JP2016197297A - Unauthorized transaction prevention apparatus, unauthorized transaction prevention method, unauthorized transaction prevention system, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an unauthorized transaction prevention apparatus configured to prevent an unauthorized transaction from an access terminal connected to the Internet, an unauthorized transaction prevention method, an unauthorized transaction prevention system, and a program.SOLUTION: An unauthorized transaction prevention apparatus 1 executes: first processing of registering first identification information unique to a transmitter 4, which is acquired at the first connection to access terminals 3a-3n, via the access terminals 3a-3n, from the transmitter 4 which has established connection with the access terminals 3a-3n; second processing of determining whether the first identification information has been registered or not, at the second and subsequent connections with the access terminals 3a-3n; and third processing of transmitting a short mail message for confirming execution of a transaction to a mobile phone of a user who executes the transaction, when a determination is made that the first identification information has been registered, and permitting the transaction when the user shows his or her intention to execute the transaction within a predetermined time by means of the short mail message.SELECTED DRAWING: Figure 1

Description

  The present invention relates to an unauthorized transaction prevention device, an unauthorized transaction prevention method, an unauthorized transaction prevention system, and a program.

  For example, Patent Document 1 discloses a technology that allows a new contract for Internet banking to be accepted on the Internet and enables immediate use. Internet banking is an additional service for customers who have ordinary accounts. In addition to account transactions at ordinary tellers and ATMs (Automated Teller Machine), these transactions are realized on the Internet. . A user who has applied for Internet banking can connect his / her terminal and a financial institution server via the Internet and receive various information services including balance inquiry, deposit / withdrawal details, and transfer / transfer.

  By the way, recently, the damage caused by unauthorized access to Internet banking and unauthorized money transfer has increased. Most of them are accessed from personal computers related to viruses that trigger fraudulent remittance, and there are many cases of fraudulent pop-ups displayed on legitimate bank sites to steal IDs and passwords. If an ID or password is stolen, there is a risk that the deposit and savings may be illegally taken by impersonation.

JP 2001-350918 A

  In the past, identity authentication and password have been mostly used for identity authentication. However, as a result of theft of IDs and passwords, or the frequent occurrence of large-scale leaks, more advanced security measures are required, and authentication using one-time passwords has been carried out. Nevertheless, according to recent newspaper reports, a case of fraudulent transfer of stealing one-time passwords was reported, and damage to major banks was reported. Therefore, the emergence of authentication means from a new mechanism that is not bound by the conventional concept is expected.

  The present invention has been made to solve the above-described problems, and can prevent illegal transactions with a new mechanism that is not confined to conventional concepts, an illegal transaction prevention device, an illegal transaction prevention method, and illegal transaction prevention. It is an object to provide a system and a program.

  In order to solve the above-described problem, the unauthorized transaction preventing apparatus of the present invention is an unauthorized transaction preventing apparatus for preventing an unauthorized transaction by an access terminal connected to the Internet, and at the first connection between a storage unit and the access terminal. The first identification information specific to the transmitting device, which is acquired from the transmitting device established with the access terminal through the access terminal, is registered in a predetermined area of the storage unit. And a second process for determining whether or not the first identification information has been registered with reference to a predetermined area of the storage unit at the next and subsequent connections with the access terminal. And when the second identification process determines that the first identification information has been registered, the processing unit further includes a processing unit that executes the transaction. The willingness to execute the transaction Send a short mail to perform, and executes a third process that allows the transaction if there is intention of the person transaction executed via the short mail within a predetermined time.

  In the fraudulent transaction prevention apparatus of the present invention, the third process displays on the screen displayed on the access terminal that a confirmation e-mail has been transmitted to the mobile phone of the person performing the transaction, And a process of interrupting the transaction when there is no confirmation response of intention confirmation and displaying that the transaction is interrupted on a screen displayed on the access terminal.

  In the fraudulent transaction prevention apparatus of the present invention, the third process is a reply screen for confirming the intention of executing the transaction when there is no change in the owner of the registered telephone number for the mobile phone of the person who performs the transaction. And a process of transmitting a short mail for guiding the user.

  In the fraudulent transaction preventing apparatus of the present invention, the processing unit registers second identification information unique to the access terminal in a predetermined area of the storage unit at the first connection with the access terminal, and At the time of the subsequent connection, it is determined whether or not both the first identification information and the second identification information have been registered with reference to a predetermined area of the storage unit, and the first identification When it is determined that the information or the second identification information is unregistered, a short mail is transmitted to a reply screen for confirming the intention of executing the transaction to the mobile phone of the person performing the transaction. .

In the fraudulent transaction preventing apparatus of the present invention, the processing unit registers third identification information unique to a user in a predetermined area of the storage unit at the first connection with the access terminal, and the first identification information Alternatively, when the second identification information is re-registered, it is determined whether or not the third identification information has been registered by referring to a predetermined area of the storage unit, and the third identification information is already registered. When it is determined that the first identification information or the second identification information is registered, a process of permitting registration of the first identification information or the second identification information is further executed.

  The unauthorized transaction prevention method of the present invention is an unauthorized transaction prevention method for preventing unauthorized transactions by an access terminal connected to the Internet, and a connection is established with the access terminal at the first connection with the access terminal. A first step of registering first identification information unique to the transmission device acquired from the transmission device via the access terminal, and the first identification information at the next connection with the access terminal. The second step of determining whether or not the transaction has been registered, and when the first identification information is determined to be registered, the mobile phone of the person who performs the transaction is A third step of transmitting a short mail for confirming the will and permitting the transaction when an intention to execute the transaction is received via the short mail within a predetermined time. And wherein the door.

  The program according to the present invention provides the computer with first identification information unique to the transmitting device acquired via the access terminal from the transmitting device that has established a connection with the access terminal at the first connection with the access terminal. A first procedure for registration, a second procedure for determining whether or not the first identification information has been registered at the next connection with the access terminal, and the first identification information is registered. If it is determined that the transaction has been completed, a short mail for confirming the intention to execute the transaction is transmitted to the mobile phone of the person performing the transaction, and the transaction execution of the person is performed via the short mail within a predetermined time. And performing a third procedure for permitting the transaction when an intention is displayed.

  The unauthorized transaction prevention system of the present invention is an unauthorized transaction prevention system for preventing unauthorized transactions by an access terminal connected to the Internet, and is given unique identification information and can communicate with the access terminal. Registration information unique to the calling device acquired via the access terminal from the calling device that has established a connection with the access terminal at the time of the initial connection between the calling device and the access terminal A first process; a second process for determining whether or not the identification information has been registered; and a determination that the first identification information has been registered at the next and subsequent connections with the access terminal. In such a case, a short mail for confirming the intention to execute the transaction is transmitted to the mobile phone of the person who performs the transaction, and the person's mobile phone is confirmed via the short mail within a predetermined time. Characterized by comprising a fraudulent transaction prevention device executes a third process that allows the transaction if there is intention of 引実 line, the.

  According to the present invention, it is possible to provide a fraudulent transaction prevention apparatus, a fraudulent transaction prevention method, a fraudulent transaction prevention system, and a program that can prevent fraudulent transactions with a new mechanism that is not bound by conventional concepts.

It is a block diagram of the unauthorized transaction prevention system which concerns on embodiment of this invention. It is an operation | movement sequence diagram of the unauthorized transaction prevention system which concerns on embodiment of this invention. It is a block diagram which shows the structure of the unauthorized transaction prevention apparatus which concerns on embodiment of this invention. It is an operation | movement flowchart of the unauthorized transaction prevention apparatus which concerns on embodiment of this invention. It is a figure which shows the example of a screen structure of the unauthorized transaction prevention apparatus which concerns on embodiment of this invention. It is a figure which shows the example of a screen structure of the unauthorized transaction prevention apparatus of the modification of this invention. It is the figure which showed an example of the reason display transmitted from an exchange in tabular form. It is a figure which shows an example of the data structure of telephone number usage log | history DB of FIG. It is a figure which shows an example of the data structure of the pattern table of FIG.

  First, the outline image of the unauthorized transaction prevention system according to the embodiment of the present invention will be described. The unauthorized transaction prevention system according to the embodiment of the present invention is given unique identification information (ID), and can communicate with an access terminal that accesses a banking system such as ATM (Automated Teller Machine) or Internet banking. A simple transmission device is used as a tool for authentication. Then, a simple and strong security is established by a server (unauthorized transaction prevention device) that performs a personal authentication service with the bank system, by crediting with a transmitting device or a combination of the transmitting device and an access terminal.

  Here, the access terminal is assumed to be a mobile terminal such as a PC or a smart phone, and the transmission device is assumed to be a communication device called Beacon that is currently spreading. The transmitting device is, for example, a small machine capable of short-range wireless communication of several tens of meters with Apple's specification using BLE (Bluetooth Low Energy) technology. Here, each transmitting device has its own unique ID information. Therefore, when there are a plurality of transmitting devices, it is possible to identify which transmitting device. At this time, an application compatible with Bluetooth (registered trademark) that is generally incorporated in a smart phone or the like is used as the access terminal.

  Here, scenes such as cash transfer, withdrawal, cashless purchase of tickets such as air tickets, procedures at public institutions, etc. by the user carrying the transmission device or the transmission device and the access terminal while traveling Suppose. This promotes reliable identity verification, quickness such as payment, and procedures without error in administration, and can prevent crimes such as “spoofing”. Specifically, when the user carrying the transmitter stands in front of the ATM, the ATM can recognize who is standing in front by the information from the transmitter that possesses it. No, today ’s mission is ... ”and voice guidance becomes possible.

  Similarly, in the case of home use, when the user stands in front of the entrance of the house, the door is unlocked by sounding "Please return to the master" or approaching a predetermined distance range from the house. On the basis of the information transmitted from the transmitter, the air conditioning can be turned on, or the indoor electricity can be turned on. In addition, if a function such as “Suica” (registered trademark) or “Pasmo” (registered trademark) is built in the access terminal and is authenticated with a pair with the transmitting device, the automatic ticket gate can react and issue a ticket. Therefore, it is not necessary to hold the card or the access terminal.

  This authentication can be stopped immediately by performing a predetermined procedure at the monitoring center if there is a theft or loss, and the function can be restored immediately by a predetermined procedure even if it is discovered and returned. When a conventional credit card is lost, it takes about 20 minutes to report the loss or theft for each card, and the restoration requires a waste of time such as reissuing the card, and wasteful card issuing costs. In addition, because of the Personal Information Protection Law, the police can no longer turn on the mobile phone and activate it to look inside. Therefore, there was a risk of information leakage after a few days even if it was discovered by chance, other than searching for the person himself / herself. On the other hand, according to the unauthorized transaction prevention system according to the embodiment of the present invention, it is possible to provide convenient functions such as the function stop of the access terminal and the transmission device, the deletion of information, and the backup of information from the monitoring center.

  DESCRIPTION OF EMBODIMENTS Hereinafter, a mode for carrying out the present invention (hereinafter referred to as this embodiment) will be described in detail with reference to the accompanying drawings. In addition, the same number or code | symbol is attached | subjected to the same element through the whole description of embodiment.

  FIG. 1 is a diagram illustrating an example of a configuration of an unauthorized transaction prevention system according to the present embodiment. As shown in FIG. 1, an unauthorized transaction prevention device 1 that is the core of an unauthorized transaction prevention system according to this embodiment includes an IP (Internet Protocol) network 10 and a public network 20 together with a bank system 2 that executes a transaction service. Connected.

  The bank system 2 includes a banking server 21 disclosed on the Internet and a banking business processing server 22 that is not disclosed on the Internet. The banking server 21 and the business processing server 22 are connected to a contract information DB 23 that has already made an Internet banking contract and holds a login ID and password for that purpose. The business processing server 22 is also connected to a bank account system 24 so that the customer information DB 25 can be referred to. Note that a plurality of ATMs (including CD machines) are further connected to the billing system 24 via a dedicated line 30.

  The customer here is a user who has a transaction account and has been issued a bank passbook, cash card, etc. by a bank. Among them, each contractor has a unique ID (identification information). It is assumed that the transmission device 4 to which is assigned is distributed. An unspecified number of access terminals 3 a to 3 n including users who can access the Internet banking system 2 are connected to the IP network 10. The access terminals 3a to 3n are a smart phone, a mobile phone terminal having an Internet connection environment, a PC, or the like. In addition to the IP network 10 and the public network 20, the access terminals 3 a to 3 n may be connected to an ISDN (Integrated Service Digital Network) network 30 for a telephone number usage status investigation described later.

  In the illegal transaction preventing apparatus 1 according to the present embodiment, a processing unit 11, a storage unit 12, a communication unit 13, and an input / output unit 14 are mounted with a plurality of lines for address, data, and control. 15 is commonly connected.

  The processing unit 11 acquires the transmitting devices 3a to 3n acquired from the transmitting device 4 with which connection is established with the access terminals 3a to 3n via the access terminals 3a to 3n at the time of the initial connection with the access terminals 3a to 3n. A process (first process) for registering an ID (first identification information) unique to 3n in a predetermined area of the storage unit 12 is executed. The processing unit 11 further determines whether or not the ID registered at the first access is registered with reference to a predetermined area of the storage unit 12 at the next and subsequent connections with the access terminals 3a to 3n ( The second process) and a URL (Uniform Resource Locator) that leads to an answer screen for confirming the intention of executing the transaction for the mobile phone of the person who performs the transaction is embedded when it is determined that the ID is not registered. The process (third process) for transmitting the short mail is executed. In addition, when executing the third process, the processing unit 11 displays on the screens displayed on the access terminals 3a to 3n that a confirmation e-mail has been sent to the mobile phone of the person performing the transaction, and confirms the intention within a predetermined time. When there is no confirmation response, the transaction is interrupted, and a process of displaying that the transaction is interrupted on the screens displayed on the access terminals 3a to 3n is also executed.

  The processing unit 11 further registers an ID (second identification information) unique to the access terminals 3a to 3n in a predetermined area of the storage unit 12 at the first connection with the access terminals 3a to 3n. When the next connection with 3n is made, the ID (first identification information) of the transmission device 4 and the IDs (second identification information) of the access terminals 3a to 3n are both referred to a predetermined area of the storage unit 12 Judgment is made whether or not it has been registered, and if each ID pair is determined to be unregistered, the transaction is carried out if there is no change in the owner of the registered telephone number for the mobile phone of the principal who conducts the transaction A short mail in which a URL to be guided is embedded in an answer screen for confirming the intention to execute may be transmitted. Note that the ID unique to the access terminals 3a to 3n and the ID unique to the transmitting device 4 are both device information unique to the hardware.

  The processing unit 11 registers a user ID (third identification information) unique to the user in a predetermined area of the storage unit 12 at the first connection with the access terminals 3a to 3n, and the ID (first (Identification information) or when re-registering the IDs (second identification information) of the access terminals 3a to 3n, it is determined whether or not the user ID has been registered with reference to a predetermined area of the storage unit 12, and the user ID May be further executed when the ID of the transmission device 4 or the ID of the access terminals 3a to 3n is permitted to be registered.

  The storage unit 12 is mounted with a semiconductor memory such as a DRAM, SRAM, or flash, for example, and includes a telephone number history information database (DB), a pattern table (TBL), which will be described later, the transmission device 4, and / or the access terminal 3a. ~ 3n unique registration identification information is temporarily stored. The communication unit 13 controls a communication interface with the IP network 10, the public network 20, and the ISDN network 30, and the input / output unit 14 is a keyboard or display that controls a man machine with the processing unit 11. The input / output unit 14 issues commands and inputs data to the processing unit 11, or outputs information generated by the processing unit 11.

  FIG. 2 shows a schematic operation sequence diagram of the fraudulent transaction prevention system according to the present embodiment. Here, it is assumed that the transmission device 4 is distributed to each contract user who uses the bank transaction service in advance. The transmitting device 4 has unique information such as encryption information using a random number table and a management number for each service, which is unique information for authentication set by the bank, in addition to an ID prepared for general use as identification information. It shall be recorded. Here, these pieces of information necessary for authentication are collectively referred to as identification information. Therefore, a means for pre-recording the identification information in the unauthorized transaction preventing apparatus 1 before distributing the transmitting apparatus 4 is also prepared.

  A user who receives the distribution of the transmitting device 4 downloads the software (program) of the service from a designated site such as a bank providing the service to the mobile terminals or PCs or other access terminals 3a to 3n used for the service (DL). (Step S01). Next, the access terminals 3a to 3n execute pairing with the distributed transmission device 4 (step S02). Here, the pairing is to perform connection settings between the transmission device 4 capable of communication by Bluetooth (registered trademark) and the access terminals 3a to 3n.

  When the access terminal 3a to 3n accesses the designated site for the first time, necessary information required by the service is input from a predetermined screen of the designated site, and the identification information used for the service and the transmitting device 4 are transmitted to the access terminals 3a to 3n. Is transmitted and recorded in the unauthorized transaction preventing apparatus 1 (step S03). Next, the access terminals 3a to 3n register the user ID and password (step S04). Note that the user ID and password registration are not essential, and a sufficiently high level of security accuracy can be maintained with only the information of the transmission device 4. However, if the device required for this service, such as the transmission device 4 or the access terminals 3a to 3n, is lost and the transmission device 4 is newly re-registered, if the user ID and password are registered, the person himself / herself is registered. Can be used as an alternative to authentication.

  The unique information stored in the transmission device 4 may be pre-registered in the unauthorized transaction prevention device 1 that provides this service and distributed to the user. In this case, at the first access from the user, the fraudulent transaction prevention device 1 can recognize that it is the transmission device 4 (expected expected user) distributed by itself providing this service, and can proceed to the next processing. If it is a third party, access is interrupted. By controlling in this way, it is possible to exclude unexpected third party access. That is, it is determined whether or not the identification information has been registered at the next and subsequent connections with the access terminal (step S05: authentication request), and if it is determined that the identification information has been registered, the transaction is executed (step S06) If it is determined that the registration has not been made, a URL to be guided to an answer screen for confirming the intention to execute the transaction is embedded when the owner of the registered telephone number has not been changed for the mobile phone of the person who performs the transaction. When a short email is sent and there is no confirmation response for confirmation within a predetermined time, an alarm is displayed on the screen and the process is automatically interrupted. By controlling in this way, it is possible to prevent spoofing, ID / password theft, and web browser hijacking.

  Note that the functions of the above-described fraudulent transaction prevention device 1 may be taken into a service providing server (not shown) prepared separately from the bank system 2 or into the bank system 2. In consideration of the fact that the user authentication using the transmission device 4 can be used for general purposes, the user who uses only the identification information prepared for the general purpose of the transmission device 4 is used for general purposes other than providing this service. A means for performing authentication is also provided. Furthermore, if the transmitting device is individually prepared for each bank, inefficiency that several transmitting devices must be used occurs. Therefore, by creating an identification information recording standard unified by the Bank Association, one banking device 4 can be used only between banks, and any bank can receive necessary services only with the same calling device and access terminal. Possible means are also provided. By applying this, it is best if identification information that is unified for each industry can be prepared not only for banks but also for a variety of industries such as credit card industry and mail order dealers.

  FIG. 3 is a block diagram illustrating a configuration of the processing unit 11 of the unauthorized transaction preventing apparatus 1 according to the present embodiment. The processing unit 11 includes communication network interface units 111 and 112, an identification information registration unit 113, a request acquisition unit 114, an identification information determination unit 115, a message exchange control unit 116, and a transaction processing unit 117. Is done. The communication network interface unit 111 is an interface unit that performs communication with the IP network 10 based on, for example, TCP / IP (Transmission Control Protocol / Internet Protocol), and the communication network interface unit 112 includes the public network 20 or It is an interface unit that communicates with the ISDN network 30.

  The identification information registration unit 113 has a function of registering identification information acquired from the access terminals 3a to 3n at the first access of Internet banking, and the identification information registered here is stored in the storage unit 12 (DB: Database). The information is temporarily stored and output to the identification information determination unit 115. The identification information is, for example, a MAC (Physical Address: Media Access Control Address) address unique to the transmission device 4 or the access terminals 3a to 3n. At this time, the identification information determination unit 115 selects the transmission device 4 of the request source or When it is determined that the access terminal (for example, 3a) or the set is not valid identification information, the transaction processing unit 117 is controlled to interrupt the request (for example, remittance processing by transfer).

  When the request acquisition unit 114 receives the remittance processing request by transfer from the access terminals 3a to 3n, the request acquisition unit 114 captures the request and collects the ID of the transmission device 4 from the requested access terminals 3a to 3n, and identifies the identification information determination unit To 115. The identification information determination unit 115 determines whether or not the ID of the transmission device 4 has been registered by referring to the storage unit 12 at the next and subsequent connections with the access terminals 3a to 3n and determines the message exchange control unit 116. Control. The identification information determination unit 115 may control the message exchange control unit 116 by determining whether or not the combination of the ID of the transmission device 4 and the IDs of the access terminals 3a to 3n has been registered.

  When the request acquisition unit 114 captures the remittance processing request from the access terminals 3a to 3n, the message exchange control unit 116, under the control of the identification information determination unit 115, accesses the access terminals 3a to 3 having the regular account owner's telephone number. A short message in which the URL of the answer screen for confirming the will of the person in response to the request for remittance is embedded is transmitted to 3n, and the remittance process by transfer is controlled by determining the contents of writing on the answer screen.

  The transaction processing unit 117 performs remittance for the remittance processing request issued from any of the access terminals 3a to 3n under the control of the identification information determination unit 115 via the communication network interface unit 111 so as to be interrupted. Transactions such as transfers are processed in cooperation with the bank system 2.

(Operation of the embodiment)
Hereinafter, the basic operation of the processing unit 11 of the unauthorized transaction prevention apparatus 1 according to the present embodiment illustrated in FIG. 3 will be described with reference to the flowchart of FIG. 4.

  First, the processing unit 11 is provided by the bank system 2, for example, when the Internet banking is used for the first time (step S101 "YES"), and the identification information registration processing of the transmission device 4 and the access terminals 3a to 3n to be acquired. Is performed (step S109). When receiving the initial access request via the IP network 10, the identification information registration unit 113 collects the identification information of the transmission device 4 and the corresponding access terminals 3 a to 3 n and stores them in a predetermined area of the storage unit 12.

  The request acquisition unit 114 constantly monitors transaction requests (transfers) by transfer issued by the access terminals 3a to 3n, and determines the presence or absence of the request coming via the communication network interface unit 111 (step S102). ). If it is determined that there is a transaction request (step S102 “YES”), the request acquisition unit 114 further determines whether the transaction is based on Internet banking or ATM5. For example, if the request is based on Internet banking, the request acquisition unit 114 collects identification information including the ID of the transmission device 4 from the requested access terminals 3a to 3n together with the request, and the identification information determination unit 115 (step S103).

  The identification information determination unit 115 refers to a predetermined area of the storage unit 12 and determines whether the identification information is registered identification information already registered by the identification information registration unit 113 (step S104). Here, when the identification information is already registered (step S104 “YES”), the identification information determination unit 115 controls the transaction processing unit 117 to execute a remittance process by a normal transaction by transfer (step S107).

  On the other hand, when the identification information is unregistered (step S104 “NO”), the identification information determination unit 115 activates the message exchange control unit 116, and the message exchange control unit 116 confirms that the registered regular account holder is registered. A short message addressed to the telephone number and embedded with the URL of the answer screen for confirming the will of the person is generated and transmitted (step S105).

  Here, the URL is a button switch for guiding YES / NO on the bank homepage with a single touch in order to confirm that the transaction is an instruction of the authorized account holder. For example, as shown in Fig. 5 (a), a short email is sent to the account owner's mobile phone, such as "Is the transfer right now, please click the URL below if there is no mistake?" At the same time, as shown in FIG. 5 (b), on the bank homepage transfer screen displayed on the input / output unit 14 of the access terminals 3a to 3n, “Now, a confirmation email is displayed on your mobile phone. If the transfer is the person, please respond within 1 minute. " This short email also serves as a check for fraudulent transactions. It should be noted that, for example, “XX bank. You have just sent money ZZZ from your account number YYYYY. There is no mistake. You may substitute a voice response by telephone such as “Please call us at ○○○○”.

  Subsequently, if there is a click response within one minute (confirmation response by the user) (step S106 “YES”), the identification information determination unit 115 controls the transaction processing unit 117 to execute normal transaction processing by transfer. However, if there is no confirmation response by the user (step S106 “NO”), the remittance process by transfer is interrupted or the account cannot be withdrawn (step S108).

  FIG. 5C illustrates a bank homepage transfer screen displayed on the input / output unit 14 of the requested access terminals 3a to 3n when there is no confirmation response within one minute. Here, "Your transfer has been interrupted. Please call us as soon as possible" is displayed.

  As described above, according to the fraudulent transaction prevention apparatus 1 of the present embodiment, the remittance process is not executed unless the automatically acquired identification information matches that at the time of registration. Therefore, fraudulent remittance can be prevented with a simple mechanism in bank transactions. In addition, when the above fraud is performed, the processing is temporarily stopped, and if the access terminals 3a to 3n are mobile phone terminals, the message is confirmed by text, and if the access terminal is ATM, the message is confirmed by voice or text. As soon as the will is confirmed that it is an instruction of the person, a predetermined transfer procedure is started. In this case, since the spoofer does not have the telephone number of the account owner, the fraudulent acts can be prevented beforehand.

  In addition, according to the above-described fraudulent transaction preventing apparatus 1 of the present embodiment, only the case where it is applied to Internet banking is illustrated, but it may be applied to an application in Internet shopping or the like. In this case, the processing unit 11 monitors the product application via the Internet, registers the identification information at the first application, compares it with the identification information acquired at the next application, executes the application process when they match, and does not match In the case of, send a confirmation short email to the registered phone number of the applicant. If there is no confirmation response by lick from the applicant's own mobile terminal within a predetermined time, the application process is interrupted.

  FIGS. 6A, 6B, and 6C show examples of screen configurations of the unauthorized transaction preventing apparatus 1 according to the above-described modification. As shown in FIG. 6 (a), the processing unit 11 sends a short mail to the person's mobile phone such as "Is the application right now? If there are no mistakes, please click the following URL". As shown in FIG. 6 (b), on the transfer screen of the bank home page displayed on the input / output unit 14 of the access terminals 3a to 3n, “Now, a confirmation email is displayed on your mobile phone. If the application is for the person in question, please respond within a specified time (for example, within 1 minute). " FIG. 6C illustrates a bank homepage transfer screen displayed on the input / output unit 14 of the access terminals 3a to 3n that has been requested when there is no confirmation response within one minute. Here, “Your application has been suspended. Please call us as soon as possible” is displayed.

  In addition, according to the above-described modification, the identification information of the transmission device 4 is registered at the time of the initial application. However, since the number of the access terminals 3a to 3n to be used is not limited to one, there is a possibility of using, for example, It is preferable to register in advance one or more access terminals 3a to 3n such as a PC or a smart phone. In this case, the processing unit 11 registers the identification information of the access terminals 3a to 3n that have been accessed within a certain period from the initial access, and thereafter accesses the access terminals 3a to 3n that have never been used in the past. On the other hand, it may be determined that the application is fraudulent and processing for interrupting the application may be executed. This is the same when applied to the above-described Internet banking of the present embodiment.

  As described above, according to the fraudulent transaction prevention apparatus 1 of the present embodiment, the fraudulent transaction can be prevented with a new mechanism by using the transmission device 4. As a result, the mass loss and theft of IDs and passwords in the conventional network authentication, theft, and the spoofing case can be fundamentally solved, and a long-term business with high profit can be realized with Onlyone. The personal authentication market is applicable to all industries, but it can be used particularly for transactions at financial institutions, and it can be used for significant effects. For example, in conventional bank ATMs, it was necessary to enter a cash card and PIN, but if used in combination with Doc authentication, which has already been filed for a patent, applicant authentication can be completed simply by standing in front of ATM5. Then, transfer, withdrawal, etc. are possible. When using an internet bank, a procedure for calling a bank site from a mobile terminal such as a smartphone becomes possible. Basically, there is no need to enter an ID, password, password, etc. as in the prior art. The same applies when making a card payment on the Internet. Therefore, there is no fear of impersonation or theft and unauthorized use.

  If both the transmitting device 4 and the access terminals 3a to 3n are stolen or lost at the same time, the function is temporarily stopped only by notifying the monitoring center, and once returning to the hand, it returns immediately according to a predetermined procedure. When one of the transmission device 4 and the access terminals 3a to 3n is stolen or lost, the monitoring center automatically recognizes and stops using this service. In the case of theft or loss, if the property (attaching the transmission device 4 to a bag or the like) is separated by a predetermined distance, the alarm sounds and voices from the access terminals 3a to 3n used in pairs (forget it! Dorobo! Etc.) that the incident can be prevented by generation, and if the incident still occurs, if a proxy discovery program on the third-party mobile device (such as a smartphone) happened to be near, It is also possible to discover possession and automatically notify the monitoring center of the address information. At the same time, the monitoring center will notify the person of theft or lost item. In this case, although the probability of proxy discovery is low at the beginning, the above-mentioned Doc authentication becomes widespread, or if the carrier itself that sells the mobile terminal installs a program for finding the lost property in advance, it spreads all at once. It is considered a thing.

  Further, according to the unauthorized transaction preventing apparatus 1 of the present embodiment, when the transmitting device 4 transmitted through the access terminals 3a to 3n as the request generation source is not the identification information of the user, By restricting sales by application, etc., illegal transactions can be prevented with a simple mechanism. In addition, when the above fraud is performed, the registered person is confirmed by a short mail and a predetermined transaction is started as soon as the intention of the person is confirmed. If it is impersonated at this time, since it does not have the telephone number of the person, these fraudulent acts can be prevented.

  Further, according to the unauthorized transaction preventing apparatus 1 of the present embodiment, authentication of both the counterpart site and the access terminals 3a to 3n can be realized when the access terminals 3a to 3n are accessed. For example, when the user is guided to a fake site, the unique identification information sent from the fake site does not match, so that the unauthorized site can be automatically recognized and the access can be interrupted. The identification information sent from the legitimate site sends the same information as the identification information recorded in advance on the distribution side, determines the coincidence on the access terminal 3a3n side, and proceeds to the next processing if they match, If they do not match, an alarm is notified to the access terminals 3a to 3n to interrupt the access. Here, the identification information may be the URL of the official site, a unique ID, or a pair key. In short, it is desirable that a method can be used to transmit and confirm information that can be confirmed by both parties each time a certain amount of time passes each page. More specifically, the determination as to whether or not the access by the access terminals 3a to 3n is by the person is as described above. However, when determining whether or not the accessed site is authentic, the terminal side is timely from the site side. If the identification information transmitted from the site side is the identification information promised in advance, the authentication information may be authentic. Otherwise, it may be used as authenticity determination means for interrupting access. Of course, a site that does not transmit identification information even if it requests transmission many times interrupts access. By controlling the transaction in this way, it is possible to protect against being guided to a fake site at any time.

  The present invention is effective in preventing spoofing in various transactions such as various applications deployed on Internet sites such as banks, credit companies, mail order companies, airlines, etc., merchandise sales, financial transactions, public organization certificate requests, etc. Applicable to. Here, functions added in the present embodiment will be further described. According to the present embodiment, when the transmitting device 4 which is a distribution source such as a bank company or a credit company is an application using the present invention in an online transaction other than the distribution source, As a result, it is possible to prepare a function for determining the degree of credit of the person who uses the transmission device 4 based on the company use record that can be trusted. For example, the distribution source is definitely the customer of the other party who accepted the application. Alternatively, it is possible to prove that the debit function and credit function built into the terminal are definitely the person's own. Furthermore, it has the function which can prove that it is the terminals 3a-3n and the transmitter 4 currently used correctly from various transaction histories recorded in the unauthorized transaction prevention device. In this way, it is possible to provide an epoch-making means that can prevent unauthorized use by an illegally acquired terminal, transmitting device, or the like.

  In the above-described fraudulent transaction prevention apparatus 1 according to the present embodiment, when the processing unit 11 transmits a confirmation short mail, the processing unit 11 determines in advance whether or not the destination telephone number is currently valid. Allow sending only to For this reason, erroneous transmission and transmission errors are avoided as much as possible, and a short message can be transmitted accurately. Moreover, according to the unauthorized transaction preventing apparatus 1 of the present embodiment, for example, it becomes a three-month intermittent number with a fixed telephone, and thereafter used by a third party, or with a mobile phone for six months. If it is intermittent and then repeated by a third party for more than a year, sending a short mail addressed to the currently valid phone number is prohibited except for rental phones such as prepaid phones. By doing so, it is effective from the viewpoint of preventing information leakage as well as complying with the law (law concerning the appropriateness of transmission of specific e-mail (specific e-mail law)). Each carrier is not allowed to rent a phone number to a third party for 3 consecutive months on a landline phone or 6 months on a mobile phone when the phone is cancelled. In this case, the rules are limited to the same holder. Therefore, in the meantime, if the missing numbers continue, and if it is subsequently determined that they exist, it can be determined that the third party is using them.

  The determination as to whether the telephone number is valid is executed by the processing unit 11 collecting JT-Q931 (Layer 3) information using a call control message with a calling side exchange not shown. . The processing unit 11 obtains a valid nationwide telephone number that changes every moment, including a telephone number not listed in the telephone directory, through automatic calling via the ISDN network 30, reason identification information that indicates the usage status of the telephone number, and transfer The destination telephone number is stored in a predetermined area of the storage unit 12 as a telephone number use history information database together with the survey date. The processing unit 11 determines whether or not the designated telephone number is currently valid based on the most recent telephone number usage history information accumulated in the telephone number usage history information DB, for example, for two months. Here, the designated telephone number is a registered telephone number possessed by a legitimate account holder.

  FIG. 7 shows a typical example of reason identification information (reason display) returned from an exchange not shown when a telephone number is transmitted on the ISDN network 30. The reason indication from the switch follows the basic call control procedure for circuit-switched calls defined in JT-Q931 by the TTC (Telephone and Telephone Technical Committee) standard based on CCITT (International Telegraph and Telephone Consultative Committee) recommendation. NTT publishes a reason display in technical data of INS (Information Network System) net service. The processing unit 11 collects JT-Q931 (Layer 3) information using a call control message with the exchange. The reason display from the exchange includes “001: missing number”, “016: normal”, “022: subscriber number change”, “028: invalid number”, and the like. At the same time, the survey date, time, and the like are accumulated and stored as a telephone number use history information DB in a DB assigned to a predetermined area on the storage unit 200.

  In addition to “in-use telephone number” and “unused telephone number”, the reason display from the switchboard is broadly classified as “A: a telephone number that can be removed even if it is in use”, “B: unused. Even if it is a phone number (telephone number during message guidance for moving to), (phone number during message guidance for contact), "C: (phone number during message guidance for wrong number), (not currently used message) Middle telephone number) ”,“ D: telephone number that has been used from the unused telephone number in the previous survey ”, and the like. The collected “telephone number”, “reason display”, “year / month / day”, “time”, and the like at the time of the collected investigation are stored in the telephone number use history information DB, and the processing unit 11 periodically performs this process. Or it can construct | assemble as telephone number use log | history information DB by performing at any time.

  FIG. 8 illustrates the data structure of the telephone number use history information DB. According to FIG. 7, (a) shows the result of the investigation of the telephone number “a” of the carrier A that exists (valid) in the investigations from the past to the present. (B) is the result of the investigation of the telephone number “b” of the carrier B that exists in the past and is in the relocation state (the relocation destination telephone number is “09063782475”) in the latest investigation on June 22, 2011. (C) is a survey result of the telephone number “c” of the carrier C that is “existing” in the past and sandwiches the “relocation” (the telephone number of the relocation destination is “080515157195”) and is currently missing. (D) is the result of the investigation of the telephone number “d” of the carrier D that has existed in the past but is currently missing. (E) is the result of the investigation of the telephone number “e” of the carrier E that has actually existed and missing numbers in the past and has existed for the past several months.

  Here, the case of FIG. 8 (e) is illustrated. For example, a short mail created for a contract user (access terminals 3a to 3n) that existed (valid) before February 2010 and registered in the system is shown. A supplementary explanation will be given for transmission. In this case, the access terminals 3a to 3n have been invalidated for 6 months or more from April 4, 2010, have existed since December 29, 2011, and are valid again. This means that the owners of the access terminals 3a to 3n have been changed. Therefore, the transmission of short mail should be prohibited. However, if it is judged only based on the most recent usage history about two months ago or the current usage status, a short mail is erroneously transmitted. However, as described above, such erroneous transmission of mail can be avoided by referring to the history of the past several years. However, if it is a contract user (user terminal 50) registered after December 29, 2010, transmission of a short mail is permitted.

  In addition, according to the “Act on the Appropriate Transmission of Specified E-mails (Specified E-mail Law)” established in 2002 and revised on June 6, 2008, e-mail without prior consent from the recipient All transmissions become spam and violate the law, and there is a risk of incidents such as information leaks. On the other hand, by referring to the history of the past few years by the above phone number history survey, it is temporarily prohibited to send a short mail addressed to a phone number that is invalid for more than 6 months and is currently valid on a mobile phone. Therefore, it is effective from the viewpoint of information leakage prevention as well as compliance with the above laws. Each carrier is not allowed to rent a phone number to a third party for 3 consecutive months on a landline phone or 6 months on a mobile phone when the phone is cancelled. In this case, the rules are limited to the same holder. Therefore, in the meantime, if the missing numbers continue, and if it is subsequently determined that they exist, it can be determined that the third party is using them.

  The fraudulent transaction preventing apparatus 1 of the present embodiment further reads the telephone number history information from the telephone number usage history information DB, and connects to the exchange not shown in the figure with the transmission capability of either voice or unrestricted digital information. The call response information based on the call is determined with reference to the call response information based on the call, and the call response information collected by the call based on the determined condition of the current call is transmitted to the telecommunications carrier and the telephone number. Analyzes based on call response information that is pre-patterned for each group and terminal, whether the phone number is valid, and if the phone number by the number portability service is used It also has the function of determining the nearest telecommunications carrier.

  An example of the data structure of the pattern table used for this purpose is shown in FIG. 9. Specifically, the determination result 10a and the call at the time of (a) the current call and (b) the previous call are shown. Each data item of the condition 10b and the call response information 10c is assigned and stored. Here, as a determination result 10a, a telecommunications carrier (A / B / C / D), a determination status (real / missing number / relocation / removal, etc.), a learning flag indicating whether or not a re-call (retry) is required (currently issued) Learning only as a call (prohibited: 0, allowed: 1)). In addition, as the telecommunications carrier A, for example, NTT Docomo (registered trademark), B, for example, e-mobile company (registered trademark), as C, for example, Softbank (registered trademark), as D, for example, KDDI (registered trademark) is assumed. Further, the call condition 10b includes a telephone number pattern and a call setting pattern, and the call response information 10c includes “response message”, “generation source”, “reason display value”, “new telephone number”, “billing result” "including.

  The unauthorized transaction preventing apparatus 1 of the present embodiment may be connected to an exchange prepared for each telecommunications carrier via an exchange provided between dedicated lines of telecommunications companies not shown. Although not shown in the figure, line connection is also made via a switch to a general public line switch for fixed telephones such as NTT (registered trademark) and a PHS switch such as air edge (registered trademark). The fraudulent transaction preventing apparatus 1 according to the present embodiment collects data of a large number of subscriber telephone numbers regularly or collectively at any specified time, and all telephone numbers existing in the country in the telephone number usage history information DB. Store information. In other words, the telephone number distributed to the communication company approved by the Ministry of Internal Affairs and Communications is stored in the telephone number use history information DB, and the telephone numbers allocated to fixed telephones, mobile phone terminals, PHS terminals, etc. are valid (in use). / Investigate the most recent telecommunications carrier when using invalid (not used) and number portability services. These latest survey results are reflected in the telephone number use history information DB.

  The fraudulent transaction prevention apparatus 1 according to the present embodiment performs a periodic survey such as once a month or once every two months. The contents to be investigated are “communication capability”, “response message” in accordance with the description of JT-Q931 “ISDN user / network interface layer 3” of TTC standard published by NTT East as a result of telephone number transmission on a digital telephone line, The call response information consisting of “reason display” and “generation source” is collected through the exchange, and immediately after the collection, the telephone line is immediately disconnected. Therefore, there is no telephone conversation with the other party of the telephone number, and the telephone ring is not ringed. All the telephone numbers stored in the telephone number use history information DB are investigated, and the call response information including the reason display is found corresponding to each telephone number. Number (new telephone number) "etc. can be recorded in the telephone number use history information DB by a predetermined procedure. Further, by periodically conducting this investigation and accumulating the telephone number change information, the telephone number usage history in the telephone number usage history information DB is enhanced.

  The applicant has found that there is a difference between the call answering information for each telecommunications carrier or a specific telephone number group, and there is a certain rule regarding the mobile phone number. In addition, when calling was repeated for all terminal models sold by each telecommunications carrier, it was also found that there was a difference in the call response information for each terminal model. It has also been found that there is a certain rule in the call response information when a call is made with the transmission capability set to “unrestricted” and when a call is made with “voice” set.

  From this, the applicant repeatedly made a call by experiment, collected response signals for telecommunications carrier judgment, and patterned them. Specifically, when the transmission capability is set to “unlimited” for the first call, “voice” is set for the second call, and the first call response information and the second call response information at this time are Patterned. Here, the reason why the transmission capability is set to “unrestricted” in the first call is because the terminal does not ring or does not receive a call. If the ringing and the incoming call rate are ignored, even if the call is “unlimited” after “voice”, patterning is possible, so that the same effect is naturally obtained.

  In some cases, the same effect can be obtained by making a call by selecting “voice” as the transmission capability and patterning the call response information. The call at this time is only once. For example, when the telephone number pattern is 0806271XXXX and the call response information is “response message: disconnection, generation source: RN, reason display: temporary failure”, the telephone number is valid (“real”) and the telecommunications business The person is limited to Company D. For example, when the call response information is “response message: disconnection, generation source: TN, reason display: no partner route”, the telephone number is valid and the telecommunications carrier is limited to company A. In addition, when the call response information is “response message: disconnection, generation source: TN, reason display: no subscriber”, the telephone number is valid (“real”), and the latest telecommunications carrier is limited to company D Is done. Further, when the call response information is “response message: disconnection, generation source: RN, reason display: other service or optional unavailable class”, the telephone number is invalid (“removal convenience”) and the latest telecommunication The company is limited to Company A. In this way, the applicant constructed a pattern table by patterning the above rules from millions of experiments.

  The above-described accumulation of telephone number usage histories, telephone number usage status surveys, and transmission of short mails are disclosed in Japanese Patent Application Laid-Open No. 2013, filed on April 6, 2012 by the applicant and published on May 23, 2013. No. -102414 and JP 2012-129869, filed on Dec. 16, 2010 and published on Jul. 5, 2012.

  As mentioned above, although preferred embodiment of this invention was explained in full detail, it cannot be overemphasized that the technical scope of this invention is not limited to the range as described in the said embodiment. It will be apparent to those skilled in the art that various modifications or improvements can be added to the above-described embodiments. Further, it is apparent from the scope of the claims that the embodiments added with such changes or improvements can be included in the technical scope of the present invention.

  DESCRIPTION OF SYMBOLS 1 ... Fraud transaction prevention apparatus, 2 ... Bank system, 3a-3n ... Access terminal, 4 transmission apparatus, 5 ... ATM, 10 ... IP network, 11 ... Processing part, 12 ... Memory | storage part, 13 ... Communication part, 14 ... On Output unit, 15 ... system bus, 20 ... public network, 30 ... dedicated line, 21 ... internet banking server, 22 ... business processing server, 23 ... contract information DB, 24 ... account system, 25 ... customer information DB, 30 ... ISDN network, 111, 112 ... communication network interface unit, 113 ... identification information registration unit, 114 ... request acquisition unit, 115 ... identification information determination unit, 116 ... message exchange control unit, 117 ... transaction processing unit

Claims (8)

An unauthorized transaction prevention device for preventing unauthorized transactions by an access terminal connected to the Internet,
A storage unit;
At the first connection with the access terminal, first identification information unique to the transmission device acquired from the transmission device established with the access terminal via the access terminal is stored in the storage unit. A first process for registering in a predetermined area;
A processing unit that performs a second process of determining whether or not the first identification information has been registered with reference to a predetermined area of the storage unit at the next and subsequent connections with the access terminal And having
The processor is
Further, when it is determined in the second process that the first identification information has been registered, a short mail for confirming the intention to execute the transaction is transmitted to the mobile phone of the person who performs the transaction. A fraudulent transaction preventing apparatus that executes a third process for permitting the transaction when the intention of executing the transaction is received through the short mail within a predetermined time. The third process includes
Displaying on the screen displayed on the access terminal that a confirmation email has been sent to the mobile phone of the person performing the transaction, and interrupting the transaction when there is no confirmation response of the intention confirmation within a predetermined time, The fraudulent transaction prevention apparatus according to claim 1, further comprising: displaying that the transaction is interrupted on a screen displayed on an access terminal. The third process includes
A process of transmitting a short mail for guiding to an answer screen for confirming the intention of executing the transaction when there is no change in the owner of the registered telephone number with respect to the mobile phone of the person who conducts the transaction, The unauthorized transaction preventing apparatus according to claim 2. The processor is
Second identification information unique to the access terminal is registered in a predetermined area of the storage unit at the first connection with the access terminal, and the predetermined area of the storage unit is connected at the next and subsequent connections with the access terminal. , It is determined whether or not both the first identification information and the second identification information have been registered, and it is determined that the first identification information or the second identification information has not been registered. The fraudulent transaction prevention apparatus according to any one of claims 1 to 3, wherein a short mail for guiding to an answer screen for confirming the intention to execute the transaction is transmitted. The processor is
At the first connection with the access terminal, the third identification information unique to the user is registered in a predetermined area of the storage unit, and at the time of re-registration of the first identification information or the second identification information, the storage Determining whether or not the third identification information has been registered with reference to a predetermined area of the unit, and if it is determined that the third identification information is already registered, the first identification 5. The unauthorized transaction prevention apparatus according to claim 1, further comprising a process of permitting registration of information or the second identification information. An unauthorized transaction prevention method for preventing unauthorized transactions by an access terminal connected to the Internet,
Registering first identification information unique to the transmitting device acquired via the access terminal from the transmitting device established with the access terminal during the initial connection with the access terminal Steps,
A second step of determining whether or not the first identification information has been registered at the next or subsequent connection with the access terminal;
When it is determined that the first identification information has been registered, a short mail for confirming the intention of executing the transaction is transmitted to the mobile phone of the person who performs the transaction, and the short mail is transmitted within a predetermined time. A third step of permitting the transaction when there is an intention to execute the transaction through the user,
A fraud prevention method characterized by comprising: On the computer,
A first procedure for registering first identification information unique to the transmitting device acquired via the access terminal from a transmitting device that has established a connection with the access terminal during an initial connection with the access terminal;
A second procedure for determining whether or not the first identification information has been registered at the next or subsequent connection with the access terminal;
When it is determined that the first identification information has been registered, a short mail for confirming the intention to execute the transaction is transmitted to the mobile phone of the person who performs the transaction, and the short mail is transmitted within a predetermined time. A third procedure for permitting the transaction when there is an intention to execute the transaction through the person,
A program that executes An unauthorized transaction prevention system for preventing unauthorized transactions by an access terminal connected to the Internet,
A unique identification information is given, and a transmitting device capable of communicating with the access terminal,
A first process of registering identification information unique to the transmitting device acquired via the access terminal from the transmitting device that has established a connection with the access terminal during the initial connection with the access terminal; A second process for determining whether or not the identification information has been registered at a subsequent connection with the access terminal, and when it is determined that the first identification information has been registered, A short mail for confirming the intention of executing the transaction is transmitted to the mobile phone of the person performing the transaction, and the transaction is performed when the intention of executing the transaction is indicated via the short mail within a predetermined time. A fraudulent transaction prevention apparatus that executes a third process to be permitted;
A fraud prevention system characterized by comprising:

Images