WO2014136072A1 - A method of implementing verification for a transaction and a system therefor - Google Patents

A method of implementing verification for a transaction and a system therefor Download PDF

Info

Publication number
WO2014136072A1
WO2014136072A1 PCT/IB2014/059484 IB2014059484W WO2014136072A1 WO 2014136072 A1 WO2014136072 A1 WO 2014136072A1 IB 2014059484 W IB2014059484 W IB 2014059484W WO 2014136072 A1 WO2014136072 A1 WO 2014136072A1
Authority
WO
WIPO (PCT)
Prior art keywords
bank account
account number
part
user
beneficiary bank
Prior art date
Application number
PCT/IB2014/059484
Other languages
French (fr)
Inventor
Petrus Daniel Jacobus ROUX
Original Assignee
Oltio (Proprietary) Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to ZA2013/01792 priority Critical
Priority to ZA201301792 priority
Application filed by Oltio (Proprietary) Limited filed Critical Oltio (Proprietary) Limited
Publication of WO2014136072A1 publication Critical patent/WO2014136072A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation, credit approval, mortgages, home banking or on-line banking

Abstract

A method and system for verification of a transaction includes receiving a request from a user via the internet to upload a beneficiary bank account number. A request is then transmitted to the user to enter at least part of the beneficiary bank account number again via a different communications channel, typically via a USSD session using their mobile telephone on a mobile network. The returned part of the beneficiary bank account number is compared with the beneficiary bank account number entered via the internet and if these two match then the transaction is verified so that the beneficiary bank account number can be entered or changed in the banking system.

Description

A METHOD OF IMPLEMENTING VERIFICATION FOR A TRANSACTION

AND A SYSTEM THEREFOR

BACKGROUND OF INVENTION

The present application relates to a method of implementing verification for a transaction and a system therefor.

On-line transactions, especially on-line financial transaction are fraught with fraud. A common fraud approach is a man in the middle scheme where a fraudster sends a user a fake URL and collects data from the user.

Where the fraudster is able to collude with a Mobile Network Operator back-office official, they are able to redirect any one-time password to a phone that they also control.

They now are able to change a beneficiary bank account number subtly without the user knowing so that the user pays the fraudster instead of the intended beneficiary.

The present invention seeks to address this. SUMMARY OF INVENTION

According to one example embodiment, a method of implementing a verification for a transaction, the method including: receiving a request from a user via the internet to upload a beneficiary bank account number; transmitting a request to the user to enter at least part of the beneficiary bank account number again; receiving from the user via another communications channel the requested at least part of the beneficiary bank account number; comparing the received at least part of the beneficiary bank account number with at least a part of the bank account number received via the internet; and if these match then verifying the transaction so that the beneficiary bank account number can be entered.

The method may also include storing an identity of a mobile communication device of the user, which mobile communication device will be used by the user to transmit the requested at least part of the beneficiary bank account number. In one example embodiment, the transaction is only verified if the mobile communication device from which the requested at least part of the beneficiary bank account number is received matches the stored identity of the mobile communication device.

The requested at least part of the beneficiary bank account number may be received via USSD from the user. According to another example embodiment there provided an electronic system for implementing verification for a transaction, the system including: a communications module for receiving a request from a user via the internet to upload a beneficiary bank account number, transmitting a request to the user to enter at least part of the beneficiary bank account number again and receiving from the user via another communications channel the requested at least part of the beneficiary bank account number; and a verification module for comparing the received at least part of the beneficiary bank account number with at least a part of the bank account number received via the internet and if these match then verifying the transaction so that , the beneficiary bank account number can be entered.

BRIEF DESCRIPTION OF THE DRAWINGS

Figure 1 is a block diagram illustrating an example system to implement the methodologies described herein; and

Figure 2 is a block diagram illustrating the server of Figure 1 in more detail.

DESCRIPTION OF EMBODIMENTS

Referring to the accompanying figures, a system and method of implementing verification for a transaction is described.

A user 10 accesses a server 12 of a financial institution, typically a bank, using a computer 14 to transmit and receive data via the Internet. The server 12 includes a number of modules and an associated memory 16.

The modules described below may be implemented by a machine-readable medium embodying instructions which, when executed by a machine, cause the machine to perform any of the methods described below. It will be appreciated that embodiments of the present invention are not limited to such architecture, and could equally well find application in a distributed, or peer-to-peer, architecture system. Thus the modules illustrated could be located on one or more servers operated by one or more institutions. In any event, the user 10 accesses the server 12 in order to conduct financial transactions using ubiquitous Internet banking services.

During Internet banking, one action a user needs to implement is to specify and upload to the bank a beneficiary's bank account number. Occasionally, if the beneficiary is an existing beneficiary, the user may need to change the beneficiary's bank account number and they will also do this via the Internet banking services.

The methodology and system are aimed at verifying any new beneficiary bank account number or any requested change to a beneficiary bank account number to prevent a fraudster from altering a beneficiary bank account number thereby causing the user 10 to inadvertently pay the fraudster rather than the intended beneficiary.

Thus the server 12 receives a request, typically via a communications module 22, from a user via the internet to upload a beneficiary bank account number.

The request typically includes the beneficiary bank account number that the user 10 wishes to upload. This is stored in the memory 16. In response, the communications module 22 transmits a request to the user to enter at least part of the beneficiary bank account number again.

This request could be transmitted to the user in any one of a number of ways. For example, the request could be transmitted back to the user's computer 14 via the Internet.

Alternatively or in addition, the request could be transmitted to a mobile communications device 18 via a mobile communications network 20.

Either way, the user 10 is prompted to enter at least part of the beneficiary bank account number via another communications channel. In the illustrated embodiment, the other communications channel is the mobile communications network 20 and the user uses the mobile communications device 18 to enter the at least part of the beneficiary bank account number. In one example embodiment, this is done via a USSD session which can be either user initiated or network initiated. In either case, the server 12 receives from the user 10 via the other communications channel the requested at least part of the beneficiary bank account number.

A verification module 24 compares the received at least part of the beneficiary bank account number with at least a part of the bank account number uploaded and received via the internet and if these match then verifying the transaction so that the beneficiary bank account number can be entered in the banking system. ln one example embodiment, the at least part of the beneficiary bank account number is the last four digits of the beneficiary bank account number.

A further layer of security can be added to verify that the mobile communications device 18 from which the at least part of the beneficiary bank account number is received is in fact the mobile communications device of the user 10.

This is accomplished by requiring the user 10 to register the mobile communications device 18.

Data identifying the mobile communication device 18 and/or SIM card inserted into the mobile communication device 18 are stored in the memory 16. In one example embodiment, when the at least part of the beneficiary bank account number is received from the mobile communication device 18, the IMEI identifying the device and/or IMSI identifying the SIM card are received and compared to the IMEI and/or IMSI stored in the memory 16 and associated with an MSISDN of the device. In a further layer of security, the user could also be requested to enter a personal identification number via the mobile communications device 18 at the same time that they have entered the at least part of the beneficiary bank account number.

Although use of the USSD protocol has been described above, in an alternate embodiment, an executable application may be downloaded onto the mobile communication device 18.

When the user is prompted to enter the at least part of the beneficiary bank account number, they will execute the application on the mobile communication device 18 and enter the at least part of the beneficiary bank account number into the application together with a personal identification number where required.

The application will now transfer this data back to the server 12 but in this embodiment this will typically not be via the USSD protocol. in any event, it will be appreciated that in order to upload beneficiary bank account information, verification is required without which the beneficiary bank account information will not be accepted.

This, together with authentication of the mobile communication device, provides a comprehensive security mechanism to defeat fraudsters.

Claims

CLAIMS: 1. A method of verification of a transaction, the method including: receiving a request from a user via the internet to upload a beneficiary bank account number; transmitting a request to the user to enter at least part of the beneficiary bank account number again; receiving from the user via another communications channel different to the internet, the requested at least part of the beneficiary bank account number; comparing the received at least part of the beneficiary bank account number with at least a part of the bank account number received via the internet; and if these match then verifying the transaction so that the beneficiary bank account number can be entered. . A method according to claim 1 wherein the method also includes storing an identity of a mobile communication device of the user, which mobile communication device will be used by the user to transmit the requested at least part of the beneficiary bank account number. . A method according to claim 2 wherein the transaction is only verified if the mobile communication device from which the requested at least part of the beneficiary bank account number is received matches the stored identity of the mobile communication device. . A method according to claim 3 wherein the identity of the mobile communication device stored is an IMEI number identifying the mobile communication device and/or an IMSI number identifying a SIM card used in the mobile communication device. A method according to claim 2 wherein the other communications channel via which the requested at least part of the beneficiary bank account number is received from the user is a mobile communications network. A method according to claim 5 wherein the requested at least part of the beneficiary bank account number is received via a USSD session from the user. A method according to claim 1 wherein the request to the user to enter at least part of the beneficiary bank account number again is transmitted via one or more of the Internet and a mobile communications network. An electronic system for verification of a transaction, the system including: a communications module for receiving a request from a user via the internet to upload a beneficiary bank account number, transmitting a request to the user to enter at least part of the beneficiary bank account number again and receiving from the user via another communications channel different to the internet the requested at least part of the beneficiary bank account number; and a verification module for comparing the received at least part of the beneficiary bank account number with at least a part of the bank account number received via the internet and if these match then verifying the transaction so that the beneficiary bank account number can be entered. A system according to claim 8 further including a memory for storing an identity of a mobile communication device of the user, which mobile communication device will be used by the user to transmit the requested at least part of the beneficiary bank account number. A system according to claim 9 wherein the verification module only verifies the transaction if the mobile communication device from which the requested at least part of the beneficiary bank account number is received matches the stored identity of the mobile communication device. A system according to claim 10 wherein the identity of the mobile communication device stored is an IMEI number identifying the mobile communication device and/or an IMSI number identifying a SIM card used in the mobile communication device. A system according to claim 8 wherein the other communications channel via which the requested at least part of the beneficiary bank account number is received from the user Is a mobile communications network. A system according to claim 12 wherein the requested at least part of the beneficiary bank account number is received via a USSD session from the user. A system according to claim 13 wherein the request to the user to enter at least part of the beneficiary bank account number again is transmitted via one or more of the Internet and a mobile communications network.
PCT/IB2014/059484 2013-03-08 2014-03-06 A method of implementing verification for a transaction and a system therefor WO2014136072A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
ZA2013/01792 2013-03-08
ZA201301792 2013-03-08

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
ZA2015/07058A ZA201507058B (en) 2013-03-08 2015-09-22 A method of implementing verification for a transaction and a system therefor

Publications (1)

Publication Number Publication Date
WO2014136072A1 true WO2014136072A1 (en) 2014-09-12

Family

ID=51490699

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2014/059484 WO2014136072A1 (en) 2013-03-08 2014-03-06 A method of implementing verification for a transaction and a system therefor

Country Status (2)

Country Link
WO (1) WO2014136072A1 (en)
ZA (1) ZA201507058B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060190374A1 (en) * 2005-01-28 2006-08-24 Darrell Sher Electronic bill pay and bill presentment account number treatment system and method
US20120303534A1 (en) * 2011-05-27 2012-11-29 Tomaxx Gmbh System and method for a secure transaction
US20130013501A1 (en) * 2006-07-06 2013-01-10 Firethorn Mobile, Inc. Methods and systems for making a payment via a stored value card in a mobile environment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060190374A1 (en) * 2005-01-28 2006-08-24 Darrell Sher Electronic bill pay and bill presentment account number treatment system and method
US20130013501A1 (en) * 2006-07-06 2013-01-10 Firethorn Mobile, Inc. Methods and systems for making a payment via a stored value card in a mobile environment
US20120303534A1 (en) * 2011-05-27 2012-11-29 Tomaxx Gmbh System and method for a secure transaction

Also Published As

Publication number Publication date
ZA201507058B (en) 2016-12-12

Similar Documents

Publication Publication Date Title
US9813236B2 (en) Multi-factor authentication using a smartcard
US8572391B2 (en) System and method for risk based authentication
US9596237B2 (en) System and method for initiating transactions on a mobile device
DK2885904T3 (en) A method of user-convenient and authentication apparatus that uses a mobile application to authenticate
US20180032569A1 (en) Online transaction validation using a location object
CA2748481C (en) System and method for initiating transactions on a mobile device
US20120284195A1 (en) Method and system for secure user registration
US20170316401A1 (en) System and method for using an account sequence identifier
US10108963B2 (en) System and method for secure transaction process via mobile device
US20150269566A1 (en) Systems and methods for locally derived tokens
US9665868B2 (en) One-time use password systems and methods
US8407112B2 (en) Transaction authorisation system and method
US10248952B2 (en) Automated account provisioning
US10037516B2 (en) Secure transactions using a point of sale device
US8132243B2 (en) Extended one-time password method and apparatus
US20130060618A1 (en) Method and System for Electronic Wallet Access
US20140164254A1 (en) Authenticating Remote Transactions Using a Mobile Device
WO2008014554A1 (en) Transaction authorisation system & method
CA2920661A1 (en) Methods and systems for provisioning mobile devices with payment credentials
US8930273B2 (en) System and method for generating a dynamic card value
US20100010932A1 (en) Secure wireless deposit system and method
AU2007252340A1 (en) Authentication method and systems
US20150046340A1 (en) Variable authentication process and system
US20110238573A1 (en) Cardless atm transaction method and system
EP1615097B1 (en) Dual-path-pre-approval authentication method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14761151

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct app. not ent. europ. phase

Ref document number: 14761151

Country of ref document: EP

Kind code of ref document: A1