WO2007006084A1 - Appareil et procédé de traitement de carte - Google Patents

Appareil et procédé de traitement de carte Download PDF

Info

Publication number
WO2007006084A1
WO2007006084A1 PCT/AU2006/000963 AU2006000963W WO2007006084A1 WO 2007006084 A1 WO2007006084 A1 WO 2007006084A1 AU 2006000963 W AU2006000963 W AU 2006000963W WO 2007006084 A1 WO2007006084 A1 WO 2007006084A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
card
extracted
integrity
transaction
Prior art date
Application number
PCT/AU2006/000963
Other languages
English (en)
Inventor
Susan Jane Bennell
Original Assignee
Smarq Pty Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU2005903646A external-priority patent/AU2005903646A0/en
Application filed by Smarq Pty Ltd filed Critical Smarq Pty Ltd
Publication of WO2007006084A1 publication Critical patent/WO2007006084A1/fr

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/02Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by keys or other credit registering devices
    • G07F7/025Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by keys or other credit registering devices by means, e.g. cards, providing billing information at the time of purchase, e.g. identification of seller or purchaser, quantity of goods delivered or to be delivered
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/342Cards defining paid or billed services or quantities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/347Passive cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/403Solvency checks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/12Card verification
    • G07F7/125Offline card verification

Definitions

  • This invention relates to the field of card transactions and in particular to the physical card checking process associated with the use of a card by a merchant prior to obtaining authorisation to accept the associated transaction.
  • Counterfeit plastic cards can be created fraudulently by: i) manufacturing a complete card and embossing and encoding stolen details j) embossed only cards used at collusive merchants for manual transactions k) encoded only white plastic for use through EFTPOS terminals (telephone, petrol pumps) or with collusive merchants (PIN input is required at some sites)
  • the normal card number (on the face of the card) and expiry date checks only provide enough information for card authorisation and card fraud can easily occur as the true cardholder can still repudiate the transaction.
  • Authorisation means in all cases only that a) The account number is valid; b) The card has not been reported lost or stolen (although it may in fact be lost or stolen); and c) There are sufficient funds available to cover the transaction.
  • Card authorisation systems all require connection to the authorising agency at the time of the transaction, and in most cases this means that the card reading equipment used to swipe the card during the transaction is connected via a telecommunications link typically a landline, however, wireless communication systems are available.
  • merchants cannot afford the equipment that is used to transact card authorisations, and it is possible for them to enter into an arrangement with an intermediary (commonly referred to as the aggregator) that offers a service and equipment to many merchants for an agreed percentage of the value of total transactions by each merchant. In such an arrangement it is not the authorisation of the transaction that is a problem to the merchant, but the fact that the transactions for the day's trading are not communicated to the aggregator until the end of the day.
  • the transaction is aggregated and sent as one transaction to a clearing institution such as a bank. This means that the actual funds transfer to the merchant's account does not occur until the card credit provider has processed the transactions and the aggregator is paid. Further it is only at that time that the precious information within the equipment is removed.
  • a method for checking the integrity of information associated with a financial transaction card having a digital information storage element and optically readable information consisting of the steps of: a) extracting information from the digital information storage element; b) transforming by optical means the optically readable information into digital information representative of the optically readable information; c) comparing a portion of the extracted information with a predetermined portion of the optically readable information wherein if the comparison is a match, information associated with the transaction card is likely to have integrity; and d) indicating whether the outcome of the comparison is a match or not a match indicating the likely integrity of the information associated with the card.
  • a system for checking the integrity of information associated with a financial transaction card having a digital information storage element and optically readable information includes an extraction device for extracting information from the digital information storage element; a visual display for displaying a portion of the extracted information for comparison with a predetermined portion of the optically readable information, wherein if the comparison is a match, information associated with the card is likely to have integrity, and communication device for communicating a predetermined portion of the optically readable information and a portion of the extracted information for confirmation of the integrity of the information associated with the card.
  • system further includes an optical reader for reading said optically readable information; wherein the visual display means also displays said optically read information for comparison by a user of said apparatus with the displayed information.
  • system further includes an information comparison means for comparing a portion of the extracted information with a predetermined portion of the optically read information and may include an integrity indicator that is operable to indicate the result of said comparison of the likely integrity of the information associated with the card.
  • the system for checking the integrity of information associated with a financial transaction card having a digital information storage element and optically readable information includes an extraction element for extracting information from the digital information storage element; communication element for communicating a portion of the extracted information; a visual display for receiving the communicated information and displaying a portion of the extracted information for comparison with a predetermined portion of the optically readable information, wherein if the comparison is a match, information associated with the card is likely to have integrity, and visual display communication element for communicating a predetermined portion of the optically readable information and a portion of the extracted information for confirmation of the integrity of the card.
  • a system for checking the integrity of information associated with a financial transaction card having a digital information storage element and optically readable information includes a card transaction device having a digital information extraction element and an information transmitter element, the device extracting information from the digital information storage element and transmitting a portion of the extracted information, an information communication device having an information receiver, an information display, a user operable information input and an information communications element, the information communication device receiving at the information receiver the extracted information from the transmitter element of the card transaction device and displaying on the information display the received extracted information for a user of the information communication device to compare the displayed extracted information with optically readable information determined by the user, and if there is a match, the user inputs information confirming the match using the user operable information input and also inputs optically read information from the transaction card and associated financial transaction information using the user operable information input, wherein the information communication element communicates a portion of the extracted information and the optically read information, plus information relating to the confirmation and financial transaction information associated with said card, external of the
  • the extraction and communication elements are included in a first device and the visual display and visual display communication elements are included in a second device physically separate from the first device.
  • a system for checking the integrity of information associated with a financial transaction card having a digital information storage element and optically readable information including a card information extraction and optical reading apparatus for extracting information from the digital information storage element and optically reading some or all of the optically readable information and comparing predetermined portions of said extracted and read information to determine whether the information matches thereby indication the likely integrity of information associated with the card and transmitting an indication of the likely integrity of the information associated with the card with predetermined portions of the extracted and optically read information external of the apparatus, an information communication device for receiving an indication of the likely integrity of the information associated with the card with predetermined portions of the extracted and optically read information and also transferring a portion of the extracted information and a predetermined portion of the optically read information associated with said card external of the communications device, and having input by a user of the information communication device financial transaction information associated with the card for initiating a financial transaction, wherein the information communication device does not transfer information for authorisation unless the financial transaction card is likely to have integrity as determined by the card information extraction and optical reading
  • the optically read information includes the Card Verification Code (CVC) and the information processor recalculates the CVC from information associated with the card holders' card information and checks that they match or otherwise compares the received CVC with a CVC associated with the card holders' card information and/or the card information extraction and optical reading apparatus uses one or more portions of the extracted information and/or the optically read information to generate a Card Verification Code (CVC) for the information obtained from the card and checks or otherwise compares that the generated CVC matches the CVC optically read from card.
  • CVC Card Verification Code
  • a system for checking the integrity of information associated with a financial transaction card having a digital information storage element and optically readable information includes a card reader device including a card information extraction apparatus; a visual display for displaying a portion of the extracted information; an extracted information communication device for communicating at least, a predetermined portion of the extracted information external of the card reader device; and an information communication device for receiving the extracted information from the card reader device, the information communication device including an information input for a user to input financial transaction information, and an information display for displaying a portion of the extracted information for a user to compare the displayed information with a predetermined portion of optically readable information on the card and if there is a match, information associated with the card is likely to have integrity and predetermined portions of the extracted information is commanded by the user to be communicated external of the information communication device; and transferring information using the information communication device, including a portion of the financial transaction information and a predetermined portion of the extracted information for confirmation of the integrity of the card by an authorisation system to confirm
  • Fig. 1 is a pictorial representation of a prior art system arrangement
  • Fig. 2 is a pictorial representation of the devices of an embodiment of the invention.
  • Fig. 3 is a pictorial representation of the front of a card
  • Fig. 4 is a pictorial representation of the rear of a card
  • Fig. 5 is a pictorial representation of the steps involved in using the card reader of the system
  • Fig. 6 is a pictorial representation of the steps involved in using the reader and cellular device of the system
  • Fig. 7 is a pictorial representation of the network involved in using the system.
  • Fig. 8 is a receipt generated by the transaction printer that allows the recipient to obtain full details of the transaction from a server on a computer network.
  • the term card will include without limitation transaction card, credit card, charge card, cash card, smart card, stored value card, etc. In all cases the card has optically readable data /information and data /information that needs to be extracted by means other than optically.
  • FIG 1 depicts a prior art system for credit card use of the magnetic strip type shown in Figures 3 and 4.
  • Magnetic strip cards as they are referred to, comprise a plastic carrier 40 on which is embossed and indelibly printed a thirteen to nineteen (typically sixteen digits as per included Figures 3 and 4) digit number (the same thirteen to nineteen digit number located on the front of the card is printed on the rear of the card which consists of part of the optically readable data/information associated with the card) and it also carries a High Coercivity (HiCo) magnetic strip 42 (both of which are shown pictorially in Fig. 4).
  • HiCo High Coercivity
  • the magnetic strip is encoded with data according to a common standard and includes at least, the thirteen to nineteen digit numbers, the expiry date of the card, the type of account and the account holder's name along with other data required to provide a check of the correct reading of the data (check bits). More details of the information contained in the magnetic strip will be provided later in the specification.
  • the data/information can only be extracted (read) by means that is not an optically readable method and which is preferably electromagnetic in nature. When a smartcard is used, contact and non-contact electronic means are used to extract data /information from the electronic memory included in such cards.
  • the apparatus for authorisation involves the installation at the merchant's location of a card reader 10 that is powered 12 from via mains power and connected to a communications medium, in most cases the wired telephone system 14.
  • a customer's card is to be used in a transaction it is swiped in the slot 16 provided in the card reader 10 and the data in the magnetic strip (sometimes referred to as a stripe or magstripe) is read and used to form a message for communication to the card transaction authorisation entity 20 via (optionally) a aggregator 18 of transactions.
  • Each track is about one-tenth of an inch wide.
  • the ISO/IEC standard 7811 which is used by banks, specifies: • Track one is 210 bits per inch (bpi), and holds 79 6-bit plus parity bit read-only characters.
  • Track two is 75 bpi, and holds 404-bit plus parity bit characters.
  • Track three is 210 bpi, and holds 1074-bit plus parity bit characters.
  • a credit card typically uses only tracks one and two.
  • Track three is a read /write track (which includes an encrypted Personal Identification Number (PIN), country code, currency units and amount authorized), but its usage is not standardized among issuing authorities primarily the banks.
  • PIN Personal Identification Number
  • country code country code
  • currency units currency units and amount authorized
  • the information on track one is contained in two formats: A, which is reserved for proprietary use of the card issuer, and B, which includes the following:
  • PAN Primary Account Number
  • LRC is a form of computed check character.
  • the format for track two, developed by the banking industry, is as follows:
  • EDC Electronic Data Capture
  • the EDC software at the POS terminal dials a stored telephone number (using a modem) to call the acquirer.
  • the acquirer company receives the credit-card authentication request, it checks the transaction for validity and the record on the magstripe for: Merchant ID
  • the cardholder enters a personal identification number (PIN) using a local keypad and in most others the card holder provides a signature, in both cases involvement of the card holder is done so as to allow for non- repudiation of the transaction by the card holder.
  • PIN personal identification number
  • the PIN may not be on the card but if it is it is encrypted (hidden in code using cryptography) on the card itself and in a database used by the authorising authority typically the bank. To reduce vulnerabilities, the PIN is combined with one or more other data strings that may include the cardholder's account number within the encrypted form. Before one obtains cash from an ATM, the ATM obtains the encrypted data from the card and sends it to the database to see if there is a match with the manually inserted PIN that is also independently encrypted.
  • the PIN is stored in the bank's computers in an encrypted form (as a cipher). The transformation used in this type of cryptography is one-way.
  • the communication of data /information between the ATM and the bank's central computer are all encrypted (sometimes using a transaction authentication number) to prevent would-be thieves from tapping into the communication lines, recording the signals sent from and to the ATM that eventually authorize the dispensing of cash and then feeding those same signals to an ATM to trick it into unauthorized dispensing of cash.
  • the communication from the card reader is generated immediately and information contained in the magnetic strip plus the transaction amount and details of the merchant that are stored in the card reader are sent in the communication via the communications system typically the wired telephone system. Even when a wireless telephone system (cellular system) is used, the card reader may still retain all the information associated with the transaction so that it can be downloaded at a later predetermined time and in some cases that is to the aggregator 18.
  • the communications system typically the wired telephone system. Even when a wireless telephone system (cellular system) is used, the card reader may still retain all the information associated with the transaction so that it can be downloaded at a later predetermined time and in some cases that is to the aggregator 18.
  • the card details are sent to the card issuer sometimes via the aggregator 18 and most times direct to the card issuer/authorization entity 20 or its nominee.
  • the communication is received and the information is checked for a number of things, including: the existence of the account in the corresponding system; that the account will support the requested transaction amount; the validity of the merchant device and the existence of the merchant in the corresponding system; and the internal consistency of the numbers that make up the thirteen to nineteen digit number which contains check digits for exactly that purpose along with the information described above.
  • the card reader has an associated (battery powered for mobile use or is mains powered for semi-permanent use at a location) printer (not shown) that prints out a merchant copy of the now authorised transaction including selected data within the magnetic strip 42 (Fig 4) including the thirteen to nineteen digit card number 46 and the account holder's name 48.
  • This is the first opportunity for the merchant to check that the information associated with the card 40 is not in some way fraudulent, by comparing the numbers printed on the printout with the embossed numbers on the front of the card. Clearly if they do not match, then the magnetic strip does not belong to the card and the card is fraudulent. However, not many merchants check the whole number if any part of it at all. The merchant could also have checked the thirteen to nineteen embossed numbers on the front of the card with the thirteen to nineteen printed numbers on the rear of the card.
  • the cardholder signs the merchant copy of printed data and then the merchant has a further chance to check that the cardholder is the card owner by checking the signature 44 that is also on the rear of the card 40. It is well recognised that signature checking is notoriously difficult and not always preformed anyway.
  • a further print is generated for the cardholder to keep as a record of the transaction, which does not typically print all of the information available, for example it does not include all of the numbers of the card so that the receipt itself does not become a source of card numbers and expiry dates.
  • the merchant is provided a battery or mains powered card reader device 24 that reads, at least in this embodiment, magnetic strip cards, but which can be made to read smart cards conforming to any required standard but most likely to be the EMV standard. It is a preferred functionality of this reader that it does not retain card data for any longer than it takes to read it and communicate it to a communications device 26 (preferably a cellular device such as a mobile phone) intermediate the card reader 24 and the card issuer 18' that will eventually need to authorise the transaction.
  • a transaction receipt printer 28 is used to provide a hard copy receipt of the transaction for signing by the card holder in a credit transaction or a receipt for both the merchant and the card holder for a PIN authorised transaction.
  • the card reader can communicate in an approved /secure fashion the data read from the magnetic strip of the transaction card, in this preferred arrangement, the communication occurs over a small distance to an intermediate device, which in a preferred embodiment is a cellular phone 26. Communications could be achieved using Bluetooth or any other short distance wireless communications means although the invention is not limited to using a wireless connection when a suitable wired connection could be used at the insistence or convenience of the merchant.
  • the cellular phone includes a Radio Frequency Identification Device (RFID) that has a NFC capability.
  • RFID Radio Frequency Identification Device
  • Some of the functionality of the RFID includes the ability to be programmed by the phone device, in particular by commands received from a remote location and with the interactive control of the mobile user.
  • Such a capability can be used to reprogram the RFID to interact with multiple types of RFID access or purchasing systems, e.g. allowing the mobile to make the RFID access a train network by merely calling and paying for that capability, or having the inbuilt RFID interact with a soft drink machine and to command the machine to release a product because it has been paid for through the phone.
  • the RFID it is also a function of such a device for the RFID to be capable of having stored value that can be used in transactions of the type contemplated and described herein.
  • a third party reader capable of communicating with the RFID and receiving the authorising PIN to verify that authority, transactions wherein the extracted information can be checked against other information to check the veracity of the RFID device to an acceptable degree as to reduce or eliminate the liability of the merchant when using these types of devices for transactions.
  • the mode of communications from the cellular device owned and controlled by a device holder can be in accord with non- cellular technologies such as, by way of example, the 801.11 family of standards that exist and that are being developed to accommodate higher speeds and greater security.
  • the mobile communication device receives the data the merchant needs to do two things that are of importance to at least one embodiment of the invention.
  • the first step is to read at least a portion of that data of the optically readable data /information associated with the card, and in a preferred step the last four digits of the thirteen to nineteen digit number 46a on the front of the card, and check that those numbers are the same as the last four digits of the number provided from the reader that represents a portion of the extracted data from the card.
  • a display on the reader or as displayed on an intervening mobile communication device can be used to observe the data obtained from the reading process, The use of the last four digits gives at least a 1 in 10,000 chance that the optically read numbers are not the same by chance as the extracted numbers when a fraudulent card has been used.
  • the merchant can use the mobile phone keypad to enter the amount of the transaction and with information contained in the mobile phone can send the transaction details to the card issuer.
  • the mobile phone software can add the merchant details and other data to the outgoing communication.
  • the last four digits can be manually entered in to the intermediate device such as a cellular phone so that the processor in the phone performs the comparison to determine whether there is a match.
  • the merchant reads a further portion of the optically readable information associated with the card.
  • the optically readable information may not always be text and may include logos, holographic information or digitally encoded data /information that is nonetheless optically readable, one example, being a bar code or another being a hologram.
  • CVC Card Verification Code
  • This number is also referred to as a CW2 - Card Verification Value (Visa 3 digits); CVC2 - Card Validation Code (MasterCard 3 digits); or a CID - Card IDentification (Amex 4 digits, Diners Club 3 digits) and for the purpose of referral and meaning in this specification the terms Card Verification Code or CVC will be used.
  • the principle is the same in all cases.
  • the number is generated by the card issuer using a secret algorithm using predetermined information associated with the card and sometimes-other information not on the card known only to the card issuer.
  • an audit number to be associated with the transaction that can be provided by the programme run by the mobile communication device that generates or retrieves the number or in an alternative arrangement the card issuer or central transaction authority provide one.
  • the additional optically read information (in this embodiment the CVC of the card) can in one embodiment be sent along with the information extracted from the card by the reader to the card issuer for authentication of the card from the mobile phone along with other transaction related information.
  • the software within the mobile communications device can recreate the CVC based on available information and then the mobile communications device could verify the veracity of the digital information stored in the cards magnetic strip 42 in this example or within the memory of a smart card.
  • the CVC is typically used in a card-not-present situation as in an on-line or over the phone purchase, but in this embodiment of the invention it is used when it would not have otherwise been possible to do so since the magnetic strip cannot be read when a phone order is being processed.
  • the card reader which has in one embodiment an in-built printer, can then print a transaction record, using the necessary information it has retained solely for this purpose and the signing of the transaction record can take place as required as well as providing a duplicate copy for the cardholder.
  • the system can also optionally include a separate printer 25 for generating a record of the transaction.
  • a copy is also generated for the card holder as a record of the transactions.
  • the recept provided by the printer will not contain all the details, so a full receipt can also be provided by other means, which in one embodiment from a server accessible via a computer network e.g. the Internet at the convenience of the card holder.
  • the mobile communications device uses a portion of the available information to format the information to be printed and sends it wirelessly to the printer 25.
  • An example of such a receipt 800 is depicted in Fig. 9, which shows that by accessing a computer server, in this example using the Universal Resource Locator (URL) 802 and providing an audit number 804 and authority code 806, a full receipt will be provided on screen that can be stored or printed as required by the user.
  • URL Universal Resource Locator
  • the mobile communication device retains only a portion of the extracted information or a representation thereof to allow for voiding the immediately preceding transaction only if an input error or change of mind by the customer has occurred.
  • the minimally retained information is of a form such that it CANNOT be used to replicate a separate unauthorised transaction or be used to replicate account numbers and names, PIN numbers and the like.
  • Certain physical and software security measures are required for the card reader and printer, which can be provided in accordance with industry standards known to those having skill in the art.
  • the card reader can conduct that check by comparing the optically read information with the information extracted from the card. Wherein, the extracted information is checked against the information (such as the full card number or just a portion of optically read information such as the CVC) manually inserted into the cellular phone by he merchant.
  • the card reader not only extracts the no ⁇ -optical data, it can also optically scan one or both sides of the card to optically read the data/information carried on the card, such as for example all or a portion of the account number (embossed on the front of the card), all or a portion of the account number printed on the back of the card including the CVC, all or a portion of the account holder's name embossed on the front of the card, and all or a portion of other optically readable features of the card such as special or unique markings, symbols or the like that are used for security purposes.
  • a marking is the hologram 41 displayed in Figure 3.
  • Such information may also be used to check the visual authenticity of the card something that only trained merchants can do to a useful degree. Those skilled in the art are knowledgeable as to how to sense the hologram and conduct checks as to their veracity.
  • the card reader in this embodiment can then give an indication of the integrity of the card based on a number of predetermined metrics.
  • the indication may be in the form of the presentation of the next step in the transaction process, or may be by way of a specific visual indicator that can be seen by the cardholder and the merchant or the merchant alone so that fraudulent cardholders are not alerted while the relevant authorities are advised.
  • the value of the optically read data /information is helpful then for automatically comparing that information with the extracted information.
  • a comparison function located within the card reader or as in other embodiments within the mobile communications device in the form of software to Optically Character Recognise selected text marked on the card (embossed or printed) and compare it with the text equivalent (data contained within the magnetic stripe) obtained by the extraction process.
  • the information can remain wholly within the card reader and only selected portions sent external of the reader once it has been suitably encrypted. This adds further to the security of the process and thus benefits the card issuer and all merchants as the apparatus and process lessens the chance of future card fraud.
  • the above equipment may also be possible to configure the above equipment to make the reader capable of calculating the CVC and thus provide a further level of surety that the card is legitimate.
  • This configuration assumes the reader that will have stored access to the various proprietary algorithms for one or more of the card issuers so that it can also perform the step of recreating the CVC and compare it with the visual CVC information and thus perform the CVC check.
  • the algorithm may be provided in the reader in the form of hardware into which is input data and out of which is output only the confirmation of the correctness of the CVC.
  • the algorithms are kept confidential, as any physical disturbance to the hardware will null the software therein.
  • Such devices are known in the art.
  • Figure 5 depicts a flow diagram of part of the processes of using the card reader.
  • the card reader is switched on at step 502 and the cellular phone if also "on" is controlled via switches or preferably via screen displayed choices to activate 504 the payment application that will interact with the card reader.
  • a credit card will be used to illustrate the functions of the system but it will be understood that the types of cards the system is capable of dealing with include and are not limited to; Charge cards; Smart cards; Magnetic Swipe cards; PINless debit cards; PINless chip cards; and all types of cards that can be used and require operation in conjunction with a PIN known to the cardholder.
  • the application Prior to operation of the application on the cellular phone there needs to be some setup procedures conducted on the system components which include; having a GPRS and Bluetooth capable phone that has both these functions activated; downloading of the payment system application to the cellular phone which is in one embodiment a Java applet capable of being run on the cellular phone; the card reader being a Bluetooth device being paired with the mobile phone; and the application being personalised for the merchant by the inclusion of the merchants details for use in the transaction information exchange and for printing on receipts.
  • unique software version and merchant use licensing identifying details are downloaded and installed on the cellular phone to further increase the security of use and transactions.
  • the cellular display provides two options 506 whether to transact 1. " A payment" or 2. "Other". A selection of an option is achieved using the cellular user interface which could include the keyboard, the screen by way of icons and a selection tool such as a pointer, or even touch screen input.
  • the functionality of the cellular device determines the selection modes available to the merchant.
  • the merchant enters the card into the card reader device so that it can perform one or more functions while the cellular card application waits 510 for the card reading functions to be completed 512.
  • the card reader can perform extraction of information as well as optical reading of information associated with the card as well as in one embodiment calculation/production of the CVC and then communicate all or a portion of the extracted and optically read information to the cellular device via in one embodiment a Bluetooth communications medium.
  • the cellular device prompts 514 the merchant to enter 516 at least the last four digits of the PAN.
  • the merchant enters the CVC read from the rear of the card.
  • the cellular device prompts the merchant to wait 518 while a number of checks are performed.
  • the application in the cellular device in conjunction with the information communicated to it from the card reader compares 520 the PAN information as well, in another embodiment, the CVC information obtained from the two process steps. If the information matches 522 the process progresses further via path 526 to that depicted in Figure 6.
  • the extracted information i.e. that which is obtained from the magnetic stripe or smart card memory
  • the extraction step was corrupted or for example the magnetic stripe is damaged and so is the information on it. In which case repeating the extraction process may assist but if unsuccessful again the card may need to viewed by the issuing authority.
  • the merchant will need to have procedures in place to deal with the card and card holder especially if a fraudulent card is suspected. At least however the merchant has been able to avoid a fraudulent transaction for which they would most likely be liable.
  • the appropriate selection is made by the merchant and the application identifies the last used transaction audit number 536 and exits the voiding process 538 which involves the communication of a voiding code along with the transaction audit number to a remote processor.
  • the audit number has been previously obtained during an earlier transaction.
  • a backend computer server operated by a third party having a cellular communications gateway receives cellular communications from the application resident on the one or more cellular devices.
  • the back end server services the needs of multiple merchants as is depicted in the system diagram in Figure 8.
  • the respective transaction audit number is inserted into the cellular device 542 and once dealt with as described in the preceding paragraph the application exits 544 the voiding procedure.
  • the application is then may ready for a new transaction 540 joining the process back at the entry of a payment or other type of transaction 506.
  • Figure 6 depicts a flow diagram of a further part of the processes of using the card reader and cellular communication device to complete a selected transaction.
  • the merchant is prompted to enter a transaction value 606 which is entered into the application 608.
  • predetermined maximum transaction limit 608 (1) it is typical for there to be a predetermined maximum transaction limit 608 (1) and if the transaction is going to exceed that limit, it is also possible to enter a pre-approved code 608 (2) that if legitimate over-rides the predetermined transaction limit for that transaction.
  • the application checks the limit and pre-approved transaction code 610 and if the details 612 are not OK then the transaction path returns to the input step 608. If the details 612 are OK then the transaction path proceeds to communicate 614 relevant details to the third party server for card issuer authority to complete the transaction.
  • PIN PIN
  • the separate printer will be provided a PIN entry device or an additional device will have a pin entry facility.
  • PIN type information it may also necessary or as an alternative to use a biometric input device working alone or in conjunction with a (PIN) entry device.
  • the communication of relevant information relating to a PIN or biometric information is securely communicated from the separate device to the cellular device for on communication for assisting the authorisation process.
  • the card issuer /bank or even aggregator if that is a model that is being used will reply to the third party server and they will communicate to the cellular device and to the application 616.
  • step 626 If the transaction progresses beyond step 616 to step 626 it becomes associated with the audit number with in the application so it can be referenced later, such as for a voiding procedure and enters the final acceptance /decline process 628 associated with the transaction.
  • the cellular device will provide a message 630 to that effect for the merchant to show to the card holder.
  • the message may also advise the card holder to contact the bank.
  • the printer can print a receipt of the rejection for the card holder and even the merchant. Thereafter the transaction process returns 632 to the new transaction step 506.
  • a receipt can be generated 636, one for signing if the transaction is a credit transaction and one for the card holder as a record of the transaction. Further details of the receipting of a transaction are provided elsewhere.
  • the receipt can be sent using one of a variety cellular communications facilities / including Small Message Service (SMS) 638 and 640 of directly via Bluetooth small range RF transmission, Radio Frequency Identification Device (RFID) NFC, Infrared, etc.
  • SMS Small Message Service
  • RFID Radio Frequency Identification Device
  • a merchant receipt copy with a card holder signing space is generated 644 as well as a card holder copy of the receipt.
  • the receipt may have the format depicted in Figure 9 and as described previously.
  • the process can be returned 646 to the generating step 636 or the process returns to the new transaction step at 506.
  • Figure 7 depicts a system diagram of the major computer processing elements used to complete a selected transaction.
  • the process of checking the PAN and CVC can be controlled and orchestrated by software operating on not just a cellular device but also any device having a processor. This is made much more likely and possible if the software is written in language such as Java hence the depiction in Figure 7 of laptop and personal computers.
  • the communications from such devices can be via the cellular system that will use ever faster protocols and modulation systems or from devices having processors that will use protocols such as TCP/IP and the Internet to transport the information to one or more third party servers and related or direct connect gateways to service multiple merchants.

Abstract

L’invention concerne le champ des transactions par carte et particulièrement le procédé de vérification physique de carte associé à l’utilisation d’une carte par un marchand avant l’obtention de l’autorisation d’accepter la transaction associée. De nombreuses fraudes sont associées à ces types de cartes (pouvant inclure cartes à bande magnétique et cartes à puce) ; l’appareil et le procédé de la présente invention réduisent ou minimisent l’utilisation de cartes frauduleuses. L’appareil et le procédé de la présente invention forcent la vérification des informations contenues dans la bande magnétique par rapport aux informations imprimées ou imprimées en relief sur la carte en automatisant l’extraction des informations à la fois incorporées à la carte et lisibles sur la carte de manière optique. Dans un exemple, le code de vérification de carte est lu de manière optique ou inséré manuellement dans l’appareil du marchand et vérifié avant la vérification de la transaction.
PCT/AU2006/000963 2005-07-08 2006-07-10 Appareil et procédé de traitement de carte WO2007006084A1 (fr)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
AU2005903646 2005-07-08
AU2005903646A AU2005903646A0 (en) 2005-07-08 Card processing apparatus and method
AU2005903653 2005-07-11
AU2005903653A AU2005903653A0 (en) 2005-07-11 Card processing apparatus and method

Publications (1)

Publication Number Publication Date
WO2007006084A1 true WO2007006084A1 (fr) 2007-01-18

Family

ID=37636660

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU2006/000963 WO2007006084A1 (fr) 2005-07-08 2006-07-10 Appareil et procédé de traitement de carte

Country Status (1)

Country Link
WO (1) WO2007006084A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2015510168A (ja) * 2012-01-13 2015-04-02 イーベイ インク.Ebay Inc. Emvカードリーダと連携して支払いを提供するシステム、方法、及び、コンピュータプログラム製品
CN111507727A (zh) * 2020-04-20 2020-08-07 车主邦(北京)科技有限公司 无感支付的安全性控制方法
US11562622B2 (en) 2016-09-23 2023-01-24 Igt Gaming system player identification device
US11967208B2 (en) 2010-02-10 2024-04-23 Igt Virtual players card

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1992016913A1 (fr) * 1991-03-20 1992-10-01 The Security Systems Consortium Limited Securisation d'operations financieres
US5321751A (en) * 1993-02-18 1994-06-14 Eastman Kodak Company Method and apparatus for credit card verification
EP1018712A1 (fr) * 1998-12-22 2000-07-12 Eastman Kodak Company Procédé et appareil pour la sécurité d'une carte de transaction avec insertion de données d'image
US20020043562A1 (en) * 1998-04-07 2002-04-18 Victor Zazzu Multi sensor information reader
EP0730243B1 (fr) * 1995-02-28 2005-04-13 AT&T Corp. Système et méthode de vérification de cartes d'identification
WO2005057384A1 (fr) * 2003-12-09 2005-06-23 Smart Wallet (Pty) Limited Procede et systeme d'identification et d'autorisation
WO2005086158A1 (fr) * 2004-02-24 2005-09-15 Koninklijke Philips Electronics N.V. Forme de tacheture destinee a authentifier un support de donnees

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1992016913A1 (fr) * 1991-03-20 1992-10-01 The Security Systems Consortium Limited Securisation d'operations financieres
US5321751A (en) * 1993-02-18 1994-06-14 Eastman Kodak Company Method and apparatus for credit card verification
EP0730243B1 (fr) * 1995-02-28 2005-04-13 AT&T Corp. Système et méthode de vérification de cartes d'identification
US20020043562A1 (en) * 1998-04-07 2002-04-18 Victor Zazzu Multi sensor information reader
EP1018712A1 (fr) * 1998-12-22 2000-07-12 Eastman Kodak Company Procédé et appareil pour la sécurité d'une carte de transaction avec insertion de données d'image
WO2005057384A1 (fr) * 2003-12-09 2005-06-23 Smart Wallet (Pty) Limited Procede et systeme d'identification et d'autorisation
WO2005086158A1 (fr) * 2004-02-24 2005-09-15 Koninklijke Philips Electronics N.V. Forme de tacheture destinee a authentifier un support de donnees

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11967208B2 (en) 2010-02-10 2024-04-23 Igt Virtual players card
JP2015510168A (ja) * 2012-01-13 2015-04-02 イーベイ インク.Ebay Inc. Emvカードリーダと連携して支払いを提供するシステム、方法、及び、コンピュータプログラム製品
US11562622B2 (en) 2016-09-23 2023-01-24 Igt Gaming system player identification device
US11861977B2 (en) 2016-09-23 2024-01-02 Igt Gaming system player identification device
CN111507727A (zh) * 2020-04-20 2020-08-07 车主邦(北京)科技有限公司 无感支付的安全性控制方法
CN111507727B (zh) * 2020-04-20 2023-12-29 车主邦(北京)科技有限公司 无感支付的安全性控制方法

Similar Documents

Publication Publication Date Title
US6182894B1 (en) Systems and methods for authorizing a transaction card
US20180053167A1 (en) Processing of financial transactions using debit networks
JP6099272B2 (ja) Ic識別カードを使用した支払いシステムおよび方法
US8712892B2 (en) Verification of a portable consumer device in an offline environment
US7500602B2 (en) System for increasing the security of credit and debit cards transactions
US5341428A (en) Multiple cross-check document verification system
AU2004252925B2 (en) Transaction verification system
US20110251910A1 (en) Mobile Phone as a Switch
US20020091646A1 (en) Method and system for verifying the identity of on-line credit card purchasers through a proxy transaction
WO2011130422A2 (fr) Téléphone mobile en tant que commutateur
US20090150294A1 (en) Systems and methods for authenticating financial transactions involving financial cards
US20100123003A1 (en) Method for verifying instant card issuance
US20100123002A1 (en) Card printing verification system
CN101512957A (zh) 使用网络的交易认证
KR20010025234A (ko) 지문정보를 이용한 카드거래 인증방법 및 그 시스템
TW200306483A (en) System and method for secure credit and debit card transactions
US20030168510A1 (en) Anonymous electronic bearer instrument method and apparatus
EP1190396B1 (fr) Systeme de paiement
GB2387253A (en) Secure credit and debit card transactions
JP2010522933A (ja) Ic識別カードを使用する支払いシステムおよび支払い方法
JPS6194177A (ja) 金銭取引額を演算し記録する装置
CN103886449A (zh) 一种基于可见码的多重安全组合机制的支付方法和系统
US20040138955A1 (en) Anti-fraud POS transaction system
JP2013505487A (ja) 電子財布のための資産価値記憶、転送システム
WO2007006084A1 (fr) Appareil et procédé de traitement de carte

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06752685

Country of ref document: EP

Kind code of ref document: A1