GB2398159A - Electronic payment authorisation using a mobile communications device - Google Patents

Electronic payment authorisation using a mobile communications device Download PDF

Info

Publication number
GB2398159A
GB2398159A GB0300981A GB0300981A GB2398159A GB 2398159 A GB2398159 A GB 2398159A GB 0300981 A GB0300981 A GB 0300981A GB 0300981 A GB0300981 A GB 0300981A GB 2398159 A GB2398159 A GB 2398159A
Authority
GB
United Kingdom
Prior art keywords
transaction
payment
message
communication device
mobile communication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0300981A
Other versions
GB0300981D0 (en
Inventor
David Glyn Williams
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to GB0300981A priority Critical patent/GB2398159A/en
Publication of GB0300981D0 publication Critical patent/GB0300981D0/en
Publication of GB2398159A publication Critical patent/GB2398159A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3224Transactions dependent on location of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/403Solvency checks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/403Solvency checks
    • G06Q20/4037Remote solvency checks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • G06Q20/425Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation

Abstract

A system for authorising payment for retail transactions by credit cards or the like comprises at least one merchant terminal (1), such as a point of sale terminal or a "cardholder not present" terminal, linked to a card issuer's transaction processing unit (2). An authorisation module (3) linked to the processing unit (2) compares data for a transaction with preset criteria, such as a transaction threshold value or a location of use of the card. Authorisation of the transaction may be suspended as a result of this comparison. A message generation module (4) then produces a notification of the transaction which is sent via a transmitter (5) to a preselected mobile telephone (6), PDA or the like. The mobile telephone (6), etc, is used to send confirmation of the transaction back to the authorisation module (3), which then allows the transaction to be completed. In the absence of such confirmation, the transaction is cancelled.

Description

2398 1 59
ELECTRONIC PAYMENT AUTHORISATION SYSTEM
The present invention relates to a system for authorization of transactions by credit or debit card or the like which reduces or eliminates the incidence of fraud. More particularly, but not exclusively, it relates to such a system with the capability of detecting and preventing fraudulent transactions while they are in progress.
Credit card fraud is an increasingly large problem, and actual fraud or fear of fraud is believed to be a significant hindrance to the growth of Internet commerce.
"Card crime" has developed greatly since it consisted mainly of stealing a physical credit card or the like and trying to make as many purchases as possible before the owner reported it stolen. Nowadays, card details are frequently the criminal's target, rather than the card itself, potentially leaving the cardholder unaware that his or her account is being used fraudulently until the credit limit is exhausted or the next account statement arrives.
For face-to-face transactions, in which a credit card is swiped through a reader, various extra security measures have been introduced, such as holograms, electronic chips as well as magnetic tape to hold card details, and even photographs of the cardholder applied to the card. These all make it more difficult for a criminal to produce a duplicate or "cloned" card which will pass in a conventional retail outlet or the like. However, such measures are of minimal use in transactions in which the retailer and the customer do not physically meet, such as mail order purchases, telephone orders and Internet trading ("e-commerce"). These are generally referred to under the heading of "cardholder not present" transactions.
Internet commerce is perceived to be particularly at risk because of the opportunities for undetectably intercepting card information electronically. The dataset required to authorise a card transaction online is very small, in modern data processing terms, consisting of little more than the card number (say 16 digits). the expiry date, the card user's name and perhaps a few more digits or characters representing a password or PIN (personal identification number). While software has been written with the aim of providing "secure" online commerce sites, many potential customers have little confidence that such software does not have loopholes or cannot be circumvented by "hackers". 'I here are reports of databases of intercepted credit card details being built up and traded between online fraudsters.
For some goods an attempt has been made to filter out fraudulent purchases by means of a cross-check that they are to be delivered to the credit card statement address. However, this could block many genuine purchases. Also, many online purchases involve goods or services which are "delivered" online, such as downloaded software or database access.
Credit card companies have begun to use artificial intelligence software in an attempt to spot "rogue" transactions that do not fit a card user's previous pattern of use. However, to avoid false alarms, several atypical transactions may be required before a card account is suspended, and so a fraudster may well be still able to make a significant profit before being detected. Alternatively, a single atypical transaction may be sufficient to suspend the card account, which will inconvenience the card user just because he had made an unusual purchase.
Many credit card companies are offering accounts guaranteeing that users will not be charged for (proven) fraudulent Internet transactions. However, the converse of such guarantees is that the credit card company frequently compels the online retailer to accept the loss from such transactions, again harming the growth of e-commerce. In practice, as for any form of fraud, the cost will probably ultimately be passed on to the consumer.
While such problems are usually considered with reference to credit cards, they apply equally to debit cards, charge cards and the like, and may potentially also affect the various forms of "electronic cash" that have been proposed to facilitate online trading. In the present application the term "credit card" will be used to include all such other forms of card or electronic cash.
There is hence a need for a system which can be used to authenticate and authorise credit card transactions and the like and which will pick up attempted fraudulent use more rapidly, ideally as it is taking place. The system should not require retailers or customers to invest in elaborate equipment, nor should it involve complex transaction procedures which would sacrifice the speed and convenience of credit card payment. Ideally, it should involve a degree of conscious intervention by the card user, while being sufficiently automated as not to discourage its use.
It is therefore an object of the present invention to provide a system for authorising retail transactions which obviates the above problems and provides the above benefits. It is also an object of the present invention to provide a method for the operation of such a system.
According to a first aspect of the present invention, there is provided a system for authorising payment for retail transactions, comprising means to enter data concerning a transaction into the system, means operatively connected thereto to process the transaction and to authorise payment therefor and completion thereof, means to generate a notification message and transmitter means to send said notification message to a predetermined mobile communication device.
Preferably, the system comprises means to compare preselected elements of data concerning the transaction with predetermined criteria and to control the operation of the system depending on an outcome of said comparison.
Advantageously, the system comprises means to receive messages lrom said predetermined mobile communication device.
The system may then be adapted to suspend authorization of said payment in response to a preselected outcome of said comparison until a message is received from the predetermined mobile communication device confirming the transaction.
The system may be adapted to cancel the transaction should no said confirmatory message be received within a predetermined period of time following transmission of said notification message.
The notification message may comprise data to be included in said confirmatory message for authentication purposes.
The system may comprise means to identify a mobile communication device transmitting a confirmatory message thereto, in order to confirm that it is said predetermined mobile communication device.
Preferably, the system is so adapted that each authorised user thereof may individually select said criteria for comparison prior to carrying out any transaction.
Advantageously, the system is so adapted that each authorised user may select the predetermined mobile communication device to be used in conjunction with his or her transactions.
Preferably, said messages are Short Message System (SMS) or text messages.
The mobile communication device may then comprise a mobile telephone device capable of receiving and transmitting SMS messages.
Alternatively, the mobile communication device may comprise a portable computing means capable of receiving and transmitting SMS messages.
The predetermined criteria for comparison preferably comprise a preselected threshold value for a transaction.
The system may then suspend transactions having a value greater than or equal to said threshold, until receipt of said confirmatory message.
The system is preferably adapted to process transactions using credit card means, debit card means, charge card means or the like.
The transaction processing means may then comprise existing transaction processing computer means, and the data entry means may then comprise existing card terminal means.
According to a second aspect of the present invention, a method for authorising payment for retail transactions comprises the steps of providing a system as described above and, providing a system as described above, entering data concerning a transaction into the system, generating a notification message and transmitting said notification message to a predetermined mobile communication device.
Preferably, the method comprises the additional step of comparing preselected elements of the data concerning the transaction with predetermined criteria.
Advantageously, the method further comprises the steps of suspending authorization of payment for the transaction until a message confirming the transaction has been received from the predetermined mobile communication device in response to said notification message.
Said suspension may be performed in response to predetermined outcomes of said comparison step.
Optionally, the transaction is cancelled if no said confirmatory transmission of said notification message.
The method may comprise the steps of generating reference data for the transaction, including said reference data in the notification message and using its presence or absence in a purported confirmatory message to authenticate said confirmatory message.
The method may comprise the step ol identifying the mobile communication device transmitting a purported confirmatory message and checking whether it is the predetermined mobile communication device to authenticate said confirmatory message.
The messages may be SMS text messages and the mobile communication device may be a mobile telephone device or a portable computing means capable of transmitting and receiving SMS messages.
Said predetermined criteria may comprise a threshold value for a transaction and said suspension step may then be performed in response to a transaction with a value greater than or equal to said threshold value.
The method is preferably employed to handle credit card, debit card, charge card or electronic cash transactions, or the like.
An embodiment of the present invention will now be more particularly described by way of example and with reference to the accompanying drawings, in which: Figure 1 is a schematic representation of a transaction authorization system embodying the present invention.
Referring now to the Figure, a transaction authorization system for electronic payments by credit or debit card or the like comprises a plurality of merchant terminals 1, each linked to a card issuer's central transaction processing unit 2.
The merchant terminals I may be conventional point-of-sale (PoS) "card swipe" terminals, or data entry terminals as conventionally used for "cardholder not present" (CNP) transactions, such as telephone, mail order or Internet transactions. The present invention has its main application in mediating COP transactions, but is also useful during face- to-face transactions.
The transaction processing unit 2 has all the conventional functions associated with electronic transaction authorization; for example, it checks each transaction against the remaining credit limit recorded for the card account in question, and rejects any transaction which has a value exceeding the remaining credit. It also checks the card being used against a "stop list" of cards which have been reported stolen or which have been cancelled for other reasons.
However, the transaction processing unit 2 of the present invention has an additional authorisation module 3, which may comprise a separate hardware unit or a software module running on the transaction processing unit 2.
The authorisation module 3 compares the value of a transaction with a preselected authorisation threshold. (The procedure for selecting this threshold is described below). The system operates differently depending on whether or not the transaction value falls below the authorisation threshold.
For a transaction below the authorisation threshold, if all else is in order, the authorisation module 3 instructs the transaction processing unit 2 to authorise the transaction and the transaction processing unit transmits an authorising signal to the merchant terminal I as at present.
However, the authorisation module 3 is also linked to a message generation module 4 which is capable of generating messages for transmission by SMS (Short Message System), alias "text messages". The message generation module 4 produces a SMS message identifying the card account, the transaction data and time, the merchant and the transaction value, and giving a unique transaction reference.
This SMS message is sent via an SMS capable transmitter/receiver 5 to a mobile communication device 6 previously nominated for the card account in question. Most frequently, the mobile device 6 will be a text-capable mobile phone, although other electronic devices such as portable digital assistants (PDAs) and the like are also capable of receiving and sending SMS messages.
The account holder responsible for the card account being used reads the SMS message displayed on a screen 7 of his (or her) mobile device 6. If it corresponds to a transaction of which he is aware, he need take no action and may delete the message. However, if the transaction is being made with a stolen card, or using card details illicitly acquired (e.g. from stolen statements or previously intercepted via the Internet), the account holder will immediate be made aware that his account is being abused. He can then contact the card issuer, preferably using his mobile device 6, to query the transaction and if necessary suspend or cancel the card account being abused. If this is done soon enough, the card issuer may be able to contact the merchant in question to suspend fulfilment of the transaction (e.g. for mail order despatch). In any case, the abuser should, hopefully, only be able to carry out a single low-value transaction before being detected.
For a transaction with a value equal to or greater than the authorization threshold, the authorization module 3 instructs the transaction processing unit 2 to suspend authorization of the transaction. The authorization module 3 instructs the message generation module 4 to generate an SMS message containing the information described above, which is sent via the SMS transmitter/receiver 5 to the account holder's nominated mobile device 6.
The account holder reads the SMS message on his screen 7, and if it corresponds to a transaction of which he is aware, he sends a return SMS message back to the SMS transmitter/receiver 5, using his mobile device 6. This return SMS message comprises the unique transaction reference and optionally a PIN (personal identification number) for added security. The SMS transmitter/receiver 5 has a CLID (caller line identification) capability to confirm that the return SMS message has originated from the nominated mobile device 6.
If an appropriate return SMS message is received within a predetermined period of time, the authorisation module 3 instructs the transaction processing unit 2 to authorise the transaction as normal. However, if no such SMS message is received within this time, the transaction is not authorised, and the card in question is suspended.
Meanwhile, as for lower value transactions, the account holder will immediately be made aware that his account is being abused, and can contact the card issuer to make appropriate enquiries. For transactions above the authorization threshold, the transaction has already been cancelled and the card has already been suspended even before the account holder has contacted the card issuer, so the abuser cannot make a single high-value fraudulent transaction before being detected.
Additional security protocols can be put in place, for example to cover situations where the card use has been genuine, but the account holder has been too slow in authorising the transaction (e.g. mobile device not immediately to hand no credit or having dead batteries).
These protocols can be similar to the procedure for establishing the authorization threshold in the first place.
To set up an electronic payment card account or the like for use with the above system, the account holder signs an agreement with the card issuer as normal, and the card issuer assigns a credit limit/spending limit/etc to the card account, according to standard procedures.
The card issuer then supplies the account holder with a user name and password which he employs, via telephone or the Internet, to access and control the account. The account holder may set a pseudonym for the account, which the system will then use in the above SMS messages to identify the account in place of the full account number. The account holder nominates a particular mobile device 6 number for use with the account, and the system generates an SMS message which is sent to that mobile device 6, containing an authorization number or code. The account holder confirms reception of this number or code by the correct mobile device, either by telephone or via the Internet, and the card issuer authenticates the nominated mobile device 6 for use with the account as described. The account holder may also select an authorization threshold for the account, or may accept a default value preset by the card issuer.
Depending on the level of security required, the account holder may reuse his username and password to amend the authorization threshold, mobile device number or other account details, or he may be required to restart the procedure from the beginning.
The system described could also be operated in a simpler form, albeit at the expense of slightly lowered convenience of use or degree of security. For example, all transactions could require SMS authorization, the equivalent of a zero authorization threshold. However, this would probably be inconvenient for routine minor transactions, such as face-to- face shop purchases. Alternatively, a system in which all transactions were notified by SMS message, but no authorization was required at any value, would be simpler to operate, but runs the risk of a single high- value fraudulent transaction being completed before the account holder can have the account frozen. In all forms of the system, it may be convenient to set a second, lower reporting threshold (say ú10), below which value no SMS notification need be sent.
Again, this represents a trade-off of convenience and security.
As well as thresholds based on transaction value, it is also envisaged that other criteria could be used. For example, all CUP transactions, or all Internet transactions, could require the account holder's authorization by SMS message. Alternatively, the account holder might be able to choose to apply the entire system only to CNP or Internet transactions. Other criteria, set by either the card issuer or the account holder, could be based on the location of the merchant- for example, transactions with merchants outside the account holder's home country could all require SMS authorization, or different value thresholds could be set for different merchant locations. In each case, the common element is that selected transactions are reported to the account holder by an instant message service independent of the means by which the transaction itself is being arranged.
It is even possible that dedicated mobile devices could be produced specifically for the system described, though many users would probably prefer the convenience of using their existing mobile phone or PDA.

Claims (21)

1. A system for authorising payment for retail transactions comprising means to enter data concerning a transaction into the system means operatively connected thereto to process the transaction and to authorise payment therefore and completion thereof, means to generate a notification message and transmitter means to send said notification message to a predetermined mobile communication device.
2. A payment authorization system as claimed in claim 1, comprising means to receive messages from said predetermined mobile communication device.
3. A payment authorization system as claimed in either claim I or claim 2, comprising means to compare preselected elements of data concerning the transaction with predetermined criteria such as a threshold value or a location for the transaction and to control the operation of the system depending on an outcome of said comparison.
4. A payment authorisation system as claimed in claim 37 in which the system is adapted to suspend authorization of said payment in response to a preselected outcome of said comparison until a message is received from the predetermined mobile communication device confirming the transaction.
5. A payment authorization system as claimed in claim 47 in which the system is adapted to cancel the transaction should no said confirmatory message be received within a predetermined period of time following, transmission of said notification message.
6. A payment authorization system as claimed in either claim 4 or claim 5, in which the notification message comprises data to be included in said confirmatory message for authentication purposes.
7. A payment authorization system as claimed in any one ol claims 4 to 6, comprising means to identify a mobile communication device transmitting a confirmatory message thereto, in order to confirm that it is said predetermined mobile communication device.
8. A payment authorization system as claimed in claim 3, so adapted that each authorised user thereof may individually select said criteria for comparison prior to carrying out any transaction.
9. A payment authorization system as claimed in any one of the preceding claims, so adapted that each authorised user may select the predetermined mobile communication device to be used in conjunction with his or her transactions.
l O. A payment authorisation system as claimed in any one of the preceding claims, in which said messages are Short Message System (SMS) or text messages and the mobile communication device comprises a mobile telephone device or portable computing means capable of receiving and transmitting SMS messages.
l]. A payment authorization system substantially as described herein with reference to the ligure of the accompanying drawings.
12. A method for authorising payment for retail transactions comprising the steps of providing a system as claimed in any one of the preceding claims, entering data concerning a transaction into the system, generating a notification message and transmitting said notification message to a predetermined mobile communication device.
13. A payment authorisation method as claimed in claim 12? comprising the step of suspending authorisation ol payment for the transaction until a message confirming the transaction has been received from the predetermined mobile communication device in response to said notification message.
14. A payment authorisation method as claimed in either claim 12 or claim 13, comprising the additional step of comparing preselected elements of the data concerning the transaction with predetermined criteria.
15. A payment authorization method as claimed in claim 14, in which said suspension is performed in response to predetermined outcomes of said comparison step.
16. A payment authorization method as claimed in claim 15, wherein said predetermined criteria comprise a threshold value for a transaction and said suspension step is performed in response to a transaction with a value greater than or equal to said threshold value.
17. A payment authorization method as claimed in any one of claims 13 to 16, in which the transaction is cancelled if no said confirmatory transmission is received in response to said notification message.
18. A payment authorisation method as claimed in any one of claims 13 to 17, comprising the steps of generating reference data for the transaction, including said reference data in the notification message and using its presence or absence in a purported confirmatory message to authenticate said confirmatory message.
] 9. A payment authorisation method as claimed in any one of claims 13 to 18, comprising the step of identifying the mobile communication device transmitting a purported confirmatory message and checking whether it is the predetermined mobile communication device to authenticate said confirmatory message.
20. A payment authorization method as claimed in any one oi claims 12 to 19, in which the messages are SMS text messages and the mobile communication device is a mobile telephone device or a portable computing means capable of transmitting and receiving SMS messages.
21. A payment authorization method substantially as described herein with reference to the Figure of the accompanying drawings.
GB0300981A 2003-01-16 2003-01-16 Electronic payment authorisation using a mobile communications device Withdrawn GB2398159A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB0300981A GB2398159A (en) 2003-01-16 2003-01-16 Electronic payment authorisation using a mobile communications device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0300981A GB2398159A (en) 2003-01-16 2003-01-16 Electronic payment authorisation using a mobile communications device

Publications (2)

Publication Number Publication Date
GB0300981D0 GB0300981D0 (en) 2003-02-19
GB2398159A true GB2398159A (en) 2004-08-11

Family

ID=9951253

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0300981A Withdrawn GB2398159A (en) 2003-01-16 2003-01-16 Electronic payment authorisation using a mobile communications device

Country Status (1)

Country Link
GB (1) GB2398159A (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006024080A1 (en) * 2004-08-31 2006-03-09 Markets-Alert Pty Ltd A security system
WO2007067351A1 (en) * 2005-12-06 2007-06-14 Boncle, Inc. Extended electronic wallet management
WO2008015637A2 (en) * 2006-08-02 2008-02-07 Firstrand Bank Limited Mobile payment method and system
WO2008014554A1 (en) * 2006-08-01 2008-02-07 Qpay Holdings Limited Transaction authorisation system & method
AU2005279689B2 (en) * 2004-08-31 2008-04-10 Markets-Alert Pty Ltd A security system
NL2001309C2 (en) * 2008-02-22 2009-08-25 West 6 B V Method for securing electronic cash transaction between point-of-sale terminal and payment server of communications system, involves sending confirmation message to communication device associated with bank account over connection
GB2475301A (en) * 2009-11-13 2011-05-18 Secure Electrans Ltd Payment Authentication System and Processing Method
WO2012028987A1 (en) * 2010-08-31 2012-03-08 Sean Kaplan A method of authorising a transaction
GB2490045A (en) * 2012-03-21 2012-10-17 Arctran Security Systems Ltd A computerised authorisation system and method
US8407112B2 (en) 2007-08-01 2013-03-26 Qpay Holdings Limited Transaction authorisation system and method
EP2587434A1 (en) * 2011-10-31 2013-05-01 Money and Data Protection Lizenz GmbH & Co. KG Authentication method
WO2013064493A1 (en) 2011-10-31 2013-05-10 Money And Data Protection Lizenz Gmbh & Co. Kg Authentication method
GB2501267A (en) * 2012-04-17 2013-10-23 Bango Net Ltd A method of enabling a user of a communications capable device to make a payment via a mobile operator billing system
EP3142054A1 (en) * 2015-09-11 2017-03-15 Ingenico Group Data transmission method with corresponding devices and computer programs
US11551215B2 (en) 2007-05-04 2023-01-10 Michael Sasha John Fraud deterrence for secure transactions
WO2023040531A1 (en) * 2021-09-16 2023-03-23 深圳市富途网络科技有限公司 Account authorization method and apparatus, device, storage medium, and computer program product

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5878337A (en) * 1996-08-08 1999-03-02 Joao; Raymond Anthony Transaction security apparatus and method
WO1999014711A2 (en) * 1997-09-17 1999-03-25 Andrasev Akos Method for checking rightful use of a debit card or similar means giving right of disposing of a bank account
EP0745961B1 (en) * 1995-05-31 2001-11-21 AT&T Corp. Transaction authorization and alert system
GB2366966A (en) * 2000-09-07 2002-03-20 Swivel Technologies Ltd Verifying the identity of a device or user in an electronic communications environment
GB2367171A (en) * 2000-04-25 2002-03-27 Nec Corp Card approval method, settlement system and apparatus therfor.
GB2372368A (en) * 2001-02-20 2002-08-21 Hewlett Packard Co System for credential authorisation
WO2002082387A1 (en) * 2001-04-04 2002-10-17 Microcell I5 Inc. Method and system for effecting an electronic transaction

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0745961B1 (en) * 1995-05-31 2001-11-21 AT&T Corp. Transaction authorization and alert system
US5878337A (en) * 1996-08-08 1999-03-02 Joao; Raymond Anthony Transaction security apparatus and method
WO1999014711A2 (en) * 1997-09-17 1999-03-25 Andrasev Akos Method for checking rightful use of a debit card or similar means giving right of disposing of a bank account
GB2367171A (en) * 2000-04-25 2002-03-27 Nec Corp Card approval method, settlement system and apparatus therfor.
GB2366966A (en) * 2000-09-07 2002-03-20 Swivel Technologies Ltd Verifying the identity of a device or user in an electronic communications environment
GB2372368A (en) * 2001-02-20 2002-08-21 Hewlett Packard Co System for credential authorisation
WO2002082387A1 (en) * 2001-04-04 2002-10-17 Microcell I5 Inc. Method and system for effecting an electronic transaction

Cited By (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006024080A1 (en) * 2004-08-31 2006-03-09 Markets-Alert Pty Ltd A security system
AU2005279689B2 (en) * 2004-08-31 2008-04-10 Markets-Alert Pty Ltd A security system
WO2007067351A1 (en) * 2005-12-06 2007-06-14 Boncle, Inc. Extended electronic wallet management
WO2008014554A1 (en) * 2006-08-01 2008-02-07 Qpay Holdings Limited Transaction authorisation system & method
WO2008015637A2 (en) * 2006-08-02 2008-02-07 Firstrand Bank Limited Mobile payment method and system
WO2008015637A3 (en) * 2006-08-02 2008-07-03 Firstrand Bank Ltd Mobile payment method and system
US11551215B2 (en) 2007-05-04 2023-01-10 Michael Sasha John Fraud deterrence for secure transactions
US11625717B1 (en) 2007-05-04 2023-04-11 Michael Sasha John Fraud deterrence for secure transactions
US11907946B2 (en) 2007-05-04 2024-02-20 Michael Sasha John Fraud deterrence for secure transactions
US8407112B2 (en) 2007-08-01 2013-03-26 Qpay Holdings Limited Transaction authorisation system and method
NL2001309C2 (en) * 2008-02-22 2009-08-25 West 6 B V Method for securing electronic cash transaction between point-of-sale terminal and payment server of communications system, involves sending confirmation message to communication device associated with bank account over connection
GB2475301A (en) * 2009-11-13 2011-05-18 Secure Electrans Ltd Payment Authentication System and Processing Method
WO2012028987A1 (en) * 2010-08-31 2012-03-08 Sean Kaplan A method of authorising a transaction
WO2013064493A1 (en) 2011-10-31 2013-05-10 Money And Data Protection Lizenz Gmbh & Co. Kg Authentication method
EP2587434A1 (en) * 2011-10-31 2013-05-01 Money and Data Protection Lizenz GmbH & Co. KG Authentication method
EP4333554A2 (en) 2011-10-31 2024-03-06 CosmoKey Solutions GmbH & Co. KG Authentication method
US9246903B2 (en) 2011-10-31 2016-01-26 Money And Data Protection Lizenz Gmbh & Co. Kg Authentication method
WO2013139710A1 (en) 2012-03-21 2013-09-26 Arctran Security Systems Ltd A computerized authorization system and method
US11223610B2 (en) 2012-03-21 2022-01-11 Arctran Holdings Inc. Computerized authorization system and method
US8719907B2 (en) 2012-03-21 2014-05-06 Gary Martin SHANNON Computerized authorization system and method
GB2490045B (en) * 2012-03-21 2013-04-03 Arctran Security Systems Ltd A computerized authorization system and method
GB2490045A (en) * 2012-03-21 2012-10-17 Arctran Security Systems Ltd A computerised authorisation system and method
US9264880B2 (en) 2012-04-17 2016-02-16 Bango.Net Limited Payment authentication systems
GB2501267B (en) * 2012-04-17 2016-10-26 Bango Net Ltd Payment authentication systems
GB2501267A (en) * 2012-04-17 2013-10-23 Bango Net Ltd A method of enabling a user of a communications capable device to make a payment via a mobile operator billing system
EP3142054A1 (en) * 2015-09-11 2017-03-15 Ingenico Group Data transmission method with corresponding devices and computer programs
FR3041132A1 (en) * 2015-09-11 2017-03-17 Ingenico Group METHOD FOR TRANSMITTING CORRESPONDING DATA, DEVICES AND COMPUTER PROGRAMS
US10929825B2 (en) 2015-09-11 2021-02-23 Ingenico Group Method for transmitting data, corresponding devices and computer programs
WO2023040531A1 (en) * 2021-09-16 2023-03-23 深圳市富途网络科技有限公司 Account authorization method and apparatus, device, storage medium, and computer program product

Also Published As

Publication number Publication date
GB0300981D0 (en) 2003-02-19

Similar Documents

Publication Publication Date Title
US10163100B2 (en) Location based authentication
US10395251B2 (en) Remotely generated behavioral profile for storage and use on mobile device
US6612488B2 (en) Method and system to prevent fraudulent payment in credit/debit card transactions, and terminals therefor
CN103765861B (en) The payment of mobile device selects and authorizes
US5591949A (en) Automatic portable account controller for remotely arranging for payment of debt to a vendor
KR100731905B1 (en) Payment apparatus and method
US7761381B1 (en) Method and system for approving of financial transactions
US6947727B1 (en) Method and system for authentication of a service request
US8645280B2 (en) Electronic credit card with fraud protection
US20040248554A1 (en) Method of paying from an account by a customer having a mobile user terminal, and a customer authenticating network
US20070094113A1 (en) Transactional mobile system
US20030061163A1 (en) Method and apparatus for verification/authorization by credit or debit card owner of use of card concurrently with merchant transaction
US20060253389A1 (en) Method and system for securing card payment transactions using a mobile communication device
US20020059146A1 (en) Systems and methods for identity verification for secure transactions
MXPA04009725A (en) System and method for secure credit and debit card transactions.
JP2007521556A (en) Method of authorizing payment order by credit card and related devices
GB2398159A (en) Electronic payment authorisation using a mobile communications device
WO2001052205A1 (en) A processing method and apparatus
KR20000049788A (en) Personal ID automatic delivery and security by telecommunication system
US20180018672A1 (en) Method and system to prevent fraud in payment sytems transitioning to mobile payment and chip cards
EP4282128A1 (en) Mobile user authentication system and method
JP2003337917A (en) Personal identification system by mobile terminal
US20210133753A1 (en) Method and system to prevent fraud in payment systems transitioning to mobile payment and chip cards
WO2002059849A1 (en) Method and system for preventing credit card fraud
CA2263777A1 (en) Systems and methods of paying for commercial transactions

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)