JP7195473B1 - Service providing device, service providing method, and program - Google Patents

Abstract

A service providing device, a service providing method, and a program capable of enhancing convenience are provided. Kind Code: A1 A service providing device for providing an electronic payment service, in which an information management unit sets up a user's account with at least a telephone number as an essential registration item, and manages registration information including the user's telephone number. and when the user requests a change of telephone number through a terminal device associated with a telephone number different from the telephone number registered in the registration information, a plurality of items presented to the user by the terminal device a number change authentication unit that acquires a plurality of pieces of confirmation information including a plurality of answers input by the user in response to the question of and determines whether a score based on the plurality of pieces of confirmation information is equal to or greater than a threshold; wherein the information management unit updates the registration information with a new telephone number related to the application when it is determined that the score is equal to or greater than a threshold. [Selection drawing] Fig. 4

Description

The present invention relates to a service providing device, a service providing method, and a program.

Traditionally, services that are provided at least in part over a network typically allow users to access the service by logging into an account. When logging in, it is required to enter a phone number, a login ID, a password, etc. (including cases where a browser or application stores information and automatically enters it). In particular, in services that handle money such as electronic payment services, the importance of authentication processing is high, and relatively high security authentication methods such as SMS authentication (see Patent Document 1) are adopted.

JP 2020-177392 A

By the way, when a user buys a new terminal device such as a smart phone or a tablet terminal, it becomes necessary to change the telephone number registered in the service. In the conventional technology, when changing a phone number online, it was sometimes necessary to apply for the change of the phone number while logging into the account using the terminal device before changing the phone number.

SUMMARY OF THE INVENTION The present invention has been made in consideration of such circumstances, and one of its objects is to provide a service providing apparatus, a service providing method, and a program that can improve the convenience of electronic payment services.

One aspect of the present invention is a service providing apparatus for providing an electronic payment service, which sets up a user's account with at least a telephone number as an essential registration item, and manages registration information including the user's telephone number. When the information management unit and the user apply to change the telephone number through a terminal device associated with a telephone number different from the telephone number registered in the registration information, the terminal device presents the change to the user. acquiring a plurality of confirmation information including a plurality of answers input by the user to the plurality of questions asked, and determining whether or not a score based on the plurality of confirmation information is equal to or greater than a threshold; and a section, wherein the information management section updates the registration information with a new telephone number related to the application when it is determined that the score is equal to or greater than a threshold.

ADVANTAGE OF THE INVENTION According to one aspect of the present invention, it is possible to provide a service providing device, a service providing method, and a program that can improve the convenience of electronic payment services.

1 is a diagram showing an example of a configuration for realizing an electronic payment service; FIG. 1 is a sequence diagram (1) illustrating a rough flow of electronic payment; FIG. FIG. 2 is a sequence diagram (part 2) exemplifying a rough flow of electronic payment; 2 is a configuration diagram of a settlement server 100; FIG. 4 is a diagram showing an example of contents of user information 172. FIG. 4 is a diagram showing an example of contents of member store/store information 176. FIG. FIG. 10 is a diagram showing the flow of telephone number change when the user does not have the old terminal at hand and has only the new terminal at hand. 3 is a diagram showing an example of a question presentation screen IM1 displayed on the user terminal device 10 by the payment application 20. FIG. FIG. 11 is a flow chart showing an example of the flow of processing by a number change authentication unit 128 according to the second embodiment; FIG. FIG. 11 is a configuration diagram of a settlement server 100A according to a third embodiment; FIG. 10 is a diagram for explaining the processing content of an adjustment unit 140; FIG.

Hereinafter, embodiments of a service providing apparatus, a service providing method, and a program according to the present invention will be described with reference to the drawings. A service providing device is realized by one or more processors. A service providing device is a device that provides an electronic payment service. In the following description, the service providing device will be referred to as a "settlement server". An electronic payment service is a service that cooperates with an application program (payment application) that is installed and operated on a user's terminal device to support payment related to the purchase of goods or services at a store. A store is, for example, a physical store (actual store) that exists in real space. In the electronic payment service, a store is treated as belonging to, for example, a member store (brand), and processing such as settlement when a purchase is made at the store is mainly performed between the user and the member store. Alternatively, processing such as settlement may be performed between the user and the store.

[Electronic payment service]
FIG. 1 is a diagram showing an example of a configuration for realizing an electronic payment service. An electronic payment service is implemented centering on the payment server 100 . The settlement server 100 communicates with, for example, one or more user terminal devices 10, one or more first store terminal devices 50, and one or more second store terminals 70 via the network NW. The network NW includes, for example, the Internet, a LAN (Local Area Network), wireless base stations, provider devices, and the like.

The user terminal device 10 is, for example, a portable terminal device such as a smart phone or a tablet terminal. The user terminal device 10 is a computer device having at least an optical reading function, a communication function, a display function, an input reception function, and a program execution function. In the following description, configurations for realizing these functions are respectively referred to as a camera, a communication device, a touch panel, a CPU (Central Processing Unit), and the like. In the user terminal device 10, the payment application 20 is executed by a processor such as a CPU, and operates in cooperation with the payment server 100 to provide electronic payment services to the user. The payment application 20 controls a camera, a communication device, a touch panel, and the like.

The first store terminal device 50 is installed, for example, in a store. The first store terminal device 50 is a computer device having at least a product price acquisition function, an optical reading function, a program execution function, and a communication function. The first store terminal device 50 includes a so-called POS (Point of Sale) device, and the POS device may realize the product price acquisition function and the optical reading function. The store code image 60 is placed in a store and is a code image such as a QR code (registered trademark) printed on a medium such as paper or plastic. Note that the store code image 60 may be displayed on a display placed in the store (a display of a terminal device such as a smart phone may be used).

The second store terminal device 70 is used by the member store operator. The second store terminal device 70 is a smart phone, a tablet terminal, a personal computer, or the like. A member store interface 72 operates on the second store terminal device 70 . The merchant interface 72 may be a merchant application or a browser. The member store interface 72 accepts coupon settings and the like from the member store operator and transmits them to the settlement server 100 . The second store terminal device 70, which is a smartphone, has a function of displaying a code image corresponding to the store code image and reading a code image displayed by the user terminal device 10 by executing an application for member stores. have.

The payment server 100 realizes electronic payment based on payment information received from the user terminal device 10 or the first shop terminal device 50 . The first store terminal device 50 may include a POS device and a member store server. In this case, payment information is transmitted from the POS device to the payment server 100 via the member store server. In the following explanation, it is assumed that the payment information is transmitted from the first store terminal device 50 without distinguishing between them. The payment server 100 performs electronic payment by, for example, decreasing the charge balance managed in association with the user ID and increasing the item value of the sales proceeds of the affiliated store. For example, the item value of the sales proceeds of the member store is not used as electronic money per se, but the amount corresponding to the item value of the sales proceeds is calculated in a cycle according to the agreement between the member store and the electronic payment service. transferred to a bank account. Electronic payment may include those that enable purchase of a larger amount than the charge balance at the time of purchase by methods such as revolving payment and credit payment.

2 and 3 are sequence diagrams illustrating the general flow of electronic payment. There may be two types of electronic payment: pattern 1 and pattern 2.

In the case of pattern 1 (hereinafter referred to as user scan) shown in FIG. 2, the user terminal device 10 with the payment application 20 activated decodes the shop code image 60 by the optical reading function (S1). The store code image 60 includes store URL (Uniform Resource Locator) information. The store URL is a domain of the electronic payment service to which information that can identify the store is added, and is associated with the member store ID, the store ID, and the like in the settlement server 100 (described later). The payment application 20 transmits the first payment information including the store URL and the account ID to the payment server 100 (S2). The payment server 100 retrieves store information (described later) from the member store ID and store ID corresponding to the store URL, acquires the member store name and store name information (S3), and transmits them to the settlement application 20 (S4). . The user inputs the settlement amount into the user terminal device 10 on the screen displaying the member store name and store name (S5). Then, the user terminal device 10 generates second payment information including at least the payment amount, and transmits the second payment information to the payment server 100 (S6). The payment server 100 completes electronic payment as described above based on the received second payment information (S7). The payment server 100 then transmits a payment completion notification (information for displaying a payment completion screen) to the payment application 20 (S8), and the payment application 20 displays the payment completion screen (S9). When the store code image 60 is displayed on a display placed in a store, the store code image 60 may include not only the store URL but also the payment amount information. In this case, the procedure for the user to input the settlement amount is omitted, and the information of the settlement amount is included in the first settlement information and transmitted to the settlement server 100 . Information on the name of the member store and the name of the store may be included and displayed on the payment completion screen.

In the case of pattern 2 (hereinafter referred to as store scan) shown in FIG. 3, the payment application 20 sends a one-time code issue request to the settlement server 100 (S11). The payment server 100 generates a one-time code (S12) and transmits it to the payment application 20 (S13). The payment application 20 displays a code image such as a QR code or barcode generated based on the one-time code (S14). The user holds up (presents) the display surface of the user terminal device 10 to the first shop terminal device 50, and the first shop terminal device 50 decodes the code image by the optical reading function and acquires the one-time code ( S15). The first store terminal device 50 then generates payment information including the one-time code, payment amount, member store ID, store ID, etc., and transmits the payment information to the payment server 100 (S16). The information on the payment amount is acquired in advance by reading a bar code, manually inputting it, or the like. The payment server 100 identifies the user corresponding to the one-time code based on the received information, and completes the electronic payment as described above (S17). The payment server 100 then transmits a payment completion notification to the payment application 20 (S18), and the payment application 20 displays a payment completion screen (S19).

It should be noted that electronic payment may be performed using only one of the above patterns. Also, the "account ID" described in FIG. 2 may be other information (such as a telephone number) that can be used as user identification information. Alternatively, the issuance of the one-time code may be omitted in the store scan, and the payment application 20 may display a code image generated based on the user's account ID. In that case, the settlement server 100 identifies the user corresponding to the account ID instead of identifying the user corresponding to the one-time code.

<First embodiment>
[Settlement server]
FIG. 4 is a configuration diagram of the settlement server 100. As shown in FIG. The payment server 100 includes, for example, a communication unit 110, a login status management unit 120, a payment content providing unit 122, a payment processing unit 124, an SMS authentication unit 126, a number change authentication unit 128, and an information management unit 130. and a storage unit 170 . Components other than communication unit 110 and storage unit 170 are implemented by, for example, a hardware processor such as a CPU executing a program (software). Some or all of these components are hardware (circuit part; circuitry) or by cooperation of software and hardware. The program may be stored in advance in a storage device (a storage device with a non-transitory storage medium) such as a HDD (Hard Disk Drive) or flash memory, or may be stored in a removable storage such as a DVD or CD-ROM. It may be stored in a medium (non-transitory storage medium) and installed in the storage device by loading the storage medium into the drive device.

The storage unit 170 is an HDD, flash memory, RAM (Random Access Memory), or the like. The storage unit 170 may be a NAS (Network Attached Storage) device that can be accessed by the settlement server 100 via a network. The storage unit 170 stores information such as user information 172, payment content information 174, store information 176, and the like.

The communication unit 110 is a communication interface for connecting to the network NW. The communication unit 110 is, for example, a network card.

The login status management unit 120 manages the login status of each user. The login state management unit 120 assumes that the user has logged in when the user newly installs the payment application 20 and registers various information (at the time of new registration). Thereafter, the login status management unit 120 maintains the login status of the user as long as there is access from the same user terminal device 10 and no logout operation is performed. In new registration, the user enters at least a phone number and a password. When the user performs a logout operation using the user terminal device 10 and then performs a login operation again, the login state management unit 120 requests the user to enter a telephone number and a password. At this time, the login state management unit 120 determines whether or not the user terminal device 10 is the same as the previous one based on the hash value of the identification information of the OS. If so, the SMS authentication unit 126 is caused to perform SMS authentication. SMS authentication will be described later.

The payment content providing unit 122 has, for example, a function of a Web server, and provides the user terminal device 10 with information (contents) for displaying various screens of the electronic payment service, including the above-described payment completion screen. The payment content providing unit 122 appropriately reads necessary content from the payment content information 174 and provides it to the user terminal device 10 . The user terminal device 10 accepts various inputs from the user while the content is being reproduced by the payment application 20 , and transmits the above-described payment information and the like to the payment server 100 . The content based on the payment content information 174 includes content provided in a logged-in state and content provided in a non-logged-in state. In the content in the non-login state, the settlement server 100 provides various guidance information and accepts new registration and change of telephone number.

The payment processing unit 124 performs payment processing based on the payment information transmitted from the user terminal device 10 or the first shop terminal device 50 . The payment processing unit 124 performs payment processing while referring to the user information 172 .

FIG. 5 is a diagram showing an example of the contents of the user information 172. As shown in FIG. The user information 172 is an example of user registration information. The user information 172 includes, for example, an account ID (which may be omitted), a minimum required telephone number and password for new registration, an e-mail address, a user ID, name, address, date of birth, Information such as registration date, charge balance, bank account, credit card number, other service linkage information, radio wave authentication setting, carrier payment setting, chat friend list, charge history information, payment history information, chat history information, etc. It is. Information other than the telephone number, password, registration date, charge balance, charge history information, and settlement history information is arbitrary setting information. Hereinafter, a user instance (electronic settlement account) associated with these pieces of information will be referred to as an account. The registration date is the date when the user registers for the electronic payment service (the date when the account is created).

The charge balance is information indicating the balance of electronic money set by the user transferring money to the account in advance. Methods of remittance include remittance from an ATM (Automatic Teller Machine) of a designated trader (bank), remittance from a registered bank account, and the like. Each of the bank account and credit card number is information (account number, card number) of a bank account or credit card number that can deposit money into the electronic payment service. Other service cooperation information is a login ID or the like of another service that cooperates with the electronic payment service (for example, is operated by an operator belonging to the same business group). Radio wave authentication setting is setting information when performing authentication by communication with a specific communication carrier. The carrier payment setting is setting information for transferring at least part of the payment using the electronic payment service to payment to the communication carrier. The chat friend list is a list of other users who are chat partners in the chat function provided by the electronic payment service. The charge history information is a history of the user's advance remittance to the electronic payment service to increase the charge balance. The payment history information is information indicating details of payments made by the user (date and time, shop ID of the shop where the purchase was made, payment amount, etc.) for each payment. The chat history information is a history of the contents of chats conducted by users.

Store information is managed as member store/store information 176 . FIG. 6 is a diagram showing an example of the contents of the member store/store information 176. As shown in FIG. The member store/store information 176 includes, for example, a first table 176A in which store URLs are associated with member store IDs and store IDs, and member store names and sales proceeds (described above) are associated with member store IDs. and a third table 176C in which store IDs are associated with store IDs. The member store/store information 176 may include, in addition to this information, information such as the category of the member store or store, the location of the store, and the payment pattern.

The SMS authentication unit 126 performs SMS authentication. SMS authentication involves sending a short message using a phone number including a one-time password to the user terminal device 10, prompting the user to enter the one-time password into the user terminal device 10, This authentication method confirms that the telephone number belongs to the user by confirming whether the one-time password sent to the settlement server 100 is correct. As described above, the SMS authentication unit 126 performs SMS authentication when a user terminal device 10 different from the already recognized user terminal device 10 makes a login request using the same telephone number.

When a user requests a change of telephone number through the user terminal device 10 associated with a telephone number different from the telephone number registered in the user information 172, the number change authentication unit 128 confirms the telephone number. Perform authentication processing when changing. In addition, when a change of telephone number is requested through the user terminal device 10 associated with the telephone number registered in the user information 172 (that is, the old user terminal device 10 before the number change), only SMS authentication is required. Phone number changes are accepted.

Based on the information acquired from the user terminal device 10, the information management unit 130 creates a new record of the user information 172 and updates each data item in the created record.

[Change phone number]
The operation of the settlement server 100 when the user attempts to change the telephone number in the user information 172 will be described below. Hereinafter, the user terminal device 10 associated with the telephone number before change is abbreviated as "old terminal", and the user terminal device 10 associated with the telephone number after change is abbreviated as "new terminal".

When a request to change the telephone number is made through the user terminal device 10 associated with a telephone number different from the telephone number registered in the user information 172, the conventional method requires the user to enter a form. The phone number change was approved after the operator's offline processing, etc. Such techniques are time consuming and may be perceived as cumbersome by users.

Therefore, in order to improve the convenience of the electronic payment service, the number change authentication unit 128 of the present invention performs processing to enable online phone number change in a non-login state, as described below. The reason why the term "non-login state" is used is that since it is impossible to log in with a new terminal before the telephone number is changed, it is inevitably in the non-login state.

A number change authentication unit 128 acquires a plurality of pieces of confirmation information including a plurality of answers input by the user in response to a plurality of questions presented to the user by the user terminal device 10, and based on the plurality of pieces of confirmation information Determine whether the score is equal to or greater than the threshold. Confirmation information may include only multiple answers, or may include other information. In the first embodiment, it is assumed that confirmation information includes only multiple answers.

FIG. 7 is a diagram showing the flow of telephone number change when the user does not have the old terminal at hand and has only the new terminal at hand. First, the user inputs the old telephone number to the new terminal in the non-login state and applies for a change of the telephone number (S21). The payment application 20 of the new terminal transmits the input information to the payment server 100 (S22). The number change authentication unit 128 confirms that the old telephone number is registered in the user information 172 (S23). The new phone number is included in the application for changing the phone number. If the old telephone number is not registered in the user information 172, subsequent processing is stopped. In that case, an error message is displayed on the payment application 20, and measures such as requesting reapplication from the beginning are taken.

When it is confirmed that the old telephone number is registered in the user information 172, the SMS authentication section 126 performs SMS authentication. The order of SMS authentication and authentication by number change authentication unit 128 may be reversed. First, the SMS authentication unit 126 generates an SMS authentication code, and includes it in a short message using the new phone number related to the application and transmits it (S24). The user inputs the SMS authentication code written in the short message to the payment application 20 (S25). The settlement application 20 transmits the entered SMS authentication code to the settlement server 100 (S26). The SMS authentication unit 126 confirms that the returned SMS authentication code is correct (S27). If the returned SMS authentication code is incorrect, subsequent processing is stopped. In that case, the process returns to S23, or an error message is displayed on the payment application 20 to request that the application be redone from the beginning. The processes of S24 to S27 may be executed after the process of S32 or after the process of S33, or may be omitted.

Next, number change authentication unit 128 performs authentication based on the confirmation information. First, the number change authentication unit 128 provides content including a plurality of questions to the new terminal via the payment content providing unit 122, and causes the payment application 20 to display the content (S28). Note that the content including the plurality of questions may be embedded in the payment application 20, in which case the processing of S28 may be autonomously performed by the payment application 20. The user answers the questions by inputting multiple answers to the multiple questions to the payment application 20 (S29). The payment application 20 transmits the information of the multiple answers input by the user to the payment server 100 (S30).

The number change authentication unit 128 calculates scores for a plurality of answers (S31), and confirms that the scores are equal to or greater than the threshold (S32). In other words, number change authentication unit 128 determines whether the score is equal to or greater than the threshold. Scores and thresholds will be described later. If the score is less than the threshold, an error message is displayed on the payment application 20, and measures such as requesting re-application from the beginning are taken.

When it is confirmed that the score is equal to or higher than the threshold, the information management section 130 changes the phone number of the account in the user information 172 to the new phone number related to the application (S33).

When the above processing is completed, the information management unit 130 (or the payment content providing unit 122) transmits a change completion notice indicating that the change of the telephone number has been completed to the payment application 20 (S34). This will allow you to log into your account using your new phone number.

[question]
Questions presented to the user will be described below. At least some of the questions ask about the contents of the user information 172, for example. Also, at least part of the plurality of questions may ask for the authentication code #2 sent to the e-mail address when the user information 172 includes the e-mail address. Also, at least part of the plurality of questions may relate to the usage history of the electronic payment service.

FIG. 8 is a diagram showing an example of a question presentation screen IM1 displayed on the user terminal device 10 by the payment application 20. As shown in FIG. The question presentation screen IM1 includes areas A1 to A10 for answering a predetermined number (eg, 10) of questions. Each area is provided with a question expansion switch SW1, and the details of the question are displayed by operating the expansion switch SW1. Multiple questions, for example, password, e-mail verification code, credit card brand and last 4 digits, bank account number last 2 digits, user ID, user's date of birth, new registration date for electronic payment service (account new registration date), charge balance (current balance), any one date and amount of payment history, and any one date and amount of charge history information. The e-mail verification code question asks for a code sent to the entered e-mail address, but instead may simply ask for the e-mail address.

Here, the plurality of questions may include a group of questions that must be answered correctly as a set (all questions answered correctly). In this case, if only part of the question group is correct, the number-change authentication unit 128 does not add the correct answer to the score. For example, although not shown in FIG. 7, if a question includes a name, the score may not be added unless both the name and date of birth are correct. An address, etc., may also be included.

[Score]
The number-change authentication unit 128 calculates the score Sc1, for example, using a score (weight) set in advance for each answer. Formula (1) is an example of a formula for calculating the score Sc1. where k is the question (answer) identifier, x _k is the answer to the kth question, and n is the number of questions. f(x _k ) is, for example, a function that returns 1 if the answer is correct, and zero or a negative value if the answer is incorrect. α _k is a score (weight) preset for the k-th question (answer). That is, the score Sc1 is obtained by totaling the scores set for individual questions (answers) for the correct answers (confirmation information). For example, highly confidential questions (answers) such as passwords, credit card questions, and bank account questions receive high scores, while relatively easy-to-know information such as birth dates receive low scores. is preset. In this way, scores (weights) are set in advance according to the importance of questions (answers). Then, number change authentication section 128 determines whether or not score Sc1 is equal to or greater than threshold Th1, and outputs the determination result to information management section 130 . The information management unit 130 approves the change of the telephone number when it is determined that the score Sc1 is equal to or greater than the threshold Th1. As a result, it is possible to maintain a high probability that the user who has changed the phone number is the user who has been using the account.

Sc1=Σ _k=1 ⁿ {α _k ×f(x _k )} (1)

[Delete some information]
In parallel with (or immediately before) the processing of S33 in FIG. Part of the information to be deleted is different from the old phone number, such as name, address, date of birth, bank account, credit card number, other service ID login setting, radio wave authentication setting, carrier payment setting. , chat friend list, and chat history information. In addition, there may be other information to be deleted. “Delete” may mean physically erasing, or it may mean that a deletion flag is set so that it is no longer referenced (logically deleted). In either case, the deleted information is no longer referenced by the user. Regarding old phone numbers, they may be physically deleted, or a deletion flag may be set so that they are no longer referenced (logically deleted). phone number” may be left in the user information 172.

The reason why part of the user information 172 is deleted in this way is that if the strength of the authentication by the number change authentication unit 128 is too strict, it will not be possible to smoothly change the telephone number. This is because it must be set to a level that does not If an unauthorized user (impersonating user) illegally acquires the information of a legitimate user and applies for a phone number change, the application by the unauthorized user completes the phone number change. there is a possibility. Here, although there are generally few users who always hold a large amount of charge balance, it may be possible to deposit a large amount from a bank account. If an unauthorized user takes over the bank account information, it may become possible to charge a large amount of money to increase the charge balance and then cash it in some form. Therefore, in the settlement server 100 of the present invention, the change of the telephone number may be approved after deleting a part of the information that is undesirable to be handed over to an unauthorized user. In addition, bank accounts, credit card numbers, carrier payment settings, etc. are concerned about direct monetary loss, but other information that will be deleted will be deleted from the perspective of personal information protection. may be included. By inputting the deleted information into the payment application 20 again, the user can register the same information as before or newly changed information in his or her own account.

In this case, after confirming that the process of deleting part of the information has been completed, the information management unit 130 changes the phone number of the account in the user information 172 to the new phone number related to the application. "Confirming that the deletion process has been completed" means, for example, when the storage unit 170 is an external database, receiving a deletion completion notice from the database management system that manages the external database. When the information management unit 130 directly rewrites the user information 172, it may be determined that "the completion of the deletion process is confirmed" when the verify process, the parity check, and the like are completed.

According to the first embodiment described above, when a user requests a change of telephone number through the user terminal device 10 associated with a telephone number different from the telephone number registered in the user information 172 acquire a plurality of confirmation information including a plurality of answers input by the user to a plurality of questions presented to the user through the user terminal device 10, and determine whether a score based on the plurality of confirmation information is equal to or higher than a threshold; If it is determined that the score is equal to or higher than the threshold, the user information 172 is updated with the new telephone number related to the application. As a result, it is possible to smoothly change the telephone number while maintaining the probability that the user is legitimate without inputting forms or responding to operators. As a result, the convenience of the electronic payment service can be enhanced.

<Second embodiment>
A second embodiment will be described below. In the first embodiment, the confirmation information is mainly an answer to the question presented to the user, but in the second embodiment, other information is included. In the second embodiment, the confirmation information includes, in addition to the answers to the questions, the user's face photograph or its characteristic information, the environment information of the user terminal device 10 obtained through the payment application 20, and the Includes some or all of the information obtained by requesting a predetermined action on the user's account. The environmental information includes some or all of OS settings, terminal settings, and location information.

The number-change authentication unit 128 determines whether or not the user's facial photograph or its characteristic information is similar to the facial photograph or its characteristics acquired in advance and stored in the storage unit 170 or the like, and determines that they are similar. In that case, the user's face photo or its feature information shall be valid. As for the method of determining whether or not the image data of the facial photographs or the feature information thereof are similar, since various methods are already known, the description thereof will be omitted. For example, it may be determined that the images are similar if they match as a result of affine transformation or trimming. You may make a decision by

Information that can be obtained by offline requesting another user to take a prescribed action on the user's account, for example, if the user who wants to change the phone number is a user of another electronic payment service As a result of requesting remittance of a predetermined amount (for example, about 10 yen) or sending a predetermined message by means other than electronic payment services such as telephone, face-to-face, e-mail, etc., payment to the user's account and message reception This is information indicating that there was The number change authentication unit 128 notifies the other user of the content to be requested to the other user, and when confirmation information of the notified content is obtained, the confirmation information is regarded as valid. Similarly, when confirmation information other than the above is acquired, number change authentication unit 128 determines whether or not the confirmation information is valid.

The number change authentication unit 128 calculates a score Sc2 using, for example, a score (weight) preset for each answer and a score (weight) preset for each confirmation item. . Formula (2) is an example of a formula for calculating the score Sc2. where k is the question (answer) identifier, x _k is the answer to the kth question, and n is the number of questions. f(x _k ) is, for example, a function that returns 1 if the answer is correct, and zero or a negative value if the answer is incorrect. α _k is a score (weight) preset for the k-th question (answer). Also, q is an identifier of a confirmation item, yq is the _q -th confirmation item, and m is the number of confirmation items. g(y _q ) is a function that returns 1 if the check is valid and 0 if it is incorrect. β _q is a preset score (weight) for the q-th confirmation item. In other words, the score Sc2 is obtained by summing the points set for individual questions (answers) for the answers that were correct, and adding the points set for each individual confirmation item It is the sum of the confirmation information and the sum of them. As with the coefficient α _k , the coefficient β _q is also preset with a high score for highly confidential information and a low score for information that can be easily known by others. Then, number change authentication section 128 determines whether or not score Sc2 is equal to or greater than threshold Th2, and outputs the determination result to information management section 130 . The information management unit 130 approves the change of the telephone number when it is determined that the score Sc2 is equal to or greater than the threshold Th2.

Sc2=Σ _k=1 ⁿ {α _k ×f(x _k )}+Σ _q=1 ^m {β _q ×g(y _k )} (2)

If a specific item out of the OS setting and terminal setting (OS setting and/or terminal setting) of the user terminal device 10 has a specific setting, the number change authentication unit 128 deducts points from the score Sc2, Alternatively, the telephone number change may be rejected. A specific setting is a setting frequently observed in the user terminal device 10 when an unauthorized account is obtained. The specific setting information is extracted in advance by referring to a database that collects the history of unauthorized account acquisition, and is stored in the storage unit 170 or the like. The number change authentication unit 128 refers to this and performs the above process.

Regarding the position information of the user terminal device 10, the setting of the position information is not necessarily turned on, and if it is turned off, it is necessary for the user to turn it on by an operation. In this regard, if the user is urged to turn on the location information setting at the time of applying for the phone number change, the user may feel resistance. Therefore, if the score Sc2 is lower than the threshold Th2 but is equal to or higher than a threshold Th3 (an example of a prescribed value) that is slightly lower than the threshold Th2 (for example, about 80% of the threshold Th2), the number change authentication unit 128 , to notify the user (to the user terminal device 10) to turn on the location information setting. At this time, the number change authentication unit 128 may also notify the user of information indicating that the user wants to confirm the position information because the score required to approve the change of the telephone number is slightly insufficient. By doing so, the user's sense of resistance to the operation can be reduced.

If the acquired location information matches the location information and/or address (if registered) acquired prior to the telephone number change application, number change authentication unit 128 scores Sc2. may be considered to be equal to or greater than the threshold Th2. "The position information matches" may mean, for example, that the mode is within a predetermined range (for example, within a range of about several tens [m]), or limited to when sleeping (nighttime). It may mean that the mode is within a predetermined range, or it may be determined based on other criteria. Such a mechanism may be applied to the first embodiment. In this case, the score Sc1 is lower than the threshold Th1, but the score Sc1 is slightly lower than the threshold Th1 (for example, about 80% of the threshold Th1). ) If the score Sc1 is equal to or greater than the threshold Th4 (another example of the prescribed value), the score Sc1 is considered to be equal to or greater than the threshold Th1.

FIG. 9 is a flowchart showing an example of the flow of processing by the authentication unit 128 upon number change according to the second embodiment described above. The processing of this flowchart is started when an application for changing the telephone number is accepted in a non-login state.

First, number change authentication unit 128 acquires the above-described various types of confirmation information (S40), calculates score Sc2 (S41), and determines whether score Sc2 is equal to or greater than threshold Th2 (S42).

When it is determined that the score Sc2 is equal to or greater than the threshold Th2, the number change authentication unit 128 determines whether or not a specific item of the OS setting and terminal setting of the user terminal device 10 is set to a specific setting. (S43). If a specific item out of the OS setting and terminal setting of the user terminal device 10 is not set to a specific setting, the number change authentication unit 128 sends information to the information management unit 130 to the effect that the change of the telephone number is approved. (S44). If a specific item out of the OS setting and terminal setting of the user terminal device 10 is set to a specific setting, the number change authentication unit 128 sends information to the information management unit 130 to the effect that the change of the telephone number is rejected. (S49).

When determining that the score Sc2 is not equal to or greater than the threshold Th2, the number-change authentication unit 128 determines whether or not the score Sc2 is equal to or greater than the threshold Th3 (S45). If the score Sc2 is less than the threshold Th3, the number change authentication unit 128 outputs information to the information management unit 130 to the effect that the change of the telephone number is rejected (S49).

If the score Sc2 is equal to or greater than the threshold Th3, the number change authentication unit 128 notifies the user to turn on the location information (S46). Note that if the location information of the user terminal device 10 is already on, the process of step S46 is skipped. Next, number change authentication unit 128 determines whether or not position information has been obtained (S47). If the location information cannot be obtained due to a timeout or the like, the number change authentication unit 128 outputs information to the information management unit 130 to the effect that the change of the telephone number is rejected (S49).

When the location information is obtained, the number change authentication unit 128 determines whether or not the obtained location information matches the location information and address of the phone number before the change (S48). If the obtained location information matches the location information and address of the telephone number before the change, the number change authentication unit 128 proceeds to S43, and if not, proceeds to S49.

According to the second embodiment described above, in addition to the same effect as the first embodiment, a wider range of confirmation information is used to determine whether or not to approve the change of the telephone number. can be further improved. In addition, by rejecting an application from a user terminal device 10 that has the same OS setting or terminal setting as the setting that was often observed in the user terminal device 10 when an unauthorized account was obtained, legitimate use can be prevented. can protect users from fraudulent account acquisition. In addition, since the timing for prompting the user to turn on the position information is devised as described above, it is possible to reduce the user's sense of resistance to the operation.

<Third Embodiment>
A third embodiment will be described below. FIG. 10 is a configuration diagram of a payment server 100A according to the third embodiment. The settlement server 100A further includes an adjustment unit 140 as compared with the first embodiment or the second embodiment. The adjustment unit 140 performs machine learning using the response status to a plurality of questions, the success or failure of changing the telephone number, and the degree of occurrence of risk events as a learning data set, and performs the threshold Th1 or the score α set for each question. Adjust _k and the threshold Th1. In the following description, adjuster 140 adjusts score α _k and threshold Th1. First, after starting operation with the mechanism of the first embodiment, the state of responses from users who are trying to change their phone number is acquired, and furthermore, fraudulent flags are set for samples that were found to have acquired fraudulent accounts through post-investigation. give it. Then, the score α _k that minimizes the degree of risk expression within a range in which the success rate of changing the telephone number when the score α _k and the threshold Th1 are applied to the answer information of a plurality of users is equal to or higher than the target value. and the threshold Th1. FIG. 11 is a diagram for explaining the processing contents of the adjustment unit 140. As shown in FIG. As shown in the figure, by setting a certain α _k , calculating the score Sc1 for each user response situation, and comparing it with the threshold Th1, information indicating the success or failure of changing the telephone number of each user can be obtained. . By aggregating these, the success rate of telephone number change is calculated. On the other hand, since a fraudulent flag is set for users whose accounts were obtained fraudulently, by counting the number of users who have successfully changed their phone numbers and who have been flagged as fraudulent accounts, number (an example of the degree of occurrence of risk events) is calculated. The adjusting unit 140 adjusts the score α _k and the threshold Th1 by back propagation so as to minimize the degree of risk manifestation within a range in which the success rate of telephone number change is equal to or higher than the target value. Such a mechanism can be applied in the same way when only the threshold value Th1 is adjusted, and can also be applied to the second embodiment. In the latter case, the adjustment unit 140 sets the threshold Th2 or each question by machine learning using the response status to a plurality of questions, the success or failure of changing the telephone number, and the degree of occurrence of the risk event as a learning data set. Adjust the obtained scores α _k , β _q , and the threshold Th2.

When adjusting the score or the threshold value in this way, the adjusting unit 140 may request the operator's approval operation as a final judgment.

According to the third embodiment described above, when the score or threshold does not match the actual situation (too strict or too loose), the score or threshold can be corrected to an appropriate value. This makes it possible to realize a smoother telephone number change.

As described above, the mode for carrying out the present invention has been described using the embodiments, but the present invention is not limited to such embodiments at all, and various modifications and replacements can be made without departing from the scope of the present invention. can be added.

10 User terminal device 20 Payment application 50 Store terminal device 60 Store code image 100 Settlement server 120 Login state management unit 122 Settlement content providing unit 124 Settlement processing unit 126 SMS authentication unit 128 Number change authentication unit 130 Information management unit 140 Adjustment unit 170 storage unit 172 user information 174 payment content information

Claims (19)

A service providing device for providing an electronic payment service,
an information management unit that sets up a user's account with at least a phone number as an essential registration item, and manages registration information including the user's phone number;
When the user requests a change of telephone number through a terminal device associated with a telephone number different from the telephone number registered in the registration information, content including a plurality of questions is provided to the terminal device. obtaining , from the terminal device , a plurality of confirmation information including a plurality of answers input by the user into the terminal device in response to a plurality of questions presented to the user by the terminal device; A number change authentication unit that determines whether a score based on is equal to or greater than a threshold;
with
The information management unit updates the registration information with a new phone number related to the application when it is determined that the score is equal to or greater than a threshold.
Service provider. A service providing device for providing an electronic payment service,
an information management unit that sets up a user's account with at least a phone number as an essential registration item, and manages registration information including the user's phone number;
When the user requests a change of telephone number through a terminal device associated with a telephone number different from the telephone number registered in the registration information, an application program installed in the terminal device is stored in advance. a plurality of pieces of confirmation information, including a plurality of answers, input into the terminal device by the user in response to the plurality of questions presented to the user by the terminal device based on the plurality of questions that the terminal device receives ; a number-change-time authentication unit that acquires from and determines whether a score based on the plurality of confirmation information is equal to or greater than a threshold;
with
The information management unit updates the registration information with a new phone number related to the application when it is determined that the score is equal to or greater than a threshold.
Service provider. The number change authentication unit calculates the score using a score set in advance for each of the plurality of confirmation information.
3. The service providing device according to claim 1 or 2 . at least some of the plurality of questions ask about the content of the registration information;
3. The service providing device according to claim 1 or 2 . at least some of the plurality of questions relate to the usage history of the electronic payment service;
3. The service providing device according to claim 1 or 2 . At least part of the plurality of questions asks for an authentication code sent to the email address when the registration information includes the email address.
3. The service providing device according to claim 1 or 2 . the plurality of questions includes a set of questions that must be answered correctly;
If only part of the question group is correct, the number change authentication unit does not add the correct answer to the score.
3. The service providing device according to claim 1 or 2 . The plurality of confirmation information includes the user's face photo or feature information of the user's face photo,
The number change authentication unit determines whether or not the user's facial photograph or characteristic information of the user's facial photograph matches pre-registered information, and if they match, adds a predetermined value to the score. add
3. The service providing device according to claim 1 or 2 . The service providing device provides the electronic payment service in cooperation with an application program running on the terminal device,
The plurality of confirmation information includes environment information of the terminal device obtained through the application program,
3. The service providing device according to claim 1 or 2 . The environment information of the terminal device includes either OA settings or terminal settings,
10. The service providing device according to claim 9 . The environment information of the terminal device includes location information,
10. The service providing device according to claim 9 . If the score is less than the threshold and is equal to or greater than a specified value lower than the threshold, the number change authentication unit notifies the user to turn on the location information setting.
12. The service providing device according to claim 11 . Further comprising an adjustment unit that adjusts the threshold by machine learning using the response status to the plurality of questions, the success or failure of changing the telephone number, and the degree of occurrence of the risk event as a learning data set,
3. The service providing device according to claim 1 or 2 . An adjustment unit that adjusts the scores and the thresholds by machine learning using the answer status to the plurality of questions, the success or failure of changing the telephone number, and the degree of occurrence of the risk event as a learning data set,
4. The service providing device according to claim 3 . The plurality of confirmation information includes information obtained by offline requesting another user to perform a predetermined action on the user's account,
3. The service providing device according to claim 1 or 2 . When updating the registration information with a new phone number related to the application, the information management unit deletes at least a part of the registration information that is different from the registered phone number.
3. The service providing device according to claim 1 or 2 . An SMS authentication unit that performs SMS (Short Message Service) authentication using a telephone number for the terminal device used by the user,
The SMS authentication unit performs the SMS authentication when a login request using the same telephone number is made from a terminal device different from the terminal device that has already been recognized.
3. The service providing device according to claim 1 or 2 . A service providing device that provides an electronic payment service,
Set up a user's account with at least a phone number as a mandatory registration item, manage registration information including the user's phone number,
When the user requests a change of telephone number through a terminal device associated with a telephone number different from the telephone number registered in the registration information, content including a plurality of questions is provided to the terminal device. obtaining from the terminal device a plurality of pieces of confirmation information including a plurality of answers input by the user into the terminal device in response to a plurality of questions presented to the user by the terminal device; Determine whether the score based on is greater than or equal to the threshold,
updating the registration information with a new phone number related to the application when it is determined that the score is equal to or greater than a threshold;
How we provide our services. A service providing device that provides electronic payment services,
Setting up a user's account with at least a phone number as an essential registration item, and managing registration information including the user's phone number;
When the user requests a change of telephone number through a terminal device associated with a telephone number different from the telephone number registered in the registration information, content including a plurality of questions is provided to the terminal device. obtaining from the terminal device a plurality of pieces of confirmation information including a plurality of answers input by the user into the terminal device in response to a plurality of questions presented to the user by the terminal device; Determining whether the score based on is greater than or equal to the threshold;
Updating the registration information with a new phone number related to the application when the score is determined to be equal to or greater than a threshold;
program to run the

Images