TITLE NEW SYSTEM FOR THE INTEGRATION OF THE NEW GENERATION OF TELEPHONE SYSTEMS (UMTS) INTO THE CREDIT CARD PROTECTION SYSTEM THROUGH A DIRECT CONFIRMATION SYSTEM.
FIELD OF APPLICATION
The new system adapted to the new generation of telephone systems UMTS is a system integrated with the new bank / market organisation model for protecting the holders of credit cards and/or smart cards by means of SMS (short message) signals. The system is based on the localisation of the place in which to identify the attempted fraud (using planimetric segmentation of the controlled territory). The integration will allow the system to use as support the mobile telephone network of the future which will contemplate USIM type cards. CONTEXT
The integration is defined as a set of electronic devices and application software for protection by means of vocal or non-vocal tele-service (SMS + SS + planimetric card) against frauds that could be attempted at the expense of users of credit cards and/or smart cards. When used on the P.O.S. or on a P.C., or when its details are given over the telephone for charging to account, or when used at an electronic teller, the card is identified by the bank server which possesses information on all the cards issued, active and enabled for operation. After correct enabling has been checked, the order is given to transfer the warning information "card use in progress" over the mobile telephone line on the new generation device (UMTS). The reply received from these devices will allow the operation to be concluded. In this way a lost or stolen card with which fraudulent use is attempted would be geographically located by its legitimate owner by the appearance, on the display of his new UMTS system or cellular phone, of the map with the indication of the precise spot where this unauthorised use is taking place.
The image on the display will contain a planimetric map indicating the country, region, town, district, point in the street with respect to a planimetric radius of 500 metres controlled by the devices; a blinking dot of light will appear on this map, precisely indicating the place where the fraud is perpetrated.
PROCEDURE (METHOD OF USE)
The new system is defined as a set of electronic devices and application software designed to protect, by means of teieservice (SMS + SS), against
frauds deriving from the unauthorised use of bank cards (credit cards, smart cards, etc.) or any other card that allows access to services of a particularly reserved nature.
The procedure considered below contemplates the use of services provided by a bank structure; it should be considered however that, if the bank is replaced with any other type of sen/ice supplier, the structure does not undergo any changes because the new system remains the personal electronic key that authorises the use of cards connected to reserved services. The card used with a POS, a PC, a telephone line or a fixed electronic teller is recognised by the bank server which checks its presence in the archive of cards issued by the bank itself. Once the recognition process has been completed, notification of use is sent by means of the mobile telephone network on GSM devices (the new system GSM mobile keyboard or the GSM cellphone). The reply received from these devices will allow the operation to be concluded. In this way, any attempt to use a lost or stolen card can always be intercepted by the card owner himself.
OBJECTIVES
According to the statistics of the Italian Banking System, about 258 million operations were made through POS in 1999, amounting to a total of 36,800 billion Lire and 21.8 million payments were made by credit card for a total of
39,600 billion Lire.
In addition to this large amount of successful operations there were a considerable number of fraudulent operations. The objective of the new system is to combat these frauds as much as possible and at the same time to allow credit card owners to have greater peace of mind in using the cards for their electronic payments.
GENERAL ARCHITECTURE OF THE NEW SYSTEM
There now follows a description of the stages of sending data, after a request for use of a credit card, and of the respective reply of the system (description of the graphic representation).
1 A - Physical action of activating the use of the credit card
2A - Identification - Analysis - Processing - Data transfer
3A - Reception - Identification - Data transfer 4A - Reception - Implementation of Services - Data transfer
3B - Reception - Transmission
2B - Reception - Processing - Order of execution
1 B - Execution - Physical activation of the result
A = Messages leave
B = Messages return
Figure 1 shows the graphic description of the stages
COMMENT ON THE STAGES FIRST STAGE
Insert a credit card in a POS or transmit the identification data of a credit card by PC or by telephone, or using a fixed electronic teller, cash register or other means. The data are transmitted to the bank in real time.
SECOND STAGE The bank recognises the data and activates its own identification procedures to check whether the customer has subscribed to the new system.
Processing is carried out and the result is sent to the transmission routine
(private telephone network).
THIRD STAGE The private network that manages the mobile line recognises the data, activates its own transmission routines to send a message, and remains in stand-by mode, waiting for the information in reply to its own transmission.
FOURTH STAGE
1 ) When used with a GSM console When the information arrives, the microprocessor of the appliance activates the SIM inserted in the console of the NEW SYSTEM; this is followed by data processing, the issue of a sound message and the appearance of an SMS (short message services) on the display; the appliance is put into stand-by mode to wait for the result that will be transmitted to it, after which the appliance will send the final result.
2) When used with a GSM cellular telephone
The GSM cellular telephones mentioned are already existing devices that will be fully compatible with the new system.
When the information arrives from the network the microprocessor of the GSM cellphone activates the SIM after the subordinate routine for checking that the user belongs to the new system.
The option of the credit card and/or smart card protection service is indicated and then the routine chosen from the options contemplated by the new system is processed. A sound message is given and at the same time a SMS appears on the display. The cellphone goes into stand-by mode to wait for the transmission results. Lastly the final results are sent on the network.
PROCEDURES
FIRST STAGE: PHYSICAL ACTION AND SUBSEQUENT DEVELOPMENT
Activation by means of: a PC a POS a telephone a fixed electronic teller
Transmission of identification data and request for approval
Waiting for the return of information
Application depending on the reply End.
SECOND STAGE: IDENTIFICATION - ANALYSIS - PROCESSING - DATA
TRANSFER
Collection of information.
Initial checking routine by the bank to check the customer's identity and whether he has subscribed to the system.
Procedure for checking the approval of data transmission (with relation to the type of card used, the place and the time of issue and the amount asked).
Sending of the message.
Sub-procedure of waiting for the reply with assessment of any failure to reply. The reply is received, analysed and the result is transmitted to the sender.
End.
THIRD STAGE: RECEPTION - IDENTIFICATION - DATA TRANSFER
Connection to the private mobile telephone network
Connection management procedure Procedure for transmitting information to the identified receiver, giving priority to the new system and then to the GSM cellular phone.
Waiting for the return of information and connection management procedure.
Transmission of the information to the bank.
End. FOURTH STAGE: RECEPTION - IMPLEMENTATION OF SERVICES -
DATA TRANSFER
Connection to the GSM system.
Arrival of messages over the air.
Application of the control subsystem. Systematic start-up of the procedure present in the SIM card:
1 ) identification message
2) acoustic warning procedure and display of the SMS
3) choice of the reply button OK or NO
4) execution of the procedure contemplated by the menu
5) procedure of transmitting the data chosen with the button
6) transmission
7) End. Connection to the GSM cellular phone (with appliance on).
Arrival of messages over the air. Application of the control subsystem. Systematic start-up of the procedure present in the SIM card:
8) identification message 9) access to the option "credit card protection service"
10) acoustic warning procedure and display of the SMS
11 ) choice of the reply button OK or NO
12) execution of the procedure on the menu concerning the NEW SYSTEM
13) procedure of transmitting the data chosen with the button 14) End.
FUNCTIONAL CHARACTERISTICS
GSM CONSOLE
MEMORIES
PRINCIPAL FUNCTIONS INITIAL AUTODIAGNOSIS
INDICATOR OF NETWORK CONNECTION RADIO SIGNAL
INDICATOR OF BATTERY CHARGE LEVEL
INDICATOR OF THE NAME OF THE CONNECTED MOBILE RADIO
SYSTEM CLEAR INDICATION OF THE "YES" AND "NO" BUTTONS
ACTIVATION MESSAGE
PROTECTION AGAINST MODIFICATION OF THE SM MEMORIES
REAR LIGHTING OF THE KEYPAD AND OF THE DISPLAY
RAPID PASSAGE OF DATA FROM THE MEMORY CHOICE OF THE LANGUAGE USED IN THE SM
DTMF SIGNAL (Dual Tone Multi Frequency)
DATA TRANSFER ON THE CELLULAR PHONE
ERVICES OFFERED
MAIN MENU 1) REPERTOIRE (RECORDERS OF EVENTS FOR 10 CARDS) ADD
ELIMINATE MODIFY
TRANSMIT 2) MESSAGES
MESSAGES RECEIVED (TEXT RECEIVED BY CELLPHONE) MESSAGES CONCERNING BANK CARDS (1/10) List of attempted frauds on the 10 cards (max 10 events)
Recordings Transfers Choice of cellphone 1 ,2,3
Reading of tot. expenses incurred and recorded with the new system Period
Day Week Month
Transfer of period data to the TPM SET OF MESSAGES
Locking
Status Cancel Telephone number for transmission (1/3) Add
Delete Modify Select Transmit 3) CLOCK ALARM
Activate time set (1/5) by TPM Cancel
One time at a time All the alarm times
Check status
Activate variable alarm (optional) Cancel Check status APPOINTMENTS
Activate (1/5) with indication of: mm, dd, hh, message Cancel
One appointment at a time
All appointments Check status PARAMETERS Display / Masking Clock regulation
Automatic (by TPM)
4) SOUND TONES
SOUNDS FOR MESSAGES FROM CELLPHONE (1/3) SOUNDS FOR ATTEMPTED FRAUD (1/10) SOUND LEVEL
5) DEVIATIONS DEVIATION IF ENGAGED
Activate Cancel Check status
DEVIATION IN CASE OF NO REPLY Activate Cancel Check status Waiting status with pre-set delay of activity
5, .. 10, ..15, ..20, ..25, ..30 seconds DEVIATION FOR UNIT OFF OR OUT OF SERVICE Activate Cancel Check status
VOLUNTARY DEVIATION
Unit Active with addition of expenses and automatic authorization of charging Unit Active without addition of expenses, but with automatic authorization of charging
Cancel RETURN DUE TO OPERATION REFUSAL Activate systematic blocking of the card Cancel 6) SETTINGS
CHOOSE LANGUAGE
THE GSM PORTABLE TELEPHONE (TPM)
Services and "new system options" to be added on the SIM card (access to options and pin sub-codes)
7) REPERTOIRE (1/10) FOR PERSONAL CARDS ADD
ELIMINATE
MODIFY
TRANSMIT
8) MESSAGES MESSAGES RECEIVED FROM TPM (1/3)
MESSAGES CONCERNING BANK CARDS (1/10) List of attempted frauds on the 10 cards (max 10 events) Recordings Transfers Choice of cellphone (1/3)
Reading of tot. expenses incurred and recorded with the new system
Period
Day Week Month
Transfer of period data to the TPM SET OF MESSAGES
Telephone number for transmission (1/3) Add Delete
Modify Select Transmit
9) DEVIATIONS DEVIATION IF ENGAGED
Activate Cancel Check status DEVIATION IN CASE OF NO REPLY Activate
Cancel Check status
Waiting status with pre-set delay of activity
5, .. 10, ..15, ..20, ..25, ..30 seconds DEVIATION FOR UNIT OFF OR OUT OF SERVICE Activate Cancel Check status
VOLUNTARY DEVIATION
Unit Active with addition of expenses and automatic authorization of charging Unit Active without addition of expenses, but with automatic authorization of charging
Cancel RETURN DUE TO OPERATION REFUSAL Activate systematic blocking of the card Cancel 10) CODE TRANSFER ON DEVIATIONS to new system
ACTIVATE THE LOCKING OF THE KEYS ON new system
Enter code or password DEACTIVATE THE RELEASE OF THE KEYS ON new system Enter code or password LOCK ACCESS TO MESSAGES OF THE NEW SYSTEM
Enter code or password DEACTIVATE THE LOCKING OF ACCESS TO MESSAGES OF THE NEW SYSTEM
Enter code or password LOCK ACCESS TO REPERTOIRE OF THE NEW SYSTEM
Enter code or password FREE ACCESS TO REPERTOIRE OF THE NEW SYSTEM Enter code or password 11) SETTING THE CLOCK ON THE NEW SYSTEM PRE-SET ALARM
Type in hour and minutes Transmit Cancel
Activate variable alarm (optional) Every hour
Type in hour Transmit hour Cancel
Every pre-set number of minutes Type in minutes Transmit minutes Cancel Cancel
APPOINTMENTS
Activate (1/5) with indication of: mm, dd, hh, message Cancel
One appointment at a time All appointments
Check status
DESCRIPTION OF THE COMPONENTS OF THE NEW SYSTEM AS
INDICATED IN THE PRESENTATION OF THE ELEMENTS IN FIGURE 2
1) Oval-shaped external container with dimensions 7 * 5 * 2.5 cm. Variable in colour, it will be made with the same material as the external container n° 13.
2) Antenna, which may be fixed, of helical or extensible type.
3) ON / OFF button.
4) Scroll button. 5) Liquid crystal display (LCD) having from one to three lines and with 6 / 10 characters per line as well as the space reserved for symbolic and graphic icons for the intensities of the radio signal, the indication of the battery charge and the variety of the active logic functions. -7) Ear-piece: loudspeaker with small dimensions which returns the signal received from the antenna after processing and amplification.
1 ) SIM card reader. This is the reading circuit which is linked to platform 1 where the control subsystem resides. The circuit reads and changes the information contained in the microprocessor card of the SIM.
2) Platform 1 : a base on which are fitted the loudspeakers, the distribution of any power supply sen/ice sockets, the input circuits of the acceptance or refusal keys, the control circuits on the display and the wiring circuits of the various parts.
3) Aluminium platform with radio waves both for a protection service against the interference of the waves coming from the systems and for the internal protection of the electronic circuits, etc.
4) Platform 2: card containing all the electronic circuits necessary for the sophisticated management of the radio frequency of the GSM terminal (TPM).
5) Housing of the SIM card (plug-in).
6) External container made of waterproof material, resistant to impact, temperature, solar radiation and the presence of the most varied chemical components. 7) Socket for the battery charger.
8) Confirmation key: confirms reading of the message, confirms the choice of the option proposed, confirms the choice to open the menu, stops the current acoustic alarm.
9) Key for passing to the previous level of the submenu. Quits the menu. 10) Aluminium platform with radio waves both for a protection service against the interference coming from the systems and for the internal protection of the electronic circuits, etc.
11 ) Platform 2: card containing all the electronic circuits necessary for the sophisticated management of the radio frequency of the GSM terminal (TPM).
12) Housing of the SIM card (plug-in).
13) External container made of waterproof material, resistant to impact, temperature, solar radiation and the presence of the most varied chemical components. 14) Socket for the battery charger.
15) Validity key*, confirms the choice to open the menu, stops the current acoustic alarm.
16) Key for passing to the previous level of the submenu. Quits the menu. * To confirm press - 2 times in sequence with a maximum interval of 3 seconds to reply yes.
1 time to reply no. ARCHITECTURE FOR A SMS TRANSMISSION (164 CHARACTERS)
RECEIVING A MESSAGE SMC SMGC HLR MSC VLR terminal 1- message transfer
2 -transfer information locate terminal ►
3 - message transfer ► 4 - message presentation message presentation
< ► authentication
A ►
acceptance of the message
A
5 - message transfer 5 - transfer report
7 - report
The message source (SMC) sends a message to the message server (SMGC), which records it with its characteristics (sender, destination, priority, date and limit time of validity).
• The message server (SMGC) interrogates the HLR of the mobile user to locate it and the HLR supplies the references of the switch (MSC) that controls the mobile user.
• The message server transmits the message and the user references to the switch (MSC) which manages the domain in which the mobile user is located.
• The switch interrogates its visitors database (VLR) to obtain the most recent user coordinates, accompanying the question with a message presentation procedure, checking the terminal status.
• The switch supplies a detailed message report to the server. • The message server, in turn, gives a report to the sender.
SENDING A SMS MESSAGE (164 CHARACTERS) SMC SMGC HLR MSC VLR terminal
Request access to service
< ► 1 - message transfer
2 - check the right to use the service message transfer
4 ■**! message transfer
5 - transfer report
3 - report
• The mobile terminal is the message source (MS) and asks for authorization to carry out transmission to the VLR, which knows the subscription options and gives its authorization.
• The terminal transmits the message to the switch (MSC).
• The switch updates the user registration in the VLR; it takes the references. With this information the switch can issue a report to the user.
• The switch sends the message to the server centre, which stores it and records its characteristics.
• The server retransmits the message to the receiver
• The server supplies a detailed report to the switch. The switch informs the user that the message has been forwarded to the receiver.
POTENTIALITY OF THE SYSTEM WITH RESPECT TO THE USER Possibilities • Wide territorial coverage
Possibility of managing the message service
Data transmission
Ergonomic, light and compact terminal
Reasonable access cost • Great service availability
International mobility, that is, the possibility of making use of the sen/ice by accessing a different system from the one subscribed to, making use of one's own user unit to do so
WITH RESPECT TO THE SERVICE OPERATOR Possibilities of the system
Optimum use of the resources (radio frequencies, transmission capacity)
Great availability
Simple and effective management
Simple, effective and reliable identification of users and terminals • Large number of users
Normalised equipment
Flexible normalisation
Large number of equipment suppliers
Reasonable infrastructure cost WITH RESPECT TO THE PRODUCERS
Possibilities and treatments
• Stable definition of functions
• Clear definition of limitations
• Larger market WITH RESPECT TO THE APPLICATIONS FOR REGULATION
Possibilities
• Possibility of offering access to the service to the entire population
• Offer to several operators in free competition
• User unit normalisation
• Maximum use of the radio frequencies assigned to the GSM
• Developing the use of the radio telephone all over the territory
SUPPLY OF SYSTEM SERVICES TO USERS • Sale of the NEW SYSTEM and TPM* terminals
• Sale of subscriptions to the GSM networks
• Offer of sen/ices with credit cards and smart cards
• Management of the commercial network on the internet
• Invoicing of the services provided. APPLICATION OF THE NEW SYSTEM TO THE INTERNET NETWORK
Structure of the global market with segmentation and use paths:
1 ) According to product type
2) According to individual supplier
With respect to surfing, on the site, a relational approach may be followed (to view the proposals, passing from one product to another irrespective of the supplier) or a hierarchical one (to visit the products offered by the individual suppliers) depending on the interest of the final user. With respect to safety, the site distinguished by the new system will allow a safety level which, in addition to or in place of encrypting systems, will contemplate the use of the GSM mobile keypad and of GSM mobile telephone appliances (TPM), to benefit from the levels of protection against fraud allowed by the processor and the architecture of the system. GRAPHIC DESCRIPTION OF THE APPLICATION OF THE SYSTEM TO THE INTERNET NETWORK 1 Implementation of a database to propose a safe electronic supermarket, where the WEB allows a customer to make purchases of a vast range of products from different suppliers. Everything is offered in maximum safety against attempted fraud, for both the buyer and the supplier of the products.
2 When a product is purchased on the net, let us see what happens concerning payment with a credit card. The credit card data must be sent into the system, possibly in a protected form. When the user asks to make a purchase, the data will therefore be encrypted in order to be sent to the server which will process them as necessary.
3 The server receives the encrypted information and decodes it. It then checks the validity of this information with the bank that issued the credit card.
4 The new protection service comes into action. The bank goes through its control routines and asks the holder of the card for confirmation of the
operation by means of the [new system| or a TPM
5 The bank obtains confirmation to proceed from the user (in the positive case). After having completed processing, the bank transmits the acceptance for the requested transaction to the server. 6 - 7 At the same time the server sends the order confirmation to the product supplier who follows up the customer's request and also sends a confirmation to the customer for the operation carried out (with a suitable message of thanks).
8 The product purchased will be sent to the customer by post or courier. GLOSSARY
G.S.M. Global System for Mobile Communications.
H.L.R. Home Location Register
L.C.D. Liquid Crystal Display
M.S.C. GSM Mobile Switching Centre P.C. Personal Computer
PLUG-IN miniature SIM Card
P.O.S Point of Sale
S.I.M Subscriber Identity Module
S.M. Mobile Station (subscriber terminal) S.M.C. Short Message Centre
S.M.G.C Gateway between data and the Mobile Network
S.M.S Short Message Service
S.S. Supplementary Services
T.P.M. Portable Mobile Telephony V.L.R. Visitors Localisation Register