AU2002100568A4 - Secondary security measure for transaction cards - Google Patents
Secondary security measure for transaction cards Download PDFInfo
- Publication number
- AU2002100568A4 AU2002100568A4 AU2002100568A AU2002100568A AU2002100568A4 AU 2002100568 A4 AU2002100568 A4 AU 2002100568A4 AU 2002100568 A AU2002100568 A AU 2002100568A AU 2002100568 A AU2002100568 A AU 2002100568A AU 2002100568 A4 AU2002100568 A4 AU 2002100568A4
- Authority
- AU
- Australia
- Prior art keywords
- transaction
- card
- security code
- cardholder
- signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Description
AUSTRALIA
Patents Act 1990 COMPLETE SPECIFICATION INNOVATION PATENT Secondary Security Measure for Transaction Cards BACKGROUND OF THE INVENTION 1. Field of the Invention The following invention relates to transaction cards such as credit cards, debit cards, ATM (Automatic Teller Machine) cards and other cards that might be used over the counter and/or with machines or other devices such as card readers to transact funds.
2. State of the Art Transaction cards require entry of a PIN (Personal Identification Number), or other security code as a security measure to initiate a transaction at ATMs or when making a purchase where one slides his or her own card through a card reader associated with a key pad such as in supermarkets or other stores, for example. Such a PIN or other security code might be termed a "primary PIN" or "primary security code".
Where a credit card is used to purchase goods for example, only a signature is required for verification. A PIN or other security code is not required for this type of transaction. Therefore any person capable of forging a signature appearing on a stolen card can use the card to make a purchase.
It is the object of the present invention to provide a transaction system and method to overcome or substantially ameliorate at least one of the above disadvantages and/or more generally to provide additional security for transaction cards.
SUMMARY OF THE INVENTION In one form of the invention, there is disclosed a transaction authorisation method using a transaction card encoded to identify an account or accounts with which the transaction card is associated, the card having a specimen signature thereon, the method including the step of requiring verification of both the cardholder's signature against the specimen signature and entry of a security code by the cardholder to authorise the transaction.
Preferably, the security code is a personal identification number associated with the account.
In one preferred form of the invention, the security code is a secondary security code derived from the cardholder's mother or father.
In a further form of the invention, there is provided a transaction authorisation method using a transaction card encoded to identify an account or accounts with which the transaction card is associated, including the step of requiring entry of both primary security code and a secondary security code said secondary security code being derived from the date of birth of a cardholder's mother or father.
Typically, only the day and month of the date of birth of the cardholder's mother or father need be entered.
The cardholder's mother or father's date of birth data might be held in a database, having been placed there upon opening of the account with which the card is associated. Other information held in the database might include the cardholder's mother's maiden name for example.
The primary security code is required when a transaction is being made with a machine such as an ATM or supermarket or other store card reader. When making a transaction with a credit card over the counter the primary security measure might instead use a signature verification. In such transactions, the secondary security code is required to complete a transaction.
There is further disclosed herein a transaction system using a transaction card encoded to identify an account or accounts with which the transaction card is associated, the card having a signature thereon and the system incorporating secondary encoding derived from the date of birth of the cardholder, the system requiring signature verification and verification of the secondary encoding to complete a transaction.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Known transaction cards are encoded with a magnetic strip to identify the account or accounts with which the card is associated. Information is held in a computer database and usually includes a PIN code. Entry of this code is required to commence a transaction when using the card at an ATM or when using "EFTPOS" (Electronic Funds Transfer Point of Sale) facilities at supermarkets or other stores for example. If the card is stolen and the PIN is known by thethief, the card can readily be used.
However, where a transaction at an EFTPOS terminal is entered as a credit transaction, the EFTPOS terminal checks the transaction amount against the available balance and, if approved, an authorisation slip is printed for signature by the cardholder and verification against the specimen signature on the card before the transaction is completed.
In one preferred form of the invention, it is proposed to strengthen security of the credit card transactions by requiring both signature verification and entry of the PIN code for authorisation of a credit transaction at an EFTPOS terminal. Thus, it is proposed that the EFTPOS card reader will require correct entry of the PIN for the credit or other transaction card before printing the authorisation slip for signature. If the signature is then verified, the transaction is then completed. Alternatively, the system may print the authorisation slip for signature and verification, and after signature verification, require entry of a PIN to complete the transaction.
In this way, additional protection is provided against transaction fraud. The system may be implemented using the existing, widely distributed EFTPOS system hardware at retailers and financial institutions, requiring only software reprogramming and implementation of altered transaction procedures to achieve the benefits of the invention.
Preferably, the PIN code required for transaction completion is derived from the date of birth of the cardholder's mother or father. In this way, this encoding can readily be recalled by the legitimate cardholder and entered as a secondary security measure at an ATM or card reader or during an across the counter transaction. A thief would not necessarily know the date of birth data.
The invention preferably utilises both primary and secondary encoding in the bank's database, with the primary encoding being an ordinary PIN, but the secondary encoding being something like "03221935" to identify the date of birth of a cardholder's mother or father born on 22 March 1935. The entry of this code would be required as a secondary security measure to complete a transaction at an ATM or EFT terminal or else the relevant date of birth might simply be stated to a shop assistant who can key in the code. Without both the signature or primary code and the secondary code, the transaction will be withheld by the bank's computer software.
It should be appreciated that the secondary PIN or other security code need not be exactly as stated above but might simply be "derived" from the date of birth of the cardholder's mother or father. It might, for example, just be in relation to the month and day of the month for cardholders not willing to divulge their age at every across the counter transaction.
It should be appreciated that alterations to this system that are obvious to those skilled in the art are not to be considered as beyond the scope of the invention. For example, the secondary encoding might also include a check digit as a further security measure against unauthorised use. It will also be understood that reference to the birth date of the cardholder's mother or father includes reference to the birth date of a guardian or a step-mother or step-father.
It should further be appreciated that where people carry multiple cards and have multiple accounts, these often have different PINs and it can be difficult and confusing to remember them all. As a result, and despite requests from the financial institutions issuing the cards, it is common for people to keep written record of their various PINs in their wallet or purse. This presents a substantial risk of fraudulent use of the card if the wallet or purse is lost or stolen. In the present invention, the secondary PIN being a derivation of one of the cardholder's parents date of birth would be easy to remember by the legitimate cardholder. There would be further advantages in that there would be no need for the cardholder to write this number down on material kept with their wallet or purse as it would be readily recalled anyway.
As a preferred or optional feature, an ATM might be pre-programmed to retain the transaction card, should a user not be able to key in the secondary security code.
If the holder's purse or wallet is stolen, the transaction card would be of no use or value to a thief, even if the primary PIN is discovered. If the thief then attempted to use the card to purchase goods over the counter without the secondary PIN, the transaction could not be completed. If the thief attempted to use the card in an ATM, his lack of information as to one of the cardholder's parent's date of birth would result in cancellation of a transaction and perhaps retention of the card by the ATM.
There is further provided a method of entering the secondary PIN into the financial institution's database without human intervention on behalf of the financial institution: Contrary to current practice, all application forms for issuance of a card would be individually coded with an application number or similar.
Each application form would have a "tear-off' section, containing the same coding as the body of the form. This removable section would also contain instructions for the card applicant to set up the secondary PIN by telephoning the credit provider at a specified telephone number within a specified time period (eg. 48 hours from lodging the card application), using a touch-tone phone. The instructions would explain the nature and use of the secondary security code. The card applicant's telephone call is answered by an automated answering service which prompts the caller to enter the individual application form coding and the birth date which will form the basis for the secondary PIN. The service will then confirm this data to the caller, for example by asking for repeat entry of the data or confirming the data by voice synthesis. The automated service may optionally then confirm to the caller the secondary PIN derived from the birth data.
When the application is processed by the credit provider, the secondary PIN is correlated to the card application in the database using the application form code number, thus entering the secondary PIN into the database without intervention by staff of the credit card provider.
Alternatively, or in addition, the removable section could contain instructions for the card applicant to set up the secondary PIN via a secure internet site. The set up information and procedure could be generally similar to that for telephone setup. For added security, the internet site may also include a field requiring entry of an extra code, which preferably is the same as the user's internet service provider access password.
Where a card applicant completes an application form and lodges it personally with the credit provider, facilities may be provided to complete this secondary PIN set up procedure at that time. If the applicant mails in the application, the applicant will need access to a touch-tone phone or internet facilities to complete set up of the secondary
PIN.
The system may also require that the applicant, upon receipt of the credit or transaction card, contacts the card provider on a specified telephone number or internet address and is prompted to key in the PIN to activate the card.
As a further precaution against transaction fraud, it is preferred that a holographic or other diffractive optical variable device covers substantially the entire front surface of the transaction card. Preferably, the hologram is embossed into a transparent holographic foil which may be applied to substantially the whole front surface of the card while permitting visibility of the graphic elements of the card.
While particular embodiments of this invention have been described, it will be evident to those skilled in the art that the present invention may be embodied in other specific forms without departing from the essential characteristics thereof. The present embodiments and examples are therefore to be considered in all respects as illustrative and not restrictive, and all modifications which would be obvious to those skilled in the art are therefore intended to be embraced therein. It will further be understood that any reference herein to known prior art does not, unless the contrary indication appears, constitute an admission that such prior art is commonly known by those skilled in the art to which the invention relates.
Claims (4)
1. A transaction authorisation method using a transaction authorisation method using a transaction card encoded to identify an account or accounts with which the transaction card is associated, the card having a specimen signature thereon, the method including the step of requiring verification of both the cardholder's signature against the specimen signature and entry of a security code by the cardholder to authorise the transaction.
2. A method according to claim 1 wherein the security code is a personal identification number associated with the account.
3. A method according to claim 1 wherein the security code is a secondary security code derived from the date of birth of the cardholder's mother or father.
4. A transaction authorisation method using a transaction card encoded to identify an account or accounts with which the transaction card is associated, including the step of requiring entry of both primary security code and a secondary security code, said secondary security code being derived from the date of birth of a cardholder's mother or father. A method of entering a security code associated with a transaction account into a database of a financial institution, substantially as herein described. Dated this 17th day of July 2002 PAMELA ROBIN CUMMINS Patent Attorneys for the Applicant HALFORD CO.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2002100568A AU2002100568A4 (en) | 2001-07-17 | 2002-07-17 | Secondary security measure for transaction cards |
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AUPR6411A AUPR641101A0 (en) | 2001-07-17 | 2001-07-17 | Secondary security measure for transaction cards |
AUPR6411 | 2001-07-17 | ||
AU2002100568A AU2002100568A4 (en) | 2001-07-17 | 2002-07-17 | Secondary security measure for transaction cards |
Publications (2)
Publication Number | Publication Date |
---|---|
AU2002100568A4 true AU2002100568A4 (en) | 2002-11-21 |
AU2002100568A8 AU2002100568A8 (en) | 2002-11-21 |
Family
ID=3830372
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
AUPR6411A Abandoned AUPR641101A0 (en) | 2001-07-17 | 2001-07-17 | Secondary security measure for transaction cards |
AU2002100568A Ceased AU2002100568A4 (en) | 2001-07-17 | 2002-07-17 | Secondary security measure for transaction cards |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
AUPR6411A Abandoned AUPR641101A0 (en) | 2001-07-17 | 2001-07-17 | Secondary security measure for transaction cards |
Country Status (1)
Country | Link |
---|---|
AU (2) | AUPR641101A0 (en) |
-
2001
- 2001-07-17 AU AUPR6411A patent/AUPR641101A0/en not_active Abandoned
-
2002
- 2002-07-17 AU AU2002100568A patent/AU2002100568A4/en not_active Ceased
Also Published As
Publication number | Publication date |
---|---|
AUPR641101A0 (en) | 2001-08-09 |
AU2002100568A8 (en) | 2002-11-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US5365046A (en) | Preventing unauthorized use of a credit card | |
US7748616B2 (en) | Method for implementing anonymous credit card transactions using a fictitious account name | |
US7494056B2 (en) | Retail package for prepaid debit cards and method for debit card distribution | |
US7347361B2 (en) | System, method and program product for account transaction validation | |
US20070073619A1 (en) | Biometric anti-fraud plastic card | |
US20080210754A1 (en) | Account payment using barcode information exchange | |
US8430298B2 (en) | Presentation instrument package arrangement | |
CA2374093A1 (en) | Cardless payment system | |
US20060206350A1 (en) | Security method and apparatus for preventing credit card fraud | |
EP1370999A1 (en) | System for affecting orders for payment with identification by means of card data and fingerprint | |
US7533814B2 (en) | Presentation instrument with user-created pin | |
US6820803B1 (en) | Cash card system | |
US9508074B2 (en) | Method for secure use of identification cards | |
US20030066879A1 (en) | Security system and method for transaction cards | |
Sivakumar et al. | Fraud detection in credit card transactions: classification, risks and prevention techniques | |
CN101501708A (en) | Transaction instruments with enhanced security PIN and expiration date generation | |
JP2006155636A (en) | Ic card settlement device | |
US20070278292A1 (en) | Retail cash product | |
AU2002100568A4 (en) | Secondary security measure for transaction cards | |
US20020033415A1 (en) | Secondary security measure for transaction cards | |
CA2520626A1 (en) | Techniques for protecting financial transactions | |
US20020095371A1 (en) | Prepaid cash card | |
WO2006049585A1 (en) | Payment system | |
US7984848B1 (en) | Cash card system | |
WO2008029141A1 (en) | A debit or credit card |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
TH | Corrigenda |
Free format text: IN VOL 16, NO 41, PAGE(S) 477 UNDER THE HEADING INNOVATION PATENTS OPI - NAME INDEX UNDER THE NAME CUMMINS, P., APPLICATION NO. 2002100568, UNDER INID (45) CORRECT THE DATE TO READ 21.11.2002. |
|
MK22 | Patent ceased section 143a(d), or expired - non payment of renewal fee or expiry |