JP2006323659A - Management system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To rapidly notify that withdrawal operation by an illegal user is performed, with high accuracy. <P>SOLUTION: In an ATM, in time of withdrawal operation, a user is made to input a four or five-digit number secret code. Precedingly inputted four digits are set as a PIN value, and residual one digit is transmitted to a financial institution system as a UID value. When the financial institution system receives data storing the PIN value and the UID value from the ATM, the financial institution system decides whether the UID value accords with an abnormality-detecting secret code or not (S750), and outputs abnormality detection data when the UID value does not accord with the abnormality-detecting secret code (S755). An abnormality processing part receiving the abnormality detection data notifies a previously registered mail address destination or telephone number destination about abnormality when the abnormality detection data are inputted. When the PIN value accords with a secret code for procedure regardless of presence/absence of the output of the abnormality detection data, money payment is permitted to make the ATM output money to a reception port. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a management system for managing accounts.

  As is well known, as a method of obtaining cash by withdrawing money from an account, a cash card is inserted into a card reader provided in an automatic teller machine (hereinafter referred to as “ATM”), and then requested by ATM. There is a method of obtaining money paid from an ATM by inputting the personal identification code into the ATM through an input device provided in the ATM. Since these techniques are widely known techniques, prior art documents are not disclosed in this specification.

  However, in the conventional method of withdrawing money using a cash card using ATM, the account holder can easily remember the password based on his / her birthday, etc., if he / she forgets the password (password). There is a tendency to set the same password for a plurality of cash cards. This has caused the malicious code to easily know the password, and has caused damage that is illegally withdrawn.

  In recent years, there has been no constant damage caused by fraudulent withdrawal of money due to skimming, etc., so the financial institution sets an upper limit for money that can be traded at once, or multiple times of money is withdrawn in a short period of time. In such a case, the account holder is contacted to prevent the damage from spreading.

  However, the method of contacting the account holder when it is withdrawn multiple times in a short period of time takes time until contact is made, so there is a sufficient effect in suppressing damage. I couldn't.

  In addition, there is no conventional method to focus on the action even if an unauthorized withdrawal operation is performed, so even if there is video data taken around the ATM with a surveillance camera, an unauthorized user is identified. In some cases, sufficient information could not be obtained. In addition, since there is a huge amount of video data recorded by the surveillance camera, there has been a problem that it takes a lot of labor to identify the video on which the unauthorized user is projected from the video data.

  The present invention has been made in view of these problems, so that it is possible to more accurately and promptly notify that a fraudulent user has performed a withdrawal operation, thereby preventing unauthorized money withdrawal damage. The purpose is to suppress. Further, it is an object of the present invention to suppress the above-described damage by providing a technique capable of focusing on the video of the actor when an abnormal drawer operation is performed. It is another object of the present invention to provide a system that can reduce the labor required when identifying an image displayed by an unauthorized user from image data.

  The management system according to claim 1, which has been made to achieve such an object, includes, for each account, account information storage means for storing first and second personal identification codes, and account identification information presented by a user. Card reading means for reading account identification information from a carried card, PIN code acquiring means for acquiring a PIN code from the user who presented the card through an input device operable by the user, and reading by the card reading means Reading means for reading out the first and second personal identification codes of the corresponding account from the account information storage means based on the identification information of the account, and further, the withdrawal permission judgment means described below and the abnormality presence / absence judgment means And an abnormality notification means and a drawer processing means.

  Based on the first password read by the reading means and the password acquired by the password acquisition means, the withdrawal permission determination means is based on the account corresponding to the account identification information read by the card reading means. And determining whether or not to allow the withdrawal of the money, the abnormality presence / absence determining means is based on the second password code read by the reading means and the password code acquired by the password code acquiring means. Determine whether there is an abnormality in the input operation. The abnormality notifying means notifies the abnormality to the outside when it is determined that there is an abnormality by the abnormality presence / absence determining means.

  On the other hand, the withdrawal processing means executes a process of withdrawing money from the corresponding account when the withdrawal permission judgment means determines that money withdrawal is permitted regardless of the determination result of the abnormality presence / absence judgment means.

  In the management system of the present invention, the password entered from the user is compared with a plurality of passwords (first and second passwords) in this manner, and money withdrawal from the account is permitted / prohibited. And the determination of whether there is an abnormality are made independently. For this reason, according to the management system of the present invention, an operation is performed in which an abnormality is not detected for an input operation of a legitimate user, an abnormality is detected for an input operation of an unauthorized user, and this is notified. Can be performed with higher accuracy and speed than the conventional system.

  For example, the personal identification code acquisition means prompts the user to input the first personal identification code and obtains the personal identification code entered by the user. If a code that is easy for an unauthorized user to input is set and the password entered by the user matches the second password registered in the account information storage means, it is determined that there is an abnormality. If the system is configured as described above, it is possible to quickly detect an unauthorized pull-out operation and to promptly notify this without detecting an abnormality in the operation of a legitimate user (such as an input error).

  Therefore, according to the present invention, it is possible to more easily cause anxiety that an unauthorized operation may be reported to an account holder, a monitoring system, or the like for a malicious person. Can be dealt with immediately, and as a result, unauthorized withdrawal damage can be suppressed.

  In the above, an example is shown in which an abnormality is detected when the password entered by the user matches the second password, but the first and second passwords are detected by the password acquisition means. If the user is requested to enter the code and the password entered by the user is obtained, and the entered second password does not match the registered second password, an error will occur. Even if the system is configured so as to determine that it is present, the above-described effects are exhibited.

  The management system according to claim 2, on the premise that a password consisting of the first and second passwords is input from the input device, the withdrawal permission judging means is configured in advance in the password code acquired by the password code acquiring means. The portion corresponding to the determined first password is compared with the first password read by the reading means, and the portion corresponding to the first password is read by the reading means. If the first password is coincident, it is determined that the withdrawal of money is permitted, and the portion corresponding to the first password is not matched with the first password read by the reading means. In the case, it is configured to determine that the withdrawal of money is not permitted, and the abnormality presence / absence determination unit is configured to determine the first predetermined code in the password code acquired by the password code acquisition unit. A portion corresponding to the second password code different from the portion corresponding to the password code is collated with the second password code read by the reading means, and the portion corresponding to the second password code is read. If the second password read by the means matches, it is determined that there is no abnormality, the part corresponding to the second password is read, and the second password read by the reading means Is not matched, it is determined that there is an abnormality.

  In the management system configured in this way, even if the second PIN code is entered incorrectly, money can be withdrawn from the account, so account holders tend to forget the second PIN code. Even if is set, there is no particular problem as long as the abnormality notification is not exaggerated.

  Therefore, according to the present invention, a password that is easily recalled by a malicious person can weaken the tendency to be set by the account holder, and the first secret code is identified by the malicious person and illegally retrieved. However, even if it becomes possible, the second personal identification code does not have to be specified by a malicious person. Therefore, if an abnormality is detected on the basis of the second password, if the first password is known to a malicious person, it will be abnormal under conditions such as multiple pull-out operations in a short period of time. It is possible to detect and notify an unauthorized operation with higher accuracy and speed than in the case of detecting. As a result, according to the present invention, when an unauthorized operation is performed, it is possible to quickly find an unauthorized operation by inquiring to the account holder, etc., and to deal with it quickly. Can be suppressed.

  In addition, according to the present invention, there is a case in which a process for withdrawing money is executed even when the second password is not correctly input (when the first password is correctly input). If a wrong code is entered, the abnormality can be notified to the account holder, the monitoring system, etc. without being known to the malicious person. And about this, since it is possible to have anxiety for a malicious person, it is possible to suppress the occurrence of unauthorized pullout damage multiple times.

  In order to introduce this system, it is necessary to replace the ATM with an ATM that can input the second personal identification code. Therefore, it is possible to withdraw money using the old ATM in the introduction process. There is a need to. However, in this case, since a malicious person may try to escape the abnormality notification using the old ATM, the management system may be configured as described in claim 3.

  The management system according to claim 3 is configured such that the abnormality presence / absence determining unit determines that there is an abnormality when a symbol corresponding to the second code is not written in the code acquired by the code acquisition unit. It has been made.

  According to the management system configured as described above, since the abnormality is notified when the second personal identification code is not input, even when a malicious person withdraws money using the old ATM, Abnormalities can be reported to account holders and the like. In addition, what is necessary is just to comprise the above-mentioned management system as described in Claim 4, when comprising a system so that abnormality may be alert | reported to an account holder.

  The management system according to claim 4 includes notification destination information storage means for storing notification destination information indicating an abnormality notification destination for each account, and the abnormality notification means is determined to be abnormal by the abnormality presence determination means. Then, referring to the notification destination information of the account corresponding to the account identification information read by the card reading means stored in the notification destination information storage means, the abnormality is notified toward the notification destination indicated by the notification destination information. It is configured to output data for the purpose.

If the above-described management system is configured in this way, it is possible to automatically notify each account holder of an abnormality without using an operator, which is very convenient.
The notification can be performed in the form of an electronic mail. In this case, information indicating a mail address is stored in the notification destination information storage unit as the notification destination information, and the abnormality notification unit is provided. What is necessary is just to comprise like this.

  The abnormality notifying means in the management system according to claim 5 is configured to output an e-mail storing character data for notifying an abnormality to the mail address indicated by the notification destination information, through the e-mail Inform the user of the abnormality. In recent years, since many people have portable terminals that can receive e-mail, if the user is informed of the abnormality via e-mail, the user (account holder) can be notified of the abnormality quickly. .

  In addition, the notification may be performed through a telephone device. In this case, information indicating a telephone number is stored in the notification destination information storage unit as the notification destination information, and the abnormality notification unit is defined as in claim 6. What is necessary is just to comprise.

  The abnormality notification means in the management system according to claim 6 establishes a connection with the telephone device corresponding to the telephone number indicated by the notification destination information, outputs voice data for notifying the abnormality to the telephone device, The apparatus is configured to notify the user of the apparatus of the abnormality. In recent years, since many people have mobile phone devices, if the user is informed of the abnormality through the telephone device, the user (account holder) can be notified of the abnormality quickly.

In addition, when an abnormality is detected, it is useful to identify a criminal if a person who operates the input device to which the password code causing the abnormality is input is photographed with priority.
The management system according to claim 7 has an operation mode for a normal time and an operation mode for an abnormal time, and images surrounding the input device are captured by a method different for each operation mode, and video data indicating the captured content When receiving the notification of abnormality, the video recording means is operated in the operation mode for the abnormal time for a predetermined period, and the video recording means is operated during the period other than the predetermined period. Mode control means for operating in the operation mode for use, and the abnormality notification means is configured to notify the mode control means of an abnormality when the abnormality determination means determines that there is an abnormality. It is.

  According to this management system, when an abnormal drawer operation is performed, the video recording unit can be shifted to the operation mode at the time of an abnormality, and the video recording unit focuses on shooting and recording an on-site video. can do.

  For example, in order to reduce the amount of video data to be recorded, when the video recording means is configured to record video data in the low image quality mode in the normal operation mode, only in the abnormal operation mode. By configuring the video recording means so as to record the video data in the image quality mode, it is possible to focus on the on-site video and record it.

  In addition, when the video recording means is configured so that a plurality of input devices (ATMs) are captured in a frame in the normal operation mode, the zoom function is used only in the abnormal operation mode. By constructing the video recording means so as to magnify a specific input device (ATM) and record this video data, it is possible to focus and shoot the video on the spot.

  In the normal operation mode, when the video recording unit is configured so that a plurality of input devices (ATM) are sequentially photographed using a rotary camera, only in the abnormal operation mode, By stopping the rotation and photographing only a specific input device (ATM) and recording this video data, the video recording means can be configured to focus on shooting and recording the video in the field. it can.

  Therefore, according to this management system, it is possible to have a consciousness of being monitored by a malicious person and to prevent the person from performing unauthorized operations. Therefore, according to the present invention, it is possible to suppress unauthorized withdrawal damage due to skimming or the like.

  In addition, in a system that constantly monitors ATMs or the like, the amount of video data generated by a surveillance camera is enormous, so even if damage due to skimming or the like occurs, an image showing an unauthorized user is identified from the video data. However, it takes a lot of effort. Therefore, the above management system may be configured as described in claim 8.

  The management system according to claim 8 is a video recording means for shooting the periphery of the input device and recording video data indicating the shooting content, and a video indicating the shooting content at the time when the notification is received when receiving a notification of abnormality. Marking means for marking a portion of data, and the abnormality notifying means is configured to notify the marking means of an abnormality when the abnormality determining means determines that there is an abnormality.

  According to this management system, marking (such as marking for cueing) is performed on the video data indicating the shooting content at the time when the abnormality is detected, so that the video data can be investigated efficiently and illegal from the video data. The user's effort to identify the projected image can be reduced compared to the conventional case.

  Even if the video data is not marked, the same effect as the above-described invention can be obtained if the execution history of the notification operation by the abnormality notification means is stored. According to a ninth aspect of the present invention, there is provided a management system comprising: a history recording unit that records an execution history of the notification operation by the abnormality notification unit.

  According to the present invention, by referring to the execution history, a person who investigates a portion of necessary video data can easily grasp the video data, and the video data can be efficiently investigated. Therefore, according to the present invention, the above-described labor can be reduced.

Embodiments of the present invention will be described below with reference to the drawings. FIG. 1 is a block diagram showing a configuration of a management system 1 to which the present invention is applied.
The management system 1 of this embodiment includes an ATM 10, a financial institution system 30 connected to the ATM 10, and a monitoring control device 60 connected to a monitoring camera 50 that captures the area around the ATM 10. In this management system 1, a plurality of ATMs 10 and a rotatable monitoring camera 50 are installed in the store, and the monitoring camera 50 sequentially photographs each ATM 10 in the store while rotating during normal times. The plurality of ATMs 10 in the store are monitored.

  The ATM 10 has a card reading unit 11 capable of reading card information (information including an account number) carried on a magnetic tape or IC chip mounted on a cash card, and a monitor for screen display. Touch panel type display operation unit 13 that senses a user's contact and obtains user's operation information, generates a transaction statement by recording transaction contents on a paper medium, outputs the transaction statement, and money A cash delivery unit 17 that takes out money for the permitted amount from the storage unit and outputs it to a receiving port that can be received by the user, and communicates with the financial institution system 30. A communication unit 19 that can be used, and a control unit 21 that performs overall control of each unit in the apparatus.

  On the other hand, the financial institution system 30 has a communication unit 31 capable of communicating with a plurality of ATMs 10 through a dedicated line LN, and withdraws money (withdrawing money electronically from a user's account) in response to a request from the ATM 10, In addition to executing the procedures necessary for the payment of money corresponding to this to the user through the ATM 10, in response to a request from the ATM 10, transfer (withdrawing money electronically from the user's account, this is designated The withdrawal processing unit 33 for executing a procedure necessary for the transfer to the bank account of the transfer destination) and the monitoring control device 60 are configured to be communicable. For each account, an abnormality processing unit 35 for executing the account, an account management database (DB) 37 for storing account data for each account, and contact data indicating a contact address (notification destination) at the time of abnormality Includes a contact database (DB) 39 to 憶, the.

  FIG. 2A is an explanatory diagram showing the configuration of the account management database 37. The account data for each account stored in the account management database 37 includes account number information, account holder information, transaction information indicating the amount of deposit, and a password used for withdrawal procedures and transfer procedures. Information of a procedure code (specifically, a four-digit number) that is a code, information of an error detection code (specifically, a one-digit number) that is a code used for abnormality detection, and A UID value input history file representing an input history of UID values, which will be described later. The UID value input history file is composed of a plurality of records including information on the date and time when the UID value is input and information indicating the input UID value.

  FIG. 2B is an explanatory diagram showing the configuration of the contact database 39. The contact data for each account stored in the contact database 39 includes account number information, account holder information, contact method designation information indicating a value of “mail” or “phone”, and contact information. It has telephone number information and contact mail address information.

  In addition, the monitoring control device 60 is connected to the monitoring camera 50 installed in each store, and controls the control unit 61 that performs overall control of the monitoring camera 50 in each store, and a record that stores video data acquired from the monitoring camera 50. Unit 63, an operation unit 65 that can be operated by an administrator of the monitoring control device 60, a display unit 67 that reproduces corresponding video data according to a command input from the operation unit 65, and outputs the reproduced video, Is provided.

Next, the process which the control part 21 of ATM10 performs is demonstrated. FIG. 3 is a flowchart showing a main routine repeatedly executed by the control unit 21 of the ATM 10.
When the main routine is executed, the control unit 21 causes the monitor of the display operation unit 13 to display a procedure selection screen that allows the user to select and operate various procedures including “withdrawal procedure” and “transfer procedure”. The process waits until the user selects a procedure (S120). When the procedure selection operation is performed (Yes in S120), it is determined whether or not the procedure selected by the user is the “withdrawal procedure” (S130), and is determined to be the “withdrawal procedure”. Then (Yes in S130), a password acquisition process is executed in S140. FIG. 4 is a flowchart showing a password code acquisition process executed by the control unit 21.

  When the password acquisition process is executed, the control unit 21 requests the user to present a cash card (S310), and then the cash card is inserted into the card reading unit 11 so that the user receives the cash card. It is determined whether or not it has been presented (S320). If it is determined that no cash card is presented (inserted), it is determined whether or not a cancel instruction is input from the user through the display operation unit 13 (S325), and if it is determined that a cancel instruction is input (S325). Yes), the password acquisition process is terminated, and if it is determined that no cancel instruction has been input (No in S325), the process proceeds to S320 until a cash card is presented or a cancel instruction is input. stand by.

  If it is determined in S320 that a cash card has been presented (inserted) (Yes in S320), the control unit 21 controls the card reading unit 11, and the card information (account number) carried on the cash card by the card reading unit 11 is controlled. Information), and the card information is acquired from the card reader 11 (S330). Further, when the acquisition of the card information is completed, the process proceeds to S340, where the password input screen is displayed on the monitor of the display operation unit 13, and the user inputs the fifth digit on this input screen. Indicates that it is optional and asks for the input of a password code of up to 5 digits.

  Thereafter, the control unit 21 determines whether or not a password code of up to 4 digits is input through the password code input screen (S350), and determines that a password code of up to 4 digits is not input (No in S350). Then, it is determined whether or not a cancel instruction is input from the user through the display operation unit 13 (S355). If it is determined that a cancel instruction is input (Yes in S355), the password acquisition process is terminated, and the cancel instruction is issued. If it is determined that it has not been input (No in S355), the process proceeds to S350 and waits until a password code of up to 4 digits is input or a cancel instruction is input.

  If it is determined in S350 that a password of up to 4 digits has been input, the control unit 21 determines whether a password of the 5th digit has been input (S360), and the password of the 5th digit is input. If it is determined that it has not been performed (No in S360), it is determined whether or not a predetermined time (several seconds) has elapsed since the password code of up to 4 digits was input (S365), and it is determined that the predetermined time has not elapsed. Then (No in S365), the process proceeds to S360 and waits until the fifth digit password is input or a predetermined time elapses.

  If it is determined that the fifth digit PIN code has been input (Yes in S360), the control unit 21 sets the PIN code up to the four digits previously input in the parameter PIN (S370). The value set in the parameter PIN is expressed as a PIN value. In S375, the PIN code of the fifth digit is set in the parameter UID (hereinafter, the value set in the parameter UID is referred to as the UID value). Express). Thereafter, the code acquisition process is terminated.

  On the other hand, if it is determined that the predetermined time has elapsed (Yes in S365), the control unit 21 sets the input PIN code up to 4 digits in the parameter PIN (S380), and further sets a null value in the parameter UID. The setting is made (S385). Thereafter, the code acquisition process is terminated.

  In this way, when the password acquisition process is executed and terminated in S140, the control unit 21 determines whether or not a cancel instruction is input in the password code acquisition process (S150), and the cancel instruction is input. If yes (Yes in S150), the process proceeds to S110.

  On the other hand, if it is determined that the cancel instruction has not been input (No in S150), the control unit 21 proceeds to S160, displays the withdrawal amount input screen on the monitor of the display operation unit 13, and this withdrawal amount input screen. The information of the withdrawal amount input by the user based on the above is acquired from the display operation unit 13.

  When the process of S160 is completed, the control unit 21 determines the card information (information including the account number) acquired earlier, the information on the withdrawal amount, the PIN value and the UID value set in the PIN code acquisition process. , The withdrawal procedure request data storing the terminal information about the ATM 10 (information including the ATM identification code of the ATM 10) is generated and transmitted to the financial institution system 30 via the communication unit 19 (S170). After transmission, it waits until response data is received from the financial institution system 30 (S180). Then, when response data is received from the financial institution system 30 via the communication unit 19 (Yes in S180), post-withdrawal procedure processing is executed in S190.

  FIG. 5A is an explanatory diagram showing the configuration of the withdrawal procedure request data transmitted in S170, and FIG. 6A is a flowchart showing the withdrawal procedure post-processing executed by the control unit 21. As shown in FIG. 5A, the withdrawal procedure request data mainly includes terminal information of ATM 10 including command information indicating that the data is withdrawal procedure request data, and an ATM identification code representing a transmission source ATM. Information, card information including account number information, PIN value, UID value, and withdrawal information.

  Further, when the post-withdrawal process is executed, the control unit 21 adds, to the response data received from the financial institution system 30, withdrawal permission information for permitting withdrawal, and withdrawal for prohibiting withdrawal. Judgment is made as to which of the infeasible information is included (S410), and if it is determined that the withdrawal permission information is included (Yes in S410), permission is determined based on the permitted withdrawal amount information included in the response data. Processing is performed to output the money for the amount withdrawn from the receiving port of the cash delivery unit 17, and the money for the amount to be withdrawn is paid to the user (S420). Thereafter, the statement issuing unit 15 is controlled to cause the statement issuing unit 15 to generate and output a transaction statement representing the current transaction content (S430). When these processes are completed, an end message is displayed on the monitor of the display operation unit 13 (S440), and then the post-withdrawal process is terminated.

  On the other hand, if the control unit 21 determines that the withdrawal permission information is not included in the response data (in other words, the withdrawal impossible information is included) (No in S410), the control unit 21 displays a message indicating that withdrawal is not possible. 13 is displayed (S450), and then the post-withdrawal processing is terminated. In addition, when the post-withdrawal process is completed in S190, the control unit 21 executes the processes after S110 again.

  In addition, if it is determined that the procedure selected by the user is not the “withdrawal procedure” (No in S130), the control unit 21 determines whether the procedure selected by the user is the “transfer procedure” in S200. If it is determined whether or not the procedure selected by the user is not a “transfer procedure” (No in S200), the process proceeds to S210, and processing corresponding to the procedure selected by the user is executed. Thereafter, the processing after S110 is executed again.

  In S200, if it is determined that the procedure selected by the user is the “transfer procedure” (Yes in S200), the control unit 21 proceeds to S220, and the above-described password code acquisition process (see FIG. 4). Execute. When the password code acquisition process is completed, the process proceeds to S230, where it is determined whether or not a cancel instruction is input in the password code acquisition process executed in S220. If the cancel instruction is input (S230). Yes), the process proceeds to S110.

  On the other hand, if it is determined that the cancel instruction has not been input (No in S230), the control unit 21 proceeds to S240, and displays a transfer information input screen on which the user can input the transfer amount information and the transfer destination information. Displayed on the monitor of the display operation unit 13, the transfer amount information and the transfer destination information input by the user based on the transfer information input screen are acquired from the display operation unit 13.

  When this processing is completed, the control unit 21 obtains the previously acquired card information (information including the account number), the transfer amount information, the transfer destination information, and the PIN set in the PIN code acquisition processing. The transfer procedure request data storing the value and the UID value and the terminal information related to the ATM 10 (information including the ATM identification code of the ATM 10) is transmitted to the financial institution system 30 via the communication unit 19 (S250). Then, it waits until response data is received from the financial institution system 30 (S260). And if response data is received from the financial institution system 30 via the communication part 19 (it is Yes at S260), it will transfer to S270 and will perform the process after a transfer procedure.

  FIG. 5B is an explanatory diagram showing the configuration of the transfer procedure request data transmitted in S250, and FIG. 6B is a flowchart showing the post-transfer procedure processing executed by the control unit 21. As shown in FIG. 5 (b), the transfer procedure request data mainly includes command information indicating that the data is the transfer procedure request data, terminal information of ATM 10 including an ATM identification code indicating the transmission source ATM, and , Card information including account number information, PIN value, UID value, transfer amount information, and transfer destination information.

  When the post-transfer process is executed, the control unit 21 includes, in the response data received from the financial institution system 30, either transfer completion information indicating that the transfer has been completed or non-transferable information indicating that transfer cannot be performed. If the transfer completion information is included (Yes in S510), a message indicating that the transfer has been completed is displayed on the monitor of the display operation unit 13 (S520).

  In addition to the display of the message, the statement issuing unit 15 is controlled to cause the statement issuing unit 15 to generate and output a transaction statement representing the current transaction details (S530). When these processes are completed, an end message is displayed on the monitor of the display operation unit 13 (S540), and then the post-transfer procedure process is terminated.

  On the other hand, if it is determined in S510 that the transfer data does not include the transfer completion information (in other words, transfer impossible information is included) (No in S510), the control unit 21 displays a message indicating that the transfer is not possible. The information is displayed on the monitor of the operation unit 13 (S550), and then the post-transfer procedure post-processing is terminated. Further, when the post-transfer procedure post-processing is ended in S270, the processing after S110 is executed again.

The processing performed by the control unit 21 of the ATM 10 has been described above. Next, processing performed by the withdrawal transfer processing unit 33 of the financial institution system 30 will be described.
FIG. 7 is a flowchart showing an acceptance process repeatedly executed by the withdrawal transfer processing unit 33. This process is executed by the withdrawal transfer processing unit 33 in order to receive various request data including the withdrawal procedure request data and the transfer procedure request data from the ATM 10.

  When the acceptance process is executed, the withdrawal transfer processing unit 33 waits until the request data output from the ATM 10 is received via the communication unit 31 (S610), and receives the request data (Yes in S610). It is determined whether the requested data is the withdrawal procedure request data (S620). If it is determined that the received request data is the withdrawal procedure request data (Yes in S620), the withdrawal process shown in FIG. 8 is executed in S630.

  FIG. 8 is a flowchart showing the withdrawal process executed by the withdrawal transfer processing unit 33. When the withdrawal process is executed, the withdrawal transfer processing unit 33 reads the account data of the processing target account from the account management database 37 based on the received withdrawal procedure request data (S710). Since the withdrawal procedure request data includes the card information indicating the account number as described above, the withdrawal transfer processing unit 33 specifies the processing target account based on this information.

  When the account data is read, the withdrawal transfer processing unit 33 determines whether or not the abnormality detection code is registered in the account data in S720. In the present embodiment, for the procedure code, the password code applied by the user is manually registered in the account management database 37 when the account is opened. Automatic registration based on For this reason, the password for abnormality detection is not registered in the account data until the number of times the UID value is input exceeds the specified number after the account is opened. This step is for judging whether or not the abnormality detection code having such characteristics is registered in the account data.

  If it is determined in S720 that the abnormality detection code is not registered in the account data (No in S720), the withdrawal transfer processing unit 33 executes the history recording process shown in FIG. 9 in S730. FIG. 9 is a flowchart showing a history recording process executed by the withdrawal transfer processing unit 33.

  When the history recording process is executed, the withdrawal transfer processing unit 33 writes a record including the UID value included in the current received data and the current date and time information to the UID value input history file of the processing target account, and registers it. (S810). When this process is finished, it is determined whether the number of records registered in the UID value input history file exceeds a predetermined upper limit (S820), and the number of records exceeds the upper limit. (Yes in S820), the record indicating the oldest date and time is deleted from the UID value input history file (S830). Thereby, the withdrawal transfer processing unit 33 converts the UID value input history file into data having a maximum number of records from the latest one.

  If it is determined in S820 that the number of records does not exceed the upper limit (No in S820) or the processing in S830 is completed, the withdrawal transfer processing unit 33 registers in the UID value input history file of the processing target account. Based on the recorded record, the UID value with the largest number of inputs is determined among the UID values input by the user of this account (S840).

  When the process in S840 is completed, the withdrawal transfer processing unit 33 determines whether or not the determined UID value with the largest number of inputs is a null value (S850), and determines that it is a null value (S850). Yes), the history recording process is terminated without executing the process of S870.

  On the other hand, if it is determined that the determined UID value with the largest number of inputs is not a null value (No in S850), the process proceeds to S860, and the determined number of inputs is greater than or equal to the specified value for the determined UID value with the largest number of inputs If the number of inputs is less than the specified value (No in S860), the history recording process is terminated without executing the process of S870.

  On the other hand, if it is determined that the number of times of input is equal to or greater than the specified value (Yes in S860), the withdrawal transfer processing unit 33 uses the detected UID value with the largest number of inputs in S870 to detect the abnormality detection code. Is registered in the account data of the account to be processed, and then the history recording process is terminated.

  Further, when the history recording process in S730 is completed in this way, the withdrawal transfer processing unit 33 proceeds to S760. In addition, when it is determined in S720 that the abnormality detection code is registered in the account data (Yes in S720), the withdrawal transfer processing unit 33 executes the above-described history recording process in S735. However, in this case, since the abnormality detection code is already registered in the account data, in S870, processing for updating the abnormality detection code included in the account data is performed.

  Further, when the history recording process is completed in S735, the withdrawal transfer processing unit 33 proceeds to S740, and determines whether or not the UID value indicated by the withdrawal procedure request data received this time is a null value. The financial institution system 30 is configured to accept ATM withdrawal procedure request data of a type that does not store a UID value in the withdrawal procedure request data. When the UID value is not stored in the request data, it is determined that the UID value is a null value.

  If it is determined in S740 that the UID value is a null value (Yes in S740), the withdrawal transfer processing unit 33 sends the ATM of the transmission source ATM indicated by the account number information of the processing target account and the received withdrawal procedure request data. The abnormality detection data shown in FIG. 10 storing the identification code is output to the abnormality processing unit 35 (S755). FIG. 10 is an explanatory diagram showing the configuration of the abnormality detection data.

  As shown in FIG. 10, the abnormality detection data mainly includes command information indicating that the data is abnormality detection data, account number information, and request data that causes the abnormality detection data to be output. And an ATM identification code of the ATM.

  When the abnormality detection data having such a configuration is output in S755, the withdrawal transfer processing unit 33 proceeds to S760. In addition, if it is determined in S740 that the UID value indicated by the withdrawal procedure request data is not a null value (No in S740), the withdrawal transfer processing unit 33 determines in step S750 the UID value indicated by the withdrawal procedure request data. , Check whether the UID value indicated by the withdrawal procedure request data matches the abnormality detection password code indicated by the account data of the processing target account to decide.

  If it is determined that the UID value indicated by the withdrawal procedure request data matches the abnormality detection code indicated by the account data of the account to be processed (Yes in S750), the process proceeds to S760, and the UID indicated by the withdrawal procedure request data. If it is determined that the value does not match the abnormality detection code indicated by the account data of the processing target account (No in S750), the abnormality detection data is output to the abnormality processing unit 35 in S755, and then the process proceeds to S760. To do.

  In S760, the withdrawal transfer processing unit 33 compares the PIN value indicated by the received withdrawal procedure request data with the procedure code indicated by the account data of the account to be processed, and the withdrawal procedure request data. It is determined whether or not the PIN value indicated by is coincident with the procedure code indicated by the account data of the account to be processed.

  If it is determined that the PIN value indicated by the withdrawal procedure request data does not match the procedure code indicated by the account data of the processing target account (No in S760), the process proceeds to S790, and the PIN indicated by the withdrawal procedure request data is displayed. If it is determined that the value matches the procedure code indicated by the account data of the processing target account (Yes in S760), the process proceeds to S765.

  In S765, it is determined whether or not there is a deposit equal to or greater than the total amount of the withdrawal amount indicated by the received withdrawal procedure request data and a fee for the withdrawal procedure in the processing target account. If it is determined that there is no deposit (No in S765), the process proceeds to S790. If it is determined that there is a deposit equal to or greater than the total amount (Yes in S765), the process proceeds to S770.

  When the process proceeds to S770, the withdrawal transfer processing unit 33 executes a predetermined withdrawal procedure, electronically withdraws money from the processing target account, and then proceeds to S780 to permit the withdrawal. Response data storing the withdrawal permission information indicating the fact and the information on the permitted withdrawal amount is generated and transmitted to the sender ATM of the withdrawal procedure request data via the communication unit 31. Thereafter, the withdrawal process is terminated.

  In addition, when it is determined No in S760 or S765 and the process proceeds to S790, the withdrawal transfer processing unit 33 generates response data storing withdrawal impossible information indicating that withdrawal is prohibited and communicates this. The data is sent to the sender ATM of the withdrawal procedure request data via the section 31. Thereafter, the withdrawal process is terminated. In addition, when the withdrawal process is ended in S630 in this way, the withdrawal transfer processing unit 33 shifts the process to S610 again.

  On the other hand, if it is determined in S620 that the received request data is not the withdrawal procedure request data (No in S620), the withdrawal transfer processing unit 33 proceeds to S640, and the received request data is transferred procedure request data. It is determined whether or not. If the received request data is determined to be transfer procedure request data (Yes in S640), the transfer process shown in FIG. 11 is executed in S650.

  FIG. 11 is a flowchart showing the transfer process executed by the withdrawal transfer processing unit 33. When the transfer process is executed, the withdrawal transfer processing unit 33 reads the account data of the processing target account from the account management database 37 based on the received transfer procedure request data (S910). Since the transfer procedure request data includes the card information indicating the account number as described above, the withdrawal transfer processing unit 33 specifies the processing target account based on this information.

  When the account data is read, the withdrawal transfer processing unit 33 determines whether or not an abnormality detection code is registered in the account data of the read processing target account (S920). If it is determined that the abnormality detection code is not registered in the account data (No in S920), the history recording process (see FIG. 9) described above is executed in S930, and the history recording process in S930 is terminated. Then, the process proceeds to S960.

  On the other hand, if it is determined in S920 that the abnormality detection code is registered in the account data (Yes in S920), the withdrawal transfer processing unit 33 executes the above-described history recording process in S935. However, in this case, since the abnormality detection code is already registered in the account data, in S870, as described above, the process of updating the abnormality detection code included in the account data is performed. .

  When the history recording process ends in S935, the process proceeds to S940, and it is determined whether or not the UID value indicated by the transfer procedure request data received this time is a null value. The financial institution system 30 is configured to accept ATM transfer procedure request data of a type that does not store a UID value in the transfer procedure request data, and the withdrawal transfer processing unit 33 stores the transfer procedure request data in the transfer procedure request data. When the UID value is not stored, it is determined that the UID value is a null value.

  If it is determined in S940 that the UID value is a null value (Yes in S940), the withdrawal transfer processing unit 33, the information of the account number of the processing target account, the ATM identification code of the sender ATM indicated by the transfer procedure request data, and Are output to the abnormality processing unit 35 (S955). Further, when abnormality detection data is output in S955, the withdrawal transfer processing unit 33 proceeds to S960.

  In addition, when it is determined in S940 that the UID value indicated by the transfer procedure request data is not a null value (No in S940), the withdrawal transfer processing unit 33 proceeds to S950, and the UID value indicated by the transfer procedure request data, Check whether the UID value indicated by the transfer procedure request data matches the error detection code indicated by the account data of the processing target account by comparing with the error detection code indicated by the account data of the processing target account. To do.

  If it is determined that the UID value indicated by the transfer procedure request data matches the abnormality detection code indicated by the account data of the processing target account (Yes in S950), the process proceeds to S960, and the UID value indicated by the transfer procedure request data is If it is determined that it does not coincide with the abnormality detection code indicated by the account data of the account to be processed (No in S950), after the abnormality detection data is output to the abnormality processing unit 35 in S955, the process proceeds to S960.

  In S960, the withdrawal transfer processing unit 33 collates the PIN value indicated by the received transfer procedure request data with the procedure code indicated by the account data of the account to be processed, and transfers the transfer procedure request data. It is determined whether or not the PIN value indicated by is coincident with the procedure code indicated by the account data of the account to be processed.

  If it is determined that the PIN value indicated by the transfer procedure request data does not match the procedure code indicated by the account data of the account to be processed (No in S960), the process proceeds to S990, and the PIN value indicated by the transfer procedure request data is If it is determined that it matches the procedure code indicated by the account data of the account to be processed (Yes in S960), the process proceeds to S965.

  In S965, it is determined whether there is a deposit equal to or greater than the total amount of the transfer amount indicated by the received transfer procedure request data and the fee for the transfer procedure, and there is no deposit greater than the total amount. If it is determined (No in S965), the process proceeds to S990, and if it is determined that there is a deposit equal to or greater than the total amount (Yes in S965), the process proceeds to S970.

  When the process proceeds to S970, the withdrawal transfer processing unit 33 executes a predetermined transfer procedure, electronically withdraws money from the processing target account, and transfers this money to the transfer destination account indicated by the transfer procedure request data. Thereafter, the process proceeds to S980, in which response data storing transfer completion information indicating that the transfer has been completed is generated, and this is transmitted to the sender ATM of the transfer procedure request data via the communication unit 31. Thereafter, the transfer process is terminated.

  On the other hand, when it is determined No in S960 or S965 and the process proceeds to S990, the withdrawal transfer processing unit 33 generates response data storing transfer impossible information indicating that transfer cannot be performed, and this is transmitted via the communication unit 31. , The transfer procedure request data is transmitted to the transmission source ATM. Thereafter, the transfer process is terminated. In addition, when the transfer process is completed in S650 in this way, the withdrawal transfer processing unit 33 shifts the process to S610 again.

  In addition, if the withdrawal transfer processing unit 33 determines in S640 that the received data is not the transfer procedure request data, the process proceeds to S660 and executes processing corresponding to the received request data. When the process in S660 is completed, the process proceeds to S610 again.

  The processing executed by the withdrawal transfer processing unit 33 has been described above. Subsequently, the processing executed by the abnormality processing unit 35 will be described. FIG. 12 is a flowchart showing an abnormality notification process repeatedly executed by the abnormality processing unit 35.

  When the abnormality notification process is executed, the abnormality processing unit 35 waits until the abnormality detection data output from the withdrawal transfer processing unit 33 is received (S1010). When the abnormality detection data is received (Yes in S1010), the abnormality detection is performed. Abnormality notification data storing the ATM identification code indicated by the data is generated and transmitted to the monitoring control device 60 connected to the monitoring cameras 50 of a plurality of stores (S1020).

  FIG. 13 is an explanatory diagram showing the configuration of the abnormality notification data output in S1020. As shown in FIG. 13, the abnormality notification data includes command information indicating that the data is abnormality notification data, and an ATM identification code indicating the ATM in which the abnormality is detected.

  After completing the process in S1020, the abnormality processing unit 35 obtains the corresponding customer contact data from the contact database 39 based on the account number information included in the abnormality detection data received from the withdrawal transfer processing unit 33. Read (S1030). The contact data includes the account number information as described above, and the abnormality processing unit 35 stores the contact data of the account number that matches the account number indicated by the received abnormality detection data in S1030. To read from the contact database 39.

  When the contact data is read in S1030, the abnormality processing unit 35 proceeds to S1040 and determines whether or not the contact designation information included in the read contact data indicates a value of “mail”. . When it is determined that the contact designation information indicates a value of “mail” (Yes in S1040), a message (character data) indicating that an abnormality has occurred with the mail address of the contact indicated by the contact data as the destination. Is generated and output to the mail server 70 connected to the abnormality processing unit 35 (S1050), and the fact that an abnormality has occurred via the mail server 70 is notified by e-mail. Contact customer. Thereafter, the process proceeds to S1010 again.

  On the other hand, if the contact designation information indicates a value of “telephone”, it is determined No in S1040, and the connection with the telephone device of the telephone number indicated by the contact data is established, and the connection is established. After that, a voice signal (voice data) for outputting the voice for notifying the abnormality to the connected telephone device is transmitted to the telephone device (S1060), thereby indicating that the abnormality has occurred. Contact the customer by phone. Thereafter, the abnormality notification process is temporarily terminated, and the process proceeds to S1010 again.

  Next, processing executed by the monitoring control device 60 that receives the abnormality notification data output from the abnormality processing unit 35 will be described. FIG. 14A is a flowchart showing surveillance camera overall control processing realized by the surveillance camera overall control task executed by the control unit 61. FIG. 14B is a flowchart showing the surveillance camera individual control process realized by the surveillance camera individual control task executed by the control unit 61. The control unit 61 of the monitoring control device 60 is configured to execute a plurality of tasks (each task including the monitoring camera overall control task and the monitoring camera individual control task) in parallel. To run.

  When the monitoring camera overall control task receives the above-described abnormality notification data from the abnormality processing unit 35 (Yes in S1110), the surveillance camera overall control task photographs the area around the ATM 10 corresponding to the ATM identification code based on the ATM identification code included in the received abnormality notification data. A task (monitoring camera individual control task) for controlling the possible surveillance camera 50 is specified (S1120), and an abnormal mode transition instruction specifying the imaging target ATM 10 is input to this task (S1130). When this process ends, the process proceeds to S1110 and waits until abnormality notification data is received again. By such an operation, the above-described processes of S1110 to S1130 are repeatedly executed.

  On the other hand, the surveillance camera individual control task operates in the normal mode and repeatedly executes the normal time control process (S1210) until an abnormal mode shift instruction is input from the surveillance camera overall control task (Yes in S1230). Thus, the surveillance camera 50 assigned in advance is rotated, and the video data representing the photographing content of the surveillance camera 50 is acquired from the surveillance camera 50. Then, this is recorded in the recording unit 63 (S1220). More specifically, in the normal mode, by rotating the monitoring camera 50 in S1210, the monitoring camera 50 sequentially photographs a plurality of ATMs 10 installed in the store.

  In addition, when an abnormal mode shift instruction is input to the monitoring camera individual control task (Yes in S1230), the monitoring camera individual control task shifts to the abnormal mode, controls the monitoring camera 50, and specifies the shooting direction of the monitoring camera 50. The ATM 10 is fixed in the direction in which the ATM 10 is located (S1240).

  Thereafter, the surveillance camera individual control task registers a record in which the current date and time information and the ATM identification code information of the designated ATM 10 are recorded in an abnormal mode transition history file (not shown) of the recording unit 63. (S1250) Further, marking data is written into the video data being recorded, and the end of the currently recorded video is registered as a cueing point (S1260).

  When the process of S1260 ends, the surveillance camera individual control task resumes recording of the interrupted video data, and the imaging direction of the surveillance camera 50 is fixed until a predetermined time has elapsed (Yes in S1280). Then, the video data received from the monitoring camera 50 is recorded in the recording unit 63 (S1270). When the predetermined time has elapsed (Yes in S1280), the process proceeds to S1210 and operates again in the normal mode. That is, the video data is recorded in the recording unit 63 while rotating the monitoring camera 50 (S1210, S1220).

  The management system 1 of the present embodiment has been described above. According to this management system 1, the account management database 37 (corresponding to the account information storage means of the present invention) has a procedure code (first code) for each account. And account data indicating the abnormality detection code (corresponding to the second code).

  Further, the ATM 10 reads the account number from the cash card carrying the account number as the account identification information presented by the user in the card reading unit 11 (corresponding to the card reading means), and in S140 or S220 In the password code acquisition process to be executed, the password code (5-digit password code) input by the user who presented the card is acquired from the display operation unit 13 (corresponding to the input device) that can be operated by the user (password). Equivalent to code acquisition means).

  Further, the financial institution system 30 stores the procedure code and the abnormality detection code for the corresponding account from the account management database 37 in S710 or S910 based on the account number information read by the ATM 10. The account data is read out (corresponding to the reading means), and among the 5-digit password code acquired by the ATM 10 from the user, the previously entered 4-digit password code (corresponding to the first part) and the account data The written procedure code is collated in S760 or S960 to determine whether or not both codes match (corresponding to a withdrawal permission judging means).

  If both codes match, as long as the account balance is sufficient, withdrawal of money from the account corresponding to the above account number is permitted (Yes in S760, Yes in S960), and the withdrawal procedure or transfer The procedure is executed (S770 or S970), and money is withdrawn from the account (corresponding to the withdrawal processing means) in response to a user request.

  If the user's request at this time is a withdrawal procedure request, response data indicating withdrawal permission is sent to the ATM 10 (S780), and the ATM 10 is made to pay money from the receiving port. (S420). In addition, when both codes do not match, withdrawal of money from the account is prohibited (No in S760, No in S960).

  In addition, as a feature of the management system 1 of the present embodiment, the financial institution system 30 includes a 5-digit password code (corresponding to the second part) of the 5-digit password code acquired by the ATM 10 from the user, The code for abnormality detection indicated by the account data read from the account management database 37 is collated in S750 or S950 to determine whether or not the two codes match (corresponding to the abnormality presence / absence judging means). If they do not match, it is determined that there is an abnormality in the password code input operation (No in S750, No in S950), and abnormality detection data is output (S755 or S955).

  In addition, when the request data received from the ATM does not include the fifth digit password, the financial institution system 30 determines Yes in S740 or S940 and outputs abnormality detection data (S755 or S955).

  In addition, the abnormality processing unit 35 (corresponding to the abnormality notification unit) outputs abnormality notification data to the monitoring control device 60 when it is determined that there is an abnormality and abnormality detection data is input from the withdrawal transfer processing unit 33. Then, the monitoring control device 60 is notified of the abnormality (S1020), and read from the contact database 39 (corresponding to the notification destination information storage means) having the contact data indicating the abnormality notification destination for each account by ATM. The contact data of the account corresponding to the given account number is read out, and data for notifying the abnormality is transmitted to the contact indicated by the contact data in the form of e-mail or telephone (S1050 or S1060), Inform the customer of the abnormality.

  Therefore, according to the management system 1, an operation for detecting an abnormality and notifying an abnormality for an input operation of an unauthorized user without detecting an abnormality for an input operation of a legitimate user, It can be performed with higher accuracy and speed than the conventional system.

  That is, in the management system 1 of this embodiment, even if the wrong detection code is entered incorrectly, money can be withdrawn from the account, so the account holder can forget the fifth digit of the code. Even if you set the code, there is no problem. Therefore, according to the present embodiment, it is possible to weaken the tendency that the user is set with a password that is likely to be recalled by a malicious person, and the password for the procedure is specified by the malicious person and illegal. Even if it can be easily pulled out, the anomaly detection code does not have to be specified by a malicious person.

  Then, according to the present embodiment, if the fifth digit password code inputted by the user and the password code for abnormality detection are different even once, an abnormality is detected and this is notified to the customer. Detection and notification of an unauthorized operation when the security code is known to a malicious person can be performed with higher accuracy and speed than before. Of course, even if a legitimate user inputs a wrong code as the 5th digit password, an anomaly is detected and the anomaly is notified, but the anomaly is reported to the user, so the legitimate use There is no particular problem with notifying an erroneous abnormality due to an input error by a person. Moreover, unless the user makes an input mistake, an erroneous abnormality notification is not performed. Therefore, according to the system, whenever an ATM is used, a notification that an ATM has been used is used. There is no need to bother the user.

  Therefore, according to the management system 1, when an unauthorized operation is performed, the unauthorized operation can be detected at an early stage, and this can be promptly dealt with, and the unauthorized withdrawal damage due to skimming or the like is suppressed. be able to.

  In addition, according to the present embodiment, even if the fifth digit password is not correctly input, the process of withdrawing money is executed. Therefore, when a malicious person enters the password incorrectly, In this case, the customer (account holder) can be notified of the abnormality. In addition, since it is possible to make anxiety about a malicious person about this, according to the present embodiment, it is possible to suppress the occurrence of unauthorized pullout damage multiple times.

  That is, according to the present embodiment, it is possible to suppress the user from setting a password code that is easily recalled by a malicious person as a password, and the anxiety that an abnormality may be notified is malicious. Therefore, it is possible to effectively suppress the occurrence of unauthorized withdrawal damage.

  Further, according to the present embodiment, since the abnormality is notified to the customer in the form of an e-mail or a telephone without using an operator, the abnormality can be quickly notified to the customer after the abnormality is detected. In addition, since the form of notification is e-mail or telephone, users can know abnormalities immediately even when they are out of business if the e-mail address or telephone number assigned to the mobile terminal is used as the contact information. Can do. Therefore, it is possible to effectively suppress the occurrence of unauthorized withdrawal damage.

  In addition, in this embodiment, the monitoring control device 60 executes the monitoring camera individual control task for each monitoring camera 50 and, when abnormality notification data is input, based on the ATM identification code indicated by the abnormality notification data. Then, an instruction to shift to the abnormal mode is input to the monitoring camera individual control task for controlling the monitoring camera 50 that captures the area around the ATM 10 where the abnormality is detected (mode control means).

  The surveillance camera individual control task has a normal mode in which the processes of S1210 to S1230 are repeatedly executed and an abnormal mode in which the processes of S1240 to S1280 are executed. In the abnormal mode, unlike the normal mode, the shooting direction is fixed. In this state, the periphery of the ATM 10 is photographed, and video data indicating the photographing content is recorded (corresponding to video recording means). For this reason, the monitoring control device 60 inputs an instruction to shift to the abnormal mode in the monitoring camera overall control task, thereby shifting the corresponding monitoring camera individual control task to the abnormal mode for a predetermined period, and the monitoring camera 50. Therefore, only the area around the ATM 10 where the abnormality is detected can be focused on. Therefore, the management system 1 of the present embodiment is useful for identifying unauthorized users using video data.

  Further, according to the management system 1, when the abnormality notification data is input, the monitoring camera overall control task shifts the corresponding monitoring camera individual control task to the abnormality mode, and the monitoring camera individual control task is changed to S1260. This process is executed to mark the portion of the video data indicating the photographing content at the time of mode transition (corresponding to the marking means). Therefore, according to the present embodiment, it is possible to easily find the part of the video data indicating the photographing content at the time when the abnormality is detected, and to efficiently investigate the video data. The effort to identify the projected video can be reduced compared to the conventional technique.

  In the present embodiment, in addition, in S1250, the transition history to the abnormal mode (in other words, the reception history of the abnormality notification data and the execution history of the notification operation) is stored in the recording unit 63 (history recording). Equivalent to means). Therefore, according to the present embodiment, it is possible to efficiently investigate video data when specifying an unauthorized operator.

In addition, the management system 1 of this invention is not limited to the said Example, It can take a various aspect.
For example, in the above-described embodiment, the procedure code and the abnormality detection code are configured by numbers, but the code may be configured by numbers and alphabets. For example, it is convenient for the user to easily memorize a 5-digit code if the procedure code is composed of a 4-digit number and the anomaly detection code is composed of alphabets.

  In addition, in the above embodiment, the financial institution system 30 is configured to update the abnormality detection code based on the input history even after the abnormality detection code is once registered in the account data. The financial institution system 30 may be configured not to update the personal identification code. Specifically, the financial institution system 30 can be configured not to update the abnormality detection code by omitting the processes of S735 and S935.

  In addition, when updating the anomaly detection code based on the input history, it can be used by changing the UID value to be input consciously without applying for the change of the anomaly detection code at the window. The person can frequently change the abnormality detection code. Therefore, in this case, it is possible to reduce the possibility that a malicious person will know the correct password. However, in the case of this system, there is a demerit that when a malicious person performs an input operation of an illegal password several times, an abnormality cannot be detected.

  Of course, if the financial institution system 30 is configured not to update the abnormality detection code if the same UID value is not input for a certain number of times or more (for example, 10 times or more), account transactions are prohibited by then. Therefore, there is substantially no problem, but if the abnormality detection code is not updated based on the input history, such a problem can be reliably prevented.

  Further, in the above embodiment, the abnormality detection code is determined based on the input history of the UID value, but the abnormality detection code is also registered when the account is opened, as in the case of the procedure code. May be.

It is a block diagram showing the structure of the management system 1 of a present Example. FIG. 4 is an explanatory diagram (a) showing the configuration of the account management database 37 and an explanatory diagram (b) showing the configuration of the contact database 39. 3 is a flowchart illustrating a main routine executed by a control unit 21. It is a flowchart showing the PIN code acquisition process which the control part 21 performs. It is explanatory drawing (a) showing the structure of withdrawal procedure request data, and explanatory drawing (b) showing the structure of transfer procedure request data. It is the flowchart (a) showing the withdrawal procedure post-process which the control part 21 performs, and the flowchart (b) showing the transfer procedure post-process. It is a flowchart showing the reception process which the payment transfer process part 33 performs. It is a flowchart showing the payment process which the payment transfer process part 33 performs. It is a flowchart showing the history recording process which the payment transfer process part 33 performs. It is explanatory drawing showing the structure of abnormality detection data. It is a flowchart showing the transfer process which the payment transfer process part 33 performs. 5 is a flowchart showing an abnormality notification process executed by an abnormality processing unit 35. It is explanatory drawing showing the structure of abnormality notification data. It is the flowchart (a) showing the surveillance camera integrated control process which the control part 61 performs, and the flowchart (b) showing the surveillance camera individual control process.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 ... Management system, 10 ... ATM, 11 ... Card reading part, 13 ... Display operation part, 15 ... Details issue part, 17 ... Cash delivery part, 19, 31 ... Communication part, 21, 61 ... Control part, 30 ... Finance Institution system, 33 ... withdrawal transfer processing unit, 35 ... abnormality processing unit, 37 ... account management database, 39 ... contact database, 50 ... monitoring camera, 60 ... monitoring control device, 63 ... recording unit, 65 ... operation unit, 67 ... Display unit, 70 ... Mail server

Claims (9)

Account information storage means for storing the first and second passwords for each account;
Card reading means for reading the identification information of the account from a card carrying the identification information of the account presented by the user;
A password code acquisition means for acquiring a password code from the user who presented the card through an input device operable by the user;
Read means for reading out the first and second password codes of the corresponding account from the account information storage means based on the identification information of the account read by the card reading means;
Money from an account corresponding to the identification information of the account read by the card reading means based on the first password read by the reading means and the password acquired by the password acquisition means A drawer permission judging means for judging whether or not to permit the withdrawal of
An abnormality presence / absence judging means for judging the presence / absence of an abnormality in the input operation of the personal identification code based on the second personal identification code read by the readout means and the personal identification code acquired by the personal identification code acquisition means;
When it is determined by the abnormality presence / absence determining means that there is an abnormality, an abnormality notifying means for notifying the outside of the abnormality,
Regardless of the determination result of the abnormality presence / absence determining means, when the withdrawal permission judging means judges that money withdrawal is permitted, a withdrawal processing means for executing a process of withdrawing money from the corresponding account;
A management system comprising: The withdrawal permission judging means collates a portion corresponding to a predetermined first password in the password code acquired by the password code acquisition means with the first password code read by the reading means. When the portion corresponding to the first password and the first password read by the reading means match, it is determined that money withdrawal is permitted, and the first password is If the corresponding part and the first password read by the reading means do not match, it is configured to determine that money withdrawal is not permitted,
The abnormality presence / absence determining means includes a part corresponding to a second password code different from a predetermined part corresponding to the first password in the password code acquired by the password code acquiring means, and the reading means. The read second password code is collated, and when the portion corresponding to the second password code matches the second password code read by the reading means, there is no abnormality. If the portion corresponding to the second password is not coincident with the second password read by the reading means, it is determined that there is an abnormality. The management system according to claim 1, wherein:   The abnormality presence / absence judging means is configured to judge that there is an abnormality when a symbol corresponding to the second code is not written in the code obtained by the code obtaining means. The management system according to claim 2, wherein: Notification destination information storage means for storing notification destination information indicating an abnormality notification destination for each account,
With
When the abnormality notification means determines that the abnormality is present, the abnormality notification means notifies the account corresponding to the account identification information read by the card reading means stored in the notification destination information storage means. 4. The structure according to claim 1, wherein the data for notifying abnormality is output to the notification destination indicated by the notification destination information with reference to the destination information. The management system described. The notification destination information is information indicating a mail address,
The abnormality notification means is configured to output an email storing character data for notifying an abnormality to the mail server indicated by the notification destination information, and to output an abnormality to the user through the email. The management system according to claim 4, wherein the management system is configured to notify. The notification destination information is information indicating a telephone number,
The abnormality notification means establishes a connection with the telephone device corresponding to the telephone number indicated by the notification destination information, outputs voice data for notifying abnormality to the telephone device, and uses the telephone device user The management system according to claim 4, wherein the system is configured to notify the abnormality. A video recording unit that has an operation mode for normal time and an operation mode for abnormal time, images the surroundings of the input device by a method different for each operation mode, and records video data indicating the content of the imaging,
Upon receiving the abnormality notification, the video recording means is operated in the abnormal operation mode for a predetermined period thereafter, and the video recording means is operated in the normal operation mode for a period other than the predetermined period. Mode control means for operating in
With
The abnormality notification unit is configured to notify the mode control unit of an abnormality when the abnormality determination unit determines that there is an abnormality. A management system according to any one of the above. Video recording means for imaging the periphery of the input device and recording video data indicating the content of the imaging;
When receiving the notification of the abnormality, marking means for marking the part of the video data indicating the photographing content at the time of receiving the notification,
With
The abnormality notification means is configured to notify the marking means of an abnormality when the abnormality presence / absence determination means determines that there is an abnormality. The management system described in Crab.   The management system according to claim 1, further comprising: a history recording unit that records an execution history of a notification operation performed by the abnormality notification unit.

Images