JP4564309B2 - Support server, support method and program for preventing unauthorized use of card - Google Patents

Description

  The present invention relates to a support server, a support method, and a program for supporting prevention of unauthorized use of a card. In particular, the present invention relates to a support server, a support method, and a program for detecting unauthorized use based on a card use history or a set range.

In recent years, information on a credit card or a cash card has been illegally read, and there has been a damage that merchandise is purchased using the information as a legitimate user of the card. To prevent this damage, when there is a request to use a card, the travel time between the place where this request is made and the place where the previous request was made is compared with the reference value. Thus, a method for determining whether or not the use of the current card is valid is known (for example, Patent Document 1).
JP 2002-123775 A

  The above method is effective when only the card information is read and the location of the card itself is separated from the location where the card is requested to be used, but the card itself is stolen and used. If the location of the card itself is close to the location where the card is requested to be used, it is difficult to detect fraud of the card.

  In order to solve the above-described problem, in the first embodiment of the present invention, a support server that supports prevention of unauthorized use of a card, when there is a request from the outside to use the card , The card identification information for identifying the card and the usage details acquisition unit for acquiring the usage details indicating the usage of the card from the outside, and the card usage information history stored in association with the card identification information of the card Read the usage history before the request stored in association with the card identification information corresponding to the request from the usage history storage unit, and the read usage content and usage acquisition unit responds to the request. And a divergence degree calculation unit that calculates a divergence degree by comparing the content of usage newly acquired from outside. In the above configuration, by detecting the case where the card is used with a different usage content from the previous one, it is possible to more reliably find the possibility that the card is illegally used by others other than the authorized user. . In particular, regardless of whether the card itself has been stolen or only the card information has been stolen, the possibility of unauthorized use can be found more reliably.

  In the support server, the external is an information processing terminal connected to a usage content acquisition unit via a network, and the usage content acquisition unit includes, as usage content, individual identification information of the information processing terminal, an IP address, a domain name, At least one of the cookies may be acquired. Thereby, in online transaction using an information processing terminal, it is possible to find a possibility that the card is illegally used.

  The support server may further include a use restriction unit that restricts use of the card when the degree of divergence calculated by the divergence degree calculation unit is larger than a predetermined threshold. In this case, the use restriction unit may restrict the use of the card by prohibiting the use of the card. This can prevent subsequent damage due to unauthorized use. Further, the use restriction unit may restrict the use of the card by lowering the card usage limit. Thereby, damage caused by unauthorized use can be suppressed.

  The support server may further include a warning transmission unit that transmits a warning to the outside requesting the use of the card when the divergence degree calculated by the divergence degree calculation unit is larger than a predetermined threshold. . As a result, it is possible to warn the store or the like that has requested the use of the card of the possibility that the use of the card is illegal.

  The support server stores terminal identification information for identifying a portable terminal carried by the card user, and when the divergence degree calculated by the divergence degree calculation unit is larger than a predetermined threshold, the terminal identification information is stored. You may further provide the warning transmission part which transmits a warning to the portable terminal which has. As a result, it is possible to warn a legitimate user of the card that the card may be used illegally.

  In the second aspect of the present invention, a support server that supports prevention of unauthorized use of a card, and permits use of a card selected by a valid user of the card prior to use of the card. The usage range storage unit that stores the usage range in association with the card identification information for identifying the card, and when there is a request from the outside to use the card, the card identification information of the card And a usage content acquisition unit for acquiring usage content indicating the content of using the card from the outside, and a usage range stored in association with the card identification information corresponding to the request is read from the permitted usage content storage unit, A usage content determination unit that determines whether or not the usage content newly acquired from the outside in response to the request is out of the usage range. In the above-described configuration, it is possible to find a possibility that the card is illegally used by detecting that use outside the range of use set by the authorized user of the card is requested. In particular, regardless of whether the card itself has been stolen or only the card information has been stolen, the possibility of unauthorized use can be found more reliably.

  In the support server, the outside includes an information processing terminal connected to the usage content acquisition unit via a network, and the usage content acquisition unit includes individual identification information of the information processing terminal, IP address, domain name, cookie as usage content You may acquire at least one of these. Thereby, in online transaction using an information processing terminal, it is possible to find a possibility that the card is illegally used.

  The support server may further include a use restriction unit that restricts use of the card when the use content determination unit inputs that the use content is out of the use range. In this case, the use restriction unit may restrict the use of the card by prohibiting the use of the card. This can prevent subsequent damage due to unauthorized use. Further, the use restriction unit may restrict the use of the card by lowering the card usage limit. Thereby, damage caused by unauthorized use can be suppressed.

  The support server may further include a warning transmission unit that transmits a warning to the outside requesting use of the card when the usage content determination unit inputs that the usage content is outside the usage range. As a result, it is possible to warn the store or the like that has requested the use of the card of the possibility that the use of the card is illegal.

  The support server stores terminal identification information for identifying a mobile terminal carried by a card user, and has terminal identification information when the usage content determination unit inputs that the usage content is outside the usage range. You may further provide the warning transmission part which transmits a warning to a portable terminal. As a result, it is possible to warn a legitimate user of the card that the card may be used illegally.

  In the third aspect of the present invention, a support server that assists in preventing unauthorized use of a card, and when there is a request to use the card from the outside, a card identification that identifies the card A usage content acquisition unit that acquires information and usage content indicating the usage of the card from the outside, a usage history storage unit that stores a history of card usage content in association with the card identification information of the card, and a request The card identification information associated with the usage content corresponding to the is read from the usage history storage unit, and the read card identification information is compared with the card identification information acquired from the outside in response to the request by the usage content acquisition unit. And an identification information comparison unit that outputs a message to that effect. In the above configuration, by detecting that a plurality of cards are used with the same usage content, it is possible to find a possibility that the card is illegally used. In particular, regardless of whether the card itself has been stolen or only the card information has been stolen, the possibility of unauthorized use can be found more reliably.

  According to a fourth aspect of the present invention, there is provided a support method for supporting the prevention of unauthorized use of a card, and a card identification for identifying the card when there is a request to use the card from the outside. Information on the use of the card and the contents of use of the card are acquired from the outside, the card use information history is stored in the use history storage unit in association with the card identification information of the card, and the card identification corresponding to the request Reads the usage contents before the request stored in association with the information from the usage history storage, and compares the read usage contents with the newly acquired usage contents corresponding to the request to calculate the degree of divergence To do. Thereby, the effect similar to the 1st form can be acquired.

  According to a fifth aspect of the present invention, there is provided a support method for assisting in preventing unauthorized use of a card, and permitting use of a card selected by an authorized card user prior to use of the card. When the usage range is stored in the usage range storage unit in association with the card identification information for identifying the card and there is a request to use the card from the outside, the card identification information of the card In addition, the usage content indicating the usage content of the card is acquired from the outside, the usage range stored in association with the card identification information corresponding to the request is read from the permitted usage content storage unit, It is determined whether or not the usage content newly acquired from the outside is outside the usage range. Thereby, the effect similar to a 2nd form can be acquired.

  According to a sixth aspect of the present invention, there is provided a support method for assisting in preventing unauthorized use of a card, and when there is a request to use the card from the outside, a card identification for identifying the card The usage history acquisition unit that acquires information and usage details indicating the usage of the card from the outside, and the card usage history is stored in the usage history storage unit in association with the card identification information of the card, and requested. The card identification information associated with the usage content corresponding to the card is read from the usage history storage unit, and the read card identification information is compared with the card identification information acquired from the outside in response to the request. Is output. Thereby, the same effect as the third embodiment can be obtained.

  According to a seventh aspect of the present invention, there is provided a computer program for assisting in preventing unauthorized use of a card, and when the computer is requested to use the card from the outside, the card is Card identification information to be identified and usage contents acquisition function for acquiring the usage contents indicating the usage of the card from the outside, usage history storage function for storing a history of card usage contents in association with the card identification information of the card The usage information before the request stored in association with the card identification information corresponding to the request is read from the usage history storage function, and the read usage content and the usage content acquisition function are newly added from the outside in response to the request. The divergence degree calculation function for calculating the degree of divergence by comparing the usage contents acquired in the above is realized. Thereby, the effect similar to the 1st form can be acquired.

  According to an eighth aspect of the present invention, there is provided a computer program for assisting in preventing unauthorized use of a card, the card selected by the authorized user of the card prior to use of the card. The usage range storage function stores the usage range in association with the card identification information for identifying the card, and when there is a request from the outside to use the card, Usage information acquisition function for acquiring the card identification information and the usage contents indicating the contents of using the card from the outside, and the usage range stored in association with the card identification information corresponding to the request is permitted. Read from the function and use content acquisition function responds to the request to determine whether the newly acquired use content is outside the use range To realize the use content judgment function. Thereby, the effect similar to a 2nd form can be acquired.

  According to a ninth aspect of the present invention, there is provided a computer program for assisting in preventing unauthorized use of a card, and the card for identifying the card when there is a request to use the card from the outside. A usage history acquisition function for acquiring identification information and usage details indicating the usage of the card from the outside, a usage history storage function for storing a history of card usage information in association with the card identification information of the card, and Read the card identification information associated with the usage content corresponding to the request from the usage history storage function, compare the read card identification information with the card identification information acquired from the outside in response to the usage content acquisition function, An identification information comparison function that outputs the fact when it does not match is realized. Thereby, the same effect as the third embodiment can be obtained.

  The above summary of the invention does not enumerate all the necessary features of the present invention, and sub-combinations of these feature groups can also be the invention.

  As is clear from the above description, according to the present invention, the possibility of unauthorized use of the card can be found more reliably. In particular, regardless of whether the card itself has been stolen or only the card information has been stolen, the possibility of unauthorized use can be found more reliably.

  Hereinafter, the present invention will be described through embodiments of the invention. However, the following embodiments do not limit the invention according to the scope of claims, and all combinations of features described in the embodiments are included. It is not necessarily essential for the solution of the invention.

  FIG. 1 is a configuration diagram of a support system using support servers 10, 12, and 14 according to an embodiment of the present invention. First, an embodiment using the support server 10 will be described. As shown in FIG. 1, the support system includes a support server 10, a PC 30, a card reading device 32, a shopping server 40, and a mobile terminal 50 that can communicate with each other via a network 20. An example of the network 20 is the Internet, but is not limited thereto, and may be a private line or a public telephone network.

  The card 60 is a card for purchasing products, and includes a credit card and a cash card. The card 60 is printed or engraved with a card identification number, and the card identification number is stored in a readable manner by a magnetic stripe or the like.

  The PC 30 is an example of an information processing terminal according to the present invention, and is operated by a user 70 having a card 60. For example, the PC 30 is installed in the home of the user 70. The PC 30 receives a request from the user 70 to use the card 60. Furthermore, based on the input from the user 70, the PC 30 transmits the usage content including the card identification information of the card 60, the item of the product, and the amount of money to the shopping server 40.

  The card reader 32 is also an example of an information processing terminal according to the present invention, and is installed in a store that provides merchandise. The card reading device 32 accepts a request to use the card 60 from the user 70 itself or a store clerk who has received a request from the user 70. Further, the card reader 32 reads the card identification number from the magnetic stripe of the card 60 by passing the card 60 through the slit, and further acquires the item and the amount of the commodity by key operation or bar code input, and these acquired cards The usage contents including the identification number, the item of the product, and the amount of money are transmitted to the shopping server 40.

  The shopping server 40 provides online shopping to the PC 30 using the web. When there is a request from the user 70 to perform online shopping using the card 60 via the PC 30, the shopping server 40 acquires the usage content from the PC 30. When the usage content is received, the shopping server 40 transmits to the support server 10 together with the usage content that the card 60 has been requested to be used. In this case, the shopping server 40 transmits identification information for identifying the PC 30, for example, the IP address of the PC 30 to the support server 10.

  The support server 10 is installed in, for example, a card company that manages transactions of the card 60. When there is a request from the user 70 to use the card 60 via the shopping server 40, the support server 10 compares the use history of the card 60 with the current use content, so that the card 60 It is determined whether there is a possibility of unauthorized use by request. Further, when there is a possibility that the card 60 is illegally used, the support server 10 warns the shopping server 40 or the card reading device 32 to that effect and restricts the use of the card 60.

  FIG. 2 is a functional diagram illustrating functions of the support server 10. The support server 10 includes a usage content acquisition unit 110, a usage history storage unit 120, a divergence degree calculation unit 130, a usage restriction unit 140, and a warning transmission unit 150.

  When there is a request from the card reader 32 to use the card 60, the usage content acquisition unit 110 displays the card identification information of the card 60 and the usage content indicating the content of using the card 60. 32. In addition, the usage content acquisition unit 110 acquires the usage content indicating the card identification information and the content of the card 60 from the shopping server 40 together with a request to use the card 60 from the shopping server 40. The usage content acquisition unit 110 transfers the newly acquired usage content to the divergence degree calculation unit 130 and writes the usage content in the usage history storage unit 120 when the use of the card 60 is approved.

  The usage history storage unit 120 receives the usage content of the card 60 from the usage content acquisition unit 110 and stores it in association with the card identification information of the card 60. The usage history storage unit 120 will be described in detail with reference to FIG.

  The divergence degree calculation unit 130 compares the usage content history stored in the usage history storage unit 120 with the usage content newly acquired by the usage content acquisition unit 110 for the card 60. First, the divergence degree calculation unit 130 receives the card identification information of the card 60 that is requested to be used from the usage content acquisition unit 110, and stores the usage content history stored in association with the received card identification information. Read from the usage history storage unit 120. Here, the divergence degree calculation unit 130 refers to the date and time when the request is received in the usage history storage unit 120 as the history of the usage content, and uses the usage content stored in association with the date and time before the request date and time. read out. Further, the divergence degree calculation unit 130 compares the usage content history read from the usage history storage unit 120 with the usage content newly acquired by the usage content acquisition unit 110 in response to the current request. Based on this comparison, the divergence degree calculation unit 130 calculates a divergence degree, which is the degree to which the new use contents in the card 60 are deviated from the previous use contents. The divergence degree calculation unit 130 passes the calculated divergence degree to the use restriction unit 140 and the warning transmission unit 150.

  The use restriction unit 140 restricts the use of the card 60 when the deviation degree calculated by the deviation degree calculation unit 130 is larger than a predetermined threshold. In this case, the use restriction unit 140 may restrict the use of the card 60 by prohibiting the use of the card 60. This can prevent subsequent damage due to unauthorized use. Further, the use restriction unit 140 may restrict the use of the card 60 by lowering the use limit of the card 60. As a result, it is possible to suppress damage caused by unauthorized use while allowing use of the card 60. In this case, the use restriction unit 140 has a table in which the use limit amount of the card 60 is reduced as the degree of divergence increases, and by using the divergence degree calculated by the divergence degree calculation unit 130 to this table, An amount may be set.

  The warning transmission unit 150 transmits a warning to the card reading device 32 or the shopping server 40 that requested use of the card 60 when the divergence degree calculated by the divergence degree calculation unit 130 is larger than a predetermined threshold. To do. For example, when the warning transmission unit 150 transmits a warning to the card reading device 32 or the shopping server 40 that has requested the use of the card 60, the use of the card 60 may be made to a store or an online shopping site that has requested the use of the card 60. The possibility of fraud can be warned. Further, the warning transmission unit 150 transmits a warning to the portable terminal 50 carried by the authorized user 70 of the card 60 when the degree of divergence is larger than a predetermined threshold. In this case, prior to the use of the card 60, the warning transmitting unit 150 authenticates the authorized user 70 of the card 60 with a password or the like, and then identifies the terminal identification information for identifying the portable terminal 50 carried by the user 70 Is obtained by input from the user 70 and stored. Based on the stored terminal identification information, the warning transmitter 150 transmits a warning to the mobile terminal 50 of the authorized user 70 of the card 60. An example of the mobile terminal 50 is a mobile phone. In this case, the warning transmission unit 150 stores a telephone number as terminal identification information. As a result, it is possible to warn the authorized user 70 of the card 60 of the possibility that the card 60 will be used illegally. Note that a warning may also be sent to the PC 30 to alert the user 70 who is currently trying to use the card 60.

  The recording medium 90 stores a program for causing the support server 10 to realize the functions of the usage content acquisition unit 110, the usage history storage unit 120, the divergence degree calculation unit 130, the usage restriction unit 140, and the warning transmission unit 150. The recording medium 90 may acquire the program via a network.

  FIG. 3 shows an example of usage content stored in the usage history storage unit 120. The usage history storage unit 120 stores a history of usage contents of the card 60 in association with the card identification information of the card 60. In the example illustrated in FIG. 3, the usage history storage unit 120 identifies an information processing terminal that identifies the information processing terminal that has transmitted the usage content of the card 60 in association with the date and time when the card 60 was used as the usage history. Information, the item and the amount of the product purchased by the card 60 are stored. In this example, the use history storage unit 120 stores the IP address of the information processing terminal as information processing terminal identification information. However, the information processing terminal identification information is not limited to this, and the usage history storage unit 120 may acquire at least one of the individual identification information of the information processing terminal, the domain name, and the cookie as the information.

  In addition to or instead of the date and time, the information processing terminal identification information, the item and the amount of money, the usage history storage unit 120 reads the PC 30 or card reading requesting the card 60 to be used. You may store the place where the apparatus 32 is set, or the delivery destination of goods.

  FIG. 4 shows the operation of the support system shown in FIGS. In FIG. 4, the case where the user 70 performs online shopping provided by the shopping server 40 using the PC 30 will be described as an example.

  First, the user 70 transmits a use request to the shopping server 40 indicating that the user wants to use the card 60 from the PC 30 (S100). In this case, the PC 30 also transmits information processing terminal identification information of the PC 30 such as an IP address to the shopping server 40. The shopping server 40 that has received this usage request requests the PC 30 for usage details (S120). As a result, the PC 30 transmits the requested usage content to the shopping server 40 (S130). The shopping server 40 that has received the usage content from the PC 30 transmits a support request for requesting support to the support server 10, the information processing terminal identification information of the PC 30, and the usage content (S110).

  The support server 10 calculates the divergence degree based on the usage content acquired from the shopping server 40 (S140). In this case, the divergence degree calculation unit 130 of the support server 10 compares the usage content history stored in the usage history storage unit 120 with the usage content newly acquired by the usage content acquisition unit 110 for the card 60. To do. First, the divergence degree calculation unit 130 receives the card identification information of the card 60 that is requested to be used from the usage content acquisition unit 110, and stores the usage content history stored in association with the received card identification information. Read from the usage history storage unit 120. Here, the divergence degree calculation unit 130 refers to the date and time when the request is received in the usage history storage unit 120 as the history of the usage content, and uses the usage content stored in association with the date and time before the request date and time. read out. Further, the divergence degree calculation unit 130 compares the usage content history read from the usage history storage unit 120 with the usage content newly acquired by the usage content acquisition unit 110 in response to the current request.

  As a result of this comparison, when there is no match or less in the use content history newly read from the use history storage unit 120, the divergence degree calculation unit 130 calculates a high divergence degree. . For example, when the divergence degree is a value from 1 to 0, and the newly acquired usage content does not match the usage history in the usage history storage unit 120, the divergence degree calculation unit 130 determines the divergence degree. Is calculated as 1. Further, the divergence degree calculation unit 130 calculates a reciprocal number obtained by adding 1 to the number of times that a match with the usage history stored in the usage history storage unit 120 is found as the divergence degree. For example, when the number of times found in the use history storage unit 120 is 3, the divergence degree calculation unit 130 calculates the divergence degree of the usage content as 0.25 (= 1 / (3 + 1)). Further, the divergence degree calculation unit 130 passes the calculated divergence degree to the use restriction unit 140 and the warning transmission unit 150. However, the method of calculating the degree of divergence is not limited to this.

  As an example, an operation in which the divergence degree calculation unit 130 calculates the divergence degree of the information processing terminal identification information will be described using the usage content history shown in FIG. Here, it is assumed that a request for using the card 60 with the card identification number “123XXX” is transmitted from the OC 30 with the information processing terminal identification information “160.8.200.XX”. In this case, the divergence degree calculation unit 130 stores the information processing terminal identification information “160.8.200.XX” of the PC 30 in the usage history storage unit 120 in association with the card identification number “123XXX”. Compare with information processing terminal identification information. In this example, the divergence degree calculation unit 130 finds one matching information processing terminal identification information in the usage history storage unit 120 and, based on this, sets the divergence degree of the information processing terminal identification information to 0.5 (= 1 / (1 + 1)).

  Further, when a plurality of items are stored as usage contents in the usage history storage unit 120, even if the usage history storage unit 120 stores which item the divergence level calculation unit 130 should calculate Good. In this case, the usage history storage unit 120 sets a flag for an item that causes the divergence degree calculation unit 130 to calculate the divergence degree, for example, information processing terminal information, and the divergence degree calculation unit 130 uses the usage history storage unit 120 from the usage history storage unit 120. When reading the contents, the flag may be detected, and the divergence degree may be calculated for the flagged item, for example, the information processing terminal identification information. Further, when a plurality of items of usage content are flagged, the divergence degree calculation unit 130 adds the individually calculated divergence degrees or weights them with a coefficient that is determined and stored in advance. Or the maximum value among the plurality of divergence degrees may be used as the divergence degree for the request of the card 60.

  The use restriction unit 140 determines whether or not the deviation degree received from the deviation degree calculation unit 130 is larger than a threshold value stored in advance in the use restriction unit 140. When the degree of divergence is smaller than the threshold value, the use restriction unit 140 approves a request for using the card 60 and transmits a message to that effect to the PC 30 and the shopping server 40 (S150, S160). On the other hand, when the divergence degree is larger than the threshold value, the use restriction unit 140 transmits information indicating that the use of the card 60 is restricted to the PC 30 and the shopping server 40, and the warning transmission unit 150 has the divergence degree larger than the threshold value. A warning to that effect is transmitted to the PC 30 and the shopping server 40. In this case, the warning transmission unit 150 may further transmit the warning to the mobile terminal 50 having the terminal identification information associated with the card identification information of the card 60.

  Shopping server 40 accepts purchase of a product from PC 30 when use of card 60 is approved by support server 10. Further, when the support server 10 restricts the use of the card 60, the shopping server 40 accepts purchase of a product from the PC 30 within a range where the use is restricted.

  The usage history storage unit 120 of the support server 10 stores the usage content acquired from the PC 30 via the shopping server 40 in the usage history storage unit 120 (S170). In this case, the warning transmission unit 150 of the support server 10 sets a flag in the usage history storage unit 120 for the usage content for which the degree of divergence is greater than the threshold. Further, in step S140, the warning transmitting unit 150 calculates the degree of divergence by excluding the flagged usage content from the usage content history stored in the usage history storage unit 120. Thereby, the degree of divergence can be calculated by multiplying the usage contents that may have been used illegally, and the possibility of illegal use can be detected more reliably. Prior to the warning transmission unit 150 setting the flag, the usage content acquisition unit 110 may write the usage content in the usage history storage unit 120 between step S130 and step S140, for example.

  As described above, according to the embodiment shown in FIGS. 1 to 4, it is possible to find a possibility that the card 60 is illegally used in the online transaction using the PC 30. In particular, by detecting the case where the card 60 is used with a different usage content from before, it is possible to find out the possibility that the card 60 is illegally used by other users other than the authorized user 70. . Further, the possibility of unauthorized use can be found more reliably regardless of whether the card 60 itself has been stolen or only the information on the card 60 has been stolen.

  In the embodiment shown in FIG. 4, when the PC 30 transmits a use request to the shopping server 40, the shopping server 40 requests and acquires the use content from the PC 30 and transmits it to the support server. However, the usage content acquisition method is not limited to this. For example, when the PC 30 transmits a use request to the shopping server 40, the shopping server 40 transmits a support request to the support server 10, and the support server 10 requests and acquires the use content from the PC 30 based on the support request. May be. In this case, in response to the use request, the shopping server 40 acquires the identification information of the PC 30 from the PC 30 and sends it to the support server 10 together with the support request. The support server 10 requests use contents from the PC 30 having this identification information. In the embodiment of FIG. 4, the example has been described in which the support server 10 approves or restricts the use of the card 60 in online shopping in which the PC 30 purchases a product from the shopping server 40, but the present invention is not limited thereto. I can't. For example, the support server 10 may approve or restrict the use of the card reading device 32 installed in the store. In this case, in step S100 of FIG. 4, the card reader 32 transmits a use request to the support server 10, and based on this, the operations of steps S120 to S140 are performed. In step S140, the degree of divergence is calculated, and as a result, whether to approve or restrict use of the card 60 is transmitted to the card reader 32, and the process proceeds to step S170. In this form, the operations in steps S110 and S150 are not necessary.

  In the embodiment shown in FIG. 1 to FIG. 4, the support server 10 detects the possibility that the card 60 is illegally used by comparing the history of use contents with the new use contents. However, the present invention is not limited to this.

  FIG. 5 is a functional diagram showing functions of another support server 12. The support server 12 shown in FIG. 5 sets a range in which the card 60 is used from a valid user 70 of the card 60 prior to use of the card 60, and compares the set range with new usage contents. Thus, the possibility that the card 60 is used illegally is detected. 5, the same functions as those of the support server 10 of FIG. 2 are denoted by the same reference numerals, and description thereof is omitted. The support server 12 illustrated in FIG. 5 includes a usage content acquisition unit 110, a usage range storage unit 220, a usage content determination unit 230, a usage restriction unit 140, and a warning transmission unit 150.

  Prior to the use of the card 60, the use range storage unit 220 inputs a use range that allows the use of the card 60 selected by an authorized user of the card 60 and associates it with card identification information that identifies the card 60. To store the usage range. The use range stored by the use range storage unit 220 will be described in detail with reference to FIG.

  The usage content determination unit 230 reads from the usage range storage unit 220 the usage range stored in association with the card identification information of the card 60 newly requested to be used. Furthermore, the usage content determination unit 230 determines whether or not the usage content newly acquired from the PC 30 or the card reader 32 by the usage content acquisition unit 110 via the shopping server 40 in response to the request is out of the usage range. . The use content determination unit 230 passes the determination result to the use restriction unit 140 and the warning transmission unit 150.

  The recording medium 92 stores a program that causes the support server 12 to realize the functions of the usage content acquisition unit 110, the usage range storage unit 220, the usage content determination unit 230, the usage restriction unit 140, and the warning transmission unit 150. The recording medium 92 may acquire the program via a network.

  FIG. 6 shows an example of the usage range stored in the usage range storage unit 220. Prior to use of the card 60, the use range storage unit 220 stores a use range that is a range in which the card 60 is used in association with the card identification information of the card 60. Thereby, the legitimate user 70 of the card 60 can set the range in which his / her card 60 is used by himself / herself.

  In the example illustrated in FIG. 6, the use range storage unit 220 stores date and time, information processing terminal identification information, location, and upper limit amount as the use range. In the example of the card “123XXX” illustrated in FIG. 6, the usage range storage unit 220 uses the IP address “27.40.62.XX”, which is an example of information processing terminal identification information, and the upper limit amount “ 300,000 yen "is stored. In the example of the card “123XXX”, the use range of the date and place is not set, and the use range storage unit 220 stores a symbol indicating that the use range is not set, for example, “*”. Here, the use range storage unit 220 may store a plurality of IP addresses, or may store a certain range, for example, “August” or “Japan” as the date and location.

  Note that the information processing terminal identification information is not limited to the IP address, and the usage range storage unit 220 may acquire at least one of the individual identification information of the information processing terminal, the domain name, and the cookie as the information. Thereby, in online transaction using an information processing terminal, it is possible to find a possibility that the card is illegally used.

  FIG. 7 shows the operation of the support system shown in FIGS. 1 and 5 to 6. In FIG. 7, the same operations as those in FIG. 4 are denoted by the same reference numerals as those in FIG.

  As illustrated in FIG. 7, the usage range storage unit 220 of the support server 10 acquires the usage range of the card 60 prior to the use of the card 60 (S200), and stores the acquired usage range (S210). In this case, for example, when the user 70 issues the card 60, the support server 10 may request the user 70 to input the use range, or the card company that issues the card 60. The employee may confirm that the user is a valid user 70 of the card 60 based on an identification card or the like, and then input to the support server 10 in response to an instruction from the user 70. Further, after the card 60 is issued, the user 70 accesses the support server 10 using the PC 30, and the support server 10 authenticates that the user 70 is a valid user of the card 60 using a password or the like. Then, the support server 10 may accept an input of the usage range of the card 60. Further, on the condition that it is authenticated that the card 60 is a legitimate user 70, the user 70 can change the usage range of the usage range storage unit 220 later using the PC 30 or the like. Good.

  When the user 70 uses the card 60, the operations in steps S100, S120, S130, and S110 are the same as those in FIG. Here, when the usage content acquisition unit 110 of the support server 10 acquires the usage content from the PC 30 via the shopping server 40 in step S130, the support server 10 uses the acquired usage content stored in the usage range storage unit 220. It is determined whether it is within the range (S340). In step S340, when the usage content acquisition unit 110 of the support server 10 first acquires the usage content from the PC 30 via the shopping server 40, the usage content determination unit 230 of the support server 10 acquires the usage content acquisition unit 110 from the PC 30. The usage range stored in the usage range storage unit 220 in association with the card identification information is read. Next, the usage content determination unit 230 determines whether or not the usage content acquired from the PC 30 is within the read usage range.

  For example, as shown in FIG. 6, when the information processing terminal identification information “27.40.62, XX” and the upper limit amount “300,000 yen” are set as the usage range for the card identification information “123XXX”. When the usage content determination unit 230 acquires the information processing terminal identification information “27.40.62, XX” and the amount “500,000 yen” as the usage content from the PC 30, the usage content determination unit 230 determines that the usage content is the upper limit amount. Is judged to be out of the use range, and a message to that effect is output.

  In step S340, when the usage content determination unit 230 determines that the current usage content is within the usage range, the usage content acquisition unit 110 approves the shopping server 40 and the PC 30 in the same manner as in FIG. To the effect (S150, S160). On the other hand, when the use content determination unit 230 determines that the current use content is out of the use range, the support server 10 restricts the use to the shopping server 40 and the PC 30 as in the case of FIG. And a warning are transmitted (S150, S160). When the card reader 32 is used instead of the PC 30 and the shopping server 40, the request in step S100 is transmitted to the support server 10, and steps S110 and S150 are omitted.

  As described above, according to the embodiment shown in FIGS. 1 and 5 to 7, the card 60 is illegally detected by detecting that the use of the card 60 outside the use range set by the authorized user 70 is detected. You can find out the possibility of being used. Further, the possibility of unauthorized use can be found more reliably regardless of whether the card 60 itself has been stolen or only the information on the card 60 has been stolen.

  FIG. 8 is a functional diagram showing functions of still another support server 14. The support server 14 illustrated in FIG. 8 detects the possibility that the card 60 is used illegally based on the fact that a plurality of pieces of card identification information are associated with the same use content. In FIG. 8, the same functions as those of the support server 10 of FIG. The support server 14 illustrated in FIG. 8 includes a usage content acquisition unit 110, a usage history storage unit 320, an identification information comparison unit 330, a usage restriction unit 140, and a warning transmission unit 150.

  The usage history storage unit 320 stores the usage history in association with the card identification information of the card 60. The usage contents stored in the usage history storage unit 320 will be described in detail with reference to FIG.

  The identification information comparison unit 330 reads the card identification information associated with the usage content corresponding to the request from the usage history storage unit 320. Further, the identification information comparison unit 330 compares the read card identification information with the card identification information acquired from the outside in response to the request by the use content acquisition unit. Output to warning transmitter 150.

  The recording medium 94 stores a program that causes the support server 14 to realize the functions of the usage content acquisition unit 110, the usage history storage unit 320, the identification information comparison unit 330, the usage restriction unit 140, and the warning transmission unit 150. The recording medium 94 may acquire the program via a network.

  FIG. 9 shows an example of usage content stored in the usage history storage unit 320. The usage history storage unit 320 stores the usage history in association with the card identification information of the card 60. In the example illustrated in FIG. 9, the usage history storage unit 320 stores the date and time and the information processing terminal identification information in association with the card identification information as the usage history. In this example, the use history storage unit 320 stores the IP address of the information processing terminal as information processing terminal identification information. However, the information processing terminal identification information is not limited to this, and the usage history storage unit 320 may acquire at least one of the individual identification information of the information processing terminal, the domain name, and the cookie as the information.

  The operation of the support system using the support server 14 shown in FIGS. 1 and 8 to 9 is different from the operation of the support system using the support server 10 shown in FIG. 4 in step S140. Therefore, hereinafter, the operation of step S140 in the support server 14 will be described, and description of other steps will be omitted.

  In step S <b> 140, the usage content acquisition unit 110 of the support server 10 acquires the usage content from the PC 30 via the shopping server 40 and passes it to the identification information comparison unit 330. The identification information comparison unit 330 compares the received usage content, for example, the information processing terminal identification information therein, with the same item of the usage content stored in the usage history storage unit 320. As a result, when the usage content delivered from the usage content acquisition unit 110 and the usage content stored in the usage history storage unit 320 match, the card identification information associated with the matched usage content is obtained. Compare. As a result, if the card identification information does not match, the fact is output.

  For example, a case will be described in which the identification information comparison unit 330 uses an IP address that is an example of information processing terminal identification information as usage content. In step S <b> 140, the identification information comparison unit 330 acquires the IP address of the PC 30, for example, “19.67.7.XX” from the usage content acquisition unit 110. The identification information comparison unit 330 compares the acquired IP address “19.67.7.XX” with the IP address stored in the usage history storage unit 320. As a result, when the matching IP address “19.67.7.XX” is found in the usage history storage unit 320 by the identification information comparison unit 330, the card identification number “789WWW” associated with the IP address is entered. Read from the usage history storage unit 320. The identification information comparison unit 330 compares the card identification information “123XXX” acquired from the usage content acquisition unit 110 with the card identification information “789WWW” read from the usage history storage unit 320, and outputs whether or not they match. To do. As shown in the example of FIG. 9 described above, when these pieces of card identification information do not match, a plurality of cards 60 are used using the same information processing terminal. It is presumed that the card 60 is obtained and used by an illegal means, and the possibility that the card 60 is used illegally can be found. Further, the possibility of unauthorized use can be found more reliably regardless of whether the card 60 itself has been stolen or only the information on the card 60 has been stolen.

  In addition, the example of the comparison in the identification information comparison part 330 is not restricted to the said form. As another example, the identification information comparison unit 330 may compare the date and time in addition to the IP address as the usage content. In this case, the identification information comparison unit 330 uses the IP address stored in association with the date and time of a certain range, for example, the same day and the same month, for the date and time when the use of the card 60 is newly requested. Also good. Further, when two or more different numbers of different card identification information are stored in the usage history storage unit 320 for the matching IP addresses, the identification information comparison unit 330 outputs that fact. Also good.

  The use restriction unit 140 and the warning transmission unit 150 that have received the fact that there is mismatched card identification information from the identification information comparison unit 330 are used for the PC 30 and the shopping server 40, respectively, similarly to steps S150 and S160 of FIG. And a warning is transmitted to the PC 30, the shopping server 40, and the portable terminal 50. In addition, the use restriction unit 140 that has received from the identification information comparison unit 330 that there is no mismatched card identification information accepts the purchase of a product from the PC 30.

  As is clear from the above description, according to the embodiment of the present invention, the possibility that the card 60 is illegally used can be found more reliably. In particular, regardless of whether the card 60 itself has been stolen or only the information on the card 60 has been stolen, the possibility of unauthorized use can be found more reliably.

  As mentioned above, although this invention was demonstrated using embodiment, the technical scope of this invention is not limited to the range as described in the said embodiment. It will be apparent to those skilled in the art that various modifications or improvements can be added to the above-described embodiment. It is apparent from the scope of the claims that the embodiments added with such changes or improvements can be included in the technical scope of the present invention.

1 is a configuration diagram of a support system using support servers 10, 12, and 14 according to an embodiment of the present invention. 4 is a functional diagram showing functions of the support server 10. FIG. An example of the usage content stored in the usage history storage unit 120 is shown. Operation | movement of the assistance system shown in FIGS. 1-3 is shown. It is a functional diagram which shows the function of the other support server 12. FIG. An example of the usage range stored in the usage range storage unit 220 is shown. The operation of the support system shown in FIGS. 1 and 5 to 6 is shown. FIG. 14 is a functional diagram showing functions of still another support server 14. An example of the usage content stored in the usage history storage unit 320 is shown.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 10 support server, 12 support server, 14 support server, 20 network, 30 PC, 32 card reader, 40 shopping server, 50 portable terminal, 60 card, 70 user, 90 recording medium, 92 recording medium, 94 recording medium, 110 Usage content acquisition unit, 120 Usage history storage unit, 130 Deviation degree calculation unit, 140 Usage restriction unit, 150 Warning transmission unit, 220 Usage range storage unit, 230 Usage content determination unit, 320 Usage history storage unit, 330 Identification information comparison Part

Claims (12)

A support server that helps prevent unauthorized use of cards,
When there is a request to use a card from the outside, a card content identifying unit for identifying the card and a usage content acquisition unit for acquiring the usage content indicating the content for using the card,
A usage history storage unit that stores a history of the usage content of the card in association with the card identification information of the card;
The usage content before the request stored in association with the card identification information corresponding to the request is read from the usage history storage unit, and the read usage content and the usage content acquisition unit correspond to the request. Then, a support server comprising a divergence degree calculation unit that calculates a divergence degree by comparing the content of use newly acquired from the outside. The external is an information processing terminal connected to the usage content acquisition unit via a network,
The support server according to claim 1, wherein the usage content acquisition unit acquires at least one of individual identification information, an IP address, a domain name, and a cookie of the information processing terminal as the usage content.   The support server according to claim 1, further comprising a use restriction unit that restricts use of the card when the divergence degree calculated by the divergence degree calculation unit is larger than a predetermined threshold.   The support server according to claim 3, wherein the use restriction unit restricts use of the card by prohibiting use of the card.   The support server according to claim 3, wherein the use restriction unit restricts use of the card by lowering a use limit of the card.   The apparatus according to claim 1, further comprising: a warning transmission unit that transmits a warning to the outside that has requested use of the card when the deviation degree calculated by the deviation degree calculation unit is larger than a predetermined threshold. The support server described.   Stores terminal identification information for identifying a portable terminal carried by a user of the card, and has the terminal identification information when the divergence degree calculated by the divergence degree calculation unit is larger than a predetermined threshold. The support server according to claim 1, further comprising a warning transmission unit that transmits a warning to the portable terminal. A support server that helps prevent unauthorized use of cards,
When there is a request to use a card from the outside, a card content identifying unit for identifying the card and a usage content acquisition unit for acquiring the usage content indicating the content for using the card,
A usage history storage unit that stores a history of the usage content of the card in association with the card identification information of the card;
The card identification information associated with the usage content corresponding to the request is read from the usage history storage unit, and the read card identification information and the usage content acquisition unit are acquired from the outside in response to the request. A support server comprising an identification information comparison unit that compares card identification information and outputs a message to the effect that they do not match. A support method to help prevent unauthorized use of cards,
When there is a request to use the card from the outside, the card identification information for identifying the card and the usage content indicating the content for using the card are obtained from the outside,
In association with the card identification information of the card, the usage history of the card is stored in a usage history storage unit,
The usage content before the request stored in association with the card identification information corresponding to the request is read from the usage history storage unit and newly acquired corresponding to the read usage content and the request. A support method for calculating a degree of divergence by comparing the content of use. A support method to help prevent unauthorized use of cards,
When there is a request to use a card from the outside, a card content identifying unit for identifying the card and a usage content acquisition unit for acquiring the usage content indicating the content for using the card,
In association with the card identification information of the card, the usage history of the card is stored in a usage history storage unit,
The card identification information associated with the usage content corresponding to the request is read from the usage history storage unit, and the read card identification information is compared with the card identification information acquired from the outside corresponding to the request And a support method for outputting a message to that effect if they do not match. A computer program for assisting in preventing unauthorized use of a card, the computer comprising:
A usage content acquisition function for acquiring, from the outside, card identification information for identifying the card and usage content indicating the content for using the card when there is a request to use the card from the outside.
A use history storage function for storing a history of the use contents of the card in association with the card identification information of the card; and
The usage content before the request stored in association with the card identification information corresponding to the request is read from the usage history storage function, and the read usage content and the usage content acquisition function correspond to the request. Then, a program that realizes a divergence degree calculation function that calculates a divergence degree by comparing the usage content newly acquired from the outside. A computer program that helps prevent unauthorized use of a card,
A usage content acquisition function for acquiring, from the outside, card identification information for identifying the card and usage content indicating the content for using the card when there is a request to use the card from the outside.
A use history storage function for storing a history of the use contents of the card in association with the card identification information of the card; and
The card identification information associated with the usage content corresponding to the request is read from the usage history storage function, and the read card identification information and the usage content acquisition function are acquired from the outside in response to the request. A program that realizes an identification information comparison function that compares card identification information and outputs information if the card identification information does not match.

Images