WO2007020510A1 - Système destiné à autoriser l’utilisation d’une carte de transaction financière - Google Patents

Système destiné à autoriser l’utilisation d’une carte de transaction financière Download PDF

Info

Publication number
WO2007020510A1
WO2007020510A1 PCT/IB2006/002205 IB2006002205W WO2007020510A1 WO 2007020510 A1 WO2007020510 A1 WO 2007020510A1 IB 2006002205 W IB2006002205 W IB 2006002205W WO 2007020510 A1 WO2007020510 A1 WO 2007020510A1
Authority
WO
WIPO (PCT)
Prior art keywords
card
transaction
transaction data
database
last transaction
Prior art date
Application number
PCT/IB2006/002205
Other languages
English (en)
Inventor
Fayaaz Moosa Bham
Pathmanatitan Gopal Pather
Zunaid Ebrahim Vanker
Original Assignee
The Standard Bank Of South Africa Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by The Standard Bank Of South Africa Limited filed Critical The Standard Bank Of South Africa Limited
Publication of WO2007020510A1 publication Critical patent/WO2007020510A1/fr

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4093Monitoring of device authentication
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/12Card verification
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/12Card verification
    • G07F7/122Online card verification

Definitions

  • THIS invention relates to a system for authorising the use of a financial transaction card.
  • Card skimming is a technique criminals use to commit fraud on the user of a financial institution account. Such a user will typically have a debit or credit card which is a magnetic stripe card or a smart card.
  • the criminal will temporarily obtain access to the card and swipe the card through a card reader which will retrieve the details of the card.
  • PIN personal identification number
  • the criminal is then able to make a duplicate card and using the PlN the criminal is then able to either pay for goods and services with the card or even approach an automatic teller machine or the like and withdraw funds from the user's account.
  • a system for authorising the use of a financial transaction card including:
  • a card reading module for reading last transaction data from a memory of the card
  • a comparator module for comparing the last transaction data read from the card with the last transaction data stored in the database and if the data is the same then authorising the transaction.
  • the system may further include a card writing module for writing data to the memory of the card, wherein if the transaction is authorised then the comparator module changes the last transaction data stored in the database and the card writing module correspondingly changes the last transaction data on the memory of the card so that the last transaction data in the database and the card is the same.
  • the last transaction data may be a transaction counter, wherein the transaction counter is incremented after a transaction has been authorised.
  • the last transaction counter may be based on dynamic transaction variables which are both written to the card memory and the database.
  • a method for authorising the use of a financial transaction card comprising:
  • the method may further include writing data to the memory of the card, wherein if the transaction is authorised then the last transaction data stored in the database and the last transaction data on the memory of the card are changed so that the last transaction data in the database and the card are the same.
  • the last transaction data is a transaction counter and wherein the transaction counter is incremented after a transaction has been authorised.
  • Figure 1 is schematic diagram of a system according to an example embodiment
  • Figure 2 is a flow chart showing the method of an example embodiment.
  • a system for authorising the use of a financial transaction card includes a card reading module 10 for reading last transaction data from a memory of the card.
  • the card reading module 10 is associated with an automatic teller machine (ATM) 16 which a user will use to withdraw money from their account with a financial institution or which the user will use to conduct another transaction such as obtain an account balance or statement, for example.
  • ATM automatic teller machine
  • the card reading module 10 could be associated with another device such as a point of sale terminal where the card will be used to pay for goods and or services purchased.
  • the card itself is typically a debit or credit card but could be another card of a financial institution which gives a user access to their funds or to a credit facility.
  • the card will typically be a magnetic stripe card or a smart card with a memory thereon.
  • Smart card chips are found in two broad varieties namely memory only chips with storage space for data, and microprocessor chips which have a processor controlled by a card operating system in addition to the memory. It is envisaged that the invention could be implemented by either of these types of smart cards.
  • the memory means may be in the form of a magnetic stripe of the kind typically used on debit or credit cards.
  • a database 12 is used for storing last transaction data for a plurality of cards which will be explained in more detail below.
  • a comparator module 14 is associated with the database 12 and is used for comparing the last transaction data read from the card with the last transaction data stored in the database and if the data is the same then to authorise the transaction.
  • the comparator module 14 may be implemented in the form of a server in communication with the card reader 10 via a communications network 18. It will be appreciated that the server may form part of the larger systems of a financial institution or may be a third party server.
  • the system further includes a card writing module for writing data to the memory of the card, wherein if the transaction is authorised then the comparator module 14 changes the last transaction data stored in the database 12 and the card writing module correspondingly changes the last transaction data on the memory of the card so that the last transaction data in the database and the card is the same.
  • the data written to the card memory may be encrypted.
  • card writing module will be integrally formed with the card reading module 10.
  • the last transaction data could be an incremental counter which keeps a record of the number of transactions for which the card has been used.
  • the last transaction counter may be based on dynamic transaction variables which are both written to the card memory and the database.
  • the system operates as follows.
  • the last transaction data for a plurality of cards are stored in the database 12.
  • a user wishing to use their card to withdraw funds from an ATM inserts the card into the ATM.
  • the card reader 10 associated with the ATM reads the last transaction data from a memory of the card and transmits this to the comparator module 14.
  • the comparator module 14 compares the last transaction data read from the card with the last transaction data stored in the database and if the data is the same then authorise the transaction.
  • the data will be the same if both the card and the database have stored in them that the card has been used in 8 transactions, for example.
  • the transaction counter stored in the memory of the card and in the database are incremented. In this example they will be incremented to 9.
  • the present invention prevents fraud since in the case of a pre-transaction skim, the copied card is ineffective as the customers original card will have been changed since the last transaction and the skimming incident.
  • the fraudsters card In the case of a post-transaction skim, the fraudsters card is exactly the same as the customers except if the customer uses their card first, the card is changed and is no longer the same as the fraudsters card rendering the fraudsters card ineffective.
  • the fraudsters card is changed (treated as the customer) rendering the customers card ineffective.
  • system of the present invention assists in preventing fraud.

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Computer Security & Cryptography (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

Procédé destiné à autoriser l’utilisation d’une carte de transaction financière comprenant le stockage des dernières données de transaction pour une pluralité de cartes dans une base de données. Les dernières données de transactions lues à partir d’une mémoire d’une carte sont reçues et comparées aux dernières données de transactions stockées dans la base de données. Si les données sont les mêmes, la transaction est autorisée.
PCT/IB2006/002205 2005-08-16 2006-08-14 Système destiné à autoriser l’utilisation d’une carte de transaction financière WO2007020510A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ZA2005/06537 2005-08-16
ZA200506537 2005-08-16

Publications (1)

Publication Number Publication Date
WO2007020510A1 true WO2007020510A1 (fr) 2007-02-22

Family

ID=37441076

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2006/002205 WO2007020510A1 (fr) 2005-08-16 2006-08-14 Système destiné à autoriser l’utilisation d’une carte de transaction financière

Country Status (1)

Country Link
WO (1) WO2007020510A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140289023A1 (en) * 2013-03-21 2014-09-25 Cubic Corporation Local fare processing

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0257596A2 (fr) * 1986-08-26 1988-03-02 Siemens Aktiengesellschaft Procédé pour reconnaître un usage illicite d'une carte à circuit intégré
GB2261538A (en) * 1991-11-13 1993-05-19 Bank Of England Transaction authentication system
EP0836160A2 (fr) * 1996-10-08 1998-04-15 International Business Machines Corporation Méthode et moyens pour limiter l'utilisation frauduleuse de cartes de crédit, badges d'accès, comptes électroniques ou similaires falsifiés

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0257596A2 (fr) * 1986-08-26 1988-03-02 Siemens Aktiengesellschaft Procédé pour reconnaître un usage illicite d'une carte à circuit intégré
GB2261538A (en) * 1991-11-13 1993-05-19 Bank Of England Transaction authentication system
EP0836160A2 (fr) * 1996-10-08 1998-04-15 International Business Machines Corporation Méthode et moyens pour limiter l'utilisation frauduleuse de cartes de crédit, badges d'accès, comptes électroniques ou similaires falsifiés

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140289023A1 (en) * 2013-03-21 2014-09-25 Cubic Corporation Local fare processing

Similar Documents

Publication Publication Date Title
US7967195B2 (en) Methods and systems for providing guaranteed merchant transactions
US5365046A (en) Preventing unauthorized use of a credit card
US6016963A (en) Integrated circuit card with means for performing risk management
US20100114768A1 (en) Payment vehicle with on and off function
WO2002067172A1 (fr) Systeme d'attribution des ordres de paiement avec identification au moyen de donnees de carte et d'empreinte digitale
US11687915B2 (en) System and method for generation of virtual account-linked card
US20200160299A1 (en) Financial terminal that automatically reconfigures into different financial processing terminal types
EP1125261B1 (fr) Carte à puce comportant des moyens de consolidation et procédé de fonctionnement de ladite carte
US20050197945A1 (en) Optical banking card
US20170091727A1 (en) Casino cash system, apparatus and method utilizing integrated circuit cards
RU2463659C2 (ru) Система и способ аутентификации банковской карты
US20070181670A1 (en) System, method and computer program product for POS-based capture of reference magnetic signatures
KR20050008439A (ko) 카드 사용자의 용도 정의 정보가 포함된 카드 및 상기카드의 운영방법
US20080265017A1 (en) Credit card and security system
WO2007020510A1 (fr) Système destiné à autoriser l’utilisation d’une carte de transaction financière
JPWO2002075676A1 (ja) 自動取引装置及びそれにおける取引方法
JP2022055148A (ja) 情報処理装置及び自動取引装置
EP1956566A2 (fr) Distributeur automatique (ATM) pour fournir des billets de banque, des paiements électroniques et effectuer des opérations bancaires
KR100804635B1 (ko) 카드 사용자의 용도 정의 정보 운용서버
WO1996007150A1 (fr) Methode et dispositif de verification d'une transaction
KR20060128807A (ko) 카드 사용자의 용도 정의 정보 운용서버
US20070181671A1 (en) System, method and computer program product for updating a reference magnetic signature of a magstripe card
WO2009157003A1 (fr) Système et procédé pour empêcher le détournement d'une carte de crédit/carte de débit volée, perdue, reproduite, falsifiée ou contrefaite
Lawack Electronic innovations in the payment card industry
Pasquet et al. Electronic payment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06795240

Country of ref document: EP

Kind code of ref document: A1