JP2013020496A - System for preventing illegal use of card and method for preventing illegal use of card - Google Patents

Abstract

PROBLEM TO BE SOLVED: To prevent an illegal use of a card when the card is lost or stolen and an illegal use thereof by a store, and to prevent a simultaneously progressing illegal use of a plurality of cards.SOLUTION: A store terminal transmits a settlement request data to a card company and transmits the same settlement request data to a mobile terminal of the customer. The settlement request data includes a card ID and transaction information (a commodity price, a purchase date and time, etc.), as well as the ID of the store terminal. The customer receives the settlement request data and checks its details and if the details are OK, transmits a settlement authorization to a mobile terminal company from the mobile terminal. A system in the mobile terminal company extracts a card ID which is previously registered by the customer and is associated with the mobile terminal after receiving the settlement authorization, and notifies it to a system in the card company by determining the notification destination of the system of the card company from the card ID. The system in the card company compares the settlement request data of the store terminal with the settlement authorization data of the mobile terminal, and performs settlement on condition that both are matched.

Description

  The present invention relates to a system for preventing unauthorized use of a credit card, a cash card or the like and a method for preventing unauthorized use.

  Conventionally, many systems have been proposed for preventing the loss or theft of money settlement cards such as credit cards and cash cards (debit cards). For example, Patent Literature 1 describes a system that determines that a card cannot be used when the location of the cardholder and the location of the card-use store do not match. Moreover, in patent document 2 and patent document 3, when the price payment purchased in the store is performed using a credit card, the transaction content is transmitted to the server, and the registered contact information of the holder of the card is used. A system for notifying a mobile phone by e-mail or the like is described.

JP 2003-99690 A JP 2006-85446 A JP 2007-213491 A JP 2009-48507 A

  The above Patent Documents 1, 2, and 3 are all intended to prevent unauthorized use of a card or promptly notify the possibility of unauthorized use by using a mobile terminal possessed by a user such as a mobile phone. is there. However, in the system for determining the consistency between the location information of the card owner and the card-using store as in Patent Document 1, the malicious employee who has deposited the card at the store where the user actually visited is the user's Stealing your eyes and misusing them cannot be prevented. Further, in the card usage notification system as in Patent Documents 2 and 3, since the notification is received by e-mail only after the card is used, unauthorized use cannot be prevented in advance.

  Also, in modern society, a single user often owns a large number of cards, and there are many technologies that allow a mobile terminal to have a card function instead of carrying a card. For example, Patent Document 4 describes a system that allows a credit card management server and a mobile terminal to accumulate a usage limit amount and a validity period that are set in advance from a mobile terminal with respect to a credit card management server, thereby facilitating payment. ing. However, in a system in which all information regarding the card function is stored in a portable terminal such as that disclosed in Patent Document 4, anxiety remains when the portable terminal itself is lost or stolen. Therefore, there is a demand for a system that comprehensively protects a mobile terminal and a plurality of cards possessed from unauthorized use at the time of loss or theft without accumulating excessive information in the mobile terminal.

  In view of the above-described problems, the present invention proposes a mechanism for approving the use of a card on the spot from the user's mobile terminal, and prevents unauthorized use in the store as well as when the card is lost or stolen. Further, it is an object of the present invention to provide a new system capable of preventing unauthorized use that can occur simultaneously such as when a plurality of cards are lost at the same time.

In order to solve the above-described problems, the card unauthorized use prevention system (hereinafter, this system) according to the present invention provides the following solution.
A card company system, a store terminal of a member store, a mobile terminal of a customer, and a mobile terminal company system that manages the mobile terminal are connected via a network to prevent unauthorized use of the card, the store terminal being a customer Means for reading the information of the card when paying with the card at the member store, and transmitting the payment information including the card information, the store terminal ID and the transaction information to the card company system, and the payment information. Means for transmitting to the mobile terminal of the customer, and the mobile terminal comprises means for transmitting a payment approval request for approving payment of the card to the mobile terminal company system after receiving the payment information. When the terminal company system receives the payment approval request, the terminal company system records one or more card IDs of the customer previously associated with the ID of the mobile terminal. And the means for transmitting the payment information to the card company system of the card, the card company system including the payment information transmitted from the store terminal and the payment information transmitted from the mobile terminal company system. And payment approval means for performing payment of the card on condition that the two match.

  Usually, the card payment is performed by the store clerk reading the product data that the customer wants to purchase at the cashier counter, etc., using a bar code, taking the payment card from the customer, and then reading the card at the store terminal (CAT terminal). The payment request data is sent to the credit card company with the password entered. In the card company, a credit card inquiry (authorization) is performed from the card information and the password, and if there is no problem, the settlement is executed.

  According to the configuration of the system of the present invention, the store terminal transmits the settlement request data to the card company system, and also transmits the same settlement request data to the customer's mobile terminal in front of you. This data includes the card ID (card number), transaction information (product price, purchase date, etc.), and the ID of the store terminal from which the card is read. When the customer receives the payment request data to the portable terminal, the customer confirms the contents, and if OK, transmits the payment approval from the portable terminal to the portable terminal company system. When receiving the payment approval, the mobile terminal company system reads the card ID associated with (associated with) the mobile terminal registered in advance by the customer from the storage unit, and notifies the card company system from the card ID. Determine the destination and send it to the card company system. In the card company system, the payment request data from the store terminal is compared with the payment approval data from the portable terminal, and the payment is made on condition that both are the same.

  In this way, not only payment is requested to the card company from the store terminal, but payment is not completed unless the payment information is confirmed on the spot from the customer's mobile terminal and the payment approval is transmitted via the mobile terminal company. Therefore, the payment request route and the approval route are separated, and the safety of the card payment can be improved. Further, since the payment can be approved only from the mobile terminal previously linked to the card, it is possible to prevent unauthorized use at the time of loss or theft of the card. Further, since the payment request data includes the ID of the store terminal, the payment can be requested only from the store terminal that has read the card in front of the customer, and the store approval ID includes the store terminal ID. Since they are not settled if they do not match, it is possible to prevent employees and the like from stealing the eyes of the customer and using them illegally while depositing the card at the store side.

The system may further include the following configuration.
If the card company system does not receive the payment information from the mobile terminal company system for a predetermined time, the card company system denies payment of the card and specifies the customer in advance via the mobile terminal company system. A denial notification is transmitted to the terminal.

  In this way, if there is no payment approval from the mobile terminal, a rejection notice is sent to the customer's pre-designated terminal (of course the same mobile terminal may be used). Useful for early detection.

  Further, in the above configuration, the predetermined time may be specified by a customer. In this way, even if you forget your mobile device or you can't use the mobile device immediately due to running out of battery, you can specify to delay the time to send payment approval from the mobile device to some extent. Even in such a case, there is no need to cancel shopping. However, in order to prevent abuse, the product is delivered after the payment approval is completed.

The system may further include the following configuration.
The portable terminal includes an IC card and short-range wireless communication means, and periodically communicates with the IC card. When the communication is interrupted, non-detection information of the IC card is displayed on the display unit of the portable terminal. It is characterized by doing.

  In this way, when the card is equipped with an IC chip and has a short-range wireless communication function, the mobile terminal periodically communicates with the IC card, and the card is within the wireless reach (several tens of centimeters to tens of meters). It is useful for quickly detecting the loss or theft of the card by detecting whether or not the card is present on the portable terminal.

The system may further include the following configuration.
The mobile terminal includes an IC card and short-range wireless communication means, and periodically communicates with the IC card. When the communication is interrupted, the customer terminal in which the customer has designated non-detection information of the IC card in advance It is characterized by notifying.

  In this way, as described above, when the card includes an IC chip and has a short-range wireless communication function, the mobile terminal periodically communicates with the IC card, and the card is within a wireless reachable range (several tens of centimeters to tenths). If the mobile device itself is lost or stolen, it will be notified to the device specified by the customer (PC at home or work, another mobile device, etc.) by e-mail, etc. Even if there is, you can quickly notice the situation.

The system may further include the following configuration.
The portable terminal includes a biometric detection unit that detects the biometric information of the customer, and transmits the biometric information to the portable terminal company system periodically or at the time of settlement at the store terminal. Features.

  That is, a means for detecting biometric authentication information such as a fingerprint or a voiceprint is provided on the mobile terminal, and the detected biometric information is appropriately transmitted to the mobile terminal company system to detect the use of the mobile terminal other than the customer. To. By doing so, it is possible to know that a mobile terminal has been used by someone other than the customer when the mobile terminal is lost or stolen.

The system may further include the following configuration.
The mobile terminal company system accepts a pause request for one or more cards associated with the mobile terminal from the mobile terminal or a customer terminal registered in advance from the mobile terminal, and sends the pause request to the temporary terminal. The notification destination of the card company system that manages the card is determined from the ID of the card that has received the suspension request of the card that has received the suspension request, and is transmitted to the card company system.

  That is, when a customer notices loss or theft of a card, all the cards associated with the portable terminal can be suspended by simply transmitting a card suspension request from the portable terminal to the portable terminal company system. This means that if a wallet or card case containing a large number of cards is lost or stolen, a card suspension request can be sent in a lump without individually contacting each card company. That is, it is possible to prevent a plurality of cards from being illegally used simultaneously.

  In the case of the above configuration, it is further preferable that the temporary stop request transmitted from the mobile terminal allows the customer to select a part or all of the plurality of cards associated with the mobile terminal. In this way, a card or the like that is associated with the mobile terminal but is known to be placed at home can be excluded from the suspension request.

The present invention can also be regarded as an invention of a card unauthorized use prevention method as described below, and has the same effects as the system described above.
A card company system, a store terminal of a member store, a mobile terminal of a customer, and a mobile terminal company system that manages the mobile terminal are a method of preventing unauthorized use of a card in a system connected by a network, When the customer pays with the card at the member store, reading the information of the card; and transmitting payment information including the card information, the store terminal ID and transaction information to the card company system; Transmitting the payment information to the mobile terminal of the customer, and after receiving the payment information in the mobile terminal, transmitting a payment approval request for approving payment of the card to the mobile terminal company system. In the mobile terminal company system, when the settlement approval request is received, the mobile terminal ID is pre-set. A step of reading one or more card IDs of the associated customer from a storage unit and a step of transmitting the payment information to a card company system of the card, and transmitting from the store terminal in the card company system And the step of paying the card on condition that the payment information sent from the mobile terminal company system matches the payment information.

In addition, the present invention can be regarded as an invention of a system having the following configuration by making a part that enables collective stop of linked cards from a mobile terminal independent.
A card company system, a customer's mobile terminal, and a mobile terminal company system that manages the mobile terminal are connected through a network to prevent unauthorized use of the card, and one or more of the customer's possession from the mobile terminal Means for registering the card in association with the ID of the mobile terminal in the mobile terminal company system, and means for registering another customer terminal of the customer in the mobile terminal company system in addition to the mobile terminal, The mobile terminal company system receives from the mobile terminal or the customer terminal a means for receiving a temporary stop request for one or a plurality of cards associated with the mobile terminal, and an ID of the card that has received the temporary stop request. Determining a notification destination of the card company system to be managed, and means for transmitting the suspension request to the card company system, Serial card company system is characterized in that it comprises means to suspend the use of the card on the basis of the temporary stop request.

  According to the present invention, not only when a card is lost or stolen, it also prevents unauthorized use at a store, and even when multiple cards are lost or stolen at the same time, all cards are prevented from being used at the same time. can do.

It is a figure which shows the outline at the time of the card payment in the card | curd unauthorized use prevention system which concerns on 1st embodiment of this invention. It is a figure which shows the outline at the time of card payment denial in the card unauthorized use prevention system which concerns on 1st embodiment of this invention. It is a figure which shows the outline at the time of the card | curd stop request | requirement transmission in the card | curd unauthorized use prevention system which concerns on 1st embodiment of this invention. It is a figure which shows the customer card information which concerns on the system of embodiment of this invention, and a customer terminal and card | curd tied information. It is a figure which shows the flow of the credit payment process which concerns on the system of embodiment of this invention. It is a figure which shows the flow of the tied card | curd stop process which concerns on the system of embodiment of this invention. It is a figure which shows an example of the registration screen of the service which concerns on the system of embodiment of this invention. It is a figure which shows an example of the screen at the time of card payment use of the service which concerns on the system of embodiment of this invention. It is a figure which shows an example of the screen at the time of card payment denial of the service which concerns on the system of embodiment of this invention. It is a figure which shows the continuation of an example of the screen at the time of card payment denial of the service which concerns on the system of embodiment of this invention. It is a figure which shows the tied card detection function in the customer portable terminal 40 which concerns on 2nd embodiment of this invention. It is a figure which shows the tied card | curd recognition process flow in the customer portable terminal 40 which concerns on 2nd embodiment of this invention. It is a figure which shows the outline at the time of the unauthorized use notification in the card unauthorized use prevention system which concerns on 3rd embodiment of this invention. It is a figure which shows the flow of a portable terminal identity verification process in the card unauthorized use prevention system which concerns on 3rd embodiment of this invention. It is a figure which shows an example of the screen at the time of the portable terminal which concerns on 2nd or 3rd embodiment of this invention, and a tied card stop request transmission.

  DESCRIPTION OF EMBODIMENTS Hereinafter, embodiments for carrying out the present invention (hereinafter referred to as embodiments) will be described in detail with reference to the accompanying drawings. Note that the same number is assigned to the same element throughout the description of the embodiment.

  FIG. 1 is a diagram showing an outline at the time of card payment in a card fraud prevention system (hereinafter referred to as the present system) according to the first embodiment of the present invention. This system includes a card company system 10 which is a system of a company that issues and manages a card requiring a financial settlement such as a credit card or a debit card, and a store installed in a store of a member store where a customer uses the card. A customer mobile terminal that is connected to a terminal 30 (CAT terminal; Credit Authorization Terminal) via the network 50 and is a portable terminal such as a customer's mobile phone, PHS (Personal Handy-phone System), smartphone, tablet terminal, etc. 40 and a mobile terminal company system 20 that is a system of a management / operation company of the customer mobile terminal 40 are connected via the Internet 60.

  The card company system 10 is composed of one or a plurality of computers, and functionally stores the store terminal communication unit 11 that controls communication with the store terminal 30 and the customer's card information from the store terminal 30 to receive the card information. The credit inquiry unit 12 that performs credit inquiry, the mobile terminal company system communication unit 14 that controls communication with the mobile terminal company system 20 of the mobile terminal to which the customer subscribes, and the card payment approval request of the customer from the mobile terminal company system 20 A payment approval unit 13 for confirming that the card has been received and completing the payment; and a card usage control unit 15 for temporarily stopping the card in response to a request from a customer when there is a possibility of unauthorized use of the card, etc. Is provided.

  Further, the present system includes a member store terminal DB 16 that stores the IDs (terminal identifiers) and member store information of store terminals 30 of all member stores as a database (DB) for performing the above processing, and a customer's card. A customer card information DB 17 storing information such as a number, a card holder, an expiration date, a personal identification number, and a security code, and a card transaction information DB 18 recording transaction information on the customer's card are provided. The network 50 is a line network supported by CAFIS (Credit And Finance Information Switching system) and the like, and includes an Internet network used by a telephone line (ADSL line or optical line), an IT telephone, or the like.

  The mobile terminal company system 20 is a system including one or a plurality of computers such as a mobile phone company connected to the customer mobile terminal 40 via the Internet 60 so as to be able to perform data communication. A customer terminal communication unit 21 that controls communication with the contracted customer mobile terminal 40 and other customer terminals (such as a PC), a card company system communication unit 23 that controls communication with the card company system 10, and a customer's database as a database Each mobile terminal includes a customer mobile terminal 40 and a customer terminal / card association information storage unit 22 associated (associated) with one or a plurality of card numbers held by the customer.

  When the customer makes a card payment at the store, the store terminal 30 reads the customer's card information and sends transaction information such as the name of the product / service purchased by the customer, the price, and the purchase date / time to the card company system 10. Further, the store terminal 30 includes a customer mobile terminal 40 and near field communication (NFC) means defined by standards such as infrared communication, Felica (registered trademark), ISO / IECC 14443, ISO / IECC 18092, and the like. When the payment request is transmitted to the card company system 10, the payment information including transaction information such as the card number, the ID of the store terminal 30 that has read the card, and the merchandise is also transmitted to the customer portable terminal 40. It is desirable that payment information can be received simply by holding the customer portable terminal 40 over the store terminal 30. If the store terminal 30 does not have short-range wireless communication means, a QR code (registered trademark) including settlement information (read card number, CAT terminal ID, transaction information) is generated and displayed on the screen, You may make it read the QR code (trademark) displayed with the camera of the portable terminal 40, or the scanner.

  The customer confirms that the payment information has been taken into the customer mobile terminal 40, accesses a predetermined URL of the mobile terminal company system 20, inputs a previously issued login ID and password, and carries a card payment approval request. It is transmitted to the terminal company system 20 together with the portable terminal ID. The portable terminal ID is a unique identification number of the portable terminal, and uses a manufacturing number of 11 to 15 digits although it differs depending on the manufacturer. In the mobile terminal company system 20, when this card payment approval request is received, all card numbers previously registered in association with the customer mobile terminal 40 from the mobile terminal ID are read from the customer terminal / card association information storage unit 22 and associated. For each of the card numbers, a communication destination to the card company system specified from the card number is determined, and a payment approval is transmitted to the corresponding card company system 10. As long as the card owned by the customer linked to the customer mobile terminal 40 is a card that requires financial settlement, such as a credit card or a debit card, it does not have to be a card of the same card company or the same group company, and joins this system. It can be any card company card.

  When the payment approval unit 13 of the card company system 10 receives the card number, the CAT terminal ID, and the transaction information included in the card payment approval, it compares them separately with the payment request data transmitted from the store terminal 30. Complete payment on condition that they match. The settlement result is notified to the store terminal 30. Although not particularly illustrated, it is desirable to notify the customer portable terminal 40 of the settlement result.

  In the present system, safety can be improved by combining payment approval from the store terminal 30 with payment approval from another route via the mobile terminal company from the customer mobile terminal 40. Instead of inputting the personal identification number at the shop terminal 30 as in the prior art, the personal identification number of the card may be input from the customer portable terminal 40 separately from the login password. Since payment is not performed unless approved by the customer portable terminal 40 registered by the customer, it goes without saying that unauthorized use at the time of loss or theft of the card can be prevented. Further, since the CAT terminal ID is included in the settlement conditions, settlement requests from other than the CAT terminal that the customer has read the card in front of is not settled. Accordingly, it is possible to prevent a malicious store clerk or the like from depositing the card from the customer and obtaining a password or signing it, and then stealing the customer's eyes and illegally using the card. Moreover, since the information of the card | curd linked | related is not memorize | stored in the customer portable terminal 40, even if the customer portable terminal 40 is lost or stolen, there is little risk of card information leakage.

The functional configuration of the system described above is merely an example, and one functional unit may be further divided, or a plurality of functional units may be configured as one functional unit. Each functional unit has a CPU (Central Processing Unit) built in the device and a ROM (Read Only
A computer program stored in a storage device (storage unit) such as a memory or a hard disk, and a computer program executed by the CPU is stored in a database (DB; Data Base) stored in the storage device (storage unit) It is realized by reading and writing necessary data such as a table from a storage area on a memory and controlling related hardware (for example, an input / output device, a display device, a communication interface device) in some cases. In addition, the database (DB) in the embodiment of the present invention may be a commercial database, but it simply means a collection of tables and files, and the internal structure of the database itself does not matter.

  FIG. 2 is a diagram showing an outline at the time of denial of card payment in the unauthorized card usage prevention system according to the first embodiment of the present invention. In this figure, when there is no payment approval request from the customer portable terminal 40, not only the payment of the card is denied, but also the movement of the system for notifying the customer of the unauthorized use is shown.

  When the card payment request is transmitted from the store terminal 30 and the credit inquiry unit 12 completes the credit inquiry of the card itself, the payment approval unit 13 checks whether or not the payment approval is received from the mobile terminal company system 20. The payment approval unit 13 transmits the payment NG to the store terminal 30 via the store terminal communication unit 11 when the payment approval is not received during the predetermined time. At the same time, the payment approval unit 13 notifies the card usage control unit 15 that the payment approval from the customer portable terminal 40 has not been received or the received data does not match. At this time, the card usage control unit 15 sends an unauthorized card usage notification email to the customer fixed terminal 70 such as a PC (Personal Computer) installed in the home or the like separately registered by the customer via the mobile terminal company system communication unit 14. Send. In addition to email notification, it may be automatically sent to a customer's landline or the like separately. Here, the reason for sending the unauthorized use notification to the customer fixed terminal 70 instead of sending it to the customer portable terminal 40 is that the customer portable terminal 40 is put in a bag or the like and is lost or stolen together with the card. This is also possible.

  In this way, even if the card and the customer mobile terminal 40 are lost or stolen at the same time, they can be used illegally unless the login ID, password, and password of the card are all known. The card usage notification can be quickly received even if the card is illegally used.

  In addition, the store clerk of the store terminal 30 that has received the payment NG can request to send an approval from the customer terminal and request a payment approval again if the customer is still there. This is to make it possible to cope with a customer's operation mistake, the battery of the mobile terminal running out, the case where the mobile terminal is left at home, and the like. In this case, when making a payment request from the store terminal 30, it may be possible to specify that the payment approval request is delayed from the customer portable terminal 40 for a predetermined time (for example, about several hours). When the predetermined time is specified, the payment approval unit 13 does not send the payment NG to the store terminal 30 for the predetermined time, but the payment approval is in a waiting state for the card usage control unit 15. (The customer fixed terminal 70 and telephone notification are desirable). This is to prevent abuse of this relief procedure. However, the customer who has received the contact needs to bring the customer portable terminal 40 and go to the store again to approve the settlement.

  FIG. 3 is a diagram showing an outline when a card stop request is transmitted in the unauthorized card usage prevention system according to the first embodiment of the present invention. In this figure, as shown in the previous figure, when the card is used without the payment approval from the customer portable terminal 40, or it is determined that there is a possibility of fraudulent use when the customer notices the loss or theft of the card separately. If so, show the system movement to stop the card as soon as possible.

  In this case, in this system, the customer transmits a card stop request from the customer portable terminal 40 or the customer fixed terminal 70 to the portable terminal company system 20 instead of the card company. In the mobile terminal company system 20, when a login from a registered customer is accepted for a URL dedicated to card stop, all card numbers associated with the customer mobile terminal 40 designated from the customer terminal / card association information storage unit 22 are displayed. A predetermined communication destination of the card company system 10 is determined from all the card numbers or the card number that the customer has selected to stop, and a card pause request is transmitted for each card. The card usage control unit 15 of the card company system 10 (10a, 10b, etc.) that received the temporary stop request, respectively, confirms the validity of the temporary stop request by the card number, the portable terminal ID, and the customer's input that was input at the time of the stop request. If the personal information is checked and it is determined that the stop request is valid, data for temporarily stopping the use of the card is written in the customer card information DB 17. Of course, it is desirable to be able to release the suspension for a certain period in case a lost card is found at a later date.

  In this way, especially when the customer owns a large number of cards and contacts the wallet or card case containing the cards for a moment when they are lost or stolen, they can be contacted once. Since all or some of the cards associated with the customer portable terminal 40 can be stopped, it is possible to quickly prevent unauthorized simultaneous use of the cards.

  FIG. 4 is a diagram showing customer card information and customer terminal / card association information according to the system of the embodiment of the present invention. The customer card information 100 and the customer terminal / card association information 200 shown in the figure are schematically represented in a table format. The customer card information DB 17 of the card company system 10 and the customer terminal / card of the mobile terminal company system 20 are respectively shown. It is stored in the association information storage unit 22.

  As shown in the figure, the customer card information 100 includes personal information 102 such as a card holder, an expiration date, a password, a security code, a withdrawal account, a contact address of the card holder, and a telephone number in addition to the card number 101. Including. Further, the customer card information 100 stores a flag 103 indicating whether or not payment approval from the customer portable terminal 40 (hereinafter referred to as “mobile approval”) is necessary. If “Mobile Approval” is registered as “No”, settlement is performed in the same manner as in the past. If “Mobile Approval” is registered, the store terminal 30 ( In response to a payment request from the CAT terminal 30), a payment approval request from the customer portable terminal 40 is received, and card payment is executed on condition that the payment information matches. When the “card approval” is required, the card company system 10 receives the customer portable terminal information 104 such as the customer portable terminal ID, the customer portable terminal telephone number, and the customer portable terminal mail address from the portable terminal company system 20. It may be received as appropriate and included in the customer card information 100.

  In the customer card information 100, a card use availability state 105 is stored. When the card can be used for payment, the card availability status 105 is “available”, and when a card suspension request is received from the customer, such as when unauthorized use is detected, the card availability status 105 is “paused. Middle ". The card use permission / prohibition state 105 may indicate other states (for example, the card has expired or the use limit has been exceeded).

  The customer terminal / card association information 200 includes customer portable terminal information 202 such as a customer portable terminal ID, a customer portable terminal telephone number, and a customer portable terminal mail address for each customer ID 201 as shown in the figure. The customer terminal / card association information 200 includes one or more association card numbers 203 associated with the customer mobile terminal 40. Furthermore, the customer terminal / card association information 200 is preferably a terminal different from the customer portable terminal 40, and preferably includes information on a fixed terminal installed at the customer's home or the like. Specifically, the customer fixed terminal information 204 includes a customer fixed terminal ID, a customer fixed terminal telephone number (fixed telephone number), and a customer fixed terminal mail address. By doing in this way, even if the customer portable terminal 40 is lost or stolen, the portable terminal company system 20 can notify various data to other terminals of the customer. However, the customer fixed terminal 70 does not prevent the customer fixed terminal 70 from being a portable terminal different from the customer portable terminal 40.

  FIG. 5 is a diagram showing a flow of credit settlement processing according to the system of the embodiment of the present invention. This flowchart mainly shows the processing contents of the payment approval unit 13 in the card company system 10.

  First, in step S10, if the card credit checked by the credit inquiry unit 12 is OK, the process proceeds to step S11. If the card credit is NG, the process proceeds to step S18 and settlement is denied. In step S11, it is checked whether or not a payment approval request (mobile approval) from the customer mobile terminal 40 is necessary for this card payment. If mobile approval is required, the mobile approval from the customer mobile terminal 40 is received. Is checked (step S12). If the mobile phone approval is not received within the predetermined time, the process proceeds to step S16. If the mobile phone approval is received in step S12, the process proceeds to step S13, where it is checked whether the card number and transaction information match, and if they match, the store terminal ID is further checked (step S12). S14). If the store terminal IDs coincide with each other, the process proceeds to step S15 to perform settlement completion processing.

  If portable approval is unnecessary in step S11, the processing in steps S12 to S14 is skipped, and the process immediately proceeds to step S15 to perform settlement completion processing. In the payment completion process, the transaction content data is written in the card transaction information DB 18. Thereafter, the process proceeds to step S19, and in either case of settlement OK or NG, a settlement completion notice is transmitted to the store terminal 30 and the customer terminal, and the credit settlement process is terminated.

  If the mobile phone approval is not obtained for a certain time in step S12, the process proceeds to step S16 to check whether “post approval” is designated. “Post-approval” allows the mobile phone approval to be sent later within a specified time if the mobile phone approval cannot be sent immediately for some reason of the customer. When “after approval” is designated, the process proceeds to step S17, where the settlement is temporarily suspended, and the mode is shifted to a mode in which the portable approval is waited for the designated time. At this time, the customer terminal is notified that the portable approval is in a waiting state. If the mobile phone approval is not received even after the designated time has elapsed (step S17a: No), the process proceeds to step S18 and the settlement is denied. When the portable approval is received within the designated time (step S17a: Yes), the process returns to step S13, and the content of the received portable approval is checked. In step S13 and step S14, if at least one of the card number, transaction information, and store terminal ID does not match the data included in the payment request from the store terminal 30 and the data included in the portable approval, step S18. The settlement is denied.

  FIG. 6 is a diagram showing a flow of the tied card stop process according to the system of the embodiment of the present invention. This flowchart mainly shows the processing contents of the customer terminal communication unit 21 and the card company system communication unit 23 of the mobile terminal company system 20.

  First, in step S20, the customer terminal communication unit 21 determines whether the request from the customer terminal (customer fixed terminal 70 or customer portable terminal 40) is a card stop request. If it is not a card stop request, the linked card stop process ends. If it is a card stop request, it is determined in step S21 whether or not a card number has been selected by the customer for the card stop request.

  If the card number has been selected, it is checked in step S22 whether the card number and the customer terminal ID match the customer terminal / card association information 200. If not, the process returns to step S21 to return to the next card number. Check. In step S22, if the card number and the customer terminal ID match the customer terminal / card association information 200, the card company system communication unit 23 uses the card number to indicate the notification destination of the card company system 10 in the internal storage unit. In step S23, the card company system 10 is notified. Then, it is checked whether or not all the cards associated with the customer portable terminal 40 have been processed (step S24). If all the cards have not been processed, the process returns to step S21. If all the cards have been processed, the linked card stop process is terminated.

  FIG. 7 is a diagram showing an example of a service registration screen according to the system of the embodiment of the present invention. When the customer intends to receive a payment service by this system, the customer accesses a predetermined URL of the mobile terminal company system 20 using the mobile terminal to be registered. After opening this URL, registering a login ID and password, and selecting new registration from the operation menu, a registration screen 400 as shown is displayed.

  In the registration screen 400, customer terminal information 401 such as a mobile phone number, a mobile phone terminal ID, and a mobile mail address of a mobile terminal (mobile phone) currently used by a customer is input. Since the mobile phone terminal ID is different for each manufacturer, it is desirable to provide means for automatically reading out and displaying the serial number incorporated in the mobile phone. Further, in preparation for the loss or theft of a mobile phone, customer fixed terminal information 402 such as a fixed telephone number, a fixed terminal ID of a home PC (hardware specific identifier), a fixed terminal mail address (PC mail address), etc. It is desirable to enter. As for the fixed terminal ID, it is desirable to separately provide means (tool) for reading out and displaying from inside the apparatus such as a PC.

  Next, one or more numbers of cards (here, credit cards) to be associated with the mobile phone used for registration are input. The credit card holder or expiration date may be entered for confirmation, but this is not essential. When such input is completed, the registration button 403 is pressed to display a confirmation, and then all the input data is encrypted and transmitted to the mobile terminal company system 20 to complete the registration for the service. Thereafter, the credit card registered here needs to be approved for settlement from the mobile phone registered here. Of course, it goes without saying that a means for changing or canceling the registered contents is provided.

  FIG. 8 is a diagram illustrating an example of a screen when using card payment of a service according to the system of the embodiment of the present invention. The upper part of the figure shows a payment request screen 300 displayed on the store terminal 30 when the customer uses card payment at the store, and the lower part of the figure shows a payment approval request screen 410 displayed on the customer portable terminal 40. Yes.

  On the settlement request screen 300 of the store terminal 30, the credit card number read as shown and the CAT terminal ID of the store terminal 30 are displayed, and shopping information such as products purchased by the customer is displayed. If the customer has registered for mobile approval, a message indicating that mobile approval is required is displayed. The clerk who sees this display tells the customer that approval from the mobile phone is necessary and requests that the mobile phone be prepared. When the store clerk presses the send button 301 from the settlement request screen 300 and holds the customer portable terminal 40 over the store terminal 30, the displayed content is transmitted to the customer portable terminal 40 by short-range wireless communication. At this time, a card settlement request is also transmitted to the card company system 10. The timing at which the settlement request is transmitted to the card company system 10 may be the same as when it is transmitted to the customer portable terminal 40 or may be different. Of course, it may be after confirming transmission of the payment approval request from the customer portable terminal 40.

  When the customer portable terminal 40 receives the payment information data from the store terminal 30, the customer portable terminal 40 automatically displays the payment approval request screen 410. The customer confirms the contents of this screen, and if OK, inputs a login ID and password for a previously registered service and presses an approval button 412 to send a payment approval to the mobile terminal company system 20. You may make it require the input of the PIN code of the credit card used at this time. If the credit card PIN is input from the customer portable terminal 40, the credit card PIN can be omitted from the store terminal 30. In other words, the dedicated terminal connected to the store terminal 30 for entering the password can be omitted from the store, and it is easier to enter the password or the like from the mobile phone familiar to the customer. There is also the merit that there is less anxiety that it may be seen by other customers.

  As already described, the payment approval request transmitted from the customer portable terminal 40 is confirmed by the mobile terminal company system 20 after confirming that the credit card number is associated with the customer portable terminal 40 that transmitted the payment approval. Transferred to the card company system. The payment request from the store terminal 30 is completed on condition that the payment request data from the store terminal 30 and the payment approval data from the customer portable terminal 40 match.

  FIG. 9 and FIG. 10 are diagrams showing examples of screens at the time of denial of card payment for services according to the system of the embodiment of the present invention. This screen is a screen displayed when a card payment request is transmitted from the store terminal 30 but the payment is denied for some reason.

  The screen 310 in the upper part of FIG. 9 is displayed on the store terminal 30 and indicates that the payment is denied because the payment approval is not received from the customer portable terminal 40 within a predetermined time. Other reasons for refusal include expiration of the card and exceeding the card usage limit, but if payment is approved from a mobile terminal other than the registered mobile terminal, or the CAT terminal that has read the card Is also a reason for denial when making a settlement request from another store terminal.

  The screen 420 in the lower part of FIG. 9 is displayed on the customer mobile terminal 40 and / or the customer fixed terminal 70 when the mobile phone approval is not received within a predetermined time when the card payment is rejected. In this case, since there is a possibility of unauthorized use, a button 421 for proceeding to a credit card stop request is prepared.

  When the button 421 for proceeding to the credit card stop request is pressed, the type and card number of the credit card associated with the customer portable terminal 40 are displayed as shown on a screen 430 in FIG. When a customer selects a card (part or all) to be stopped from this screen 430 and presses a button 431 for requesting stop of the credit card, the contents are transmitted to the mobile terminal company system 20 and selected. The credit card is communicated to the company's system. At this time, in order to indicate that the request is from the card holder himself / herself, input of a customer terminal ID, a login ID / password, and a password is required. If the card company system 10 determines that the request is a stop request from the card holder from these data, the card company system 10 places the credit card in a suspended state.

  In addition to the first embodiment of the present system described above, an embodiment in which a function for detecting loss / theft of a tied card is added to the customer portable terminal 40 is also possible. This will be described below as a second embodiment. FIG. 11 is a diagram showing a tied card detection function in the customer mobile terminal 40 according to the second embodiment of the present invention.

  As shown in the figure, the customer portable terminal 40 includes a card association information storage unit 41 that stores a card number associated with the terminal. The card association information storage unit 41 stores the card association information transmitted to the mobile terminal company system 20 when the customer registers for the service. Alternatively, the mobile terminal company system 20 may be separately accessed at an arbitrary timing and downloaded from the customer terminal / card association information storage unit 22 to the card association information storage unit 41.

  In addition, the customer portable terminal 40 includes a card detection unit 42 that automatically communicates with an IC card 80 (80a, 80b, etc.) with a built-in IC chip using short-distance wireless communication means having a communication distance of several tens of centimeters to several tens of meters. The associated IC card 80 in the vicinity of the customer portable terminal 40 (in the same building) can be detected. It is assumed that the IC card 80 has a battery necessary for communication. Automatic communication is performed at regular intervals. The card status display unit 43 determines that the terminal and the card are not in the vicinity when the card detection unit 42 cannot detect the card a predetermined number of times even if the card detection unit 42 tries to communicate at regular intervals. Display the card status (for example, “Card XXX cannot be detected”). In addition to displaying the card status, a card status notifying unit 44 having a function of notifying the customer fixed terminal 70 by e-mail or the like may be further provided.

  When the customer portable terminal 40 having such a function and the IC card 80 are used, it is detected that the card that is usually present with the customer portable terminal 40 is at a certain distance (cannot be detected for a predetermined time), and is displayed / notified. By doing so, you can quickly know the possibility of card loss or theft. The customer who sees the notification or receives the notification confirms the location of the card, and if necessary, transmits a card stop request from the customer portable terminal 40 or the customer fixed terminal 70 in the procedure described above. Can do.

  FIG. 12 is a diagram showing a tied card recognition process flow in the customer portable terminal 40 according to the second embodiment of the present invention.

  In step S30, the customer portable terminal 40 determines whether or not the current time has reached a time for detecting a predetermined card. If the current time has come, the process proceeds to step S31 and transmits a detection signal to each card. To do. If there is a response to the detection signal from each card in step S32, the process proceeds to step S33, and the card detection time is recorded for each card. If the card cannot be detected in step S32, the process moves to step S34 to determine whether or not a predetermined time has elapsed from the previously detected time. If so, the card detection is repeated a predetermined number of times in step S35. If the card is not detected a predetermined number of times, “card not detected” is displayed or notified. If the predetermined time has not elapsed in step S34, the process proceeds to step S36 to check whether or not all the linked cards have been processed. If not all the linked cards have been processed, the process returns to step S31 until all card processing is completed. Steps S31 to S35 are repeated. In this way, it is detected that the IC card associated with the customer portable terminal 40 is in the vicinity at regular intervals.

  In addition to the first and second embodiments of the system described above, an embodiment in which the personal identification function is further enhanced in the customer portable terminal 40 is also possible. This will be described below as a third embodiment. FIG. 13 is a diagram showing an outline at the time of unauthorized use notification in the unauthorized card usage prevention system according to the third embodiment of the present invention.

  The customer portable terminal 40 in the present embodiment is provided with biometric authentication information acquisition means for reading the biometric information of the terminal user, such as the fingerprint reading unit 45 or the voiceprint reading unit 46. For example, when the customer mobile terminal 40 is a mobile phone, the voice print information of the user is automatically stored when making or receiving a call. In addition, the fingerprint reading unit 45 attached to an appropriate place where the finger touches during the operation of the mobile phone can automatically read the fingerprint when the user operates the mobile phone.

  The acquired biometric authentication information is temporarily stored in a storage unit inside the mobile phone, and then transmitted to the mobile terminal company system 20 by the biometric authentication information transmission unit 47. The timing for transmitting the biometric authentication information may be set every predetermined period, and the period may be set in advance, such as several hours to one day.

  In the portable terminal company system 20, when this biometric information is received, it is stored in the biometric information recording unit 24 for each customer. If the mobile use state change detection unit 25 does not match the data of the biometric authentication information received this time with the pre-registered customer's data, the connection history of the customer mobile terminal recorded in the connection recording unit 26 (mobile terminal) For example, a situation in which biometric authentication information has been changed and the customer has been used from a base station other than the base station to which the customer normally connects (if possible, GPS determination and location information) If it is determined that there is a possibility that a person other than the customer himself / herself has used this portable terminal, a notification mail for changing the portable use state is automatically created and notified to the customer fixed terminal 70. By receiving this notification, the customer is more likely to notice the loss or theft of the customer portable terminal 40 in a timely manner. Here, it is possible to transmit a suspension of the portable terminal or a card suspension request from the notification mail of the portable use state change.

  FIG. 14 is a diagram showing a flow of portable terminal identity verification processing in the unauthorized card usage prevention system according to the third embodiment of the present invention. This processing flow is performed in cooperation with the customer portable terminal 40 and the portable terminal company system 20.

  The customer portable terminal 40 determines whether or not the portable terminal is in a use start state in step S40. If it is determined that the use has been started, biometric information is detected by the biometric information acquisition means equipped in step S41. In step S42, it is checked whether or not a predetermined time has elapsed since the previous biometric authentication information was transmitted. If the predetermined time has elapsed, the biometric authentication information is transmitted to the mobile terminal company system 20 in step S43. In addition, although the case where biometric authentication information was transmitted for every fixed period was demonstrated in this figure, it is also possible to set another transmission timing. That is, when communicating with the store terminal 30 when using the card (when the customer portable terminal 40 is held over the store terminal 30), the biometric authentication information stored in the storage unit inside the portable terminal 40 is transmitted to the portable terminal company system 20. You may do it.

  The portable terminal company system 20 periodically ticks biometric information reception in step S50. When the biometric authentication information is received, it is determined in step S51 whether the biometric authentication information matches that of the customer himself / herself. If it is determined to be that of the user (step S52; Yes), the processing is performed as it is. If it is determined that the user does not belong to the user (step S52; No), the customer fixed terminal 70 is notified of the fact. As described above, the connection history may be referred to at this time.

  FIG. 15 is a diagram illustrating an example of a screen at the time of transmitting the portable terminal and the tied card stop request according to the second or third embodiment of the present invention. When the customer notices that the customer mobile terminal 40 has been illegally used by the notification as described above, or when the customer himself notices the loss or theft of the customer mobile terminal 40 or the card, the customer notifies the mobile terminal company system 20 By doing so, it is possible to make a request to pause the mobile terminal and stop all or some of the cards associated with the mobile terminal at once.

  The screen 440 is a screen for transmitting a collective stop request for the mobile phone and the associated card prepared in such a case. As shown in the figure, the upper row displays the situation where the unauthorized use of the mobile phone has been determined, and the lower row displays a list of credit cards associated with the mobile phone. After confirming this information, the customer presses the mobile phone stop request button 441 to stop the mobile phone, and to stop the credit card, the customer selects the card to stop and the credit card stop request button 442. push. By doing in this way, it is possible to process in a lump without individually contacting the mobile phone company and a large number of credit card companies, which can greatly help prevent unauthorized use of the mobile phone and credit card.

  As mentioned above, although this invention was demonstrated using embodiment, it cannot be overemphasized that the technical scope of this invention is not limited to the range as described in the said embodiment. It will be apparent to those skilled in the art that various modifications or improvements can be added to the above-described embodiments. Further, it is apparent from the scope of the claims that the embodiments added with such changes or improvements can be included in the technical scope of the present invention.

10, 10a, 10b Card company system 11 Store terminal communication department
12 Credit Inquiry Department
13 Payment Approval Unit 14 Mobile Terminal Company System Communication Unit 15 Card Usage Control Unit 16 Merchant Terminal DB
17 Customer card information DB
18 Card sales information DB
20 mobile terminal company system 21 customer terminal communication unit 22 customer terminal / card association information storage unit 23 card company system communication unit 24 biometric authentication information recording unit 25 portable use state change detection unit 26 connection recording unit 30 store terminal (CAT terminal)
DESCRIPTION OF SYMBOLS 40 Customer portable terminal 41 Card correlation information recording part 42 Card detection part 43 Card state display part 44 Card state notification part 45 Fingerprint reading part 46 Voiceprint reading part 47 Biometric authentication information transmission part 50 Network 60 Internet 70 Customer fixed terminal 80, 80a, 80b IC card 100 Customer terminal / card association information 300, 310 Card company system provision screen 400, 410, 420, 430, 440 Mobile terminal company system provision screen

Claims (10)

An unauthorized card usage prevention system in which a card company system, a store terminal of a member store, a mobile terminal of a customer, and a mobile terminal company system that manages the mobile terminal are connected via a network,
The store terminal, when a customer pays with a card at the member store, means for reading the information of the card and transmitting settlement information including the card information, the store terminal ID and transaction information to the card company system And means for transmitting the payment information to the mobile terminal of the customer,
The mobile terminal comprises means for transmitting a payment approval request for approving payment of the card to the mobile terminal company system after receiving the payment information,
When the mobile terminal company system receives the payment approval request, the mobile terminal company system reads one or a plurality of card IDs of the customer previously associated with the ID of the mobile terminal from the storage unit, and stores the card in the card company system of the card. Means for transmitting payment information,
The card company system comprises payment approval means for performing payment of the card on condition that the payment information transmitted from the store terminal and the payment information transmitted from the mobile terminal company system match. A card misuse prevention system that is characterized.   If the card company system does not receive the payment information from the mobile terminal company system for a predetermined time, the card company system denies payment of the card and specifies the customer in advance via the mobile terminal company system. The unauthorized card usage prevention system according to claim 1, wherein a rejection notice is transmitted to the terminal that has received the request.   The card unauthorized use prevention system according to claim 2, wherein the predetermined time can be specified by the customer.   The portable terminal includes an IC card and short-range wireless communication means, and periodically communicates with the IC card. When the communication is interrupted, non-detection information of the IC card is displayed on the display unit of the portable terminal. The system for preventing unauthorized use of a card according to claim 1.   The mobile terminal includes an IC card and short-range wireless communication means, and periodically communicates with the IC card. When the communication is interrupted, the customer terminal in which the customer has designated non-detection information of the IC card in advance The card unauthorized use prevention system according to claim 1, wherein:   The portable terminal includes a biometric detection unit that detects the biometric information of the customer, and transmits the biometric information to the portable terminal company system periodically or at the time of settlement at the store terminal. The system for preventing unauthorized use of a card according to claim 1, wherein:   The mobile terminal company system accepts a pause request for one or more cards associated with the mobile terminal from the mobile terminal or a customer terminal registered in advance from the mobile terminal, and sends the pause request to the temporary terminal. The notification destination of the card company system that manages the card is determined from the ID of the card that has received the suspension request of the card that has received the suspension request, and is transmitted to the card company system. Card fraud prevention system.   The card improper use prevention system according to claim 7, wherein the temporary stop request allows a customer to select a part or all of a plurality of cards associated with the mobile terminal. An unauthorized card usage prevention method in a system in which a card company system, a store terminal of a member store, a mobile terminal of a customer, and a mobile terminal company system that manages the mobile terminal are connected via a network,
In the store terminal, when the customer pays with the card at the member store, the step of reading the information of the card and the payment information including the card information, the store terminal ID and the transaction information are transmitted to the card company system. And sending the payment information to the mobile terminal of the customer,
In the mobile terminal, after receiving the payment information, having a step of transmitting a payment approval request for approving payment of the card to the mobile terminal company system,
In the portable terminal company system, when receiving the payment approval request, the step of reading out one or a plurality of card IDs of the customer previously associated with the ID of the portable terminal from the storage unit; and the card company system of the card Sending the payment information to
In the card company system, the card company system includes a step of performing payment of the card on condition that the payment information transmitted from the store terminal matches the payment information transmitted from the mobile terminal company system. How to prevent unauthorized use of cards. An unauthorized card usage prevention system in which a card company system, a customer's mobile terminal, and a mobile terminal company system that manages the mobile terminal are connected via a network.
Means for registering one or a plurality of cards owned by the customer in the portable terminal company system in association with the ID of the portable terminal from the portable terminal; in addition to the portable terminal, another customer terminal of the customer; Means for registering with the mobile terminal company system,
The mobile terminal company system is configured to receive, from the mobile terminal or the customer terminal, a means for receiving a temporary stop request for one or more cards associated with the mobile terminal, and an ID of the card that has received the temporary stop request. A means for determining a notification destination of a card company system that manages the card company, and transmitting the suspension request to the card company system,
The card company system includes a means for temporarily stopping the use of the card based on the suspension request, the card unauthorized use preventing system.

Images