WO2006094316A2 - Systeme de traitement de transactions financieres - Google Patents
Systeme de traitement de transactions financieres Download PDFInfo
- Publication number
- WO2006094316A2 WO2006094316A2 PCT/ZA2006/000022 ZA2006000022W WO2006094316A2 WO 2006094316 A2 WO2006094316 A2 WO 2006094316A2 ZA 2006000022 W ZA2006000022 W ZA 2006000022W WO 2006094316 A2 WO2006094316 A2 WO 2006094316A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- transaction
- client
- transaction processing
- code
- authorisation
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/20—Point-of-sale [POS] network systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/42—Confirmation, e.g. check or permission by the legal debtor of payment
- G06Q20/425—Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
Definitions
- This invention relates to a system for processing financial transactions.
- a vendor swipes a customer's credit card through a point of sale (POS) card processing device.
- the POS device sends a request to the server of an acquiring bank (the bank that owns the POS device) via a PSTN (public telephone) line or a radio pad (i.e. SWIFTNET in South Africa).
- the acquiring bank contacts the bank that issued the card (the issuer bank) by way of an authorisation network.
- the request is either authorised or denied.
- the acquiring bank notifies the vendor via the POS device whether or not the transaction has been authorised and if authorised, the funds are transferred to the vendor's account on finalisation of the purchase at the point of sale.
- SMS Short Message Service
- This invention seeks to provide an authentication mechanism and process that can operate independently of an immediately available SMS service.
- the financial transaction verification system of this invention comprises: a programmable transaction processing client; a programmable transaction processing server under the control of a financial services provider a programmable telecommunications client under the control of a transaction initiator which telecommunications client has been previously (prior to initiation of the transaction) programmed with at least one transaction authorisation code by the transaction processing server; the transaction processing client, the transaction processing server and the telecommunications client all being connected to or adapted for connection to one or more telecommunications networks; the transaction processing client being programmed, when in use a transaction is initiated and processed through the transaction processing client: to record data pertaining to a transaction initiated, in use, by the transaction . initiator and data pertaining to a financial account of the transaction initiator with the financial services provider; and to transmit the recorded data to the transaction processing server byway of the telecommunications network to which it and the transaction processing 1 server are connected;
- the transaction processing client being programmed, further:
- the transaction processing server being programmed, further:
- the transaction processing server being programmed to transmit at least one new
- the transaction processing server may conveniently be programmed, if an incorrect code
- the financial transaction verification system may conveniently use a mobile communication
- the transaction authorisation code may be
- the transaction authorisation code is a once-off code issued by the transaction processing
- 26 server which is programmed: 7 to record the issuance of the transaction authorisation code
- the transaction processing client is constituted by a vendor POS terminal
- the transaction processing server is constituted by the computer systems of a bank
- the telecommunications client includes any telecommunications-enabled device
- the telecommunications client is connected to or adapted for connection to a GSM
- the transaction processing client will, typically, record data pertaining to a transaction after
- the transaction processing server is preferably programmed to transmit a new transaction 4 authorisation code to the telecommunications client only after the transaction has been 5 finalised.
- the invention includes a financial transaction verification system that is adapted to 8 accommodate situations in which the transaction processing client fails, in use, to 9 communicate with the transaction processing server, the adapted transaction verification 0 system including: 1 a portable programmable logic device, such as a smart card; 2 the transaction processing server being adapted: 1 to program and store in the programmable logic device, preferably by
- the invention includes a method of verifying and administering financial transactions using
- 13 is a flow chart illustrating the financial transaction verification system of the invention by
- POS point of sale
- the credit card belongs to the
- the transaction initiator (the person who makes a purchase). The transaction initiator will have
- the financial services provider operates and serves a network of point of sale terminals
- ATM automated teller machines
- This network of terminals is normally operated from a central server or servers which, in
- the network need not be a fixed line network, particularly since
- POS terminal that serves as a programmable transaction processing client
- the POS terminal (transaction processing client) is connected to or adapted for connection
- the telecommunications client is constituted by a customer cell phone, but any other
- 32 telecommunications appliance can be used as the telecommunications client, which is 1 connected to or adapted for connection to the bank servers (transaction processing server)
- a GPRS network can also be used as can a wireless network
- Wi-Fi or WiMax Wi-Fi or WiMax
- internet network in the case of an internet appliance.
- the customer cell phone is programmed with a transaction authorisation code.
- SMS can be fully automated and non-transparent in the sense that SMS can be
- the POS terminal (transaction processing client) is programmed, when in use a
- the POS terminal is used to obtain customer account data, normally by
- the POS terminal transmits the recorded transaction data to
- the bank server (transaction processing server) is programmed to first use the customer's
- the bank server is programmed to formulate a transaction authorisation request to the POS
- the POS terminal (transaction processing client) is programmed, as a precondition forthe
- the bank server (transaction processing server) compares the code
- the bank server transmits a new transaction authorisation code to the customer cell phone (telecommunications client) by way of the GSM network and stores a duplicate of the new transaction authorisation code in the bank server as the currently valid transaction authorisation code.
- the bank server is programmed, if an incorrect code is entered as the purported transaction authorisation code, to transmit a notification to the customer cell phone. In a fraud situation, this additional notification serves to alert the customer to the effect that an attempt is being made to defraud her.
- the transaction authorisation code is a once-off code issued by the bank server in that the bank server records issuance of the transaction authorisation code and stores the code as the currently valid transaction authorisation code.
- the bank server records use of the transaction authorisation code and marks such a used transaction authorisation code as obsolete and then transmits a new transaction authorisation code to the customer cell phone (telecommunications client).
- All communications in this financial transaction verification system including those between the POS terminal (transaction processing client), the bank server (transaction processing server) and the customer cell phone (telecommunications client) are by way of secure encrypted communications.
- the financial transaction verification system of the invention can be adapted to accommodate situations in which the POS terminal (transaction processing client) fails, in use, to communicate with the bank server (transaction processing server), such as when the telephone lines of the PSTN are down or the bank server is down.
- the portable programmable logic device of preference is a smart card.
- the preliminary programming step outlined above includes programming of the smart card and the storage in secure memory on the smart card, of a plurality or a range of transaction authorisation codes. This can be done on initialisation of the smart card, but typically it will be done after each successfully concluded transaction, but not immediately, as will be seen from what follows.
- the same range of codes is programmed and stored into secure memory on the customer cell phone.
- the POS terminal operates in the same way as outlined above.
- a transaction is initiated and processed through the POS terminal, it records data pertaining to the transaction and the bank account of the customer and attempts to transmit the recorded data to the bank server.
- the normal process as outlined above takes place except that the POS terminal, the bank server and the customer cell phone rely on one of the range of transaction authorisation codes stored on the customer cell phone instead of just the one currently valid transaction authorisation code.
- the POS terminal will require access to the smart card.
- the POS terminal On presentation of the smart card, the POS terminal is programmed to retrieve the transaction authorisation codes stored in the smart card. The codes will not be displayed. Instead, the POS terminal will call for the entry of at least one of the transaction authorisation codes previously programmed into the telecommunications client as a precondition for the further processing of the transaction and upon entry of the code, compare the code so entered with the transaction authorisation codes stored in the smart card. If the entered code matches one of the stored codes, the POS terminal notifies the vendor or merchant that the entered code is valid, meaning that the customer presenting the smart card is the person authorised to use the card.
- the POS terminal is programmed to update the smart card memory and to mark the entered code as obsolete in the smart card memory. 1
- the vendor can then perform a manual telephonic balance check to authorise the
- the bank server transmits a new range transaction authorisation
- the bank server sends the customer cell phone an identical range of
- the transaction is authorised 0 after the bank server, using the customer's bank account data, carries out the normal 1 customer identification and available balance checks found in existing financial transaction 2 verification systems.
- Customer authentication is carried out when the bank server uses the transaction 5 authorisation code sent to it by the POS terminal to authenticate the customer.
Landscapes
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Engineering & Computer Science (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Telephonic Communication Services (AREA)
Abstract
Le système de vérification de transactions financières de l'invention comprend un terminal POS qui sert de client de traitement de transactions programmable, un serveur ou des serveurs bancaires qui constituent un serveur de traitement de transactions programmable; ainsi qu'un client doté d'un téléphone, d'un téléphone cellulaire ou d'un autre appareil de télécommunications (un client de télécommunications sous le contrôle de l'initiateur de transactions). Le terminal POS (client de traitement de transactions) est connecté aux serveurs bancaires (serveur de traitement de transactions) au moyen d'un RTPC. Le client de télécommunications est constitué par un téléphone cellulaire client ou n'importe quel autre appareil de télécommunications, lequel est connecté aux serveurs bancaires (serveur de traitement de transactions) au moyen d'un réseau GSM, GPRS ou d'un autre réseau sans fil (Wi-Fi ou WiMax) ou d'un réseau Internet dans le cas d'un appareil Internet. Lors de l'initialisation du téléphone cellulaire client (client de télécommunications) destiné à être utilisé avec le système de vérification de transactions financières de l'invention ou (plus généralement) à la fin de chaque transaction vérifiée avec succès, le téléphone cellulaire client est programmé avec un code d'autorisation de transaction transmis au téléphone cellulaire client par le serveur bancaire au moyen d'un message SMS. Ledit procédé peut être automatisé par programmation du téléphone cellulaire afin de recevoir le message SMS contenant le code d'autorisation de transaction et de stocker le code en mémoire. Dans le téléphone cellulaire client, le code d'autorisation de transaction est protégé en ce que l'accès à la zone de mémoire du téléphone cellulaire où le code est stocké est uniquement possible à l'aide d'un numéro d'identification personnel (NIP) connu uniquement par l'utilisateur. Un double du code d'autorisation de transaction est stocké dans le serveur bancaire (serveur de traitement de transactions) en tant que code d'autorisation de transaction valide. Le terminal POS (client de traitement de transactions) est programmé, lorsqu'il est en cours d'utilisation, une transaction est initiée et traitée par le terminal POS afin d'enregistrer des données de transaction, normalement directement à partir du plateau dont le terminal POS fait partie ou au moyen d'entrées clavier. De plus, le terminal POS est utilisé afin d'obtenir des données de compte client, normalement par glissement de la carte de crédit du client dans le lecteur de bande magnétique faisant partie du terminal POS. Le terminal POS (client de traitement de transactions) transmet les données de transaction enregistrées au serveur bancaire (serveur de traitement de transactions) au moyen du RTPC auquel lui et le serveur bancaire sont connectés. Le serveur bancaire (serveur de traitement de transactions) utilise les données de compte bancaire du client pour exécuter l'identification de client normale et des vérifications de soldes disponibles trouvées dans des systèmes de vérification de transactions financières existants. En outre, néanmoins, le serveur bancaire est programmé afin de formuler une demande d'autorisation de transaction auprès du terminal POS et pour transmettre la demande d'autorisation de transaction au terminal POS au moyen du RTPC. Le terminal POS (client de traitement de transactions) est programmé, condition préalable au traitement ultérieur de la transaction, pour demander, lors de la réception de la demande d'autorisation de transaction, l'entrée d'un code d'autorisation de transaction dans le terminal POS. Le code qui doit être entré est le code d'autorisation de transaction programmé en premier et stocké dans la mémoire sécurisée du téléphone cellulaire client, auquel le client doit accéder à l'aide de son NIP pour accéder à la zone de mémoire sécurisée du té
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
ZA200606754A ZA200606754B (en) | 2005-02-14 | 2006-08-14 | GSM Transaction Management System |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
ZA2005/01285 | 2005-02-14 | ||
ZA200501285 | 2005-02-14 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2006094316A2 true WO2006094316A2 (fr) | 2006-09-08 |
WO2006094316A3 WO2006094316A3 (fr) | 2009-05-07 |
Family
ID=36941918
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/ZA2006/000022 WO2006094316A2 (fr) | 2005-02-14 | 2006-02-14 | Systeme de traitement de transactions financieres |
Country Status (2)
Country | Link |
---|---|
WO (1) | WO2006094316A2 (fr) |
ZA (1) | ZA200606754B (fr) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008089522A1 (fr) * | 2007-01-25 | 2008-07-31 | A & Mt Projects Pty Limited | Autorisations à facteurs multiples utilisant un système de gestion des informations en boucle fermée |
WO2011050811A3 (fr) * | 2009-10-28 | 2011-08-18 | Mspay Aps | Procédé et système de transaction |
US8285648B2 (en) | 2006-09-29 | 2012-10-09 | Dan Scammell | System and method for verifying a user's identity in electronic transactions |
US10042589B2 (en) | 2015-03-11 | 2018-08-07 | Secure Cloud Systems, Inc. | Encrypted data storage and retrieval system |
CN111932127A (zh) * | 2020-08-11 | 2020-11-13 | 广元量知汇科技有限公司 | 智能制造生产管理系统 |
US11012722B2 (en) | 2018-02-22 | 2021-05-18 | Secure Cloud Systems, Inc. | System and method for securely transferring data |
US11329963B2 (en) | 2018-02-22 | 2022-05-10 | Eclypses, Inc. | System and method for securely transferring data |
US11405203B2 (en) | 2020-02-17 | 2022-08-02 | Eclypses, Inc. | System and method for securely transferring data using generated encryption keys |
US11522707B2 (en) | 2021-03-05 | 2022-12-06 | Eclypses, Inc. | System and method for detecting compromised devices |
US11720693B2 (en) | 2021-03-05 | 2023-08-08 | Eclypses, Inc. | System and method for securely transferring data |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020147913A1 (en) * | 2001-04-09 | 2002-10-10 | Lun Yip William Wai | Tamper-proof mobile commerce system |
US20030004876A1 (en) * | 2001-06-29 | 2003-01-02 | David Jacobson | Mobile terminal incorporated with a credit card |
US20030023566A1 (en) * | 2000-03-03 | 2003-01-30 | Tomonori Fujisawa | Authenticating method |
US20030191945A1 (en) * | 2002-04-03 | 2003-10-09 | Swivel Technologies Limited | System and method for secure credit and debit card transactions |
US20040039709A1 (en) * | 2002-01-23 | 2004-02-26 | Petri Pirhonen | Method of payment |
US20040098350A1 (en) * | 2002-08-08 | 2004-05-20 | Fujitsu Limited | Framework and system for purchasing of goods and srvices |
US20040250068A1 (en) * | 2001-09-03 | 2004-12-09 | Tomonori Fujisawa | Individual certification method |
-
2006
- 2006-02-14 WO PCT/ZA2006/000022 patent/WO2006094316A2/fr active Application Filing
- 2006-08-14 ZA ZA200606754A patent/ZA200606754B/xx unknown
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030023566A1 (en) * | 2000-03-03 | 2003-01-30 | Tomonori Fujisawa | Authenticating method |
US20020147913A1 (en) * | 2001-04-09 | 2002-10-10 | Lun Yip William Wai | Tamper-proof mobile commerce system |
US20030004876A1 (en) * | 2001-06-29 | 2003-01-02 | David Jacobson | Mobile terminal incorporated with a credit card |
US20040250068A1 (en) * | 2001-09-03 | 2004-12-09 | Tomonori Fujisawa | Individual certification method |
US20040039709A1 (en) * | 2002-01-23 | 2004-02-26 | Petri Pirhonen | Method of payment |
US20030191945A1 (en) * | 2002-04-03 | 2003-10-09 | Swivel Technologies Limited | System and method for secure credit and debit card transactions |
US20040098350A1 (en) * | 2002-08-08 | 2004-05-20 | Fujitsu Limited | Framework and system for purchasing of goods and srvices |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8285648B2 (en) | 2006-09-29 | 2012-10-09 | Dan Scammell | System and method for verifying a user's identity in electronic transactions |
WO2008089522A1 (fr) * | 2007-01-25 | 2008-07-31 | A & Mt Projects Pty Limited | Autorisations à facteurs multiples utilisant un système de gestion des informations en boucle fermée |
WO2011050811A3 (fr) * | 2009-10-28 | 2011-08-18 | Mspay Aps | Procédé et système de transaction |
US10042589B2 (en) | 2015-03-11 | 2018-08-07 | Secure Cloud Systems, Inc. | Encrypted data storage and retrieval system |
US10452320B2 (en) | 2015-03-11 | 2019-10-22 | Secure Cloud Systems, Inc. | Encrypted data storage and retrieval system |
US11012722B2 (en) | 2018-02-22 | 2021-05-18 | Secure Cloud Systems, Inc. | System and method for securely transferring data |
US11329963B2 (en) | 2018-02-22 | 2022-05-10 | Eclypses, Inc. | System and method for securely transferring data |
US11770370B2 (en) | 2018-02-22 | 2023-09-26 | Eclypses, Inc. | System and method for transferring data |
US11405203B2 (en) | 2020-02-17 | 2022-08-02 | Eclypses, Inc. | System and method for securely transferring data using generated encryption keys |
US11979498B2 (en) | 2020-02-17 | 2024-05-07 | Eclypses, Inc. | System and method for securely transferring data using generated encryption keys |
CN111932127A (zh) * | 2020-08-11 | 2020-11-13 | 广元量知汇科技有限公司 | 智能制造生产管理系统 |
US11522707B2 (en) | 2021-03-05 | 2022-12-06 | Eclypses, Inc. | System and method for detecting compromised devices |
US11720693B2 (en) | 2021-03-05 | 2023-08-08 | Eclypses, Inc. | System and method for securely transferring data |
Also Published As
Publication number | Publication date |
---|---|
WO2006094316A3 (fr) | 2009-05-07 |
ZA200606754B (en) | 2008-10-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2006094316A2 (fr) | Systeme de traitement de transactions financieres | |
US7533065B2 (en) | Advanced method and arrangement for performing electronic payment transactions | |
US5915023A (en) | Automatic portable account controller for remotely arranging for transfer of value to a recipient | |
US8500008B2 (en) | Method and system of electronic payment transaction, in particular by using contactless payment means | |
JP4490618B2 (ja) | 支払いトランザクション方法および支払いトランザクションシステム | |
US7580885B2 (en) | Electronic money settlement method using mobile communication terminal | |
US20030191945A1 (en) | System and method for secure credit and debit card transactions | |
US8887997B2 (en) | Method for making secure a transaction with a payment card, and center for authorizing implementation of said method | |
US9098845B2 (en) | Process of selling in electronic shop accessible from the mobile communication device | |
EP1772832A1 (fr) | Procede pour effectuer des transactions de paiement securisees, au moyen de telephones mobiles | |
US20060095291A1 (en) | System and method for authenticating users for secure mobile electronic transactions | |
EP1490846A2 (fr) | Systeme et procede permettant de realiser des transactions securisees de cartes de credit et de debit | |
NO309346B1 (no) | Fremgangsmåte for å utföre pengetransaksjoner ved hjelp av et mobiltelefonsystem | |
WO2002007110A2 (fr) | Systeme et procede d'authentification d'un utilisateur autorise d'une carte de paiement, et autorisation d'une transaction par carte de paiement | |
WO2005001670A2 (fr) | Systeme de verification de transaction | |
EP2380149A1 (fr) | Utilisation de carte à puce améliorée | |
US20140344157A1 (en) | Method and device for carrying out cashless payment | |
US20190066114A1 (en) | System and method for purchasing using biometric authentication | |
EP1872316A1 (fr) | Procede et dispositif d'authentification d'un utilisateur de dispositif terminal de reseau | |
US9342664B2 (en) | Method to make payment or charge safe transactions using programmable mobile telephones | |
CA2561479A1 (fr) | Methode et systeme de paiement | |
WO2009069905A2 (fr) | Système pour le service de paiement mobile à l'aide d'un numéro de téléphone et procédé associé | |
WO2004049621A1 (fr) | Systeme d'authentification et d'identification et transactions utilisant un tel systeme d'authentification et d'identification | |
WO2004090825A1 (fr) | Systeme pour transactions securisees | |
WO2008015637A2 (fr) | Procédé et système de paiement mobile |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 200606754 Country of ref document: ZA |
|
NENP | Non-entry into the national phase in: |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 06740971 Country of ref document: EP Kind code of ref document: A2 |