WO2005066907A1 - Systeme et procede de traitement de transactions - Google Patents
Systeme et procede de traitement de transactions Download PDFInfo
- Publication number
- WO2005066907A1 WO2005066907A1 PCT/NZ2004/000007 NZ2004000007W WO2005066907A1 WO 2005066907 A1 WO2005066907 A1 WO 2005066907A1 NZ 2004000007 W NZ2004000007 W NZ 2004000007W WO 2005066907 A1 WO2005066907 A1 WO 2005066907A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- user
- transaction
- information
- financial
- terminal
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/04—Payment circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
Definitions
- the present invention relates to a system, method and/or apparatus used to process transactions.
- the present invention may be used to process the financial transactions of a user where the user employs a portable wireless terminal device such as a cellular telephone to access the faculty provided.
- a portable wireless terminal device such as a cellular telephone to access the faculty provided.
- a purchaser In general, the most common forms of payment used in financial transactions require a customer or user to be physically present at the point of sale.
- a purchaser normally has to present some form of physical token, such as cash, or a credit, debit, bank or EFTPOS card which validates the purchaser's authority to access funds available through a financial institution.
- Credit card payment networks allow a customer to transmit the characteristic numbers and information printed onto their credit card to facilitate and authorise a credit card transaction remote from the point of sale. The credit card information is then collected by the seller or vendor and batch processed at a later time.
- this form of remote payment facility is not necessarily available to all potential customers of a retailer. It is sometimes common for some of a retailer's customers not to be issued with or have access to a credit card required for such remote transactions.
- a user account may be set up in conjunction with such system through information which could readily be obtained through public channels or personal documentation which is not normally considered to be of sensitive or secure nature.
- a bank account number or customer number for the cellular telephone network provider to register an account for use with such a service.
- Such accounts may be set up with insecure information and then subsequently used anonymously to access the finances or available credit of the unsuspecting owner of the information used in the registration process.
- these accounts are set up using a paper form, giving personal details over a telephone or entering personal details into an internet registration form.
- a system, method and/or apparatus which addressed any or all of the above problems would be of advantage.
- a system which allows the user to remotely register for its use without having to enter personal details onto a paper form, reveal personal details over a telephone or enter personal details into an internet registration form and that such registration occurs within existing, secure banking standards would be of advantage.
- a system which allows the user to easily and simply participate in a range of financial transactions using a number of different access terminals from a wide variety of locations would also be of advantage.
- a system which allowed access to a financial processing network where the security of the access rights is on a par with existing banking or financial institutions security standards, and which preferably allowed wireless or mobile electrical devices to access such financial networks or services would also be of advantage.
- a system which has its own payment authorisation process but also uses the financial institutions accepted, secure payment authorisation process would be of advantage.
- a system which stores information in such a way that if the information store was compromised, a person could not use the gained information for fraudulent purposes would also be of advantage.
- a system that creates a virtual EFTPOS or ATM machine that is exclusive for the user and allows the user to pay for goods would also be of advantage.
- the invention relates to creating stored transaction authorisation information at a remote location comprising commencing a secure transaction session at a secure terminal, reading user information from a user transaction card in the secure terminal and remotely securely storing the information, remotely securely storing information relating to a user terminal address attribute for an authorisation terminal to be authorised by the user to initiate financial transactions, and generating and securely storing a valid user code as a PIN offset to identify a PIN to be used from the authorised terminal type.
- the secure terminal is an ATM or EFTPOS terminal.
- the invention relates to a method of authorising a financial transaction from a financial account comprising storing in a secure database information sufficient to authorise a transaction, this information including a Personal Identification Number (PIN) and a PIN offset differing from other PIN offsets of that account holder, storing in said database information identifying a terminal device usable by an initiator of a financial transaction, receiving from that terminal device a transaction authorisation which authorisation contains a PIN, detecting whether the received PIN is offset the specified amount from the stored PIN , and authorising the transaction when the PIN is offset by the correct amount.
- PIN Personal Identification Number
- PIN offset differing from other PIN offsets of that account holder
- the invention in yet another embodiment relates to a financial transaction processing system accessible by a remote user terminal, said terminal having at least one associated address attribute, the system including an information store adapted to secure financial information sourced from a plurality of remote users, the financial transaction processing system being characterised in that a user' s financial information is released by the information store to process a financial transaction upon receipt by the information store of a valid user terminal address attribute and a valid user access code.
- the terminal is a telephone and the terminal address attribute is the telephone number of the terminal, and the user access code is a PIN.
- the invention relates to a method of processing a financial transaction using the financial transaction processing system substantially as described above, said method being characterised by execution of the steps of: receiving a user terminal address and user access code, receiving transaction information, determining a transaction type from the received transaction information, and releasing a user's stored financial information to process a financial transaction if a valid user terminal address attribute and valid user access code are received and if the transaction type determined is allowed for the terminal type of the remote user terminal.
- the allowable transaction types differ for differing terminal types.
- the allowable transaction limits differ for differing terminal types.
- the user terminal address is a mobile telephone number and the user access code is a user PIN.
- the user terminal address is a network card address and the user access code is a PIN.
- the authorised transaction may be a transaction which repeats at specified intervals, the repetition being instigated by scheduled procedures which again release the user stored financial information.
- a financial transaction processing system accessible by a remote user terminal, said terminal having at least one associated address attribute,
- an information store adapted to secure financial information sourced from a plurality of remote users
- the financial transaction processing system being characterised in that a user's financial information is released by the information store to process a financial transaction upon receipt by the information store of a valid user terminal address attribute.
- a financial transaction processing system substantially as described above wherein the system stores financial information which is transmitted to a financial institution to process the financial transaction required.
- the present invention is adapted to provide a financial transaction processing system.
- the present invention may also encompass a method of processing financial transactions using such a system in addition to any apparatus, components or physical hardware employed within such a method to implement the system required.
- the present invention may also encompass financial transaction processing software adapted to be run or executed using computer hardware forming the apparatus of the system.
- a financial transaction as processed in accordance with the present invention may facilitate the transfer of funds or credit between (preferably) two parties.
- the channels or facilities employed to transfer such funds may preferably be implemented through standard or existing banking channels, used for example for credit card transactions or preferably electronic funds transfer point of sale (EFTPOS) transactions.
- EFTPOS electronic funds transfer point of sale
- the present invention may be adapted to set up bill payment or bill payment authorisation facility which triggers the payment of a regular charge or bill between a customer and a particular vendor of goods or services (such as for example, a utilities company).
- the system provided may also service the needs of a plurality of users or the customers of one or more vendors of goods or services.
- Such a system may facilitate financial transactions preferably between a large number of customers and vendors, with the system, apparatus, or components employed to implement the present invention providing secure access to financial information associated with each of the users or customers involved.
- the present invention may also provide customers or users remote access to such transactions where the user need not necessarily be present at the point of sale involved for a particular transaction.
- the present invention may include an information store.
- Such an information store may be accessed by a user employing a remote user terminal to facilitate the release of a user's stored and secured financial information from the information store.
- the information store provided may be connected to or in communication with a financial institution's transaction processing network to allow the present invention to release sensitive, secure financial information associated with a particular user to implement a required financial transaction.
- the financial information involved may be stored in electronic form or format thereby allowing computerised information technology systems to be employed to both manage, secure and also transmit and communicate said information on demand.
- the financial information secured and stored in conjunction with the present invention may be transmitted or supplied to a further financial institution to process the financial transaction required.
- the present invention may act to facilitate the release of such information and in turn allow the financial institution involved to process the transaction required.
- the information store provided may be implemented through use of at least one computer system loaded with software adapted to provide a database or other similar type of data storage and retrieval facility.
- Database technology is well known in the art and may be used effectively to store the financial information associated with a plurality of users in a secure yet easily and quickly accessible facility.
- the information store provided may also include security software and/or hardware used to validate information or communications from a user wishing to access secured financial information. Such components can be employed to determine whether the user involved has the authority to execute a particular financial transaction using the secured financial information involved.
- the present invention may allow a user or customer to employ a remote user terminal to communicate with the information store and subsequently trigger the release of secured financial information to execute a required transaction.
- the remote user terminal employed may communicate with the information store using existing communications infrastructure procedures, protocols or facilities which are secured against authorised interception.
- a mobile remote user terminal may be employed to access or use the present invention.
- a mobile terminal such as for example, a cellular telephone or cellular enabled personal digital assistant (PDA), or laptop computer may be employed in conjunction with the present invention.
- PDA personal digital assistant
- These types of terminals can allow convenient and secure access to the financial transaction facility provided.
- Reference throughout this specification will also be made to the remote user terminal employed being a cellular telephone or other type of wireless or radio frequency based transceiver.
- the remote user terminal employed being a cellular telephone or other type of wireless or radio frequency based transceiver.
- land line telephones may also be employed as a user terminal if required.
- a terminal used to access or communicate with the information store may include or have associated at least one address attribute.
- An address attribute may uniquely identify the specific user terminal involved and preferably may provide a communication routing address normally used to facilitate communications with the terminal involved.
- a cellular telephone may be employed as a remote user terminal, where the telephone number of the cellular phone makes up the address attribute required or used.
- address attribute associated with terminal employed will be determined by the type of terminal in addition to communications channels or protocols used by the terminal.
- internet protocol addresses for computer systems, network card MAC addresses or remote access point addresses for wireless computer networks may also provide address attributes to be employed in conjunction with the present invention.
- a prior user registration procedure may be implemented in conjunction with the present invention before a user is allowed to access the facilities provided in accordance with the present invention.
- This prior user registration process may be employed to secure access to the financial information held by the information store.
- This procedure may be implemented to prevent an unauthorised user from gaining access to such information and subsequently completing an unauthorised financial transaction.
- a user may provide or supply details of the address attribute of a remote terminal they wish to employ to access the facilities provided in accordance with the present invention.
- the remote user terminal employed is a cellular telephone
- the telephone number of the cellular phone involved may be supplied as part of this registration process.
- the prospective user of the present invention may provide an address attribute which uniquely identifies their terminal, and where the terminal involved preferably is only accessible to the user wishing to execute financial transactions in accordance with the present invention.
- a user may also be supplied with an access code or the user may choose a specific code.
- an access code can, in combination with a received valid user terminal address attribute, authorise a user's access to the financial information which is secured in the information store and hence provide the ability to complete financial transactions using said information.
- the access code provided may take the form of a password or a sequence of alphanumeric characters.
- PINs personal identification numbers
- a distinct alphanumeric access code may preferably take the form of a number of digits that may be lesser than, equal to or greater than the format of standard banking PIN numbers where this access code should only be known to the user registering to employ the facilities provided in accordance with the present invention.
- the information store provided may be adapted to release the stored and secured financial information of a particular user upon receipt of a valid user terminal address and valid access code for the owner of the information involved.
- the owner of such information may be the only person or party with access to both the remote user terminal (which has the associated received address attribute) and who is the only person or party in possession of the access code employed.
- the user's secured financial information may then be released and used to implement or execute a financial transaction.
- the terminal address attribute employed to validate or authorise access to such financial information may preferably be extracted from communications made directly between the information store and remote user terminal.
- the information store may query or receive such address attribute information from the remote terminal, and may authorise or subsequently refuse access to the financial information stores depending on whether the correct address attribute for an identified user's terminal is received.
- caller line identification technology can be employed to obtain or extract the telephone number address attribute of a calling user's telephone.
- the level of security that the remote user terminal supports and the level of security on the communication lines employed determine the range of financial services that the user of the remote terminal may expect to gain access to.
- the progress of a transaction may be allowed or refused in conjunction with the present invention depending on the particular type of terminal employed by a user.
- Different types of terminals and communications equipment have differing levels of security facilities some of which can allow unauthorised persons to receive and interpret communications, giving them the potential to fraudulently execute a transaction with a user's financial details.
- each financial transaction which may be executed or processed in conjunction with the present invention may be assigned a particular type.
- the type of transaction will preferably be determined by the significance or liability involved to a user if the transaction could be completed by an authorised person.
- one-off bill payments to an assigned payee associated with the user may be provided with a different fransaction type to direct electronic transfers of funds to any mdiscriminant third party bank account.
- Different transaction types may be allowed for more secure types of terminal (such as for example WAP enabled cellular telephones), while the same transaction can be disabled for the more basic forms of terminals (such as voice only cellular telephones or land lines).
- each financial fransaction that occurs within the system may be matched against limits or regulated in some way so as to monitor and prevent fraudulent use of the system.
- monitoring software or processes may also track historical transaction activity for a particular user.
- Such monitoring algorithms also known as “scoring engines”
- Such monitoring algorithms can monitor transactions processed in association with a particular user to detect irregular usage patterns or patterns that indicate the potential for fraud or unauthorised use of financial details has occurred.
- Such monitoring algorithms may disable further transactions being made in association with a particular user if such potential fraudulent activities are detected.
- a method of registering a user with a financial transaction processing system said user having been issued with a token by a financial institute, said token being used to facilitate financial transactions
- a method of registering a user with a financial transaction processing system said user having been issued with a token by a financial institute, said token being used to facilitate financial transactions
- a method of registering a user substantially as described above wherein said registration method occurs without the user having to communicate or disclose any financial details identified by the financial institution using the token information associated with the token issued to the user.
- the present invention may employ tokens issued by existing or established financial institutions, where these tokens are used by the customers of such institutions to facilitate financial transactions.
- the transactions involved may be point of sale transactions where the token provides the financial information required to execute a transaction between the customer or user involved and vendor of goods or services.
- a financial institution as referred to throughout this specification may be defined as any entity, group, or association which provides financial services. Such institutions may provide standard banking facilities and/or additional credit or loan facilities to customers or members - and hence will be issuing tokens to users or customers which allow access to or which can facilitate the execution of financial transaction. Furthermore, a financial institution as discussed in accordance with the present invention may also employ, implement or run the financial transaction processing system provided in accordance with the present invention if required.
- a token used in the registration process may be an electronic funds transfer point of sale (EFTPOS) card.
- EFTPOS cards are well known in the art and commonly employed by the customers of financial institutions to execute financial transactions using an EFTPOS transaction network.
- EFTPOS cards can also be used with automatic teller machines (ATM's) which are provided by financial and banking institutions to allow customers to have access to financial services or transactions outside of the normal operating hours of the institution or bank.
- ATM's automatic teller machines
- EFTPOS cards are commonly used by a wide number and variety of customers of financial institutions to obtain access to debit balance, funds or credit facilities available through such institutions with these cards also being known as ATM cards, debit cards, EFTPOS cards or bank cards.
- ATM cards debit cards
- EFTPOS cards bank cards
- references to EFTPOS cards only in isolation throughout this specification should in no way be seen as limiting.
- references will also be made to an EFTPOS card being composed of a small plastic sheet or token with a strip of magnetised material being applied to the surface of same or a smart chip imbedded in or applied to the surface of same.
- This magnetised strip or smart chip may have encoded specific information in relation to the particulars of the card where this information can be extracted to execute or implement a financial transaction. Again those skilled in the art should appreciate that alternative types of cards or tokens may also be employed in conjunction with the present invention and reference to the above only throughout this specification should in no way be seen as limiting.
- token information may be received relating to the specific EFTPOS card or other type of transaction based token issued to a specific user.
- the token information received can be similar to that extracted from an EFTPOS card to facilitate a transaction using the EFTPOS network.
- the token information received or extracted may include information encoded onto a magnetic stripe or smart chip mounted on the card. This magnetic strip or smart chip can provide specific information in relation to the card or token issued by a particular financial institution.
- the token information received may encompass all information required to facilitate an EFTPOS transaction in addition to any information required to authenticate or validate a particular user's rights to access or implement such transaction.
- token information may be supplied which consists of any number or combination of a unique card or token number, an account or customer number for the user or customer issued the token, a PIN block associated with a personal identification number or institution authorisation code, as well as ownership or user validation information either printed or stamped into the material of the token or card, or alternatively encoded into a magnetic stripe portion or smart chip of the card.
- an institution authorisation code may also be received as part of the registration process executed. This authorisation code may be used to make a valid identification of the specific user who wishes to register to gain access to the facilities or functions provided by the financial transaction processing system involved.
- the institution authorisation code received may be the same code which authorises transactions to be implemented in relation to the token or EFTPOS card issued to the user. This institution authorisation code may preferably be used in conjunction with the card or token issued to authorise point of sale transactions.
- the institution authorisation code may be formed from or composed of the personal identification or PIN number issued to a user to authorise point of sale transactions.
- the level of security of information afforded by the use of an EFTPOS card and a PIN number as an access code meets the same standards, criteria's and protocols commonly accepted as secure by the existing financial institution which issued the card or token involved.
- the financial institution issuing the card to their customer (who is registering to use the present invention) can be assured that security standards on a par with or equivalent to their own are being used to control the registration process.
- At least one address attribute of a remote user terminal may also be received.
- An address attribute can uniquely identify a specific terminal device to be employed by the user registering to access the financial transaction processing system, as discussed above.
- the address attribute or attributes of a user's terminal may then be recorded.
- a cellular telephone number for a user's cellular phone can be employed as an address attribute where this phone number in combination with an authentic or valid access code will allow a user to execute transactions in accordance with the present invention.
- an access code may be generated and released to the newly registered user.
- This access code can be used in conjunction with the address attribute of the user's terminal to gain access to and facilitate the execution of financial transactions using the present invention.
- the access code provided may be generated or chosen by the user and subsequently supplied to the components, equipment or personnel employed to complete the registration process. Alternatively and in other embodiments a random or secure access code may be generated and supplied to the user.
- the registration terminal will then calculate an access code offset.
- the access code offset is the numeric difference between the user's access code and the PIN number entered by the user to validate the token. By using this access offset code, it ensures that the system does not store the user's access code or the user's EFTPOS PIN number within its information store and therefore this protects the data within the information store from fraudulent use.
- an access code offset avoids the need for the present invention to store a user's EFTPOS card PIN number or financial institution authorisation code, thereby eliminating the chance of unauthorised persons obtaining access to a user's card PIN number from the information store.
- financial transactions may be processed or forwarded to a financial institution for processing without validation of the access code supplied by a user.
- the access code supplied will in turn be used to generate an EFTPOS card PIN number which is in turn incorporated into a transaction quest forwarded to a financial institution. If the supplied access code is incorrect then the associated EFTPOS card PIN number generated will be incorrect and the transaction involved will be refused by the financial institution.
- the token or card information received and the access code offset assigned to the user may be stored within the information store provided as part of the financial transaction processing system.
- the token or card information received may therefore form at least a portion of the financial information to be recorded and secured within the information store.
- the information store may also retain or associate as part of the financial information of a user both the supplied address attributed or attributes for a user terminal in addition to the access code offset generated from the access code assigned to the user.
- the information store may release financial information incorporating or including the token information received when a valid access code is supplied, and when the information store can determine that the communicating terminal has the same address attribute as that stored or recorded.
- the financial information secured by the information store may be used to allow the information store and associated hardware or software to emulate the functions of an EFTPOS te ⁇ ninal normally used to complete an EFTPOS financial fransaction.
- the information store can retain a 'virtual' record of the EFTPOS card which can be accessed by an authorised remote user to complete financial transactions.
- the virtual card recorded in the information store can allow the information store to act substantially the same as an EFTPOS terminal after an EFTPOS card's magnetic strip has been swiped and read.
- the user supplied access code and the stored access code offset can be used to generate or calculate the banking PIN number or institution authorisation code to be used to authorise the execution of an EFTPOS based transaction.
- the PIN number or institution authorisation code required can be calculated from the difference between the stored access code offset and the access code supplied by a user.
- a calculated card PIN number can then be used as part of the payload of a financial transaction to be processed by a financial institution.
- an automatic teller machine or ATM may be used to receive token information from a user wishing to register to use the financial transaction processing system discussed above.
- An ATM machine normally includes a magnetic swipe or stripe card reader or smart chip card reader which can be employed to extract or retrieve the token information required as part of the registration process.
- ATM machines are generally housed or located within relatively secure locations to prevent tampering with same.
- an ATM machine may also be employed to receive the institution authorisation code or PIN number from a user associated with the particular EFTPOS card or token read by the ATM.
- existing banking or financial institution infrastructure already employed by the ATM machine may be used to check the received PIN number against records held by the financial institute to make valid identification of the user wishing to register.
- Existing hardware or components employed in the design and construction of an ATM machine (such as a key pad) may be employed by a user to supply a PIN number or institution authorisation code required as part of the registration process.
- an ATM machine may also be adapted to receive the address information or attribute associated with the particular terminal device a user wishes to employ. Again a keypad or other similar type of hardware or components may be employed in conjunction with the ATM machine to receive such an address attribute or attributes as part of the registration process.
- an ATM machine may also be adapted to generate or receive the access code a user wishes to employ. Again a screen or keypad or other similar type of hardware or components may be employed in conjunction with the ATM machine to receive, deliver or assign such access code as part of the registration process.
- an ATM machine may also be adapted to generate an access code offset.
- the access code offset may be calculated from the difference between the entered card PIN or institution authorisation code and the access code assigned to the user, where the access code is either generated by the ATM machine or alternatively by the user.
- An automatic teller machine or ATM being employed by a prospective user to register for access to the financial transaction processing system provided.
- An existing ATM machine may be employed to read card or token information, receive a institution assigned PIN number to validate the identity of the user and to subsequently receive an address attribute of a user's terminal and to issue or receive an access code to a user and to calculate an access code offset.
- the present invention may provide many potential advantages over the prior art.
- the present invention may enable a user to execute point of sale transactions from a remote location.
- a number of convenient remote terminal devices such as cellphones or PDA's may be employed by the user to participate in a remote EFTPOS transaction for example, with the user being provided with secure and convenient access to these types of transactions.
- the registration system discussed above improves a security of access to these transactions, as existing financial institution and banking security procedures are implemented to ensure only authorised users have access to the present invention.
- the registration system discussed above allows a user to be registered without the user having to disclose or provide confidential financial details or information.
- the card or token issued to a user may be employed to access such sensitive information without said information needing to be written down, transmitted or otherwise disclosed as part of the registration process.
- the present invention may also provide a financial transaction processing system which can be configured in such a way that if the stored information was compromised, an unauthorised person could not use the gained information for fraudulent purposes through the availability of only user access codes offsets as opposed to institution authorisation codes.
- the system implemented in conjunction with the present invention may also provide significant advantages and improve facilities over the existing prior art.
- the present invention may allow remote EFTPOS based transactions to be executed in real time to allow the user with convenient mechanism for completing a transaction, similar to that currently available widely for credit cards.
- the present invention may be applied to allow a user to execute a financial transaction to purchase the rights to use a credit card or credit card number assigned a specific credit value.
- the credit card number and associated credit purchase may be used (for example) with on-line internet based commerce websites known to accept only credit card numbers as a payment option.
- the present invention may also allow remote EFTPOS transactions to be executed in real time.
- the system, apparatus and software employed in conjunction with the present invention may resemble or build an EFTPOS transaction and forward same to a financial institute for processing while the user waits. An immediate answer as to the availability of said fransaction can then be supplied back to the user again in real time while in turn the transaction required is processed.
- Figure 1 illustrates a block schematic diagram of components employed to provide a financial transaction processing system in accordance with a preferred embodiment, with these components being distributed over a number of remote locations, and
- Figure 2 shows a sequence diagram for communication and information flows executed by a financial fransaction processing system provided in accordance with an alternative embodiment, where the system is used to facilitate an EFTPOS fransaction
- Figure 3 shows a sequence diagram for communications and information flows executed by a financial transaction processing system provided in accordance with an alternative embodiment where the system is used to register a new user to use the system.
- Figure 4 shows generally the components required to securely register a user to enable them to make use of the access code system.
- FIG. 1 illustrates a block schematic diagram of components employed to provide a financial transaction processing system in accordance with a preferred embodiment.
- These components include a users telephone 101, connected via an interface server 102 to an EFTPOS terminal server 103. This latter detects that the call is from a specified telephone and in conjunction with an access code supplied by the user queries a virtual card provider 104 and track 2 database 105.
- the track 2 database stores all the information on track 2 of a standard card and releases this information for a financial fransaction process to occur on EFTPOS transaction processor 106 only if the user is calling on a specified telephone with an access code which is approved for that telephone.
- the majority of the components of the financial transaction processing system provided are located within a secure hosting environment with physical access to same being restricted to authorised persons only.
- the system provided includes an EFTPOS transaction server (ETS), a track-2 database (T2DB), and a virtual card data provider (NCD) all located within the secure hosting environment provided.
- ETS EFTPOS transaction server
- T2DB track-2 database
- NCD virtual card data provider
- the transaction processing system also includes an interface server (EIS) located outside of the secure hosting environment which is associated with a telecommunication service providers network.
- the interface server provides a link or connection between the infrastructure of a telecommunications network and the EFTPOS terminal server located within the secure hosting environment.
- the transaction processing system also includes links to an EFTPOS fransaction processing system or network (ETSL) within the secure hosting environment, where the ETSL also normally receives and processes EFTPOS transactions from other sources.
- ETSL EFTPOS fransaction processing system or network
- the telecommunications network provides a communications channel between the transaction processing system and a remote user terminal, shown in this embodiment as a cellular telephone.
- the cellular telephone is employed by a user to execute EFTPOS based financial transactions.
- the track-2 database (T2DB) is adapted to form the main portion of the information store employed in conjunction with the present invention.
- the IS and ETS facilitate the management of communications with other external elements systems while the VCD employs decryption and security algorithms to generate an institution authorisation code or an institution PIN number for a particular user. This code is used to implement a standard EFTPOS transaction within the secure hosting environment.
- Figures 2 and 3 show in more detail both the use of the system to execute EFTPOS based financial transaction and also the registration of a new user with the system to authorise such a user to execute EFTPOS based transactions.
- the first steps used to implement a financial transaction occur at stages 1 and 2 where a user creates a session with the system by dialling a specific number with their cellular phone or remote terminal.
- the telecommunications network sets up the call required, and at stage 3 connects the call to the interface server employed.
- the Interface Server obtains the telephone number of the calling cellphone (being the terminal's address attribute) using caller line identification technology.
- the interface server requests that the user key in an access code where this access code, when keyed in is transmitted through the network to the interface server.
- the user is also prompted to enter in details of the transaction they wish to implement, such as an account number or designated payee to which funds are being transferred in addition to the amount to be transferred and the date of transfer.
- this information "payload" from the interface server is encrypted and at stage 5, transmitted to the EFTPOS transaction (ETS) located within the secure hosting environment.
- EFTPOS transaction EFTPOS transaction
- the ETS decrypts the received payload from the IS and applies an alternative encryption (known as 3DES to those skilled in the art) to this information and subsequently transmits same to the track-2 database (T2DB).
- T2DB receives encrypted information from the ETS and decrypts same using the 3DES encryption scheme employed by the ETS. The decrypted information is then used to address and access financial information stored by the track-2 database with respect to the specific user contact in the system. The T2DB then returns the stored financial information associated with the particular user identified by both the calling cellphone number and access code provided.
- information from the second track of the magnetic stripe card provided in the identified user's EFTPOS card is returned encrypted to the ETS, again using the same encryption scheme originally employed by the ETS.
- the information returned from the T2DB is then decrypted by the ETS, thereby providing the ETS with essentially the same information available to a standard merchant EFTPOS terminal after a customer's EFTPOS card has been read and the customer has entered the secure EFTPOS card PIN number.
- the secure EFTPOS card PIN is calculated at stage 9 in conjunction with the virtual card data provider (VCD) discussed with respect to figure 1.
- VCD virtual card data provider
- the track-2 data retrieved from T2DB includes access code offset data which indicates a value by which the user's access code is offset from the user's EFTPOS card PIN number or financial institution authorisation code. This allows a user's EFTPOS card PIN number to be calculated in real time for use in a transaction without the need to have this PIN number stored and potentially available for compromise and use by an unauthorised person.
- the calculated card PIN can then, in combination with received details of the EFTPOS card number and a PIN offset coded into said card, be used to construct a standard EFTPOS transaction.
- This transaction payload can then at stage 9 be transmitted to the standard EFTPOS transaction processing system (ETSL).
- the ETSL then processes the EFTPOS transaction and forwards the transaction to the user's financial institution and returns a response from the financial institution at stage 10 indicating that the transaction proposed was accepted and processed, or declined. Subsequently at stage 11 the ETS system returns the results of the transaction submission to the interface server including any particulars of the transaction processed.
- a utility database (UDB) of, in this instance, the payee involved with the transaction is then updated to indicate that a transaction is being processed for the user identified.
- the interface server subsequently generates a response message to be transmitted back to the user's cellular phone, which at stage 14 gives the user feedback regarding the success or otherwise of the transaction proposed.
- Figure 3 shows in a similar form to figure 2, a sequence of communications or information transmissions implemented in conjunction with the present invention to register a new user and authorise same to use the financial transaction processing system discussed above.
- the terminal shown or discussed is an automatic teller machine which includes a swipe card or magnetic strip card reader or smart chip reader.
- This reader is used at stage 1 shown to read information encoded to a magnetic stripe or smart chip of a user's ATM card.
- the ATM is also used to receive via keypad a mobile telephone number for the user in addition to an access code selected by the user to be employed to use the financial fransaction processing system.
- the ATM is also used to receive the ATM card PIN number, normally used by the user to implement a transaction using their own ATM card.
- This information is then transmitted from the ATM machine to the standard ATM transaction processing network which is connected to ETSL or direct to the financial institution that issued the ATM card.
- the ETSL component in turn at stage 2 contacts the financial institution which issued the ATM card to the registering user and supplies the received ATM card PIN number to obtain a valid identification and authorisation for the user.
- the results of this identification or authorisation based on the PIN number supplied are returned by the bank systems, and an indication of the success or otherwise of the authorisation process is returned from the ETSL to the terminal ATM machine at stage 4.
- stage 5 is then executed where the PIN offset is calculated by the ATM and the magnetic track-2 card data or smart chip data extracted from the user's ATM card by the ATM is transmitted to the ETSL system in the form of a pre-authorisation transaction request.
- the ETSL system forwards this track-2 based "payload" information onto the visual card data (VCD) system and associated track-2 database (T2DB) employed in conjunction with the present invention.
- VCD visual card data
- T2DB track-2 database
- the ETSL will be advised at stage 7 of this successful result and the ETSL will in turn return a result message at stage 8 to the ten dnal ATM machine to indicate to the user that they have been successfully registered for use with the financial processing system provided.
- Figure 4 shows a block diagram of a terminal allowing the registration of user data in this way with a circuit board 120.
- a card read by magnetic stripe or chip reader 128 triggers presentation of a menu on screen 121, one of the menu options being registration of the user for remote transaction via an insecure link.
- Choice of this option allows the user to enter the required information under control of the software embedded in chips 123 (the standard base software) and 123 a (the software for eliciting the telephone number and associated access code) into keyboard 122.
- This information is then transmitted in encrypted form, preferably DES encrypted, to the EFTPOS Terminal Server by communications chip 127 together with the track 2 information from the users card and the users bank PIN.
- the track 2 data is recorded in the track 2 database (T2DB).
- the information recorded includes a telephone PIN (TPIN) which is recorded in the form of an offset from the bank PIN.
- TPIN telephone PIN
- This offset PIN should differ from both the actual calculated PIN and from the PIN which is normally used by the user and which is also stored as an offset. Typically this TPIN would be entered twice to allow validation at entry.
- Calculation of the offset may be carried out by the terminal at which the entry is done or at the destination. Any transmission of the PIN offset is required to be encrypted.
- a single user may have several associated telephone numbers and TPINs, and the facilities associated with each may vary depending upon the inherent security of the telephone type.
- the methods and apparatus of the present invention relate to the field of financial transactions and to the manner in which information is held to allow authorisation of a transaction from a nominally insecure terminal.
- the process of registering to carry out a financial transaction of this type involves a modified secure terminal, and the process of carrying out a transaction involves the use of a modified transaction server network in cooperation with a users input.
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/NZ2004/000007 WO2005066907A1 (fr) | 2004-01-12 | 2004-01-12 | Systeme et procede de traitement de transactions |
AU2004312730A AU2004312730B2 (en) | 2004-01-12 | 2004-01-12 | Transaction processing system and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/NZ2004/000007 WO2005066907A1 (fr) | 2004-01-12 | 2004-01-12 | Systeme et procede de traitement de transactions |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2005066907A1 true WO2005066907A1 (fr) | 2005-07-21 |
Family
ID=34748261
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/NZ2004/000007 WO2005066907A1 (fr) | 2004-01-12 | 2004-01-12 | Systeme et procede de traitement de transactions |
Country Status (2)
Country | Link |
---|---|
AU (1) | AU2004312730B2 (fr) |
WO (1) | WO2005066907A1 (fr) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008119168A1 (fr) * | 2007-04-03 | 2008-10-09 | Cpni Inc. | Système et procédé pour une découverte de vendeur et un transfert de données de paiement |
US9269010B2 (en) | 2008-07-14 | 2016-02-23 | Jumio Inc. | Mobile phone payment system using integrated camera credit card reader |
US9305230B2 (en) | 2008-07-14 | 2016-04-05 | Jumio Inc. | Internet payment system using credit card imaging |
US9641752B2 (en) | 2015-02-03 | 2017-05-02 | Jumio Corporation | Systems and methods for imaging identification information |
US10552697B2 (en) | 2012-02-03 | 2020-02-04 | Jumio Corporation | Systems, devices, and methods for identifying user data |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2002063580A2 (fr) * | 2001-02-02 | 2002-08-15 | Hodgson Robert B | Dispositif et procede permettant des transactions securisees par carte de debit et carte de credit atm via internet |
WO2003047208A1 (fr) * | 2001-11-29 | 2003-06-05 | Mobile Commerce Limited | Paiement par carte de credit depuis un telephone mobile |
-
2004
- 2004-01-12 AU AU2004312730A patent/AU2004312730B2/en not_active Ceased
- 2004-01-12 WO PCT/NZ2004/000007 patent/WO2005066907A1/fr active Application Filing
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2002063580A2 (fr) * | 2001-02-02 | 2002-08-15 | Hodgson Robert B | Dispositif et procede permettant des transactions securisees par carte de debit et carte de credit atm via internet |
WO2003047208A1 (fr) * | 2001-11-29 | 2003-06-05 | Mobile Commerce Limited | Paiement par carte de credit depuis un telephone mobile |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008119168A1 (fr) * | 2007-04-03 | 2008-10-09 | Cpni Inc. | Système et procédé pour une découverte de vendeur et un transfert de données de paiement |
US9269010B2 (en) | 2008-07-14 | 2016-02-23 | Jumio Inc. | Mobile phone payment system using integrated camera credit card reader |
US9305230B2 (en) | 2008-07-14 | 2016-04-05 | Jumio Inc. | Internet payment system using credit card imaging |
US9836726B2 (en) | 2008-07-14 | 2017-12-05 | Jumio Corporation | Internet payment system using credit card imaging |
US10558967B2 (en) | 2008-07-14 | 2020-02-11 | Jumio Corporation | Mobile phone payment system using integrated camera credit card reader |
US10552697B2 (en) | 2012-02-03 | 2020-02-04 | Jumio Corporation | Systems, devices, and methods for identifying user data |
US9641752B2 (en) | 2015-02-03 | 2017-05-02 | Jumio Corporation | Systems and methods for imaging identification information |
US10176371B2 (en) | 2015-02-03 | 2019-01-08 | Jumio Corporation | Systems and methods for imaging identification information |
US10572729B2 (en) | 2015-02-03 | 2020-02-25 | Jumio Corporation | Systems and methods for imaging identification information |
US10776620B2 (en) | 2015-02-03 | 2020-09-15 | Jumio Corporation | Systems and methods for imaging identification information |
US11468696B2 (en) | 2015-02-03 | 2022-10-11 | Jumio Corporation | Systems and methods for imaging identification information |
Also Published As
Publication number | Publication date |
---|---|
AU2004312730B2 (en) | 2009-11-12 |
AU2004312730A1 (en) | 2005-07-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7069001B2 (en) | Method for supporting cashless payment | |
US6834270B1 (en) | Secured financial transaction system using single use codes | |
US7231372B1 (en) | Method and system for paying for goods or services | |
US6612488B2 (en) | Method and system to prevent fraudulent payment in credit/debit card transactions, and terminals therefor | |
US20110103586A1 (en) | System, Method and Device To Authenticate Relationships By Electronic Means | |
US20030191945A1 (en) | System and method for secure credit and debit card transactions | |
US20080091614A1 (en) | Method To Make Payment Or Charge Safe Transactions Using Programmable Mobile Telephones | |
US20020184500A1 (en) | System and method for secure entry and authentication of consumer-centric information | |
US20060106699A1 (en) | System and method for conducting secure commercial order transactions | |
MXPA04009725A (es) | Sistema y metodo para transacciones de tarjeta de credito y debito seguras. | |
KR101039696B1 (ko) | 전화번호를 이용한 모바일 카드 결제시스템, 그를 이용한 모바일 결제 서비스 방법 | |
US11694182B2 (en) | Systems and methods for displaying payment device specific functions | |
JP2005004764A (ja) | 移動ユーザ端末を有する顧客による口座からの支払い方法、および顧客認証網 | |
US20030187784A1 (en) | System and method for mid-stream purchase of products and services | |
WO2002021767A1 (fr) | Carte de paiement virtuelle | |
JP2011044151A (ja) | 安全な携帯端末支払いのための方法とシステム | |
US20020078360A1 (en) | Method of conducting transactions | |
AU2004312730B2 (en) | Transaction processing system and method | |
WO2006004441A2 (fr) | Operation bancaires electroniques | |
KR100432838B1 (ko) | 전자 화폐 처리 방법, 프로그램을 기록한 기록 매체 및 전자 화폐 카드의 처리 방법 | |
CN107636664A (zh) | 用于向移动设备供应访问数据的方法和系统 | |
NZ544070A (en) | Electronic transaction authorisation with authentic terminal verification | |
NZ523709A (en) | Transaction processing system and method of creating stored transaction authorisation information at a remote location | |
US20050010813A1 (en) | Security in data communication networks | |
WO2006044213A2 (fr) | Procede de paiement electronique |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DPEN | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed from 20040101) | ||
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2004312730 Country of ref document: AU |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: DE |
|
ENP | Entry into the national phase |
Ref document number: 2004312730 Country of ref document: AU Date of ref document: 20040112 Kind code of ref document: A |
|
122 | Ep: pct application non-entry in european phase |