WO2003079258A1 - Anti fraud mobile alert system - Google Patents

Anti fraud mobile alert system Download PDF

Info

Publication number
WO2003079258A1
WO2003079258A1 PCT/SG2003/000055 SG0300055W WO03079258A1 WO 2003079258 A1 WO2003079258 A1 WO 2003079258A1 SG 0300055 W SG0300055 W SG 0300055W WO 03079258 A1 WO03079258 A1 WO 03079258A1
Authority
WO
WIPO (PCT)
Prior art keywords
card
transaction
payment system
data
forwarding
Prior art date
Application number
PCT/SG2003/000055
Other languages
French (fr)
Inventor
Tan Kah Pheng Alex
Original Assignee
Tan Kah Pheng Alex
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tan Kah Pheng Alex filed Critical Tan Kah Pheng Alex
Priority to AU2003217147A priority Critical patent/AU2003217147A1/en
Publication of WO2003079258A1 publication Critical patent/WO2003079258A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/403Solvency checks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • G06Q20/425Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07GREGISTERING THE RECEIPT OF CASH, VALUABLES, OR TOKENS
    • G07G3/00Alarm indicators, e.g. bells
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07GREGISTERING THE RECEIPT OF CASH, VALUABLES, OR TOKENS
    • G07G3/00Alarm indicators, e.g. bells
    • G07G3/003Anti-theft control

Definitions

  • the present invention is directed towards a system for reducing fraud in the payment industry by minimizing the unauthorised use of credit or bank cards, and in particular a method for validating credit card purchases.
  • plastic payment transactions were conducted face-to-face, with the merchant using a paper imprint to capture cardholder account details. If an authorization was required, the merchant could do so by telephone.
  • Card acceptance has expanded beyond the traditional face-to-face environment to the point that mail order, telephone order and Internet transactions are the fastest growing segments of the card business, however expansion into these markets requires additional security, and despite the implementation of various risk control programs, fraud and credit risk increases to rise significantly.
  • Transaction delivery costs have increased, including the cost of moving to near 100% authorization levels in most markets.
  • Plastic card fraud has become increasingly sophisticated and more difficult to control and migrates to areas where the controls are least effective. This is evident in the continued rise in fraud losses, despite implementation of the various fraud prevention initiatives over the years.
  • Some of these loss control initiatives include: a) Hot List/Card Bulletin - A listing of cardholder accounts in numeric sequence, on which transactions are restricted and not to be completed by merchants; b) Hologram - A laser created photograph that creates a three- dimensional image.
  • c) Merchant Watch/Alert Audit An alert program that watches all bankcard merchants worldwide on a monthly basis, identifying merchants that are violating or are in jeopardy of violating card association rules; d) Combined Terminated Merchant List - A listing of invalid merchants terminated by Visa and MasterCard from accepting of bankcards; e) Address Verification - A service to help combat fraud in non-face-to- face or mail order/telephone order transactions by use of cardholder name and address information in the authorization request; f) High-Risk Merchant List - A list of merchants distributed to member banks with high level fraud activities; g) Card Verification Value (CWVCard Verification Check (CVC) - A pair of checksums generated based on an algorithm with numerous variables to be encoded on the magnetic strip and printed on tamper proof signature panel.
  • CVC Card Verification Value
  • Biometric - A mathematical application by statistical method which stores resemblance information within the chip of a smart card for purposes of positive identification of authentic cardholder
  • Chip (Smart) Card etc - A credit or debit card embodying a computer chip with memory and interactive capabilities used for identification and to store additional data about the cardholder, cardholder account, or both... Even as a CW/CVC program was being implemented, a more virulent form of counterfeit was emerging namely skimming of the magnetic stripe data. As cards are used more frequently in ATMs, unattended terminals, and other remote points of sale, such as the Internet, the Issuer and the cardholder must be assured that a transaction can be completed securely.
  • the magnetic stripe has limited data storage capacity and can only store about 100 to 140 characters, or the equivalent of one line of information on a typed page. This is enough to contain details such as a cardholder's account number, expiration date, service code, CCV/CVC, PIN offset.
  • Chip Smart card solution
  • infrastructure readiness and card base conversion it would take years to create a critical mass and have an effective Chip program in place.
  • Chip technology would not be compromised by fraudsters as they themselves become sophisticated with the aid of hi-tech tools.
  • the present invention provides a method for reducing fraudulent transactions including: forwarding data captured from a card at a remote terminal to a Payment System, the Payment System testing the data using predefined tests so as to verify whether a transaction is fraudulent; and responding to the remote terminal with outcome of the testing so as to allow the transaction to proceed or be terminated; wherein the method further includes forwarding details of the transaction to a Mobile Gateway, and the Mobile Gateway forwards an SMS message to an owner of the card at predetermined intervals or incidents with information relating to said transaction.
  • the present invention provides a card Payment System including: at least one remote terminal for receiving a card for electronic payment of a transaction, the remote terminal capable of reading data stored on the card; a communication means for forwarding the data to a Payment System for authentication of the data, the Payment System carrying out at least one predetermined test so as to authenticate or rescind the transaction and forwarding results of the test to the remote terminal; and a Mobile Gateway for receiving details of the transaction and forwarding an sms message to an owner of the card at predetermined intervals or incidents with information relating to the transaction.
  • the present invention provides a method for validating transactions of a cardholder including the steps of: extracting and collating details of approved transactions made by the cardholder; building a message summarising the approved transactions; forwarding the message to the cardholder to enable the cardholder to validate that the approved transactions are authorised.
  • FIG. 1 shows a conventional card authorisation transaction flow.
  • Figure 2 shows an improved card authorisation transaction flow in accordance with the present invention. DESCRIPTION OF PREFERRED EMBODIMENT
  • the Payment System will forward a request to the card issuer for further processing.
  • the Payment System (2) would usually respond on behalf of the issuer (1) to the acquiring bank (3) with a "decline" response.
  • the result of the authorisation request is communicated back to the merchant (4) via the merchant's bank (3) and the transaction is either authorised or declined.
  • the ultimate confirmation on whether the transaction is genuine or fraudulent is when the Issuing Bank (4) Customer Service center calls the cardholder (5) to confirm its validity.
  • the present invention has addressed the deficiencies by enhancing the system as shown in Figure 2.
  • a key feature of the present invention is that the system does not necessarily replace the current credit card payment and authentication system, but rather enhances this system by providing an additional validation process.
  • the actual purchasing process per se does not need to alter.
  • the cardholder (5) wishing to make a purchase from a merchant (4) provides the credit card as payment.
  • the merchant (4) again checks the card for any obvious evidence of fraud.
  • the card is then swiped through a point-of-sale terminal to enable the data on the magnetic stripe to be read and the authorisation process continues.
  • the data read from the magnetic stripe is then forwarded via the merchant's bank (3) to the Payment System (2).
  • the Payment System (2) for example MasterCard or Visa, carries out predetermined velocity checks.
  • the Payment System (2) will send a message to the card issuer (1) requesting that the card issuer (1) determine whether the transaction should proceed.
  • the Payment System (2) advises the merchant (4) via the merchant's bank (3) that the transaction is authorised. The sale therefore proceeds, and details of the sale are forwarded from the Payment System to the card issuer (1). It is at this stage that the present invention differs . from what has previously been implemented.
  • the present invention inserts a Mobile Gateway (6) between the Payment
  • both the authorisation request and the authorisation response would pass through the Mobile Gateway (6) in a "pass through” mode without any change to the data content or any delay in response time.
  • the Mobile Gateway (6) may be configured to extract further data fields from the authorization response message (7) that passes from the card issuer (1) to the Payment System (2) through the Mobile Gateway (6). Ideally, only data from approved authorisations will be extracted. These data fields may then form the basis of a SMS (Short Message Service) that could be sent to the cardholder.
  • SMS Short Message Service
  • the Mobile Gateway (6) may be configured to send out messages at predetermined intervals or actions. For example, messages may be sent every 3 hours, after every second transaction or when transaction totals from various transactions amounts to $500. It will be appreciated that the parameters may be determined by the cardholder and can be varied. The cardholder will be able to review this message (7), to ensure that only authorised transactions have been charged to the cardholder (5) account. In the event of fraudulent transactions, the cardholder (5) may respond to the message (7), or alternatively contact the card issuer (1) directly to ensure that no further transactions are charged to the account.
  • the Mobile Gateway (6) will be inserted between the card issuer (1) and Payment System (2) for practical reasons and ease of connection.
  • the Mobile Gateway (6) will be inserted between the card issuer (1) and Payment System (2) for practical reasons and ease of connection.
  • the Mobile Gateway (6) will be inserted between the card issuer (1) and Payment System (2) for practical reasons and ease of connection.
  • the Mobile Gateway (6) will be inserted between the card issuer (1) and Payment System (2) for practical reasons and ease of connection.
  • the Mobile Gateway (6) will be inserted between the card issuer (1) and Payment System (2) for practical reasons and ease of connection.
  • the Mobile Gateway (6) will be inserted between the card issuer (1) and Payment System (2) for practical reasons and ease of connection.
  • the Mobile Gateway (6) will be inserted between the card issuer (1) and Payment System (2) for practical reasons and ease of connection.
  • the Mobile Gateway (6) will be inserted between the card issuer (1) and Payment System (2) for practical reasons and ease of connection.
  • the Mobile Gateway (6) will be inserted between the card issuer (1) and Payment System (2) for practical reasons
  • Gateway may be an integrated component of or connected to the card issuer system.
  • the system could extract data fields from the approved "Authorization Response” message that is "pass through” from the Issuer Host of the Payment Systems Interface. These data fields can form the basis of the Mobile SMS message that can be sent to the cardholder.
  • these data fields could include: a) Card account number b) Transaction amount c) Date/time of transaction (audit trail) Alternatively other data fields could equally be used. Upon extracting the required data fields the system may choose to discard all other data fields not used or archive all Authorization Response messages for other usage.
  • the system can consolidate and build a predefined fixed format SMS message indicating the Issuer name, the last 4 digits of the account number, count of transaction since the last alert, and the total amount for those transactions.
  • the system could be parameter driven to allow a cardholder to pre-define the time period for an alert to be sent.
  • a cardholder may choose to receive an alert every 3 hours in which case, the cardholder may have accumulated several transactions within that period. Alternatively any other time period, or number of transactions could be used.
  • the system When the system is ready to send a Mobile SMS message, it searches its database to match the account number with the respective Mobile Telephone number of the cardholder.
  • the system then sends the SMS message to the respective mobile phone(s) indicating:
  • the system could also add a fixed text message: for example Reply/Call 1234567 for Invalid transaction: Cardholder SMS or call to report fraud transaction happened. Where 1234567 represent the number the cardholder should contact to report fraudulent or invalid transactions.
  • the Issuer should immediately take remedial action to suspend the account number thereby reducing further fraud.
  • incentives such as a reward or prize to a return SMS message for unauthorised card usage.
  • the system may also request the cardholder acknowledge genuine transactions by a return SMS message.
  • This acknowledgement may require use of a password so as to authenticate the SMS reply. Again such acknowledgements could be encouraged by offering incentives, such as a reward or prize to the cardholder.
  • SMS messages Whilst reference to SMS messages has been made it will be understood that email or other electronic messages could also be utilised.
  • the present system may not eliminate fraud totally but is certainly capable of reducing fraud significantly whether caused by skimming or lost card fraudulent usage.

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Computer Security & Cryptography (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A method for reducing fraudulent transactions including, forwarding data captured from a card at a remote terminal to a Payment System (2), the Payment System testing the data using predefined tests so as to verify whether a transaction is fraudulent and responding to the remote terminal with outcome of the testing so as to allow the transaction to proceed or be terminated, wherein the method further includes forwarding details of the transaction to a Mobile Gateway (6), and the Mobile Gateway forwards an sms message (7) to an owner of the card at predetermined intervals or incidents.

Description

ANTl FRAUD MOBILE ALERT SYSTEM FIELD OF THE INVENTION
The present invention is directed towards a system for reducing fraud in the payment industry by minimizing the unauthorised use of credit or bank cards, and in particular a method for validating credit card purchases. BACKGROUND OF THE INVENTION
One of the most pressing problems faced by the payment industry is fraud. This is particularly the case for credit card transactions. Accordingly, the industry has over the years introduced various fraud control measures and programs to suppress the rate of fraud transactions. While certain programs may have been effective, it is also generally recognized that the criminals of today are very knowledgeable and sophisticated.
This includes the technical capability to make copies of genuine card designs and more concerning, the ability to "skim" magnetic stripe data of cardholder account information.
Previously, plastic payment transactions were conducted face-to-face, with the merchant using a paper imprint to capture cardholder account details. If an authorization was required, the merchant could do so by telephone.
Card acceptance has expanded beyond the traditional face-to-face environment to the point that mail order, telephone order and Internet transactions are the fastest growing segments of the card business, however expansion into these markets requires additional security, and despite the implementation of various risk control programs, fraud and credit risk increases to rise significantly. Transaction delivery costs have increased, including the cost of moving to near 100% authorization levels in most markets.
Plastic card fraud has become increasingly sophisticated and more difficult to control and migrates to areas where the controls are least effective. This is evident in the continued rise in fraud losses, despite implementation of the various fraud prevention initiatives over the years. Some of these loss control initiatives include: a) Hot List/Card Bulletin - A listing of cardholder accounts in numeric sequence, on which transactions are restricted and not to be completed by merchants; b) Hologram - A laser created photograph that creates a three- dimensional image. Used as an anti-counterfeiting measure on bankcards; c) Merchant Watch/Alert Audit - An alert program that watches all bankcard merchants worldwide on a monthly basis, identifying merchants that are violating or are in jeopardy of violating card association rules; d) Combined Terminated Merchant List - A listing of invalid merchants terminated by Visa and MasterCard from accepting of bankcards; e) Address Verification - A service to help combat fraud in non-face-to- face or mail order/telephone order transactions by use of cardholder name and address information in the authorization request; f) High-Risk Merchant List - A list of merchants distributed to member banks with high level fraud activities; g) Card Verification Value (CWVCard Verification Check (CVC) - A pair of checksums generated based on an algorithm with numerous variables to be encoded on the magnetic strip and printed on tamper proof signature panel. These checksums are used for positive and online verification purposes; h) Biometric - A mathematical application by statistical method which stores resemblance information within the chip of a smart card for purposes of positive identification of authentic cardholder; and i) Chip (Smart) Card etc - A credit or debit card embodying a computer chip with memory and interactive capabilities used for identification and to store additional data about the cardholder, cardholder account, or both... Even as a CW/CVC program was being implemented, a more virulent form of counterfeit was emerging namely skimming of the magnetic stripe data. As cards are used more frequently in ATMs, unattended terminals, and other remote points of sale, such as the Internet, the Issuer and the cardholder must be assured that a transaction can be completed securely. This requires effective controls to verify that a card is genuine and that the cardholder is the real customer. Protection of the cardholder is essential to maintaining operator profitability and ensuring public confidence in the use of the plastic payments system. But the cost effective magnetic stripe solution, used on almost, if not all cards, is limited in its ability to control risk. The magnetic stripe has limited data storage capacity and can only store about 100 to 140 characters, or the equivalent of one line of information on a typed page. This is enough to contain details such as a cardholder's account number, expiration date, service code, CCV/CVC, PIN offset.
The more recent Chip (Smart) card solution is complex in terms of infrastructure readiness and card base conversion and it would take years to create a critical mass and have an effective Chip program in place. Even then, there is no guarantee that Chip technology would not be compromised by fraudsters as they themselves become sophisticated with the aid of hi-tech tools.
Biometric technology being new and complex is not ready for large consumer base roll out currently.
The primary downsides of the above solutions are: a) Cost effectiveness; b) Wholesome and cooperative participation to achieve efficiency; c) Lag time; d) Social and cultural implications and e) Complexity and timing in implementation;
Cardholders are demanding increased utility and access from their card products, yet the magnetic stripe cannot support a combination of services on a card due to its limited storage and security capabilities. There is therefore a need for a more secured product delivery platform.
OBJECT OF THE PRESENT INVENTION
It is therefore an objective of the present invention to provide an improved validation system to minimise fraudulent transactions. Ideally the system would make use of existing infrastructure and technology to thereby keep costs to implement such a system to a minimum. SUMMARY OF THE INVENTION
With the above object in mind the present invention provides a method for reducing fraudulent transactions including: forwarding data captured from a card at a remote terminal to a Payment System, the Payment System testing the data using predefined tests so as to verify whether a transaction is fraudulent; and responding to the remote terminal with outcome of the testing so as to allow the transaction to proceed or be terminated; wherein the method further includes forwarding details of the transaction to a Mobile Gateway, and the Mobile Gateway forwards an SMS message to an owner of the card at predetermined intervals or incidents with information relating to said transaction. In another aspect the present invention provides a card Payment System including: at least one remote terminal for receiving a card for electronic payment of a transaction, the remote terminal capable of reading data stored on the card; a communication means for forwarding the data to a Payment System for authentication of the data, the Payment System carrying out at least one predetermined test so as to authenticate or rescind the transaction and forwarding results of the test to the remote terminal; and a Mobile Gateway for receiving details of the transaction and forwarding an sms message to an owner of the card at predetermined intervals or incidents with information relating to the transaction.
In a further aspect the present invention provides a method for validating transactions of a cardholder including the steps of: extracting and collating details of approved transactions made by the cardholder; building a message summarising the approved transactions; forwarding the message to the cardholder to enable the cardholder to validate that the approved transactions are authorised. BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 shows a conventional card authorisation transaction flow. Figure 2 shows an improved card authorisation transaction flow in accordance with the present invention. DESCRIPTION OF PREFERRED EMBODIMENT
Referring now to Figure 1 , currently, when a cardholder (5) makes a transaction at a merchant location (4), a number of processes take place: a) The merchant (4) would normally check the card design to detect any obvious evidence of a fraudulent card. This includes checking the quality of the card and the numerous incorporated security features, such as the hologram. b) The card is then swiped through a point-of-sale terminal where the data on the magnetic stripe is read and the authorization process proceeds. c) The data is then forwarded via the merchant's bank (3) to the Payment System (2) for example Visa or MasterCard. d) The Payment System (2) in processing the authorization request does certain velocity checks including using Artificial Intelligent (Al) applications to determine if the transaction is suspicious. Generally when the Payment System processes an authorisation request, there are a series of validation tests done in addition to verifying correct account number and expiry date. These checks include transaction amount, whether it is retail or cash advance or category and type of merchant. Within the system, predefined parameters defined by the card issuer (bank) will allow the Payment System to either authorise the transaction on behalf of the issuer or forward the request to the card issuer. Besides transaction amount, checks may also include transaction counts, random activity check, etc.
For example assuming a transaction amount is USD$300 and the pre defined parameters allow the Payment System to only authorise any transaction below USD$150, then following the transaction amount check the Payment System will forward a request to the card issuer for further processing. e) In the event of a suspicious transaction or when the card issuer (1) is unforwardable, the Payment System (2) would usually respond on behalf of the issuer (1) to the acquiring bank (3) with a "decline" response. f) The result of the authorisation request is communicated back to the merchant (4) via the merchant's bank (3) and the transaction is either authorised or declined. g) The ultimate confirmation on whether the transaction is genuine or fraudulent is when the Issuing Bank (4) Customer Service center calls the cardholder (5) to confirm its validity.
Whilst this process is widely used it is not effective or efficient as the card design and security feature can be copied or compromised to near perfection, and to an untrained merchant who receives basic training at best, the "copied card" is usually undetectable. Further, syndicated crime has created a new wave of hi-tech fraud, in that magnetic card data can be copied or "skimmed". To the Payment System (2) & Issuer (1) the account data from the skimmed card is genuine, and thus the conventional system is ineffective in preventing fraud. Additionally, Al system detection can only be validated with direct interaction with the cardholder, and it can be embarrassing in a genuine situation.
The present invention has addressed the deficiencies by enhancing the system as shown in Figure 2. A key feature of the present invention is that the system does not necessarily replace the current credit card payment and authentication system, but rather enhances this system by providing an additional validation process. The actual purchasing process per se does not need to alter. The cardholder (5) wishing to make a purchase from a merchant (4) provides the credit card as payment. The merchant (4) again checks the card for any obvious evidence of fraud. The card is then swiped through a point-of-sale terminal to enable the data on the magnetic stripe to be read and the authorisation process continues. The data read from the magnetic stripe is then forwarded via the merchant's bank (3) to the Payment System (2). The Payment System (2), for example MasterCard or Visa, carries out predetermined velocity checks. If the result of these velocity checks suggest a suspicious transaction, the Payment System (2) will send a message to the card issuer (1) requesting that the card issuer (1) determine whether the transaction should proceed. Alternatively, if the velocity checks carried out by the Payment System (2) do not raise any suspicions, then the Payment System (2) advises the merchant (4) via the merchant's bank (3) that the transaction is authorised. The sale therefore proceeds, and details of the sale are forwarded from the Payment System to the card issuer (1). It is at this stage that the present invention differs . from what has previously been implemented.
The present invention inserts a Mobile Gateway (6) between the Payment
System (2) and card issuer (1). Ideally both the authorisation request and the authorisation response would pass through the Mobile Gateway (6) in a "pass through" mode without any change to the data content or any delay in response time.
The Mobile Gateway (6) may be configured to extract further data fields from the authorization response message (7) that passes from the card issuer (1) to the Payment System (2) through the Mobile Gateway (6). Ideally, only data from approved authorisations will be extracted. These data fields may then form the basis of a SMS (Short Message Service) that could be sent to the cardholder.
Alternatively, other forms of electronic notification such as emails may be used in place of or along with SMS. The Mobile Gateway (6) may be configured to send out messages at predetermined intervals or actions. For example, messages may be sent every 3 hours, after every second transaction or when transaction totals from various transactions amounts to $500. It will be appreciated that the parameters may be determined by the cardholder and can be varied. The cardholder will be able to review this message (7), to ensure that only authorised transactions have been charged to the cardholder (5) account. In the event of fraudulent transactions, the cardholder (5) may respond to the message (7), or alternatively contact the card issuer (1) directly to ensure that no further transactions are charged to the account.
In the preferred system the Mobile Gateway (6) will be inserted between the card issuer (1) and Payment System (2) for practical reasons and ease of connection. However other arrangements are possible. For example the Mobile
Gateway may be an integrated component of or connected to the card issuer system.
In adopting the present invention: a) No change is required to the current transaction authorization flow from the Payment Systems to the Issuer, and merchants are not required to utilise more hardware or carry out any further checks. b) No alteration or additional message data fields from either the Payment Systems or the Issuer are required. c) The only additional requirement from an implementation point of view is the insertion of a Mobile Gateway between the Issuer Host and the Payment System. This could be a conventional Gateway as used in other applications. d) "Authorization Request" from the Payment System interface goes via the Mobile Gateway preferably in a "pass through mode" without an impact in message content or transaction timing. e) Similarly, the "Authorization Response" from the Issuer Host goes via the Mobile Gateway as a "pass through" before going to the Payment Systems Interface. Again with no change to the data content or delay in response time.
The system could extract data fields from the approved "Authorization Response" message that is "pass through" from the Issuer Host of the Payment Systems Interface. These data fields can form the basis of the Mobile SMS message that can be sent to the cardholder.
For example these data fields could include: a) Card account number b) Transaction amount c) Date/time of transaction (audit trail) Alternatively other data fields could equally be used. Upon extracting the required data fields the system may choose to discard all other data fields not used or archive all Authorization Response messages for other usage.
Upon extracting the required fields:
The system can consolidate and build a predefined fixed format SMS message indicating the Issuer name, the last 4 digits of the account number, count of transaction since the last alert, and the total amount for those transactions. Alternatively, other data could be transmitted depending on the desired configurations.
It should be noted that the system could be parameter driven to allow a cardholder to pre-define the time period for an alert to be sent. A cardholder may choose to receive an alert every 3 hours in which case, the cardholder may have accumulated several transactions within that period. Alternatively any other time period, or number of transactions could be used.
When the system is ready to send a Mobile SMS message, it searches its database to match the account number with the respective Mobile Telephone number of the cardholder.
The system then sends the SMS message to the respective mobile phone(s) indicating:
Issuer Name Card No. Ending Total Trans Amount eg Zion Bank 1234 $500
The system could also add a fixed text message: for example Reply/Call 1234567 for Invalid transaction: Cardholder SMS or call to report fraud transaction happened. Where 1234567 represent the number the cardholder should contact to report fraudulent or invalid transactions.
If the transaction amount total did not match what the cardholder had done, it indicates fraud had taken place by one of two ways:
- the magnetic stripe in question had been skimmed and a fraudulent card is now in circulation; - the cardholder has not knowingly lost their card and the card has been used.
In this circumstance the Issuer should immediately take remedial action to suspend the account number thereby reducing further fraud. To encourage a cardholder to respond to fraudulent transactions the issuer could offer incentives such as a reward or prize to a return SMS message for unauthorised card usage.
The system may also request the cardholder acknowledge genuine transactions by a return SMS message. This acknowledgement may require use of a password so as to authenticate the SMS reply. Again such acknowledgements could be encouraged by offering incentives, such as a reward or prize to the cardholder.
Whilst reference to SMS messages has been made it will be understood that email or other electronic messages could also be utilised. The present system may not eliminate fraud totally but is certainly capable of reducing fraud significantly whether caused by skimming or lost card fraudulent usage.
Advantages: a) Simplicity is designed b) Non-intrusion by giving cardholder choice to respond c) Cardholder has flexibility to pre-define the alert period d) System is parameter driven for Issuer setting of key drivers e) Value Add for both the Issuer and Cardholder for loyalty/promotions using mobile.
Whilst the method and system of the present invention has been summarised and explained by illustrative example it will be appreciated by those skilled in the art that many widely varying embodiments and applications are within the teaching and scope of the present invention, and that the examples presented herein are by way of illustration only and should not be construed as limiting the scope of this invention.

Claims

CLAIMS:
1. A method for reducing fraudulent transactions including: forwarding data captured from a card at a remote terminal to a Payment System, said Payment System testing said data using predefined tests so as to verify whether a transaction is fraudulent; and responding to said remote terminal with outcome of said testing so as to allow said transaction to proceed or be terminated; wherein said method further includes forwarding details of said transaction to a Mobile Gateway, and said Mobile Gateway forwards an sms message to an owner of said card at predetermined intervals or incidents.
2. A method as claimed in claim 1 wherein said data is authorised by a card issuer, and said card issuer forwards details to said payment system via said mobile gateway.
3. A method for reducing fraudulent transactions including: forwarding data captured from a card at a remote terminal to a Payment System, said Payment System testing said data using predefined tests so as to verify whether a transaction is fraudulent; forwarding said data to a card issuer for authorisation; and responding to said remote terminal with outcome of said testing and authorisation so as to allow said transaction to proceed or be terminated wherein said method further includes said card issuer forwarding authorised details to said payment system via a Mobile Gateway, and said Mobile Gateway forwards an sms message to an owner of said card at predetermined intervals or incidents.
4. A method as claimed in any preceding claim wherein said sms message includes a summary of transaction(s) on said card during said interval or since previous incident.
5. A method as claimed in any preceding claim wherein said outcome of said testing is forwarded to remote terminal via said Mobile Gateway.
6. A method as claimed in any preceding claim wherein said sms message is forwarded after a predetermined number of transactions.
7. A method as claimed in any preceding claim further including the step of said owner replying to said sms message to authenticate or rescind transaction(s).
8. A method as claimed in any preceding claim wherein said Payment System and said owner reply must both be positive so as to authenticate said transaction.
9. A card Payment System including: at least one remote terminal for receiving a card for electronic payment of a transaction, said remote terminal capable of reading data stored on said card; a communication means for forwarding said data to a Payment System for authentication of said data, said Payment System carrying out at least one predetermined test so as to authenticate or rescind said transaction and forwarding results of said test to said remote terminal; and a Mobile Gateway for receiving details of said transaction and forwarding an sms message to an owner of said card at predetermined intervals or incidents.
10. A system as claimed in claim 9, further including a card issuer to authorise transactions, wherein said communication means passes from said card issuer to said payment system via a Mobile Gateway.
11. A card Payment System including: at least one remote terminal for receiving a card for electronic payment of a transaction, said remote terminal capable of reading data stored on said card; a communication means for forwarding said data to a Payment System for authentication of said data, said Payment System carrying out at least one predetermined test so as to authenticate or rescind said transaction; said communication means further forwarding data to a card issuer for authorisation; details of authorised transactions from said card issuer are forwarded to said payment system via a Mobile Gateway and said Mobile Gateway forwards an sms message to an owner of said card at predetermined intervals or incidents.
12. A system as claimed in any one of claims 9 to 11 , wherein said Mobile Gateway receives replies from said owner authenticating or rescinding transaction(s).
13. A system as claimed in any one of claims 8 to 10 wherein said sms message includes a summary of transaction(s).
14. A method for validating transactions of a cardholder including the steps of: extracting and collating details of approved transactions made by said cardholder; building a message summarising said approved transactions; forwarding said message to said cardholder to enable said cardholder to validate that said approved transactions are authorised.
15. A method as claimed in claim 14, wherein said approved transactions are extracted from a card issuer.
16. A method as claimed in claim 14 or claim 15, wherein said message is a SMS message.
17. A method as claimed in any one of claims 14 to 16 wherein said message is sent at predetermined intervals or incidents.
PCT/SG2003/000055 2002-03-20 2003-03-20 Anti fraud mobile alert system WO2003079258A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2003217147A AU2003217147A1 (en) 2002-03-20 2003-03-20 Anti fraud mobile alert system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SG200201612 2002-03-20
SG200201612-9 2002-03-20

Publications (1)

Publication Number Publication Date
WO2003079258A1 true WO2003079258A1 (en) 2003-09-25

Family

ID=28036756

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SG2003/000055 WO2003079258A1 (en) 2002-03-20 2003-03-20 Anti fraud mobile alert system

Country Status (2)

Country Link
AU (1) AU2003217147A1 (en)
WO (1) WO2003079258A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2457536A (en) * 2008-02-06 2009-08-26 Gary Simon Crowther A transaction processing method that enables the early detection of fraudulent use of a credit, debit or payment card.
US8078538B1 (en) * 2006-06-30 2011-12-13 United States Automobile Association (USAA) Systems and methods for remotely authenticating credit card transactions
CN101107832B (en) * 2005-01-21 2013-01-09 惠普开发有限公司 A telecommunications messaging system and method having a transaction proxy
WO2013165279A2 (en) * 2012-05-04 2013-11-07 Rawllin International Inc. Multi factor user authentication
US8666841B1 (en) 2007-10-09 2014-03-04 Convergys Information Management Group, Inc. Fraud detection engine and method of using the same
US8690054B1 (en) 2013-05-29 2014-04-08 The Toronto-Dominion Bank System and method for chip-enabled card transaction processing and alert communication
CN106096960A (en) * 2016-06-07 2016-11-09 上海携程商务有限公司 The method and apparatus of the outside payment system of monitoring and method of payment and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5655007A (en) * 1994-10-13 1997-08-05 Bell Atlantic Network Services, Inc. Telephone based credit card protection
WO1999014711A2 (en) * 1997-09-17 1999-03-25 Andrasev Akos Method for checking rightful use of a debit card or similar means giving right of disposing of a bank account
EP0745961B1 (en) * 1995-05-31 2001-11-21 AT&T Corp. Transaction authorization and alert system
WO2002052460A1 (en) * 2000-12-27 2002-07-04 Mark Christie Credit or debit card fraud protection system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5655007A (en) * 1994-10-13 1997-08-05 Bell Atlantic Network Services, Inc. Telephone based credit card protection
EP0745961B1 (en) * 1995-05-31 2001-11-21 AT&T Corp. Transaction authorization and alert system
WO1999014711A2 (en) * 1997-09-17 1999-03-25 Andrasev Akos Method for checking rightful use of a debit card or similar means giving right of disposing of a bank account
WO2002052460A1 (en) * 2000-12-27 2002-07-04 Mark Christie Credit or debit card fraud protection system

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101107832B (en) * 2005-01-21 2013-01-09 惠普开发有限公司 A telecommunications messaging system and method having a transaction proxy
US8078538B1 (en) * 2006-06-30 2011-12-13 United States Automobile Association (USAA) Systems and methods for remotely authenticating credit card transactions
US8666894B1 (en) 2006-06-30 2014-03-04 United Services Automobile Association (Usaa) Systems and methods for remotely authenticating credit card transactions
US8666841B1 (en) 2007-10-09 2014-03-04 Convergys Information Management Group, Inc. Fraud detection engine and method of using the same
GB2457536A (en) * 2008-02-06 2009-08-26 Gary Simon Crowther A transaction processing method that enables the early detection of fraudulent use of a credit, debit or payment card.
WO2013165279A2 (en) * 2012-05-04 2013-11-07 Rawllin International Inc. Multi factor user authentication
WO2013165279A3 (en) * 2012-05-04 2014-03-13 Rawllin International Inc. Multi factor user authentication
US8690054B1 (en) 2013-05-29 2014-04-08 The Toronto-Dominion Bank System and method for chip-enabled card transaction processing and alert communication
US8864024B1 (en) 2013-05-29 2014-10-21 The Toronto-Dominion Bank System and method for chip-enabled card transaction processing and alert communication
CN106096960A (en) * 2016-06-07 2016-11-09 上海携程商务有限公司 The method and apparatus of the outside payment system of monitoring and method of payment and system

Also Published As

Publication number Publication date
AU2003217147A1 (en) 2003-09-29

Similar Documents

Publication Publication Date Title
US6182894B1 (en) Systems and methods for authorizing a transaction card
US5341428A (en) Multiple cross-check document verification system
CN203299885U (en) System and mobile device used for transaction
US7644035B1 (en) Method and apparatus for reducing fraudulent credit transactions by requiring merchant return of multi-digit authorization codes
US8744967B2 (en) Method for authenticating financial transaction requests using a website or web portal
US8770470B2 (en) Device including form factor indicator
US20110196753A1 (en) System and method for immediate issuance of an activated prepaid card with improved security measures
US20050080697A1 (en) System, method and apparatus for providing financial services
US20140156535A1 (en) System and method for requesting and processing pin data using a digit subset for subsequent pin authentication
US20110251910A1 (en) Mobile Phone as a Switch
US20060202025A1 (en) Mobile phone charge card notification and authorization method
US20010034717A1 (en) Fraud resistant credit card using encryption, encrypted cards on computing devices
TW200306483A (en) System and method for secure credit and debit card transactions
WO2003017049A3 (en) Methods for verifying cardholder authenticity and for creating billing address database
EP1738315A2 (en) Point-of-sale customer identification system
US20060206350A1 (en) Security method and apparatus for preventing credit card fraud
WO2013192158A1 (en) Issuer identification and verification system
US20020029195A1 (en) E-commerce payment system
US20070011103A1 (en) System and method for identity protected secured purchasing
WO2003079258A1 (en) Anti fraud mobile alert system
EP4020360A1 (en) Secure contactless credential exchange
WO2019125636A1 (en) A method and system for conducting a transaction
US20180053184A1 (en) Method of identity verification during payment card processing
WO2007006084A1 (en) Card processing apparatus and method
GB2475301A (en) Payment Authentication System and Processing Method

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NI NO NZ OM PH PL PT RO RU SC SD SE SG SK SL TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP