WO2017009743A1 - Method and system for enhancing security of card based financial transaction - Google Patents

Method and system for enhancing security of card based financial transaction Download PDF

Info

Publication number
WO2017009743A1
WO2017009743A1 PCT/IB2016/054035 IB2016054035W WO2017009743A1 WO 2017009743 A1 WO2017009743 A1 WO 2017009743A1 IB 2016054035 W IB2016054035 W IB 2016054035W WO 2017009743 A1 WO2017009743 A1 WO 2017009743A1
Authority
WO
WIPO (PCT)
Prior art keywords
card
user
cards
message
authentication mode
Prior art date
Application number
PCT/IB2016/054035
Other languages
French (fr)
Inventor
Manish Kumar Jain
Gaurav Goyal
Original Assignee
Comviva Technologies Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Comviva Technologies Limited filed Critical Comviva Technologies Limited
Publication of WO2017009743A1 publication Critical patent/WO2017009743A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3224Transactions dependent on location of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards

Definitions

  • the invention generally relates to financial transaction authentication. More particularly, the invention relates to enhancing security of card based financial transaction.
  • card based financial transactions such as purchase transactions and banking transactions have gained popularity.
  • the cards include a credit card, a debit card, an automated teller machine (ATM) card, a fleet card, stored- value card, prepaid card, and a gift card.
  • ATM automated teller machine
  • These cards generally include a magnetic strip, which stores the details of the card.
  • each of the cards has a Card Verification Value (CVV) number and a card identification number.
  • CVV Card Verification Value
  • transaction using the card is completed only upon positive authentication of PIN associated with the card.
  • transaction using the card is completed only upon positive authentication of the CVV number present on the card.
  • OTP one-time password
  • two-step verification based on a combination of above-mentioned techniques is used.
  • data such as PIN and CVV can be easily stolen by using hidden camera near transaction locations, malicious software in a device processing card information for transaction, and placing paper on a device accepting the card for transaction.
  • the magnetic strip can be copied using a malicious hardware/software component in the device accepting the card.
  • the card can be cloned during transactions and unauthorized transactions can be done using the cloned card and the stolen data. In such situations, the above-mentioned techniques are unable to prevent the unauthorized transactions.
  • such unauthorized transactions are identified after the unauthorized transactions are processed completely and successfully. Consequently, a user of the card is left with very few options such as blocking or hot-listing the card and destroying the card.
  • both the options permanently block the cards from usage and require the user to opt for a new card that is a time consuming and lengthy process.
  • the transaction using the card is processed based on a comparison between a location of the transaction and a location of a mobile device associated with the card. If the location of the transaction is same as the location of the mobile device, the transaction is processed and completed. If, on the other hand, the location of the transaction is different from the location of the mobile device, the transaction is prevented from completion.
  • a location of the transaction is same as the location of the mobile device, the transaction is processed and completed. If, on the other hand, the location of the transaction is different from the location of the mobile device, the transaction is prevented from completion.
  • such technique fails in situations when the mobile device is lost or when the mobile device is switched off or malfunctions or when the mobile device is out of coverage area. In addition, the technique fails in situations when location of the mobile device is not detectable.
  • the present invention as embodied and broadly described herein, provides for enhancing security of card based financial transaction.
  • a user creates an account with a server and associates one or more cards issued to the user by one or more issuers.
  • a location based authentication mode is activated for the associated cards.
  • the location based authentication mode authenticates the associated card based on location information of a mobile device associated with the associated card.
  • the user sends a request to the server for switching the authentication mode of the one or more associated cards.
  • the user also sends one or more user-defined locations to the server.
  • the server Upon receiving the request, the server disables the currently active location based authentication mode for the one or more associated cards. Thereafter, the server enables an alternative location based authentication mode for the one or more associated cards.
  • the alternative location based authentication mode authenticates the associated card based on the one or more user-defined locations.
  • the server authenticates the associated card when a location of a transaction using the associated card is amongst the one or more user-defined locations.
  • the associated card upon switching, is authenticated based on user-defined locations and not based on the location of the mobile device of the user. This reduces dependency of carrying the mobile device and keeping the mobile device in working state.
  • the user can specify multiple user-defined locations and change the user-defined locations as required. Thus, ensuring processing of only authorized transactions using the associated card at the specified user-defined locations.
  • the server saves the user-defined locations in a database and uses the data for authentication of the card during the transaction.
  • the user does not provide the user-defined locations to a device processing the card for the transaction, thereby eliminating the chances of stealing such data from the device.
  • This further improves the security of the card as even if data such as PIN and CVV are stolen from the device, the transaction is not processed unless the location of the transaction matches with the user- defined locations.
  • the use of the card is restricted to the one or more user-defined locations. As such, the card is temporarily blocked at locations other than the user-defined locations. Thus, the security of the card is greatly improved as unauthorized transactions are greatly reduced.
  • the user can specify any number of user-defined locations, an easy solution is provided to the user as opposed to blocking or hot-listing the card and destroying the card in case the card is lost or data is stolen.
  • multiple cards can be associated with same mobile device and different locations can be defined for each of the multiple cards. Therefore, a comprehensive security is provided to each of the multiple cards when the cards are used at different location since the authentication of the card is performed based on the user-defined locations and not on the location of the mobile device.
  • Figures la and lb illustrate an exemplary method for enhancing security of card based financial transaction, in accordance with an embodiment of present invention.
  • Figure 2 illustrates an exemplary server for enhancing security of card based financial transaction, in accordance with an embodiment of present invention.
  • Figure 3 illustrates an exemplary network environment that implements the server for enhancement of security of card based financial transaction, in accordance with an embodiment of present invention.
  • Figures 4-7 schematically illustrate various operations of the server for enhancement of security of card based financial transaction, in accordance with an embodiment of present invention.
  • any terms used herein such as but not limited to “includes,” “comprises,” “has,” “consists,” and grammatical variants thereof do NOT specify an exact limitation or restriction and certainly do NOT exclude the possible addition of one or more features or elements, unless otherwise stated, and furthermore must NOT be taken to exclude the possible removal of one or more of the listed features and elements, unless otherwise stated with the limiting language “MUST comprise” or “NEEDS TO include.”
  • one or more particular features and/or elements described in connection with one or more embodiments may be found in one embodiment, or may be found in more than one embodiment, or may be found in all embodiments, or may be found in no embodiments.
  • one or more features and/or elements may be described herein in the context of only a single embodiment, or alternatively in the context of more than one embodiment, or further alternatively in the context of all embodiments, the features and/or elements may instead be provided separately or in any appropriate combination or not at all.
  • any features and/or elements described in the context of separate embodiments may alternatively be realized as existing together in the context of a single embodiment.
  • Figures la and lb illustrate an exemplary method 100 for enabling location-based authentication, in accordance with an embodiment of present invention.
  • the method 100 comprises: receiving 101, in respect of an account, a request for switching a currently active location based authentication mode, the account being associated with one or more cards issued to a user of the account by one or more issuers; disabling 102 the currently active location based authentication mode for said one or more cards; and enabling 103 an alternative location based authentication mode for said one or more cards, said alternative location based authentication mode being based on one or more user-defined locations.
  • the method 100 further comprises: determining 104 a location information in respect of a transaction initiated using a card, the card being one of said one or more cards; and transmitting 105 an alert message to a mobile device of the user in case the location information is different from said one or more user-defined locations.
  • the said one or more cards is one of: a credit card, a debit card, an automated teller machine (ATM) card, a fleet card, stored-value card, prepaid card, and a gift card.
  • the request is received via one of: a web based application, a mobile based application, a short message server (SMS) message, a short code, and interactive voice response (IVR).
  • SMS short message server
  • IVR interactive voice response
  • the currently active location based authentication mode is based on a location information of a mobile device associated with said one or more cards.
  • FIG. 2 illustrates an exemplary server 200 for enhancing security of card based financial transaction, in accordance with an embodiment of present invention.
  • the server 200 is capable of implementing the methods as described with reference to preceding Figures la and lb.
  • the server 200 comprises: a receiving unit 201 to receive, in respect of an account, a request for switching a currently active location based authentication mode, the account being associated with one or more cards issued to a user of the account by one or more issuers; and a processor 202 coupled to the receiving unit 201 to: disable the currently active location based authentication mode for said one or more cards; and enable an alternative location based authentication mode for said one or more cards, said alternative location based authentication mode being based on one or more user-defined locations.
  • the server 200 further comprises an analysis unit 203 to determine a location information in respect of a transaction initiated using a card, the card being one of said one or more cards; and a message transmitting unit 204 to transmit an alert message to a mobile device of the user in case the location information is different from said one or more user-defined locations.
  • the request is received via one of: a web based application, a mobile based application, a short message server (SMS) message, a short code, and interactive voice response (IVR).
  • SMS short message server
  • IVR interactive voice response
  • the currently active location based authentication mode is based on a location information of a mobile device associated with said one or more cards.
  • the processor 202 software components to perform the functions.
  • the analysis unit 203 may be implemented using hardware components or software components or combination of both.
  • the processor 202 and the analysis unit 203 may form a single module.
  • the receiving unit 201 is adapted to receive one or more inputs from the user.
  • the server 200 further includes a message generating unit 205 to generate the message being transferred by the message transmitting unit 204. Additionally, the server 200 includes a memory 206 for storing the outputs of each of the previously mentioned units. Further, it would be understood that in one embodiment the above-mentioned functions of the processor 202, the analysis unit 203, the message generating unit 205, and the message transmitting unit 204 can be performed by a single unit.
  • the server 200 is coupled with a database 207 for storing data.
  • the database 207 is external to the server 200, as shown in the figure.
  • the database 207 is integrated with the server 200.
  • specific hardware components have been depicted in reference to the server 200, it is to be understood that the server 200 and the various components may include other hardware components and/or software components as known in the art for performing necessary functions.
  • Figure 3 illustrates an exemplary network environment 300 that facilitates the server 200 to enhance the security of the cards and
  • Figures 4-7 illustrates the various operations of the server 200 thereof, in accordance with an embodiment of present invention.
  • the network environment 300 includes one or more computing devices 301-1, 301-2,..301-N, (hereinafter referred to as computing device 301 indicating one computing device and computing devices 301 indicating a plurality of computing devices).
  • Examples of commuting device 301 include the desktop, notebook, tablet, smart phone, and laptop.
  • the server 200 is coupled to the computing devices 301 over a network 302.
  • Examples of the network 302 include wireless network, wired network, and cloud based network.
  • the server 200 provides various services to users for managing their financial equipment such as cards.
  • a user 303 accesses the server 200 through the computing device 301 over the network 302 and creates an account 304.
  • the creation of an account is similar to methods known in the art.
  • the user 303 accesses a web-based application or a mobile-based application on the computing device 301 and creates the account 304.
  • the account 304 is associated with one or more mobile devices 305 (hereafter referred to as mobile device 305) of the user 303.
  • the account 304 includes details of the user 303 such as name, address, and mobile subscriber identification number (MSIDN) of the associated mobile device 305.
  • the server 200 stores the details of the account 304 and the associated details of the user 303 in the database 207.
  • the network environment 300 includes a plurality of issuer systems 306-1, 306-2, ... 306-N, (hereinafter referred to as issuer system 306 indicating one issuer system and issuer systems 306 indicating a plurality of issuer systems) corresponding to plurality of issuers such as banks and merchants.
  • issuer system 306 indicating one issuer system and issuer systems 306 indicating a plurality of issuer systems
  • the issuers issues one or more cards to the user 303 for conducting financial transactions such as purchase transactions and banking transactions.
  • the cards include a credit card, a debit card, an automated teller machine (ATM) card, a fleet card, stored-value card, prepaid card, and a gift card.
  • ATM automated teller machine
  • Examples of the issuer systems 306 include systems employed by banks and merchants.
  • the user 303 specifies cash limit value and credit limit value for the issued cards.
  • the issuer systems 306 are coupled with the server 200 over the network 302. In an example, the issuer systems 306 are registered with the server 200.
  • the user 303 associates the one or more cards 307-1, 307-2, 307-3, ... 307-N (hereinafter referred to as associated card 307 indicating one card and associated cards 307 indicating a plurality of cards) with the account
  • the associated cards 307 might be issued by one issuer or by multiple issuers.
  • the user 303 accesses the account 304 using web-based application or mobile-based application provided by the issuer.
  • the association of the one or more cards includes providing details of the associated card 307 and the corresponding issuer issuing the associated card 307. Thereafter the association is performed as known in the art. Further, the server 200 stores the details of the associated cards 307 in the database
  • a flag is set indicative of the association of the card with the account 304.
  • the server 200 shares association details with the issuer systems 306 of the corresponding issuers. The association details are indicative that the server 200 will perform authentication of the associated cards 307. In the example above, the server 200 shares information regarding the setting of the flag for each of the associated cards 307.
  • the issuer systems 306 save the association details in a database (not shown in the figure). In an example, the issuer system 306 saves a list of associated cards 307 along with the flag details in the database.
  • the issuer system 306 sends a validation request to the server 200 based on the association details, as will be described in subsequent Figures and paragraphs.
  • the user 303 specifies cash limit value/credit limit value for one or more of the associated cards 307. As would be understood, the user 303 may also specify cash limit value/credit limit value for the one or more of the associated cards 307 at the corresponding issuer system 306.
  • the server 200 activates a location based authentication mode for each of the cards 307 for enhancing security of the associated cards 307.
  • the server 200 authenticates the associated card 307 during initiation of a financial transaction based on a location of a mobile device associated with the associated card 307.
  • the mobile device is same as the mobile device 305 associated with the account 304. In another example, the mobile device is different from the mobile device
  • the server 200 activates the location based authentication mode by default for each of the associated cards 307. In another embodiment, the server 200 activates the location based authentication mode upon receiving a request from the user 303 for the one or more associated cards 307. In such embodiment, the user 303 selects an option pertaining to the activation the location based authentication mode provided by the web-based application or the mobile-based application on the computing device 301.
  • the network environment 300 includes a plurality of point of transaction (POT) systems 308-1, 308-2,.. 308-N, (hereinafter referred to as POT system 308 indicating one POT system and POT systems 308 indicating a plurality of POT systems).
  • POT system 308 enables the user 303 to perform financial transactions using the one or more cards.
  • Examples of the POT system 308 include point of sale (POS) systems, automated teller machines (ATMs), and web-based applications and mobile-based applications where a user engages in a financial transaction such as banking applications and shopping applications.
  • the POT systems 308 are coupled with issuer systems 306 over the network 302. Further, the POT systems 308 may be coupled with other systems (not shown in the figure) such as inventory systems, catalogue systems, customer relationship management (CRM) system, and bill processing systems, as well as third party systems over the network 302.
  • CCM customer relationship management
  • Figure 4 illustrates the operations performed by the server 200 to enhance a security of the associated cards 307.
  • the user 303 sends a request to the server 200.
  • the request pertains to switching the currently active location based authentication mode of the one or more associated cards 307.
  • the user 303 sends the request through one of the following methods: a web-based application, a mobile -based application, a short message server (SMS) message, a short code, and interactive voice response (IVR).
  • SMS short message server
  • IVR interactive voice response
  • the user 303 sends the request from the computing device 301.
  • the user 303 sends the request from the mobile device 305.
  • the request includes an identifier indicative of switching the currently active location based authentication mode.
  • the request further includes details of the account 304 and/ or details of the associated card 307.
  • the request for switching the authentication mode pertains to one associated card 307.
  • the user 303 sends separate requests for each of the associated cards 307 as required.
  • Each such request includes details of the account 304 and details of the associated card 307.
  • the request for switching the authentication mode pertains to all of the associated cards 307.
  • the user 303 sends one request for switching the authentication mode of the account 304.
  • such request includes only the details of the account 304.
  • the user 303 specifies one or more user-defined locations to the server 200.
  • the user-defined location is a geographical location encompassing a wide area such as a city and a country.
  • the user-defined location is a geographical location encompassing a small area such as a market area and an exact location of a POT system.
  • the user 303 specifies the one or more user-defined locations in the request for switching the currently active location based authentication mode.
  • the user 303 specifies the one or more user-defined locations in subsequent messages in response to messages sent by the server 200.
  • the user 303 specifies a user-defined location for the account 304 such that the user-defined location is specified for all the associated cards 307.
  • the user 303 specifies a user-defined location for one or more of the associated cards 307.
  • the user-defined location can be different for each of the one or more associated cards 307.
  • the receiving unit 201 receives the request and the one or more user- defined locations from the computing device 301 or the mobile device 305.
  • the processor 202 determines a currently active authentication mode for the one or more associated cards from the mapping in the database 207.
  • the currently active authentication mode is location based authentication mode using location information of a mobile device. Thereafter, the processor 202 disables the currently active location based authentication mode, represented as 1 in the figure.
  • the processor 202 then enables alternate location based authentication mode, represented as 2 in the figure, based on the one or more user-defined locations.
  • the processor 202 further stores the one or more user-defined locations in the database 207 such that the account 304 and the associated cards 307 are mapped with the one or more user- defined locations.
  • the processor 202 stores the previously active and currently active authentication modes in the database 207.
  • the processor 202 may validate the account 304 based on the details of the account 304 present in the request. In one example, the processor 202 sends a message to the user 303 to provide credentials of the account 304 for validation.
  • the message generating unit 205 generates an appropriate message and the message transmitting unit 204 transmits the message to the computing device 301 or the mobile device 305.
  • the processor 202 validates the credentials and performs the switching as described above.
  • the processor 202 performs a further validation.
  • the message generating unit 205 generates a challenge message for the user 303, as known in the art.
  • the challenge message include one-time-password (OTP) and captcha message.
  • the message generating unit 205 may generate a response message and stores in the memory 206. In an example, the response message is same as the challenge message.
  • the message transmitting unit 204 then transmits the challenge message to the user 303.
  • the message transmitting unit 204 transmits the challenge message to the computing device 301.
  • the message transmitting unit 204 transmits the challenge message to the mobile device 305.
  • the message transmitting unit 204 transmits the challenge message to the same device sending the request for switching.
  • the message transmitting unit 204 transmits the challenge message to a device different from the device sending the request for switching.
  • the receiving unit 201 receives a response message from the user 303 in response to the challenge message.
  • the processor 202 validates the received response message by matching the received response message with the stored response message. Based on the matching, the message generating unit 205 generates an appropriate message for the user 303. If a positive match is obtained, the message generating unit 205 generates a success message indicative of the positive match. In an example, the success message indicates successful switching. The success message further indicates that alternate location based authentication mode based on the one or more user-defined locations is currently active. If a match is not obtained, the message generating unit 205 generates a failure message. In an example, the failure message indicates unsuccessful switching. The failure message further indicates the user 303 to resend the request for switching. Further, the processor 202 switches the authentication mode to the previously active location based authentication mode.
  • the message transmitting unit 204 transmits the message to the device which sent the response message. Further, upon activation of the alternative location based authentication mode, the user 303 may further sends messages to change the user-defined locations. It would be understood, that such messages will not switch the authentication mode.
  • the user-defined locations are further mapped with the account 304 and the associated cards 307 in the database 207, as described in reference to step 402 above.
  • Figures 5 & 6 illustrates the operations performed by the server 200 during a transaction initiated by the associated card 307 after switching the authentication mode.
  • the POT system 308 transmits a validation request to the issuer system 306 when a financial transaction is initiated using a card by the user 303.
  • the transaction include banking transaction at ATM, purchase transaction at POS system, e-commerce purchase on web-based application or mobile-based application, and banking transaction on web-based application or mobile- based application.
  • the validation request includes authentication credentials of the POT system 308, transaction information, card identifier data indicating details about the card, and location information in respect of the transaction.
  • the location information is a geographic location of the POS system and ATM.
  • the location information is geographic location of the computing device 301 which access the web-based applications or mobile-based applications.
  • the POT system 308 may also transmit authentication credentials such as PIN and Password associated with the card and known only to the user 303.
  • the issuer system 306 determines if the card is one of the associated cards 307. In an example, the issuer system 306 retrieves the list of associated cards 307 along with flag details from the database and determines if the card is one of the associated cards 307 based on the flag details. If the flag is set, the card is determined as the associated card 307 for which the server 200 performs the authentication. Thereafter, the issuer system 306 forwards the validation request to the server 200.
  • the issuer system 306 will not send the validation request to the server 200. Thereafter, the issuer system 306 performs validation of the card in a manner as known in the art. In an example, the issuer system 306 validates the authentication credentials received along with the validation request.
  • the analysis unit 203 determines a currently active authentication mode associated with the card from the database. Based on the currently active authentication mode, the analysis unit 203 performs the validation of the card. Accordingly, upon determining the current active authentication mode is alternate location based authentication mode, the analysis unit 203 retrieves the one or more user- defined locations specified for the card from the database. The analysis unit 203 then matches the location information in the validation request against the one or more user- defined locations. Upon determining the location information is amongst the one or more user-defined locations, the message generating unit 205 generates a validation success message indicative of the positive validation.
  • the analysis unit 203 also compares a value of the transaction with the cash limit value/credit limit value specified by the user 303 in the account 304. Based on the comparison, the message generating unit 205 generates a transaction value message.
  • the transaction value message indicates, the value of the transaction is above the specified cash limit value/credit limit value.
  • the transaction value message indicates the value of the transaction is below the specified cash limit value/credit limit value.
  • the transaction value message is included in the success message.
  • the transaction value message is separate from the success message.
  • the message transmitting unit 204 transmits the validation success message to the issuer system 306. In addition, in one embodiment, the message transmitting unit 204 transmits the transaction value message.
  • the issuer system 306 upon receiving the validation success message, successfully processes and completes the transaction. In examples, the banking transaction at ATM, purchase transaction at POS system, e-commerce purchase on web-based application or mobile-based application, and banking transaction on web -based application or mobile-based application are successfully completed.
  • the completion of the transaction is further based on transaction value.
  • the issuer system 306 completes the transaction based on the transaction value message received from the server 200. In an example, if the transaction value message indicates that the value of the transaction is below the specified cash limit value/credit limit value, the transaction is completed. In an example, if the transaction value message indicates that the value of the transaction is above the specified cash limit value/credit limit value, the transaction is not completed. In another embodiment, the issuer system 306 completes the transaction based on the cash limit value/credit limit value specified by the user 303.
  • the issuer system 306 Upon completing the transaction, the issuer system 306 transmits a transaction successful message POT system 308. Upon receiving the transaction successful message, the POT system 308 may generate a paper bill having transaction information and payment information.
  • the issuer system 306 transmits a transaction successful message to the user 303 in a manner as known in the art.
  • the issuer system 306 transmits the transaction successful message to the mobile device 305.
  • the mobile device 305 is associated with the card.
  • the issuer system 306 transmits the transaction successful message to the computing device 301.
  • the issuer system 306 transmits the transaction successful message to a mobile device associated with the card. In such example, the mobile device is different from the mobile device 305.
  • the steps 601 and 602 are as steps 501 and 502 as described in reference to Figure 5 above.
  • the analysis unit 203 determines a currently active authentication mode associated with the card from the database. Based on the currently active authentication mode, the analysis unit 203 performs the validation of the card. As such, upon determining the current active authentication mode is alternate location based authentication mode, the analysis unit 203 retrieves the one or more user-defined locations specified for the card from the database. The analysis unit 203 then matches the location information in the validation request against the one or more user-defined locations. Upon determining the location information is different from the one or more user-defined locations, the message generating unit 205 generates a failure message indicative of the negative validation. In addition to the failure message, the message generating unit 205 generates an alert message for the user 303. The alert message indicates details about the transaction and details about location mismatch in respect of the transaction.
  • the analysis unit 203 blocks further transactions using the card. Accordingly, the message generating unit 205 generates a blocked message. At step 604, the message transmitting unit 204 transmits the failure message to the issuer system 306.
  • the message transmitting unit 204 transmits the alert message to the user 303. In an example, the message transmitting unit 204 transmits the alert message to the mobile device 305. In an example, the transmitting unit 204 transmits the alert message to the computing device 301.
  • the message transmitting unit 204 transmits the blocked message to the user 303 after the predetermined number of unsuccessful transactions.
  • the issuer system 306 prevents the processing of the transaction.
  • the banking transaction at ATM In examples, the banking transaction at ATM, purchase transaction at POS system, e-commerce purchase on web-based application or mobile-based application, and banking transaction on web-based application or mobile-based application are prevented from completion.
  • the issuer system 306 transmits a transaction unsuccessful message to the POT system 308.
  • the POT system 308 may display an appropriate message on a display unit (not shown in the figure) of the POT system 308.
  • the issuer system 306 upon receiving the failure message for a predetermined number of successive transactions initiated by using the card, the issuer system 306 blocks further transactions using the card in a manner as known in the art. Accordingly, the issuer system 306 transmits a blocked message to the user 303 in a manner as known in the art. In an example, the issuer system 306 transmits the blocked message to the mobile device 305. In such example, the mobile device 305 is associated with the card. In an example, the issuer system 306transmits the blocked message to the computing device 301. In one another example, the issuer system 306 transmits the blocked message to a mobile device associated with the card. In such example, the mobile device is different from the mobile device 305.
  • the issuer system 306 transmits a transaction unsuccessful message to the user 303 in a manner as known in the art.
  • the issuer system 306 transmits the transaction unsuccessful message to the mobile device 305.
  • the mobile device 305 is associated with the card.
  • the issuer system 306 transmits the transaction unsuccessful message to the computing device 301.
  • the issuer system 306 transmits the transaction unsuccessful message to a mobile device associated with the card. In such example, the mobile device is different from the mobile device 305.
  • Figure 7 illustrates the operations performed by the server 200 to switch to the previously active authentication mode.
  • the user 303 sends a request to the server 200 to switch the currently active alternate location based authentication mode of one or more associated cards 307.
  • the user 303 sends the request as described in step 401 earlier.
  • the receiving unit 201 receives the request.
  • the processor 202 determines the currently active alternate location based authentication mode, represented as 2 in the figure, from the mapping in the database 207.
  • the processor 202 disables the currently active location based authentication mode.
  • the processor 202 then enables the previously active location based authentication mode, represented as 1 in the figure.
  • the processor 202 then updates the database accordingly.
  • the processor 202 performs a further validation.
  • the message generating unit 205 generates a challenge message for the user 303.
  • the message transmitting unit 204 then transmits the challenge message to the user 303.
  • the receiving unit 201 receives a response message from the user 303 in response to the challenge message.
  • the processor 202 validates the received response message by matching the received response message with the stored response message. Based on the matching, the message generating unit 205 generates an appropriate message for the user 303. If a positive match is obtained, the message generating unit 205 generates a success message indicative of the positive match. In an example, the success message indicates successful switching. If a match is not obtained, the message generating unit 205 generates a failure message. In an example, the failure message indicates unsuccessful switching. The failure message further indicates the user 303 to resend the request for switching. Further, the processor 202 switches the authentication mode to the previously active alternate location based authentication mode.
  • the message transmitting unit 204 transmits the message to the device which sent the response message.

Abstract

The invention relates to method and system for enhancing security of card based financial transaction. In one embodiment, a method 100 comprises: receiving 101, in respect of an account, a request for switching a currently active location based authentication mode, the account being associated with one or more cards issued to a user of the account by one or more issuers; disabling 102 the currently active location based authentication mode for said one or more cards; and enabling 103 an alternative location based authentication mode for said one or more cards, said alternative location based authentication mode being based on one or more user-defined locations.

Description

METHOD AND SYSTEM FOR ENHANCING SECURITY OF CARD BASED
FINANCIAL TRANSACTION
DESCRIPTION
TECHNICAL FIELD The invention generally relates to financial transaction authentication. More particularly, the invention relates to enhancing security of card based financial transaction.
BACKGROUND
With advent of technology, card based financial transactions such as purchase transactions and banking transactions have gained popularity. Examples of the cards include a credit card, a debit card, an automated teller machine (ATM) card, a fleet card, stored- value card, prepaid card, and a gift card. These cards generally include a magnetic strip, which stores the details of the card. In addition, each of the cards has a Card Verification Value (CVV) number and a card identification number.
To secure the cards from misuse, various security techniques are used. In one technique, transaction using the card is completed only upon positive authentication of PIN associated with the card. In another technique, transaction using the card is completed only upon positive authentication of the CVV number present on the card. In one another technique, a one-time password (OTP) is sent to a user of the card and transaction is completed upon receiving the same OTP from the user. In yet another technique, two-step verification based on a combination of above-mentioned techniques is used.
However, data such as PIN and CVV can be easily stolen by using hidden camera near transaction locations, malicious software in a device processing card information for transaction, and placing paper on a device accepting the card for transaction. In addition, the magnetic strip can be copied using a malicious hardware/software component in the device accepting the card. Further, the card can be cloned during transactions and unauthorized transactions can be done using the cloned card and the stolen data. In such situations, the above-mentioned techniques are unable to prevent the unauthorized transactions. Generally, such unauthorized transactions are identified after the unauthorized transactions are processed completely and successfully. Consequently, a user of the card is left with very few options such as blocking or hot-listing the card and destroying the card. However, both the options permanently block the cards from usage and require the user to opt for a new card that is a time consuming and lengthy process.
Further, in one another security technique, the transaction using the card is processed based on a comparison between a location of the transaction and a location of a mobile device associated with the card. If the location of the transaction is same as the location of the mobile device, the transaction is processed and completed. If, on the other hand, the location of the transaction is different from the location of the mobile device, the transaction is prevented from completion. However, such technique fails in situations when the mobile device is lost or when the mobile device is switched off or malfunctions or when the mobile device is out of coverage area. In addition, the technique fails in situations when location of the mobile device is not detectable.
Thus, there exists a need to provide a better technique for preventing unauthorized transactions of cards.
SUMMARY OF THE INVENTION In accordance with the purposes of the invention, the present invention as embodied and broadly described herein, provides for enhancing security of card based financial transaction.
Accordingly, in one embodiment, a user creates an account with a server and associates one or more cards issued to the user by one or more issuers. A location based authentication mode is activated for the associated cards. The location based authentication mode authenticates the associated card based on location information of a mobile device associated with the associated card.
To enhance the security of the card, the user sends a request to the server for switching the authentication mode of the one or more associated cards. The user also sends one or more user-defined locations to the server. Upon receiving the request, the server disables the currently active location based authentication mode for the one or more associated cards. Thereafter, the server enables an alternative location based authentication mode for the one or more associated cards. The alternative location based authentication mode authenticates the associated card based on the one or more user-defined locations. Thus, the server authenticates the associated card when a location of a transaction using the associated card is amongst the one or more user-defined locations. The advantages of the invention include, but not limited to, enhanced security of the associated card by enabling the user to switch the authentication mode for the associated card as and when desired. Further, upon switching, the associated card is authenticated based on user-defined locations and not based on the location of the mobile device of the user. This reduces dependency of carrying the mobile device and keeping the mobile device in working state. In addition, the user can specify multiple user-defined locations and change the user-defined locations as required. Thus, ensuring processing of only authorized transactions using the associated card at the specified user-defined locations.
Further, the server saves the user-defined locations in a database and uses the data for authentication of the card during the transaction. Thus, the user does not provide the user-defined locations to a device processing the card for the transaction, thereby eliminating the chances of stealing such data from the device. This further improves the security of the card as even if data such as PIN and CVV are stolen from the device, the transaction is not processed unless the location of the transaction matches with the user- defined locations.
Furthermore, the use of the card is restricted to the one or more user-defined locations. As such, the card is temporarily blocked at locations other than the user-defined locations. Thus, the security of the card is greatly improved as unauthorized transactions are greatly reduced. In addition, as the user can specify any number of user-defined locations, an easy solution is provided to the user as opposed to blocking or hot-listing the card and destroying the card in case the card is lost or data is stolen.
Furthermore, multiple cards can be associated with same mobile device and different locations can be defined for each of the multiple cards. Therefore, a comprehensive security is provided to each of the multiple cards when the cards are used at different location since the authentication of the card is performed based on the user-defined locations and not on the location of the mobile device.
These and other aspects as well as advantages will be more clearly understood from the following detailed description taken in conjunction with the accompanying drawings and claims. BRIEF DESCRIPTION OF THE ACCOMPANYING DRAWINGS:
To further clarify advantages and aspects of the invention, a more particular description of the invention will be rendered by reference to specific embodiments thereof, which is illustrated in the appended drawings. It is appreciated that these drawings depict only typical embodiments of the invention and are therefore not to be considered limiting of its scope. The invention will be described and explained with additional specificity and detail with the accompanying drawings, which are listed below for quick reference.
Figures la and lb illustrate an exemplary method for enhancing security of card based financial transaction, in accordance with an embodiment of present invention. Figure 2 illustrates an exemplary server for enhancing security of card based financial transaction, in accordance with an embodiment of present invention.
Figure 3 illustrates an exemplary network environment that implements the server for enhancement of security of card based financial transaction, in accordance with an embodiment of present invention. Figures 4-7 schematically illustrate various operations of the server for enhancement of security of card based financial transaction, in accordance with an embodiment of present invention.
It may be noted that to the extent possible, like reference numerals have been used to represent like elements in the drawings. Further, those of ordinary skill in the art will appreciate that elements in the drawings are illustrated for simplicity and may not have been necessarily drawn to scale. For example, the dimensions of some of the elements in the drawings may be exaggerated relative to other elements to help to improve understanding of aspects of the invention. Furthermore, the one or more elements may have been represented in the drawings by conventional symbols, and the drawings may show only those specific details that are pertinent to understanding the embodiments of the invention so as not to obscure the drawings with details that will be readily apparent to those of ordinary skill in the art having benefit of the description herein. DETAILED DESCRIPTION
It should be understood at the outset that although illustrative implementations of the embodiments of the present disclosure are illustrated below, the present invention may be implemented using any number of techniques, whether currently known or in existence. The present disclosure should in no way be limited to the illustrative implementations, drawings, and techniques illustrated below, including the exemplary design and implementation illustrated and described herein, but may be modified within the scope of the appended claims along with their full scope of equivalents.
The term "some" as used herein is defined as "none, or one, or more than one, or all." Accordingly, the terms "none," "one," "more than one," "more than one, but not all" or "all" would all fall under the definition of "some." The term "some embodiments" may refer to no embodiments or to one embodiment or to several embodiments or to all embodiments. Accordingly, the term "some embodiments" is defined as meaning "no embodiment, or one embodiment, or more than one embodiment, or all embodiments." The terminology and structure employed herein is for describing, teaching and illuminating some embodiments and their specific features and elements and does not limit, restrict or reduce the spirit and scope of the claims or their equivalents.
More specifically, any terms used herein such as but not limited to "includes," "comprises," "has," "consists," and grammatical variants thereof do NOT specify an exact limitation or restriction and certainly do NOT exclude the possible addition of one or more features or elements, unless otherwise stated, and furthermore must NOT be taken to exclude the possible removal of one or more of the listed features and elements, unless otherwise stated with the limiting language "MUST comprise" or "NEEDS TO include."
Whether or not a certain feature or element was limited to being used only once, either way it may still be referred to as "one or more features" or "one or more elements" or "at least one feature" or "at least one element." Furthermore, the use of the terms "one or more" or "at least one" feature or element do NOT preclude there being none of that feature or element, unless otherwise specified by limiting language such as "there NEEDS to be one or more . . . " or "one or more element is REQUIRED." Unless otherwise defined, all terms, and especially any technical and/or scientific terms, used herein may be taken to have the same meaning as commonly understood by one having an ordinary skill in the art.
Reference is made herein to some "embodiments." It should be understood that an embodiment is an example of a possible implementation of any features and/or elements presented in the attached claims. Some embodiments have been described for the purpose of illuminating one or more of the potential ways in which the specific features and/or elements of the attached claims fulfil the requirements of uniqueness, utility and non- obviousness. Use of the phrases and/or terms such as but not limited to "a first embodiment," "a further embodiment," "an alternate embodiment," "one embodiment," "an embodiment," "multiple embodiments," "some embodiments," "other embodiments," "further embodiment", "furthermore embodiment", "additional embodiment" or variants thereof do NOT necessarily refer to the same embodiments. Unless otherwise specified, one or more particular features and/or elements described in connection with one or more embodiments may be found in one embodiment, or may be found in more than one embodiment, or may be found in all embodiments, or may be found in no embodiments. Although one or more features and/or elements may be described herein in the context of only a single embodiment, or alternatively in the context of more than one embodiment, or further alternatively in the context of all embodiments, the features and/or elements may instead be provided separately or in any appropriate combination or not at all. Conversely, any features and/or elements described in the context of separate embodiments may alternatively be realized as existing together in the context of a single embodiment.
Any particular and all details set forth herein are used in the context of some embodiments and therefore should NOT be necessarily taken as limiting factors to the attached claims. The attached claims and their legal equivalents can be realized in the context of embodiments other than the ones used as illustrative examples in the description below.
Figures la and lb illustrate an exemplary method 100 for enabling location-based authentication, in accordance with an embodiment of present invention. In said embodiment, the method 100 comprises: receiving 101, in respect of an account, a request for switching a currently active location based authentication mode, the account being associated with one or more cards issued to a user of the account by one or more issuers; disabling 102 the currently active location based authentication mode for said one or more cards; and enabling 103 an alternative location based authentication mode for said one or more cards, said alternative location based authentication mode being based on one or more user-defined locations.
In a further embodiment, the method 100 further comprises: determining 104 a location information in respect of a transaction initiated using a card, the card being one of said one or more cards; and transmitting 105 an alert message to a mobile device of the user in case the location information is different from said one or more user-defined locations. In a further embodiment, the said one or more cards is one of: a credit card, a debit card, an automated teller machine (ATM) card, a fleet card, stored-value card, prepaid card, and a gift card.
In a further embodiment, the request is received via one of: a web based application, a mobile based application, a short message server (SMS) message, a short code, and interactive voice response (IVR).
In a further embodiment, the currently active location based authentication mode is based on a location information of a mobile device associated with said one or more cards.
Figure 2 illustrates an exemplary server 200 for enhancing security of card based financial transaction, in accordance with an embodiment of present invention. As would be understood, the server 200 is capable of implementing the methods as described with reference to preceding Figures la and lb.
In said embodiment, the server 200 comprises: a receiving unit 201 to receive, in respect of an account, a request for switching a currently active location based authentication mode, the account being associated with one or more cards issued to a user of the account by one or more issuers; and a processor 202 coupled to the receiving unit 201 to: disable the currently active location based authentication mode for said one or more cards; and enable an alternative location based authentication mode for said one or more cards, said alternative location based authentication mode being based on one or more user-defined locations. In a further embodiment, the server 200 further comprises an analysis unit 203 to determine a location information in respect of a transaction initiated using a card, the card being one of said one or more cards; and a message transmitting unit 204 to transmit an alert message to a mobile device of the user in case the location information is different from said one or more user-defined locations.
In a further embodiment, the request is received via one of: a web based application, a mobile based application, a short message server (SMS) message, a short code, and interactive voice response (IVR).
In a further embodiment, the currently active location based authentication mode is based on a location information of a mobile device associated with said one or more cards.
It would be understood, that the processor 202 software components to perform the functions. Further, the analysis unit 203 may be implemented using hardware components or software components or combination of both. In an embodiment, the processor 202 and the analysis unit 203 may form a single module. In addition, the receiving unit 201 is adapted to receive one or more inputs from the user.
The server 200 further includes a message generating unit 205 to generate the message being transferred by the message transmitting unit 204. Additionally, the server 200 includes a memory 206 for storing the outputs of each of the previously mentioned units. Further, it would be understood that in one embodiment the above-mentioned functions of the processor 202, the analysis unit 203, the message generating unit 205, and the message transmitting unit 204 can be performed by a single unit.
Furthermore, the server 200 is coupled with a database 207 for storing data. In an example, the database 207 is external to the server 200, as shown in the figure. In another example, the database 207 is integrated with the server 200. Although specific hardware components have been depicted in reference to the server 200, it is to be understood that the server 200 and the various components may include other hardware components and/or software components as known in the art for performing necessary functions. Figure 3 illustrates an exemplary network environment 300 that facilitates the server 200 to enhance the security of the cards and Figures 4-7 illustrates the various operations of the server 200 thereof, in accordance with an embodiment of present invention.
Referring to Figure 3, the network environment 300 includes one or more computing devices 301-1, 301-2,..301-N, (hereinafter referred to as computing device 301 indicating one computing device and computing devices 301 indicating a plurality of computing devices). Examples of commuting device 301 include the desktop, notebook, tablet, smart phone, and laptop. The server 200 is coupled to the computing devices 301 over a network 302. Examples of the network 302 include wireless network, wired network, and cloud based network.
Further, the server 200 provides various services to users for managing their financial equipment such as cards. Accordingly, a user 303 accesses the server 200 through the computing device 301 over the network 302 and creates an account 304. The creation of an account is similar to methods known in the art. In an example, the user 303 accesses a web-based application or a mobile-based application on the computing device 301 and creates the account 304. In addition, the account 304 is associated with one or more mobile devices 305 (hereafter referred to as mobile device 305) of the user 303. Thus, the account 304 includes details of the user 303 such as name, address, and mobile subscriber identification number (MSIDN) of the associated mobile device 305. The server 200 stores the details of the account 304 and the associated details of the user 303 in the database 207.
Further, the network environment 300 includes a plurality of issuer systems 306-1, 306-2, ... 306-N, (hereinafter referred to as issuer system 306 indicating one issuer system and issuer systems 306 indicating a plurality of issuer systems) corresponding to plurality of issuers such as banks and merchants. The issuers, among various other services, issues one or more cards to the user 303 for conducting financial transactions such as purchase transactions and banking transactions. Examples of the cards include a credit card, a debit card, an automated teller machine (ATM) card, a fleet card, stored-value card, prepaid card, and a gift card. Examples of the issuer systems 306 include systems employed by banks and merchants. In addition, the user 303 specifies cash limit value and credit limit value for the issued cards. The issuer systems 306 are coupled with the server 200 over the network 302. In an example, the issuer systems 306 are registered with the server 200. Upon issuance of the one or more cards, the user 303 associates the one or more cards 307-1, 307-2, 307-3, ... 307-N (hereinafter referred to as associated card 307 indicating one card and associated cards 307 indicating a plurality of cards) with the account
304 at the server 200 through the computing device 301. It would be understood that the associated cards 307 might be issued by one issuer or by multiple issuers. In an example, the user 303 accesses the account 304 using web-based application or mobile-based application provided by the issuer. The association of the one or more cards includes providing details of the associated card 307 and the corresponding issuer issuing the associated card 307. Thereafter the association is performed as known in the art. Further, the server 200 stores the details of the associated cards 307 in the database
207 such that the account 304 is mapped with each of the associated cards 307. In an example, a flag is set indicative of the association of the card with the account 304. In addition, the server 200 shares association details with the issuer systems 306 of the corresponding issuers. The association details are indicative that the server 200 will perform authentication of the associated cards 307. In the example above, the server 200 shares information regarding the setting of the flag for each of the associated cards 307. The issuer systems 306 save the association details in a database (not shown in the figure). In an example, the issuer system 306 saves a list of associated cards 307 along with the flag details in the database. Thus, upon receiving information of a transaction using the associated card 307, the issuer system 306 sends a validation request to the server 200 based on the association details, as will be described in subsequent Figures and paragraphs.
In addition, in one embodiment, the user 303 specifies cash limit value/credit limit value for one or more of the associated cards 307. As would be understood, the user 303 may also specify cash limit value/credit limit value for the one or more of the associated cards 307 at the corresponding issuer system 306.
Further, the server 200 activates a location based authentication mode for each of the cards 307 for enhancing security of the associated cards 307. In the location based authentication mode, the server 200 authenticates the associated card 307 during initiation of a financial transaction based on a location of a mobile device associated with the associated card 307. In an example, the mobile device is same as the mobile device 305 associated with the account 304. In another example, the mobile device is different from the mobile device
305 associated with the account 304. In one embodiment, the server 200 activates the location based authentication mode by default for each of the associated cards 307. In another embodiment, the server 200 activates the location based authentication mode upon receiving a request from the user 303 for the one or more associated cards 307. In such embodiment, the user 303 selects an option pertaining to the activation the location based authentication mode provided by the web-based application or the mobile-based application on the computing device 301.
Furthermore, the network environment 300 includes a plurality of point of transaction (POT) systems 308-1, 308-2,.. 308-N, (hereinafter referred to as POT system 308 indicating one POT system and POT systems 308 indicating a plurality of POT systems). The POT system 308 enables the user 303 to perform financial transactions using the one or more cards. Examples of the POT system 308 include point of sale (POS) systems, automated teller machines (ATMs), and web-based applications and mobile-based applications where a user engages in a financial transaction such as banking applications and shopping applications. The POT systems 308 are coupled with issuer systems 306 over the network 302. Further, the POT systems 308 may be coupled with other systems (not shown in the figure) such as inventory systems, catalogue systems, customer relationship management (CRM) system, and bill processing systems, as well as third party systems over the network 302.
Figure 4 illustrates the operations performed by the server 200 to enhance a security of the associated cards 307.
Referring to Figures 2, 3 & 4, to enhance the security of the one or more associated cards 307, at step 401 the user 303 sends a request to the server 200. The request pertains to switching the currently active location based authentication mode of the one or more associated cards 307. The user 303 sends the request through one of the following methods: a web-based application, a mobile -based application, a short message server (SMS) message, a short code, and interactive voice response (IVR). In one example, the user 303 sends the request from the computing device 301. In another example, the user 303 sends the request from the mobile device 305.
As such, the request includes an identifier indicative of switching the currently active location based authentication mode. The request further includes details of the account 304 and/ or details of the associated card 307. In one embodiment, the request for switching the authentication mode pertains to one associated card 307. In such embodiment, the user 303 sends separate requests for each of the associated cards 307 as required. Each such request includes details of the account 304 and details of the associated card 307. In another embodiment, the request for switching the authentication mode pertains to all of the associated cards 307. In such embodiment, the user 303 sends one request for switching the authentication mode of the account 304. In an example, such request includes only the details of the account 304.
Further, the user 303 specifies one or more user-defined locations to the server 200. In an example, the user-defined location is a geographical location encompassing a wide area such as a city and a country. In another example, the user-defined location is a geographical location encompassing a small area such as a market area and an exact location of a POT system. In one embodiment, the user 303 specifies the one or more user-defined locations in the request for switching the currently active location based authentication mode. In another embodiment, the user 303 specifies the one or more user-defined locations in subsequent messages in response to messages sent by the server 200. In one another embodiment, the user 303 specifies a user-defined location for the account 304 such that the user-defined location is specified for all the associated cards 307. In yet another embodiment, the user 303 specifies a user-defined location for one or more of the associated cards 307. In such embodiment, the user-defined location can be different for each of the one or more associated cards 307. At step 402, the receiving unit 201 receives the request and the one or more user- defined locations from the computing device 301 or the mobile device 305. Upon reception of such data, the processor 202 determines a currently active authentication mode for the one or more associated cards from the mapping in the database 207. As described earlier in reference to Figure 3, the currently active authentication mode is location based authentication mode using location information of a mobile device. Thereafter, the processor 202 disables the currently active location based authentication mode, represented as 1 in the figure. The processor 202 then enables alternate location based authentication mode, represented as 2 in the figure, based on the one or more user-defined locations. The processor 202 further stores the one or more user-defined locations in the database 207 such that the account 304 and the associated cards 307 are mapped with the one or more user- defined locations. In addition, the processor 202 stores the previously active and currently active authentication modes in the database 207. Prior to the switching, the processor 202 may validate the account 304 based on the details of the account 304 present in the request. In one example, the processor 202 sends a message to the user 303 to provide credentials of the account 304 for validation. In such example, the message generating unit 205 generates an appropriate message and the message transmitting unit 204 transmits the message to the computing device 301 or the mobile device 305. Upon receiving the credentials from the user 303, the processor 202 validates the credentials and performs the switching as described above.
At step 403, upon switching, the processor 202 performs a further validation. As such, the message generating unit 205 generates a challenge message for the user 303, as known in the art. Examples of the challenge message include one-time-password (OTP) and captcha message. In addition, the message generating unit 205 may generate a response message and stores in the memory 206. In an example, the response message is same as the challenge message. The message transmitting unit 204 then transmits the challenge message to the user 303. In one example, the message transmitting unit 204 transmits the challenge message to the computing device 301. In another example, the message transmitting unit 204 transmits the challenge message to the mobile device 305. In one another example, the message transmitting unit 204 transmits the challenge message to the same device sending the request for switching. In yet another example, the message transmitting unit 204 transmits the challenge message to a device different from the device sending the request for switching.
At step 404, the receiving unit 201 receives a response message from the user 303 in response to the challenge message.
At step 405, the processor 202 validates the received response message by matching the received response message with the stored response message. Based on the matching, the message generating unit 205 generates an appropriate message for the user 303. If a positive match is obtained, the message generating unit 205 generates a success message indicative of the positive match. In an example, the success message indicates successful switching. The success message further indicates that alternate location based authentication mode based on the one or more user-defined locations is currently active. If a match is not obtained, the message generating unit 205 generates a failure message. In an example, the failure message indicates unsuccessful switching. The failure message further indicates the user 303 to resend the request for switching. Further, the processor 202 switches the authentication mode to the previously active location based authentication mode.
At step 406, upon validation and generation of the message, the message transmitting unit 204 transmits the message to the device which sent the response message. Further, upon activation of the alternative location based authentication mode, the user 303 may further sends messages to change the user-defined locations. It would be understood, that such messages will not switch the authentication mode. The user-defined locations are further mapped with the account 304 and the associated cards 307 in the database 207, as described in reference to step 402 above. Figures 5 & 6 illustrates the operations performed by the server 200 during a transaction initiated by the associated card 307 after switching the authentication mode.
Referring to Figures 2, 3, & 5, at step 501, the POT system 308 transmits a validation request to the issuer system 306 when a financial transaction is initiated using a card by the user 303. Examples of the transaction include banking transaction at ATM, purchase transaction at POS system, e-commerce purchase on web-based application or mobile-based application, and banking transaction on web-based application or mobile- based application. The validation request includes authentication credentials of the POT system 308, transaction information, card identifier data indicating details about the card, and location information in respect of the transaction. In an example, in case of POS system and ATM, the location information is a geographic location of the POS system and ATM. In another example, in case of the web-based application or mobile-based application, the location information is geographic location of the computing device 301 which access the web-based applications or mobile-based applications. In addition to the validation request, the POT system 308 may also transmit authentication credentials such as PIN and Password associated with the card and known only to the user 303.
At step 502, upon receiving the validation request, the issuer system 306 determines if the card is one of the associated cards 307. In an example, the issuer system 306 retrieves the list of associated cards 307 along with flag details from the database and determines if the card is one of the associated cards 307 based on the flag details. If the flag is set, the card is determined as the associated card 307 for which the server 200 performs the authentication. Thereafter, the issuer system 306 forwards the validation request to the server 200.
On the other hand, if the flag is not set, the card is determined as not being one of the associated cards 307. Consequently, the issuer system 306 will not send the validation request to the server 200. Thereafter, the issuer system 306 performs validation of the card in a manner as known in the art. In an example, the issuer system 306 validates the authentication credentials received along with the validation request.
At step 503, upon receiving the validation request, the analysis unit 203 determines a currently active authentication mode associated with the card from the database. Based on the currently active authentication mode, the analysis unit 203 performs the validation of the card. Accordingly, upon determining the current active authentication mode is alternate location based authentication mode, the analysis unit 203 retrieves the one or more user- defined locations specified for the card from the database. The analysis unit 203 then matches the location information in the validation request against the one or more user- defined locations. Upon determining the location information is amongst the one or more user-defined locations, the message generating unit 205 generates a validation success message indicative of the positive validation.
In addition, in one embodiment, the analysis unit 203 also compares a value of the transaction with the cash limit value/credit limit value specified by the user 303 in the account 304. Based on the comparison, the message generating unit 205 generates a transaction value message. In an example, the transaction value message indicates, the value of the transaction is above the specified cash limit value/credit limit value. In another example, the transaction value message indicates the value of the transaction is below the specified cash limit value/credit limit value. In one another example, the transaction value message is included in the success message. In one another example, the transaction value message is separate from the success message.
At step 504, the message transmitting unit 204 transmits the validation success message to the issuer system 306. In addition, in one embodiment, the message transmitting unit 204 transmits the transaction value message. At step 505, upon receiving the validation success message, the issuer system 306 successfully processes and completes the transaction. In examples, the banking transaction at ATM, purchase transaction at POS system, e-commerce purchase on web-based application or mobile-based application, and banking transaction on web -based application or mobile-based application are successfully completed.
However, the completion of the transaction is further based on transaction value. In one embodiment, the issuer system 306 completes the transaction based on the transaction value message received from the server 200. In an example, if the transaction value message indicates that the value of the transaction is below the specified cash limit value/credit limit value, the transaction is completed. In an example, if the transaction value message indicates that the value of the transaction is above the specified cash limit value/credit limit value, the transaction is not completed. In another embodiment, the issuer system 306 completes the transaction based on the cash limit value/credit limit value specified by the user 303.
Upon completing the transaction, the issuer system 306 transmits a transaction successful message POT system 308. Upon receiving the transaction successful message, the POT system 308 may generate a paper bill having transaction information and payment information.
At step 506, the issuer system 306 transmits a transaction successful message to the user 303 in a manner as known in the art. In an example, the issuer system 306 transmits the transaction successful message to the mobile device 305. In such example, the mobile device 305 is associated with the card. In another example, the issuer system 306 transmits the transaction successful message to the computing device 301. In one another example, the issuer system 306 transmits the transaction successful message to a mobile device associated with the card. In such example, the mobile device is different from the mobile device 305.
Referring to Figures 2, 3, & 6, the steps 601 and 602 are as steps 501 and 502 as described in reference to Figure 5 above. At step 603, upon receiving the validation request, the analysis unit 203 determines a currently active authentication mode associated with the card from the database. Based on the currently active authentication mode, the analysis unit 203 performs the validation of the card. As such, upon determining the current active authentication mode is alternate location based authentication mode, the analysis unit 203 retrieves the one or more user-defined locations specified for the card from the database. The analysis unit 203 then matches the location information in the validation request against the one or more user-defined locations. Upon determining the location information is different from the one or more user-defined locations, the message generating unit 205 generates a failure message indicative of the negative validation. In addition to the failure message, the message generating unit 205 generates an alert message for the user 303. The alert message indicates details about the transaction and details about location mismatch in respect of the transaction.
Further, in one embodiment, upon determining negative validation for the card in predetermined number of successive transactions, the analysis unit 203 blocks further transactions using the card. Accordingly, the message generating unit 205 generates a blocked message. At step 604, the message transmitting unit 204 transmits the failure message to the issuer system 306.
At step 605, the message transmitting unit 204 transmits the alert message to the user 303. In an example, the message transmitting unit 204 transmits the alert message to the mobile device 305. In an example, the transmitting unit 204 transmits the alert message to the computing device 301.
Further, the message transmitting unit 204 transmits the blocked message to the user 303 after the predetermined number of unsuccessful transactions.
At step 606, upon receiving the failure message, the issuer system 306 prevents the processing of the transaction. In examples, the banking transaction at ATM, purchase transaction at POS system, e-commerce purchase on web-based application or mobile-based application, and banking transaction on web-based application or mobile-based application are prevented from completion. Upon preventing the transaction, the issuer system 306 transmits a transaction unsuccessful message to the POT system 308. Upon receiving the transaction unsuccessful message, the POT system 308 may display an appropriate message on a display unit (not shown in the figure) of the POT system 308.
Further, in one embodiment, upon receiving the failure message for a predetermined number of successive transactions initiated by using the card, the issuer system 306 blocks further transactions using the card in a manner as known in the art. Accordingly, the issuer system 306 transmits a blocked message to the user 303 in a manner as known in the art. In an example, the issuer system 306 transmits the blocked message to the mobile device 305. In such example, the mobile device 305 is associated with the card. In an example, the issuer system 306transmits the blocked message to the computing device 301. In one another example, the issuer system 306 transmits the blocked message to a mobile device associated with the card. In such example, the mobile device is different from the mobile device 305.
At step 607, the issuer system 306 transmits a transaction unsuccessful message to the user 303 in a manner as known in the art. In an example, the issuer system 306 transmits the transaction unsuccessful message to the mobile device 305. In such example, the mobile device 305 is associated with the card. In an example, the issuer system 306 transmits the transaction unsuccessful message to the computing device 301. In one another example, the issuer system 306 transmits the transaction unsuccessful message to a mobile device associated with the card. In such example, the mobile device is different from the mobile device 305.
Figure 7 illustrates the operations performed by the server 200 to switch to the previously active authentication mode.
Referring to Figures 2, 3, 4, & 7, at step 701, the user 303 sends a request to the server 200 to switch the currently active alternate location based authentication mode of one or more associated cards 307. The user 303 sends the request as described in step 401 earlier.
At step 702, the receiving unit 201 receives the request. As described in reference to step 402, upon receiving, the processor 202 determines the currently active alternate location based authentication mode, represented as 2 in the figure, from the mapping in the database 207. Upon determining the currently active alternate location based authentication mode, the processor 202 disables the currently active location based authentication mode. The processor 202 then enables the previously active location based authentication mode, represented as 1 in the figure. The processor 202 then updates the database accordingly. At step 703, as described in step 403, upon switching, the processor 202 performs a further validation. As such, the message generating unit 205 generates a challenge message for the user 303. The message transmitting unit 204 then transmits the challenge message to the user 303.
At step 704, as described in step 404, the receiving unit 201 receives a response message from the user 303 in response to the challenge message. At step 705, as described in step 405, the processor 202 validates the received response message by matching the received response message with the stored response message. Based on the matching, the message generating unit 205 generates an appropriate message for the user 303. If a positive match is obtained, the message generating unit 205 generates a success message indicative of the positive match. In an example, the success message indicates successful switching. If a match is not obtained, the message generating unit 205 generates a failure message. In an example, the failure message indicates unsuccessful switching. The failure message further indicates the user 303 to resend the request for switching. Further, the processor 202 switches the authentication mode to the previously active alternate location based authentication mode.
At step 706, as described in step 406, upon validation and generation of the message, the message transmitting unit 204 transmits the message to the device which sent the response message.
It would be understood, that upon switching the authentication mode to the location based authentication mode using location information of the mobile device associated with card, the authentication of the card is performed using location of the mobile device, instead of the user-defined locations in a manner as described in reference to Figures 5 and 6.
Although, the above steps have been written from the perspective of a single user, it would be understood that multiple users can follow the same steps for enhancing the security of card based financial transactions.
While certain present preferred embodiments of the invention have been illustrated and described herein, it is to be understood that the invention is not limited thereto. Clearly, the invention may be otherwise variously embodied, and practiced within the scope of the following claims.

Claims

WE CLAIM:
1. A method comprising:
receiving, in respect of an account, a request for switching a currently active location based authentication mode, the account being associated with one or more cards issued to a user of the account by one or more issuers;
disabling the currently active location based authentication mode for said one or more cards; and
enabling an alternative location based authentication mode for said one or more cards, said alternative location based authentication mode being based on one or more user-defined locations.
2. The method as claimed in claim 1, wherein said one or more cards is one of: a credit card, a debit card, an automated teller machine (ATM) card, a fleet card, stored- value card, prepaid card, and a gift card.
3. The method as claimed in claim 1, wherein the request is received via one of: a web based application, a mobile based application, a short message server (SMS) message, a short code, and interactive voice response (IVR).
4. The method as claimed in claim 1, wherein the currently active location based authentication mode is based on a location information of a mobile device associated with said one or more cards.
5. The method as claimed in claim 1 further comprises:
determining a location information in respect of a transaction initiated using a card, the card being one of said one or more cards; and
transmitting an alert message to a mobile device of the user in case the location information is different from said one or more user-defined locations.
6. A server comprising:
a receiving unit to receive, in respect of an account, a request for switching a currently active location based authentication mode, the account being associated with one or more cards issued to a user of the account by one or more issuers; and
a processor coupled to the receiving unit to:
disable the currently active location based authentication mode for said one or more cards; and
enable an alternative location based authentication mode for said one or more cards, said alternative location based authentication mode being based on one or more user-defined locations.
The server as claimed in claim 6, wherein the request is received via one of: a web based application, a mobile based application, a short message server (SMS) message, a short code, and interactive voice response (IVR).
The server as claimed in claim 6, wherein the currently active location based authentication mode is based on a location information of a mobile device associated with said one or more cards.
The server as claimed in claim 6 further comprises:
an analysis unit to determine a location information in respect of a transaction initiated using a card, the card being one of said one or more cards; and a message transmitting unit coupled to the analysis unit to transmit an alert message to a mobile device of the user in case the location information is different from said one or more user-defined locations.
PCT/IB2016/054035 2015-07-10 2016-07-06 Method and system for enhancing security of card based financial transaction WO2017009743A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN2096/DEL/2015 2015-07-10
IN2096DE2015 IN2015DE02096A (en) 2015-07-10 2016-07-06

Publications (1)

Publication Number Publication Date
WO2017009743A1 true WO2017009743A1 (en) 2017-01-19

Family

ID=54396386

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2016/054035 WO2017009743A1 (en) 2015-07-10 2016-07-06 Method and system for enhancing security of card based financial transaction

Country Status (2)

Country Link
IN (1) IN2015DE02096A (en)
WO (1) WO2017009743A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006085231A1 (en) * 2005-02-10 2006-08-17 Koninklijke Philips Electronics N.V. Improved security device
US20090119754A1 (en) * 2006-02-03 2009-05-07 Mideye Ab System, an Arrangement and a Method for End User Authentication
US20110086616A1 (en) * 2008-12-03 2011-04-14 Entersect Technologies (Pty) Ltd Secure Transaction Authentication
US20110202466A1 (en) * 2008-10-17 2011-08-18 Carter Robert A Multifactor Authentication
WO2013041647A1 (en) * 2011-09-21 2013-03-28 Fexco Merchant Services Systems and methods for making a payment using a wireless device
US20150038120A1 (en) * 2012-03-15 2015-02-05 Moqom Limited Mobile phone takeover protection system and method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006085231A1 (en) * 2005-02-10 2006-08-17 Koninklijke Philips Electronics N.V. Improved security device
US20090119754A1 (en) * 2006-02-03 2009-05-07 Mideye Ab System, an Arrangement and a Method for End User Authentication
US20110202466A1 (en) * 2008-10-17 2011-08-18 Carter Robert A Multifactor Authentication
US20110086616A1 (en) * 2008-12-03 2011-04-14 Entersect Technologies (Pty) Ltd Secure Transaction Authentication
WO2013041647A1 (en) * 2011-09-21 2013-03-28 Fexco Merchant Services Systems and methods for making a payment using a wireless device
US20150038120A1 (en) * 2012-03-15 2015-02-05 Moqom Limited Mobile phone takeover protection system and method

Also Published As

Publication number Publication date
IN2015DE02096A (en) 2015-07-31

Similar Documents

Publication Publication Date Title
US10776101B2 (en) Systems and methods for updatable applets
US11010747B2 (en) Processing a transaction using multiple application identifiers
US9864987B2 (en) Account provisioning authentication
US10433128B2 (en) Methods and systems for provisioning multiple devices
US20160217461A1 (en) Transaction utilizing anonymized user data
US20160117673A1 (en) System and method for secured transactions using mobile devices
US20140046850A1 (en) Transaction payment method and system
EP3438812A1 (en) System and method for providing secure data communication permissions to trusted applications on a portable communication device
US20090112765A1 (en) System and method for validation of transactions
US20230196377A1 (en) Digital Access Code
US11140156B2 (en) Systems and methods for use in binding internet of things devices with identities associated with users
WO2015118176A1 (en) Management of indentities in a transaction infrastructure
WO2017033118A1 (en) Method and system for enhancing security of contactless card
WO2017118923A1 (en) Methods and devices for authentication of an electronic payment card using electronic tokens
US10049362B2 (en) Systems and methods of voice authentication in transactions
US20150007300A1 (en) Method, apparatus, and system for using ic card as authentication medium
KR101547304B1 (en) Apparatus for security authentication using smart OTP
WO2016138743A1 (en) Secure payment method, mobile terminal, and payment authentication server
CN111314343A (en) Account management method and device and readable storage medium
US11763292B2 (en) Dynamic security code for a card transaction
CN105635103A (en) Network authentication method using card device
US20220207526A1 (en) Secure contactless credential exchange
US10318951B2 (en) Transaction management
WO2017009743A1 (en) Method and system for enhancing security of card based financial transaction
US11244297B1 (en) Systems and methods for near-field communication token activation

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16747622

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16747622

Country of ref document: EP

Kind code of ref document: A1