WO1996007150A1 - A method and apparatus for verifying a transaction - Google Patents

A method and apparatus for verifying a transaction

Info

Publication number
WO1996007150A1
WO1996007150A1 PCT/AU1995/000344 AU9500344W WO1996007150A1 WO 1996007150 A1 WO1996007150 A1 WO 1996007150A1 AU 9500344 W AU9500344 W AU 9500344W WO 1996007150 A1 WO1996007150 A1 WO 1996007150A1
Authority
WO
Grant status
Application
Patent type
Prior art keywords
transaction
person
data
signature
card
Prior art date
Application number
PCT/AU1995/000344
Other languages
French (fr)
Inventor
Edward Tapanes
Original Assignee
Securecard Technology Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual entry or exit registers
    • G07C9/00007Access-control involving the use of a pass
    • G07C9/00031Access-control involving the use of a pass in combination with an identity-check of the pass-holder
    • G07C9/00071Access-control involving the use of a pass in combination with an identity-check of the pass-holder by means of personal physical data, e.g. characteristic facial curves, hand geometry, voice spectrum, fingerprints
    • G07C9/00079Access-control involving the use of a pass in combination with an identity-check of the pass-holder by means of personal physical data, e.g. characteristic facial curves, hand geometry, voice spectrum, fingerprints visually
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual entry or exit registers
    • G07C9/00007Access-control involving the use of a pass
    • G07C9/00031Access-control involving the use of a pass in combination with an identity-check of the pass-holder
    • G07C9/00047Access-control involving the use of a pass in combination with an identity-check of the pass-holder by means of the handwritten signature of the pass-holder
    • G07C9/00055Access-control involving the use of a pass in combination with an identity-check of the pass-holder by means of the handwritten signature of the pass-holder visually, e.g. by comparing in a viewer the written signature with a reference on the pass
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data

Abstract

A method and apparatus for verifying a transaction are disclosed in which a credit card is processed by a processor (20) and information relating to the transaction is keyed into a key pad (26). The information on the card and transaction is fed by a link (40) to a central computer (10) where data relating to the person owning the card is stored. That data such as photographic data, signature data or the like is transmitted from the computer (10) over the communication link (40) to the processor (20) where the information is displayed on a screen (24) so that a visual record of the person making the transaction or the person's signature is displayed for a vendor. The vendor then makes a comparison between the picture displayed on the screen (24) and the person to verify the authenticity of the person or compares the signature with the signature specimen provided by the person at the time of purchase.

Description

/07150 PC1 AU95/00344

- 1 - A METHOD AND APPARATUS FOR VERIFYING A TRANSACTION

This invention relates to a method and apparatus for verifying a transaction and in particular to a method of overcoming credit card fraud and devices formed for that purpose.

Credit card fraud is growing rapidly at an alarming rate. Increasingly, sophisticated scamsters are coming up with a bewildering variety of ploys to fool card holders and card issuers . Some of the worst abuses involve counterfeit cards. Credit cards have so many different designs, and counterfeit cards are such close replicas of genuine plastic, that it is almost impossible for a store clerk to tell whether a particular card is legitimate. Even the holograms on the front of cards, introduced in 1985 to make cards harder to copy are ineffective - they were copied within a year. Experts estimate card fraud in the USA ran close to $1 billion in 1993, up from $864 million in 1992. [Holland, K., Business Week, Issue 3354, pp. 68-69, 17 January 1994]. One credit card company's losses from counterfeiting reached at least $113 million of its total $395 million in worldwide fraud losses in 1993. another company's counterfeit losses were roughly $160 million. All consumers indirectly pay for fraud because the issuers pass along the cost in the form of higher interest rates and annual fees.

The vulnerability of existing cards rests largely with the magnetic strip on the back of the card that includes encoded key account data. Counterfeiters can re-encode valid account information into the strip of a stolen card and use the card to get cash advances or purchase thousands of dollars worth of easily resaleable merchandise. Magnetic stripe fraud exploded in the Southeast Asia region in 1990. Well organised and highly sophisticated gangs are blamed for much of the Asian fraud activity. Law enforcement efforts in Southeast Asia have been complicated by merchants who often cooperate with gang members . [Rosen, A.G., Credit Card Management, Vol. 3, Issue 11, pp. 82-87, February 1991]

The credit cards used by plastic criminals fall into several categories. Cards can be lost, stolen from their owners, never received by the legitimate cardholder, obtained by forgers who make false applications or simply made by counterfeiters. The most popular type of credit card fraud is committed with cards reported lost or stolen. In the UK, in 1991, more than $330 million was stolen in credit card fraud through theft of cards, up 35% from the previous year. [Banking World, Vol. 10, Issue 6, p. d29, 32, June, 1992] Plastic cards are most commonly stolen from cars, handbags, offices, the mail and homes and are passed-on by thieves to a controller who supplies a network of criminals.

Losses to credit card crime cost Canadian issuers of various credit card companies $50 million during fiscal year 1991. This was an increase of more than 50% over fraud losses sustained for the same period in 1990. [Ballard, M. , Canadian Banker, Vol. 99, Issue 1, pp. 35-37, January/February, 1991]

Credit card fraud is an easy route for criminals to take for many reasons. The economic rewards for credit card fraud far outweigh the risks of apprehension since no effective system is in place to identify, apprehend and manage the prosecution of offenders. Concerted efforts are underway by banks, credit card associations, credit bureaus, independent organisations and technology vendors to reduce the problem of credit card fraud. Some of the new technologies presently being developed include: [Punch, L., Credit Card Management, Vol. 5, Issue 12, pp. 20-24, March, 1993] * A large card fraud problem is the theft of credit cards before they ever reach the cardholder. To combat this type of fraud, a number of banks are now using credit card activation, where cards are mailed that cannot be activated until the intended user calls and provides proof of identity.

* Watermarks which permanently embed an encrypted numerical code inside the card's magnetic stripe.

* Biometrics, in which a device at the point of sale electronically scans a customer's retina, fingerprint, voice or signature and matches it to data encoded on the card.

* A liquid crystal display which the customer signs instead of a paper receipt and sophisticated software, incorporating neural networks, used to compare the signed signature with the signature stored in the card memory. [Libbey and Giesen, Credit Card Management, Vol. 4, Issue 9, pp. 76- 81, December 1991]

* In 1992, Citibank (USA) began a campaign to issue bank cards with photographs of the cardholder imprinted on the card. [Arend, M., ABA Banking Journal, Vol. 85, Issue 9, pp. 91-98, September, 1993]

* "Smart cards" which are credit card sized plastic cards containing a microprocessor and memory chips capable of storing relatively large amounts of data. [Bright, J., Telecommunications, Issue 2, p. 30, 75-76, February, 1992] Smart cards are expected to replace conventional credit cards by the year 2000. [Stewart, T.A., Fortune, Vol. 128, Issue 7, p. 162, Autumn, 1993] Smart cards have much greater security, information storage and processing capacity than the common magnetic stripe card. Information, such as signature patterns, fingerprints and/or retinal patterns, can be stored in the cards and used to verify cardholder identification. A $200 million project involving 20 million smart cards is being trialed in France. [Bright, J., Telecommunications, Issue 3, p. 63-68, March

1990]

The smart card technology is currently considered by many banks and financial institutions worldwide as the next generation of credit card because of the significantly more secure data storage and transmission, its vast memory capacity, the reduced communications cost and more convenient bank transactions. However, disadvantages include the cost of the cards (they are essentially a mini¬ computer) and associated terminals, the loss of the credit float available with credit cards, consumer problems, lack of standards and the potential for breakdown. In addition, it is still possible that the sophisticated counterfeit gangs will develop technologies to copy or alter smart cards. Experience has shown that counterfeiters are generally not thwarted for long periods by new technologies alone. Furthermore, smart card technology further complicates or removes any responsibility by the retailer to verify the identification of the card user. Smart card technology is also vulnerable to hardware and software hackers and software viruses all of which are a major problem with this type of technology. Indeed, smart cards already in the market place were successfully attacked by hackers within weeks of issue forcing withdrawal of the cards. The invention disclosed in this provisional application overcomes these problems and limitations. The object of the invention is to provide a method and apparatus which overcome the above problems .

The invention may be said to reside in a method of verifying a transaction, including the steps of: receiving information relating to the transaction from a remote location; processing the information; transmitting data relating to the entity making the transaction to the remote location to identify the entity so that a vendor at the remote location can make an assessment at the remote location as to whether to approve the transaction.

According to the present invention, when a person makes a financial transaction, such as purchasing a product from a shop or the like, the person's credit card is swiped through a terminal including a card reader or information from the card is otherwise fed into the terminal so that the information is transmitted to a credit card company, bank or the like. Loaded into the computer at the credit card company, bank or the like is the data relating to the user of the credit card such as a digital signal representing a photograph, a signature or the like. That data is transmitted back to the remote location so that an image of the person can appear on a display screen at the remote location so that the vendor can immediately look at the image and the person making the transaction to verify they are one and the same. If so, the transaction can be approved by the vendor. Other data such as the perso 's signature, finger print or other information to identify the person can be stored in the bank's computer and transmitted to the remote location to provide a means of identifying the person concerned. Thus, according to the present invention the responsibility for final verification rests with the vendor based on the information which is transmitted to the vendor. In the preferred embodiment of the invention, the data relates to an image of the entity (which is displayed on a screen) so that the vendor can make a comparison between the image displayed on the screen and the entity for verification purposes.

In another embodiment, the data transmitted may relate to the person's signature so that the vendor can view the recorded signature in the bank's computer with the signature made by the entity. In this embodiment of the invention the signature would not appear on the credit card to prevent fraud by a counterfeiter merely signing the signature as it appears on the card.

In other embodiments, other data relating to personal attributes of the entity can be transmitted for visual comparison by the vendor and between the information and the entity.

The invention may also be said to reside in apparatus for verifying a transaction, including: transmitting means for transmitting information relating to the transaction from a remote location; and display means for receiving data from the remote location to identify the entity so that a vendor at the remote location can make a comparison between the data displayed on the display means and the entity to enable assessment at the remote location as to whether to approve the transaction.

A preferred embodiment of the invention will be described, by way of example, with reference to Figure 1 which shows the preferred form of the invention.

The invention will be exemplified with reference to Figure 1 in conjunction with a financial transaction such as that which occurs when a person buys a product from a shop by means of a credit card or direct debit from a bank account. However, it should also be understood that other types of transactions such as entry into secured premises or the like are also within the scope of the invention and the reference to transaction is intended to include such situations. Similarly, the reference to a vendor is intended to cover situations where a person is selling a product and/or a person is responsible for admittance or the like into secured premises, areas or countries.

The preferred embodiment of the present invention is used with a conventional credit card which includes a magnetic strip upon which information is recorded. The information is equivalent to that which is now recorded on conventional credit cards or on cards which are used for electronic teller type banking or purchase of products. When such a card is issued, the issuing authority whether it be a credit card company, bank or the like obtains information on application from the person seeking the card. The information can include data relating to the person's signature or photographic information of the person or other personal data which can be used to identify the person on a visual comparison. The photograph, or signature specimen or the like is digitally scanned and the digital data is stored in the bank's computer 10 along with the account details which can be accessed by use of the card. Of course, if the data stored in the computer relates to the signature of the person, then the signature is not intended to appear on the credit card and the card would now have a signature strip on it. If the information is other than a signature, then the signature can optionally appear on the credit card if desired.

Located at a vendor's premises such as a shop or the like is a terminal 20 which includes a slot 22 through which a credit card can be swiped to read the credit card, a video or LCD display screen 24 and a key pad 26. When a person makes a purchase at the shop, the vendor swipes the person's credit card through the slot 22 so that the information on the card is read. The information includes account details and the like which are transmitted to computer 10 via a transmission link 40. The transmission link 40 can comprise a telephone network, fibre optic cables, microwave transmission system or the like.

The vendor also inserts price information and the like into the key pad 26 so that information together with the information on the credit card is transmitted over the transmission link 40. The computer 10 can make an initial assessment as to whether the amount of money to be authorised or spent is within the credit limits of the person concerned and if so can make a preliminary authorisation relating to the credit required.

An interface 50 is provided between the processor 20 and computer 10 to prevent fraudulent access to the computer 10. The interface 50 is identical to conventional interfaces which are already in existence to protect data stored in banking computers, financial institution computers and the like.

When the information from the card is received by the computer 10, the computer processes the information and obtains the data relating to that card which is associated with the person making the purchase. As mentioned above, the data can be a digital signal representing photographic information, signature information or the like. The data is transmitted back over the transmission link 40 to the terminal 20 where the information is displayed on the screen 24. The information may include picture information so that an image of the person is displayed on the screen 24 so that the vendor can merely inspect the person and the image displayed on the screen 24 and make an assessment as to whether they are one and the same. If so, the vendor can choose to authorise the transaction and hand over the goods to the person. If the vendor is not satisfied that the person displayed in the screen 24 is the person making that purchase, then the vendor can refuse the transaction.

Instead of transmitting image data of the person, the computer 10 could have a recorded facsimile of the person's signature and signature data can be transmitted over the link 40 so an image of the signature is displayed on the screen 24. The person making the purchase can then be asked to sign a sales docket or the like so that a comparison between the signature and the signature displayed on the screen 24 can be made for authenticity. In this aspect of the invention the credit card, of course, would not include a place for the person's signature to prevent fraudulent use of the card by a person merely copying the signature when asked to sign.

In other embodiments, other personal information relating to the appearance of the person can be transmitted so that the vendor is able to make an assessment between the image displayed on the screen 24 and the person making the purchase to enable final authorisation of the transaction.

A personal identification number or other suitable form of identity and a credit card activation procedure may also be used in this technique to implement further security means.

The preferred embodiment of the invention offers the foilowing advantages: the technique uses existing and cost-effective technologies, making it immediately im lementable; changes to exiting cards and institution computer data base systems are minimal, making the system compatible with existing cards and systems; stolen or lost cards could not be used since data relating to the user is already stored in the computer and therefore use by any other person would immediately be seen upon display of the relevant information on the screen 24 when a purchase is being made; no personal or confidential information is stored on the card, thus cards cannot be tampered with nor the data in the institution computer data base system compromised.

The vendor has a greater degree of responsibility in card verification and therefore would be more accountable than at present.

Since modifications within the spirit and scope of the invention may readily be effected by persons skilled within the art, it is to be understood that this invention is not limited to the particular embodiment described by way of example hereinabove.

Claims

THE CLAIMS DEFINING THE INVENTION ARE AS FOLLOWS:
1. A method of verifying a transaction, including the steps of: receiving information relating to the transaction from a remote location; processing the information; transmitting data relating to the entity making the transaction to the remote location to identify the entity so that a vendor at the remote location can make an assessment at the remote location as to whether to approve the transaction.
2. The method of claim 1, wherein the data relates to an image of the entity or a signature specimen of the entity and the method includes displaying an image of the entity or the signature specimen on a screen.
3. Apparatus for verifying a transaction, including: transmitting means for transmitting information relating to the transaction from a remote location; and display means for receiving data from the remote location to identify the entity so that a vendor at the remote location can make a comparison between the data displayed on the display means and the entity to enable assessment at the remote location as to whether to approve the transaction.
4. The apparatus of claim 3, wherein the transmitting means is a terminal having a card reader, a key pad and a display screen.
PCT/AU1995/000344 1994-08-29 1995-06-09 A method and apparatus for verifying a transaction WO1996007150A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
AUPM770294 1994-08-29
AUPM7702 1994-08-29

Publications (1)

Publication Number Publication Date
WO1996007150A1 true true WO1996007150A1 (en) 1996-03-07

Family

ID=3782223

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU1995/000344 WO1996007150A1 (en) 1994-08-29 1995-06-09 A method and apparatus for verifying a transaction

Country Status (1)

Country Link
WO (1) WO1996007150A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2385186A (en) * 2002-02-07 2003-08-13 Hewlett Packard Co User identification in electronic financial transactions
EP1482443A1 (en) * 2002-03-04 2004-12-01 Sony Corporation Authentication system, authentication method, authentication medium manufacturing device, and authentication terminal device
DE102004059608A1 (en) * 2004-12-10 2006-06-14 Skidata Ag Access control system

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2557328A1 (en) * 1983-12-26 1985-06-28 Logivision Device for control of access to premises subject to surveillance
US4617457A (en) * 1983-12-19 1986-10-14 Ncr Corporation Teller-assisted, customer-operated ATM document cashing system
EP0219853A2 (en) * 1985-10-21 1987-04-29 Omron Tateisi Electronics Co. Signature identification system
DE3721170A1 (en) * 1986-06-28 1988-01-14 Toshiba Kawasaki Kk Portable storage medium
FR2606188A1 (en) * 1986-11-03 1988-05-06 Cornille Jean Louis Clipcard with photo of the holder incorporated in memory
EP0334616A2 (en) * 1988-03-21 1989-09-27 Leighton, Frank T. Method and system for personal identification
FR2652664A1 (en) * 1989-10-03 1991-04-05 Guessous Ahmed Portable device for visual recognition with electronic display pattern
WO1992003804A1 (en) * 1990-08-14 1992-03-05 John Mclean & Sons (Electrical) Dingwall Ltd Document security system
EP0517405A2 (en) * 1991-05-30 1992-12-09 Ncr International Inc. Signature verification method

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4617457A (en) * 1983-12-19 1986-10-14 Ncr Corporation Teller-assisted, customer-operated ATM document cashing system
FR2557328A1 (en) * 1983-12-26 1985-06-28 Logivision Device for control of access to premises subject to surveillance
EP0219853A2 (en) * 1985-10-21 1987-04-29 Omron Tateisi Electronics Co. Signature identification system
DE3721170A1 (en) * 1986-06-28 1988-01-14 Toshiba Kawasaki Kk Portable storage medium
FR2606188A1 (en) * 1986-11-03 1988-05-06 Cornille Jean Louis Clipcard with photo of the holder incorporated in memory
EP0334616A2 (en) * 1988-03-21 1989-09-27 Leighton, Frank T. Method and system for personal identification
FR2652664A1 (en) * 1989-10-03 1991-04-05 Guessous Ahmed Portable device for visual recognition with electronic display pattern
WO1992003804A1 (en) * 1990-08-14 1992-03-05 John Mclean & Sons (Electrical) Dingwall Ltd Document security system
EP0517405A2 (en) * 1991-05-30 1992-12-09 Ncr International Inc. Signature verification method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
DERWENT ABSTRACT, Accession No. 90-326288/43, Class T04, T05; & SE,A,89 00199 (1ST INT SOFTWARE TR), 21 July 1990. *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2385186A (en) * 2002-02-07 2003-08-13 Hewlett Packard Co User identification in electronic financial transactions
EP1482443A1 (en) * 2002-03-04 2004-12-01 Sony Corporation Authentication system, authentication method, authentication medium manufacturing device, and authentication terminal device
EP1482443A4 (en) * 2002-03-04 2010-01-06 Sony Corp Authentication system, authentication method, authentication medium manufacturing device, and authentication terminal device
DE102004059608A1 (en) * 2004-12-10 2006-06-14 Skidata Ag Access control system
US7631806B2 (en) 2004-12-10 2009-12-15 Skidata Ag Access control system

Similar Documents

Publication Publication Date Title
Panurach Money in electronic commerce: Digital cash, electronic fund transfer, and ecash
US4304990A (en) Multilevel security apparatus and method
US4965568A (en) Multilevel security apparatus and method with personal key
US6016963A (en) Integrated circuit card with means for performing risk management
US7571142B1 (en) Credit card system and method
US6003763A (en) Method and apparatus for recording magnetic information on traveler's checks
US7752135B2 (en) Credit authorization system and method
US6397194B1 (en) Receipt scanning system and method
US5907142A (en) Fraud resistant personally activated transaction card
US6021943A (en) Process for executing payment transactions
US7735125B1 (en) Systems and methods for identifying and verifying a user of a kiosk using an external verification system
US7536352B2 (en) Tokenless biometric electronic financial transactions via a third party identicator
US5336871A (en) Holographic enhancement of card security
US20080210754A1 (en) Account payment using barcode information exchange
US6036344A (en) Secure check processing system and method
US6857565B2 (en) Electronic traveler's checks
US20060144924A1 (en) Negotiable instrument with fraud protection
US20050165667A1 (en) System and method for customer video authentication to prevent identity theft
US7959076B1 (en) Secure card
US7784685B1 (en) Secure card
US5770843A (en) Access card for multiple accounts
US20050085931A1 (en) Online ATM transaction with digital certificate
US8109436B1 (en) Secure card
US7349557B2 (en) Electronic transaction verification system
US20030191714A1 (en) Closed loop financial transaction method and apparatus

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AM AT AU BB BG BR BY CA CH CN CZ DE DK EE ES FI GB GE HU IS JP KE KG KP KR KZ LK LR LT LU LV MD MG MN MW MX NO NZ PL PT RO RU SD SE SG SI SK TJ TM TT UA UG US UZ VN

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): KE MW SD SZ UG AT BE CH DE DK ES FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

NENP Non-entry into the national phase in:

Ref country code: CA