KR20130106331A - System and method of automatic withdrawal fraud prevention through payer consent authentication - Google Patents

System and method of automatic withdrawal fraud prevention through payer consent authentication Download PDF

Info

Publication number
KR20130106331A
KR20130106331A KR1020130098744A KR20130098744A KR20130106331A KR 20130106331 A KR20130106331 A KR 20130106331A KR 1020130098744 A KR1020130098744 A KR 1020130098744A KR 20130098744 A KR20130098744 A KR 20130098744A KR 20130106331 A KR20130106331 A KR 20130106331A
Authority
KR
South Korea
Prior art keywords
debit
information
payer
direct
consent
Prior art date
Application number
KR1020130098744A
Other languages
Korean (ko)
Inventor
고재용
Original Assignee
(주) 아이티메이트
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by (주) 아이티메이트 filed Critical (주) 아이티메이트
Priority to KR1020130098744A priority Critical patent/KR20130106331A/en
Publication of KR20130106331A publication Critical patent/KR20130106331A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/10Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/14Payment architectures specially adapted for billing systems

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The present invention discloses a system and method for preventing direct withdrawal fraud with a payer's consent. The system for preventing direct debit withdrawal according to the present invention receives a debit registration request including payment information of a payer from a withdrawal authority terminal, and to confirm whether the payer agrees to the debit for the debit registration request. Send a payment requestor consent request to input the payment information of the payer of the payer to receive the debit agreement information, and receive a direct debit customer ledger registration request including the debit application information and the debit agreement information to a bank server A direct debit relay server transmitting and receiving a result of direct debit customer ledger registration and responding the result to a withdrawal institution terminal; Receives a payment requestor consent request from the direct debit relay server, extracts a payer's mobile communication terminal number from the debit application information and transmits the payment information and direct debit information to the payer's mobile communication terminal to the payment information An authentication server for requesting an input of, and receiving a payment request information when the payer confirms the consent request and receives the debit agreement information inputted to the debit server; And receiving a request for direct debit customer ledger registration from the direct debit relay server, extracting personal information of an account holder already stored from the received direct debit application information, and receiving the received direct debit consent information and the extracted personal information of the account holder. Compare and compare with each other, the bank server that registers the direct debit customer ledger and responds to the processing result.

Description

System and Method of automatic withdrawal fraud prevention through payer consent authentication}

The present invention relates to a system and method for preventing direct debit withdrawal, and more particularly, to prevent unauthorized debit withdrawal through a user's consent to minimize the exposure of personal information and to prevent fraudulent withdrawal by a withdrawal institution. And to a method.

A direct debit service is a service provided by a bank through a direct debit relay server. The withdrawal institution provides tangible and intangible services (goods, services, etc.) to the payer, and instead of notifying the use amount to Jiro, When submitting the usage charges to the payer who wants to apply for the transfer to the automatic debiting relay server, the service will be withdrawn from the payer's deposit account at the due date and deposited in the storage account of the withdrawal institution and notify the details. It is spotlighted by modern people who pursue convenience and efficiency.

In principle, such a direct debit service requires that the payer who entrusts the money to the bank visits the bank, presents his / her ID card, and directly designates and applies for the direct debiting institution. However, in the case where more than 200 million new direct debit applications occur each year, it is very inefficient to have the payer apply for direct debit directly at the bank window, and the payer also has to deal with inconvenience. For this reason, in practice, it is common for a direct debiting institution to receive a direct debit application from the payer and then handle it on behalf of the bank's direct debit register.

The Electronic Financial Transactions Act requires the operator to request a direct debit application from the payer by electronic signature, written consent, telephone recording, or ARS in order to collect payment by direct debit. However, if the electronic signature is made online with a public certificate, the banking system can systematically confirm whether the payer agrees. However, in the case of the written consent and telephone recording method performed offline, the bank can confirm whether the payer agrees. There is no way and there is a constant financial incident that exploits it.

Accordingly, it is necessary to implement a system that enables a payer who wants to apply for direct debit securely and conveniently handles the direct debit application through an withdrawal institution on-line without worrying about exposure of personal information or fraudulent withdrawal.

The present invention has been made to solve the problems of the prior art as described above, the withdrawal institution that received the payer's direct debit application on-line processing for the direct debit to the bank with only a part of the payer's personal information By allowing the payer to handle the direct debit or not, the bank provides a direct debit withdrawal prevention system and method that can minimize the exposure of personal information and block the withdrawal from the withdrawal institution. Its purpose is to.

In order to achieve the above technical problem, the automatic debit fraud withdrawal prevention system according to the presenter's own authorization according to the present invention, the automatic debit for performing the automatic debit when the consent of the payer for the automatic debit application of the payer on the wired and wireless network is confirmed In the illegal withdrawal prevention system, receiving a direct debit registration request containing the payment information of the payer from the withdrawal authority terminal, the automatic payment of the payer to confirm whether the payer consents to the debit registration request Receive the payment request information by sending a payment requestor consent request to enter the consent information, and sends a direct debit customer ledger registration request including the debit application information and the debit agreement information to a bank server to direct debit customers Respond to the ledger registration results and publish the results Debit relay responsive to the institution terminal server; Receives a payment requestor consent request from the direct debit relay server, extracts a payer's mobile communication terminal number from the debit application information and transmits the payment information and direct debit information to the payer's mobile communication terminal to the payment information An authentication server for requesting an input of, and receiving a payment request information when the payer confirms the consent request and receives the debit agreement information inputted to the debit server; And receiving a request for direct debit customer ledger registration from the direct debit relay server, extracting personal information of an account holder already stored from the received direct debit application information, and receiving the received direct debit consent information and the extracted personal information of the account holder. Compare and compare with each other, the bank server that registers the direct debit customer ledger and responds to the processing result.

Preferably, it stores a debit agreement written file or a recorded debit agreement voice file received from the payer, and the public debit agreement file or the debit agreement voice file and the payer's withdrawal account number and mobile terminal number. It further includes a withdrawal authority terminal for generating a direct debit application information including personal information, and sends a debit registration request including the debit application information to the debit relay server to receive a registration result.

Preferably, the debit application information includes a data file such as a debit agreement written file or a recorded debit agreement voice file received from the payer, a payer's name, a withdrawal account number, a mobile communication terminal number, and a date of birth in the resident registration card. This information consists of public personal information, and the debit consent information includes a part of the payer's social security number (the last seven digits), a part of the withdrawal account password (at least two of the four digit passwords), a part of the security card issue serial number (the last four digits). Information) consisting of uncompleted private personal information, such as), and the personal information of the account holder is information including both the public personal information and the private personal information.

Preferably, the direct debit relay server, direct debit registration request receiving means for receiving a debit registration request including the debit request information from the withdrawal authority terminal; A direct debit consent response receiving means for receiving the debit agreement information by sending the payer consent request to the authentication server in order to confirm whether the payer agrees to debit the debit registration request; Direct debit customer ledger registration means for receiving a direct debit customer ledger registration request including the debit application information and the debit agreement information to a bank server and receiving a result of the direct debit customer ledger registration; And a debit registration result notification means for receiving a debit result from the bank server at each debit date and notifying the withdrawal institution terminal.

Preferably, the direct debit relay server, the direct debit application information consisting of a payer's direct debit agreement written file or debit agreement voice file and public personal information such as payer's withdrawal account number and mobile communication terminal number Receive a request to receive the direct debit registration, part of the payer's social security number (the last seven digits), part of the withdrawal account password (at least two of the four-digit password) in order to confirm whether the payer agrees to the direct debit for the debit registration request Request a debit consent information consisting of uncompleted private personal information, such as part of the security card issuance serial number (4 digits after the back), and if the payer agrees to the direct debit, the debit consent information is sent, Send a request to register your direct debit account, including your debit application information and debit consent information. The account information is transferred to the bank server, and the bank server extracts the personal information of the account holder already stored from the debit application information, and completes the uncompleted private personal information of the debit agreement information and the extracted personal information of the account holder. If the private personal information is compared and matched with each other, the direct debit customer ledger is registered and a response result is received.

Preferably, the authentication server, the payer consent request receiving means for receiving the payer consent request from the direct debit relay server; Extract the payer's mobile communication terminal number from the debit request information according to the payer's consent request and send a message or SMS through the mobile messenger to the payer's mobile communication terminal to guide the use price information and the direct debit information, and automatically Payment means for confirming whether or not the payer agrees to the mobile webpage for inputting the transfer agreement information and receives the debit consent information entered when the payer confirms the request for consent and agrees to the direct debit; And a payer consent result transmitting means for transmitting the debit agreement information to the debit relay server.

Preferably, the payer consent confirmation means means to send the ARS call to guide the use price information and direct debit information, and to receive the debit agreement information entered when the payer confirms the consent request and agrees to direct debit It includes more.

Preferably, the authentication server is integrated with the internal configuration module to the automatic transfer relay server under the control of the automatic transfer relay server.

In order to achieve the above technical problem, a method of preventing direct debit withdrawal through authentication of a payer's own consent according to the present invention is to perform automatic debit when a payer's consent is confirmed for a payer's automatic debit application on a wired or wireless network. A method for preventing fraudulent withdrawals, the method comprising: (a) receiving, by a direct debit relay server, a direct debit registration request including payment information of a payer from a withdrawal authority terminal; (b) the automatic debit relay server responds to the direct debit agreement information by sending a payer's consent request requesting the payer's debit agreement information input to confirm whether the debiter agrees to the debit for the debit registration request; Receiving step; (c) the debit relay server transmitting a direct debit customer ledger registration request including the debit application information and the debit agreement information to a bank server to receive a result of the direct debit customer ledger registration; And (d) the automatic debit relay server notifying the withdrawal institution terminal of the automatic debit customer ledger registration result and the automatic debit result received from the bank server every due date.

Preferably, the step (a), the withdrawal authority terminal stores the debit agreement written file or recorded debit agreement voice file received from the payer, the debit agreement written file or debit agreement voice file and payer Generating a direct debit request information including public personal information such as a withdrawal account number and a mobile communication terminal number, and transmitting the debit registration request including the debit request information to the debit relay server.

Preferably, the debit application information includes a data file such as a debit agreement written file or a recorded debit agreement voice file received from the payer, a payer's name, a withdrawal account number, a mobile communication terminal number, and a date of birth in the resident registration card. This information consists of public personal information, and the debit consent information includes a part of the payer's social security number (the last seven digits), a part of the withdrawal account password (at least two of the four digit passwords), a part of the security card issue serial number (the last four digits). Information) consisting of uncompleted private personal information, such as), and the personal information of the account holder is information including both the public personal information and the private personal information.

Preferably, the step (b) is a part of the payer's resident registration number (after 7 digits), a part of the withdrawal account password for the debit relay server to confirm whether the payer agrees to the debit for the debit registration request. At least two of your four-digit passwords), part of the security card issuance serial number (the last four digits), and you are asked to enter your debit consent information, which includes incomplete, unlisted personal information, and the debit agreement, if the payer agrees to direct debit. Receiving information.

Preferably, in the step (b), the direct debit relay server transmits a payer consent request to an external authentication server, and the authentication server extracts a payer's mobile communication terminal number from the debit request information according to the payer consent request. And send a message or SMS through the mobile messenger to the payer's mobile communication terminal to guide the payment information and the direct debit information, and guide the mobile webpage to enter the debit agreement information, and the payer confirms the consent request and automatically In the case of agreeing to the transfer, the step of receiving the debit agreement information inputted.

Preferably, the step (b), the authentication server sends the ARS call to guide the payment information and direct debit information, the debit agreement information entered when the payer confirms the consent request and agrees to direct debit It further comprises the step of receiving a response.

Preferably, in the step (b), the authentication server is integrated in the automatic debit relay server as an internal component module to transmit the payer consent request, and receive the debit agreement information.

Preferably, in the step (c), the direct debit relay server transmits a direct debit customer ledger registration request including the debit application information and the debit agreement information to the bank server, and the automatic debit from the bank server. If the personal information of the account holder, which is already stored, is extracted from the transfer application information, and the uncompleted private personal information of the debit consent information is compared with the completed private personal information of the extracted account holder personal information, It is a step of registering direct debit customer ledger and receiving the result of processing.

According to the present invention, the withdrawal institution receiving the payer's direct debit application on-line is processed by the payer directly, and the payer directly handles the authorization process of the debit application while the debiting agent's personal information is registered on the bank with only a part of the payer's personal information. By minimizing the exposure of the payer's personal information, the personal information is protected, and when debiting the automatic debiting customer ledger of the withdrawal institution, the direct debit is confirmed from the payer. It works.

BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate preferred embodiments of the invention and, together with the description, And shall not be interpreted.
1 is a view showing the configuration of the automatic debit fraud withdrawal prevention system through the authentication of the payer own consent according to the present invention.
2 is a diagram showing the configuration of the automatic transfer relay server according to the present invention.
3 is a diagram illustrating a configuration of an authentication server according to the present invention.
4 is a diagram illustrating a procedure of a method for preventing direct debit withdrawal through authentication of a payer's own consent according to the present invention.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. Prior to this, terms and words used in the present specification and claims should not be construed as limited to ordinary or dictionary terms, and the inventor should appropriately interpret the concepts of the terms appropriately It should be interpreted in accordance with the meaning and concept consistent with the technical idea of the present invention based on the principle that it can be defined. Therefore, the embodiments described in this specification and the configurations shown in the drawings are merely the most preferred embodiments of the present invention and do not represent all the technical ideas of the present invention. Therefore, It is to be understood that equivalents and modifications are possible.

<1. System configuration>

1.1 System Overview

1 is a view showing the configuration of the automatic debit fraud withdrawal prevention system through the authentication of the payer own consent according to the present invention.

Referring to FIG. 1, a system 1 in which the present invention is implemented includes a withdrawal authority terminal 5, a payer mobile terminal 6, a direct debit relay server 2, an authentication server 3, and a bank server 4. It includes. These components are connected to each other via a wired or wireless network.

The direct debit relay server (2) is a server that provides a billing request and collection agent service of the direct debit for the payer to the withdrawal institution subscribed to the member. That is, the direct debit relay server 2 receives a direct debit registration request including payment information of the payer from the withdrawal authority terminal 5, and confirms whether the payer agrees to the debit for the debit registration request. In order to receive the debit agreement information by sending a payment requestor consent request for inputting the debit consent information of the payer for the bank, the bank account for the direct debit customer ledger registration request including the debit application information and the debit agreement information Sending to the server 4 receives the result of the direct debit customer ledger registration, and responds to the withdrawal authority terminal (5). The debit application information may include data files such as a debit agreement written file or a recorded debit agreement voice file received from the payer, and a public name such as the payer's name, withdrawal account number, mobile communication terminal number, and date of birth in the resident registration card. It is information consisting of personal information, the debit agreement information is part of the payer's social security number (after 7 digits), part of the withdrawal account password (at least two of the four-digit password), part of the security card issuance serial number (after four digits) Means information consisting of unfinished private personal information such as.

The authentication server 3 may exist as a separate authentication module in the automatic transfer relay server 2 or may be installed as a system of independent operators. The authentication server (3) is an information communication system for calling the payer's mobile terminal (6) to check whether the debit agreement is confirmed. That is, the authentication server 3 receives the payer consent request from the direct debit relay server 2, extracts the payer's mobile communication terminal number from the debit application information, and sends it to the payer's mobile communication terminal 6. Requests for input of the debit agreement information by transmitting payment information and direct debit information, and when the payer confirms the consent request and agrees to the direct debit, the debit agreement information inputted is received and the debit relay server ( To 2).

The bank server 4 is a computer system of a first financial institution such as a bank or card company or a second financial institution such as a mutual savings bank. The bank server 4 receives a request for direct debit customer ledger registration from the direct debit relay server 2, and registers the account of the corresponding ledger as a direct debit account. At this time, the bank server 4 extracts the personal information of the account holder already stored from the direct debit application information received when the direct debit customer ledger registration request, and compares the received direct debit agreement information and the extracted personal information of the account holder If there is a mutual match, the direct debit customer ledger is registered. Here, the personal information of the account holder means information including both the public personal information and private personal information.

The withdrawal authority terminal 5 is a system on the side of a provider that provides tangible and intangible services to payers and executes billing, for example, an insurance company server, a newspaper company server, and the like. The withdrawal authority terminal 5 includes a web server and a billing server, and is connected to the automatic transfer relay server 2 using a dedicated line or a wired or wireless network. In addition, the withdrawal authority terminal 5 stores the debit agreement written file or recorded debit agreement voice file received from the payer offline, the debit agreement written file or debit agreement voice file and the payer's withdrawal account Generates a direct debit application information including public personal information such as a number and a mobile terminal number, and sends a debit registration request including the debit application information to the debit relay server 2 to respond to the registration result Receive.

The payer's mobile terminal 6 is a mobile communication terminal capable of transmitting and receiving information with the withdrawal authority terminal 5, the automatic transfer relay server 2, the authentication server 3, and the bank server 4 via a wired or wireless network. The mobile messenger application includes a communication terminal capable of receiving a message through a mobile messenger, receiving an SMS, and making an ARS call.

1.2 Server Architecture

2 is a diagram showing the configuration of the automatic transfer relay server according to the present invention.

Referring to Figure 2, the automatic debit relay server 2 according to the present invention is a debit registration request receiving means 21, a debit agreement response receiving means 22, automatic debit customer ledger registration means 23 and automatic debit Registration result notification means (24).

The debit registration request receiving means 21 is a function module for receiving a debit registration request including the debit application information from the withdrawal authority terminal 5 and recording it. The debit application information attached to the debit registration request may include data files such as a debit agreement written file or a recorded debit agreement voice file received from the payer, a payer's name, a withdrawal account number, a mobile communication terminal number, and a resident registration. Information that consists of public personal information, such as the date of birth of the award.

The debit consent response receiving means 22 transmits the payer consent request to the authentication server 3 to receive the debit agreement information in order to confirm whether the payer agrees on the debit registration request. This is a functional module that records them.

The direct debit customer ledger registration means 23 transmits the direct debit customer ledger registration request including the debit application information and the debit agreement information to the bank server 4 when it is confirmed whether the payer agrees to the direct debit. It is a function module that receives the result of automatic debit customer ledger registration and records it.

The debit registration result notifying means 24 notifies the debit registration result requested from the withdrawal authority terminal 5, and if the debit is successfully performed on the designated date due to the debit registration, the withdrawal institution It is a functional module for notifying the terminal 5.

3 is a diagram illustrating a configuration of an authentication server according to the present invention.

The authentication server 3 according to the present invention is a server for processing whether or not the payer agrees to the automatic transfer, and this function may be directly performed by the automatic transfer relay server 2, but the separate authentication server 3 In this case, as shown in FIG. 3, the payer consent request receiving means 31, the payer consent confirming means 32, and the payer consent result transmitting means 33 are configured.

The payer consent request receiving means 31 is a function module for receiving a payer consent request for confirming whether the payer agrees to the debit registration request from the direct debit relay server 2.

The payer consent confirming means 32 extracts a payer's mobile communication terminal number from the debit application information according to the payer's consent request on behalf of the direct debit relay server 2, and sends it to the payer's mobile communication terminal. Sending a message or SMS through a mobile messenger to guide payment information and direct debit information, and directing the user to a mobile web page where the debit consent information is entered. Function module for receiving the debit agreement information. In this case, the payer's consent checking means 32 extracts the payer's mobile communication terminal number, determines the characteristics of the mobile communication terminal corresponding to the extracted mobile communication terminal number, and determines whether to transmit it to the mobile messenger or SMS, According to the result, the mobile messenger or SMS is transmitted. In addition, if the payer's mobile communication terminal is not a suitable terminal to receive a mobile messenger or SMS, or if the payer is difficult to perform the payment, the payer informs the user's payment information and direct debit information by sending an ARS call, and the payer confirms the request for consent. If you agree to direct debit and receive the debit agreement information entered through the ARS.

The payer consent result transmission means 33 is a functional module for transferring the debit agreement information received from the payer to the debit relay server 2.

The detailed functions and operations of the individual components constituting the automatic debit fraud withdrawal prevention system 1 through the payment of the payer's own authorization will be described through the method of preventing direct debit withdrawal through the authorization of the payer's own consent described below.

<2. Method composition>

The method of preventing direct debit withdrawal through authentication of the payer's own consent according to the present invention can be realized through the aforementioned debit withdrawal prevention system 1.

4 is a diagram illustrating a procedure of a method for preventing direct debit withdrawal through authentication of a payer's own consent according to the present invention.

In the method of preventing direct debit withdrawal through authentication of the payer's own consent according to the present invention, when using regular goods or services such as newspapers, insurance, and apartment management fees, monthly payments must be paid to the withdrawal institution. In this case, it is also possible to pay using paper, but usually it is easy to use automatic transfer.

As such, the withdrawal institution that receives the payer's direct debit application offline does not directly execute the debit registration application by the person who wants to pay the fee using the direct debit (ie, the payer). The payer himself / herself is able to minimize the exposure of personal information and prevent fraudulent withdrawals by the withdrawal institution by processing the direct debiting ledger registration on the bank with only a part of the account, and allowing the payer to process the consent of the direct debit application directly. Provides a method for preventing direct withdrawal fraud with consent.

First, as shown in FIG. 4, in step S101, the withdrawal authority terminal 5 files a direct debit agreement written or a recorded debit agreement voice received from a payer on-line and debits a debit agreement or direct debit. Save the consent voice file, and generate the debit agreement information file including the direct debit agreement written file or the direct debit agreement voice file and public personal information such as the payer's withdrawal account number and mobile communication terminal number. In this case, the public personal information included in the direct debit application information is personal information that is less likely to be misused even if it is disclosed externally, such as the payer's name, withdrawal account number, mobile communication terminal number, and date of birth in the resident registration.

In step S102, the automatic debit registration request receiving means 21 of the automatic debit relay server 2 receives a direct debit registration request including payment information of the payer from the withdrawal authority terminal 5.

In step S200, the debit relay server 2 executes a procedure for confirming whether or not the payer agrees to the debit for the debit registration request.

In step S201, the automatic debit consent response receiving means 22 of the automatic debit relay server 2 sends the automatic debiter of the payer to confirm whether the payer agrees to the automatic debit registration request to the external authentication server 3. Send a payer consent request to enter consent information.

In step S202, the authentication server 3 receives the payer consent request through the payer consent request receiving means 31, and the payer from the direct debit application information according to the payer consent request via the payer consent check means 32 Extract the mobile communication terminal number.

Then, in step S203, whether or not the payer consent of the payer of the authentication server 3 checks the characteristics of the mobile communication terminal corresponding to the extracted payer's mobile communication terminal number, and transmits it to the mobile messenger or SMS If it is determined that the mobile messenger or SMS transmission is not suitable, it is determined whether to send an ARS call.

Then, in step S204, the payer consent check means 32 of the authentication server 3 guides the usage information and the direct debit information through the message, SMS or ARS call of the determined mobile messenger, the debit agreement information Induces a mobile web page to enter the information, or ARS guide voice prompts for payment information and direct debit information, and if the payer confirms the request for consent and agrees to the direct debit, asks the payer consent to enter through the ARS .

Then, in step S205, the payer is informed of the payment information and the direct debit information delivered to his mobile terminal 6, and if the user wants to agree to the debit registration according to the guide, the input window of the debit agreement information Enter the debit agreement information by accessing the mobile web page providing the. At this time, in the case of an ARS call, the debit agreement information is transmitted through voice or keyword input on the ARS call. Here, the debit consent information is an unfinished, private individual, such as part of the payer's social security number (the last seven digits), part of the withdrawal account password (at least two of the four digit passwords), or part of the security card issuance serial number (the last four digits). The information consists of information, which is personal information that is highly likely to be misused when disclosed to the outside, and inputs only a part of the personal information rather than the whole.

In step S206, the payer consent result transmission means 33 of the authentication server 3 receives the debit agreement information input from the payer and transmits it to the debit relay server 4 again.

In step S207, the direct debit relay server 2 checks whether or not the payer agrees to the direct debit agreement through the received debit agreement information, and if so, continues the subsequent steps of the debit registration procedure.

In step S301, the automatic debit check ledger registration means 23 of the direct debit relay server 2 sends a bank account 4 a direct debit customer ledger registration request including the debit application information and the debit agreement information. send.

In step S302, the bank server 4 extracts the personal information of the account holder, which is already stored, from the debit application information in order to determine whether the registration request is appropriate or not according to the direct debit customer ledger registration request.

Then, in step S303, the bank server 4 compares the debit agreement information and the extracted personal information of the account holder to determine the suitability of the direct debit customer ledger registration. At this time, when the bank server 4 compares the uncompleted private personal information of the debit agreement information sent from the direct debit relay server 2 with the completed private personal information of the extracted account holder's personal information, and match each other, If it is determined that the direct debit customer ledger registration is appropriate, the process proceeds to step S304, and if it does not coincide with each other, the debit direct ledger registration is determined to be inappropriate and the process proceeds to step S306.

In step S304, the bank server 4 registers the requested direct debit customer ledger from the direct debit relay server 2. In step S305, the direct debit customer ledger registration permission response, which is the result of the direct debit customer ledger process, is transmitted to the direct debit relay server 2. On the other hand, in step S306 transmits a direct debit customer ledger registration impossible response to the direct debit relay server (2).

Finally, in step S400, the debit registration result notification means 24 of the debit relay server 2 notifies the debit registration result that was requested from the withdrawal authority terminal 5, and the debit registration is made. If the direct debit is successfully performed on the due date, the result is notified to the withdrawal authority terminal (5).

As such, the method for preventing direct debit withdrawal through authentication of the payer's own consent according to the present invention is that a person (that is, the payer) who wants to pay a fee by using direct debit performs a direct debit registration application online. Instead, the withdrawal institution that receives the payer's direct debit application on-line handles the bank account registration with the bank directly with only a part of the payer's personal information, allowing the payer to process the consent of the debit request directly. Minimize exposure and discourage the withdrawal from fraudulently.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments. It will be understood that various modifications and changes may be made without departing from the scope of the appended claims.

1: system 2: direct debit relay server
3: authentication server 4: bank server
5: withdrawal terminal 6: payer mobile terminal

Claims (16)

In the automatic debit fraud withdrawal prevention system that performs automatic debit when the payer's consent is confirmed with respect to the debitee's application for debit on wired and wireless networks,
A payer who receives a direct debit registration request including payment information of the payer from a withdrawal authority terminal and requests the payer to input the debit agreement information to confirm whether the payer agrees to the debit registration request. Receiving a response to the direct debit agreement information by sending a consent request, and sends a direct debit customer ledger registration request including the debit application information and the debit agreement information to a bank server to receive a result of the direct debit customer ledger registration, An automatic debit relay server that responds to the withdrawal authority terminal;
Receives a payment requestor consent request from the direct debit relay server, extracts a payer's mobile communication terminal number from the debit application information and transmits the payment information and direct debit information to the payer's mobile communication terminal to the payment information An authentication server for requesting an input of, and receiving a payment request information when the payer confirms the consent request and receives the debit agreement information inputted to the debit server; And
Receiving a request for direct debit customer ledger registration from the direct debit relay server, extracts the personal information of the account holder that has already been stored from the received direct debit application information, and the received debit agreement information and the extracted personal information of the account holder And a bank server for registering the direct debit customer ledger and responding to the result of the transaction if they match each other. The method of claim 1,
Store the debit agreement written file or the recorded debit agreement voice file received from the payer, and disclose the public debit consent file or the direct debit agreement voice file and public personal information such as the payer's withdrawal account number and mobile terminal number; A withdrawal authority terminal generating a direct debit application information including; and sending a debit registration request including the debit application information to the debit relay server and receiving a registration result; Fraud Withdrawal System. The method of claim 1,
The debit application information may include data files such as a debit agreement written file or a recorded debit agreement voice file received from the payer, and public personal information such as the payer's name, withdrawal account number, mobile communication terminal number, and date of birth in the resident registration card. Information consisting of,
The debit consent information may include incomplete, non-public personal information, such as part of the payer's social security number (the last seven digits), part of the withdrawal account password (at least two of the four digit passwords), and part of the security card issuance serial number (the last four digits). Information consisting of,
The personal information of the account holder is a direct debit illegal withdrawal prevention system, characterized in that the information including both the public and private personal information. The method of claim 3,
The direct debit relay server,
Direct debit registration request receiving means for receiving a debit registration request including debit application information from the withdrawal authority terminal;
A direct debit consent response receiving means for receiving the debit agreement information by sending the payer consent request to the authentication server in order to confirm whether the payer agrees to debit the debit registration request;
Direct debit customer ledger registration means for receiving a direct debit customer ledger registration request including the debit application information and the debit agreement information to a bank server and receiving a result of the direct debit customer ledger registration; And
And a debit registration result notification means for receiving a debit result from the bank server at each debit date and notifying the withdrawal institution terminal. 5. The method of claim 4,
The direct debit relay server,
Receive a direct debit registration request from the withdrawal authority terminal, which includes a payer's debit agreement written file or a debit agreement voice file and public debit application information consisting of the payer's withdrawal account number and mobile terminal number;
Part of the resident registration number (the last seven digits), part of the withdrawal account password (at least two of the four digit passwords), part of the security card issue serial number Request the input of the debit consent information consisting of uncompleted private personal information, such as the next four digits, and if the payer agrees to the direct debit, the debit consent information is sent,
Send a direct debit customer ledger registration request including the debit application information and debit agreement information to the bank server;
The bank server extracts the personal information of the account holder already stored from the debit application information, and compares the uncompleted private personal information of the debit consent information with the completed private personal information of the extracted account information. If the coincidence with each other, the direct debit customer ledger registration and receiving a result of the processing response is characterized in that the debit withdrawal prevention system. The method of claim 1,
The authentication server includes:
A payer consent request receiving means for receiving the payer consent request from the direct debit relay server;
Extract the payer's mobile communication terminal number from the debit request information according to the payer's consent request and send a message or SMS through the mobile messenger to the payer's mobile communication terminal to guide the use price information and the direct debit information, and automatically Payment means for confirming whether or not the payer agrees to the mobile webpage for inputting the transfer agreement information and receives the debit consent information entered when the payer confirms the request for consent and agrees to the direct debit; And
And a payer consent result transmitting means for transmitting the debit agreement information to the debit relay server. The method according to claim 6,
The means for confirming whether the payer agrees further includes a function of guiding the use price information and direct debit information by sending an ARS call, and receiving the debit consent information entered when the payer confirms the request for consent and agrees to the direct debit. Direct debit fraud prevention system, characterized in that. 7. The method according to claim 1 or 6,
The authentication server includes:
The automatic debit illegal withdrawal prevention system, characterized in that the automatic transfer relay server is integrated with the internal configuration module under the control of the automatic transfer relay server. Claims [1] A method for preventing direct debit withdrawals, which performs automatic debit when a payer's consent is confirmed with respect to a payer's application for debit on a wired or wireless network,
(a) receiving, by the direct debit relay server, a debit registration request including payment information of a payer from a withdrawal authority terminal;
(b) the automatic debit relay server responds to the direct debit agreement information by sending a payer's consent request requesting the payer's debit agreement information input to confirm whether the debiter agrees to the debit for the debit registration request; Receiving step;
(c) the debit relay server transmitting a direct debit customer ledger registration request including the debit application information and the debit agreement information to a bank server to receive a result of the direct debit customer ledger registration; And
(d) the automatic debit relay server notifying the withdrawal authority terminal of the result of the automatic debit customer ledger registration and the result of the automatic debit received from the bank server every day; 10. The method of claim 9,
The step (a)
The withdrawal authority terminal stores the debit agreement written file or recorded debit agreement voice file received from the payer, and the debit agreement written file or debit agreement voice file and the payer's withdrawal account number and mobile communication terminal number. Generating a direct debit application information including the same public personal information and transmitting the debit registration request including the debit application information to the debit relay server. 10. The method of claim 9,
The debit application information may include data files such as a debit agreement written file or a recorded debit agreement voice file received from the payer, and public personal information such as the payer's name, withdrawal account number, mobile communication terminal number, and date of birth in the resident registration card. Information consisting of,
The debit consent information may include incomplete, non-public personal information, such as part of the payer's social security number (the last seven digits), part of the withdrawal account password (at least two of the four digit passwords), and part of the security card issue serial number (the last four digits). Information consisting of,
The personal information of the account holder is a method for preventing direct debit withdrawal, characterized in that the information including both the public personal information and private personal information. 12. The method of claim 11,
The step (b)
The debit relay server, part of the payer's resident registration number (the last seven digits), part of the withdrawal account password (at least two of the four-digit password), security to confirm whether the payer agrees to the direct debit for the debit registration request Requesting the input of direct debit consent information consisting of unfinished private personal information such as part of the card issuance serial number (4 digits after the back), and when the payer agrees to the direct debit, the debit consent information is transmitted. How to prevent direct debit withdrawals. The method of claim 12,
The step (b)
The direct debit relay server sends a payer consent request to an external authentication server, the authentication server extracts the payer's mobile communication terminal number from the debit application information according to the payer's consent request, and sends the mobile messenger to the payer's mobile communication terminal. Direct payment information and direct debit information by sending a message or SMS through, directing to the mobile web page to enter the debit consent information, the debit entered by the payer to confirm the consent request and agree to the direct debit Receiving the consent information is a step of preventing direct debit fraud withdrawal. The method of claim 13,
The step (b)
The authentication server sends an ARS call to guide the use price information and direct debit information, and if the payer confirms the consent request and agrees to the direct debit, the method further includes receiving the debit agreement information entered. How to prevent direct debit withdrawals. The method according to claim 9 or 13,
The step (b)
And an authentication server integrated with the internal configuration module in the direct debit relay server to transmit the payer consent request, and receive the debit agreement information. 12. The method of claim 11,
The step (c)
The direct debit relay server sends a direct debit customer ledger registration request including the debit application information and the debit agreement information to the bank server, and the bank server already stores the debit application information from the debit application information. If the personal information is extracted, and the uncompleted private personal information of the direct debit consent information is compared with the completed private personal information of the extracted account holder's personal information, the automatic debit customer ledger is registered and responded to. Method of preventing a direct debit fraud withdrawal, characterized in that the step of receiving.
KR1020130098744A 2013-08-20 2013-08-20 System and method of automatic withdrawal fraud prevention through payer consent authentication KR20130106331A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020130098744A KR20130106331A (en) 2013-08-20 2013-08-20 System and method of automatic withdrawal fraud prevention through payer consent authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020130098744A KR20130106331A (en) 2013-08-20 2013-08-20 System and method of automatic withdrawal fraud prevention through payer consent authentication

Publications (1)

Publication Number Publication Date
KR20130106331A true KR20130106331A (en) 2013-09-27

Family

ID=49454294

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020130098744A KR20130106331A (en) 2013-08-20 2013-08-20 System and method of automatic withdrawal fraud prevention through payer consent authentication

Country Status (1)

Country Link
KR (1) KR20130106331A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101697432B1 (en) 2015-09-23 2017-01-18 주식회사 우리은행 Method for certifying of financial transaction using location information
KR20220120203A (en) * 2021-02-23 2022-08-30 주식회사 헥토파이낸셜 System for performing simple payment registration based common encryption of account and name, and simple payment registration method

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101697432B1 (en) 2015-09-23 2017-01-18 주식회사 우리은행 Method for certifying of financial transaction using location information
KR20220120203A (en) * 2021-02-23 2022-08-30 주식회사 헥토파이낸셜 System for performing simple payment registration based common encryption of account and name, and simple payment registration method

Similar Documents

Publication Publication Date Title
US20180225659A1 (en) Information processing device and information processing method
KR20110019887A (en) Mobile virtual machine settlement system of account and card and method using virtual machine trading stamp
KR100773918B1 (en) Billing and payment service method using settlement function of mobile electronic purse and system thereof
JP2004516578A (en) Confirmation of billing for utility use and confidentiality self-billing and payment methods including settlement and dispute settlement
WO2009012731A1 (en) Method of effecting payment transaction using a mobile terminal
KR20080023282A (en) A method for paying money using human body-related information in commercial transaction systems
KR20120100283A (en) System and method for electronic payment
JP4689990B2 (en) Method and system for charging electronic money
KR101984620B1 (en) Electronic Payment System
JP2001034691A (en) Charge payment system by portable terminal
KR20130106331A (en) System and method of automatic withdrawal fraud prevention through payer consent authentication
US20190188680A1 (en) Method and system applied to financial transactions via mobile or embedded devices
KR100584900B1 (en) System and its method of payment by securing payer&#39;s private information and by protecting wrong drawing
KR101604656B1 (en) System for consenting settlement and automacic transfer
KR101659372B1 (en) System and method of providing cash management service using remittance-based payer authentication
WO2014146286A1 (en) Secure payment system and method for bank card by using real-time communication
RU125745U1 (en) ELECTRONIC PAYMENT SYSTEM
KR20120132729A (en) Method of remittance proxy service using CMS and the remittance proxy system
KR20090001910A (en) System and method for operating automatic transfer and program recording medium
KR100394527B1 (en) An Electronic Payment Method Using A Value-Added Network
WO2014058349A1 (en) Electronic payment system
KR100999990B1 (en) System and method for safely transferring money on deposit
KR20020030058A (en) Phone number banking account management system and payment method
KR101001371B1 (en) System and method for safely transferring money on deposit of a company
TW505873B (en) Payment method with mobile communication

Legal Events

Date Code Title Description
A201 Request for examination
G15R Request for early opening
E902 Notification of reason for refusal
E601 Decision to refuse application