A TRANSACTION METHOD AND SYSTEM
FIELD OF THE INVENTION
The invention relates to a method of and system for effecting financial transactions and managing accounts; and, in particular, for making a payment with a mobile device.
BACKGROUND TO THE INVENTION
Mobile phone banking is generally available but has some limitations.
Mobile phones are also used widely to facilitate Internet banking. They are used to receive transaction notification and one-time passwords, for example. Notification of credit card usage is also sent to mobile phones as a security precaution. However, this banking general requires access to the usual banking infrastructure and, in addition, a computer with an Internet connection.
The term "mobile device" as used in this specification will include mobile cellular phones, wireless devices such as PDA's (personal digital assistant) and any other devices which use a SIM card or otherwise have an MSISDN number associated therewith.
OBJECT OF THE INVENTION
It is an object of this invention to provide a method and system which will at least partially facilitate financial transactions using a mobile device.
SUMMARY OF THE INVENTION
In accordance with this invention there is provided a method of transacting, comprising: registration of a customer using a mobile device with a SIM card having a specific MSISDN; creating a customer profile linked to the mobile device MSISDN; providing the customer with a virtual purse linked to the customer profile; and enabling the customer to use the mobile device with the linked MSISDN to transact against a balance associated with the virtual purse.
The invention further provides for the method to include storing the mobile phone IMEI and SIM card IMSI against the customer profile and verifying the MSISDN, IMEI and IMSI against a mobile phone network database before a transaction is allowed; and for the database to be selected from a Home Location Register (HLR), Visitor Location Register (VLR) and/or Equipment Identity Register (EIR).
A further feature of the invention provides for the method to include linking the virtual purse to a bank account of the customer.
In accordance with another aspect of this invention there is provided a system for transacting, comprising: a customer having a mobile device with a SIM card having a specific MSISDN; the customer registered against a transaction system with a customer profile linked to the mobile device MSISDN; a virtual purse linked to the customer profile on the transaction system; the system connected across a communication network; and the system configured to enable the customer to use the mobile device with the linked MSISDN to transact against a balance in the virtual purse.
The invention further provides for the mobile phone IMEI and SIM card IMSI to be stored against the customer profile and for the MSISDN, IMEI and IMSI to be verified against a mobile phone communication network database before a transaction is allowed; and for the database to be selected from a Home Location Register (HLR), Visitor Location Register (VLR) and/or Equipment Identity Register (EIR).
A further feature of the invention provides the virtual purse to be linked to a bank account of the customer.
BRIEF DESCRIPTION OF THE DRAWING
These and other features of the invention will now be described, by way of example only, with reference to the accompanying drawing:
Figure 1 which shows a schematic diagram illustrating one embodiment of the invention.
DETAILED DESCRIPTION OF THE INVENTION
Referring to the drawing, a transaction system in accordance with the invention is indicated generally by (1 ). The system (1 ) is used to implement a method of transacting which is also an aspect of this invention.
In a first registration procedure, a customer (2.1 ) will have his/her (3.1 ) MSISDN and mobile phone IMEI (International Mobile Equipment Identity) linked to his/her bank account (4) over a platform (5) provided by the system (1 ). Once that is done, the system (1 ) provides the customer (2.1 ) with a virtual purse (6.1 ). In so doing the customer sets up a unique and secure customer profile against which relevant information and data is recorded. In this version, the system (1 ) is connected into an electronic infrastructure of the bank (7) that holds the account (4).
Money can be transferred from the account (4) or deposited directly with the transaction system service provider by the customer (2.1 ). These funds are then allocated to the virtual purse (6.1 ). It follows that the profile will have an account balance of its own (associated with the virtual purse) which can be managed separate from any bank account balance.
A second registration procedure will provide for customers who do not have a bank account. Such a customer (2.2) will register his/her MSISDN and mobile phone IMEI with the transaction system service provider. This alternative registration procedure will allow the customer (2.2) to set up a profile with a virtual purse (6.2), also using his/her MSISDN and mobile phone IMEI. Money deposited with the transaction service provider will be reflected as a positive balance in the virtual purse (6.2).
Funds can alternatively be placed in the virtual purse in the same manner airtime recharges are purchased, for example. The second registration procedure can
also be used by customers who simply choose not to have their bank account linked to the transaction system (1 ).
While the system (1 ) will generally be used to enable debit transactions, with a positive balance in the purse (6), it will be appreciated that it may also be used to provide a credit facility for certain customers. Such transactions may be provided as part of a mobile phone service contract. Other arrangements for depositing money in the purse (6) or to place customers in a position where they can transact against a balance in the virtual purse (6) will be within the understanding and design competence of a person skilled in the art.
Each customer (2) will be provided with suitable authentication factors for access control during the registration procedures. These factors will conveniently take the form of a password and PIN (Personal Identification Number) code.
The MSISDN is the cellular telephone number allocated to a SIM card in a mobile or cellular phone (3). The SIM card also has an IMSI (International Mobile Subscriber Identity) number that uniquely identifies a subscription in a GSM (Global System for Mobile communications) or UMTS (Universal Mobile Telecommunications System) mobile network.
In addition to the MSISDN and mobile phone IMEI, the IMSI (International Mobile Subscriber Identity) will be securely stored against each customer profile on the transaction system. This is also done during the registration process.
During use, the combination of unique identifiers (IMSI together with the MSISDN and mobile phone IMEI) will be validated against the mobile network operator's HLR (Home Location Register) and EIR (Equipment Identity Register) databases at the time of any transaction against the virtual purse to verify the authenticity of a transaction or request. If these details are not successfully validated the transaction request is denied and the user's session ended.
A customer wishing to utilize any of the transaction services will thus first be authenticated onto the system through his/her MSISDN and a password. The PIN will have to be provided for certain transactions.
The term "virtual purse" is used in this document for a feature of the invention which represents an account against which the customer can transact. This may be a debit or credit account. The use of this term should not be construed as a limitation of the feature in any way. Other terms such as "money bag", "wallet" or "account" could also be used. Furthermore, in an alternative embodiment of the invention, the virtual purse may represent an account balance other than in money or currency. For example, it could represent a balance in coupons, loyalty points or credits for a rewards program.
The system (1 ) and its components will be connected across a communication network (8), which will include, amongst others, the Internet and cellular telephone networks.
The platform (5) is designed with software which makes up a set of core components (9) and multiple plug-in adaptors. These include:
- product adaptors (10);
- client adaptors (11 );
- notification adaptors (12); and
- delivery adaptors (13).
The product adaptors (10) will enable value added services such as electronic airtime recharges. Client adaptors (11 ) will facilitate communication between core components (9) and the end user or customer (2). The notification adaptors (12) provide delivery of notification via SMS or email and the delivery adaptors (13) will enable delivery of electronic products to the customer (2) using various formats and mediums.
The adaptors enable communication with, inter alia, client applications. These applications may be of the kind that uses alternative messaging protocols such as field delimited streams, raw binary streams and ISO8583.
To facilitate communication between the transaction system platform and bank systems, the system (1 ) uses an interface which supports and is fully compliant with the ISO8583 (Postilion) messaging protocol. A Postilion server is indicated by (14). Postilion is a leading global provider of open-systems electronic payment processing. The Postilion product drives payments through ATMs, POS terminals, phones, and Internet access points. These payments include advanced financial transactions such as prepay and self-service. Postilion provides consolidated management information, integrated card management, EMV chip enablement, and loyalty software solutions. It will be appreciated that the system could also be enabled to communicate with another provider - either as an alternative or in addition to Postilion.
The adaptors (10), (11 ), (12) and (13) can communicate using a variety of protocols including: - TCP/IP;
- SMPP; and
A customer (2) using his/her mobile phone (3) accesses the transaction system functionality through one of the following interfaces:
- USSD (Unstructured Supplementary Services Data);
- WAP (Wireless Application Protocol); - HTTP (Hyper-Text Transfer Protocol);
- SMS (Short Message System); and
- .NET / Java / C++ mobile client application
The system (1 ) functions with various models such as POS (Point of Sale) terminals, EFTPOS (Electronic Funds Transfer at Point of Sale) and mobile devices. These hardware terminal devices are indicated by (15). As already mentioned, the transaction system (1 ) also enables various value added services to customers (2). These include payment notifications on cash deposit or electronic funds transfer (EFT) batch and airtime recharges, pre-paid electricity and ticketing.
The system safeguards therefore include having:
- the customer's MSISDN is linked to a PIN code as well as a password; and
- the MSISDN linked to a IMSI number as well as the customers mobile phone IMEI number where these form part of the HLR records.
In this embodiment, the MSISDN and IMSI are used to provide primary security fields. A secondary security field is provided by the IMEI.
As already mentioned, the HLR provides a database against which the above information is usually verified. The HLR is a central database that contains details of each mobile phone subscriber that is authorized to use a GSM network. The HLR stores details of every Subscriber Identity Module (SIM) card issued by a mobile phone operator. The IMSI is a unique identifier of each SIM which provides the primary key to each HLR record.
The MSISDNs are also associated with and stored on the SIM; these are the telephone numbers used by mobile phones to make and receive calls. A primary MSISDN is the number used for making and receiving voice calls and SMS messages - this is the MSISDN which was referred to in the registration procedure. It is however also possible for a SIM to have other, secondary MSISDNs associated with it for fax and data calls. Each MSISDN is also a primary key to the
HLR record. It will be appreciated that a secondary MSISDN could also be used for the systems security.
An IMEI number is associated with each mobile phone. It is usually used by the GSM network to identify valid devices and therefore can be used to stop a stolen phone from accessing the network. The application of the IMEI for verification against the system will be understood by someone skilled in the art.
It is also the SIM which stores the IMSI (International Mobile Subscriber Identity) number that uniquely identifies a subscription in a GSM or UMTS mobile network. The IMSI will also be stored on the platform against a particular profile.
A VLR (Visitor Location Register) serves a particular MSC (Mobile Switching Center) and stores information about all the mobile phones that are currently under the jurisdiction the MSC. Included in this information about each mobile phone, is the current LAI (Location Area Identity). LAI identifies under which BSC (Base Station Controller) the mobile phone is currently present. When an MSC detects a new mobile phone in its network, it creates a new record in the VLR and also updates the HLR of the mobile subscriber. In this manner, the HLR is updated with information of the new location of that mobile phone.
A Serving GPRS Support Node (SGSN) is responsible for the delivery of data packets from and to the mobile phones within its geographical service area. The location register of the SGSN stores location information (for example, the current VLR) and user profiles (for example, the IMSI) of all GPRS users registered with this SGSN.
Therefore, in addition to other data, also stored in the HLR against an IMSI record is the current location of subscriber (based on information of the VLR from the SGSN). The HLR therefore receives location update messages as mobile phones roam around.
The Equipment Identity Register (EIR), like the HLR and VLR, is also a database employed within mobile networks. When a mobile phone requests services from the network the IMEI (International Mobile Equipment Identity) may be checked against the EIR. (This is usually done to determine whether a mobile phone has been reported as stolen or whether it does or does not conform to requirements set down by the network operator.) The EIR is often integrated to the HLR. As already suggested, the EIR provides an additional database which can be used by the system to verify details of a transaction,
After initial registration against the transaction system, if any of the data is changed a registration procedure for the new combination is required in order to access the system and to make a transaction.
The authentication mechanisms of the invention are thus facilitated through accessing the HLR (Home Location Register) records on the networks Mobile Switching Centre (MSC) verifying that the transaction request has indeed originated from a legitimate source. Once the details of the transaction are confirmed and approved, the specified amount is deducted from the customer's virtual purse balance. If the combination of these fields is invalid, access the transaction system will not be permitted.
In this embodiment of the invention, once the customer (2) has logged onto the system (1 ), a menu will be provided on the mobile phone (3) screen to allow the customer (2) to perform one of the following transactions:
(a) Balance enquiry
(b) Transfer funds
(c) Payments (restaurants, bills, etc.) (d) Value added services
(e) Change details
(a) For a balance enquiry transaction request:
The transaction system (1 ) will indicate the balance in the virtual purse (6). Where it is relevant, the system (1 ) will also retrieve the customer's bank account (3) balance from the relevant bank (7).
(b) For a transfer funds transaction request:
For a transfer of funds, the customer (2) is required to enter a recipient's (20) mobile phone MSISDN, the transfer amount and the secure PIN. The customer's details and transaction information are validated against the transaction system. This is done by verifying the PIN against the MSISDN of the subscriber. The system also checks the balance available in the virtual purse on the relevant profile is sufficient to cover the amount to be paid.
The additional authentication mechanisms are provided through accessing the HLR (Home Location Register) records on the networks Master Switching Centre to verify that the transaction request has indeed originated from a legitimate source (2). Once the details of the transaction are confirmed and approved, the specified amount is deducted from the customer's virtual purse (6) balance.
In this way, the customer (2) uses his/her mobile handset to transfer money via the platform (5) to a recipient (20) who can be any subscriber to a cellular network. The system will however operate independently of any specific network operator.
Where the recipient (20) is also a customer (2) of the transaction system (1 ), the money deposited will reflect against the virtual purse (6) balance and, where relevant, can be transferred on into his/her linked bank account (4).
However, it will often happen that the recipient (20) is not a customer of the transaction system (1 ). In such a case, a virtual purse (23) is created with a balance reflecting the payment from the customer (2). The money deposited into a virtual purse (23) is held by the system (1 ) on behalf of the recipient (20).
Notification of the transaction result is sent to the customer (2) who made the payment and to the recipient (20). More specifically, an SMS and/or USSD notification will be sent to the customer (2) to confirm the transaction.
The notification contains the amount transferred and a secure transaction reference number.
The recipient (20), who is not a customer, can withdraw the money as cash from any bank (7) branch. Alternatively, suitable hardware terminals or upgraded ATMs (15) will be provided to withdraw the funds. Such a withdrawal will be based on authentication without any bank cards being necessary.
(c) For a payment transaction request:
The system (1 ) also enables payment of merchants (30) for goods or services. In this case, the customer (2) is required to enter a merchant code and payment amount. The merchant code can be an identifier from an existing database or it may be a code allocated to merchants (30) who have registered against the transaction system (1 ). The details of the transaction are validated and the amount deducted from the customer's virtual purse (6). A reference number is then returned to the cellular handset (3) of the customer (2). The customer (2) gives the reference number to the merchant
(30). The reference number allows the merchant (30) to verify the payment.
A merchant (30) may also be provided with a virtual purse (23) or the money may be routed into the merchant's bank account. A merchant (30) that is registered can also designate an MSISDN for transaction notification and to access balance details.
It is also anticipated that the system will be used together with electronic surveillance means, such as CCTV cameras, motor vehicle tracking devices, etc. In combination with the information available from such means, the HLR and VLR information the invention provides a level of security that will minimize the chances of having a transaction fraudulently repudiated.
(d) For value added service transaction requests:
The customer (2) selects one of the products or a service offered through a menu and enters the relevant details for that product or service. The system (1 ) will deduct the relevant fee or cost from the customer's virtual purse (6). The result is then returned to the customer (2). The purchase of tickets for transport or events, and airtime or electricity vouchers are examples of how this facility can be used.
(e) For a change in details request:
The customer (2) is given the option of changing their details as registered on the transaction system (1 ).
The cellular telephone networks are well established, even in many underdeveloped countries and in rural areas. The transaction system places useful financial transactions within the reach of consumers that do not have access to banks, banking accounts or other conventional banking facilities. The product
gives consumers the ability to transfer funds from person to person or to pay merchants using a mobile phone, as well as access other value added services.
The system (1 ) is configured to seamlessly process or switch between both virtual pin-based requests and pin-less recharge requests. It will be appreciated that a variety of services can be provided in this manner to a customer who can make a selected payment using only his/her mobile device (3).
The invention finds application in 3rd party integrated systems. The marketing, advertising, purchase and delivery of goods and services can overlap or be connected into the system.
As another example of how the invention can be used, a customer can place a bet on the outcome of an event or gamble on a virtual, online gaming facility. The balance in the virtual purse will be used to place bets and any winnings will go directly into the purse.
A person suitably skilled in the art will appreciate that a number of variations may be made to the examples described without departing from the scope of this invention.