TWI431539B - Online payment method and system (1) - Google Patents

Online payment method and system (1) Download PDF

Info

Publication number
TWI431539B
TWI431539B TW99101063A TW99101063A TWI431539B TW I431539 B TWI431539 B TW I431539B TW 99101063 A TW99101063 A TW 99101063A TW 99101063 A TW99101063 A TW 99101063A TW I431539 B TWI431539 B TW I431539B
Authority
TW
Taiwan
Prior art keywords
transaction
authentication
telephone number
telephone
online
Prior art date
Application number
TW99101063A
Other languages
Chinese (zh)
Other versions
TW201124921A (en
Original Assignee
Danal Taiwan Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Danal Taiwan Co Ltd filed Critical Danal Taiwan Co Ltd
Priority to TW99101063A priority Critical patent/TWI431539B/en
Publication of TW201124921A publication Critical patent/TW201124921A/en
Application granted granted Critical
Publication of TWI431539B publication Critical patent/TWI431539B/en

Links

Landscapes

  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Description

線上付款方法及系統(一)Online payment method and system (1)

本發明是有關於一種付款方法及系統,特別是指一種利用電話帳單來收取貨款之線上付款方法及系統。The present invention relates to a payment method and system, and more particularly to an online payment method and system for collecting payment by telephone bill.

隨著宅經濟的興起,商家紛紛設置網頁來提供實體商品或諸如線上遊戲之類的虛擬商品的銷售。目前線上商品的付款方式除線上刷卡、匯款、貨到付款外,還有提供利用電話帳單來收取交易費用的方式,如台灣第513651號發明專利『購物之電子付款方法』。然而,台灣第513651號需透過簡訊回覆確認,存在使用者需透過行動電話付款與安全性較差之疑慮。With the rise of the home economy, merchants have set up web pages to provide sales of physical goods or virtual goods such as online games. At present, online payment methods, in addition to online credit card, remittance, cash on delivery, and the use of telephone bills to collect transaction fees, such as Taiwan's 513651 invention patent "shopping electronic payment method." However, Taiwan No. 513651 needs to reply through the newsletter to confirm that there are doubts that users need to pay by mobile phone and have poor security.

因此,申請人曾於台灣第I309392號發明專利『網路付款方法及系統』提出於數據網路初步驗證後提供一交易認證碼後,可利用家用電話或行動電話撥打一認證電話以輸入交易認證碼來再次驗證通過後始完成交易。Therefore, the applicant has proposed in Taiwan, No. I309392 invention patent "Internet payment method and system" to provide a transaction authentication code after preliminary verification of the data network, and can use a home phone or mobile phone to dial an authentication phone to enter the transaction authentication. After the code is verified again, the transaction is completed.

然而,金融詐欺情況時有所聞,先前電話付款方式難以預防蓄意的網路詐騙行為,例如誘騙他人撥打電話付款等行為的詐騙行為或以竊取他人電話頻繁進行消費的行為等等,而目前發展較成熟的信用卡之類的金融交易於收到交易授權要求時先進行交易風險評估再決定是否同意授權,以降低呆帳的產生機率。However, financial fraud has been a bit of a concern. Previous phone payment methods were difficult to prevent deliberate online scams, such as defrauding others to make phone calls, or stealing other people’s calls for frequent consumption. A financial transaction such as a mature credit card first evaluates the transaction risk when it receives the transaction authorization request and then decides whether to approve the authorization to reduce the chance of bad debts.

因此,本發明之一目的,即在提供一種更安全性的線上付款方法及系統。Accordingly, it is an object of the present invention to provide a more secure online payment method and system.

本發明之另一目的,即在提供一種能有效降低金融詐欺風險之線上付款方法及系統。Another object of the present invention is to provide an online payment method and system that can effectively reduce the risk of financial fraud.

本案發明人思及將交易風險評估整合至電話付款機制內,且將認證交易碼的傳送改用隱私性更高之電信網路,以利用三階段的認證方式,以確保安全更高與有效預防金融詐欺的發生。The inventor of this case thought of integrating the transaction risk assessment into the telephone payment mechanism, and changing the transmission of the authentication transaction code to a more flexible telecommunications network to take advantage of the three-stage authentication method to ensure safer and effective prevention. The occurrence of financial fraud.

於是,本發明線上交易付款方法,係包含以下步驟:Thus, the online transaction payment method of the present invention comprises the following steps:

(A)若經數據網路收到一電話號碼,認證該電話號碼是否通過一交易風險評估;(A) if a telephone number is received via the data network, verify that the telephone number passes a transaction risk assessment;

(B)若認證通過,經數據網路提供一認證電話號碼並要求經電信網路撥打該認證電話以取得交易認證碼回覆,若認證未通過則結束交易;(B) if the authentication is passed, an authentication telephone number is provided via the data network and the authentication telephone number is requested to be obtained by the telecommunication network to obtain a transaction authentication code reply, and if the authentication fails, the transaction is terminated;

(C)當該認證電話被接通時,認證撥打的該認證電話之電話號碼與前述接收的電話號碼相符,並於認證無誤時對應產生交易認證碼並以語音告知;及(C) when the authentication telephone is turned on, the telephone number of the authenticated telephone dialed by the authentication matches the previously received telephone number, and correspondingly generates a transaction authentication code and is notified by voice when the authentication is correct;

(D)若經數據網路收到該交易認證碼,認證該交易認證碼並於認證無誤時完成交易。(D) If the transaction authentication code is received via the data network, the transaction authentication code is authenticated and the transaction is completed when the authentication is correct.

再者,為確認使用者的身分,更可於經數據網路認證交易風險評估或經電信網路認證撥打的電話號碼時中的至少一者一併認證使用者專屬的身分識別資料,此身分識別資料可為使用者的身分證號碼或約定密碼或生日等等。Furthermore, in order to confirm the identity of the user, it is also possible to authenticate the user-specific identity identification data at least one of the data network authentication transaction risk assessment or the telephone number dialed by the telecommunications network authentication. The identification data may be the user's identity card number or the agreed password or birthday, and the like.

有關本發明之前述及其他技術內容、特點與功效,在以下配合參考圖式之兩個較佳實施例的詳細說明中,將可清楚的呈現。The above and other technical contents, features and advantages of the present invention will be apparent from the following detailed description of the preferred embodiments of the invention.

參閱圖1,本發明線上交易付款系統1係與網路商家2和電信業者3配合,讓使用者終端4可利用電話付款方式支付貨款。網路商家2可為諸如線上游戲網站或購物網站等等,而於網路商家2的網頁嵌入一可經數據網路連線至交易付款系統1的電話付款程式,以於使用者終端4選擇電話付款時即可對應產生一電話付款要求至線上交易付款系統1並連結至線上交易付款系統1以由線上交易付款系統1來進行付款與否的評估,而此電話付款要求含有使用者終端4已選定商品資訊,如商家、商品品項與金額。數據網路可為ADSL網路、數據專線、WiFi、WiMAX或行動電話系統的3G、3.5G與4G中的數據傳輸架構。Referring to Figure 1, the online transaction payment system 1 of the present invention cooperates with the Internet merchant 2 and the carrier 3 to allow the user terminal 4 to pay for the payment by telephone payment. The online merchant 2 can be, for example, an online game website or a shopping website, and the like, and a web payment program connected to the transaction payment system 1 via the data network is embedded in the webpage of the online merchant 2 for selection by the user terminal 4. When the telephone payment is made, a telephone payment request can be generated to the online transaction payment system 1 and linked to the online transaction payment system 1 for evaluation of payment by the online transaction payment system 1, and the telephone payment request includes the user terminal 4. Product information, such as merchants, merchandise items, and amounts, have been selected. The data network can be a data transmission architecture in 3G, 3.5G and 4G for ADSL networks, data lines, WiFi, WiMAX or mobile phone systems.

使用者終端4擁有可連線數據網路與電信網路的電子設備,為說明方便,本實施例中使用者終端4擁有一可連線數據網路以進行數據傳輸的終端設備41與一可連線電信網路的電話42(諸如家用電話或行動電話)為例來說明,當然,使用者終端4亦可利用其他電子設備來進行此電話付款,例如兼具連線數據網路與電信網路的智慧型行動電話,終端設備41可為此終端設備41可為桌上型電腦、可攜式電腦、個人數位助理機(PDA)、智慧型行動電話等等之類可連線數據網路的電子設備。The user terminal 4 has an electronic device capable of connecting the data network and the telecommunication network. For convenience of description, the user terminal 4 in the embodiment has a connectable data network for data transmission, and the terminal device 41 and the A telephone 42 (such as a home phone or a mobile phone) connected to the telecommunication network is taken as an example. Of course, the user terminal 4 can also use other electronic devices to make payment for the phone, for example, a wired data network and a telecommunication network. For the smart mobile phone of the road, the terminal device 41 can be a connectable data network such as a desktop computer, a portable computer, a personal digital assistant (PDA), a smart mobile phone, etc. for the terminal device 41. Electronic equipment.

線上交易付款系統1係由一伺服器來架構形成並可連線電信網路與數據網路。線上交易付款系統1大致具有一通訊單元11、一交易風險評估單元12、一驗證單元13、一帳務單元14、一使用者資料庫15、一交易資料庫16,以及一帳務資料庫17。The online transaction payment system 1 is formed by a server and can connect to the telecommunication network and the data network. The online transaction payment system 1 generally has a communication unit 11, a transaction risk assessment unit 12, a verification unit 13, a account unit 14, a user database 15, a transaction database 16, and a transaction database 17. .

通訊單元11用以連線網際網路與電信網路,以經網際網路或電信網路接收或傳送資料。通訊單元11儲存一組或多組專屬的認證電話號碼,此認證電話號碼係向電信業者所租用的電話號碼,以於此認證電話被撥打時可透過電信業者經電信網路撥接至通訊單元11。通訊單元11經網際網路或電信網路接收資料更會分別傳送至對應單元,如交易風險評估單元12、驗證單元13等等。The communication unit 11 is used to connect the internet and the telecommunication network to receive or transmit data via the internet or telecommunication network. The communication unit 11 stores one or more sets of exclusive authentication telephone numbers, which are telephone numbers rented by the carrier, so that the dialed telephone can be dialed to the communication unit via the telecommunication network when the authenticated telephone is dialed. 11. The communication unit 11 receives the data via the internet or telecommunication network and transmits the data to the corresponding unit, such as the transaction risk evaluation unit 12, the verification unit 13, and the like.

使用者資料庫15儲存各使用者終端4的用戶資料,各筆用戶資料含有一電信業者提供給使用者4使用之電話號碼及身分識別資料,身分識別資料可為使用者之身分證號碼或生日或約定密碼等等。The user database 15 stores the user data of each user terminal 4. Each user data contains a telephone number and identity identification data provided by the operator to the user 4, and the identity identification data can be the user's identity card number or birthday. Or agree on a password and so on.

交易資料庫16儲存相關交易資訊,含有每一次交易產生的交易中繼資料與因應每一次交易完成後所產生的交易紀錄。交易中繼資料含有交易認證碼、商品資訊與電話號碼等資料。各筆交易紀錄含有交易時間、身分識別資料、付款的電話號碼、商品資訊以及此次交易使用終端使用IP等等,以供交易風險評估單元12分析使用。The transaction database 16 stores relevant transaction information, including the transaction relay data generated by each transaction and the transaction records generated after each transaction is completed. The transaction relay data contains transaction authentication code, product information and telephone number. Each transaction record includes transaction time, identity identification data, payment phone number, product information, and IP usage of the transaction using the terminal, etc., for analysis and use by the transaction risk assessment unit 12.

帳款資料庫17儲存多數筆筆帳務資料,各筆帳務資料含有消費的商品資訊、電話號碼與用戶識別資料等等,以提供給電信業者3進行帳務請款與支付款用給網路商家2等用途。The account database 17 stores a plurality of pen account information, each account information contains consumer product information, telephone numbers and user identification data, etc., to be provided to the telecommunications operator 3 for account payment and payment for the network Road business 2 and other purposes.

交易風險評估單元12係於到收到一電話付款要求時,要求使用者終端4提供一電話號碼,而後依據此電話號碼與交易資料庫16內的歷史交易紀錄來進行交易風險評估。交易風險評估單元12依預建的預定規則來進行風險分析,此預定規則為先前金融詐欺時所分析的評估規則,例如與交易密集度過高、同一電話號碼於一定時間內被多個不同IP使用、同一個IP以一定時間內被多個不同電話號碼使用、此電話號碼於一定時間內累積消費金額過高等等。交易風險評估單元12評估風險高於預定值判斷為未通過,則結束交易。反之,若交易風險評估單元12評估通過,通知驗證單元13進行後續認證並將商品資訊與電話號碼整合於一筆交易中繼資料儲存於交易資料庫16,讓驗證單元13或帳務單元14使用。The transaction risk assessment unit 12 requests the user terminal 4 to provide a telephone number upon receipt of a telephone payment request, and then conducts a transaction risk assessment based on the telephone number and the historical transaction record in the transaction database 16. The transaction risk assessment unit 12 performs risk analysis according to a pre-built predetermined rule, which is an evaluation rule analyzed in the previous financial fraud, for example, the transaction density is too high, and the same phone number is used by a plurality of different IPs within a certain period of time. Use, the same IP is used by a number of different phone numbers in a certain period of time, the phone number is accumulated over a certain period of time, and so on. The transaction risk evaluation unit 12 determines that the risk is higher than the predetermined value and judges that it is not passed, and ends the transaction. On the other hand, if the transaction risk assessment unit 12 evaluates, the notification verification unit 13 performs subsequent authentication and integrates the product information and the telephone number into a transaction relay data stored in the transaction database 16 for use by the verification unit 13 or the accounting unit 14.

驗證單元13於收到交易風險評估單元12通知後繼續認證。驗證單元13先提供一要求使用者終端4以先前輸入電話號碼的電話撥打一認證電話以取得一交易認證碼來輸入的訊息,並提供一介面,可供使用者終端4輸入經認證電話所取得的交易認證碼。通訊單元11的認證電話經電信網路被椄通將以資料傳送至驗證單元13,驗證單元13先確認撥話端的電話號碼是否先前輸入電話號碼相符後,始對應產生一交易認證碼以語音回傳給使用者終端4,反之。若不相符,逕自結束交易。本實施例中交易認證碼為隨機產生的一次性密碼,而驗證單元13更會將此交易驗證碼整合於對應筆交易中繼資料內以待後續認證。The verification unit 13 continues the authentication upon receipt of the notification from the transaction risk assessment unit 12. The verification unit 13 first provides a message requesting the user terminal 4 to dial an authentication phone by using a phone number previously inputting the phone number to obtain a transaction authentication code, and provides an interface for the user terminal 4 to input the authenticated phone. Transaction authentication code. The authentication telephone of the communication unit 11 is transmitted to the verification unit 13 via the telecommunication network, and the verification unit 13 first confirms whether the telephone number of the dialing terminal matches the previously entered telephone number, and then generates a transaction authentication code to voice back. Passed to user terminal 4, and vice versa. If it does not match, the transaction ends. In this embodiment, the transaction authentication code is a randomly generated one-time password, and the verification unit 13 further integrates the transaction verification code into the corresponding transaction relay data for subsequent authentication.

再者,為增加安全性,驗證單元13於產生交易認證碼前,更會要求使用者終端4提供一身分識別資料,例如身分證號碼或約定密碼等等,來與使用者資料庫15對應使用者資料作驗證,以利用電話號碼與身分識別資料作雙重驗證通過後,始提供交易認證碼給使用者終端4讓輸入前述介面。驗證單元13於收到使用者終端4輸入的交易認證碼將與先前產生的交易認證碼作比對,並於相符時,通知帳務單元14並對應依交易中繼資料產生一筆新的交易紀錄儲存至交易資料庫16。Moreover, in order to increase the security, the verification unit 13 further requests the user terminal 4 to provide an identity identification material, such as an identity card number or an appointment password, etc., to use the user database 15 before generating the transaction authentication code. The data is verified, and after the double verification is performed by using the telephone number and the identity identification data, the transaction authentication code is provided to the user terminal 4 to input the interface. The verification unit 13 receives the transaction authentication code input by the user terminal 4 and compares it with the previously generated transaction authentication code, and when coincident, notifies the accounting unit 14 and generates a new transaction record according to the transaction relay data. Save to transaction database 16.

帳務單元14於收到驗證單元13的通知後,帳務單元14利用交易中繼資料對應形成一筆帳務資料,以提供給電信業者3進行帳務請款與支付款用給網路商家2,並告知網路商家2交易完成可提供使用者終端4購買的商品給使用者終端4。After receiving the notification from the verification unit 13, the account unit 14 uses the transaction relay data to form a piece of account information, so as to provide the telecommunication provider 3 with the account payment and payment for the online merchant 2 And informing the network merchant 2 that the transaction completion can provide the product purchased by the user terminal 4 to the user terminal 4.

依據上述架構,配合參閱圖4來介紹本實施例的線上交易付款系統1的執行流程。According to the above architecture, the execution flow of the online transaction payment system 1 of the present embodiment will be described with reference to FIG.

在以下說明中先假設,使用者終端4以終端設備41經數據網路瀏覽網路商家2並決定購買特定商品,如線上遊戲的點數、實體商品等等。此刻,網路商家2的網頁會對應顯示多種付款方式供用戶3選擇,其中一選項係電話付款選項。若此選項被點選,對應產生一電話付款要求至線上交易付款系統1並導引使用者終端4以終端設備41經數據網路連線至線上交易付款系統1,此電話付款要求含有已選定商品資訊。在以下實施例說明中並假設線上交易付款系統1的通訊單元11已自網路商家2收到此電話付款要求,而通訊單元11將電話付款要求傳送給交易風險評估單元12。In the following description, it is assumed that the user terminal 4 browses the network merchant 2 via the data network with the terminal device 41 and decides to purchase a specific item, such as points of online games, physical goods, and the like. At this moment, the webpage of the web merchant 2 will display a plurality of payment methods for the user 3 to select, one of which is a telephone payment option. If the option is clicked, a telephone payment request is generated to the online transaction payment system 1 and the user terminal 4 is directed to connect the terminal device 41 via the data network to the online transaction payment system 1. The telephone payment request includes the selected Product information. In the following description of the embodiment, it is assumed that the communication unit 11 of the online transaction payment system 1 has received the telephone payment request from the network merchant 2, and the communication unit 11 transmits the telephone payment request to the transaction risk evaluation unit 12.

首先,在步驟201中,交易風險評估單元12於線上服務網站2之網頁上對應顯示一介面(圖未示),以要求使用者終端4以終端設備41經數據網路輸入一預備作為以電話帳單付款的電話號碼,在此假設使用者終端4輸入為他的電話42的電話號碼。First, in step 201, the transaction risk assessment unit 12 displays an interface (not shown) on the webpage of the online service website 2 to request the user terminal 4 to input the preparation by the terminal device 41 via the data network. The telephone number of the bill payment, it is assumed here that the user terminal 4 inputs the telephone number of his telephone 42.

其次,在步驟201中,交易風險評估單元12將電話付款要求內的商品資訊與輸入電話號碼作為交易中繼資料儲存於交易資料庫16,並依此電話號碼與交易資料庫16內的歷史交易紀錄以預定規則來進行交易風險評估,並於評估未通過時,透過通訊單元11經通知網路商家2與使用者終端4評估未通過結束交易。反之,交易風險評估單元12評估通過時通知驗證單元13以繼續步驟203。Next, in step 201, the transaction risk assessment unit 12 stores the product information and the input telephone number in the telephone payment request as transaction relay data in the transaction database 16, and according to the historical transaction in the telephone number and transaction database 16 The record is subjected to a transaction risk assessment by a predetermined rule, and when the evaluation fails, the communication unit 11 notifies the network merchant 2 and the user terminal 4 that the transaction has not been completed. Conversely, the transaction risk assessment unit 12 evaluates the pass-time notification verification unit 13 to proceed to step 203.

在步驟203中,驗證單元13透過通訊單元11經數據網路以一介面(圖未示)於使用者終端4的終端設備41顯示以要求使用者終端4以先前輸入電話號碼之電話撥打一認證電話,來取得一交易認證碼再經網路網路回傳。此介面更提供一欄位以供使用者終端4輸入所取得的交易認證碼。此刻,驗證單元13更自交易資料庫16擷取對應交易中繼資料來供後續認證用並等待認證電話被接通。In step 203, the verification unit 13 displays through the data network via the data network to the terminal device 41 of the user terminal 4 via an interface (not shown) to request the user terminal 4 to dial an authentication with the phone that previously entered the phone number. Telephone, to obtain a transaction authentication code and then return via the network. The interface further provides a field for the user terminal 4 to input the obtained transaction authentication code. At this point, the verification unit 13 retrieves the corresponding transaction relay data from the transaction database 16 for subsequent authentication and waits for the authentication phone to be turned on.

而後在步驟204中,使用者終端4以電話42撥接驗證電話號碼以經電信網路接通至通訊單元11,則通訊單元11將此電話接通至驗證單元13。Then, in step 204, the user terminal 4 dials the verification telephone number with the telephone 42 to connect to the communication unit 11 via the telecommunication network, and the communication unit 11 connects the telephone to the verification unit 13.

當認證電話被接通時,驗證單元13先執行步驟205,利用交易中繼資料中的輸入的電話號碼來與撥話端的使用者終端4的電話號碼比對是否相符。若步驟205判斷相符,繼續執行步驟206。反之,若步驟205判斷不相符時,告知使用者終端4與網路商家2交易失敗的訊息並逕自結束交易。When the authentication telephone is turned on, the verification unit 13 first performs step 205 to determine whether the telephone number of the user terminal 4 of the dialing terminal matches the telephone number of the telephone in the transaction relay data. If the determination in step 205 is met, step 206 is continued. On the other hand, if the step 205 determines that the match does not match, the user terminal 4 is notified of the failure of the transaction with the online merchant 2 and the transaction is terminated.

在步驟206中,驗證單元13更要求使用者終端4提供身分識別資料,例如身分證號碼或約定密碼。其次,於步驟207中,驗證單元13將收到身分識別資料與使用者資料庫15內對應身分識別資料作比對,以確認資料正確性。In step 206, the verification unit 13 further requests the user terminal 4 to provide identity identification information, such as an identity card number or an appointment password. Next, in step 207, the verification unit 13 compares the received identity identification data with the corresponding identity identification data in the user database 15 to confirm the correctness of the data.

若步驟207判斷不相符時,驗證單元13累積錯誤次數並執行步驟211以判斷錯誤次數是否超過一預設值(例如3次)。若步驟211判斷為是時,驗證單元13回覆交易失敗的訊息予使用者終端4並中斷通話以結束交易。反之,若步驟211判斷為否時,驗證單元13跳回步驟206,以要求再次提供身分識別資料。If the step 207 judges that there is no match, the verification unit 13 accumulates the number of errors and performs step 211 to determine whether the number of errors exceeds a predetermined value (for example, three times). If the determination in step 211 is YES, the verification unit 13 replies to the message that the transaction has failed to the user terminal 4 and interrupts the call to end the transaction. On the other hand, if the determination in step 211 is negative, the verification unit 13 jumps back to step 206 to request that the identity identification material be provided again.

若步驟207判斷相符時,驗證單元13執行步驟208以對應產生一交易認證碼並以語音傳送至使用者終端4的電話42,更提醒使用者終端4回到線上交易付款系統1的網頁以輸入此交易認證碼。此刻,驗證單元13更將此交易認證碼整合於先前那筆交易中繼資料內並儲存至交易資料庫16,以等待使用者終端4回傳確認。If the determination in step 207 is met, the verification unit 13 performs step 208 to correspondingly generate a transaction authentication code and transmit the voice to the telephone 42 of the user terminal 4, and further reminds the user terminal 4 to return to the webpage of the online transaction payment system 1 for input. This transaction authentication code. At this point, the verification unit 13 further integrates the transaction authentication code into the previous transaction relay data and stores it in the transaction database 16 to wait for the user terminal 4 to return the confirmation.

而後,在步驟209中,驗證單元13確認經數據網路所接收來自使用者終端4的交易認證碼與先前產生交易認證碼是否相符。若步驟209判斷相符,通知帳務單元14,以完成交易。同樣的,若步驟209判斷未相符時,跳至步驟210先判斷錯誤次數是否超過一預設值(例如3次)。若步驟210判斷為否時,驗證單元13執行步驟212,以要求重新輸入交易認證碼後,跳回步驟209重新確認。反之,若步驟210判斷為是時,結束交易並告知網路商家2與使用者終端4交易失敗的訊息。Then, in step 209, the verification unit 13 confirms whether the transaction authentication code received from the user terminal 4 via the data network matches the previously generated transaction authentication code. If the determination in step 209 is met, the accounting unit 14 is notified to complete the transaction. Similarly, if the determination in step 209 is unsatisfactory, the process proceeds to step 210 to first determine whether the number of errors exceeds a predetermined value (for example, three times). If the determination in step 210 is no, the verification unit 13 performs step 212 to request to re-enter the transaction authentication code, and then jump back to step 209 to reconfirm. On the other hand, if the determination in step 210 is YES, the transaction is terminated and the message that the network merchant 2 fails to trade with the user terminal 4 is notified.

帳務單元14再收到驗證單元13交易成功的通知後,自交易資料庫16擷取交易中繼資料來對應形成一筆帳務資料,以提供給電信業者3進行帳務請款列入電話42的電話帳單以支付款用給網路商家2並告知網路商家2交易成功的訊息。After receiving the notification that the verification unit 13 is successful in the transaction, the account unit 14 retrieves the transaction relay data from the transaction database 16 to form a piece of account information, so as to provide the telecommunications provider 3 with the account request for inclusion in the telephone 42. The phone bill is used to pay the money to the online merchant 2 and inform the online merchant 2 that the transaction is successful.

如此,本實施例中透過三階段的認證,第一階段(步驟202)利用電話號碼進行交易風險評估,以降低金融詐欺發生的機會且讓損失可被維持在可控制範圍;而後於第二階段(步驟205)要求使用者終端4以輸入電話號碼撥打認證電話,以確認使用者終端4的輸入電話號碼的有效性,且經確認後始經電信網路提供交易認證密碼,因電信網路專線的特性,更能確保交易認證密碼傳輸的安全性,以降低他人有意竊取的機會;最後,於第三階段確認經數據網路回傳的交易認證密碼,以確保回覆的使用者終端4應是擁有此電話42在手邊,以提高交易安全性。同時,此三階段驗證交替使用數據網路與電信網路,更能確保交易安全性。再者,為確保使用者終端4的使用者確實為擁有此電話的真實使用者,於第二階段驗證除確認電話號碼的真偽外,更要求驗證身分識別資料(如步驟206~207),更可提高交易安全性。Thus, in this embodiment, through the three-stage authentication, the first stage (step 202) uses the telephone number to conduct a transaction risk assessment to reduce the chance of financial fraud and to allow the loss to be maintained within a controllable range; (Step 205) Requiring the user terminal 4 to dial the authentication phone by entering the phone number to confirm the validity of the input phone number of the user terminal 4, and after confirming, the transaction authentication password is provided via the telecommunication network, because the telecommunication network line The characteristics of the transaction authentication password transmission can be ensured to reduce the chance of others stealing. Finally, in the third stage, the transaction authentication password returned by the data network is confirmed to ensure that the replying user terminal 4 should be Have this phone 42 at hand to improve transaction security. At the same time, this three-stage verification uses data networks and telecommunication networks alternately to ensure transaction security. Furthermore, in order to ensure that the user of the user terminal 4 is indeed the real user who owns the phone, in the second stage, in addition to confirming the authenticity of the phone number, it is further required to verify the identity identification data (steps 206-207). It can also improve transaction security.

當然,此身分識別資料亦可於其他階段作認證,如圖3的第二實施例將身分識別資料改由第一階段認證。Of course, the identity identification data can also be authenticated at other stages. In the second embodiment of FIG. 3, the identity identification data is changed to the first stage certification.

在收到電話付款要求後,於步驟301中,交易風險評估單元12即要求使用者終端4提供電話號碼與身分識別資料,交易風險評估單元12先於步驟302確認此電話號碼是否可通過交易風險評估。若步驟302,判斷未通過結束交易。若步驟302風險評估單元12判斷通過,將商品資訊、此電話號碼與身分識別資料作為交易中繼資料儲存於交易資料庫16並通知驗證單元13,讓驗證單元13執行步驟303以進行身分識別資料確認。若步驟303判斷正確時,驗證單元13於步驟306中要求使用者終端4以步驟301輸入電話號碼之電話撥打一認證電話,以取得一交易認證碼,再經網路網路回傳。反之,若步驟303判斷錯誤時,驗證單元13亦透過步驟304、305、303來確認錯誤次數是否超過預設值,若未超過,要求使用者終端4重新輸入身分識別資料再確認,若超過亦結束交易。After receiving the telephone payment request, in step 301, the transaction risk assessment unit 12 requests the user terminal 4 to provide the telephone number and the identity identification information, and the transaction risk assessment unit 12 confirms in step 302 whether the telephone number can pass the transaction risk. Evaluation. If step 302, it is determined that the transaction has not been completed. If the risk assessment unit 12 determines in step 302, the product information, the phone number and the identity identification data are stored as transaction relay data in the transaction database 16 and notified to the verification unit 13, and the verification unit 13 executes step 303 to perform identity identification data. confirm. If the determination in step 303 is correct, the verification unit 13 requests the user terminal 4 to dial an authentication phone by entering the phone number in step 301 to obtain a transaction authentication code and then return it via the network. On the other hand, if the error is determined in step 303, the verification unit 13 also confirms whether the number of errors exceeds the preset value through steps 304, 305, and 303. If not, the user terminal 4 is required to re-enter the identity identification data and re-confirm. End the transaction.

而後進行第二階段的驗證,驗證單元13於步驟307中認證電話被接通後,以步驟308確認接通電話是否與先前輸入電話號碼相符,若未相符亦結束交易,若相符,則亦於步驟309產生交易認證碼並以語音經電信網路告知以等待使用者終端4經數據網路回傳;最後進行第三階段的驗證,驗證單元13透過步驟310~312以確認使用者終端4經數據網路回傳交易認證碼是否於未超過預設值的次數內輸入正確,若確認是驗證單元13通知帳務單元14完成交易以進行帳務處理,若確認超過亦結束交易。Then, the verification of the second stage is performed. After the authentication unit is turned on in step 307, the verification unit 13 confirms whether the connected telephone matches the previously input telephone number in step 308, and terminates the transaction if it does not match, if it matches, it also Step 309 generates a transaction authentication code and informs the voice through the telecommunication network to wait for the user terminal 4 to transmit back through the data network. Finally, the third stage of verification is performed, and the verification unit 13 confirms the user terminal 4 through steps 310-312. Whether the data network backhaul transaction authentication code is correctly input within the number of times that the preset value is not exceeded, if the confirmation is that the verification unit 13 notifies the accounting unit 14 to complete the transaction for accounting processing, and if the confirmation exceeds, the transaction is terminated.

綜上所述,本發明透過數據網路以電話號碼來進行交易風險評估,並經電信網路確認此電話號碼的有效性後始經電信網路以語音提供交易認證碼,讓用戶3可使用各種電話來付款,如家用電話,以達到更增加便利性之功效;最後,更透過網路網路確認回傳交易認證碼的正確性,以有效降低金融詐欺的風險與提高交易的安全性。In summary, the present invention conducts transaction risk assessment by telephone number through a data network, and after confirming the validity of the telephone number via the telecommunication network, the transaction authentication code is provided by voice over the telecommunication network, so that the user 3 can use Various telephones to pay, such as home phones, to achieve more convenience; finally, the correctness of the return transaction authentication code is confirmed through the Internet to effectively reduce the risk of financial fraud and improve the security of transactions.

惟以上所述者,僅為本發明之較佳實施例而已,當不能以此限定本發明實施之範圍,即大凡依本發明申請專利範圍及發明說明內容所作之簡單的等效變化與修飾,皆仍屬本發明專利涵蓋之範圍內。The above is only the preferred embodiment of the present invention, and the scope of the invention is not limited thereto, that is, the simple equivalent changes and modifications made by the scope of the invention and the description of the invention are All remain within the scope of the invention patent.

1...線上交易付款系統1. . . Online transaction payment system

11...通訊單元11. . . Communication unit

12...交易風險評估單元12. . . Transaction risk assessment unit

13...驗證單元13. . . Verification unit

14...帳務單元14. . . Accounting unit

15...使用者資料庫15. . . User database

16...交易資料庫16. . . Transaction database

17...帳務資料庫17. . . Accounting database

2...網路商家2. . . Online business

3...電信業者3. . . Telecommunications operator

4...使用者終端4. . . User terminal

41...終端設備41. . . Terminal Equipment

42...電話42. . . phone

201~212、301~312...步驟201~212, 301~312. . . step

圖1是本發明線上交易付款系統的較佳實施例;1 is a preferred embodiment of an online transaction payment system of the present invention;

圖2是本發明線上交易付款方法的一實施例的流程圖;以及2 is a flow chart of an embodiment of an online transaction payment method of the present invention;

圖3是本發明線上交易付款方法的另一實施例的流程圖。3 is a flow chart of another embodiment of the online transaction payment method of the present invention.

201~212...步驟201~212. . . step

Claims (12)

一種線上交易付款方法,包含:(A)若經數據網路收到一電話號碼,認證該電話號碼是否通過一交易風險評估;(B)若認證通過,提供一認證電話號碼並要求經電信網路撥打該認證電話以取得交易認證碼回覆,若認證未通過則結束交易;(C)當該認證電話被接通時,認證撥打的該認證電話之電話號碼與前述接收的電話號碼相符,並於認證無誤時對應產生並以語音告知交易認證碼;及(D)若經數據網路收到交易認證碼,認證該交易認證碼並認證無誤時完成交易。 An online transaction payment method comprising: (A) if a telephone number is received via the data network, whether the telephone number is authenticated by a transaction risk assessment; (B) if the authentication is passed, providing an authentication telephone number and requesting the telecommunications network The road dials the authentication phone to obtain the transaction authentication code reply, and terminates the transaction if the authentication fails; (C) when the authentication phone is connected, the telephone number of the authenticated telephone dialed by the authentication matches the received telephone number, and Corresponding to generate and notify the transaction authentication code by voice when the authentication is correct; and (D) if the transaction authentication code is received via the data network, the transaction authentication code is authenticated and the transaction is completed when the authentication is correct. 依據申請專利範圍第1項所述之線上交易付款方法,其中,更包含一於該步驟(A)之前更具有一步驟(E),若經數據網路收到一電話付款要求時,要求輸入一電話號碼。 According to the online transaction payment method described in claim 1, wherein the method further comprises a step (E) before the step (A), and if the data network receives a telephone payment request, the input is required. A phone number. 依據申請專利範圍第2項所述之線上交易付款方法,其中,在該步驟(C)中,當該認證電話被接通時,更要求提供一使用者專屬的身分識別資料以進行認證,並於該撥打的該認證電話之電話號碼與該身分識別資料驗證無誤始產生該交易認證碼。 According to the online transaction payment method described in claim 2, in the step (C), when the authentication phone is connected, it is further required to provide a user-specific identity identification data for authentication, and The transaction authentication code is generated when the telephone number of the authenticated telephone number dialed and the identity identification data are verified to be correct. 依據申請專利範圍第2項所述之線上交易付款方法,其中,在該步驟(E)中,更要求輸入一使用者專屬的身份識別資料,而該步驟(A)更認證該身分識別資料並於相符時始認證通過。 According to the online transaction payment method described in claim 2, in the step (E), it is further required to input a user-specific identification data, and the step (A) further authenticates the identity identification data. The certification is passed when it matches. 依據申請專利範圍第3或4項所述之線上交易付款方法,其中,該身分識別資料是一身分證號碼或一約定密碼。 The online transaction payment method according to claim 3 or 4, wherein the identity identification data is a personal identification number or an agreed password. 依據申請專利範圍第5項所述之線上交易付款方法,其中,該電話號碼係家用電話號碼或行動電話號碼。 The online transaction payment method according to claim 5, wherein the telephone number is a home phone number or a mobile phone number. 依據申請專利範圍第6項所述之線上交易付款方法,其中,該付款要求含有一具有金額的商品資訊,在該步驟(D)中,若驗證無誤時,將該金額列入該電話號碼之帳單。 According to the online transaction payment method described in claim 6, wherein the payment request includes a product information having an amount, and in the step (D), if the verification is correct, the amount is included in the telephone number. bill. 一種線上交易付款系統,包含:一交易資料庫,儲存多數筆因應每一次交易完成後所產生的交易紀錄,各筆交易紀錄含有交易時間、身分識別資料與付款的電話號碼;一通訊單元,係自一數據網路與一電信網路收發資料;一交易風險評估單元,經該通訊單元與數據網路收到來自一使用者終端的電話號碼時,依據該交易資料庫內的交易紀錄來確認該電話號碼是否通過一交易風險評估;一驗證單元,於該電話號碼通過前述交易風險評估時提供一認證電話號碼予該使用者終端並要求以前述提供電話號碼的電話撥打該認證電話以取得一交易認證碼,該驗證單元於該認證電話被接通時,更於確認撥打的該認證電話之電話號碼與前述接收的電話號碼相符時以語音告知交易認證碼,並該驗證單元於確認經數據網路回傳交易認證碼與語音告知交易認證碼相符時對應產生一交易完成訊息;以及一帳務單元,係於收到該交易完成訊息時進行帳務處理以完成交易。An online transaction payment system comprising: a transaction database storing a plurality of transaction records generated after each transaction is completed, each transaction record containing transaction time, identity identification information and payment telephone number; a communication unit Transmitting and receiving data from a data network and a telecommunications network; a transaction risk evaluation unit, after receiving the telephone number from a user terminal via the communication unit and the data network, confirming according to the transaction record in the transaction database Whether the phone number passes a transaction risk assessment; a verification unit provides an authentication phone number to the user terminal when the phone number passes the aforementioned transaction risk assessment and requests the phone to provide the phone number to obtain the phone number Transaction authentication code, the verification unit notifies the transaction authentication code by voice when the authentication telephone is turned on, and confirms that the telephone number of the authenticated telephone dialed matches the received telephone number, and the verification unit confirms the data. The network return transaction authentication code corresponds to the voice notification transaction authentication code. Health a transaction message; and an accounting unit, based on the received accounting for the transaction processing completion message to complete the transaction. 依據申請專利範圍第8項所述之線上交易付款系統,該驗證單元更於產生該交易完成訊息對應形成一筆交易紀錄以儲存至該交易資料庫。According to the online transaction payment system described in claim 8 of the patent application, the verification unit further forms a transaction record corresponding to the transaction completion message to be stored in the transaction database. 依據申請專利範圍第9項所述之線上交易付款系統,更包含一儲存使用者專屬的身分識別資料的使用者資料庫,該驗證單元更於要求輸入的身分識別資料與該使用者資料庫對應資料相符始產生交易認證碼。The online transaction payment system according to claim 9 further includes a user database for storing user-specific identity identification data, and the verification unit further corresponds to the identity identification data required to be input and the user database. The data matches to generate the transaction authentication code. 依據申請專利範圍第10項所述之線上交易付款系統,其中,該身分識別資料是一身分證號碼或一約定密碼。The online transaction payment system according to claim 10, wherein the identity identification data is a personal identification number or an agreed password. 依據申請專利範圍第11項所述之線上交易付款系統,其中,該電話號碼係家用電話號碼或行動電話號碼。The online transaction payment system according to claim 11, wherein the telephone number is a home phone number or a mobile phone number.
TW99101063A 2010-01-15 2010-01-15 Online payment method and system (1) TWI431539B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW99101063A TWI431539B (en) 2010-01-15 2010-01-15 Online payment method and system (1)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW99101063A TWI431539B (en) 2010-01-15 2010-01-15 Online payment method and system (1)

Publications (2)

Publication Number Publication Date
TW201124921A TW201124921A (en) 2011-07-16
TWI431539B true TWI431539B (en) 2014-03-21

Family

ID=45047276

Family Applications (1)

Application Number Title Priority Date Filing Date
TW99101063A TWI431539B (en) 2010-01-15 2010-01-15 Online payment method and system (1)

Country Status (1)

Country Link
TW (1) TWI431539B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109191110B (en) * 2018-07-27 2023-05-23 创新先进技术有限公司 Post-payment transaction data processing method, device, processing equipment and server

Also Published As

Publication number Publication date
TW201124921A (en) 2011-07-16

Similar Documents

Publication Publication Date Title
US10275760B2 (en) Method and apparatus for authorizing a payment via a remote device
KR100344114B1 (en) Method for approving electronic commerce using the short message service and system therefor
US20120179558A1 (en) System and Method for Enhancing Electronic Transactions
KR20070051817A (en) The credit card payment system without authorization using mobile commerce celluar phone in internet electronic commerce
KR20110029758A (en) The method of international payment service using mobile phone certification and the system thereof
KR20110099096A (en) Mobile barcode generation and payment
CN103729764A (en) Data transmission method and system based on biological characteristics
US20100211503A1 (en) Double Verified Transaction Device and Method
US20120197786A1 (en) Phone number payments for bill payments users
US20150088629A1 (en) System and methods for generating and providing offers to a user
CN101324941A (en) Payment method and system
JP4688744B2 (en) Settlement method and information processing system for settlement
KR20110107311A (en) A transaction system and mehod using mobile network, computer program therefor
CN103679437B (en) A kind of data processing method and system
JP2008243199A (en) Internet business security method
TWI431539B (en) Online payment method and system (1)
KR101537551B1 (en) Micropayment linkage based prepaid card payment assistive device and method
KR101152164B1 (en) System and method for immediate issuing mobile gift certificate
KR20050091203A (en) Credit payment processing method
KR20100013757A (en) System and method for settling cash by variety account connection and recording medium
JP2007334647A (en) Charge processing server, network system, purchase price processing method and charge processing program
TWI559238B (en) Universal stored value card trading system
TW201124922A (en) Online payment method and system.
JP2002298023A5 (en) Settlement method, information processing system for settlement and mobile information terminal
JP2002032572A (en) Authentication system, authentication method and settlement system