JP2018032081A - Bank service system and bank service method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a bank service system and a bank service method by efficiently operating deposit/dispensing information with use information of the fund so as to be used for the marketing.SOLUTION: A bank service system is connected to a SDK50 which is a system linkage tool stored in an EC site 20 provided by an EC server 10 via a relay server 40 having a transfer API42 and a transaction API43. The transfer API42 is an API for making an access to account information of the bank server. The transaction API43 is the API for acquiring transaction information transmitted to the EC server 10. In the EC site 20, when settlement instruction is inputted based on transaction information, the transfer instruction including the settlement information is acquired by the transfer API42 and the transaction information is acquired by the transaction API43 and recorded in an information storage unit 45 by associating the settlement information with the transaction information.SELECTED DRAWING: Figure 1

Description

  The present invention relates to a bank service system and a bank service method for linking deposit / withdrawal information and fund use information.

  Today, in order to promote the use of financial information related to customers held by banks, cooperation with other systems is being studied (for example, Non-Patent Document 1). Disclosure of a bank API for acquiring information from such a bank system is also being studied (for example, Non-Patent Document 2). Here, the bank API (Application Programming Interface) is an interface used for software components to communicate with each other in order to make existing functions such as balance inquiry and funds transfer individually into services and use them from external applications. is there. By opening up such a bank API, customer financial behavior centering on mobile terminals can be caught up early. Furthermore, the creation of new markets can be expected through collaboration with non-financial institutions.

Mizuho Bank, Ltd., “Simple balance inquiry with LINE”, [online], Mizuho Bank, Ltd. homepage, [searched on August 14, 2016], Internet <http://www.mizuhobank.co.jp/net_shoukai/ line / index.html> National Bank Association, “Modern“ Financial Industry ”, March 2016, [online], Financial Research Study Group, [August 14, 2016 search], Internet <http: //www.zenginkyo .or.jp / fileadmin / res / news / news280341_1.pdf>

  By making the bank API public, the information held by the bank can be utilized by companies and individuals. However, the contents of financial information held by banks are limited. Specifically, the deposit / withdrawal information of the account mainly includes information on the deposit destination, the withdrawal destination and the amount, and it is not possible to grasp how the funds are used. It is possible to link the deposit / withdrawal information and the fund usage information by obtaining the fund usage information and matching it with the deposit / withdrawal information, but if the timing of obtaining the fund usage information is delayed Effective collaboration is difficult. In addition, it takes time and effort to perform data integration, organization, processing, etc. by name identification and cleansing for matching deposit / withdrawal information and fund usage information.

  SUMMARY OF THE INVENTION The present invention has been made to solve the above-described problems, and an object of the present invention is to provide a bank service system and a bank service for efficiently linking deposit / withdrawal information and use information of funds and using them for marketing. It is to provide a method.

  A bank service system that solves the above problems is connected to a linkage tool stored in a web page provided by a transaction server and a relay server having a transfer API and a transaction API for accessing the bank server. The transfer API is an API for accessing account information of the bank server, and the transaction API is an API for acquiring transaction information transmitted to the transaction server. In the web page, when a settlement instruction is input based on the transaction information, a transfer instruction including settlement information is acquired by the transfer API, and a transaction is performed by the transaction API based on the transfer instruction. Information is acquired, and the payment information and the transaction information are associated with each other and recorded in a transaction storage unit. Thereby, the payment information and the transaction information can be linked to perform marketing efficiently and in a timely manner.

  In the bank service system, the relay server further includes a user authentication API for accessing customer information of the bank server, and when authentication information is input on the web page, the user authentication API Obtain authentication information, perform user authentication, provide a token with an expiration date indicating that user authentication has been completed to the web page, and the cooperation tool uses the token within the expiration date Preferably, the transaction API is accessed. Thereby, the security in API in a bank is securable.

  In the bank service system, it is preferable to determine whether or not the cooperation tool incorporated in the web page has been tampered with, and when it is determined that tampering has occurred, it is preferable to stop using the transfer API and transaction API of the relay server. As a result, the use of the API by the altered cooperation tool can be stopped, and security can be ensured.

  In the bank service system, when the cooperation tool detects an address input field on the web page, the customer address information is acquired from the customer information storage unit of the bank server via the authentication API of the relay server. It is preferable to set in the address input field of the web page. Thereby, smooth transactions can be supported by utilizing the address information held by the bank server.

  According to the present invention, deposit / withdrawal information and fund usage information can be efficiently linked and used for marketing.

The system schematic of this embodiment. Explanatory drawing of the process sequence of this embodiment. Explanatory drawing of the process sequence of this embodiment. Explanatory drawing of the process sequence of this embodiment.

  Hereinafter, an embodiment embodying a bank service system and a bank service method will be described with reference to FIGS. In the present embodiment, it is assumed that settlement in mail order is supported and bank marketing is supported by associating online transactions with bank account information.

As shown in FIG. 1, an EC server 10, an EC site 20, a bank server 30, a relay server 40, and a monitoring server 60 are used.
The EC server 10 is a computer system for mail order business operators to conduct product transactions. The EC server 10 manages product information provided to the user and transaction information related to product sales and the like performed with the user.

  The EC site 20 is a website provided from the EC server 10. A user uses the EC site 20 to make a transaction such as purchasing a product using a user terminal. The EC site 20 incorporates an SDK 50 provided by a bank.

  The SDK 50 is a linkage tool (program) that accumulates various information input to the EC site 20 and performs information linkage with each API of the relay server 40 described later. The SDK 50 stores the token provided from the relay server 40. This token is encrypted authentication information for accessing the relay server 40 by setting a user ID and password used for login authentication and setting an expiration date. The SDK 50 includes a memory that temporarily stores product information input on the product input screen.

The bank server 30 is a bank computer system that manages user accounts. The bank server 30 includes a customer information storage unit 32 and an account information storage unit 33.
The customer information storage unit 32 records a customer management record for managing information related to a user who is a bank customer. This customer management record is recorded when customer registration is performed. The customer management record includes information regarding the user ID, password, second password, account number, and transaction status.

Data relating to an identifier for identifying each customer is recorded in the user ID data area.
In the password data area, data related to a password used for authenticating the customer is recorded.
Information for performing additional authentication of the customer at the time of settlement is recorded in the second password data area.

In the account number data area, information related to the account held by the customer is recorded.
In the transaction status data area, information such as the transaction status (for example, loan balance) between the customer and the bank is recorded.

  The account information storage unit 33 stores an account management record for managing information related to bank customer accounts. This account management record is registered when an account is opened. This account management record includes information regarding the account number, deposit / withdrawal history, and balance.

In the account number data area, information relating to an identifier for specifying this account is recorded.
The deposit / withdrawal history data area includes data relating to depositing / withdrawing to this account and information relating to withdrawal / withdrawal from this account (such as deposit / withdrawal date / time, amount, deposit / withdrawal destination account, etc.).
In the balance data area, information related to the current balance of this account is recorded.

  The relay server 40 acquires and accumulates information from the SDK 50 of the EC site 20. Further, the relay server 40 relays information acquired from the EC site 20 to the bank server 30.

  The relay server 40 includes an authentication API 41, a transfer API 42, a transaction API 43, and a transaction information storage unit 45. Here, each API is an application service interface for performing information linkage in the bank server 30.

  The authentication API 41 is an application program interface for authenticating a user based on information acquired from the EC site 20. The authentication API 41 authenticates the user using the customer management information recorded in the customer information storage unit 32 of the bank server 30. When the user authentication is completed, the authentication API 41 provides a token to the EC site 20.

  The transfer API 42 is an application program interface for performing payment by transfer based on information acquired from the EC site 20. The transfer API 42 uses the account management information recorded in the account information storage unit 33 of the bank server 30 to perform settlement for the user transaction.

  The transaction API 43 is an application program interface for accumulating transaction information based on information acquired from the EC site 20. The transaction API 43 acquires transaction information on the EC site 20 and records it in the transaction information storage unit 45 in association with the user ID and the payment information.

  The monitoring server 60 is a computer system that monitors the SDK 50 in the EC site 20. The monitoring server 60 includes an SDK 50 template, and confirms whether there is any alteration by comparing the SDK 50 included in the EC site 20 with the template. When the monitoring server 60 detects falsification, the monitoring server 60 stops using each API of the relay server.

Next, a processing procedure executed in the system configured as described above will be described with reference to FIGS.
(Initial registration process)
First, the initial registration process will be described with reference to FIG. This process is executed before a transaction is made on the EC site 20 using the user terminal.

  Here, the EC site 20 executes a user ID and password input process (step S1-1). Specifically, the EC site 20 outputs an initial registration screen to the display. This initial registration screen is provided with a user setting field for inputting a user ID and a password. In this case, the user inputs a user ID and a password for using the bank server 30 on the initial registration screen.

  When each user setting field on the initial registration screen is input, the EC site 20 executes an authentication request process (step S1-2). Specifically, the SDK 50 of the EC site 20 transmits an authentication request to the relay server 40. This authentication request includes data related to the user ID and password entered in the user setting field on the initial registration screen.

  Next, the relay server 40 executes an authentication process (step S1-3). Specifically, the authentication API 41 of the relay server 40 accesses the bank server 30. Then, the authentication API 41 confirms whether or not the customer management record in which the user ID and password acquired from the SDK 50 are set is registered in the customer information storage unit 32. Then, the bank server 30 returns an authentication result to the relay server 40. If the customer management record in which the user ID and password acquired from the SDK 50 cannot be specified in the bank server 30 and the user authentication cannot be performed, the authentication API 41 replies to the EC site 20 that the service cannot be used. To do.

  On the other hand, when a customer management record in which a user ID and password are set is registered in the customer information storage unit 32 of the bank server 30, the authentication API 41 of the relay server 40 completes user authentication.

  In this case, the relay server 40 performs a token issuing process (step S1-4). Specifically, the authentication API 41 of the relay server 40 gives a token including a unique code obtained by encrypting the user ID. A user can be specified by this token. Then, the authentication API 41 transmits the token to the EC site 20. In this embodiment, a cookie including a token is transmitted. This cookie is defined by RFC6265, and is information for user identification and session management, and is stored in the web browser (EC site 20).

  Next, the EC site 20 executes a token storage process (step S1-5). Specifically, the SDK 50 of the EC site 20 registers the token (cookie) acquired from the relay server 40. The cookie includes a token issued by the authentication API 41 of the relay server 40.

(Transaction processing)
Next, transaction processing will be described with reference to FIG. When a user desires to purchase a product, the user accesses the EC site 20 at the user terminal.

  Here, the EC site 20 executes a product selection input process (step S2-1). Specifically, the EC site 20 outputs a product input screen. The user selects a desired product for purchase on the product input screen. In this case, the EC site 20 acquires price information of the selected product from the EC server 10 and outputs it to the product input screen.

  When the transaction execution button is selected on the product input screen, the EC site 20 executes transmission processing (step S2-2). Specifically, the EC site 20 transmits a product purchase request to the EC server 10.

  In this case, the EC site 20 executes transaction information accumulation processing (step S2-3). Specifically, the SDK 50 of the EC site 20 acquires product information (product identifier and price) input on the product input screen, and temporarily stores it in the memory.

  Next, the EC site 20 executes a delivery destination selection screen output process (step S2-4). Specifically, the EC site 20 outputs a delivery destination selection screen. In this case, the SDK 50 of the EC site 20 transmits an address request to the relay server 40. The address request includes a token stored in the SDK 50. In this case, after confirming that the current date and time has not expired, the token is included in the address request. If the current date has passed the token expiration date, the initial registration process is repeated.

  The relay server 40 executes address information providing processing (step S3-1). Specifically, the authentication API 41 of the relay server 40 decrypts the unique code of the token included in the address request and identifies the user ID. Then, the authentication API 41 accesses the customer information storage unit 32 of the bank server 30 and acquires address information associated with the user ID. Then, the authentication API 41 provides address information to the SDK 50 of the EC site 20.

  Next, the EC site 20 executes a delivery destination information input process (step S2-5). Specifically, the SDK 50 of the EC site 20 initializes the address information acquired from the relay server 40 in the delivery destination input field on the delivery destination selection screen. Then, the user confirms the delivery destination on the delivery destination selection screen and selects an input completion button. In this case, the SDK 50 transmits the delivery destination information set on the delivery destination selection screen to the EC server 10.

  Next, the EC site 20 executes a payment method selection process (step S2-6). Specifically, the EC site 20 outputs a payment method selection screen. When a bank is selected on this payment method selection screen, the SDK 50 of the EC site 20 transmits an account information request to the relay server 40. This account information request includes a token stored in the SDK 50.

  The relay server 40 executes account information provision processing (step S3-2). Specifically, the transfer API 42 of the relay server 40 decrypts the unique code of the token included in the account information request and identifies the user ID. And transfer API42 accesses the customer information storage part 32 of the bank server 30, and acquires the account identifier recorded on the customer management record of user ID. Further, the transfer API 42 accesses the account information storage unit 33 of the bank server 30 and acquires the balance of the customer account. Then, the transfer API 42 provides account information to the SDK 50 of the EC site 20. This account information includes balance information for each user account.

  Next, the EC site 20 executes an account selection process (step S2-7). Specifically, the SDK 50 of the EC site 20 outputs the account information acquired from the relay server 40 on the payment method selection screen. Then, the user selects an account to be used for settlement on the settlement method selection screen. In this case, the SDK 50 outputs a settlement screen. This settlement screen has columns for account identifier, balance, payment amount, and second password. In the account identifier field, the account identifier selected on the settlement method selection screen is set. In the balance column, the balance acquired from the relay server 40 is displayed. In the payment amount column, the payment amount on the product input screen is set. Then, the user inputs the second password for using this account in the second password field, and selects the settlement execution button.

  In this case, the EC site 20 executes a settlement instruction process (step S2-8). Specifically, the SDK 50 of the EC site 20 generates a payment instruction including payment information. The settlement information includes information related to the withdrawal account identifier (user account), transfer account identifier (EC site 20 account), settlement amount, and second password.

  Next, the EC site 20 executes transaction information setting processing (step S2-9). Specifically, the SDK 50 of the EC site 20 adds the token and transaction information (including the unique code of the token) stored in the memory as a parameter for the settlement instruction. Then, the SDK 50 transmits a settlement instruction to the relay server 40.

  The relay server 40 executes a payment instruction acquisition process (step S3-3). Specifically, the transfer API 42 of the relay server 40 acquires parameters included in the settlement instruction. Then, the transfer API 42 transmits a settlement instruction (settlement information) excluding parameters to the bank server 30. Further, the transfer API 42 provides the transaction API 43 with a token (unique code) and transaction information.

  The bank server 30 that has acquired the settlement instruction executes a transfer process (step S4-1). Specifically, the bank server 30 performs additional authentication of the user using the customer information storage unit 32 based on the payment information (second password) of the payment instruction. And when additional authentication is completed, the bank server 30 performs the process which withdraws the payment amount from a user's account in the account information storage part 33, and transfers it to the account of EC site 20. FIG. Then, the bank server 30 returns the settlement result to the relay server 40. In this case, the transfer API 42 of the relay server 40 returns the settlement result to the SDK 50.

  Then, the EC site 20 executes a settlement result display process (step S2-10). Specifically, the SDK 50 of the EC site 20 outputs a settlement result on the settlement screen. In this case, the SDK 50 transmits the settlement result to the EC server 10.

  Further, the relay server 40 executes transaction information accumulation processing (step S3-4). Specifically, the transaction API 43 of the relay server 40 records settlement information and transaction information in the transaction information storage unit 45 in association with the user ID acquired from the transfer API 42.

  And the relay server 40 performs a transaction information provision process (step S3-5). Specifically, the transaction API 43 of the relay server 40 provides the transaction information recorded in the transaction information storage unit 45 to the bank server 30 in real time. In this case, the transaction API 43 provides settlement information and transaction information associated with the user ID to the bank server 30.

  And the bank server 30 performs a marketing process (step S4-2). Specifically, the bank server 30 associates the bank holding information recorded in the customer information storage unit 32 and the account information storage unit 33 with the transaction information, and outputs it to the person in charge terminal. And in the bank server 30, it utilizes for marketing. For example, a marketing solution utilizing financial information is proposed by associating a purchase history of a product with a loan balance in a bank, payment of a public bill in an account deposit / withdrawal history, and the like. For example, using a financial product information storage unit in which a purchased product and a financial product are associated, a financial product is proposed according to purchase of a predetermined product.

(Monitoring process)
Next, the monitoring process will be described with reference to FIG. This process is repeatedly executed by the monitoring server 60 periodically accessing each EC site 20.

  First, the monitoring server 60 executes a monitoring process (step S5-1). Specifically, the monitoring server 60 accesses the EC site 20 in which the SDK 50 is stored. Then, the SDK 50 in which the EC site 20 is stored is specified.

  Next, the monitoring server 60 executes a determination process for determining whether or not there is any falsification (step S5-2). Specifically, the monitoring server 60 compares the SDK 50 with the template and confirms whether there is a difference. Here, when there is a difference between the SDK 50 and the template, it is determined that there is falsification.

  If it is determined that there has been tampering (in the case of “YES” in step S5-2), the monitoring server 60 executes API stop processing (step S5-3). Specifically, the monitoring server 60 sets the use stop of each API of the relay server 40 in the SDK 50.

According to this embodiment, the following effects can be obtained.
(1) In the present embodiment, an initial registration process is executed. Here, when the user authentication is successful, the relay server 40 executes a token issuing process (step S1-4). Then, the EC site 20 executes a token storage process (step S1-5). Thereby, a customer can be specified using the encryption information different from the user ID used in the bank server 30. Therefore, the security of information managed by the bank can be increased.

  (2) In the present embodiment, the EC site 20 executes transaction information accumulation processing when a transaction target product is selected (step S2-3). Then, at the time of settlement, the EC site 20 executes transaction information setting processing (step S2-9). Thereby, the contents of the transaction can be provided to the relay server 40.

  Further, the relay server 40 executes transaction information accumulation processing (step S3-4). Then, the relay server 40 provides the transaction information recorded in the transaction information storage unit 45 to the bank server 30. Thereby, in the bank server 30, marketing can be performed in a timely and efficient manner by linking the bank holding information and the transaction information.

(3) In the present embodiment, the EC site 20 executes a delivery destination selection screen output process (step S2-4). And the relay server 40 performs the provision process of address information (step S3-1). Thereby, the efficiency of the transaction in the EC server 10 can be supported using the information held by the bank server 30.
(4) In this embodiment, the monitoring server 60 executes a monitoring process. Thereby, alteration of SDK50 can be suppressed and security can be ensured.

In addition, you may change each said embodiment as follows.
In the above embodiment, the monitoring server 60 executes the monitoring process (step S5-1) and the determination process (step S5-2) as to whether or not tampering has occurred. Here, tampering is detected by comparing the SDK 50 with the template. The tampering detection method is not limited to this. For example, the SDK 50 may detect tampering. Specifically, when the SDK 50 detects an operation different from a predetermined operation (behavior) due to tampering, it determines that tampering has occurred and notifies the monitoring server 60 of it. Then, access to the relay server 40 by the SDK 50 is stopped.

  In the above embodiment, the relay server 40 executes transaction information provision processing (step S3-4). The timing for providing transaction information to the bank server 30 is not limited to real time. Transaction information may be provided periodically by batch processing. Also in this case, the transaction information and the bank holding information can be efficiently linked by shortening the batch processing timing.

  In the above embodiment, the relay server 40 executes a token issuing process (step S1-4). A token (cookie) including a unique code obtained by encrypting the user ID is given. Tokens for identifying users are not limited to cookies. For example, a script for changing a password every time may be provided to the EC site 20.

  DESCRIPTION OF SYMBOLS 10 ... EC server, 20 ... EC site, 30 ... Bank server, 40 ... Relay server, 41 ... Authentication API, 42 ... Transfer API, 43 ... Transaction API, 45 ... Transaction information storage part, 50 ... SDK, 60 ... Monitoring server .

Claims (5)

A bank service system including a linkage tool stored in a web page provided by a transaction server, and a relay server having a transfer API and a transaction API for accessing the bank server,
The transfer API is an API for accessing account information of the bank server,
The transaction API is an API for acquiring transaction information transmitted to the transaction server,
In the web page, when a payment instruction is input based on the transaction information, the transfer API includes a transfer instruction including payment information,
Based on the transfer instruction, the transaction API obtains transaction information,
A bank service system, wherein the settlement information and the transaction information are associated and recorded in a transaction storage unit. The relay server further includes a user authentication API for accessing customer information of the bank server,
When authentication information is input on the web page, the user authentication API acquires authentication information and performs user authentication.
Providing the web page with a token with an expiration date indicating that user authentication has been completed;
The banking service system according to claim 1, wherein the cooperation tool accesses the transaction API using a token within the expiration date. Determine whether the cooperation tool embedded in the web page has been tampered with,
3. The bank service system according to claim 1, wherein when it is determined that falsification has occurred, use of the transfer API and transaction API of the relay server is stopped. When the cooperation tool detects an address input field in the web page, it acquires customer address information from the customer information storage unit of the bank server via the authentication API of the relay server,
It sets to the address input column of the said web page, The bank service system as described in any one of Claims 1-3 characterized by the above-mentioned. A method for providing bank service using a bank service system including a linkage tool stored in a web page provided by a transaction server, and a relay server having a transfer API and a transaction API for accessing the bank server,
The transfer API is an API for accessing account information of the bank server,
The transaction API is an API for acquiring transaction information transmitted to the transaction server,
In the web page, when a payment instruction is input based on the transaction information, the transfer API includes a transfer instruction including payment information,
Based on the transfer instruction, the transaction API obtains transaction information,
A bank service method, wherein the settlement information and the transaction information are associated and recorded in a transaction storage unit.