of the fraud prevention system in the terminal device for dealing concerning this example 1 is described in detail. In the following embodiment, the outline and features of the fraud prevention system are described, the details of the overall configuration of the fraud prevention system are described, and then the fraud prevention processing procedure by the fraud prevention system is described. Finally, various modifications will be described as other embodiments. In addition, this invention is not limited by the Example shown below.

(Outline and features of fraud prevention system for transaction terminal)
First, with reference to FIG. 1, a game medium lending system to which the fraud prevention system in the transaction terminal device according to the first embodiment is applied will be described. FIG. 1 is a functional block diagram illustrating an overall configuration of a game medium lending system to which the fraud prevention system in the transaction terminal device according to the first embodiment is applied.

  As shown in FIG. 1, the fraud prevention system in the transaction terminal device according to the first embodiment performs debit payment processing with a debit terminal 300 provided in a game shop 100 that provides games such as pachinko games and slot games. This is a fraud prevention system applied to a game medium lending system in debit settlement constructed by an information processing center 600 that is a debit settlement center and a maintenance center 500 that performs maintenance (inspection / repair) of the debit terminal 300. That is, when this fraud prevention system detects a fraudulent act against the debit terminal 300 by a malicious third party, the fraudulent act has been performed in advance using the evidence of the fraudulent act as fraud detection information. By transmitting it to the maintenance center 500, it is constructed as a fraud prevention system that can reliably prevent the theft of a password or card information due to skimming.

  Here, first, with reference to FIG. 1, a game medium lending system to which the fraud prevention system is applied will be briefly described. That is, as shown in FIG. 2, this game medium lending system includes a plurality of pachinko machines 110 and card processing machines 150 connected to an island controller 255 under the control of a terminal controller 280 (T / C), and a card issuance. A prepaid card system comprising a machine 200 and a card settlement machine 210, a debit terminal 300, an information processing center 600, a CAFIS network 700 (including a clearing center 710), and a debit card that are communicatively connected via a public network 450. The issuing bank 800, the member store bank 900, and the ΔΔ bank 950 (game store account) are connected. The system portion that is connected to the debit terminal 300 installed in the amusement store 100 of the information processing center 600 with the CAFIS network 700 as a core is called a debit card system that performs debit payment. The details of the debit card system are well-known techniques, and the details are omitted.

  The terminal controller 280 has functions for managing sales in the amusement store 100 and providing information to members. It is connected to a computer of a card company center 470 outside the amusement store 100 by a public line network 460, and data in the terminal controller 280 can be managed using this computer.

  In the game store 100, the debit terminal 300, the card issuing machine 200, and the terminal controller 280 (T / C) that is a management device are connected for communication. Among these, the debit terminal 300 is a game as described above. Outside the store 100, the information processing center 600 that performs debit payment processing via a public network 450 such as an ISDN line and the maintenance center 500 that performs maintenance (inspection / repair) of the debit terminal 300 are connected. Yes.

  Here, the maintenance center 500 exists mainly as an organization that performs version upgrade, maintenance (maintenance / inspection), and inspection / repair of internal data of the debit terminal 300 installed in the amusement store 100, but is closely related to the present invention. As a function to monitor fraudulent acts by a malicious third party. Specifically, based on the illegal content information notified from the debit terminal 300, the maintenance staff is dispatched to the amusement shop 100, and the function of checking the status of the target debit terminal 300 and repairing it is provided. Yes. In addition, as will be described later, “monitoring fraud” actually performed in the maintenance center 500 is a sign that some kind of fraud has been performed for the purpose of performing unauthorized modification to the control unit 365 of the debit terminal 300. The meaning of determining whether or not.

  Here, the fraud prevention system of the present invention detects a state change by the debit terminal 300 in advance, and when any state change occurs in the debit terminal 300, the state change is referred to as “illegal state detection information”. The maintenance center 500 is notified, and based on the fraud detection information notified from the debit terminal 300, the maintenance center 500 determines whether to permit or deny operation (debit transaction) for the debit terminal 300, The maintenance center 500 transmits an “operation permission notice” or an “operation non-permission notice” to the debit terminal 300. When the debit terminal 300 receives the “operation permission notification” from the maintenance center 500, the debit terminal 300 continues the normal operation while receiving the “operation non-permission notification” that disables the operation. In this case, the debit terminal 300 is error-down. Thereafter, the debit terminal 300 is characterized in that the error state is released and recovered based on the transmission of the “error release instruction notification” from the maintenance center 500 after the error is reduced.

  More specifically, the features of the fraud prevention system according to the present invention will be described. In this fraud prevention system, a state change by the debit terminal 300 (a trace of some fraudulent act) is detected in advance by a state change detection unit 348 (FIG. 5), when the state change detection unit 348 detects a change in the state of the debit terminal 300, the fraud detection content (information) is notified to the maintenance center 500, and the maintenance center 500 Then, based on the fraud detection information notified from the debit terminal 300, the operation (debit transaction) by the debit terminal 300 is permitted or not permitted. Notification that permits operation of the debit terminal 300 (operation permission notification) or communication that does not permit operation. When the debit terminal 300 receives the operation permission notification from the maintenance center 500, the debit terminal 300 starts the operation based on the debit payment as usual, but on the other hand, the debit terminal 300 cannot operate. If the permission notification is received, the debit terminal 300 goes down in error.

  Thereafter, since the debit terminal 300 is recovered by an “error release instruction notification” from the maintenance center 500 after the error is reduced, the maintenance center 500 can accurately grasp the state of the debit terminal 300. At the same time, the debit terminal 300 can accurately determine whether or not the transaction is possible, and the debit terminal 300 is not in a transactionable state unless notified by the maintenance center 500, so that the entire system is reliably prevented from being damaged by fraud. be able to.

(Outline and configuration of debit terminal 300)
Next, with reference to FIG. 2 and FIG. 3, the outline | summary and the detail of a structure of the debit terminal 300 with which the game shop 100 is equipped are demonstrated. FIG. 2 is a front view showing the appearance of the debit terminal 300, and FIG. 3 is a schematic view showing the main internal configuration of the debit terminal 300, showing a state in which the door 310 is opened. FIG. 4 is a functional block diagram showing an internal configuration of the debit terminal 300. Hereinafter, an outline and a detailed configuration of the debit terminal 300 will be described with reference to FIGS.

  As shown in FIG. 2, the debit terminal 300 includes a vertical casing (main body 300a) having a door 310, and in order from the top, a display unit 350 and an operation input unit 360 (external operation). An input unit), a debit card insertion / return port 370, and a receipt issue port 380.

  Further, as shown in FIG. 3, a control board (debit control unit 340) for controlling the entire debit terminal 300 and this control board (debit control unit 340) are integrated in the debit terminal 300. The control unit 365, the power supply box 397, and the communication terminal adapter 398 are provided. As described above, the control unit 365 integrates the main components (communication I / F units 330 and 335, the debit control unit 340, the external operation input unit 360, and the debit card processing unit 390) of the debit terminal 300 inside the housing. (Black box). The control unit 365 is fixedly attached to the main body 300a of the debit terminal 300 with an attaching screw.

  As shown in FIG. 3, a harness 395 that supplies power from the power supply box 397 is connected to the control unit 365 in order to supply power to the control unit 365. That is, one end (upper side in FIG. 3) of the harness 395 is attached to the control unit 365, and the other end (lower side in FIG. 3) of the harness 395 is attached to the power supply box 397. As will be described later, when one of the one end and the other end of the harness 395 is removed from the control unit 365 or the power supply box 397, the disconnection detection by the external harness connection detection unit 343 (FIG. 5) is activated. It can be determined that there is a evidence that an illegal act has been performed by a third party.

  Further, a removal preventing member 396 for preventing the removal of the control unit 365 is provided in the harness 395 that connects the control unit 365 and the power supply box 397.

  The display unit 350 has a function of displaying a transaction amount by debit payment (a purchase amount of a prepaid card) and various information for performing guidance of an input operation by a player, and is configured by, for example, a liquid crystal display.

  The operation input unit 360 (external operation input unit) includes various function switches such as a confirmation switch and a cancel switch, and further includes a numeric key switch for inputting a PIN code of a debit card (cash card). It has a function to enter a password, transaction amount, etc.

  The debit card insertion / return port 370 accepts a cash card (debit card), performs a desired process on the debit card processing unit 390 (FIG. 4), and then returns the debit card again. It is an opening for.

  The receipt issuing port 380 is an opening for discharging the receipt printed by the printing unit 385 (FIG. 4) as a usage record for the player. From the receipt issuing port 380, a receipt on which the result (OK or NG) by debit payment is printed can be issued.

  Next, the internal configuration of the debit terminal 300 will be described in detail with reference to FIG. That is, as shown in FIG. 4, the debit terminal 300 includes a control unit removal detection sensor 312, a control unit cover set detection sensor 313, a card reader attachment / detachment detection sensor 314, and communication I / F units 330 and 335. A debit control unit 340, a display unit 350, an external operation input unit 360 (operation input unit), a debit card insertion / return port 370, a receipt issue port 380, a printing unit 385, and a debit card processing unit 390. , And a power supply box 397. As described above, the communication I / F units 330 and 335, the debit control unit 340, the display unit 350, and the external operation input unit 360 (operation input unit) are integrally configured as the control unit 365. ing.

  The control unit removal detection sensor 312 has a function of detecting removal of the control unit 365 from the main body 300 a of the debit terminal 300. That is, the control unit removal detection sensor 312 has a function of electrically or mechanically detecting the removal when the control unit 365 assembled in the debit terminal 300 is removed. It consists of a proximity sensor, a push sensor, and the like.

  The control unit cover set detection sensor 313 has a function of detecting opening and closing of the housing cover that constitutes the control unit 365.

  The card reader attachment / detachment detection sensor 314 has a function of detecting removal of a debit card processing unit 390 (card reader) that reads card information of a cash card.

  The communication I / F unit 330 has a function of communicating with the maintenance center 500 and the information processing center 600 through the public line network 450, and through this communication I / F unit 330, a payment request related to the desired payment amount. The notification and “injustice detection information” when any abnormality occurs in the debit terminal 300 are transmitted to the maintenance center 500.

  The communication I / F unit 335 can communicate with a communication I / F unit (not shown) of the card issuing machine 200 (FIG. 1), and between the debit terminal 300 and the card issuing machine 200. In this way, various information (such as balance information owned by the prepaid card) is transmitted and received.

  The debit control unit 340 has a control function for collectively controlling each process in the debit terminal 300, and stores a control program such as an OS (Operating System), a program defining various processing procedures, and necessary data. The processing unit has an internal memory for executing various processes.

  The printing unit 385 has a function for printing the information notified from the debit control unit 340 on a receipt issued from the receipt issuing port 380. Specifically, the printing unit 385 prints money amount information related to debit processing on the receipt.

  The debit card processing unit 390 (card reader) reads card information magnetically recorded on the debit card (cash card) taken from the debit card insertion / return port 370 and notifies the debit control unit 340 of the read result. It has. As described above, when the debit card processing unit 390 (card reader) is removed, the card reader attachment / detachment detection sensor 314 operates and is transmitted to the maintenance center 500 as “injustice detection information”. .

  The power supply box 397 has a function of supplying power to the control unit 365 and other devices.

(Internal configuration of debit control unit 340)
Next, the internal configuration of the debit control unit 340 (control board) will be described with reference to FIG. FIG. 5 shows a functional block diagram (circuit configuration) of the debit control unit 340 (control board). That is, as shown in FIG. 5, the debit control unit 340 (control board) includes a control unit set detection unit 342, an external harness connection detection unit 343, a control unit cover set detection unit 344, and a card reader attachment / detachment detection unit 345. An internal harness connection detection unit 346, a power ON / OFF detection unit 347, a state change detection unit 348, a communication control I / F unit 350, a battery 351, a memory 352, and a main control unit 400 (CPU). And.

  The control unit set detection unit 342 has a function of detecting removal of the control unit 365. The removal of the control unit 365 by the control unit set detection unit 342 is detected by the control unit removal detection sensor 312 (FIG. 4).

  The external harness connection detection unit 343 has a function of detecting that the connection between the harness 395 that supplies power to the control unit 365 and the power supply box 397 is interrupted. In terms of circuitry, it has a function of detecting that the continuity between the harness 395 for supplying power to the control unit 365 and the power supply box 397 is interrupted.

  The control unit cover set detection unit 344 has a function of detecting opening and closing of the housing cover that constitutes the control unit 365. The control unit cover set detection unit 313 detects the opening and closing of the housing cover by the control unit cover set detection sensor 313 (FIG. 4).

  The card reader attachment / detachment detection unit 345 has a function of detecting the attachment / detachment of the debit card processing unit 390 (card reader) from the main body of the debit terminal 300 by the card reader attachment / detachment detection sensor 314.

  The internal harness connection detection unit 346 has a function of detecting the removal of a harness (not shown) wired inside the control unit 365.

  The power ON / OFF detection unit 347 has a function of detecting ON / OFF of the power of the debit terminal 300. Specifically, the debit terminal 300 has a function of detecting that the power switch of the main body 300a is turned on / off.

  The state change detection unit 348 has a function of acquiring a state change by the debit terminal 300 as an unauthorized state detection. The state change detection unit 348 is detected by a control unit set detection unit 342, an external harness connection detection unit 343, a control unit cover set detection unit 344, a card reader attachment / detachment detection unit 345, and an internal harness connection detection unit 346. Detected information is input.

  The communication control I / F unit 350 has a function of controlling communication between the debit terminal 300 and the maintenance center 500 through an ISDN communication line.

  The battery 351 has a backup power supply function for supplying backup power to the state change detection unit 348 when the power supply of the debit terminal 300 is stopped. Specifically, it has a function of supplying power to the state change detection unit 348 even when the power switch of the debit terminal 300 is turned off.

  The memory unit 352 has a function of storing the detected contents of fraud detected by the state change detection unit 348.

  The main control unit 400 (CPU) has a function as a control unit that manages the entire system of the debit terminal 300.

(Internal configuration of main controller 400)
As shown in FIG. 6, the main control unit 400 (CPU) includes a state change determination unit 410, a notification item setting unit 420, a notification item change unit 430, an operation stop control unit 440, and an operation stop release unit 450. The operation priority control unit 460 is provided.

  The state change determination unit 410 has a function of determining a state change by the debit terminal 300.

  The notification item setting unit 420 includes a plurality of fraud detection means (a control unit set detection unit 342, an external harness connection detection unit 343, a control unit cover detection unit 344, a card reader attachment / detachment detection unit 345, an internal harness connection). A function for setting one or a plurality of detection means as a notification item (detection means) from among the detection unit 346 and the power ON / OFF detection unit 347) is provided.

  The notification item changing unit 430 has a function of appropriately changing a notification item to be transmitted to the maintenance center 500 set by the notification item setting unit 420.

  If the state change determination unit 410 detects any fraudulent act on the debit terminal 300, the operation stop control unit 440 temporarily operates the target debit terminal 300 if there is a non-permission instruction from the maintenance center 500. The function to stop automatically. In addition, the operation stop control unit 440 is immediately targeted when there is no response from the maintenance center 500 within a predetermined time after notification of abnormal state information from the debit terminal 300 to the maintenance center 500. A function of stopping the operation of the debit terminal 300 (error down) is provided. For this reason, since the operation of the debit terminal 300 is stopped until the abnormal state release notification is transmitted from the maintenance center 500, damage due to unauthorized modification can be reliably prevented.

  The operation stop canceling unit 450 has a function of resuming (canceling) the operation of the debit terminal 300 whose operation has been temporarily stopped by the operation stop control unit 440. Specifically, when the confirmation / repair of the debit terminal 300 is completed by the maintenance staff of the maintenance center 500, the maintenance center 500 transmits an error state release notification to the target debit terminal 300. At this time, the operation by the debit terminal device 300 becomes possible.

  The operation priority control unit 460 determines that the suspicion of fraud is high by the state change determination unit 410 even when the operation of the debit terminal 300 is permitted by the transaction availability determination unit 520 of the maintenance center 500. The operation stop control unit 440 of the device 300 has a function of stopping the operation of the target debit terminal 300.

(Internal configuration of maintenance center 500)
As shown in FIG. 7, the maintenance center 500 includes a fraud detection content acquisition unit 510, a transaction permission / denial determination unit 520, an error cancellation instruction unit 530, and a communication control I / F unit 540.

  The fraud detection content acquisition unit 510 has a function of acquiring an illegal state accompanying a state change by the debit terminal 300 detected by the state change detection unit 348 (FIG. 5).

  The transaction permission / non-permission determination unit 520 has a function of determining permission or non-permission of transactions by debit payment based on fraud detection contents transmitted from the debit terminal 300.

  The error cancellation instruction unit 530 has a function of canceling and recovering the error state of the debit terminal 300 that is in an error-down state.

  The communication control I / F unit 540 has a function of performing communication with the debit terminal 300.

(Basic control procedure by fraud prevention system in transaction terminal)
FIG. 8 is a flowchart illustrating the basic control procedure of the fraud prevention system in the transaction terminal device according to the first embodiment. That is, the fraud prevention system of the present invention is broadly divided into (1) state change detection step (SA110), (2) fraud detection determination step (SA120), (3) fraud detection content transmission step (SA130), 4) Transaction permission / non-permission determination step (SA140), (5) Operation stop control step (SA150), (6) Error release instruction step (SA160), and (7) Operation stop release step (SA170) It consists of seven processing steps. Hereinafter, the detail of each control process by (1)-(7) is demonstrated.

  (1) In the state change detection step, the state change in the debit terminal 300 itself (a trace of fraudulent acts) is converted into a plurality of state detection means (control unit set detection unit 342, external harness connection detection unit 343, , A control unit cover detection unit 344, a card reader attachment / detachment detection unit 345, an internal harness connection detection unit 346, and a power ON / OFF detection unit 347).

  (2) The fraud detection determination step is a processing step of determining the state change by the debit terminal 300 detected in the state change detection step as fraud detection content.

  (3) The fraud detection content transmission step is a processing step of transmitting the fraud detection content determined in the fraud detection determination step to the maintenance center 500.

  (4) The transaction permission / denial determination step determines whether or not a transaction (debit settlement) by the target debit terminal 300 is permitted based on the fraud detection content transmitted from the debit terminal 300. It is a processing step. If the transaction (debit payment) is permitted by the transaction permission / denial determination step, the “transaction permission notification” is given to the debit terminal 300, and if the transaction is not permitted, the “transaction impossible notification” is issued. Are sent respectively.

  (5) The operation stop control step is a processing step for performing control to stop (error down) the operation of the debit terminal 300 when any fraud detection is determined for the debit terminal 300 by the fraud detection determination step. It is.

  (6) The error release instructing step is a processing step for instructing the error cancellation for the debit terminal 300 that has determined that the transaction is not permitted by the transaction permission / denial determination step.

  (7) In the operation stop canceling process, the operation stop by the debit terminal 300 that has been stopped (error down) during the fraud detection transmitting process is notified from the maintenance center 500 by the error cancel instructing process. This is a processing step for resuming the operation by the debit terminal 300 based on the “notification”.

(Procedure for fraud prevention in the fraud prevention system)
Next, with reference to a flowchart of FIG. 9, a fraud prevention processing procedure in the fraud prevention system according to the first embodiment will be described. The flowchart shown in FIG. 9 shows an anti-fraud processing procedure executed between the debit terminal 300 installed in the game shop 100 and the maintenance center 500. Specifically, this is a processing procedure from when the main switch of the debit terminal 300 is turned on (when the power is turned on) to when operation (debit payment) by the debit terminal 300 is started.

  That is, as shown in the flowchart of FIG. 9, first, it is determined whether the main power supply of the debit terminal 300 is turned on (step S110), and when the main power supply is on (Yes in step S110). Hereinafter, the process proceeds to “state change detection process” (step S115). Details of the “state change detection process” will be described with reference to FIG.

  FIG. 10 is a flowchart illustrating an example of a basic processing procedure by the “state change detection process”. That is, as shown in the flowchart of FIG. 10, it is first determined whether or not there is a trace that the control unit 365 has been removed (step S210). The determination in this case is performed by the control unit set detection unit 342 (FIG. 5).

  If it is determined by this determination that there is no evidence that the control unit 365 has been removed (No at step S210), it is then determined whether or not the housing cover that constitutes the control unit 365 has been opened. (Step S220). The determination in this case is performed by the control unit cover set detection unit 344 (FIG. 5).

  If it is determined by this determination that there is no evidence that the cover of the control unit 365 has been opened (No at step S220), it is then determined whether or not the internal harness in the control unit 365 has been removed. (Step S230). The determination in this case is performed by the internal harness connection detection unit 346 (FIG. 5).

  If it is determined by this determination that there is no evidence that the internal harness in the control unit 365 has been removed (No at step S230), then whether or not the debit card processing unit 390 (card reader) is attached or detached is determined. A determination is made (step S240). The determination in this case is performed by the card reader attachment / detachment detection unit 345 (FIG. 5).

  If it is determined by this determination that there is no evidence that the debit card processing unit 390 (card reader) has been removed (No in step S240), then the external harness (harness 395) of the control unit 365 is disconnected. It is determined whether or not it has been performed (step S250). The determination in this case is performed by the external harness connection detection unit 343 (FIG. 5).

  If it is determined by this determination that there is no evidence that the external harness (harness 395) of the control unit 365 has been removed (No at step S250), then the main power supply of the debit terminal 300 is turned ON / OFF. It is determined whether or not there is a trace that has been made (step S260). The determination in this case is performed by the power ON / OFF detector 347 (FIG. 5).

  If it is determined by this determination that there is no evidence of power ON / OFF (No at step S260), the state change by the debit terminal 300 can be determined as fraud detection “none”. . On the other hand, in each determination process in steps S210 to S260, if it is determined that there is evidence of a state change by the respective detection means (step S210 affirmation to step S260 affirmative), the state change by the debit terminal 300 is illegal. The detection can be determined as “present”.

  Returning to the flowchart of FIG. 9 again, the processing procedure will be described. That is, it is determined whether or not fraud detection has been activated by the determination in step S120. If any fraud detection has been activated by determination of whether or not fraud detection has been performed in step S120 (Yes in step S120), the fraud detection contents are displayed. The fraud detection content is acquired (step S125) and transmitted to the maintenance center 500 as fraud detection information (step S130).

  When receiving the fraud detection information transmitted from the debit terminal 300 (Yes at Step S135), the maintenance center 500 acquires fraud detection contents (Step S140). Hereinafter, the maintenance center 500 obtains the fraud detection information at Step S140. Based on the detected fraud detection contents (terminal ID of the debit terminal 300, fraud detection contents), it is determined whether or not a transaction (debit payment) by the target debit terminal 300 is possible or not possible. Is performed (step S145).

  If it is determined in step S145 that the transaction by debit payment is “permitted”, a “transaction permission notification” is transmitted to the debit terminal 300 (step S150).

  On the other hand, if it is determined by the determination in step S145 that the transaction by debit payment is “non-permitted”, a “transaction non-permission notification” is transmitted to the debit terminal 300 (step S155).

  On the other hand, the debit terminal 300 waits for a response from the maintenance center 500 after transmitting the fraud detection content in step S130. Specifically, the debit terminal 300 waits for a response from the maintenance center 500 according to the fraud detection content. It is determined whether or not there is a response (step S160). If there is a response from the maintenance center 500 (Yes at step S160), it is then determined whether or not this response has been received within a predetermined time (step S165). If it is determined in step S165 that the response time from the maintenance center 500 is equal to or longer than the predetermined time (No in step S165), the debit terminal 300 goes down in error (step S175). Note that, even if fraud detection content is transmitted to the maintenance center 500 based on the determination in step S160, if there is no response from the maintenance center 500 (No in step S160), the debit terminal 300 goes down in error ( Step S175).

  Hereinafter, when it is determined by the determination in step S165 that the response time from the maintenance center 500 is within a predetermined time (Yes in step S165), the notification transmitted from the maintenance center 500 is “transaction permission notification”. Or “transaction non-permission notification” (step S170). If it is determined in step S170 that the notification transmitted from the maintenance center 500 is a “transaction non-permission notification” that prohibits a transaction related to debit payment, the target debit terminal 300 The operation by settlement is stopped and the error is reduced (step S175).

  On the other hand, if it is determined in step S170 that the notification transmitted from the maintenance center 500 is a “transaction permission notification” that permits a transaction related to debit payment, the target debit terminal 300 performs the operation by debit payment. Will start. Specifically, the process waits for a debit payment request (step S190), and if there is a debit payment request (step S190 affirmative) by determining whether there is a debit payment request (step S190 affirmative), The process will be shifted to (step S195).

  Here, after the transmission processing of “transaction non-permission notice” in the maintenance center 500 (step S155), it is determined whether or not the error has been canceled (step S156), and when the error has been canceled (step S156). (Yes), the maintenance center 500 transmits an “error release instruction notification” to the debit terminal 300 (step S157). On the other hand, in the debit terminal 300, after the operation stop (error down) of the debit terminal 300 in step S175, it is determined in step S180 whether or not there is an “error release instruction notification” from the maintenance center 500. (Step S180), and by determining that the “error release instruction notification” from the maintenance center 500 has been transmitted (Yes in Step S180), starting (returning) the operation by the debit terminal 300 that has been in the error-down state. Become.

  Thereafter, the process waits for a debit payment request (step S190). If it is determined whether there is a debit payment request (step S190), if there is a debit payment request (Yes at step S190), the process proceeds to the debit request processing by the information processing center 600. (Step S195).

  As described above, in the fraud prevention system according to the present invention, the error-down state of the debit terminal 300 does not restore the operation for performing debit payment unless the transaction is permitted from the maintenance center 500. It is possible to realize a system that can reliably prevent this.

  As described above, in the fraud prevention system according to the first embodiment, the state change by the debit terminal 300 is detected by the state change detection unit 348, and this fraud detection information is transmitted to the maintenance center 500. Based on the fraud detection information, the operation (debit transaction) by the debit terminal 300 is permitted or not permitted, and the debit terminal 300 is permitted to operate (operation permission notification) or the operation is not permitted. A notification (operation disapproval notification) is transmitted to the debit terminal 300. When the debit terminal 300 receives the operation permission notification, the debit payment operation is resumed. When the operation disapproval notification is received, the maintenance center 500 Since the recovery is not performed until the error cancellation instruction notification is transmitted from the maintenance center 500, the maintenance center 500 In addition to being able to accurately grasp the state of 300, it is possible to accurately determine whether or not the transaction is possible, and the debit terminal 300 is not in a state where it can be traded unless permission from the maintenance center 500 is notified. Damage caused by fraud can be prevented in advance in the entire system.

(Other examples)
Although the embodiments of the present invention have been described so far, the present invention is implemented in various different embodiments within the scope of the technical idea described in the claims other than the embodiments described above. You can also.

  That is, in the above description, the transaction terminal device applied to the fraud prevention system according to the present invention has been described as applying a debit terminal used when debit payment is performed, but the present invention is applied to a debit terminal. Not only, but also for cash fraud prevention systems such as money change machines and automatic teller machines (ATMs) installed in amusement stores and banks, etc., and for fraud prevention systems in transaction terminal devices that require security. Can do.

  As described above, the fraud prevention system in the transaction terminal device according to the present invention detects the state change by the debit terminal as a trace that the fraudulent alteration has been performed in advance, and thereby the illegal alteration is caused. It is suitable for a fraud prevention system in a transaction terminal device that can reliably prevent damage.

It is a functional block diagram which shows the whole structure of the game media rental system to which the fraud prevention system in the transaction terminal device which concerns on the present Example 1 is applied. It is a front view which shows a debit terminal. FIG. 3 is a schematic diagram illustrating an internal configuration of the debit terminal illustrated in FIG. 2. 1 is an overall functional block diagram illustrating an internal configuration of a debit terminal according to Embodiment 1. FIG. It is a whole functional block diagram which shows the internal structure of a debit control part. It is a functional block diagram which shows the internal structure of a main control part (CPU). It is a functional block diagram which shows the internal structure of a maintenance center. It is a basic flowchart which shows the basic process sequence of a fraud prevention system. It is a flowchart which shows the flow by the fraud prevention processing procedure by a fraud prevention system. 10 is a flowchart illustrating an example of a processing order according to the “state change detection process” illustrated in FIG. 9.

Explanation of symbols

100 amusement shop 110 pachinko machine 150 card processing machine 200 card issuing machine 210 card settlement machine 255 island controller 280 terminal controller (T / C)
300 Debit terminal 300a Main body 310 Door 312 Control unit removal detection sensor 313 Control unit cover set detection sensor 314 Card reader attachment / detachment detection sensor 330, 335 Communication I / F unit 350, 540 Communication control I / F unit 340 Debit control unit 342 Control unit set detection unit 343 External harness connection detection unit 344 Control unit cover detection unit 345 Card reader attachment / detachment detection unit 346 Internal harness connection detection unit 347 Power ON / OFF detection unit 348 State change detection unit 350 Display unit 351 Battery 352 Memory 365 Control unit 370 Debit card insertion / return port 380 Receipt discharge port 385 Printing unit 390 Debit card processing unit 396 Removal prevention member 397 Power supply unit 398 Terminal adapter 400 Main control unit (C PU)
450, 460 Public line network 470 Card company center 400 Main control unit (CPU)
410 State change determination unit 420 Notification item setting unit 430 Notification item change unit 440 Notification stop control unit 450 Operation stop release unit 460 Operation priority control unit 500 Maintenance center 510 Fraud detection content acquisition unit 520 Transaction permission / non-permission determination unit 530 Error release Instruction unit 600 Information processing center 700 CAFIS network 710 Clearing center 800 Debit card issuing bank 900 Merchant bank 950

Claims (9)

A fraud prevention system in a transaction terminal device including a control device in which individual information related to transaction information is stored,
The transaction terminal is
A state change detecting means for detecting a state change with respect to the transaction terminal device;
State change content storage means for storing the state change detection content by the state change detection means;
A transmission means for transmitting the state change detection content as an abnormal state notification to a maintenance center that performs maintenance and inspection of the transaction terminal device when the state change is detected by the state change detection means;
The maintenance center
A fraud prevention system in a transaction terminal device, comprising: transaction admissibility determination means for determining whether transaction operation by a transaction terminal device is permitted or not based on an abnormal state notification transmitted from the transmission means. The state change detecting means is
Open / close detecting means for detecting opening / closing of a casing cover constituting the control device;
Control device removal detecting means for detecting removal of the control device;
First connection detection means for detecting removal of an external harness connecting the control device and other devices in the transaction terminal device;
A second connection detecting means for detecting removal of an internal harness in the control device; and a reading device attachment / detachment detecting means for detecting attachment / detachment of a reading device for reading the transaction information;
The fraud prevention system for a transaction terminal device according to claim 1, wherein the fraud prevention system is any one of power ON / OFF detection means for detecting ON / OFF of power.   3. The fraudulent terminal device for transaction according to claim 2, further comprising notification item setting means for selecting and setting the state change detection content to be notified to the maintenance center from among the plurality of state change detection content. Prevention system.   4. The fraud prevention system for a transaction terminal device according to claim 3, further comprising notification item changing means for changing the notification item set by the notification item setting means. The transaction terminal is
The transaction terminal device according to claim 1, further comprising an operation stop unit that stops the operation of the transaction terminal device when the state change is detected by the state change detection unit. Fraud prevention system.   6. The fraud prevention system for a transaction terminal device according to claim 5, further comprising operation stop canceling means for canceling operation stop by said operation stop means.   The fraud prevention system for a transaction terminal device according to claim 6, wherein the operation recovery by the transaction terminal device by the operation suspension cancellation unit is performed based on an operation resumption instruction notification from the maintenance center.   The transaction terminal device includes an operation priority unit that prioritizes operation by the transaction terminal device, and the operation stop unit includes a function of stopping the operation by the operation stop unit based on the state change detection content. The fraud prevention system for a transaction terminal device according to claim 7. The transaction terminal is
Response time determination means for determining a response time from the maintenance center when an abnormal state notification is transmitted by the transmission means, and the response time determined by the response time determination means is longer than a predetermined time In the case, the fraud prevention system for a transaction terminal device according to any one of claims 5 to 8, characterized in that the operation suspension means stops the operation for the target transaction terminal device.

Images