JP2021179784A - Card reader and settlement system - Google Patents

Abstract

To provide a card reader capable of outputting the partial number of a credit card.SOLUTION: A card information acquirement section 100 acquires card information 300 from a card medium. A card type determination section 110 determines whether the card medium is a credit card or a non-credit card, from the card information 300 acquired by the card information acquirement section 100. A data generation section 120, when the type of a card medium determined by the card type determination section 110 is a credit card, generates a truncation data 310 which masks a part of a card number included in the card information 300.SELECTED DRAWING: Figure 1

Description

The present invention relates to a card reader and a payment system, and more particularly to a card reader and a payment system using a credit card.

Conventionally, there have been payment systems for making payments using various types of card-shaped recording media (hereinafter referred to as card media). In such a payment system, for example, a user may be specified by a so-called "house card" such as a medical examination ticket of a hospital or a point card, and then payment may be made by a "credit card" for payment of money. That is, in the conventional payment system, two types of card media may be used during one payment.

As such a conventional payment system, for example, referring to Patent Document 1, an automated teller machine that processes an accepted card, which is an accepted card, is described. The automated teller machine of Patent Document 1 indicates a card information acquisition unit that acquires card information stored in an accepted card, a specific unit that specifies the type of accepted card from the card information, and a type of card that should be accepted. It includes a type information acquisition unit that acquires type information and a processing unit that executes processing for card information based on the processing information switched by the processing setting unit. On top of this, if the type of card to be accepted is the type of card for which card information should not be encrypted and the type of accepted card is the type of card for which card information should be encrypted, the processing unit shall perform card information. To erase.
That is, in the technique of Patent Document 1, when a credit card is inserted in a waiting state of a non-credit card such as a house card, the card information is erased.

Japanese Unexamined Patent Publication No. 2019-109723

However, in a conventional payment system as described in Patent Document 1, when a credit card is inserted while waiting for a credit card, the card is used from security and legal requirements to a server for payment of the credit card. The information was encrypted and transferred. Therefore, there is a problem that the credit card number cannot be displayed or printed at all on the higher-level device that outputs the payment result.

The present invention has been made in view of such a situation, and an object of the present invention is to make it possible to output at least a part of a credit card number in a higher-level device that outputs a payment result, and to solve the above-mentioned problem. do.

The card reader of the present invention is a card that determines whether the card medium is a credit card or a non-credit card from the card information acquisition unit that acquires card information from the card medium and the card information acquired by the card information acquisition unit. A type determination unit and a data generation unit that generates truncation data in which a part of the card number included in the card information is masked when the type of the card medium determined by the card type determination unit is a credit card. It is characterized by having.
With this configuration, at least a part of the credit card number can be output.

The card reader of the present invention is characterized in that the truncation data includes a part or all of the upper digit or the lower digit specified in the PCI DSS standard.
With this configuration, it is possible to output a number that can be recognized by the user, while responding to the demands of curity and decree.

In the card reader of the present invention, when the type of the card medium is a non-credit card, the data generation unit transmits all the digits of the card medium to the connected higher-level device without encryption, and the card medium. When the type of is a credit card, the truncation data can be transmitted without being encrypted in response to a request from a connected higher-level device.
With this configuration, it is possible to transmit truncation data in plain text (unencrypted state), hold it in a host device, and use it while making a secure payment with a credit card.

In the card reader of the present invention, the data generation unit generates the truncation data when the type of the card medium is a credit card but the instruction from the host device is not in the state of waiting for the credit card to be read. Is not deleted or transmitted to the higher-level device.
With this configuration, even if the credit card is inserted and read by mistake, the truncation data can be prevented from being acquired by the host device.

The payment processing system of the present invention is a payment processing system including a card reader that reads out a card medium and a higher-level device that is connected to the card reader to perform payment processing, and the card reader is a card information from the card medium. From the card information acquisition unit that acquires the card information, the card type determination unit that determines whether the card medium is a credit card or a non-credit card, and the card type determination unit that determines whether the card medium is a credit card or a non-credit card. When the type of the card medium is a credit card, the host device includes a data generation unit that generates truncation data by masking a part of the card number included in the card information, and the higher-level device is from the card reader. It is characterized by including a data acquisition unit for acquiring the truncation data and a data output unit for including the truncation data acquired by the data acquisition unit in payment information in the payment processing and outputting the data.
With this configuration, at least a part of the credit card number can be output by the host device.

According to the present invention, when the type of the determined card medium is a credit card, a part of the credit card number is generated by generating truncation data in which a part of the card number included in the card information is masked. It is possible to provide a card reader capable of outputting.

It is a system block diagram of the payment system X which concerns on embodiment of this invention. It is a conceptual diagram of the card information and truncation data shown in FIG. It is a flowchart of the settlement process which concerns on embodiment of this invention. It is a flowchart of the reading data transmission processing shown in FIG. FIG. 3 is a conceptual diagram showing data creation and transmission of the read data transmission process shown in FIG.

<Embodiment>
[Payment system configuration]
First, the configuration of the payment system X according to the embodiment of the present invention will be described with reference to FIGS. 1 and 2.
The payment system X includes a card reader 1 and a host device 2 on which the card reader 1 is mounted.
In the present embodiment, the card reader 1 and the host device 2 are connected by a LAN (Local Area Network) such as USB (Universal Serial Bus), RS-232C, and Ethernet (registered trademark) (Ethernet).
Further, in the present embodiment, the higher-level device 2 of the payment system X is connected to the server 3 for credit card payment via a WAN (Wide Area Network) such as a dedicated line or the Internet.

The card reader 1 is an example of a device that is controlled by the host device 2 and can read (read) or write (write) the card medium 4. The card reader 1 is a manual or motor transfer type card reader / writer device. In the case of the manual type, the user manually inserts the card medium 4 into the apparatus and pulls out the card medium 4 from the inside of the apparatus to reproduce the data recorded on the card medium 4. In the case of the motor transport type, the card reader 1 executes various processes of transporting and reading / writing the card medium 4 by a command from the host device 2.

The host device 2 is, for example, a terminal of a hospital settlement (payment) system, another payment system, a kiosk, a transportation ticket issuing system, a point card payment system such as a convenience store, or a retail store member card issuing system. And so on. Alternatively, a PC (Personal Computer), a cash register, or other payment terminal can be used as the host device 2.

The server 3 is a secure server or the like that provides a service for making credit card payments.
The server 3 may be connected to a server of another bank or a card company. In addition, various other information on payment can be obtained from the server 3 and other servers.

The card medium 4 is a card-shaped magnetic recording medium such as a rectangular vinyl chloride card having a thickness of about 0.7 to 0.8 mm, an IC card, a non-contact type IC card, or the like. In the case of a magnetic recording medium, a magnetic stripe on which a magnetic signal is stored is formed on one surface of the card medium 4. In the case of an IC card, the card medium 4 may include, for example, a contact for connecting to the card reader 1 and an IC chip including a storage area and an MPU (Micro Processing Unit). In the case of a non-contact type IC card, an electromagnetic induction antenna for short-range radio is built in. The card medium 4 may be a recording medium in which any or all of these are combined. In addition, as the card medium 4, a mobile terminal such as a mobile phone or a smartphone used by the user can also be used for transactions.

In the present embodiment, an example in which the card information 300 for payment as a credit card or a non-credit card is recorded on the magnetic stripe on the card medium 4 will be described. In the present embodiment, the credit card is a card used for payment by a bank or the like. Non-credit cards include, for example, so-called "house cards" such as medical examination tickets for hospitals, transportation cards, point cards for retail stores, and member cards.

In addition to this, in the present embodiment, the host device 2 is connected to a business server for settlement (not shown). This business server is a business server for hospitals, transportation facilities, retail stores, service providers, and the like.

Next, the control configuration of the payment system X will be described.
The card reader 1 includes a control unit 10, a storage unit 11, and a magnetic head 12.
The host device 2 includes a control unit 20, a storage unit 21, an input unit 22, a display unit 23, and a printing unit 24.

The control unit 10 controls the entire card reader 1. The control unit 10 is a control calculation means including, for example, a CPU (Central Processing Unit), an MPU (Micro Processing Unit), a DSP (Digital Signal Processor), an ASIC (Application Specific Integrated Circuit), and the like.

The storage unit 11 is a recording medium that stores various setting values of the card reader 1, a control program, temporary data, and the like. Of these various set values, the details of the set values related to transactions will be described later. The control program is firmware or the like for controlling the entire card reader 1 and reading or writing the card medium 4.

The storage unit 11 includes a volatile recording medium such as RAM and a non-volatile recording medium such as ROM.
Of these, the ROM includes, for example, a recording medium such as a flash memory, EEPROM, ReRAM, or FeRAM.

The magnetic head 12 is a reading unit that reads the recorded information of the card medium 4. Specifically, the magnetic head 12 reads out the recorded information written on the magnetic stripe of the card medium 4 as a magnetic signal and reproduces it. The magnetic signal such as the magnetic stripe of the card medium 4 read by the magnetic head 12 is output as an analog signal, and is converted into a digital signal by a magnetic information processing circuit (not shown) and output. Here, the magnetic head 12 may be an encrypted magnetic head having a built-in encryption circuit or MPU (Micro Processing Unit) that encrypts the digital signal. In addition, in order to read and write the recorded information of the card medium 4, an IC contact other than the magnetic head, an NFC (Near-Field Communications, short-range radio) receiving circuit, an antenna, and the like may be further provided.

In addition to these, the card reader 1 includes LEDs (Light Emitting Diodes) that display the status of transactions, various buttons and DIP switches for setting, USB, RS-232C, etc. for connecting to the host device 2. Including interfaces, etc.

The control unit 20 controls the entire host device 2, for example, a CPU, an MPU, a DSP, an ASIC, a GPU (Graphics Processing Unit), or the like. The control unit 20 may include an accelerator circuit for high-speed coding and decoding of the cipher.

The storage unit 21 is a recording medium for storing various set values, control programs, temporary data, and the like of the host device 2. This control program includes an OS (Operating System), various application software (hereinafter, simply referred to as "application"), middleware that relays the card reader 1 and the host device 2, and the like.
The storage unit 21 includes a RAM, a ROM, an HDD (Hard Disk Drive), another optical recording medium, and the like.

The input unit 22 is an operation input unit including buttons such as a touch panel and a numeric keypad. In addition to this, the input unit 22 may include a biometric information input device such as a fingerprint, a vein pattern, an iris pattern, and a face recognition camera.

The display unit 23 is a liquid crystal display, an organic EL display, a vacuum fluorescent display, a dot matrix display including LEDs and the like.
The input unit 22 and the display unit 23 may be integrally formed like a touch panel display.

The printing unit 24 is a printing device such as a heat-sensitive method, a dot impact method, and an inkjet method. The printing unit 24 may be capable of printing using an ink ribbon or liquid ink. As a result, the printing unit 24 can record information about the payment on a recording paper such as a payment receipt or a receipt.

In addition to this, the host device includes a network connection unit for connecting to the server 3. In addition, the host device may include an audio output unit or the like that outputs audio.

Next, the functional configuration of the payment system X will be described.
The control unit 10 of the card reader 1 includes a card information acquisition unit 100, a card type determination unit 110, and a data generation unit 120.
The storage unit 11 stores the card information 300, the truncation data 310, and the state information 320.
The control unit 20 of the host device 2 includes a data acquisition unit 200 and a data output unit 210.
The storage unit 21 stores the truncation data 310 and the payment information 330.

The card information acquisition unit 100 acquires the card information 300 from the card medium. In the present embodiment, the card information acquisition unit 100 acquires the card information 300 based on the analog signal acquired by the magnetic head 12. At this time, the card information acquisition unit 100 can also decode the encrypted signal from the encrypted magnetic head and acquire it as the card information 300.

The card type determination unit 110 determines whether the card medium is a credit card or a non-credit card from the card information 300 acquired by the card information acquisition unit 100. Specifically, the card type determination unit 110 can determine whether the card information 300 is a credit card or a non-credit card other than the credit card from the PAN upper digit and the Luhn calculation result described later.

When the type of the card medium determined by the card type determination unit 110 is a credit card, the data generation unit 120 generates the truncation data 310 masking a part of the card number included in the card information 300.

Further, when the type of the card medium is a non-credit card, the data generation unit 120 can transmit all the digits of the card medium to the connected higher-level device without encryption. On the other hand, when the type of the card medium is a credit card, the data generation unit 120 can transmit the truncation data 310 without encryption in response to a request from the connected higher-level device.
In addition, the data generation unit 120 does not delete or transmit the generated truncation data 310 to the higher-level device when the type of the card medium is a credit card but the instruction from the higher-level device is not in the credit card waiting state. It is possible to configure it as follows.

The data acquisition unit 200 acquires the truncation data 310 from the card reader 1. More specifically, the data acquisition unit 200 can acquire the encrypted credit card card information 300 while waiting for the credit card.

The data output unit 210 includes the truncation data 310 acquired by the data acquisition unit 200 in the payment information 330 in the payment process and outputs the data. At this time, the data output unit 210 can print, for example, a part or all of the truncation data 310 on a receipt, a receipt, or the like by the printing unit 24.

The card information 300 is information for identifying the card medium 4 recorded on the magnetic stripe or the like of the card medium 4. In the present embodiment, an example in which 14 to 16 digit information such as PAN (Primary Account Number) information described below is used as the card information 300 is shown. In the case of a house card, an arbitrary value is set at the position of each digit of the PAN information by the provider of the card medium 4. In addition to this, the card information 300 may include other information recorded on the card medium 4.

Here, an example of the card information 300 will be described with reference to FIGS. 2 (a) and 2 (b).
FIG. 2A shows an example in which PAN information is used as card information 300-1 of a credit card. Here, the PAN information indicates a user's card number, and the number is different for each user.
FIG. 2B shows an example in which house card information is used as card information 300-2 of a house card, which is an example of a non-credit card. The card information 300-2 is arbitrary information recorded at a position where the PAN information of the credit card is recorded, and the number of digits is also variable. That is, with a non-credit card, it is possible to use arbitrary information instead of the PAN information according to the configuration of the payment system X.

The truncation data 310 is information that masks a part of the card number of the credit card. In the present embodiment, the truncation data 310 includes some or all of the high-order digits or low-order digits specified in the PCI DSS standard among the above-mentioned PAN information.

Here, an example of the truncation data 310 will be described with reference to FIG. 2 (c).
FIG. 3C shows an example in which the truncation data 310 uses 6 digits for the first half digit number of the PAN information and 4 digits for the second half digit number of the PAN information. That is, for the 7 to 12 digits to be masked, numerical values and characters different from the value of the relevant digit of the card information 300, such as "0", "1", "N (None)", and a random number, are set. (Hereinafter referred to as "trancation"). This transcribed part is output as "*" (asterisk) or the like when printed so that the entire card number cannot be specified.

The status information 320 is information indicating the status of the card reader 1 corresponding to the command from the host device. In the present embodiment, as the state information 320, for example, information such as a flag indicating whether the house card is in the read waiting state or the credit card is in the read waiting state is used.

The payment information 330 is information on payment (settlement) using a house card and a credit card in the payment system X of the present embodiment. In the present embodiment, the payment information 330 includes, for example, information printed on a receipt, a receipt, or the like as text data, XML data, or the like.

Here, the control unit 10 of the card reader 1 functions as a card information acquisition unit 100, a card type determination unit 110, and a data generation unit 120 by executing a control program including firmware and the like stored in the storage unit 11. do.
The control unit 10 of the host device 2 functions as a data acquisition unit 200 and a data output unit 210 by executing a control program including firmware, an OS (Operating System), application software, etc. stored in the storage unit 11.
The data stored in the storage unit 11 and the storage unit 21 may be variable depending on the processing state, procedure, and the like.

[Payment processing]
Next, the settlement process according to the embodiment of the present invention will be described with reference to FIGS. 3 to 5.
In the payment process of the present embodiment, the card information 300 is read by the card reader 1 in the order of the house card and the credit card, and the payment is made.
When reading this credit card, the host device 2 acquires truncation data 310 from the card reader 1. Then, the acquired truncation data 310 is included in the payment information 330 in the payment processing and output.

In the settlement process of the present embodiment, the control unit 10 and the control unit 20 mainly execute the control program stored in the storage unit 11 and the storage unit 21 in cooperation with each unit and use the hardware resources.
Hereinafter, first, the main processing of the payment processing of the present embodiment will be described step by step by using the flowchart of FIG. Here, in the flowchart of FIG. 3, the transmission / reception of plaintext (unencrypted state) data and commands is mainly shown by a one-dot chain line, and the transmission / reception of encrypted data is shown by a two-dot chain line.

(Step S201)
First, the data acquisition unit 200 of the host device 2 performs the house card standby process.
After the start of payment, the data acquisition unit 200 displays on the display unit 23 instructing the display unit 23 to insert, for example, a house card as a non-credit card.
Then, the data acquisition unit 200 transmits a command to acquire the card information 300 of the house card, which is a non-credit card, to the card reader 1.

(Step S101)
Next, the card information acquisition unit 100, the card type determination unit 110, and the data generation unit 120 of the card reader 1 perform read data transmission processing. Here, the state information 320 is set to the read waiting state of the house card. Then, the house card information is transmitted in plain text.
The details of this process will be described later.

(Step S202)
Here, the data output unit 210 of the host device 2 performs house card processing.
The data output unit 210 identifies a user based on the card information 300 of the house card and performs various payment processes. Specifically, for example, when the card medium 4 is a medical examination ticket or a point card, the data output unit 210 separately connects to a business server to calculate the payment amount of the user, or payment information including the calculation result. It is possible to acquire 330.
In the above-mentioned read data transmission process, the data output unit 210 warns the user to insert the correct house card or cancels the payment when an error is returned.

(Step S203)
Next, the data acquisition unit 200 of the host device 2 performs the credit card standby process.
After processing the house card, the data acquisition unit 200 displays a display instructing the display unit 23 to insert the credit card when the user selects payment by the credit card.
Then, the data acquisition unit 200 transmits a command for acquiring the card information 300 of the credit card to the card reader 1.

(Step S102)
Here, the card information acquisition unit 100, the card type determination unit 110, and the data generation unit 120 of the card reader 1 perform the read data transmission process. The processing content itself is the same as in step S101 described above.
However, here, the state information 320 is set to the credit card read-waiting state. Then, the credit card information is transmitted by the encrypted data.
The host device 2 that has received the encrypted data transfers it to the server 3 as it is.

(Step S301)
Next, the server 3 performs credit card payment processing.
The server 3 acquires the encrypted card number (encrypted data) of the credit card acquired by the card reader 1 via the host device 2 and makes a payment. At this time, the server 3 can also acquire the personal identification number, biometric information, signature, and the like input by the input unit 22 of the host device 2. The data of these credit cards is not retained by the card reader 1 and the host device 2 except for the truncation data 310 due to security and legal requirements.
The server 3 returns the payment result data to the host device 2.

(Step S204)
Next, the data output unit 210 of the host device 2 performs the result printing process.
When the data output unit 210 acquires the payment result data, the printing unit 24 renders (draws) the payment information 330 and prints it on a receipt, a receipt, or the like. At this time, the data output unit 210 can include at least a part of the truncation data 310 in the payment information 330 and print it on a recording paper for output. For example, the data output unit 210 can output the last four digits of the credit card information 300 and the like as card details on a recording paper.
As described above, the settlement process according to the embodiment of the present invention is completed.

Next, the details of the read data transmission process in steps S101 and S102 of FIG. 3 will be described.
In this read data transmission process, first, the card information 300 is acquired from the card medium. Then, from the acquired card information 300, it is determined whether the card medium is a credit card or a non-credit card. In the present embodiment, it is determined whether the card medium 4 inserted in the card reader 1 is a credit card or a house card, and the operation is changed according to the determination result. When the determined card medium type is a credit card, the truncation data 310 is generated by masking a part of the card number included in the card information 300.
Hereinafter, the details of the read data transmission process will be described step by step with reference to the flowchart of FIG. 4 and the conceptual diagram of FIG.

(Step S110)
First, the card information acquisition unit 100 performs a command reception process.
The card information acquisition unit 100 receives a command to acquire card information 300 of a credit card or a non-credit card. In the present embodiment, as a non-credit card, a command for acquiring card information 300 of a house card is received.
Then, the card information acquisition unit 100 sets the status information 320 to the read waiting state of the credit card or the non-credit card in response to this command.

(Step S111)
Next, the card information acquisition unit 100 performs the card information acquisition process.
The card information acquisition unit 100 acquires the card information 300 of the card medium 4 read by the magnetic head 12 and temporarily stores it in the storage unit 11. At this time, the card information acquisition unit 100 acquires all the information recorded on the card medium 4. That is, the card information acquisition unit 100 acquires the card information 300 including the values of the positions of all the digits corresponding to the PAN information.

(Step S112)
Next, the card type determination unit 110 performs a high-order digit acquisition process.
The card type determination unit 110 acquires the data of the PAN upper digit position of the card information 300. Specifically, the card type determination unit 110 has, for example, an issuer identification number (IIN) or a bank identification number (Bank Identification Number, BIN) among the parts corresponding to the PAN information of the card information 300. It is possible to acquire the upper (first) 6 digits to be called.

(Step S113)
Next, the card type determination unit 110 determines whether or not the acquired high-order digit is the high-order digit of the credit card.
The card type determination unit 110 determines whether or not the acquired high-order digit is a credit card. Specifically, for example, the card type determination unit 110 conforms to the major industry identifier (MII) in which the most significant digit of the upper digits of the acquired card information 300 indicates the credit card issuer. , If it is clear that the remaining digits are also an international brand or card issuer, it is judged as Yes. The card type determination unit 110 determines No in other cases, that is, in the case where the above-mentioned industrial classification and classification of the highest digit is not a credit card, the remaining digits are unknown, and the like. ..
In the case of Yes, the card type determination unit 110 advances the process to step S114.
If No, the card type determination unit 110 advances the process to step S120.

(Step S114)
If it is the upper digit of the credit card, the card type determination unit 110 performs Luhn calculation processing.
The card type determination unit 110 performs calculations by the Luhn algorithm or the like defined in ISO / IEC 7812-1 for each digit of the position corresponding to the PAN information. The card type determination unit 110 temporarily stores the calculation result in the storage unit 11.

(Step S115)
Next, the card type determination unit 110 determines whether or not the Luhn calculation result and the end match.
The card type determination unit 110 determines whether or not the value of the lowest (final) digit of the card information 300 corresponds to the calculation result in the above-mentioned Luhn algorithm. That is, the card type determination unit 110 checks the "check digit" which is the last number of the credit card number. The card type determination unit 110 determines Yes when the value of the lowest digit at the position corresponding to the PAN information of the card information 300 matches the calculation result. In this case, the card type determination unit 110 determines that the card is a credit card.
In other cases, the card type determination unit 110 determines No. In this case, the card type determination unit 110 determines that the card is a non-credit card and, in the present embodiment, is a house card.
In the case of Yes, the card type determination unit 110 advances the process to step S116.
If No, the card type determination unit 110 advances the process to step S120.

(Step S116)
In the case of a credit card, the data generation unit 120 performs a truncation data generation process.
The data generation unit 120 generates truncation data 310 in which a part of the card number included in the card information 300 is masked. Specifically, the data generation unit 120 creates the truncation data 310 including a part or all of the upper digit or the lower digit defined in the PCI DSS standard. In the present embodiment, the data generation unit 120 generates data in which 7 to 12 digits of the PAN information as shown in FIG. 2 (c) above are truncated.

(Step S117)
Next, the data generation unit 120 determines whether or not the credit card is waiting.
The data generation unit 120 refers to the state information 320, and determines Yes when the credit card is in the read waiting state due to the reception of the command.
In other cases, the data generation unit 120 determines No.
In the case of Yes, the data generation unit 120 advances the process to step S118.
If No, the data generation unit 120 advances the process to step S119.

(Step S118)
When the credit card is in the read waiting state, the data generation unit 120 performs the credit card transmission process.
This process is the process when the credit card is inserted while waiting for the credit card to be read.
Explaining with reference to FIG. 5A, the data generation unit 120 encrypts the card information 300 of the credit card and temporarily transmits the encrypted data to the host device 2. On this basis, the data generation unit 120 also transmits the truncation data 310 to the host device 2 in plain text.
After that, the data generation unit 120 ends the read data transmission process.

(Step S119)
If the credit card is not in the read waiting state, the data generation unit 120 performs a data erasure process.
In the present embodiment, this process is a process when the type of the card medium 4 is a credit card, but the instruction from the host device 2 is in a state of waiting for reading the house card or the like.
Explaining with reference to FIG. 5B, in the present embodiment, the data generation unit 120 erases (deletes) the truncation data 310 from the storage unit 11 and does not transmit it to the host device 2. Alternatively, the data generation unit 120 may not simply delete the truncation data 310 but simply not transmit it. In this case, the same area for storing the card information 300 of the storage unit 11 may be overwritten when the truncation data 310 is generated next time.
On this basis, the data generation unit 120 notifies the host device 2 of an error indicating that the credit card has been inserted.
After that, the data generation unit 120 ends the read data transmission process.

(Step S120)
Here, the data generation unit 120 performs a house card transmission process.
In the present embodiment, this process is a process when the house card is inserted regardless of whether the credit card or the house card is waiting to be read.
Explaining with reference to FIG. 5C, the data generation unit 120 does not encrypt the card information 300, which is the position information corresponding to the PAN information recorded on the house card, which is a non-credit card, and is in plain text (unencrypted data). To send to the host device 2. That is, the data generation unit 120 transmits the values of all the digits of the card medium 4 to the higher-level device 2 connected to the card reader 1 without encryption.

As a result, when the card information 300 is transmitted while waiting for the house card to be read, the host device 2 that has acquired the card information 300 can execute the house card process. On the other hand, when the house card is read while waiting for the credit card to be read, the host device 2 displays an error such as "Please insert the credit card" on the display unit 23, and the credit card again. It is possible to ask for an insertion.
As described above, the read data transmission process according to the embodiment of the present invention is completed.

[Main effects of this embodiment]
With the above configuration, the following effects can be obtained.
In the card reader 1 according to the embodiment of the present invention, whether the card medium 4 is a credit card from the card information acquisition unit 100 that acquires the card information 300 from the card medium and the card information 300 acquired by the card information acquisition unit 100. When the type of the card medium determined by the card type determination unit 110 for determining whether the card is a non-credit card and the card type determination unit 110 is a credit card, truncation masking a part of the card number included in the card information 300. It is characterized by including a data generation unit 120 that generates data 310.
With this configuration, a part of the credit card number can be output. Specifically, since the credit card number is truncated, it can be retained without being encrypted by the card reader 1 or the host device 2. As a result, although the card number cannot be specified in the host device 2, it is possible to print with a number that can be recognized by the user. That is, for example, the last four digits of the card number can be printed on a receipt, a receipt, or the like. Therefore, it is possible to improve the convenience of the user while making it possible to present a part of the card number in accordance with the provisions of the installment sales method and the like.

The card reader 1 according to the embodiment of the present invention is characterized in that the truncation data 310 includes a part or all of the upper digit or the lower digit specified in the PCI DSS standard.
With this configuration, truncation data 310 required by security and decree can be prepared, and based on this, a number that can be recognized by the user can be printed on a receipt, a receipt, or the like. ..

In the card reader 1 according to the embodiment of the present invention, when the type of the card medium 4 is a non-credit card, the data generation unit 120 does not encrypt all the digits of the card medium 4 to the connected higher-level device 2. When the type of the card medium 4 is a credit card, the truncation data 310 can be transmitted without being encrypted in response to a request from the connected host device 2.
With this configuration, the truncation data 310 can be transmitted in plain text and held and used by the host device 2 while the credit card is safely settled. Further, the processing load and the like can be reduced as compared with the case where the truncation data 310 is encrypted and transmitted.

In the card reader 1 according to the embodiment of the present invention, when the data generation unit 120 has a credit card as the type of the card medium 4, but the instruction from the host device 2 is not in the state of waiting for the credit card to be read. , The generated truncation data 310 is not deleted or transmitted to a higher-level device.
With this configuration, even if the credit card is mistakenly inserted and read, the generated truncation data 310 can be prevented from being acquired by the host device 2. As a result, security can be enhanced and the truncation data 310 can be effectively utilized.

The payment system X according to the embodiment of the present invention is a payment system including a card reader 1 for reading a card medium and a higher-level device 2 connected to the card reader 1 to perform payment processing, and the card reader 1 is a payment system. , A card type determination unit that determines whether the card medium 4 is a credit card or a non-credit card from the card information acquisition unit 100 that acquires the card information 300 from the card medium 4 and the card information 300 acquired by the card information acquisition unit 100. When the type of the card medium 4 determined by the card type determination unit 110 is a credit card, the data generation unit 120 and the data generation unit 120 generate truncation data 310 masking a part of the card number included in the card information 300. The host device 2 includes a data acquisition unit 200 for acquiring truncation data 310 from a card reader and a truncation data 310 acquired by the data acquisition unit 200 in the payment information 330 in the payment process, and outputs the data output unit 2. It is characterized by having 210.
With this configuration, a part of the credit card number can be output by the printing unit 24 or the like of the host device 2, and the convenience of the user can be improved. That is, even in the payment system X that encrypts and transmits the card number to the server, the upper device 2 that is the payment terminal can print the last four digits of the card number on a receipt, a receipt, or the like.

[Other embodiments]
In the above-described embodiment, it is described that the card information 300 is deleted when the credit card is inserted while waiting for the house card to be read.
However, instead of deleting the card information 300 itself, the address information (address information) of the address of the storage area of the storage unit 11 in which the card information 300 is recorded may be deleted. That is, it is also possible to delete the pointer or the like of the card information 300.
With this configuration, the memory area of the storage unit 11 can be effectively used.

Further, in the above-described embodiment, it is described that when the house card is inserted while waiting for the credit card to be read, the data of all digits of the card information 300 is transmitted in plain text.
However, in such a case, only the error may be notified to the host device 2, or only a part of the house card information 300 may be transmitted.
With such a configuration, it becomes possible to immediately grasp that the wrong card has been inserted in the higher-level device 2, and it is possible to reduce the processing load of the higher-level device 2. In addition, security can be further improved.

Further, in the above-described embodiment, even if the Luhn calculation result does not match the check digit, the card information 300 is described as being transmitted to the host device 2 in plain text as it is.
However, in such a case, it is possible to use an unauthorized card or send a reading error to that effect to the host device 2. Further, this information may be stored in the card reader 1 or may be impossible to read.
With such a configuration, it is possible to further enhance security and contribute to crime prevention by counterfeit cards and the like.

Further, in the above-described embodiment, it is described that the house card is read and then the credit card is read in the payment processing.
However, it may be configured to read the house card after paying with a credit card. In this case, it is also possible to perform house card processing, confirm the intention of the user, and then send the encrypted data to the server 3 to perform the actual payment.
Alternatively, it is possible to use a non-credit card other than a house card, or to read a plurality of house cards such as a point card and a card of another service. Further, when the user pays by cash or the like, it is not necessary to read the credit card itself.
With this configuration, it is possible to support various payment system configurations.

Further, in the above-described embodiment, an example is described in which the server 3 is a server that provides a payment service for making a credit card payment. Further, in the above-described embodiment, it is described that the host device 2 is separately connected to the business server for settlement.
However, payment and payment by credit card may be possible only with the host device 2 and the server 3. Alternatively, the server 3 may also have the function of the above-mentioned business server. Further, the business server may be configured by using a service on a so-called “cloud”.
In addition, in the above-described embodiment, an example in which the server 3 and the host device 2 are directly connected is described. However, it may be configured to be connected to the server 3 via the above-mentioned business server.
With such a configuration, it is possible to support a flexible payment system configuration using a credit card or a house card.

Further, in the above-described embodiment, an example in which the card reader 1 and the host device 2 are separate devices has been described.
However, it may be configured to use a payment terminal device (system) in which a card reader and a function corresponding to a higher-level device are integrated.
With such a configuration, it is possible to support a flexible configuration.

It is needless to say that the configuration and operation of the above-described embodiment are examples and can be appropriately modified and executed without departing from the spirit of the present invention.

1 Card reader 2 Upper device 3 Server 4 Card medium 10, 20 Control unit 11, 21 Storage unit 12 Magnetic head 22 Input unit 23 Display unit 24 Printing unit 100 Card information acquisition unit 110 Card type determination unit 120 Data generation unit 200 Data acquisition Unit 210 Data output unit 300, 300-1, 300-2 Card information 310 Traction data 320 Status information 330 Payment information X Payment system

Claims (5)

The card information acquisition unit that acquires card information from the card medium,
From the card information acquired by the card information acquisition unit, a card type determination unit for determining whether the card medium is a credit card or a non-credit card, and a card type determination unit.
When the type of the card medium determined by the card type determination unit is a credit card, it is characterized by including a data generation unit that generates truncation data by masking a part of the card number included in the card information. Card reader. The truncation data is
The card reader according to claim 1, wherein the card reader includes a part or all of the upper digit or the lower digit specified in the PCI DSS standard. The data generation unit
When the type of the card medium is a non-credit card, all the digits of the card medium are transmitted to the connected higher-level device without encryption.
The card reader according to claim 1 or 2, wherein when the type of the card medium is a credit card, the truncation data can be transmitted without being encrypted in response to a request from a connected host device. .. The data generation unit
Although the type of the card medium is a credit card, if the instruction from the higher-level device is not in the state of waiting for the credit card to be read, the generated truncation data is not deleted or transmitted to the higher-level device. The card reader according to claim 3. A payment system including a card reader that reads a card medium and a higher-level device that is connected to the card reader to perform payment processing.
The card reader
The card information acquisition unit that acquires card information from the card medium,
From the card information acquired by the card information acquisition unit, a card type determination unit for determining whether the card medium is a credit card or a non-credit card, and a card type determination unit.
When the type of the card medium determined by the card type determination unit is a credit card, it includes a data generation unit that generates truncation data by masking a part of the card number included in the card information.
The higher-level device is
A data acquisition unit that acquires the truncation data from the card reader,
A payment system including a data output unit that includes the truncation data acquired by the data acquisition unit in the payment information in the payment process and outputs the data.

Images