EP0965109A1 - Improvements in or relating to credit cards - Google Patents

Improvements in or relating to credit cards

Info

Publication number
EP0965109A1
EP0965109A1 EP97949058A EP97949058A EP0965109A1 EP 0965109 A1 EP0965109 A1 EP 0965109A1 EP 97949058 A EP97949058 A EP 97949058A EP 97949058 A EP97949058 A EP 97949058A EP 0965109 A1 EP0965109 A1 EP 0965109A1
Authority
EP
European Patent Office
Prior art keywords
data
credit card
verification
verification device
encoded
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP97949058A
Other languages
German (de)
French (fr)
Inventor
Yogendra Khimji Raja
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of EP0965109A1 publication Critical patent/EP0965109A1/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/347Passive cards
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1025Identification of user by a PIN code
    • G07F7/1075PIN is checked remotely
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/12Card verification
    • G07F7/125Offline card verification

Definitions

  • the present invention relates to credit cards and in particular to a means and method for improving security with regard to credit cards and to preventing fraudulent use of stolen or bogus credit cards .
  • credit card is intended to apply to any encoded card which is used to obtain money from cash dispensers or goods or services from suppliers and retailers .
  • Cards commonly have a code magnetically encoded thereon.
  • the code is read by a cash dispensing machine for example, the code also being supplemented by a so-called PIN (personal identification number) number which is also entered in the machine to obtain cash.
  • PIN personal identification number
  • a PIN number being of necessity relatively short so it can be remembered, does not uniquely identify any single person having a credit card.
  • Stolen or bogus credit cards are also used to obtain goods and services from suppliers and retailers.
  • the only means of checking whether the person is entitled to use the card is to attempt to correlate the signature on the transaction document with that on the credit card.
  • the present invention provides credit card verification apparatus comprising a reader for reading first data encoded on a credit card, means for reading second data encoded on a credit card verification device physically separate from the credit card, wherein for any individual credit card and its associated verification device the first data is unique thereto and the second data is essentially unique thereto and different from said first data, and verification means for verifying that the first and second data relate to the same credit card.
  • "essentially unique" means that the number of variations in the second data is sufficiently large that there is an insignificant chance, for example less than 10 "6 , and preferably less than 10 "8 , of two credit cards being associated with the same second data, even if the second data is randomly selected.
  • the apparatus may also comprise PIN number entry means for entering a PIN number, and the verification means may additionally determine that the PIN number so entered is that allocated to the credit card.
  • the present invention provides a method of preventing credit card fraud comprising supplying with a credit card which contains information including first encoded data, a credit card verification device which is physically separate from the credit card and contains information including second encoded data, said first data being unique to an individual credit card, and said second data being essentially unique to an individual credit card and different from said first data, receiving first data from a credit card and second data from a verification device and acting upon said first data only when it has been determined that the first and second data relate to the same card.
  • the information on the credit card may include an indication that the second data, and, if appropriate, a PIN number, is required.
  • the method may additionally include receiving a PIN number and acting upon said first data only when it has been determined that the PIN number is that allocated to the credit card.
  • specified credit card or “individual credit card” is meant to refer to a particular credit card or set of cards all relating to the same credit card account, issued to an individual user or group of individual users for their use only, use by others being defined herein as fraudulent use.
  • the verification device has its own encoded information (second data) which bears an essentially unique relation to its associated credit card, to allow use of the latter in the manner described hereinbelow.
  • second data includes additional information relating to the person issued with the credit card, for further verification purposes by a third party. Because it does not need to be remembered, the second data can be long or have a complicated format, unlike a PI N number. Both of these measures increase validity of verification and security.
  • verification is effected in at least two stages, and the information on the verification device comprises the second data and third data.
  • the first data and third data may be checked at the device reader itself, and only if the outcome is positive are the first data and the second data forwarded to a central computer for a second verification stage.
  • the third data may have a relatively simple relation to the first data, for example it may be the same as the first data, or be derivable therefrom by a relatively simple algorithm.
  • the third data is preferably unique or essentially unique to an individual credit card, but need not be so. Nevertheless, the second data is unique, or essentially unique to the credit card, and so provides a greater degree of security.
  • the device may include variable fourth data.
  • the fourth data is also sent to the central computer for verification that it relates to the credit card, and once verification has taken place, the fourth data is altered according to any known algorithm, including the selection of a random number, recorded at the central computer, and re-written to replace the existing fourth data on the verification device .
  • the true owner may well be unaware that the information on the card and device have been copied ((and, if appropriate, the PIN number known) , so that cash is being drained from the related account, the inability to use the card will (or should) provide an alert to the owner, or the credit card company when the owner complains or the system detects an apparently fraudulent attempt to use the card, that fraudulent use of the card may have taken place, thus enabling checks to be made and the extent of the fraud to be reduced.
  • variable fourth data on the credit card could also prove useful in reducing the extent of fraud in transactions using credit cards without the associated verification device.
  • none of the second, third and fourth data is identical to a PIN number associated with the credit card, or identical to data provided by the card itself, although it would be possible for the second data to equate thereto in a relatively low security arrangement .
  • variable fourth variable data itself provides an enhanced degree of security.
  • the invention provides credit card verification apparatus comprising a reader for reading first data encoded on a credit card, means for reading and writing variable data encoded on a credit card verification device physically separate from the credit card, said variable data being different from said first data, verification means including a data store for verifying that the first and variable data as read relate to the same credit card, and upon said verification being positive, altering said variable data, storing said altered variable data in said data store, and replacing said variable data with said altered variable data on said verification device.
  • the invention provides a method of preventing credit card fraud comprising supplying with a credit card which contains information including first encoded data, a credit card verification device which is physically separate from the credit card and contains information including encoded variable data different from said first data, receiving first data from a credit card and said variable data from a verification device and acting upon said first data only when it has been determined that the first and variable data relate to the same card, said acting upon including the step of subsequently altering said variable data on the verification device and storing the altered variable data for use when repeating the said method.
  • the verification device may also contain the second and/or third data for use as described herein in relation to the invention in its first and second aspects .
  • the information on the verification device may be encoded in any known suitable form such as by means of a magnetically encoded strip, optical encoding (preferably invisible to the human eye) , an rf transponder, a microchip or any other form of readable information retaining means .
  • the owner it is advisable for the owner to keep the credit card and the verification device separate, just as it is recommended that any document recording a PIN number should be kept separately (and preferably not indicating that it contains information regarding the PIN number) .
  • the verification device could be in the form of another card, there then exists a strong temptation to place them both in the same location, for example in the same wallet or purse, particularly if it is of the same size and shape as the credit card.
  • the verification device is given an different shape and/or size reducing this temptation.
  • the verification device is in the form of a key, having an apertured handle portion enabling it to be attached to a key-ring.
  • the invention provides a credit card verification device having a flat or three- dimensional shape of a key, and bearing thereon machine readable information.
  • the key need only be as large as is necessary to enable information thereon to be read by an appropriate reader.
  • the key may be of metal, providing this does not interfere with the reading of the information thereon (this will depend on how the information is recorded) , but could be of an alternative material such as plastics or card.
  • the key shape is three-dimensional - for example with significant thickness, and preferably a non-uniform thickness, such as a cylindrical shank and flat apertured handle.
  • UK Patent Application No. 2 181 582 discloses an electronic device, such as in the form of a watch, which is provided with a secure store for personal identity information, such information being available for use either on a display (e.g. of the watch) for transmission to equipment to which access is sought. It is mentioned that this device could be used to display or transmit coded information for use in conjunction with information on a credit card and a PIN number to provide additional security. It is believed that the PIN number referred to here is that (a personal number) used for gaining access to information held in the device (this information could be for example a conventional PIN number associated with a credit card) rather than the conventional PIN number itself.
  • this device merely constitutes a new way of retrieving a conventional PIN number when a credit card is used, and as noted above, PIN numbers are not generally unique to individual cards .
  • This method possibly provides greater security insofar as access to the PIN number itself requires input of a personal number into the device, but is not considered to provide the degree of security afforded by the present invention.
  • the device is an active electronic device requiring a power source such as a battery, means for entering and storing the personal identity information, and means for retrieving and transmitting or displaying such information, all within the device itself.
  • a power source such as a battery
  • the device is relatively complicated, and becomes useless if the battery fails .
  • the information is held by passive readable means for active reading by an external reader - thus, as later described in relation to a preferred embodiment, it would sufficient simply to write information on a magnetic strip at the time of producing the verification device, and to read the second and/or other data therefrom by an external reader at the point of use.
  • There is no PIN number necessary for accessing the information on the verification device rather such information is obtained and is correlated with information from the credit card and/or associated PIN number for verification purposes, any known coding method of the various items of information being employed, preferably such as provides a high degree of security, as mentioned above and later.
  • the specified credit card and its associated verification device are unique to one another.
  • a card issuer issues more than one credit card of one account holder to a group of people such as, for example, other members of the account holder's family such as the wife or husband
  • each verification device associated with an individual card could be identical or different.
  • variable fourth information on the verification device it will be necessary for each verification device to differ, so as to be identifiable and capable of being associated with its own variable information, to prevent the use of a card by one of the said group prohibiting use by other member of the group.
  • the encoded information on the credit card is usually the same as it frequently relates to an individual account holder's details.
  • the specified credit card would be issued to a person or group of persons by the card issuer together with a separate verification device by any known means .
  • Usual security precautions may apply such that the account is only activated when the recipient of the cards acknowledges safe receipt for example.
  • the credit card and the verification device would be kept by the person separate from each other, the verification device perhaps being kept on a key-ring with other keys for example.
  • the credit card would be inserted in the machine in known manner and the user's PIN number entered, the person then also being required to insert his verification device in the machine.
  • a database to which the machine is connected and which holds details of the person's account then verifies that the correct corresponding details between the information encoded on the credit card, PIN number and information encoded on the verification device meet predetermined criteria before issuing cash to the person.
  • the verification device will also be swiped or otherwise read. In the absence of the verification device, the transaction will not occur in case the credit card has been stolen.
  • the retailer will also have the assurance of the credit card being verified by the verification device; the transaction not proceeding unless the information on the credit card and verification device meet the predefined criteria held in the database.
  • the verification device will always remain with the user and will not be taken by a retailer together with the credit card into another room for example to be swiped.
  • verification is done in two stages.
  • First verification means for example in the card reader itself, performs a check on information provided by the card or verification device or both (for example, a simple parity check to verify that the coded information is of acceptable form and valid per se, but preferably, as mentioned above, a check on the third data to establish that it relates to the credit card)
  • second verification means for example in a host computer receiving output from the reader, performs a further check on both sets of information (preferably, as mentioned above, verification that the second and variable fourth data relate to the credit card and the present state of the verification device respectively) .
  • failure to achieve verification can be arranged to cause non-return of the credit card and/or verification device. It will be clear that this mode of operation can be practised with the additional input of a PIN number.
  • the verification device could also contain encoded information relating for example to the appearance and gender of the person using it, or to a car registration or NHS number, enabling the retailer who suspects fraud to verify visually or by interrogation that the person using it corresponds to such information.
  • Figure 1 shows a schematic view of a verification device having a key- shape according to the present invention, for use in the verification apparatus and method of the invention
  • Figure 2 shows a schematic view of a cash dispenser for use with the present invention
  • Figure 3 shows a schematic of a credit card
  • FIG. 4 which shows a block diagram illustrating the method of the present invention.
  • FIG. 1 shows a verification device 10 according to the present invention, henceforth referred to briefly as a "cardkey” .
  • the cardkey is in the shape of a key and made of a stiff, durable plastics material and intended to be kept by a user on a key-ring (not shown) by the head 12.
  • the cardkey 10 has information encoded on a magnetic strip 14 affixed to the shank 16 of the cardkey.
  • the cardkey is made of metal;
  • the card key has a three dimensional key shape; and/or
  • the coding is other than magnetic, e.g. optical.
  • FIG. 2 shows a schematic view in elevation of a cash dispensing machine 20.
  • the machine 20 has the usual features to be found in such devices including; a display screen 22 for imparting instructions and/or information to the user; a keypad 24 for entering numbers; a slot 26 for receiving a credit card; a keypad 28 for answering standard questions made by the device 20; a cash dispenser slot 30; and, a slot 32 for receiving the cardkey 10.
  • Figure 3 shows a schematic view of a conventional plastics material credit card 40 which has a standard rectangular body 42 having the usual embossed information relating to the person to whom it is issued, expiry date, account number and so forth and a magnetic strip 44 having information encoded thereon.
  • Figure 4 shows a block diagram indicating the cardkey 10, cash dispenser 20, credit card 40 and a central database 52.
  • the cardkey contains second, third and fourth data as described previously, neither of the second and fourth data equating to information on the credit card itself.
  • the third data can, but need not, correspond to information on the credit card for a preliminary check at the reading stage .
  • the credit card 40 is entered in the slot 26 of the machine 20 and the information thereon is read 50 in known manner and verified against data held in the central data base 52; an invitation is issued to enter the cardkey in the slot 32 of the machine 20 and at least the third data is read 54 by known means .
  • the third data is verified by correlation with the first data.
  • the reader then reads the second and fourth data, if it has not done so when determining the third data, for transmission to the central database and correlation with stored information relating to the credit card and verification device.
  • the user's PIN number is entered on the keypad 24 which again is verified 56 by the database 52. Only when all verifications have been satisfactorily completed does the database 52 enable 58 the machine 20 to issue the cash 60 requested by the user.
  • the fourth data is altered, the altered data is stored at the central database, and also written over the existing fourth data on the cardkey.
  • the slot 32 for the card key 10 may also be the same as the slot 26 for the credit card 40, the cardkey 10 being in a similar physical form to the card 40.
  • the credit card 40, PIN number and cardkey 10 are entered sequentially into the machine 20 in response to instructions displayed in the window 22 of the machine 20.

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)
  • Credit Cards Or The Like (AREA)

Abstract

To improve security and prevent fraudulent use of a credit card (40), there is provided a verification device (10) which is separate from the credit card and bears different data, e.g. on a magnetic strip. At the time of a transaction the data is read (32) to verify that it relates to the credit card in use before the transaction is allowed to proceed. The data is preferably read by a separate reader (24) so that it never needs to leave the hands of the owner, although a common reader could be used. A PIN number may also be entered (24) at the time of the transaction for verification. Preferably the different data comprises (a) data enabling an initial verification check at the reader; (b) data which is essentially unique to a particular card for a second verification at a central computer; and (c) variable data for verification at the central computer, and which is thereafter altered and rewritten both at the central computer and on the verification device.

Description

IMPROVEMENTS IN OR RELATING TO CREDIT CARDS.
The present invention relates to credit cards and in particular to a means and method for improving security with regard to credit cards and to preventing fraudulent use of stolen or bogus credit cards .
The term "credit card" is intended to apply to any encoded card which is used to obtain money from cash dispensers or goods or services from suppliers and retailers .
Credit cards commonly have a code magnetically encoded thereon. The code is read by a cash dispensing machine for example, the code also being supplemented by a so- called PIN (personal identification number) number which is also entered in the machine to obtain cash. In theory, only the person to whom the card is issued knows the PIN number, and therefore, only that person can obtain cash from the machine. However, thieves steal cards and have ways of discovering the PIN numbers of stolen cards such that stealing money is relatively easy.
Furthermore, a PIN number, being of necessity relatively short so it can be remembered, does not uniquely identify any single person having a credit card.
Stolen or bogus credit cards are also used to obtain goods and services from suppliers and retailers. The only means of checking whether the person is entitled to use the card is to attempt to correlate the signature on the transaction document with that on the credit card. However, it is almost impossible to verify if a signature is genuine or not as many criminals are skilled in forging signatures.
In addition to stolen cards, it is now possible for criminals to make multiple copies of stolen cards or to manufacture fake or bogus cards which are sufficiently convincing to defraud retailers .
Levels of credit card related fraud will continue to grow because it often not possible to identify stolen cards until it is too late and it is also very difficult or impossible to identify the people who use the cards fraudulently. Currently, in the United Kingdom some 5000 cards are reported as stolen every day.
It is an object of the present invention to reduce the amount of credit card related fraud.
In a first aspect, the present invention provides credit card verification apparatus comprising a reader for reading first data encoded on a credit card, means for reading second data encoded on a credit card verification device physically separate from the credit card, wherein for any individual credit card and its associated verification device the first data is unique thereto and the second data is essentially unique thereto and different from said first data, and verification means for verifying that the first and second data relate to the same credit card. As used herein, "essentially unique" means that the number of variations in the second data is sufficiently large that there is an insignificant chance, for example less than 10"6, and preferably less than 10"8, of two credit cards being associated with the same second data, even if the second data is randomly selected. Use of the uniqueness of the first data to generate the second data is possible, but if there is an algorithm connecting the first and second data, it should be selected, in known manner, so that the one is not readily derivable from the other and vice versa. However, no algorithm is necessary, it merely be required that the first data is uniquely, and the ' second data essentially uniquely, associated with their particular credit card account in a databank.
Where a PIN number is allocated to the credit card in question the apparatus may also comprise PIN number entry means for entering a PIN number, and the verification means may additionally determine that the PIN number so entered is that allocated to the credit card.
In a second aspect the present invention provides a method of preventing credit card fraud comprising supplying with a credit card which contains information including first encoded data, a credit card verification device which is physically separate from the credit card and contains information including second encoded data, said first data being unique to an individual credit card, and said second data being essentially unique to an individual credit card and different from said first data, receiving first data from a credit card and second data from a verification device and acting upon said first data only when it has been determined that the first and second data relate to the same card.
The information on the credit card may include an indication that the second data, and, if appropriate, a PIN number, is required.
Again, where a PIN number has also been allocated to an individual credit card, the method may additionally include receiving a PIN number and acting upon said first data only when it has been determined that the PIN number is that allocated to the credit card.
In this specification the term "specified credit card" or "individual credit card" is meant to refer to a particular credit card or set of cards all relating to the same credit card account, issued to an individual user or group of individual users for their use only, use by others being defined herein as fraudulent use.
The verification device has its own encoded information (second data) which bears an essentially unique relation to its associated credit card, to allow use of the latter in the manner described hereinbelow. Optionally, it includes additional information relating to the person issued with the credit card, for further verification purposes by a third party. Because it does not need to be remembered, the second data can be long or have a complicated format, unlike a PIN number. Both of these measures increase validity of verification and security.
In a preferred embodiment, verification is effected in at least two stages, and the information on the verification device comprises the second data and third data. For example, in a first verification stage, the first data and third data may be checked at the device reader itself, and only if the outcome is positive are the first data and the second data forwarded to a central computer for a second verification stage.
In such an arrangement, the third data may have a relatively simple relation to the first data, for example it may be the same as the first data, or be derivable therefrom by a relatively simple algorithm. The third data is preferably unique or essentially unique to an individual credit card, but need not be so. Nevertheless, the second data is unique, or essentially unique to the credit card, and so provides a greater degree of security.
Even more preferably, where the information recorded on the verification device is re-writable, the device may include variable fourth data. In use, the fourth data is also sent to the central computer for verification that it relates to the credit card, and once verification has taken place, the fourth data is altered according to any known algorithm, including the selection of a random number, recorded at the central computer, and re-written to replace the existing fourth data on the verification device .
In this manner, even if the information on a verification device and on a credit card is copied by a fraudster, provided the true owner uses the card before the fraudster, the latter will be prohibited from using the card, because the fourth information will have been altered in the meantime. It is true that should the fraudster manage to use the card before the true owner, then the latter will be unable to use the card, but this may be considered to be advantageous. Since the true owner may well be unaware that the information on the card and device have been copied ((and, if appropriate, the PIN number known) , so that cash is being drained from the related account, the inability to use the card will (or should) provide an alert to the owner, or the credit card company when the owner complains or the system detects an apparently fraudulent attempt to use the card, that fraudulent use of the card may have taken place, thus enabling checks to be made and the extent of the fraud to be reduced.
Clearly, data similar to the third and fourth data could also be provided on the credit card itself. In particular, variable fourth data on the credit card could also prove useful in reducing the extent of fraud in transactions using credit cards without the associated verification device. Preferably none of the second, third and fourth data is identical to a PIN number associated with the credit card, or identical to data provided by the card itself, although it would be possible for the second data to equate thereto in a relatively low security arrangement .
The use of the variable fourth variable data itself provides an enhanced degree of security. Thus, in a third aspect the invention provides credit card verification apparatus comprising a reader for reading first data encoded on a credit card, means for reading and writing variable data encoded on a credit card verification device physically separate from the credit card, said variable data being different from said first data, verification means including a data store for verifying that the first and variable data as read relate to the same credit card, and upon said verification being positive, altering said variable data, storing said altered variable data in said data store, and replacing said variable data with said altered variable data on said verification device.
Correspondingly, in a fourth aspect the invention provides a method of preventing credit card fraud comprising supplying with a credit card which contains information including first encoded data, a credit card verification device which is physically separate from the credit card and contains information including encoded variable data different from said first data, receiving first data from a credit card and said variable data from a verification device and acting upon said first data only when it has been determined that the first and variable data relate to the same card, said acting upon including the step of subsequently altering said variable data on the verification device and storing the altered variable data for use when repeating the said method.
It will be clear that the invention in its third and fourth aspects can be combined with the invention in its first and second aspects respectively. Thus, for example, the verification device may also contain the second and/or third data for use as described herein in relation to the invention in its first and second aspects .
The information on the verification device may be encoded in any known suitable form such as by means of a magnetically encoded strip, optical encoding (preferably invisible to the human eye) , an rf transponder, a microchip or any other form of readable information retaining means .
Clearly, it is advisable for the owner to keep the credit card and the verification device separate, just as it is recommended that any document recording a PIN number should be kept separately (and preferably not indicating that it contains information regarding the PIN number) . While the verification device could be in the form of another card, there then exists a strong temptation to place them both in the same location, for example in the same wallet or purse, particularly if it is of the same size and shape as the credit card. Preferably, therefore, the verification device is given an different shape and/or size reducing this temptation. In a particularly preferred form, the verification device is in the form of a key, having an apertured handle portion enabling it to be attached to a key-ring.
Thus, in a fifth aspect, the invention provides a credit card verification device having a flat or three- dimensional shape of a key, and bearing thereon machine readable information.
The key need only be as large as is necessary to enable information thereon to be read by an appropriate reader. The key may be of metal, providing this does not interfere with the reading of the information thereon (this will depend on how the information is recorded) , but could be of an alternative material such as plastics or card. Preferably, the key shape is three-dimensional - for example with significant thickness, and preferably a non-uniform thickness, such as a cylindrical shank and flat apertured handle.
UK Patent Application No. 2 181 582 (Blackwell) discloses an electronic device, such as in the form of a watch, which is provided with a secure store for personal identity information, such information being available for use either on a display (e.g. of the watch) for transmission to equipment to which access is sought. It is mentioned that this device could be used to display or transmit coded information for use in conjunction with information on a credit card and a PIN number to provide additional security. It is believed that the PIN number referred to here is that (a personal number) used for gaining access to information held in the device (this information could be for example a conventional PIN number associated with a credit card) rather than the conventional PIN number itself. In such a case this device merely constitutes a new way of retrieving a conventional PIN number when a credit card is used, and as noted above, PIN numbers are not generally unique to individual cards . This method possibly provides greater security insofar as access to the PIN number itself requires input of a personal number into the device, but is not considered to provide the degree of security afforded by the present invention.
Furthermore, the device is an active electronic device requiring a power source such as a battery, means for entering and storing the personal identity information, and means for retrieving and transmitting or displaying such information, all within the device itself. Thus the device is relatively complicated, and becomes useless if the battery fails .
In a preferred form of the present invention, the information is held by passive readable means for active reading by an external reader - thus, as later described in relation to a preferred embodiment, it would sufficient simply to write information on a magnetic strip at the time of producing the verification device, and to read the second and/or other data therefrom by an external reader at the point of use. There is no PIN number necessary for accessing the information on the verification device, rather such information is obtained and is correlated with information from the credit card and/or associated PIN number for verification purposes, any known coding method of the various items of information being employed, preferably such as provides a high degree of security, as mentioned above and later.
The specified credit card and its associated verification device are unique to one another. However, where a card issuer issues more than one credit card of one account holder to a group of people such as, for example, other members of the account holder's family such as the wife or husband, each verification device associated with an individual card could be identical or different. Where there is variable fourth information on the verification device, as mentioned previously, then it will be necessary for each verification device to differ, so as to be identifiable and capable of being associated with its own variable information, to prevent the use of a card by one of the said group prohibiting use by other member of the group. However, even in these circumstances the encoded information on the credit card is usually the same as it frequently relates to an individual account holder's details. In these circumstances, for example, there would be issued one verification device for each issued individual credit card. In use the specified credit card would be issued to a person or group of persons by the card issuer together with a separate verification device by any known means . Usual security precautions may apply such that the account is only activated when the recipient of the cards acknowledges safe receipt for example. The credit card and the verification device would be kept by the person separate from each other, the verification device perhaps being kept on a key-ring with other keys for example.
To effect a transaction at a cash dispenser for example by the present invention, the credit card would be inserted in the machine in known manner and the user's PIN number entered, the person then also being required to insert his verification device in the machine. A database to which the machine is connected and which holds details of the person's account then verifies that the correct corresponding details between the information encoded on the credit card, PIN number and information encoded on the verification device meet predetermined criteria before issuing cash to the person. Thus, if the credit card per se is stolen and even if the thief knows the person's PIN number it will not be possible for him to withdraw cash without the verification device.
Similarly, when a person is securing goods or services at a shop for example, it will be necessary for the person to provide his verification device. In addition to the credit card being "swiped" or inserted into a means of reading the encoded information thereon, the verification device will also be swiped or otherwise read. In the absence of the verification device, the transaction will not occur in case the credit card has been stolen. Thus, in addition to the usual signature from the person receiving the goods or services, the retailer will also have the assurance of the credit card being verified by the verification device; the transaction not proceeding unless the information on the credit card and verification device meet the predefined criteria held in the database. Preferably, the verification device will always remain with the user and will not be taken by a retailer together with the credit card into another room for example to be swiped. Thus, there should always be a means of reading the verification device at a convenient location such that the verification device always remains within sight of the user.
It will be apparent to those skilled in the computer and information technology art that many different forms of hardware means and software means may be provided to support the method and article of the present invention. For example, the order in which the credit card PIN number and verification device are entered into the information reading means may be any that correspond to or are dictated by the particular software.
Similarly, software may be produced whereby the credit card and verification device be entered sequentially in the same receiver in the information reading means . In this embodiment, existing hardware may be retained and only the software changed. With the method of the present invention it may not be necessary for there to be a PIN number, which can easily be forgotten by a user, the credit card and verification device together being sufficient. However, in the interests of security, it is preferable that the present invention be used in conjunction with a conventional PIN number .
In a particularly preferred form, verification is done in two stages. First verification means, for example in the card reader itself, performs a check on information provided by the card or verification device or both (for example, a simple parity check to verify that the coded information is of acceptable form and valid per se, but preferably, as mentioned above, a check on the third data to establish that it relates to the credit card) , and second verification means, for example in a host computer receiving output from the reader, performs a further check on both sets of information (preferably, as mentioned above, verification that the second and variable fourth data relate to the credit card and the present state of the verification device respectively) . In known manner, failure to achieve verification can be arranged to cause non-return of the credit card and/or verification device. It will be clear that this mode of operation can be practised with the additional input of a PIN number.
The verification device could also contain encoded information relating for example to the appearance and gender of the person using it, or to a car registration or NHS number, enabling the retailer who suspects fraud to verify visually or by interrogation that the person using it corresponds to such information.
In order that the present invention may be more fully understood, an example of the present invention will now be described by way of illustration only with reference to the accompanying drawings, of which:
Figure 1 shows a schematic view of a verification device having a key- shape according to the present invention, for use in the verification apparatus and method of the invention;
Figure 2 shows a schematic view of a cash dispenser for use with the present invention;
Figure 3 shows a schematic of a credit card; and,
Figure 4 which shows a block diagram illustrating the method of the present invention.
Referring now to the drawings and where the same features are denoted by common reference numerals .
Figure 1 shows a verification device 10 according to the present invention, henceforth referred to briefly as a "cardkey" . The cardkey is in the shape of a key and made of a stiff, durable plastics material and intended to be kept by a user on a key-ring (not shown) by the head 12. The cardkey 10 has information encoded on a magnetic strip 14 affixed to the shank 16 of the cardkey. In modifications (a) the cardkey is made of metal; (b) the card key has a three dimensional key shape; and/or (c) the coding is other than magnetic, e.g. optical.
Figure 2 shows a schematic view in elevation of a cash dispensing machine 20. The machine 20 has the usual features to be found in such devices including; a display screen 22 for imparting instructions and/or information to the user; a keypad 24 for entering numbers; a slot 26 for receiving a credit card; a keypad 28 for answering standard questions made by the device 20; a cash dispenser slot 30; and, a slot 32 for receiving the cardkey 10.
Figure 3 shows a schematic view of a conventional plastics material credit card 40 which has a standard rectangular body 42 having the usual embossed information relating to the person to whom it is issued, expiry date, account number and so forth and a magnetic strip 44 having information encoded thereon.
Figure 4 shows a block diagram indicating the cardkey 10, cash dispenser 20, credit card 40 and a central database 52. The cardkey contains second, third and fourth data as described previously, neither of the second and fourth data equating to information on the credit card itself. The third data can, but need not, correspond to information on the credit card for a preliminary check at the reading stage . The credit card 40 is entered in the slot 26 of the machine 20 and the information thereon is read 50 in known manner and verified against data held in the central data base 52; an invitation is issued to enter the cardkey in the slot 32 of the machine 20 and at least the third data is read 54 by known means .
Either in the in the central database 52 or the reader, but preferably the latter in cases where the first and third data have a predetermined relation, the third data is verified by correlation with the first data. The reader then reads the second and fourth data, if it has not done so when determining the third data, for transmission to the central database and correlation with stored information relating to the credit card and verification device. Meanwhile, the user's PIN number is entered on the keypad 24 which again is verified 56 by the database 52. Only when all verifications have been satisfactorily completed does the database 52 enable 58 the machine 20 to issue the cash 60 requested by the user. At this stage the fourth data is altered, the altered data is stored at the central database, and also written over the existing fourth data on the cardkey.
In an alternative embodiment the slot 32 for the card key 10 may also be the same as the slot 26 for the credit card 40, the cardkey 10 being in a similar physical form to the card 40. In this embodiment, the credit card 40, PIN number and cardkey 10 are entered sequentially into the machine 20 in response to instructions displayed in the window 22 of the machine 20. It will be apparent to those skilled in the art that all of the hardware means to put the present invention into effect are already known in the art. The present invention once known to a person skilled in the computer software art may be put into effect by the writing of appropriate enabling software.

Claims

1. Credit card verification apparatus comprising a reader for reading first data encoded on a credit card, means for reading second data encoded on a credit card verification device physically separate from the credit card, wherein for any individual credit card and its associated verification device the first data is unique thereto and the second data is essentially unique thereto and different from said first data, and verification means for verifying that the first and second data relate to the same credit card.
2. Credit card verification apparatus according to claim 1 and further comprising PIN number entry means for entering a PIN number, and verification means for establishing that the PIN number is associated with the credit card.
3. Apparatus according to claim 1 or claim 2 wherein the second data is magnetically or optically encoded.
4. Apparatus according to any preceding claim wherein the first and second reading means are the same means.
5. Apparatus according to any one of claims 1 to 3 wherein the first and second reading means are different means .
6. Apparatus according to any preceding claim wherein the PIN number entry means is a keyboard for manual input .
7. A method of preventing credit card fraud comprising supplying with a credit card which contains information including first encoded data, a credit card verification device which is physically separate from the credit card and contains information including second encoded data, said first data being unique to an individual credit card, and said second data being essentially unique to an individual credit card and different from said first data, receiving first data from a credit card and second data from a verification device and acting upon said first data only when it has been determined that the first and second data relate to the same card.
8. A method according to claim 7 wherein a PIN number is also associated with the credit card, and said acting upon said first data is conditional upon receipt of said PIN number.
9. A method according to claim 7 or claim 8 wherein the information on the credit card is indicative of the fact that the second data is required.
10. A method according to any one of claims 7 to 9 wherein the verification device comprises third data for verification by correlation with said first data before said acting is enabled.
11. A method according to any one of claims 7 to 10 wherein the verification device comprises fourth data, said acting is enabled only when it has been verified that the fourth data relates to the said credit card, and wherein said fourth data is subsequently altered, the altered fourth data being written on the verification device in place of the existing fourth data, and also being stored in association with other information identifying the credit card, for verification purposes upon a later use of the verification device.
12. A method according to any one of claims 7 to 11 wherein the verification device has a two or three dimensional shape of a key.
13. Credit card verification apparatus comprising a reader for reading first data encoded on a credit card, means for reading and writing variable data encoded on a credit card verification device physically separate from the credit card, said variable data being different from said first data, verification means including a data store for verifying that the first and variable data as read relate to the same credit card, and upon said verification being positive, altering said variable data, storing said altered variable data in said data store, and replacing said variable data with said altered variable data on said verification device.
14. A method of preventing credit card fraud comprising supplying with a credit card which contains information including first encoded data, a credit card verification device which is physically separate from the credit card and contains information including second encoded variable data different from said first data, receiving first data from a credit card and variable data from a verification device and acting upon said first data only when it has been determined that the first and variable data relate to the same card, said acting upon including the step of subsequently altering said variable data on the verification device and storing the altered variable data for use when repeating the said method.
15. A credit card device having a flat or three- dimensional shape of a key, and bearing thereon machine readable information.
EP97949058A 1996-12-14 1997-12-12 Improvements in or relating to credit cards Withdrawn EP0965109A1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
GBGB9626020.3A GB9626020D0 (en) 1996-12-14 1996-12-14 Improvements in or relating to credit cards
GB9626020 1996-12-14
PCT/GB1997/003448 WO1998027519A1 (en) 1996-12-14 1997-12-12 Improvements in or relating to credit cards

Publications (1)

Publication Number Publication Date
EP0965109A1 true EP0965109A1 (en) 1999-12-22

Family

ID=10804466

Family Applications (1)

Application Number Title Priority Date Filing Date
EP97949058A Withdrawn EP0965109A1 (en) 1996-12-14 1997-12-12 Improvements in or relating to credit cards

Country Status (5)

Country Link
EP (1) EP0965109A1 (en)
AU (1) AU7739798A (en)
CA (1) CA2275295A1 (en)
GB (1) GB9626020D0 (en)
WO (1) WO1998027519A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11438370B2 (en) 2020-07-16 2022-09-06 Capital One Services, Llc Email security platform

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU5296200A (en) * 1999-05-28 2000-12-18 Utm Systems Corporation Network authentication with smart chip and magnetic stripe
US7013293B1 (en) 2000-01-25 2006-03-14 Nds Limited Portable transaction device
JP4054535B2 (en) * 2001-01-19 2008-02-27 株式会社日立製作所 IC card service providing method, card terminal, and IC card
US20030046247A1 (en) * 2001-08-31 2003-03-06 Stiasny Janos G. Cardholder transaction control methods, apparatus, signals and media

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3593291A (en) * 1969-01-24 1971-07-13 Thomas W Sullivan Automatic identification system and method
US3582890A (en) * 1969-12-01 1971-06-01 Leslie C Rivers Credit key
DE2318263A1 (en) * 1973-01-24 1974-07-25 Dasy Int Sa FALSE-PROOF CONTROL PROCEDURE FOR LEGITIMATION
JPS5972572A (en) * 1982-10-19 1984-04-24 Omron Tateisi Electronics Co Terminal device for settlement of credit transaction
JPH02297297A (en) * 1989-05-11 1990-12-07 Material Eng Tech Lab Inc Method for preventing malfeasant use of card type information medium
FR2686172B1 (en) * 1992-01-14 1996-09-06 Gemplus Card Int PLUG - IN CARD FOR A MICROCOMPUTER FORMING A CARD READER WITH FLUSHED CONTACTS.

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO9827519A1 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11438370B2 (en) 2020-07-16 2022-09-06 Capital One Services, Llc Email security platform

Also Published As

Publication number Publication date
CA2275295A1 (en) 1998-06-25
GB9626020D0 (en) 1997-01-29
WO1998027519A1 (en) 1998-06-25
AU7739798A (en) 1998-07-15

Similar Documents

Publication Publication Date Title
US4304990A (en) Multilevel security apparatus and method
US6983882B2 (en) Personal biometric authentication and authorization device
US5365046A (en) Preventing unauthorized use of a credit card
US5615277A (en) Tokenless security system for authorizing access to a secured computer system
US7328850B2 (en) Financial and similar identification cards and methods relating thereto
US5457747A (en) Anti-fraud verification system using a data card
US6615194B1 (en) System for secure execution of credit based point of sale purchases
US7899753B1 (en) Systems and methods for time variable financial authentication
CA2381807C (en) Secure multi-application card system
US7647505B2 (en) Recording medium, recording medium reading/writing apparatus, and method of using recording medium
US4328414A (en) Multilevel security apparatus and method
US20040203594A1 (en) Method and apparatus for signature validation
US20050029349A1 (en) Bio-metric smart card, bio-metric smart card reader, and method of use
US20080120509A1 (en) Biometrics-secured transaction card
US20020169720A1 (en) Method for cardholder to place use restrictions on credit card at will
EP0385400A2 (en) Multilevel security apparatus and method with personal key
US7210621B2 (en) Secure credit card and method and apparatus for utilizing the same
US20100123002A1 (en) Card printing verification system
US20100123003A1 (en) Method for verifying instant card issuance
JPH11509015A (en) Secure identification system and method
US7500603B2 (en) Data card
US8276814B1 (en) System and method for carrying out secure transactions
CN101501708A (en) Transaction instruments with enhanced security PIN and expiration date generation
US20080308627A1 (en) Financial and similar identification cards and methods relating thereto including awards
EP0965109A1 (en) Improvements in or relating to credit cards

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 19990708

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE CH DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20030701

REG Reference to a national code

Ref country code: HK

Ref legal event code: WD

Ref document number: 1027417

Country of ref document: HK