WO2003036576A2 - Procede et systeme de securisation supplementaire de paiements effectues par carte de paiement - Google Patents

Procede et systeme de securisation supplementaire de paiements effectues par carte de paiement

Info

Publication number
WO2003036576A2
WO2003036576A2 PCT/PL2002/000075 PL0200075W WO03036576A2 WO 2003036576 A2 WO2003036576 A2 WO 2003036576A2 PL 0200075 W PL0200075 W PL 0200075W WO 03036576 A2 WO03036576 A2 WO 03036576A2
Authority
WO
WIPO (PCT)
Prior art keywords
card
terminal
authorization
payment
transaction
Prior art date
Application number
PCT/PL2002/000075
Other languages
English (en)
Other versions
WO2003036576A3 (fr
WO2003036576B1 (fr
Inventor
Wojciech Wojciechowski
Original Assignee
Wojciech Wojciechowski
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wojciech Wojciechowski filed Critical Wojciech Wojciechowski
Priority to EP02783868A priority Critical patent/EP1454305A2/fr
Priority to AU2002347691A priority patent/AU2002347691A1/en
Publication of WO2003036576A2 publication Critical patent/WO2003036576A2/fr
Publication of WO2003036576A3 publication Critical patent/WO2003036576A3/fr
Publication of WO2003036576B1 publication Critical patent/WO2003036576B1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • G06Q20/425Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3224Transactions dependent on location of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4016Transaction verification involving fraud or risk level assessment in transaction processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/27Individual registration on entry or exit involving the use of a pass with central registration

Definitions

  • the subject of the invention is the method and system of additional securing of payments made with payment cards, complementing the known methods and systems of authorization of transactions made with payment cards.
  • the collective term "payment card” includes all types of cards enabling making transactions, debit cards and credit cards in particular. There are, generally speaking, two types of payments. The first one that requires a physical presence of the card in the payment system and the second one, in which such a presence is not required, it is enough only to provide some card-related information, such as e.g. its number and validity date.
  • a payment system is any system requesting an operation of debiting, immediately or at a certain moment in the future, the balance of the bank account related to the payment card in exchange for a service provided, goods delivered, etc.
  • the physical presence of the card in the payment system is ensured by the so called payment terminal, which is a part of the system.
  • Cash drawing via an automated telling machine is also considered to be a card payment, where the automated telling machine and the related banking system are examples of a payment system whereas the automated telling machine is an example of a payment terminal.
  • a local payment is an operation made without referring to an external system of payment authorization and most frequently consisting in checking locally whether it is possible to make the transaction using the information included in the card itself, for example, the information in magnetic strip or the electronic memory system built into the card. In that case, the information on the payment card account debit is transferred to the authorization center with certain delay.
  • An authorized payment is an operation referring to an external authorization system, also called card authorization center.
  • the payments are made without physical presence of the payment card in the payment terminal or in the card scanner, for example the transactions made via the Internet, it is necessary only to provide a few pieces of information related to the card, such as its number and validity date.
  • a connection with the authorization center can be made to check if, e.g. the card has not been stolen, or whether it is sill valid.
  • the system checks, according to specified criteria whether the transaction is permitted or not. Such information as for example the maximum cumulative amount of the payments made with the card or the balance of the bank account can also be checked. The payment will not be made if the authorization system does not permit it.
  • the authorization system can be provided by the bank that issued the payment card or by a unit established by the banks and working for the establishing banks, or by any specialized financial organizations.
  • the growth of the payment cards market is accompanied by increased number of crimes and frauds related to that type of payments. It results in significant financial losses and causes some distrust of customers concerning making payments with credit cards, which means that there is a considerable demand for additional systems and methods of securing such transactions.
  • the invention is to complement the known techniques of payments with payment cards, such as for example using PIN, that is elimination or at least considerable reduction of the number of crimes and frauds related to the use of payment cards and increased trust of the customers.
  • the method according to the invention provides that, before the transaction is made, the information about the card the transaction is based on is taken from the card information database, then an authorization question is asked and sent to the communication terminal assigned to the card. When the answer comes from the communication terminal, it is forwarded to card authorization center, and if there is no answer from the terminal, an automatic authorization answer is sent to card authorization center.
  • an identification question is sent to the communication terminal apart from the authorization question.
  • the identification answer received from the terminal is compared with the standard.
  • the positive authorization answer received from the terminal is forwarded to card authorization center only if the identification answer is compliant with the standard.
  • Another variation of the method according to the invention provides that, before the decision on sending an authorization question to the communication terminal it is checked on whether the transaction is to be made with the use of the payment terminal. Then, based on the data from information database on the transactions made with cards and on the information on the geographical position of payment terminal, the time-spatial distance from the previous transaction made via payment terminal with the same card is calculated. The calculated distance is compared with the standard and, depending on the result of the comparison, and possible additional rules, the transaction authorization is refused, or the authorization is granted automatically without any further questions, or the authorization question sent to the communication terminal is respectively modified.
  • Still another variation of the method according to the invention provides that the location of the localizable terminal assigned to the card of the transaction is additionally identified, and then the spatial distance between the payment terminal in which the transaction is made and the . localizable terminal is calculated. After the distance has been calculated, it is checked whether it is small enough and, depending on the result of the check and possible additional rules, the transaction authorization is refused, or the authorization is granted automatically without any further questions, or the authorization question sent to the communication terminal is respectively modified.
  • the method according to the invention can be complemented by a stage of sending to the communication terminal the information on the events related to the card assigned to that terminal.
  • the system according to the invention works with the basic card authorization center.
  • Each payment card serviced by the system is assigned at least one communication terminal.
  • the system contains card information database modifiable with a modification interface by the card information management system, authorization interface for communication with card authorization center, telecommunications interface providing for connection with the communication terminal and control & calculation module.
  • the communication between the communication terminal and the communication interface is implemented via a voice server.
  • the card information database contains standard identification answers of the users of the cards taken from communication terminals.
  • Next variation of the system according to the invention contains card information database on the transactions made with cards, an interface working as an intermediary in providing information on available payment terminals and their geographical position, a calculation module.
  • the module calculates the time- spatial distance of the current transaction from ihe previous transaction made with the same card via the payment terminal.
  • Another variation of the system according to the invention additionally contains a location module providing to the system the information on the location of the localizable terminal assigned to the card taking part in the authorized transaction.
  • the calculation module in this variation of the system also calculates the spatial distance between the payment terminal in which the transaction is made and the
  • the communication terminal and localizable terminal used in the system of the invention can be one device.
  • an information module providing to the communication terminal, via a communication interface, the information on the events related to the card to which the terminal is assigned.
  • Fig. 1 shows the block diagram of the system in its basic version.
  • Fig. 2 shows the block diagram of the basic system complemented by a module to detect irregularities and an information module.
  • Fig. 3 shows a flow chart illustrating activities taken to execute a method according to the invention.
  • Fig. 4 shows a flow chart illustrating operation of the basic authorization (BA).
  • Fig. 5 shows a flow chart illustrating operation of the irregularities detecting module (IDM).
  • Fig. 6 shows a flow chart illustrating operation of the information module (IM).
  • the present invention can make use of generally available telecommunications services, in particular voice transmission, automatic voice server, text messages transmission (SMS - Short Message Service), multimedia message transmission, electronic mail (e-mail) and "instant messaging".
  • the telecommunications services are accessible via a communication terminal which is held by the payment card user.
  • a mobile phone or, to a smaller extent, "pager” are typical examples of such terminals.
  • the invention also makes use of the' so called localizable terminals, that is the terminals whose geographical position can be located. Any portable device, independent or working with other devices enabling identification of geographical position at any selected moment can be a localizable terminal.
  • a mobile phone can be a typical example of a localizable terminal, since telephone network enables pretty precise identification of the current location of the mobile phone by using the information on the mobile phone or mobile phones in the network the range of which the given mobile phone is currently in.
  • the invention can also make use of PDA (Personal Digital Assistant) and specialized tracking devices.
  • Localizable terminals can also make use of various location technologies, both using the infrastructure of mobile telephone networks and the ones independents of such networks (e.g. GPS - "Global Positioning System") or mixed technologies (e.g. GPS supported by mobile telephone network).
  • a terminal can be at the same time a communication and a localizable terminal, thus becoming a universal terminal.
  • User preferences are a set of quantitative and/or qualitative features defining how the sen/ice of additional authorization is to be provided. For example, user preferences can define whether the given securing procedure is to be implemented or not (qualitative parameter) and the lowest amount from which the service of additional securing is to be provided (qualitative parameter).
  • the basic element of the system 1 is the control & calculation module 2.
  • the module is connected to the card information database 5.
  • the system 1 has three interface modules (8,9 and 11 ) enabling communication with external systems.
  • the communication interface 11 enables contact with the basic card authorization center 13 in order to receive authorization questions and send authorization answers.
  • the modification interface 8 it is possible to provide to the database 5 always updated payment card information coming from card information management system 15.
  • the database 5 depending on how extended the system 1 is, collects, for example, payment cards identifiers and identification numbers of communication, localizable or universal terminals related to those cards.
  • the database 5 also stores definitions on payment securing and related user preferences, as well as quantitative parameters of that service (for example the lowest amount from which the payment is to be controlled) and qualitative parameters of the elements of the service (for example, request for systematic refusal of authorization if the localizable terminal cannot be located).
  • Communication interface 9, via telecommunications systems 16 ⁇ . provides contact with the communication terminal.
  • the authorization center sends to control & calculation module 2 via interface 11 an authorization question.
  • the module retrieves from the database 5 the information related to the payment card for which additional securing is requested, and then the conditions triggering the procedure of additional authorization are checked. If the conditions are not met, for example, the amount of the transaction or the cumulative value of the amounts within a specified time period does not exceed a specified limit, then control & calculation module 2 sends back to authorization center 13 the answer with the automatic permit to make the operation. The answer is sent back via interface 11.
  • control & calculation module 2 identifies the communication terminal related to the payment card that the transaction authorization is related to. Depending on the capacity of the communication terminal and/or the description of the user preferences related to the given terminal, control & calculation module 2 tries to communicate with the holder of the terminal, using relevant communication technique.
  • voice communication is the communication technique
  • a component element of the system 1 is a voice server 17. The server then asks the user of the communication server for granting authorization for the planned payment.
  • Granting authorization by the user can be done in any way, depending on the capacities of the voice server. In the simplest case, it can be pressing by the user a selected key on the terminal: e.g. ⁇ 0> key to grant authorization and ⁇ 1> key to refuse it, or ⁇ 2> to refuse authorization and cause blocking the card thus making its further use impossible.
  • the answer is given by the user with voice, and the voice server 17 recognizes the answer by speech analysis. After the user answer has been obtained and recognized, the system 1 transfers it to the basic authorization center 13 which takes an adequate action, i.e. grants or refuses authorization for the requested payment.
  • control & calculation module 2 An important feature of the control & calculation module 2 is also the way of its operation in the case when it is not possible to obtain an answer from the terminal user.
  • Three potential reactions have been envisaged for such a situation, i.e. a systematic authorization refusal, systematic authorization granting and a choice between authorization refusal and granting.
  • the choice between authorization refusal and granting depending on a certain criterion, suc as for example the amount of the operation or the cumulative amount of payments in a specified period of time.
  • the decision on which of the three possible answers will be sent to card authorization center 13 is made by the operator of the security system or directly by the terminal user in the description of preferences.
  • other communication techniques for example multimedia messages, SMS or "instant messaging" can be used to obtain the user authorization answer.
  • control & calculation module 2 formulates and sends to the communication terminal also the question that is to identify the user.
  • the user has to provide the answer via the terminal and the answer is compared with the standard of that answer stored in the database 5.
  • the positive authorization answer is taken into consideration only if the user has correctly answered the identification question.
  • Exemplary identification questions include request for PIN related to the card or another number or text code.
  • Another version of the system 1 is additionally equipped with a calculating irregularity detecting module 3 (IDM - fig. 5), used to detect irregularities of authorization of payments requiring the use of a payment terminal.
  • the system 1 in this version also contains an information database on the previous transactions made with cards 6 and two additional module interfaces 7 and 10.
  • Interface 10 works as an intermediary in contacts with the payment terminals systems 12 managing the information on payment terminals, providing information on available payment terminals and their geographical positions.
  • the location interface 7 enables connections with location modules 14 providing the service of locating localizable terminals.
  • Irregularity detecting module 3 detects some illegal operations made with duplicated or forged cards, and its use can be conditional and depend on many factors, such as for example the amount of the payment to be made.
  • Operation of the irregularity detecting module 3 consists in knowing the geographical position of payment terminals and in the assumption that two subsequent payments made with the same card must take place within a time span big enough for the card holder to be able to move between the geographical positions in which the payment terminals u$ed to make the two subsequent payments are used. Based on the theoretical and/or empirical data, the standard (i.e. the smallest physically possible) time-spatial distance between the two payment terminals is calculated. Any request for additional authorization of the payment to be made with the payment terminal after confirming that the conditions of starting additional authorization are met (e.g. the amount of the operation exceeds the specified limit) is sent not directly to the control & calculation module 2 as was the case in the basic version of the system, but to irregularity detecting module 3.
  • the question sent from authorization center 13 additionally contains a payment terminal identifier.
  • Irregularity detecting module 3 retrieves from the database 6 information on the previous transaction made with the given card, that is the date and time of the payment and geographical position of the then used payment terminal. Then from the payment terminal system 12, via the interface 10 information on the geographical position of payment terminal that the additional authorized current payment is related to is retrieved. The information on the location of the payment terminal can be also included in the authorization question and then the payment terminal system 12 and the interface 10 are not used. After the necessary data have been retrieved, the time-spatial distance between the current payment operation and the previous operation related to the same card is calculated and compared with the standard distance.
  • the first of the possible reactions of the system can be triggering the basic procedure of additional authorization described above (BA - fig. 4), i.e. obtaining consent to or refusal of authorization from the user himself of the communication terminal related to the given card.
  • the user is informed about the detected irregularity.
  • the second possible reaction is direct forwarding to the basic authorization center 13 the information on the detected irregularity and on the necessity to refuse authorization for the current payment.
  • the third reaction of the system is direct forwarding to authorization center 13 the information on the necessity to block the card in order to prevent its further use..
  • the request for additional authorization can undergo the previously described basic procedure performed by control & calculate module 2.
  • the decision on performing the procedure or not can depend, for example, on the configuration of the system set by the operator, on the description of user preferences, on the amount of the payment and on the cumulative payment amount for the selected period.
  • the procedure is triggered if the planned transaction meets the specified conditions, for example, if the amount of the operation exceeds the specified limit.
  • the procedure consists in comparing the geographical position of the localizable terminal with the location of the payment terminal involved in the protected transaction. If the distance between the localizable terminal and the payment terminal is too big, it can be assumed that the payment card is probably used by another person. The comparison of the locations mentioned above can be done in two' ways.
  • the location system 14 provides to the system 1 the information on the current location of the selected localizable terminal, and the irregularity detecting module 3 compares the given location of the terminal with the location of payment terminal in which the transaction is being made.
  • irregularity detecting module 3 provides to the location system 14 the information on the location of the payment terminal, localizable terminal identifier and the qualitative parameters describing the rules of comparing locations. The comparison itself is made by the location system 14, which provides to the system 1 only the result of the comparison. If, as a result of the operations mentioned above, it turns out that the localizable terminal is not close to payment terminal, then the irregularity detecting module 3 considers the payment being authorized to be incorrect. The next part of the procedure is similar to the procedure of checking the time-spatial distance described above.
  • the system according to the invention can be also complemented by an information module 4 (IM - fig. 6).
  • Role of the module is to supply, one-way, information to the card user.
  • the one-way of sending information means that the system sends information to the user but does not expect any answer from the user.
  • Information module 4 enables providing the user with the information related to payments with the card, the information that the user did not obtain as a result of the communication with the other modules of the system described above.
  • that additional information can be information on the payment transaction made, information on payment refusal and information on detected irregularity.
  • Providing that information can depend on various criteria, for example, on the payment amount.
  • the information cari be provided to, for example, the communication terminal or to a specified ' electronic mail address.
  • the system of additional payment securing can be a separate system or it can operate as a part of the basic card authorization system. It can operate on the machines shared with other systems or it can have one or more machines for its exclusive use.
  • the system can be implemented on two Sun E240 type of machines working in high availability mode. Both machines communicate with each other via a multiplied local network Ethernet, via which the communication with the basic card authorization center 13 is also made.
  • the communication with the voice sever 17 of the telecommunications system 16 is done via the wide network of X25 type with multiplied connections.
  • the communication with the location modules 14 is based on a specialized protocol LIF (XML/HTTP).
  • the card information management systems 15 are information systems about the customers of the banks that offer payment cards. The systems provide information on the customers using the service of additional payment securing, on the scope of the service and the customer preferences, and the information can be obtained in the batch mode by transfer of files using FTP protocol.
  • the authorization interface 11 can be based both on local communication taking place within one machine and using the mechanisms of queues, shared memory or triggering procedures, and on any network communication protocol, for example TCP/IP or X25.
  • the communication interface 9 is based on the protocols offered by the operators of telecommunications systems 16 and depends on the type of the telecommunications service used. In particular, they can be ISDN, X25 or TCP/IP protocols.
  • a voice server 17 x the communication with the interface 9 can be performed in the way similar to the communication between interface 11 and aut orization center 13.
  • the location interface 7 is to identify the location of the localizable terminal when the system obtains from the authorization center 13 an authorization question and is based on the protocols offered by location systems. )n particular, they can be HTTP or TCP/IP protocols.
  • the modification interface 10 can be based on any type of local or network communication, just as in the case of the authorization interface 11 described above.
  • the information that are provided by the systems 12 could also be provided to system 1 together with the tasks of additional securing coming from authorization center 13. Then, from the point of view of the invention, the system of 12 type becomes identical with card authorization center 13, and the modification interface 10 becomes identical with the identification module 11.
  • the system according to the invention functionally has two databases 5 and 6, but in a concrete implementation those databases can belong to the same database, or each of them can be broken down into a number of various databases.
  • the software of the system can be in C/C++ and ProC languages, using Oracle database.

Abstract

Dans le système de la présente invention, une carte de paiement peut être associée à un terminal de communication qui établit une connexion avec l'utilisateur et qui peut se trouver à une certaine distance. Avant que le paiement ne soit effectué, au moins une question d'autorisation supplémentaire peut être formulée et envoyée au terminal de communication et la décision relative au traitement de la transaction est prise en fonction de la réponse donnée par l'utilisateur du terminal. Il est possible de vérifier si l'emplacement géographique actuel du terminal de communication est suffisamment proche de la position géographique du terminal de paiement, ou s'il est possible que le détenteur de la carte puisse se déplacer du terminal de paiement précédent au terminal de paiement actuel. Dans sa version de base, le système comprend une base de données contenant des informations relatives aux cartes (5), laquelle base de données peut être modifiée par l'intermédiaire d'une interface de modification (8) par le système de gestion d'informations relatives aux cartes, d'une interface d'autorisation (11) chargée de communiquer avec le centre d'autorisation de la carte, d'une interface de communication (9) qui établit des connexions avec des terminaux et un module (2) de calcul et de commande. Ce système peut également comprendre une base de données contenant des informations relatives aux transactions effectuées avec les cartes (6), une interface (10) fonctionnant comme intermédiaire pour l'envoi d'informations relatives aux terminaux de paiement disponibles et à leur position géographique, un module de localisation (14) procurant au système des informations sur les emplacements des terminaux et un module de calcul (3) chargé de calculer la distance temps-espace entre la transaction en cours et la transaction précédente effectuée avec la même carte par l'intermédiaire d'un terminal de paiement ou de calculer la distance spatiale qui sépare le terminal de paiement dans lequel la transaction est effectuée et le terminal pouvant être localisé, puis de comparer le résultat avec la référence.
PCT/PL2002/000075 2001-10-20 2002-10-21 Procede et systeme de securisation supplementaire de paiements effectues par carte de paiement WO2003036576A2 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP02783868A EP1454305A2 (fr) 2001-10-20 2002-10-21 Procede et systeme de securisation supplementaire de paiements effectues par carte de paiement
AU2002347691A AU2002347691A1 (en) 2001-10-20 2002-10-21 Method and system of additional securing of payment card payments

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
PL01350218A PL350218A1 (en) 2001-10-20 2001-10-20 Method of and system for providing extra security of payments effected by means of cheque cards
PLP.350218 2001-10-20

Publications (3)

Publication Number Publication Date
WO2003036576A2 true WO2003036576A2 (fr) 2003-05-01
WO2003036576A3 WO2003036576A3 (fr) 2003-11-27
WO2003036576B1 WO2003036576B1 (fr) 2004-03-25

Family

ID=20079557

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/PL2002/000075 WO2003036576A2 (fr) 2001-10-20 2002-10-21 Procede et systeme de securisation supplementaire de paiements effectues par carte de paiement

Country Status (5)

Country Link
EP (1) EP1454305A2 (fr)
AU (1) AU2002347691A1 (fr)
PL (1) PL350218A1 (fr)
RU (1) RU2004115391A (fr)
WO (1) WO2003036576A2 (fr)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2402792A (en) * 2003-06-11 2004-12-15 Sanjay Hora Verifying identity and authorising transactions
WO2005073889A1 (fr) * 2004-01-28 2005-08-11 Saflink Corporation Systeme de verification de transaction electronique
WO2005073934A1 (fr) * 2004-01-28 2005-08-11 Aron Matalon Procede et systeme pour l'authentification de transactions de carte de credit
EP1810235A2 (fr) * 2004-09-17 2007-07-25 Digital Envoy, Inc. Dispositif de protection contre les fraudes
EP1835468A2 (fr) * 2006-03-15 2007-09-19 Omron Corporation Équipement d'utilisateur, système d'authentification, procédé d'authentification, programme d'authentification, et support d'enregistrement
EP1729254A3 (fr) * 2005-05-06 2010-01-20 Robert Bosch Gmbh Procédé et système de transmission de données
WO2011076438A1 (fr) * 2009-12-23 2011-06-30 Wolfram Doering Procédé de communication électronique d'ordres de banque, et système de communication pour la mise en oeuvre de ce procédé
US8171288B2 (en) 1998-07-06 2012-05-01 Imprivata, Inc. System and method for authenticating users in a computer network
GB2511112A (en) * 2013-02-25 2014-08-27 Licentia Group Ltd Authentication method & system
EP3244358A1 (fr) * 2016-05-10 2017-11-15 Danal, Inc. Procédés et systèmes de vérification d'identité au niveau des machines en libre-service
CN108701297A (zh) * 2016-01-19 2018-10-23 三星电子株式会社 用于执行支付的电子装置和方法
WO2019122556A1 (fr) * 2017-12-22 2019-06-27 Orange Procédé d'obtention d'une information complémentaire associée à une caractéristique d'une transaction bancaire

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0601659A1 (fr) * 1992-12-07 1994-06-15 Koninklijke KPN N.V. Méthode pour la protection d'un système à carte à circuit intégré
US5335265A (en) * 1991-11-08 1994-08-02 Electronic Data Systems Corporation Apparatus for detecting and preventing subscriber number cloning in a cellular mobile telephone system
WO1996041488A1 (fr) * 1995-06-07 1996-12-19 The Dice Company Systeme de detection des fraudes dans un reseau electronique recourant aux coordonnees geographiques de localisation
US6097938A (en) * 1997-07-11 2000-08-01 Northern Telecom Limited Authentication and tracking system for a cellular telephone

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5335265A (en) * 1991-11-08 1994-08-02 Electronic Data Systems Corporation Apparatus for detecting and preventing subscriber number cloning in a cellular mobile telephone system
EP0601659A1 (fr) * 1992-12-07 1994-06-15 Koninklijke KPN N.V. Méthode pour la protection d'un système à carte à circuit intégré
WO1996041488A1 (fr) * 1995-06-07 1996-12-19 The Dice Company Systeme de detection des fraudes dans un reseau electronique recourant aux coordonnees geographiques de localisation
US6097938A (en) * 1997-07-11 2000-08-01 Northern Telecom Limited Authentication and tracking system for a cellular telephone

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8171288B2 (en) 1998-07-06 2012-05-01 Imprivata, Inc. System and method for authenticating users in a computer network
GB2402792A (en) * 2003-06-11 2004-12-15 Sanjay Hora Verifying identity and authorising transactions
WO2005073889A1 (fr) * 2004-01-28 2005-08-11 Saflink Corporation Systeme de verification de transaction electronique
WO2005073934A1 (fr) * 2004-01-28 2005-08-11 Aron Matalon Procede et systeme pour l'authentification de transactions de carte de credit
EP1810235A2 (fr) * 2004-09-17 2007-07-25 Digital Envoy, Inc. Dispositif de protection contre les fraudes
JP2015092404A (ja) * 2004-09-17 2015-05-14 デジタル エンボイ, インコーポレイテッド 不正リスクアドバイザー
JP2008513893A (ja) * 2004-09-17 2008-05-01 デジタル エンボイ, インコーポレイテッド 不正リスクアドバイザー
EP1810235A4 (fr) * 2004-09-17 2009-07-08 Digital Envoy Inc Dispositif de protection contre les fraudes
US8812650B2 (en) 2005-05-06 2014-08-19 Robert Bosch Gmbh Method and device for describing data transmissions through supplementary data
EP1729254A3 (fr) * 2005-05-06 2010-01-20 Robert Bosch Gmbh Procédé et système de transmission de données
US8301116B2 (en) 2006-03-15 2012-10-30 Omron Corporation User equipment, authentication system, authentication method, authentication program and recording medium
EP1835468A3 (fr) * 2006-03-15 2009-09-30 Omron Corporation Équipement d'utilisateur, système d'authentification, procédé d'authentification, programme d'authentification, et support d'enregistrement
EP1835468A2 (fr) * 2006-03-15 2007-09-19 Omron Corporation Équipement d'utilisateur, système d'authentification, procédé d'authentification, programme d'authentification, et support d'enregistrement
WO2011076438A1 (fr) * 2009-12-23 2011-06-30 Wolfram Doering Procédé de communication électronique d'ordres de banque, et système de communication pour la mise en oeuvre de ce procédé
GB2511112A (en) * 2013-02-25 2014-08-27 Licentia Group Ltd Authentication method & system
CN108701297A (zh) * 2016-01-19 2018-10-23 三星电子株式会社 用于执行支付的电子装置和方法
EP3244358A1 (fr) * 2016-05-10 2017-11-15 Danal, Inc. Procédés et systèmes de vérification d'identité au niveau des machines en libre-service
WO2019122556A1 (fr) * 2017-12-22 2019-06-27 Orange Procédé d'obtention d'une information complémentaire associée à une caractéristique d'une transaction bancaire
FR3076037A1 (fr) * 2017-12-22 2019-06-28 Orange Procede d'obtention d'une information complementaire associee a une caracteristique d'une transaction bancaire

Also Published As

Publication number Publication date
EP1454305A2 (fr) 2004-09-08
WO2003036576A3 (fr) 2003-11-27
WO2003036576B1 (fr) 2004-03-25
RU2004115391A (ru) 2005-06-10
AU2002347691A1 (en) 2003-05-06
PL350218A1 (en) 2003-04-22

Similar Documents

Publication Publication Date Title
US10467621B2 (en) Secure authentication and payment system
JP4036649B2 (ja) トランザクション方法および販売システム
US7610040B2 (en) Method and system for detecting possible frauds in payment transactions
EP0493895B2 (fr) Dispositif d'appel pour appareil téléphonique à cartes de crédit dans un réseau de télécommunication
KR100573532B1 (ko) 무선 선불 서비스를 관리하기 위한 시스템 및 방법
RU2116008C1 (ru) Система подвижной телефонной связи, способ оплаты с терминального оборудования подвижной телефонной станции и система для осуществления способа
CA2838655C (fr) Systeme et procede pour l'execution d'operations financieres a l'aide d'un dispositif mobile
CN1112821C (zh) 用户标识模块移动台以及执行智能卡功能的方法
US20090204524A1 (en) Security system
WO2002059727A2 (fr) Procede et un systeme de securite, destines a fournir a un utilisateur un code d'autorisation pour acceder a un service
EP1454305A2 (fr) Procede et systeme de securisation supplementaire de paiements effectues par carte de paiement
EP1416456B1 (fr) Méthode pour maintenir des informations d'un compte prépayé et pour exécuter des transactions dans une système de commerce électronique
WO2008015637A2 (fr) Procédé et système de paiement mobile
EP1348185A1 (fr) Systeme de paiement
EP1313075A2 (fr) Procédé et programme pour le traitement de monnaie électronique
KR100342723B1 (ko) 은행 계좌 내용 변경 통보 방법
KR20050010606A (ko) 서비스 등록정보의 도용방지방법 및 그 시스템
KR20050030307A (ko) 휴대단말기를 이용한 모바일뱅킹 방법
US20050246277A1 (en) Transaction processing system
KR100864995B1 (ko) 구성원의 동의시에만 계좌 인출이 가능한 금융 서비스 시스템 및 그 방법
KR100399776B1 (ko) 이동통신 단말기를 이용한 신용카드 현금서비스 제공 방법
EP1544816A1 (fr) Méthode et système pour autorisation de services rendus dans un réseau informatique
KR20050019318A (ko) 웹사이트 서비스 등록정보의 도용 방지 방법 및 그시스템
EP1554701B1 (fr) Systeme de traitement de transaction
GB2379045A (en) Account controller

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LU MC NL PT SE SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
B Later publication of amended claims

Effective date: 20031023

WWE Wipo information: entry into national phase

Ref document number: 2002783868

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2002783868

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP

WWW Wipo information: withdrawn in national office

Ref document number: 2002783868

Country of ref document: EP