FR3008525A1 - SECURING AN ELECTRONIC PAYMENT DEVICE - Google Patents

Abstract

The invention relates to a system for securing a component of a terminal. According to the invention, such a system comprises a flexible sheet, said flexible sheet comprising an orifice. This orifice is used to allow the application of a pressure, by a deformable element of pressurization, on a metal contact dome. The flexible web forms a gangue around at least a portion of said deformable pressurizing member.

Description

Securing an electronic payment device. FIELD OF THE DISCLOSURE The field of the invention is that of payment terminals. The present invention relates to the field of electronic payment terminals. More particularly, the present invention relates to a new type of electronic payment device that can be used for purposes other than payment settlement operations. 2. Prior art At present, payment terminals are mainly used to pay for purchases of goods and services at points of sale. These terminals generally include a smart card reader and a magnetic card reader. They also include a screen, in particular to display information, such as transaction amounts, and a keyboard for entering the same amounts as well as confidential codes entered by customers, or a touch screen. The newer terminals are connected to cash registers and / or computers via a communication network. Such connections may be wired, for example Ethernet, or wireless. These connections make it possible, for example, to connect to an authentication server or to a banking server in order to obtain a debit authorization. On the other hand, the payment terminals do not make it possible to take charge of other operations than the payment of purchases. For example, when connected to a cash register, the payment terminal transmits the transaction data made to the cash register (when it is an intelligent cash register). This cash register logs payment transactions (whether it is transactions using the payment terminal, check transactions or cash transactions), but sometimes such a cash register does not work. Fortunately, this does not result in blocking the payment made on the payment terminal, but the logging of payments may be wrong, which may be problematic, for example, for the tax authorities, and unscrupulous traders. may make cash registers ineffective for the sole purpose of defrauding tax administrations, for example, in countries where the tax burden is not easily recognized.

In other contexts, the payment terminal is not connected (physically or by network) to a cash register. In this case, the operation of the cash register is independent of that of the payment terminal. It is therefore not possible to make the link between the sales journal of the cash register and the transactions carried out by the terminal.

There is therefore a need to provide solutions to avoid this type of fraud. To do this, solutions have been developed. They combine, in the form of a terminal, payment functions and cash register functions. However, in this context, the terminal must offer a second display screen. This second display screen must be visible and readable, which is very rarely the case.

In addition, this second display screen must be secured according to PCI standards. In this context, there is a need to secure the data displayed on this screen as well as a technical solution to ensure correct visibility of the information displayed. 3. DISCLOSURE OF THE INVENTION The invention does not have these disadvantages of the prior art. The invention relates more particularly to a system for securing a component of a terminal. According to the invention, such a system is characterized in that it comprises a flexible sheet, said flexible sheet comprising an orifice. This orifice is used to allow the application of a pressure, by a deformable element of pressurization, on a metal dome of contact. The system is further characterized in that the flexible web forms a gangue around at least a portion of said deformable pressurizing member. According to a particular characteristic, said orifice of said flexible sheet is of a diameter smaller than the diameter of said metal contact dome.

According to a particular feature, said flexible sheet comprises at least one printed circuit layer comprising a protective mesh. According to a particular characteristic, said printed circuit layer comprising a protective mesh is in contact with said metal dome.

According to a particular characteristic, said deformable pressurizing element itself undergoes pressure on the part of a component of said terminal. According to another aspect, the invention also relates to a payment terminal comprising at least one system as described above. 4. List of Figures Other features and advantages of the invention will appear more clearly on reading the following description of a particular embodiment, given as a simple illustrative and non-limiting example, and the accompanying drawings, among which: - Figures 1A, 1B and 1C show different perspective views of an electronic payment terminal according to the invention; - Figure 2 shows a sectional view of the electronic payment terminal of Figures 1A to 1C; - Figures 3A, 3B illustrate the assembly of the second display screen so that it is secure. 5. Description of an embodiment of the invention 5.1. General principle The general principle of the invention is to form a system for securing a component of a terminal by using a combination of means, each of these means providing protection to the other, for the final delivered a secure set that is, it is susceptible to intrusion or disassembly attempts. The invention relates more particularly to a system for securing a component of a terminal. According to the invention, such a system is characterized in that it comprises a flexible sheet, said flexible sheet comprising an orifice. This orifice is used to allow the application of a pressure, by a deformable element of pressurization, on a metal dome of contact. The system is further characterized in that the flexible web forms a gangue around at least a portion of said deformable pressurizing member. Thus, a disassembly of the system results in an absence (or decrease) of pressure on the metal dome, which is detected, and which causes the implementation of security measure of the terminal. In addition, an attempt to alter the flexible sheet (so as to avoid disassembling the terminal) leads to the detection of this alteration, and which leads to the implementation of security measure of the terminal. In addition, the orifice of the flexible sheet is of a diameter smaller than the diameter of the metal contact dome. Thus, the flexible sheet covers the entire dome and the dome is not accessible by its periphery. More particularly, the diameter of the orifice is 3 mm, while the diameter of the metal dome is 4 mm. The flexible sheet has at least a width greater than 4 mm (for example 5 mm). In addition, said flexible sheet comprises at least one printed circuit layer comprising a protective mesh. Thus, any attempt to alter the web results in an intrusion detection. The printed circuit layer comprising a protective mesh is in contact with said metal dome. According to a particular characteristic, said pressurizable deformable element itself undergoes pressure from a component of said terminal (for example a support located inside the terminal, or a mounting element thereof). ). Thus, any disassembly of this component leads to the implementation of security measures. 5.2. DESCRIPTION OF AN EMBODIMENT In this embodiment, the component of the terminal to be protected is a second display screen of the terminal. As is explained later, this security system is apparalement implemented so that the second display screen of the terminal delivers a readable and visible information to the user. Indeed, as explained above, the general principle of the terminal is based on the integration, in a payment terminal, cash register functions. This integration is complex since it combines both payment terminal domain requirements (PCI standards) and cash register requirements. Among these requirements, there is that imposing the presence of two screens on the terminal (a screen for the merchant and a screen for the customer). This requirement, for example, aims to protect the customer by allowing him to visualize, as and when the registration of his purchases, that the prices displayed during the registration are consistent with those displayed in the department. In the embodiment described in more detail below with reference to FIGS. 1A, 1B, 1C and 2, such a payment terminal 1 integrates cash register functions, and even substitutes for the accounting and tax functions, at the cash register. In addition, such a terminal 1 incorporates several specific storage modules, namely a transactional storage module 2 (that is to say each transaction is recorded) extractable and a cumulative storage module 3. Such a terminal 1 comprises in particular also a motherboard, a secondary printed circuit, a power supply, a printer allowing in particular to print payment tickets, for each transaction carried out. A printed circuit controls the display on the screens 6 and 9. The transactional storage module 2 (or "EKU Board") plugs into a connector 19. In this embodiment of the invention, such a terminal 1 comprises a secure enclosure in the sense of PCI ("Payment Card Industry") and a secure enclosure according to national regulations in force. These two enclosures are contained within the terminal, which is constructed from an upper half-shell 41 and a lower half-shell 42. The terminal 1 further comprises a keyboard 5 (including the keys necessary for input data), a screen 6 and the means 7 necessary for the use of a means of payment (chip card reader and / or strip card reader and / or contactless reader). The terminal also comprises a bar code read module 8, which is located in the lower half-shell 42. Thus, the terminal 1 can be used in the manner of a conventional bar code reading device. In this embodiment of the invention, such a terminal 1 comprises a second screen 9, called the user screen. This second screen 9 allows the user to follow the registration of the items he buys as and when the entry of these items. It is a sort of information screen for the user. This screen 9 is positioned so that the plane of the screen is substantially parallel to a bar code acquisition axis of the bar code reader 8. Thus, the screen 9 remains visible to the user when the merchant scans the items. The transmission of the data displayed by the screen 9 is also secure, insofar as the flexible screen 9 forms a cage around a pinch roller (in English "puck") on which the screen exerts pressure once the terminal is mounted. According to the invention, the second screen 9 is positioned on the rear face of the terminal, substantially perpendicularly to the first screen 6 of the terminal 1. This feature makes it possible to guarantee optimum visibility of the information displayed on this second screen 9. More particularly, the plane formed by this second screen 9 forms an angle with the plane formed by the first screen 6 between 0 and -90 °, when the plane formed by the first screen 6 is the reference plane.

In a complementary manner, the plane formed by this second screen 9 is substantially parallel to a straight line passing through the center of the bar code reading module 8. Thus, the invention makes it possible to ensure visibility of the information displayed on the second screen in most cases of use of the terminal to scan products using the barcode available within the terminal.

According to the invention, such a terminal is portable. More specifically, such a terminal does not exceed five hundred grams, the width of the terminal at the "5" key of the keyboard does not exceed 7.62 cm, the sum of the height and width of the terminal at the level of the "5" key on the keyboard does not exceed 10.16 cm and the keyboard length is less than 10.16 cm.

Thus, the terminal comprises a second screen, called the user screen. This second screen allows the user to follow the registration of the products he buys as and when entering this article. It is a sort of information screen for the user. The transmission of the data displayed by this second screen is also secure, insofar as the flexible screen forms a cage (gangue) around a puck on which the screen exerts pressure once the terminal mounted. Because of the characteristics of the second display shown above, the terminal is already clearly distinguishable from other terminals that can claim to perform the same or similar functions. However, in order to comply with the payment terminal standards (PCI standards), the second display screen must also be secured in the PCI sense. In general, these standards require: that the display on the screen must not be altered; that it must not be possible to reach the data transmission circuits to the screen, that these data must be secured and that it must be possible to detect the unauthorized opening of the terminal at the level of the 'screen. Such constraints are generally satisfied in what is commonly referred to as a "PCI enclosure", i.e. a certain volume of the terminal in which many security measures are concentrated. On the other hand, for the second display screen, there is no such enclosure. It is however necessary to ensure all the functions imposed by the standards. To do this, as described in connection with FIGS. 3a and 3b, the inventors came up with the idea of making a miniature enclosure that makes it possible to meet the aforementioned requirements by using a secure flexible sheet Si (which comprises a lattice making it possible to detect an attempt access to the signal carried in tracks of the secure web). This web carries the signals that are emitted from a printed circuit board (not shown) to the screen S2 to cause the display of data on the screen. According to the invention, in a first feature, this web is used to form a gangue around a protuberance P1 formed by a screen support S3. In addition, the flexible web Si comprises an orifice 01, which, when the web forms the gangue around the protuberance, is located under a base surface of the screen support. In this hole is inserted a "puck" S4 (it is a stud or a silicone roller, which has the property of being deformable). When the terminal is mounted, this roller S4 exerts pressure on the printed circuit board (not shown). This pressure is exerted more particularly on a metal dome located on the printed circuit board. When pressed, this dome maintains contact on the printed circuit board. This contact, when maintained, ensures that the terminal is not disassembled. Furthermore, when the components of this system are mounted, the secure hose is held in place by the joint action of the orifice, the roller and the base of the screen support. In addition, according to the invention, the metal dome has a diameter greater than that of the orifice. Therefore, it is not possible to consider an extraction of the dome since it is covered by the flexible. In general, the technique described can be applied to any type of connection that must be performed outside a PCI enclosure. Thus, for example, it is possible to adapt the present technique to perform an opening detection at specific locations of a payment terminal or a vending machine. In this general case, the fact that the device is disassembled causes a loss of pressure of the puck on the dome, which therefore passes to the open position. The passage in this open position leads to the implementation of security measures. This technique is interesting when the dome itself is protected by a circuit (which is flexible) which includes an opening whose diameter is smaller than the diameter of the dome. The combination of these features makes it possible to secure in the PCI direction an element that is not present in the PCI enclosure.

Claims (7)

REVENDICATIONS1. A system for securing a component of a terminal, characterized in that it comprises a flexible sheet, said flexible sheet comprising a receiving orifice of a deformable pressurizing element, said system being further characterized as said flexible web forms a gangue around at least a portion of said deformable pressurizing member when said terminal is assembled. 2. Securing system according to claim 1, characterized in that, when said terminal is assembled, said deformable pressurizing element exerts pressure on a metal contact dome, said pressure validating the assembly of said terminal. 3. Securing system according to claim 2, characterized in that said orifice of said flexible sheet is of a diameter smaller than the diameter of said metal contact dome. 4. Securing system according to claim 1, said flexible sheet comprises at least one printed circuit layer comprising a protective mesh. 5. Securing system according to claim 2, characterized in that said flexible sheet comprises at least one printed circuit layer comprising a protective mesh, and in that said at least one printed circuit layer comprising a protective mesh is in contact with said metal dome. 6. Securing system according to claim 1, said deformable pressure element is itself under pressure from a component of said terminal when said terminal is mounted. Payment terminal comprising at least one system according to claim 1.