JP2007041957A - Credit card settlement method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a secure credit card settlement method for preventing credit card information from being stolen in electronic commercial transaction through the Internet. <P>SOLUTION: During user registration, a keeping center information device 3 or a user terminal 1 divides credit card information into two, discards an original copy and then stores one of the divided information in the user terminal 1 and the other in the keeping center information device 3. At settlement, a settlement center 4 acquires the divided information stored in the user terminal 1 and the divided information stored in the keeping center information device 3 and combines the both to thereby restore the credit card information, using the credit card information for credit and settlement processing. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a credit card settlement method that allows safe settlement by preventing leakage of card information, and more particularly to a safe credit card settlement method that can be used for online settlement.

Credit cards have spread in Japan, and now a firm position as a second currency has been established, but there has always been a risk of theft in credit card payments.
In particular, in online payments, the fact is that users are reporting credit card information to sellers based on the premise that there is no information leakage from online merchandise sellers (EC sites) and payment-related organizations. It is. Furthermore, the fact that credit card information that enables settlement by itself is stored in the hands of others avoids the risk that the custodian will be stolen by an attacker from a malicious person even if it is a good person and used illegally. It's also not.
In addition, a state in which perfect credit card information is exposed to the Internet communication network is not preferable because there is a risk that a malicious third party may read and use it illegally.

In this way, if the card information is known to others, transactions impersonating the card holder are possible, so not only when the seller is malicious, but also when the information leaks, This will cause serious damage.
Credit information theft from payment centers in the United States between 2004 and 2005 caused hundreds of thousands of information loss, and Japan suffered damages in the hundreds of millions of yen. . In this case, it became a problem that the payment center had accumulated card information against the contract with the credit company, but a security system that could not be physically stolen should be built. It is.

  Various measures have been studied in various ways to secure credit card payments on the Internet, but at present there are no known effective measures, so users with a high awareness of safety should avoid credit card payments, In many cases, a time-consuming method such as cash on delivery or transfer is selected. If non-face-to-face credit card payments can be made securely via the Internet or communication lines, it will greatly contribute to the activation of electronic commerce.

  As a security measure for credit card payment, for example, in Patent Document 1, credit card information is used by using a one-time-use ID for Internet payment issued by a credit card company for each transaction instead of credit card information. A system that itself does not appear on the Internet is disclosed. However, when exchanging credit card information, an Internet payment ID or the like between a user and a credit card company, the encryption process is necessary because it is via the Internet. Moreover, it is necessary to issue a disposable dedicated ID every time an internet transaction is made, which is complicated.

  Also, in Patent Document 2, when a payment request is made from an internet shop to a credit company, a confirmation call is made to a telephone designated in advance by a user to confirm the identity, and unauthorized use is confirmed. A method to prevent and secure the transaction is disclosed. Since telephone confirmation is essential, the complexity of the procedure cannot be avoided. In addition, it is inconvenient that the user needs to be in front of the telephone at the designated time.

Further, in Cited Document 3, in Internet commerce, highly confidential credit card information is exchanged using ISDN, an analog telephone network, a dedicated line, etc. with a low risk of leakage, and only information with low confidentiality is communicated to the Internet. A method for improving safety by exchanging via a network is disclosed. This method is used by connecting to an analog communication network or the like in addition to the Internet, and the facilities and the method of using the facilities are complicated. Moreover, since the credit card information is deposited in each electronic commerce service provider device, the confidential information of the user is diffused and the safety is impaired.
JP 2002-007921 A JP 2002-157537 A JP 2000-076336 A

  Accordingly, the problem to be solved by the present invention is to provide a safe credit card settlement method that prevents the theft of credit card information in electronic commerce via the Internet.

In order to solve the above problems, the credit card settlement method according to the present invention divides credit card information into two pieces by dividing processing at the time of user registration, discards the original as divided information, and uses one piece of the divided information by the user. The remaining piece is stored in the information device of the deposit center in the information terminal device, and the settlement center is stored in the split information stored in the information terminal device of the user and the information device of the deposit center at the time of settlement. The credit card information is restored by using the other division information and combined to be used for credit and settlement processing.
Since only one piece of division information does not serve as a theft, there is a risk of unauthorized use if the relevant division information cannot be obtained and synthesized from both the information terminal device of the user and the information device of the deposit center. Absent. As described above, according to the present invention, since the credit card information itself does not exist until the division information is combined, a system with a very high degree of safety can be constructed.

One of the pieces of division information can be stored in the information terminal device of the user, or alternatively, can be stored in the information device on the EC site of the electronic commerce company. If the EC site has high reliability, there is no danger even if one of the pieces of division information is deposited. Therefore, the user's responsibility may deposit the division information. If the EC site keeps a piece of the split information and makes a payment request on the EC site side, the user may omit the trouble of selecting and sending the split information suitable for the EC site at every commercial transaction. it can.
Note that one piece of the division information may be automatically sent to the EC site from the information device that divides the card information at the time of user registration.

In the division of information, the original information is subdivided into information elements, supplementary information indicating the arrangement order or arrangement position is given to each information element, and the information blocks are separated into two information blocks in an arbitrary combination. It is preferable to carry out by electronic tally processing which is stored separately. Note that the incidental information can be processed as an independent block separated from the information element.
When division is performed by electronic tally processing, it can be carried out in an extremely simple procedure as compared with other information leakage prevention methods, so that the calculation processing load can be reduced. In addition, there is a feature that the degree of safety is high although the processing is simple.
Information can be divided and restored using a known secret sharing method.

The division processing may be performed by the user's information terminal device or may be performed by the information device of the deposit center. In the case where one of the pieces of divided information is sent to the information device of the deposit center and stored by the division processing at the information terminal device of the user, the credit card information is not exposed to the communication network. The risk of leakage is completely eliminated. When the card information is split by the user information terminal device, the original prepared for the split processing is discarded, but saving the original credit card information somewhere on the user terminal Needless to say, you can leave it to your will.
In addition, the deposit center may be an independent mechanism, but may be provided in addition to the settlement center.

According to the credit card settlement method of the present invention, since the user's credit card information does not flow on the Internet at the time of settlement, there is no risk of eavesdropping. Moreover, since there is no division | segmentation information supplied from a user's information apparatus, since electronic commerce cannot be performed, unauthorized use can be prevented. If the authentication information such as a password is used together, unauthorized use cannot be made. Furthermore, the security of the authentication information can be improved by dividing the authentication information.
Further, the method of the present invention is effective in preventing leakage at the EC site because the card information itself is not transmitted to the information device of the EC site (online merchandise seller). Note that it is possible to manage the history of tally and usage status through the information device of the deposit center.

The division information can be stored not in the user's information terminal device but in a portable external storage medium. For example, if it is stored in a USB memory and attached to an arbitrary computer so that electronic transactions can be performed, it is convenient. If the USB memory stores the division processing program in advance and allows the division processing to be freely executed if it is attached to a computer, it is convenient because it is not necessary to download the program from the deposit center. In addition, various personal computer functions such as mobile phones, game machines, car navigation systems, and information appliances can be used.
The credit card information may be divided into three or more pieces of division information by division processing and distributed to another information device in addition to the user terminal and the deposit center information device. Since multiple safety mechanisms are incorporated into the transaction approval, the safety of the transaction is further improved.

  In this way, by adopting a payment method that can ensure sufficient safety from the user's perspective, it is possible to agree with peace of mind that electronic transactions are settled with a credit card. Since credit card payment is sufficiently convenient and convenient for both users and EC sites, further activation of electronic commerce via the Internet can be expected by introducing the credit card payment method of the present invention.

Hereinafter, a credit card settlement method of the present invention will be described based on examples with reference to the drawings.
FIG. 1 is a block diagram for explaining a user registration procedure in the first embodiment of the present invention, FIG. 2 is a block diagram for explaining a settlement procedure in the first embodiment, and FIG. 3 is a registration procedure in the second embodiment. It is a block diagram explaining a procedure.

The user can subscribe to the credit card settlement system by performing user registration with the deposit center via the WEB.
When browsing the WEB stored in the EC site information device 2 via the user terminal 1 and agreeing to use the credit card payment system, the depositing center information device 3 via the WEB server of the EC site information device 2 The WEB server at is accessed and the registration screen is ordered to the user terminal 1.
This procedure may be carried out by automatically linking to a user registration process at the deposit center when a credit card is selected as a settlement means on the settlement screen of the EC site when a commercial transaction is performed for the first time.

  On the registration screen, input of user information and card information is requested. User information includes name, address, date of birth, telephone number, e-mail address, and other information. The user's occupation and preferences may be required. The card information is information that becomes reference information when a card is used, such as a card company name, a card name, a card number, and a card expiration date.

  When the user confirms that there is no problem with the entry and transmits it from the user terminal 1, the deposit center information device 3 receives it, registers the user information in the database, and divides the card information into two to add tally information A and B. Is generated, one tally information B is stored, and the other tally information A is transmitted to the user terminal 1 together with a completion screen informing the completion of the procedure. Thereafter, the deposit center information device 3 discards the tally information A. . When the registration process in the deposit center information device 3 is completed, a confirmation mail for confirming the completion of registration is sent to the user terminal 1 to complete the user registration process.

In order to confirm the validity of the accepted credit card, a procedure for making an inquiry to the card company during the registration procedure may be added. The inquiry may be made after registration, and if it fails, registration may be canceled later. Further, registration may be performed unconditionally, and the validity of the card may be entrusted to a credit status inquiry performed for each actual settlement procedure.
In addition, when exposing electronic information, especially user information and card information to a communication network, it is preferable to perform encryption processing in order to avoid the risk of theft.

When the user decides to purchase a product at the EC site established by the WEB server of the EC site information device 2, the user fills in an order screen and transmits it to the information device 2 at the EC site.
The EC site information device 2 transmits a confirmation screen describing order information such as a shop ID, an order number, a purchase item, an amount of money, a date, and a company code to the user terminal 1.
The user approves the order contents by selecting and attaching the tally information A stored in the information device instead of inputting the card information if there is no problem after checking the confirmation screen. The attached tally information A is transmitted directly to the settlement center information device 4 without leaving a trace, either directly or without passing through the EC site.

On the other hand, the order information approved by the user is returned to the EC site information device 2, stored in the storage device of the EC site, and transmitted to the settlement center information device 4 as settlement information. The tally information A and the settlement information are combined to form an information block.
The information terminal device 1 of the user sends the tally information A to the EC site information device 2, and the EC site information device 2 forms an information block by attaching the tally information A of the user to the payment information to form a payment center. You may make it transmit to the information apparatus 4 and make a payment request.

When dealing with a large number of cards or when there are a large number of card registrations, the user needs to pay special attention to select the tally information A suitable for the EC site of the business partner, which is cumbersome. . In order to avoid such complications, when the EC site is extremely reliable, the tally information A is deposited in advance, and when the purchase is decided, only the transaction content is approved. 2 may automatically attach the tally information A of the user's card information and perform the settlement process.
Further, according to the user's selection, the tally information A divided at the time of user registration or card registration may be directly distributed to the user terminal 1 and the EC site information device 2.

The settlement center information device 4 extracts the tally information A from the information block received from the EC site information device 2, and based on the header information attached to the tally information A, the tally information corresponding to the tally information A from the deposit center information device 3. The information B is downloaded, the two are integrated, the information elements are rearranged in the original order, and the original card information is restored.
Further, the payment information extracted from the payment information block received from the EC site information device 2 and the restored card information are sent together to the card company information device 5 to request credit or payment.

The card company information device 5 confirms the credit status of the credit card based on the card information, and performs a payment process based on the payment information. The processing result is sent to the settlement center information device 4 with a settlement number, where history management is performed, and the processing result is sent to the EC site information device 2 with a settlement number.
The EC site information device 2 confirms the processing result received from the settlement center information device 4, performs sales processing, and transmits a completion screen to the user terminal 1.
This completes the payment for this purchase. Note that a confirmation mail may be transmitted from the EC site information device 2 to the user terminal 1 again.
The deposit center information device 3 can also prevent unauthorized use by sending a notification to the terminal 1 of the registered user when there is a request for downloading the tally information B.

According to the credit card settlement method of the present embodiment, since only the division information is communicated between the user who made the business transaction and the EC site, it is safe because the card information cannot be known by eavesdropping during communication. In addition, credit card information is flowed on the Internet at the time of registration, but the current safety level is guaranteed by adopting encryption processing such as SSL that is normally used.
Further, since the EC site does not handle the card information itself, it is possible to prevent the spread of confidential information. Furthermore, since the deposit center stores only one piece of tally information, it is safe even if there is an attack.

When electronic tally processing is performed, the content cannot be easily estimated even if only one piece of tally information is used unless there is position information for returning the information element to the original position.
Furthermore, since the card information has been input individually in the past, it takes time and is easy to make mistakes and is troublesome. However, in this embodiment, since the tally information stored as a file is only attached, it is easy. And there is no fear of mistakes.

In this embodiment, the deposit center information device 3 is independent, but it goes without saying that the deposit center information device 3 may be integrated with the settlement center information device 4.
Further, if the division information A to be stored in the user information terminal 1 is stored in an external storage medium, in particular a portable storage medium such as a USB memory, electronic commerce can be performed using an arbitrary computer. improves. Furthermore, a mobile phone, a car navigation system, a game machine, an information home appliance, or the like may be used.
If the division processing program is stored in these external storage media, it is not necessary to download the program from the deposit center for registration processing or the like, which is convenient.

In the second embodiment, since the credit card information is not put on the Internet communication network even at the time of registration, the information is prevented from being leaked by performing the card information division processing at the user terminal which is the user's information terminal device. Other than that, it is exactly the same as the first embodiment, and therefore different parts from the first embodiment will be described in detail.
When a credit card is selected in response to a payment method selection instruction on the payment screen of the WEB page provided to the user terminal 1 by the WEB server of the EC site information device 2, the depositing center information device 3 from the WEB server of the EC site information device 2 A tally attached screen is displayed together with a link to the user registration process of the WEB server. A user who already holds a tally attaches tally information A on this screen. A user who does not have a tally yet downloads the user registration tool to the user terminal 1 first on the user registration processing screen.
The user registration tool includes an electronic tally processing program for dividing information.

The user inputs user information requested by the user registration tool, and further inputs card information. When the input content is confirmed and the approval button is pressed, the card information is divided according to the electronic tally processing program copied to the user terminal 1 to generate tally information A and B. The tally information A is left in the user information device 1 and the tally information B is transmitted to the deposit center information device 3 together with the input user information.
The deposit center information device 3 stores the tally information B and the user information in the database storage device, and transmits a completion notification to the user terminal 1.
The settlement method is the same as in the first embodiment.

In the credit card settlement method of the second embodiment, since the card information is divided and transmitted only by the user terminal 1 and only the divided tally information is transmitted, the card information itself does not flow on the Internet, and the confidential information is transmitted during communication. There is no worry of leaking.
In addition, since the safety is improved by adding another information device to the storage location of the tally information, the credit card information may be divided into three or more pieces and distributed.

  The credit card settlement method of the present invention is used especially when electronic commerce is performed using the Internet communication network, so that it is not necessary to disclose the card information to the EC site and the card information is not transmitted at the time of settlement. There is no leakage, and extremely simple credit card payments can be used with more peace of mind compared to other means, so it promotes the activation of electronic commerce and contributes to the prosperity of the industry.

It is a block diagram explaining the procedure of the user registration in 1st Example of this invention. It is a block diagram explaining the procedure of the payment in a present Example. It is a block diagram explaining the procedure of the user registration in 2nd Example of this invention.

Explanation of symbols

1 User terminal 2 EC site information device 3 Deposit center information device 4 Settlement center information device 5 Card company information device

Claims (9)

  At the time of user registration, the credit card information is divided into two pieces of divided information by discarding the original, the original is discarded, and one piece of the divided information is sent to the information terminal device of the user to the information device of the deposit center that keeps the information. The remaining piece of the division information is stored, and at the time of settlement, the settlement center stores the one piece of division information stored in the information terminal device of the user and the division of the one piece stored in the information device of the deposit center. A credit card settlement method on the Internet, characterized in that credit card information is restored by using information and combined to be used for credit and settlement processing.   2. The credit card settlement method according to claim 1, wherein one piece of the divided information stored in the information terminal device of the user is transferred to a portable external storage medium and stored.   The credit card settlement according to claim 1, wherein one piece of the division information is stored in an information device of an EC site instead of or in addition to the user's information terminal device. Method.   In the division process, the original information is subdivided into information elements, the auxiliary information indicating the arrangement order or arrangement position is given to each information element, and the information blocks are separated into two information blocks by any combination. 4. The credit card settlement method according to claim 1, wherein the credit card settlement method is performed by electronic tally processing that is stored separately.   The credit card settlement method according to claim 1, wherein the division processing is performed using a secret sharing method.   The credit card settlement method according to claim 1, wherein the division processing is performed in an information device of the deposit center.   The credit card settlement method according to claim 1, wherein the division processing is performed in the information terminal device of the user.   The credit card settlement method according to any one of claims 1 to 7, wherein the division processing is also performed on the user authentication information.   The division process divides the credit card information into three or more pieces and stores the pieces of the division information in another information device in addition to the information terminal device of the user and the information device of the deposit center. The credit card settlement method according to claim 1, wherein:

Images