EP1362333A1 - Method and device for securing a transaction between a shopkeeper and a customer with a payment card - Google Patents
Method and device for securing a transaction between a shopkeeper and a customer with a payment cardInfo
- Publication number
- EP1362333A1 EP1362333A1 EP02704861A EP02704861A EP1362333A1 EP 1362333 A1 EP1362333 A1 EP 1362333A1 EP 02704861 A EP02704861 A EP 02704861A EP 02704861 A EP02704861 A EP 02704861A EP 1362333 A1 EP1362333 A1 EP 1362333A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- transaction
- securing
- payment card
- module
- merchant
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/04—Payment circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/12—Payment architectures specially adapted for electronic shopping systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/403—Solvency checks
- G06Q20/4037—Remote solvency checks
Definitions
- the present invention relates to a method and a system for securing a transaction between a merchant and a customer carrying a payment card.
- the invention finds a particularly advantageous application in the field of securing “distance selling” type transactions carried out by means of a payment card. It also applies to transactions using a magnetic stripe on the said payment card.
- payment cards include, on the one hand, a visual integrating information on the holder, in particular his name, as well as identification data specific to each payment card, namely his number. identification and its expiry date, and, on the other hand, a magnetic strip on which the same identification data are recorded.
- Payment cards of this type can be published by groups of commercial brands, by financing organizations or by banking establishments most often grouped into networks.
- the body of the card may include an electronic component, sometimes called a "chip", which contains not only all the information and data relating to the card and its holder, but also means, microprocessor and associated software, capable of performing complex authentication operations, encryption for example.
- distance selling To carry out a financial transaction with a payment card, one can use the only data specific to said card contained in the visual mentioned above. This procedure is frequent in France in transactions known as "distance selling".
- distance selling When said distance selling is carried out on a communication network such as the Internet, the customer carrying the payment card must manually enter the identification number and expiration date of his card on the keyboard of his personal computer.
- the customer In the particular case of Mail order sales, the customer enters this same data on a paper form which he then sends to the merchant by post.
- the merchant then transmits the identification data of the card to a management organization accompanied by a request for authorization of the transaction.
- the management body carries out a certain number of checks concerning the card and the holder and authorizes or not the transaction. You can also carry out a transaction using a payment card using the identification data present in the magnetic strip of the card. This procedure is now relatively little practiced in local shops except in the case of private networks managed in particular by groups of commercial brands.
- the merchant has a magnetic stripe reader which records the data of the transaction and transmits it to a network management body to which the card belongs. If an authorization is given by the management body, a slip printed by the reader must be signed by the card holder before the transaction can be carried out.
- the technical problem to be solved by the object of the present invention is to propose a method of securing a transaction between a merchant and a customer carrying a payment card, said transaction involving an authorization request from identification data specific to said payment card, a process which would increase the security of transactions for which knowledge of the card's only identification data is sufficient to obtain authorization.
- the solution to the technical problem posed consists, according to the present invention, in that the transaction is authorized after verification in a complementary decision module (41) of at least one control criterion determined from at least one parameter specific to said transaction, said control criterion being decided by said bearer (20).
- a system for securing a transaction between a merchant and a customer carrying a payment card comprising at least one management body capable of authorizing said transaction on the basis of identification data specific to said card.
- said system also includes an additional decision-making module capable of authorizing the transaction after verification of at least one control criterion determined by said holder on the basis of at least one parameter specific to said transaction.
- the method of the invention independently adds a complementary control which has the particularity, on the one hand, of being decided by the bearer itself, and, on the other hand, depend on parameters related to the transaction itself.
- said transaction-specific parameter is chosen from the following list, separately or in combination: existence of the transaction during a given period, number of transactions over a given fixed or sliding period, amount of the transaction in unit or cumulative value, currency of the transaction, identity of the merchant.
- the invention also provides a filtering process according to which said verification is carried out for a transaction of at least one given type.
- This arrangement is reflected in the system of the invention in that it further comprises a filtering module capable of subjecting said module additional business intelligence request for verification for a transaction of at least one given type.
- control criterion can be modified by the holder of the payment card.
- security system object of the invention, must be adapted so that it further comprises a configuration interface module intended for the modification by the payment card holder of said criterion. control.
- FIG. 1 is a block diagram of a security system according to the invention.
- FIG. 1 shows a system for securing a transaction between a merchant 10 and a customer 20 carrying a payment card, a bank card, for example, issued by a management organization 30, also called a network, specialized in the distribution and processing of such cards.
- a bank card for example, issued by a management organization 30, also called a network, specialized in the distribution and processing of such cards.
- a management organization 30 also called a network
- the customer 20 After having made his choice in the catalog which is presented to him on the screen of his personal computer, the customer 20 must provide (1) to the merchant 10 identification data specific to his payment card, namely for example his number and its expiration date. From this data, and other information related to the context of the purchase itself, the merchant 10 addresses (2) to the authorization center 11 of his banking institution a request for authorization of the transaction. This request is transmitted (3) to the network 30 of bank cards which performs a a certain number of checks concerning said card identification data, number and date of validity, as well as, for example, the presence of the card on a red list of cards struck with prohibition. To complete the verification process, the network 30 of bank cards consults (4) the authorization center 21 of the bearer's banking institution 20 so as to implement internal controls, such as the account balance statement of the wearer 20.
- the security method of the invention adds another authorization condition consisting of a complementary operation of verifying at least one control criterion determined by said holder. from at least one parameter specific to said transaction.
- the transaction securing system of FIG. 1 comprises a complementary decision-making module 41 capable of carrying out said complementary verification operation and of authorizing the transaction in the event of positive verification.
- the holder 20 can decide to systematically refuse such or such requests for authorization of financial transactions according to criteria which he will have defined himself.
- the complementary decision-making module 41 consulted (5) by the holder's authorization center 21, will send back (6) a negative response to the acceptance of the transaction.
- This prohibition to carry out the transaction will then be transmitted (7, 8) to the merchant's authorization center 11 via the network 30. Consequently, the merchant 10, informed (9) by his authorization center 11, will refuse (10) the sale to bearer 20 since the request for authorization of the transaction is a failure.
- the bearer 20 has perfect control over the authorization process: it is he and he alone who can positively lead to a request for authorization of a financial transaction.
- the control criteria determined by the carrier 20 and used by the complementary decision-making module 41 can be very varied in nature. As examples, some possible criteria will now be presented, whether taken separately or in combination.
- a first basic criterion has as parameter the existence of the transaction itself, namely that the bearer 20 has the possibility of prohibiting or authorize all financial transactions resulting from processing according to the distance selling procedure.
- this criterion can vary over time, the bearer 20 making a remote purchase being able to temporarily authorize for a given period, one hour for example, all transactions carried out according to this procedure.
- this same criterion can also be considered by the complementary decision-making module 41 as a default criterion: in the absence of any intention expressed by the holder 20 in this regard, the module 41 blocks all the authorization requests which it are presented.
- a second control criterion is linked to the parameter represented by the number of transactions processed over a given period, fixed or rolling, defined by the holder 20.
- a third criterion is configured on the amount of the transaction, whether in unit value or in cumulative value over a fixed or rolling period of time. More specifically, when the transaction exceeds a maximum amount set by the holder 20, the authorization of the financial transaction is refused. Likewise, when the total number of transactions carried out over a given period reaches a ceiling set by the holder 20, any new transaction presented is not authorized. This criterion can be treated globally or by merchant.
- a fourth control criterion brings into play the parameter constituted by the currency of the transaction.
- a holder 20 may authorize only financial transactions denominated in francs or pounds, the other emission currencies causing a negative response to the authorization request.
- a fifth criterion is based on the parameter defined by the identity of the merchant 10. According to this criterion, a holder 20 may only accept requests for authorization of financial transactions from a merchant 10 or a group of merchants, identified by their name or by their type of activity. During a purchase by distance selling, it is then possible, by making available a directory of merchants including their bank numbers, to select the acceptance of requests for authorization of transactions from these merchants only.
- a filtering module 42 whose role is to submit to the complementary decision-making module 41 the requests for verification of the control criteria corresponding to transactions of one or more types 5 given.
- these will be distance selling transactions on the Internet, as they could just as easily be distance selling transactions on paper form, or transactions using the magnetic stripe of cards of payment, these transactions having an insufficient level of security which justifies a process
- This filtering module 42 is therefore to direct authorization requests from, for example, distance selling, to the complementary decision-making module 41. It is integrated into the processing chain of the authorization center 21 of the bearer's banking establishment 20, which
- a configuration module 43 serving as an interface between the bearer 20 and the complementary decision-making module 41.
- This configuration interface module 43 can take various forms:
- the wearer 20 accesses via his personal computer, his mobile phone or his Minitel terminal, a menu allowing him to securely, by identifier and password, configure the module 41 according to the control criteria of his choice, with the possibility to be able to possibly combine them.
- the configuration services of the complementary decision-making module 41 can also be accessible via a voice server.
- the configuration thus carried out will be more coarse, in particular as regards the combinations of criteria, than with a Web server for example, with regard to the quality of the human-machine interface seen from the carrier 20.
Landscapes
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Finance (AREA)
- Computer Security & Cryptography (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
Description
Claims
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR0102528A FR2821506A1 (en) | 2001-02-23 | 2001-02-23 | METHOD AND DEVICE FOR SECURING A TRANSACTION BETWEEN A TRADER AND A CUSTOMER CARRYING A PAYMENT CARD |
FR0102528 | 2001-02-23 | ||
PCT/FR2002/000622 WO2002069283A1 (en) | 2001-02-23 | 2002-02-18 | Method and device for securing a transaction between a shopkeeper and a customer with a payment card |
Publications (1)
Publication Number | Publication Date |
---|---|
EP1362333A1 true EP1362333A1 (en) | 2003-11-19 |
Family
ID=8860400
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP02704861A Withdrawn EP1362333A1 (en) | 2001-02-23 | 2002-02-18 | Method and device for securing a transaction between a shopkeeper and a customer with a payment card |
Country Status (3)
Country | Link |
---|---|
EP (1) | EP1362333A1 (en) |
FR (1) | FR2821506A1 (en) |
WO (1) | WO2002069283A1 (en) |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5897621A (en) * | 1996-06-14 | 1999-04-27 | Cybercash, Inc. | System and method for multi-currency transactions |
DE19750849C2 (en) * | 1997-11-17 | 1999-11-11 | Deutsche Telekom Ag | Process for securing an electronic wallet against excessive use |
CN1347540A (en) * | 1999-02-18 | 2002-05-01 | 奥比斯专利有限公司 | Credit card system and method |
JP2001043274A (en) * | 1999-08-03 | 2001-02-16 | Fujitsu Ltd | Account settlement system and card |
-
2001
- 2001-02-23 FR FR0102528A patent/FR2821506A1/en active Pending
-
2002
- 2002-02-18 EP EP02704861A patent/EP1362333A1/en not_active Withdrawn
- 2002-02-18 WO PCT/FR2002/000622 patent/WO2002069283A1/en not_active Application Discontinuation
Non-Patent Citations (1)
Title |
---|
See references of WO02069283A1 * |
Also Published As
Publication number | Publication date |
---|---|
FR2821506A1 (en) | 2002-08-30 |
WO2002069283A1 (en) | 2002-09-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR101137137B1 (en) | Mobile account authentication service | |
EP1014317B1 (en) | Secure payment method | |
EP0818763B1 (en) | Method for controlling secure independant transactions, using a unique physical device | |
EP1899950B1 (en) | Method for securing a transaction with a payment card and activation server for implementating the method | |
EP3113099A1 (en) | Payment container, creation method, processing method, devices and programs therefor | |
EP1153376A1 (en) | Telepayment method and system for implementing said method | |
EP1754205A1 (en) | Anonymous and secure internet payment method and mobile devices | |
EP3039628A2 (en) | Method for processing transactional data, corresponding devices and computer programmes | |
EP1164529A1 (en) | System and method for issuing electronic coupons | |
EP1323140B1 (en) | Method for providing identification data of a banking card to a user | |
FR2750273A1 (en) | METHOD FOR RECHARGING VIRTUAL PREPAID CARDS | |
EP1978479A1 (en) | Dynamic cryptogram | |
EP1362333A1 (en) | Method and device for securing a transaction between a shopkeeper and a customer with a payment card | |
FR2819662A1 (en) | PROCESS USING ELECTRONIC PAYMENT CARDS TO SECURE TRANSACTIONS | |
BHATIA | TO STUDY DATA OF E-BANKING OPERATIONS AT KOTAK MAHINDRA BANK | |
CA2325895C (en) | Process for secure payments | |
FR3115625A1 (en) | Card not present transactions with a card verification value chosen by the cardholder | |
EP4099249A1 (en) | Method and device for transmitting an identifier of a user during an electronic payment made by the user | |
EP0831434A1 (en) | Method for blocking a plurality of services by blacklisting them, and associated blocking server, receiving terminal and portable device | |
WO2008084279A1 (en) | Highly secured payment system | |
EP1371036A2 (en) | System and method for replacing identification data on a portable transaction device | |
FR2837952A1 (en) | Micro-payment system for Internet use in which a customer is supplied a virtual purse, a unique identifier and a validating payment key, which are then used to effect online transactions | |
EP1344196A1 (en) | Payment method and system and telecommunication equipment used in said system | |
FR2827724A1 (en) | Remote payment system over telephone line uses verification based on secure module and subscriber telephone number | |
FR2750275A1 (en) | Distributed telematic system management method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20030606 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR |
|
AX | Request for extension of the european patent |
Extension state: AL LT LV MK RO SI |
|
RIN1 | Information on inventor provided before grant (corrected) |
Inventor name: MAGLIULO, PHILIPPE Inventor name: HANNECART, ERIC Inventor name: PETIT, STEPHANE |
|
17Q | First examination report despatched |
Effective date: 20090910 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20100323 |