WO2017152956A1 - User identity evaluation - Google Patents

User identity evaluation Download PDF

Info

Publication number
WO2017152956A1
WO2017152956A1 PCT/EP2016/054901 EP2016054901W WO2017152956A1 WO 2017152956 A1 WO2017152956 A1 WO 2017152956A1 EP 2016054901 W EP2016054901 W EP 2016054901W WO 2017152956 A1 WO2017152956 A1 WO 2017152956A1
Authority
WO
WIPO (PCT)
Prior art keywords
sensor data
communication terminal
electronic communication
electronic
user
Prior art date
Application number
PCT/EP2016/054901
Other languages
French (fr)
Inventor
Tom Joakim BAYLIS
Klas Johansson
Original Assignee
Izettle Merchant Services Ab
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Izettle Merchant Services Ab filed Critical Izettle Merchant Services Ab
Priority to PCT/EP2016/054901 priority Critical patent/WO2017152956A1/en
Publication of WO2017152956A1 publication Critical patent/WO2017152956A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • G06Q20/204Point-of-sale [POS] network systems comprising interface for record bearing medium or carrier for electronic funds transfer or payment credit
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3224Transactions dependent on location of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/405Establishing or using transaction specific rules

Definitions

  • the disclosure pertains to the field of electronic financial transactions facilitated by an electronic communication terminal. More particularly the disclosure relates to methods of evaluating an identity of a user when performing an electronic financial transaction facilitated by the electronic communication terminal, as well as to a corresponding device.
  • a financial transaction can be any transfer or exchange of items of value, such as information, goods, services and money.
  • a financial transaction can involve a monetary transaction for e.g. a credit card payment at a store.
  • a financial transaction can involve transfer of money between different bank accounts.
  • An example of an electronic communication terminal is a point-of-sales (POS) device.
  • POS point-of-sales
  • mPOS mobile point-of-sales
  • a stationary POS device can e.g.
  • An electronic communication terminal may be in the form of a POS device such as a dedicated POS-terminal with a built in credit card reader.
  • a mPOS device may be in a similar form as a POS device or as a smartphone or a tablet connected to a card reader such as an Apple iPhone connected to a iZettle ® Lite.
  • the POS device can e.g. be locked by the merchant using a physical key or using a Personal Identification Number (PIN) code or password in order to operate the POS device.
  • PIN Personal Identification Number
  • an unlocked POS device may be operated by a person other that the merchant if e.g. the POS device is left unattended.
  • a mPOS device can be stolen and taken somewhere else.
  • a POS device in the wrong hands could lead to manipulation of data, fraud and illegal electronic financial transactions including withdrawal or transfer of money.
  • An object of the present disclosure is to provide a method for and an electronic communication terminal which seeks to mitigate, alleviate or eliminate one or more of the above-identified deficiencies in the art and disadvantages singly or in any combination .
  • a solution to the problem outlined above is proposed.
  • the identity of a user can be evaluated when performing an electronic financial transaction facilitated by the electronic communication terminal in order to minimize or eliminate potential misuse, fraud and illegal electronic financial transactions by a non-wanted user.
  • the disclosure proposes a method performed in an electronic communication terminal for evaluating an identity of a user when performing an electronic financial transaction facilitated by the electronic communication terminal.
  • the method comprises providing access to a database comprising previously stored sensor data corresponding to electronic financial transactions performed by the user.
  • the electronic communication terminal is obtaining new sensor data corresponding to the electronic financial transaction and obtaining a deviation between the obtained new sensor data and the sensor data in the database.
  • the electronic communication terminal is then evaluating the identity of the user, based on the obtained deviation.
  • New obtained sensor data and previously stored sensor data can Hence, be compared in order to evaluate who the actual user of the electronic communication terminal at a certain moment is. This is information that can be used to minimize misuse, fraud and illegal electronic financial transactions.
  • the user doesn't need to know that this evaluation is taking place, it can be performed by the electronic communication terminal quietly, and hence, not disturb the user when operating the electronic communication terminal. Further, if the electronic communication terminal is in the wrong hands, that particular non-wanted user doesn't know that an evaluation of the user is performed, and hence, other actions can be taken quietly in order to identify that non-wanted user.
  • the obtained sensor data defines a condition in or within a predefined distance from of the electronic communication terminal.
  • the sensor data can be used to define a normal operation to be compared with abnormal operation in order to detect that a non-wanted user is trying to operate the electronic communication terminal.
  • the sensor data is sound, light, movement or geographic position data. Sound and movement sensor data are difficult to manipulate from user to user, e.g. the voice of one user is different from another, also movement patterns how e.g. one user holds and operate the electronic communication terminal is different from another user. It is also difficult to e.g. obtain the same light condition of one room in another room. Geographic position of the electronic communication terminal is sensor data that can be used to detect if the electronic communication terminal is operated in expected or unexpected places and Hence, detect potential misuse.
  • the sensor data defines a condition occurring during at least a part of the electronic financial transaction.
  • Sensor data obtained e.g. when initiating an electronic financial transaction can be used to evaluate the user at an early stage.
  • the sensor data defines a condition occurring during a period before and/or after the electronic financial transaction.
  • Sensor data can Hence, e.g. be buffered before or after the electronic financial transaction during a certain time period to make the evaluation based on the user behaviour before or after the electronic financial transaction.
  • potential misuse can be detected even if a non-wanted user tries to manipulate to be the normal user during the actual electronic financial transaction non-wanted user.
  • the method comprises initiating a security action based on the evaluation. Hence, if the result of the evaluation indicates that it may not be the normal user that is operating the electronic communication terminal measures can be taken in order to minimize or eliminate potential misuse, fraud and illegal electronic financial transactions.
  • the security action could comprise at least one of several alternatives.
  • One is initiating an authentication request from the electronic communication terminal to authorize the electronic communication terminal to facilitate an electronic financial transaction. Thereby e.g. the user has to verify that she/he is the right user before proceeding.
  • One security action comprises denying authorization of the electronic communication terminal to facilitate an electronic financial transaction. Hence, the electronic communication terminal can be stopped from facilitating the electronic financial transaction.
  • One security action comprises limiting the monetary amount that can be transferred. Hence, minimizing the harm due to suspected misuse, fraud and illegal electronic financial transaction.
  • One security action comprises sending a warning flag to a payment server.
  • a payment server at a bank may be notified that a suspected transaction has occurred in order to take actions to minimize fraud and illegal electronic financial transaction.
  • One security action comprises sending a warning message to a predefined receiver. For example, the normal user can get notified when a suspected transaction has occurred.
  • the discussed method comprises storing the obtained new sensor data in the database as at least part of the previously stored sensor data corresponding to electronic financial transactions performed by the communication terminal.
  • the obtained new sensor data can be used for future evaluation of a user.
  • the discussed method comprises finalizing or interrupting the electronic financial transaction based on the evaluation.
  • the electronic financial transaction can hence, still be facilitated even if a security action is initiated but also that the electronic financial transaction can be denied.
  • the finalizing or interrupting the transaction by the electronic financial transaction comprises connecting the electronic communication terminal to a payment server located in a remote node connected to the electronic communication terminal via a communication network.
  • the electronic communication terminal can e.g. facilitate that an electronic financial transaction is finalized or interrupted at a payment server.
  • the sensor data comprises information about software activity in the electronic communication terminal.
  • obtained sensor data defines a condition e.g. dependent on what applications that is run on the electronic communication terminal in order to detect if a non-wanted user tries to manipulate to be the normal user.
  • obtaining a deviation between the obtained new sensor data and the previously stored sensor data in the database is carried out by retrieving, from the database, previously stored sensor data corresponding to electronic financial transactions of the user a nd then calculating the deviation in the electronic communication terminal by comparing the obtained new sensor data corresponding to the electronic financial transaction with the previously stored sensor data retrieved from the database.
  • the calculation is hence carried out in, and using the processor of, the electronic communication terminal.
  • the processing doesn't need to be carried out in a cloud or network.
  • the obtained new sensor data is sent to a remote node via a communication network and then receiving the deviation from the remote node. Hence, the calculation is carried in, and using the processor of, the remote node.
  • the evaluating of the identity comprises determining if the deviation is above or below a predetermined threshold value.
  • the threshold value can be e.g. an average value, correlation value or percentage value. This simplifies the evaluation and can be used to set limits for when to initiate e.g. a security action.
  • obtaining of new sensor data comprises reading sensor data from a sensor device located in the electronic communication terminal or receiving sensor data from a remote sensor device connected to the electronic communication terminal.
  • a sensor device located in the electronic communication terminal or receiving sensor data from a remote sensor device connected to the electronic communication terminal.
  • plural of sensors can be used to get relevant data.
  • an electronic communication terminal is configured for identifying a user when performing an electronic financial transaction facilitated by an electronic communication terminal.
  • the electronic communication terminal comprises a communication interface for providing communication with a remote server facilitating electronic financial transactions.
  • the electronic communication terminal comprising processing circuitry configured to cause the electronic communication terminal to provide access to a database comprising previously stored sensor data corresponding to electronic financial transactions of the user.
  • the electronic communication terminal comprising processing circuitry configured to obtain new sensor data corresponding to an electronic financial transaction and to obtain a deviation between the obtained new sensor data and the previously stored sensor data in the database, in order to evaluate the identity of the user, based on the obtained deviation.
  • Figure 1 is a block diagram illustrating the electronic communication terminal.
  • Figure 2 is a flowchart illustrating the method for evaluating an identity of a user when performing an electronic financial transaction.
  • Figure 3a is a signaling diagram illustrating the communication between the electronic communication device and a data base when calculating the deviation.
  • Figure 3b is a signaling diagram illustrating the communication between the electronic communication device and a remote node when calculating the deviation.
  • Figure 4a illustrates an example with a normal use case.
  • Figure 4b illustrates an example with a non-wanted user.
  • Figure 1 illustrates an electronic communication terminal 101.
  • the electronic communication terminal 101 comprising a sensor 102a, a communication interface 103, a database 104 and processing circuitry 108.
  • the communication interface 103 provides communication with a remote node 109 and a remote server 107 over a communication network 106.
  • the remote server 107 is facilitating electronic financial transactions.
  • the communication interface 103 provides communication with a remote database 105.
  • Sensors 102b, 102c are connected to the electronic communication terminal 101 via a cable or via the communication interface 103.
  • the electronic communication terminal 101 being served by a payment server 107 for performing financial transactions.
  • An example of an electronic communication terminal 101 is a point-of-sales (POS) device.
  • POS point-of-sales
  • a non-stationary POS device is called a mobile point-of-sales (mPOS) device.
  • mPOS mobile point-of-sales
  • a point of sale terminal, POS terminal is an electronic device used to process card payments at retail locations.
  • a POS terminal is generally configured to read the information off a customer's credit or debit card.
  • the card interface may be e.g. a chip card interface, a magnetic stripe card reader or an interface for reading contactless cards such as card enabled for Near Field Communication (NFC) or Radio Frequency Identification (RFID).
  • NFC Near Field Communication
  • RFID Radio Frequency Identification
  • Advanced POS terminals are typically equipped with a combination of these interfaces.
  • the POS typically also checks whether the funds in a customer's bank account are sufficient or it decides that the transaction may be approved without checking the funds.
  • the POS then transfers the funds from the customer's account to the seller's account or at least, accounts for the transfer with the credit card network.
  • an electronic financial transaction is facilitated by the electronic communication terminal.
  • the POS can be seen as the electronic communication terminal.
  • POS terminals may also be configured to record the transaction and to provide a digita l or printed receipt.
  • a mPOS mobile point of sale
  • mP OS enables small merchants to transform phones and tablets into card acceptance solutions just by connecting them to a contactless chip & PIN card reader. This allows customers to pay for even small items without the need for cash.
  • the electronic communication terminal can be used by anyone, in this disclosure we specifically address the method when the electronic communication terminal is a device used by a merchant and more particular the electronic communication terminal is often referred to as a so called point-of-sale, POS, terminal, including mobile POS, mPOS, devices to process financial transactions, such as in particular credit card payments.
  • POS point-of-sale
  • terminal including mobile POS, mPOS, devices to process financial transactions, such as in particular credit card payments.
  • the electronic communication terminal may be e.g. a smartphone, tablet or dedicated wireless device that performs an electronic financial transaction facilitated by the electronic communication terminal.
  • the electronic communication terminal could for instance be e.g. a smartphone or tablet that run a bank application or any software application for e.g. payments or transfer of monetary means but also for or trading of stocks or financial derivatives or instruments such as options, futures, swaps etc.
  • mPOS mPOS technology
  • the mPOS technology fit for any merchants, big and small, in store or mobile on a street market, because it's low-cost, easy to set-up and completely portable.
  • the merchants some of whom thought their business was too small or lacking the necessary infrastructure to accept card payments, gain benefits including increased speed of service, greater security and also returning customers.
  • mPOS terminals may enable hundreds of cashless transactions per minute. All the while, these customers could avoid queueing at ATMs, and enjoy shorter waits.
  • a POS can operate as a stand-alone device that's linked to the bank account of the business
  • an mPOS is often registered at a payment facilitator, whose main task is to conduct transactions for a plurality of clients.
  • a financial provider can provide mPOS hardware and software to the merchant.
  • the hardware is typically card reader means and a payment backend including a payment server 107.
  • the software may run in the merchants own device e.g. a smartphone or tablet as well as in a remote node 109 that may include the payment server 107.
  • the payment server might be required to register, at the financial provider, information of the merchant such as name, address, ownership, type of merchant, average transaction amounts, average turnover, seasonal changes in the business etc.
  • the remote node 109 may use a payment server 107 for storing information relating to the transactions.
  • the payment server may also comprise merchant information provided e.g. at the registration or added later by the merchant.
  • a database 104, 105 comprising previously stored sensor data corresponding to electronic financial transactions performed by the user of the mPOS can be located in the electronic communication terminal 101 and/or be remotely connected to the electronic communication terminal 101 via the communication network 106.
  • the database 105 could also be located in the remote node 109.
  • the remote node 109, the payment server 107 and the database 105 may be managed by any payment facilitator, bank or other company handling financial transactions arrangements for multiple merchants.
  • the electronic communication terminal 101 may be a mPOS device and be in the form of a smartphone or tablet.
  • a smartphone or tablet may comprise a communication interface 103 for providing communication with a remote server 107, processing circuitry 108 means for processing data, a memory and database 104 for storage and managing of data.
  • the electronic communication terminal 101 could comprise a sensor device located in the electronic communication terminal 102a.
  • the electronic communication terminal 101 could comprise a communication interface 103 to a remote sensor device connected to the electronic communication terminal 102b, 102c. This makes the electronic communication terminal suitable for having a plurality of sensors that enables obtaining of different sensor data corresponding to the electronic financial transaction.
  • the communication interface 103 may be adapted for communicating over any wide area radio network such as cellular LTE, WCDMA, GPRS, EDGE, GSM , WiMax or UMB etc.
  • the communication interface may also may adapted for communicating over any short range radio network such as WLAN, Bluetooth, Zigbee, Ultra-Wideband etc.
  • a sensor device can be any of:
  • a motion sensor such as an accelerometer or a gyroscope for detecting movements and relative movement, acceleration and position; a temperature sensor, for measuring the temperature; a hygrometer, for measuring the humidity; a barometer, for measuring the air pressure; a light sensor for measuring light conditions; a camera for capturing images and video; a microphone for recording any sound such as voice; a speech recognition sensor, for identifying a person's voice; a compass, for finding a relative direction; a GPS (Global Positioning System) receiver for determining the geographical position; a smoke sensor for detecting smoke or smog; a battery level sensor for measuring the battery level and battery charging; a radiation sensor for measuring radio activity; a finger print sensor, for detecting a fingerprint; a pressure sensor for e.g.
  • a temperature sensor for measuring the temperature
  • a hygrometer for measuring the humidity
  • a barometer for measuring the air pressure
  • a light sensor for measuring light conditions
  • a camera for capturing images and video
  • BAN Body Area Network
  • tremor sensor for sensing a body tremor occurring in a human body: a NFC and/or RFID sensor for detecting near field communication or Radio frequency identification signaling; a short range radio transceiver, for sensing and communication via radio using e.g. WLAN, Bluetooth, Zigbee, UWB, Ultra-wideband, and similar; a smell sensor, for sensing different smells; a touch screen sensor for input and output of information; or any other sensor.
  • Sensors could also be standalone devices that are connected to the smartphone or tablet either via a cable 102b or wireless via e.g. WLAN or Bluetooth 102c.
  • the sensor device could also be integrated in other devices, e.g. any Internet of things device such as an oven thermometer or a movement sensor in a home alarm system that communicates with the smartphone or tablet via cable 102b or wirelessly 102c.
  • a sensor device could also be any standalone device that has a sensor.
  • one mPOS device can be connected to another mPOS device that is within in a predefined distance. Hence, sensors of one mPOS device may be utilized by another mPOS device.
  • a sensor device obtains sensor data.
  • the obtained sensor data from a sensor can be either stored or buffered for future processing or processed in real time.
  • senor data is real time data.
  • sensor data is data sampled during a certain predefined time frame.
  • sensor data is an average value of plural of sensor data.
  • sensor data is time stamped.
  • the POS device can e.g. be locked by the merchant using a physical key.
  • a mPOS is typically locked using a PIN code, password, fingerprint, face recognition, or similar in order to operate the POS device.
  • an unlocked POS device may be operated by a person other that the merchant if e.g. the POS device is left unattended.
  • a mobile POS terminal can also be stolen and taken somewhere else.
  • a POS device in the wrong hands could lead to manipulation of data, fraud and illegal electronic financial transactions including withdrawal or transfer of money.
  • Figure 2 disclose a method performed in an electronic communication terminal 101 for evaluating an identity of a user when performing an electronic financial transaction facilitated by the electronic communication terminal.
  • the method comprises providing access SI to a database 104, 105 comprising previously stored sensor data corresponding to electronic financial transactions performed by the user.
  • the database can either be local in the electronic communication terminal 104 or a remote database 105.
  • a remote database could store a larger number of sensor data compared to a local database.
  • sensor data in remote database can be used for restoring e.g. a lost or destroyed electronic communication terminal.
  • a user may be a merchant or any business person, but can also be a private person.
  • the electronic communication terminal is obtaining new sensor data S2 corresponding to the electronic financial transaction and obtaining a deviation S3 between the obtained new sensor data and the sensor data in the database.
  • obtaining new sensor data comprising reading out sensor data from a sensor device.
  • the new sensor data could be read out in real time when obtaining the data from the sensor device.
  • the sensor data can be continuously be buffered by the sensor device or by the electronic communication terminal.
  • the new sensor data could be data that is read out from a buffer upon a request to obtain data.
  • obtaining a deviation S3 between the obtained new sensor data and the sensor data in the database comprising comparing or calculating a difference between new sensor data and sensor data in the database.
  • Figure 4a illustrates an example with a use case.
  • the electronic communication terminal 101 is a mPOS device, obtaining new sensor data 404a when a customer 402 is buying a cup of coffee.
  • the new sensor data 404a could for example, be sound, e.g. recording the speech of the user (i.e. the merchant) 401a and background noise, e.g. from a certain coffee machine or blender.
  • the electronic communication terminal 101 may obtain new sensor data 404a such as light condition in the room at the merchant at the time.
  • This new sensor data 404a is then compared with sensor data in the database 104, 105 comprising sensor data of transactions when other customers 402 has been buying coffee etc from the same merchant 401a at a number of times before, in order to obtain a deviation S3 between the obtained new sensor data 404a and the sensor data in the database.
  • the electronic communication terminal 101 is then evaluating the identity S4 of the user 401a, based on the obtained deviation.
  • New obtained sensor data 404a and previously stored sensor data can hence be compared in order to evaluate who the actual user 401a of the electronic communication terminal 101 at a certain moment is, i.e. if it is the ordinary user (e.g a merchant) 401a that is operating the electronic communication terminal or not.
  • This is information that can be used to minimize misuse, fraud and illegal electronic financial transactions.
  • the user 401a, 401b doesn't need to know that this evaluation is taking place, it can be performed by the electronic communication terminal 101 quietly, and Hence, not disturb the user 401a, 401b when operating the electronic communication terminal. Further, if the electronic communication terminal 101 is in the wrong hands, that user 401b doesn't know that an evaluation of the user 401b is performed, and Hence, other actions can be taken quietly in order to identify that user 401b.
  • the comparison comprising comparing the obtained new speech sensor data of the merchant 401a with speech sensor data in the database 104, 105 of previously stored speech sensor data and comparing background noise and light conditions in a similar way.
  • a non-wanted user 401b has stolen the electronic communication terminal 101, in this case an mPOS device, and tries to perform an electronic financial transaction facilitated by the electronic communication terminal.
  • new sensor data 404b e.g. speech sensor data, light condition sensor data and movement sensor data
  • a security action is initiated S5.
  • the new sensor data 404b as illustrated in Figure 4b, comprising e.g. speech sensor data and movement sensor data that are used for evaluating S4 of the identity, turned out to have a deviation that was above or below a predetermined threshold value.
  • the sensor devices when a non-wanted user 401b tries to operate the electronic communication terminal 101, in this case an mPOS device, the sensor devices are obtaining new sensor data 404b.
  • the sensor device could be an accelerometer or a gyroscope for detecting movements and relative movement such as detecting a different angle a when operating the electronic communication terminal (the mPos device) 101.
  • This sensor data is to be used for calculating a deviation.
  • the sensor device could be a microphone for recording any sound such as voice or a speech recognition sensor, for identifying a person's voice to be used for calculating a deviation.
  • the obtained sensor data defines a condition in or within a predefined distance from of the electronic communication terminal 101.
  • a condition can be a state that the electronic communication terminal 101 is in that is dependent on the local environment of the electronic communication terminal 101.
  • the condition can be defined by the new sensor data that the electronic communication terminal 101 obtains, either by sensor data from built in sensors 102a or by sensor devices 102b, 102c connected to the electronic communication terminal 101.
  • the condition can also be dependent on sensor data comprising information about software activity in the electronic communication terminal 101.
  • a condition could be that sensor devices provide with sensor data such as that the electronic communication terminal 101 is e.g.
  • the sensor data can be used to define a normal operation to be compared with abnormal operation in order to detect that another user is trying to operate the electronic communication terminal.
  • the sensor data is sound, light, movement or geographic position data.
  • sensor device can be any of a plurality of devices and should not be limited to mentioned alternatives but also include any sensor device.
  • Sound and movement sensor data are difficult to manipulate from user to user, e.g. the voice of one user is different from another, also movement patterns how e.g. one user holds and operate the electronic communication terminal 101 is different from another user. It is also difficult to e.g. obtain the same light condition in one room in another room.
  • Geographic position of the electronic communication terminal 101 is sensor data that can be used to detect if the electronic communication terminal 101 is operated in expected or unexpected places and hence detect potential misuse.
  • the sensor data defines a condition occurring during at least a part of the electronic financial transaction.
  • An event when initiating the transaction e.g. when the merchant enter the amount to be paid, could initiate a request to obtain new sensor data in order to obtain a deviation and evaluate the identity of the user before proceeding with the electronic financial transaction.
  • Sensor data obtained when initiating an electronic financial transaction may be sufficient and hence, can be used to evaluate the user at an early stage.
  • the sensor data defines a condition occurring during a period before and/or after the electronic financial transaction. Sensor data can hence, e.g. be buffered before or after the electronic financial transaction during a certain time period to make the evaluation based on the user behaviour before or after the electronic financial transaction.
  • the method comprising initiating a security action based on the evaluation.
  • the initiation of a security action may be sending a command or instructions from the electronic communication terminal.
  • the security action could comprise at least one of several alternatives.
  • One is initiating an authentication request from the electronic communication terminal 101 to authorize the electronic communication terminal 101 to facilitate an electronic financial transaction.
  • the user has to verify that she/he is the right user before proceeding.
  • the user could be requested to enter a PIN code or password in order to continue to operate the POS device.
  • the merchant is asked to login to a bank account.
  • One security action comprising denying authorization of the electronic communication terminal 101 to facilitate an electronic financial transaction.
  • the electronic communication terminal 101 can be stopped from facilitating the electronic financial transaction.
  • One security action comprising limiting the monetary amount that can be transferred. Hence, limit the monetary amount to minimize harm due to suspected misuse, fraud and illegal electronic financial transaction.
  • One security action comprising sending a warning flag to a payment server.
  • a payment server at a bank may be notified that a suspected transaction has occurred in order to take actions to minimize fraud and illegal electronic financial transaction.
  • One security action comprising sending a warning message to a predefined receiver.
  • the message could be a system to system message e.g. a payment server 107 sends a warning message to a bank, a credit card issuer or security provider etc.
  • a bank could delay a settlement of the electronic financial transaction.
  • a bank could request further information or confirmation from another party such as a credit card issuer or security provider etc.
  • a warning message can be sent to a predefined receiver using an alternative channel compared to normal operation, e.g. using Short Message Service (SMS) instead of Internet Protocol.
  • SMS Short Message Service
  • One security action comprising obtaining new sensor data.
  • new sensor data could be sensor data from a camera for capturing images and video of the non-wanted user.
  • image and video data could be streamed in real time to the user or stored as files in a database.
  • the discussed method comprising storing the obtained new sensor data S6 in the database as at least part of the previously stored sensor data corresponding to electronic financial transactions performed by the communication terminal.
  • the data is stored in the database 104, 105.
  • the so called new sensor data becomes part of the previously stored sensor data.
  • at least part of could mean adding to an existing average or integral value.
  • at least part of could mean adding up to existing data to create big data.
  • at least part of could mean replacement of existing data, in part or in full.
  • at least part of could mean comparing data and under a certain condition replace or recalculate data.
  • the obtained new sensor data can be used for future evaluation of a user.
  • the discussed method comprising finalizing or interrupting the electronic financial transaction based on the evaluation.
  • the electronic financial transaction can hence, still be facilitated even if a security action is initiated but also that the electronic financial transaction can be denied.
  • finalizing or interrupting the transaction by the electronic financial transaction comprises connecting the electronic communication terminal 101 to a payment server located in a remote node connected to the electronic communication terminal 101 via a communication network.
  • the electronic communication terminal 101 can e.g. facilitate that an electronic financial transaction is finalized or interrupted at a payment server.
  • the senor data comprises information about software activity in the electronic communication terminal.
  • a program manager or an operation system can be used to detect what applications or software programs that are run in the electronic communication terminal.
  • the program manager can detect if the software activity is simulated or run in an emulator.
  • obtained sensor data defines a condition e.g. dependent on what applications that is run on the electronic communication terminal 101 in order to detect if a non-wanted user tries to manipulate to be the normal user.
  • obtaining a deviation between the obtained new sensor data and the previously stored sensor data in the database is carried out by retrieving S31a, from the database 104, 105, previously stored sensor data corresponding to electronic financial transactions of the user and then calculating the deviation in the electronic communication terminal 101 by comparing the obtained new sensor data corresponding to the electronic financial transaction with the previously stored sensor data retrieved from the database.
  • obtaining a deviation between the obtained new sensor data and the previously stored sensor data in the database is carried out by sending a request for data S30a by the electronic communication terminal 101 to a remote database 105 followed by retrieving S31a, from the database 105, previously stored sensor data corresponding to electronic financial transactions of the user and then calculating the deviation in the electronic communication terminal 101 by comparing the obtained new sensor data corresponding to the electronic financial transaction with the previously stored sensor data retrieved from the database.
  • the calculation of the deviation is hence carried out in, and using the processor of, the electronic communication terminal. Then the processing doesn't need to be carried out in a cloud or network.
  • the obtained new sensor data is sent S31b to a remote node 107 via a communication network 106 and to be calculated in the remote node 107 then receiving the deviation from the remote node S32b in the electronic communication device.
  • the calculation of the deviation is carried in, and using the processor of, the remote node.
  • the processing doesn't need to be carried out in the electronic communication terminal.
  • sensor data in the database 104, 105 could e.g. be sensor data relating to the characteristics of the background noise.
  • sensor data in the database 104, 105 could e.g. be sensor data relating to the characteristics of the light condition.
  • the sensor data in the database 104, 105 relating to the characteristics of the background noise could be compared with the obtained new sensor data relating to the characteristics of the background noise in order to obtain a deviation.
  • sensor data in the database 104, 105 relating to the characteristics of the light condition could be compared with the obtained new sensor data relating to the characteristics of the light condition in order to obtain a deviation .
  • a deviation can be dependent on one or plural sensor data.
  • a deviation can be a function including one or plural sensor data. Different sensor data could have different weight in such function.
  • a deviation can be calculated based on using e.g. a correlation value, an average value, a transfer function, a statistic function, a threshold value etc.
  • plural of sensor devices are used for obtaining new sensor data. The combination of the different sensor data from different sensor devices can hence be used for calculating the deviation.
  • at least one sensor device is used to obtain new sensor data.
  • the evaluating of the identity comprises determining if the deviation is above or below a predetermined threshold value. This simplifies the evaluation and can be used to set limits for when to initiate e.g. a security action.
  • obtaining of new sensor data comprises reading sensor data from a sensor device located in the electronic communication terminal 101 or receiving sensor data from a remote sensor device connected to the electronic communication terminal. Hence, plural of sensors can be used to get relevant data.
  • an electronic communication terminal 101 is configured for identifying a user when performing an electronic financial transaction facilitated by an electronic communication terminal.
  • the electronic communication terminal 101 comprising a communication interface for providing communication with a remote server facilitating electronic financial transactions.
  • the electronic communication terminal 101 comprising processing circuitry configured to cause the electronic communication terminal 101 to provide access to a database comprising previously stored sensor data corresponding to electronic financial transactions of the user.
  • the electronic communication terminal 101 comprising processing circuitry configured to obtain new sensor data corresponding to an electronic financial transaction and to obtain a deviation between the obtained new sensor data and the previously stored sensor data in the database, in order to evaluate the identity of the user, based on the obtained deviation.
  • a "electronic communication terminal” as the term may be used herein, is to be broadly interpreted to include a radiotelephone having ability for Internet/intranet access, web browser, organizer, calendar, a camera (e.g., video and/or still image camera), a sound recorder (e.g., a microphone), and/or global positioning system (GPS) receiver; a personal communications system (PCS) user equipment that may combine a cellular radiotelephone with data processing; a personal digital assistant (PDA) that can include a radiotelephone or wireless communication system; a laptop; a camera (e.g., video and/or still image camera) having communication ability; and any other computation or communication device capable of transceiving, such as a personal computer, a home entertainment system, a television, etc.
  • a device may be interpreted as any number of antennas or antenna elements.
  • the functions or steps noted in the blocks can occur out of the order noted in the operational illustrations.
  • two blocks shown in succession can in fact be executed substantially co ncurrently or the blocks can sometimes be executed in the reverse order, depending upon the functionality/acts involved.
  • the functions or steps noted in the blocks can according to some aspects of the disclosure be executed continuously in a loop.
  • a computer-readable medium may include removable and non-removable storage devices including, but not limited to, Read Only Memory, ROM, Random Access Memory, RAM, compact discs, CDs, digital versatile discs, DVD, etc.
  • program modules may include routines, programs, objects, components, data structures, etc. that performs particular tasks or implement particular abstract data types.
  • Computer-executable instructions, associated data structures, and program modules represent examples of program code for executing steps of the methods disclosed herein.

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Economics (AREA)
  • Development Economics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The disclosure proposes a method performed in an electronic communication terminal (101), the method comprises providing access (S1) to a database (104, 105) comprising previously stored sensor data corresponding to electronic financial transactions performed by the user, obtaining new sensor data (S2) corresponding to the electronic financial transaction and obtaining a deviation (S3) between the obtained new sensor data and the sensor data in the database, evaluating the identity (S4) of the user, based on the obtained deviation.

Description

Title: User identity evaluation TECHNICAL FIELD
The disclosure pertains to the field of electronic financial transactions facilitated by an electronic communication terminal. More particularly the disclosure relates to methods of evaluating an identity of a user when performing an electronic financial transaction facilitated by the electronic communication terminal, as well as to a corresponding device.
BACKGROUND
The invention relates to electronic financial transactions facilitated by an electronic communication terminal. A financial transaction can be any transfer or exchange of items of value, such as information, goods, services and money. A financial transaction can involve a monetary transaction for e.g. a credit card payment at a store. A financial transaction can involve transfer of money between different bank accounts. An example of an electronic communication terminal is a point-of-sales (POS) device. A non-stationary POS device is called a mobile point-of-sales (mPOS) device. Today merchants in a store use POS devices that are both stationary and mobile to facilitate monetary transactions with customers in many different locations. A stationary POS device can e.g. be mounted on a desk in a clothes store while an mPOS device can also be used in other places such as in the hand of a merchant on a street market, or in a pickup truck delivering goods. An electronic communication terminal may be in the form of a POS device such as a dedicated POS-terminal with a built in credit card reader. A mPOS device may be in a similar form as a POS device or as a smartphone or a tablet connected to a card reader such as an Apple iPhone connected to a iZettle®Lite. To control who is using the POS device, the POS device can e.g. be locked by the merchant using a physical key or using a Personal Identification Number (PIN) code or password in order to operate the POS device. However an unlocked POS device may be operated by a person other that the merchant if e.g. the POS device is left unattended. A mPOS device can be stolen and taken somewhere else. A POS device in the wrong hands could lead to manipulation of data, fraud and illegal electronic financial transactions including withdrawal or transfer of money. SUMMARY OF THE INVENTION
An object of the present disclosure is to provide a method for and an electronic communication terminal which seeks to mitigate, alleviate or eliminate one or more of the above-identified deficiencies in the art and disadvantages singly or in any combination . In this disclosure, a solution to the problem outlined above is proposed. In the proposed solution the identity of a user can be evaluated when performing an electronic financial transaction facilitated by the electronic communication terminal in order to minimize or eliminate potential misuse, fraud and illegal electronic financial transactions by a non-wanted user.
The disclosure proposes a method performed in an electronic communication terminal for evaluating an identity of a user when performing an electronic financial transaction facilitated by the electronic communication terminal. The method comprises providing access to a database comprising previously stored sensor data corresponding to electronic financial transactions performed by the user. The electronic communication terminal is obtaining new sensor data corresponding to the electronic financial transaction and obtaining a deviation between the obtained new sensor data and the sensor data in the database. The electronic communication terminal is then evaluating the identity of the user, based on the obtained deviation. New obtained sensor data and previously stored sensor data can Hence, be compared in order to evaluate who the actual user of the electronic communication terminal at a certain moment is. This is information that can be used to minimize misuse, fraud and illegal electronic financial transactions. In addition, the user doesn't need to know that this evaluation is taking place, it can be performed by the electronic communication terminal quietly, and hence, not disturb the user when operating the electronic communication terminal. Further, if the electronic communication terminal is in the wrong hands, that particular non-wanted user doesn't know that an evaluation of the user is performed, and hence, other actions can be taken quietly in order to identify that non-wanted user.
According to some aspects, the obtained sensor data defines a condition in or within a predefined distance from of the electronic communication terminal. Hence, the sensor data can be used to define a normal operation to be compared with abnormal operation in order to detect that a non-wanted user is trying to operate the electronic communication terminal. According to some aspects, the sensor data is sound, light, movement or geographic position data. Sound and movement sensor data are difficult to manipulate from user to user, e.g. the voice of one user is different from another, also movement patterns how e.g. one user holds and operate the electronic communication terminal is different from another user. It is also difficult to e.g. obtain the same light condition of one room in another room. Geographic position of the electronic communication terminal is sensor data that can be used to detect if the electronic communication terminal is operated in expected or unexpected places and Hence, detect potential misuse.
According to some aspects of the proposed disclosure, the sensor data defines a condition occurring during at least a part of the electronic financial transaction. Sensor data obtained e.g. when initiating an electronic financial transaction can be used to evaluate the user at an early stage. According to some aspects of the proposed disclosure, the sensor data defines a condition occurring during a period before and/or after the electronic financial transaction. Sensor data can Hence, e.g. be buffered before or after the electronic financial transaction during a certain time period to make the evaluation based on the user behaviour before or after the electronic financial transaction. Hence, potential misuse can be detected even if a non-wanted user tries to manipulate to be the normal user during the actual electronic financial transaction non-wanted user.
According to some aspects of the proposed disclosure, the method comprises initiating a security action based on the evaluation. Hence, if the result of the evaluation indicates that it may not be the normal user that is operating the electronic communication terminal measures can be taken in order to minimize or eliminate potential misuse, fraud and illegal electronic financial transactions.
According to some aspects, the security action could comprise at least one of several alternatives. One is initiating an authentication request from the electronic communication terminal to authorize the electronic communication terminal to facilitate an electronic financial transaction. Thereby e.g. the user has to verify that she/he is the right user before proceeding. One security action comprises denying authorization of the electronic communication terminal to facilitate an electronic financial transaction. Hence, the electronic communication terminal can be stopped from facilitating the electronic financial transaction.
One security action comprises limiting the monetary amount that can be transferred. Hence, minimizing the harm due to suspected misuse, fraud and illegal electronic financial transaction.
One security action comprises sending a warning flag to a payment server. Thereby a payment server at a bank may be notified that a suspected transaction has occurred in order to take actions to minimize fraud and illegal electronic financial transaction. One security action comprises sending a warning message to a predefined receiver. For example, the normal user can get notified when a suspected transaction has occurred.
According to some aspects of the proposed disclosure, the discussed method comprises storing the obtained new sensor data in the database as at least part of the previously stored sensor data corresponding to electronic financial transactions performed by the communication terminal. Hence, the obtained new sensor data can be used for future evaluation of a user.
According to some aspects of the proposed disclosure, the discussed method comprises finalizing or interrupting the electronic financial transaction based on the evaluation. The electronic financial transaction can hence, still be facilitated even if a security action is initiated but also that the electronic financial transaction can be denied.
According to some aspects of the proposed disclosure, the finalizing or interrupting the transaction by the electronic financial transaction comprises connecting the electronic communication terminal to a payment server located in a remote node connected to the electronic communication terminal via a communication network. Hence, the electronic communication terminal can e.g. facilitate that an electronic financial transaction is finalized or interrupted at a payment server.
According to some aspects, the sensor data comprises information about software activity in the electronic communication terminal. Hence, obtained sensor data defines a condition e.g. dependent on what applications that is run on the electronic communication terminal in order to detect if a non-wanted user tries to manipulate to be the normal user.
According to some aspects of the proposed disclosure, wherein obtaining a deviation between the obtained new sensor data and the previously stored sensor data in the database is carried out by retrieving, from the database, previously stored sensor data corresponding to electronic financial transactions of the user a nd then calculating the deviation in the electronic communication terminal by comparing the obtained new sensor data corresponding to the electronic financial transaction with the previously stored sensor data retrieved from the database. The calculation is hence carried out in, and using the processor of, the electronic communication terminal. Then the processing doesn't need to be carried out in a cloud or network. According to some aspects, the obtained new sensor data is sent to a remote node via a communication network and then receiving the deviation from the remote node. Hence, the calculation is carried in, and using the processor of, the remote node. Then the processing doesn't need to be carried out in the electronic communication terminal. According to some aspects, the evaluating of the identity comprises determining if the deviation is above or below a predetermined threshold value. The threshold value can be e.g. an average value, correlation value or percentage value. This simplifies the evaluation and can be used to set limits for when to initiate e.g. a security action.
According to some aspects, obtaining of new sensor data comprises reading sensor data from a sensor device located in the electronic communication terminal or receiving sensor data from a remote sensor device connected to the electronic communication terminal. Hence, plural of sensors can be used to get relevant data.
According to some aspects an electronic communication terminal is configured for identifying a user when performing an electronic financial transaction facilitated by an electronic communication terminal. The electronic communication terminal comprises a communication interface for providing communication with a remote server facilitating electronic financial transactions. The electronic communication terminal comprising processing circuitry configured to cause the electronic communication terminal to provide access to a database comprising previously stored sensor data corresponding to electronic financial transactions of the user. The electronic communication terminal comprising processing circuitry configured to obtain new sensor data corresponding to an electronic financial transaction and to obtain a deviation between the obtained new sensor data and the previously stored sensor data in the database, in order to evaluate the identity of the user, based on the obtained deviation.
BRIEF DESCRIPTION OF THE DRAWINGS The foregoing will be apparent from the following more particular description of the example embodiments, as illustrated in the accompanying drawings in which like reference characters refer to the same parts throughout the different views. The drawings are not necessarily to scale, emphasis instead being placed upon illustrating the example embodiments.
Figure 1 is a block diagram illustrating the electronic communication terminal. Figure 2 is a flowchart illustrating the method for evaluating an identity of a user when performing an electronic financial transaction.
Figure 3a is a signaling diagram illustrating the communication between the electronic communication device and a data base when calculating the deviation.
Figure 3b is a signaling diagram illustrating the communication between the electronic communication device and a remote node when calculating the deviation.
Figure 4a illustrates an example with a normal use case.
Figure 4b illustrates an example with a non-wanted user.
DETAILED DESCRIPTION
Aspects of the present disclosure will be described more fully hereinafter with reference to the accompanying drawings. The method and apparatus disclosed herein can, however, be realized in many different forms and should not be construed as being limited to the aspects set forth herein. Like numbers in the drawings refer to like elements throughout.
The terminology used herein is for the purpose of describing particular aspects of the disclosure only, and is not intended to limit the disclosure. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. Figure 1 illustrates an electronic communication terminal 101. The electronic communication terminal 101 comprising a sensor 102a, a communication interface 103, a database 104 and processing circuitry 108. The communication interface 103 provides communication with a remote node 109 and a remote server 107 over a communication network 106. The remote server 107 is facilitating electronic financial transactions. The communication interface 103 provides communication with a remote database 105. Sensors 102b, 102c are connected to the electronic communication terminal 101 via a cable or via the communication interface 103. The electronic communication terminal 101 being served by a payment server 107 for performing financial transactions.
An example of an electronic communication terminal 101 is a point-of-sales (POS) device. A non-stationary POS device is called a mobile point-of-sales (mPOS) device. A point of sale terminal, POS terminal, is an electronic device used to process card payments at retail locations. A POS terminal is generally configured to read the information off a customer's credit or debit card. The card interface may be e.g. a chip card interface, a magnetic stripe card reader or an interface for reading contactless cards such as card enabled for Near Field Communication (NFC) or Radio Frequency Identification (RFID). Advanced POS terminals are typically equipped with a combination of these interfaces.
The POS typically also checks whether the funds in a customer's bank account are sufficient or it decides that the transaction may be approved without checking the funds. The POS then transfers the funds from the customer's account to the seller's account or at least, accounts for the transfer with the credit card network. In other words an electronic financial transaction is facilitated by the electronic communication terminal. The POS can be seen as the electronic communication terminal.
POS terminals may also be configured to record the transaction and to provide a digita l or printed receipt. A mPOS (mobile point of sale) is a smartphone, tablet or dedicated wireless device that performs the functions of a cash register or electronic point of sale terminal. mP OS enables small merchants to transform phones and tablets into card acceptance solutions just by connecting them to a contactless chip & PIN card reader. This allows customers to pay for even small items without the need for cash. Even if the electronic communication terminal can be used by anyone, in this disclosure we specifically address the method when the electronic communication terminal is a device used by a merchant and more particular the electronic communication terminal is often referred to as a so called point-of-sale, POS, terminal, including mobile POS, mPOS, devices to process financial transactions, such as in particular credit card payments.
It should however be understood that the electronic communication terminal may be e.g. a smartphone, tablet or dedicated wireless device that performs an electronic financial transaction facilitated by the electronic communication terminal. The electronic communication terminal could for instance be e.g. a smartphone or tablet that run a bank application or any software application for e.g. payments or transfer of monetary means but also for or trading of stocks or financial derivatives or instruments such as options, futures, swaps etc.
The mPOS technology fit for any merchants, big and small, in store or mobile on a street market, because it's low-cost, easy to set-up and completely portable. The merchants some of whom thought their business was too small or lacking the necessary infrastructure to accept card payments, gain benefits including increased speed of service, greater security and also returning customers. At peak times mPOS terminals may enable hundreds of cashless transactions per minute. All the while, these customers could avoid queueing at ATMs, and enjoy shorter waits. While a POS can operate as a stand-alone device that's linked to the bank account of the business, an mPOS is often registered at a payment facilitator, whose main task is to conduct transactions for a plurality of clients. The payment facilitators in addition to the actual payments provide additional services such as provision of receipts, accounting, follow up on sales. A financial provider can provide mPOS hardware and software to the merchant. The hardware is typically card reader means and a payment backend including a payment server 107. The software may run in the merchants own device e.g. a smartphone or tablet as well as in a remote node 109 that may include the payment server 107. Before the merchant can start using the mPOS, the payment server might be required to register, at the financial provider, information of the merchant such as name, address, ownership, type of merchant, average transaction amounts, average turnover, seasonal changes in the business etc.
The remote node 109 may use a payment server 107 for storing information relating to the transactions. The payment server may also comprise merchant information provided e.g. at the registration or added later by the merchant. A database 104, 105 comprising previously stored sensor data corresponding to electronic financial transactions performed by the user of the mPOS can be located in the electronic communication terminal 101 and/or be remotely connected to the electronic communication terminal 101 via the communication network 106. The database 105 could also be located in the remote node 109. The remote node 109, the payment server 107 and the database 105 may be managed by any payment facilitator, bank or other company handling financial transactions arrangements for multiple merchants.
The electronic communication terminal 101 may be a mPOS device and be in the form of a smartphone or tablet. A smartphone or tablet may comprise a communication interface 103 for providing communication with a remote server 107, processing circuitry 108 means for processing data, a memory and database 104 for storage and managing of data.
The electronic communication terminal 101 could comprise a sensor device located in the electronic communication terminal 102a. The electronic communication terminal 101 could comprise a communication interface 103 to a remote sensor device connected to the electronic communication terminal 102b, 102c. This makes the electronic communication terminal suitable for having a plurality of sensors that enables obtaining of different sensor data corresponding to the electronic financial transaction.
The communication interface 103 may be adapted for communicating over any wide area radio network such as cellular LTE, WCDMA, GPRS, EDGE, GSM , WiMax or UMB etc. The communication interface may also may adapted for communicating over any short range radio network such as WLAN, Bluetooth, Zigbee, Ultra-Wideband etc.
According to some aspects a sensor device can be any of:
A motion sensor such as an accelerometer or a gyroscope for detecting movements and relative movement, acceleration and position; a temperature sensor, for measuring the temperature; a hygrometer, for measuring the humidity; a barometer, for measuring the air pressure; a light sensor for measuring light conditions; a camera for capturing images and video; a microphone for recording any sound such as voice; a speech recognition sensor, for identifying a person's voice; a compass, for finding a relative direction; a GPS (Global Positioning System) receiver for determining the geographical position; a smoke sensor for detecting smoke or smog; a battery level sensor for measuring the battery level and battery charging; a radiation sensor for measuring radio activity; a finger print sensor, for detecting a fingerprint; a pressure sensor for e.g. measuring the force on the touch display or on any other surface of the electronic communication terminal; a BAN (Body Area Network) sensor for measuring information sent via BAN; a tremor sensor for sensing a body tremor occurring in a human body: a NFC and/or RFID sensor for detecting near field communication or Radio frequency identification signaling; a short range radio transceiver, for sensing and communication via radio using e.g. WLAN, Bluetooth, Zigbee, UWB, Ultra-wideband, and similar; a smell sensor, for sensing different smells; a touch screen sensor for input and output of information; or any other sensor. Sensors could also be standalone devices that are connected to the smartphone or tablet either via a cable 102b or wireless via e.g. WLAN or Bluetooth 102c. The sensor device could also be integrated in other devices, e.g. any Internet of things device such as an oven thermometer or a movement sensor in a home alarm system that communicates with the smartphone or tablet via cable 102b or wirelessly 102c. A sensor device could also be any standalone device that has a sensor. According to some aspects, one mPOS device can be connected to another mPOS device that is within in a predefined distance. Hence, sensors of one mPOS device may be utilized by another mPOS device.
A sensor device obtains sensor data. The obtained sensor data from a sensor can be either stored or buffered for future processing or processed in real time. According to some aspects senor data is real time data. According to some aspects sensor data is data sampled during a certain predefined time frame. According to some aspects sensor data is an average value of plural of sensor data. According to some aspects sensor data is time stamped.
To control who is using the POS device, the POS device can e.g. be locked by the merchant using a physical key. A mPOS is typically locked using a PIN code, password, fingerprint, face recognition, or similar in order to operate the POS device. However an unlocked POS device may be operated by a person other that the merchant if e.g. the POS device is left unattended. A mobile POS terminal can also be stolen and taken somewhere else. A POS device in the wrong hands could lead to manipulation of data, fraud and illegal electronic financial transactions including withdrawal or transfer of money. Figure 2 disclose a method performed in an electronic communication terminal 101 for evaluating an identity of a user when performing an electronic financial transaction facilitated by the electronic communication terminal. The method comprises providing access SI to a database 104, 105 comprising previously stored sensor data corresponding to electronic financial transactions performed by the user. The database can either be local in the electronic communication terminal 104 or a remote database 105. According to some aspects a remote database could store a larger number of sensor data compared to a local database. According to some aspects sensor data in remote database can be used for restoring e.g. a lost or destroyed electronic communication terminal. According to some aspects a user may be a merchant or any business person, but can also be a private person. The electronic communication terminal is obtaining new sensor data S2 corresponding to the electronic financial transaction and obtaining a deviation S3 between the obtained new sensor data and the sensor data in the database. According to some aspects obtaining new sensor data comprising reading out sensor data from a sensor device. The new sensor data could be read out in real time when obtaining the data from the sensor device. According to some aspects the sensor data can be continuously be buffered by the sensor device or by the electronic communication terminal. The new sensor data could be data that is read out from a buffer upon a request to obtain data.
According to some aspects, obtaining a deviation S3 between the obtained new sensor data and the sensor data in the database comprising comparing or calculating a difference between new sensor data and sensor data in the database.
Figure 4a illustrates an example with a use case. According to some aspects the electronic communication terminal 101 is a mPOS device, obtaining new sensor data 404a when a customer 402 is buying a cup of coffee. The new sensor data 404a could for example, be sound, e.g. recording the speech of the user (i.e. the merchant) 401a and background noise, e.g. from a certain coffee machine or blender. The electronic communication terminal 101 may obtain new sensor data 404a such as light condition in the room at the merchant at the time. This new sensor data 404a is then compared with sensor data in the database 104, 105 comprising sensor data of transactions when other customers 402 has been buying coffee etc from the same merchant 401a at a number of times before, in order to obtain a deviation S3 between the obtained new sensor data 404a and the sensor data in the database.
The electronic communication terminal 101 is then evaluating the identity S4 of the user 401a, based on the obtained deviation. New obtained sensor data 404a and previously stored sensor data can hence be compared in order to evaluate who the actual user 401a of the electronic communication terminal 101 at a certain moment is, i.e. if it is the ordinary user (e.g a merchant) 401a that is operating the electronic communication terminal or not. This is information that can be used to minimize misuse, fraud and illegal electronic financial transactions. In addition, the user 401a, 401b doesn't need to know that this evaluation is taking place, it can be performed by the electronic communication terminal 101 quietly, and Hence, not disturb the user 401a, 401b when operating the electronic communication terminal. Further, if the electronic communication terminal 101 is in the wrong hands, that user 401b doesn't know that an evaluation of the user 401b is performed, and Hence, other actions can be taken quietly in order to identify that user 401b.
According to some aspects in relation to the illustration in Figure 4a the comparison comprising comparing the obtained new speech sensor data of the merchant 401a with speech sensor data in the database 104, 105 of previously stored speech sensor data and comparing background noise and light conditions in a similar way.
According to some aspects as illustrated in Figure 4b, a non-wanted user 401b has stolen the electronic communication terminal 101, in this case an mPOS device, and tries to perform an electronic financial transaction facilitated by the electronic communication terminal. After obtaining new sensor data 404b e.g. speech sensor data, light condition sensor data and movement sensor data, and when obtaining a deviation S3 between the obtained new sensor data 404b and the sensor data in the database 104, 105, it turns out when evaluating the identity S4 of the user, based on the obtained deviation, a security action is initiated S5. The new sensor data 404b, as illustrated in Figure 4b, comprising e.g. speech sensor data and movement sensor data that are used for evaluating S4 of the identity, turned out to have a deviation that was above or below a predetermined threshold value.
According to some aspects of the invention as illustrated in Figure 4b, when a non-wanted user 401b tries to operate the electronic communication terminal 101, in this case an mPOS device, the sensor devices are obtaining new sensor data 404b. As illustrated in Figure 4b the sensor device could be an accelerometer or a gyroscope for detecting movements and relative movement such as detecting a different angle a when operating the electronic communication terminal (the mPos device) 101. This sensor data is to be used for calculating a deviation. As illustrated in Figure 4b the sensor device could be a microphone for recording any sound such as voice or a speech recognition sensor, for identifying a person's voice to be used for calculating a deviation.
According to some aspects of the proposed disclosure, the obtained sensor data defines a condition in or within a predefined distance from of the electronic communication terminal 101. A condition can be a state that the electronic communication terminal 101 is in that is dependent on the local environment of the electronic communication terminal 101. The condition can be defined by the new sensor data that the electronic communication terminal 101 obtains, either by sensor data from built in sensors 102a or by sensor devices 102b, 102c connected to the electronic communication terminal 101. The condition can also be dependent on sensor data comprising information about software activity in the electronic communication terminal 101. According to some aspects a condition could be that sensor devices provide with sensor data such as that the electronic communication terminal 101 is e.g. connected to a charger, a headset is connected, the ambient sound is noisy, and that the software activity is that certain applications are running on the device, e.g. a certain music application, a certain social network application etc. hence, the sensor data can be used to define a normal operation to be compared with abnormal operation in order to detect that another user is trying to operate the electronic communication terminal.
According to some aspects of the proposed disclosure, the sensor data is sound, light, movement or geographic position data. As mentioned above, sensor device can be any of a plurality of devices and should not be limited to mentioned alternatives but also include any sensor device. Sound and movement sensor data are difficult to manipulate from user to user, e.g. the voice of one user is different from another, also movement patterns how e.g. one user holds and operate the electronic communication terminal 101 is different from another user. It is also difficult to e.g. obtain the same light condition in one room in another room. Geographic position of the electronic communication terminal 101 is sensor data that can be used to detect if the electronic communication terminal 101 is operated in expected or unexpected places and hence detect potential misuse.
According to some aspects of the proposed disclosure the sensor data defines a condition occurring during at least a part of the electronic financial transaction. An event when initiating the transaction, e.g. when the merchant enter the amount to be paid, could initiate a request to obtain new sensor data in order to obtain a deviation and evaluate the identity of the user before proceeding with the electronic financial transaction. Sensor data obtained when initiating an electronic financial transaction may be sufficient and hence, can be used to evaluate the user at an early stage. According to some aspects of the proposed disclosure the sensor data defines a condition occurring during a period before and/or after the electronic financial transaction. Sensor data can hence, e.g. be buffered before or after the electronic financial transaction during a certain time period to make the evaluation based on the user behaviour before or after the electronic financial transaction. Hence, potential misuse can be detected even if a non-wanted user tries to manipulate to be the normal user during the actual electronic financial transaction non-wanted user. According to some aspects of the proposed disclosure the method comprising initiating a security action based on the evaluation. According to some aspects the initiation of a security action may be sending a command or instructions from the electronic communication terminal. Hence, if the result of the evaluation indicates that it may not be the normal user that is operating the electronic communication terminal 101 measures can be taken in order to minimize or eliminate potential misuse, fraud and illegal electronic financial transactions.
According to some aspects the security action could comprise at least one of several alternatives. One is initiating an authentication request from the electronic communication terminal 101 to authorize the electronic communication terminal 101 to facilitate an electronic financial transaction. Thereby e.g. the user has to verify that she/he is the right user before proceeding. The user could be requested to enter a PIN code or password in order to continue to operate the POS device. According to some aspects e.g. the merchant is asked to login to a bank account.
One security action comprising denying authorization of the electronic communication terminal 101 to facilitate an electronic financial transaction. Hence, the electronic communication terminal 101 can be stopped from facilitating the electronic financial transaction.
One security action comprising limiting the monetary amount that can be transferred. Hence, limit the monetary amount to minimize harm due to suspected misuse, fraud and illegal electronic financial transaction.
One security action comprising sending a warning flag to a payment server. Thereby a payment server at a bank may be notified that a suspected transaction has occurred in order to take actions to minimize fraud and illegal electronic financial transaction. One security action comprising sending a warning message to a predefined receiver. For example, the normal user can get notified when a suspected transaction has occurred. The message could be a system to system message e.g. a payment server 107 sends a warning message to a bank, a credit card issuer or security provider etc. According to some aspects a bank could delay a settlement of the electronic financial transaction. According to some aspects a bank could request further information or confirmation from another party such as a credit card issuer or security provider etc. According to some aspects a warning message can be sent to a predefined receiver using an alternative channel compared to normal operation, e.g. using Short Message Service (SMS) instead of Internet Protocol.
One security action comprising obtaining new sensor data. According to some aspects such new sensor data could be sensor data from a camera for capturing images and video of the non-wanted user. Such image and video data could be streamed in real time to the user or stored as files in a database.
According to some aspects of the proposed disclosure the discussed method comprising storing the obtained new sensor data S6 in the database as at least part of the previously stored sensor data corresponding to electronic financial transactions performed by the communication terminal. The data is stored in the database 104, 105. According to some aspects after the obtained new sensor data has been used for evaluating the identity of the user, the so called new sensor data becomes part of the previously stored sensor data. According to some aspects at least part of could mean adding to an existing average or integral value. According to some aspects at least part of could mean adding up to existing data to create big data. According to some aspects at least part of could mean replacement of existing data, in part or in full. According to some aspects, at least part of could mean comparing data and under a certain condition replace or recalculate data. Hence, the obtained new sensor data can be used for future evaluation of a user.
According to some aspects of the proposed disclosure the discussed method comprising finalizing or interrupting the electronic financial transaction based on the evaluation. The electronic financial transaction can hence, still be facilitated even if a security action is initiated but also that the electronic financial transaction can be denied.
According to some aspects of the proposed disclosure finalizing or interrupting the transaction by the electronic financial transaction comprises connecting the electronic communication terminal 101 to a payment server located in a remote node connected to the electronic communication terminal 101 via a communication network. Hence, the electronic communication terminal 101 can e.g. facilitate that an electronic financial transaction is finalized or interrupted at a payment server.
According to some aspects, the senor data comprises information about software activity in the electronic communication terminal. According to some aspects, a program manager or an operation system can be used to detect what applications or software programs that are run in the electronic communication terminal. According to some aspects, the program manager can detect if the software activity is simulated or run in an emulator. Hence, obtained sensor data defines a condition e.g. dependent on what applications that is run on the electronic communication terminal 101 in order to detect if a non-wanted user tries to manipulate to be the normal user.
According to some aspects, obtaining a deviation between the obtained new sensor data and the previously stored sensor data in the database is carried out by retrieving S31a, from the database 104, 105, previously stored sensor data corresponding to electronic financial transactions of the user and then calculating the deviation in the electronic communication terminal 101 by comparing the obtained new sensor data corresponding to the electronic financial transaction with the previously stored sensor data retrieved from the database.
As illustrated in Figure 3a, according to some aspects of the proposed disclosure, obtaining a deviation between the obtained new sensor data and the previously stored sensor data in the database is carried out by sending a request for data S30a by the electronic communication terminal 101 to a remote database 105 followed by retrieving S31a, from the database 105, previously stored sensor data corresponding to electronic financial transactions of the user and then calculating the deviation in the electronic communication terminal 101 by comparing the obtained new sensor data corresponding to the electronic financial transaction with the previously stored sensor data retrieved from the database.
The calculation of the deviation is hence carried out in, and using the processor of, the electronic communication terminal. Then the processing doesn't need to be carried out in a cloud or network.
As illustrated in Figure 3b, according to some aspects the obtained new sensor data is sent S31b to a remote node 107 via a communication network 106 and to be calculated in the remote node 107 then receiving the deviation from the remote node S32b in the electronic communication device. Hence, the calculation of the deviation is carried in, and using the processor of, the remote node. Then the processing doesn't need to be carried out in the electronic communication terminal. According to some aspects of the proposed disclosure, sensor data in the database 104, 105 could e.g. be sensor data relating to the characteristics of the background noise. According to some aspects of the proposed disclosure, sensor data in the database 104, 105 could e.g. be sensor data relating to the characteristics of the light condition. When calculating the deviation the sensor data in the database 104, 105 relating to the characteristics of the background noise could be compared with the obtained new sensor data relating to the characteristics of the background noise in order to obtain a deviation. In addition when calculating the deviation, sensor data in the database 104, 105 relating to the characteristics of the light condition could be compared with the obtained new sensor data relating to the characteristics of the light condition in order to obtain a deviation . A deviation can be dependent on one or plural sensor data. A deviation can be a function including one or plural sensor data. Different sensor data could have different weight in such function. A deviation can be calculated based on using e.g. a correlation value, an average value, a transfer function, a statistic function, a threshold value etc. According to some aspects plural of sensor devices are used for obtaining new sensor data. The combination of the different sensor data from different sensor devices can hence be used for calculating the deviation. According to some aspects at least one sensor device is used to obtain new sensor data.
According to some aspects the evaluating of the identity comprises determining if the deviation is above or below a predetermined threshold value. This simplifies the evaluation and can be used to set limits for when to initiate e.g. a security action. According to some aspects obtaining of new sensor data comprises reading sensor data from a sensor device located in the electronic communication terminal 101 or receiving sensor data from a remote sensor device connected to the electronic communication terminal. Hence, plural of sensors can be used to get relevant data.
According to some aspects an electronic communication terminal 101 is configured for identifying a user when performing an electronic financial transaction facilitated by an electronic communication terminal. The electronic communication terminal 101 comprising a communication interface for providing communication with a remote server facilitating electronic financial transactions. The electronic communication terminal 101 comprising processing circuitry configured to cause the electronic communication terminal 101 to provide access to a database comprising previously stored sensor data corresponding to electronic financial transactions of the user. The electronic communication terminal 101 comprising processing circuitry configured to obtain new sensor data corresponding to an electronic financial transaction and to obtain a deviation between the obtained new sensor data and the previously stored sensor data in the database, in order to evaluate the identity of the user, based on the obtained deviation.
A "electronic communication terminal" as the term may be used herein, is to be broadly interpreted to include a radiotelephone having ability for Internet/intranet access, web browser, organizer, calendar, a camera (e.g., video and/or still image camera), a sound recorder (e.g., a microphone), and/or global positioning system (GPS) receiver; a personal communications system (PCS) user equipment that may combine a cellular radiotelephone with data processing; a personal digital assistant (PDA) that can include a radiotelephone or wireless communication system; a laptop; a camera (e.g., video and/or still image camera) having communication ability; and any other computation or communication device capable of transceiving, such as a personal computer, a home entertainment system, a television, etc. Furthermore, a device may be interpreted as any number of antennas or antenna elements.
Aspects of the disclosure are described with reference to the drawings, e.g., block diagrams and/or flowcharts. It is understood that several entities in the drawings, e.g., blocks of the block diagrams, and also combinations of entities in the drawings, can be implemented by computer program instructions, which instructions can be stored in a computer-readable memory, and also loaded onto a computer or other programmable data processing apparatus. Such computer program instructions can be provided to a processor of a general purpose computer, a special purpose computer and/or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer and/or other programmable data processing apparatus, create means for implementing the functions/acts specified in the block diagrams and/or flowchart block or blocks.
In some implementations and according to some aspects of the disclosure, the functions or steps noted in the blocks can occur out of the order noted in the operational illustrations. For example, two blocks shown in succession can in fact be executed substantially co ncurrently or the blocks can sometimes be executed in the reverse order, depending upon the functionality/acts involved. Also, the functions or steps noted in the blocks can according to some aspects of the disclosure be executed continuously in a loop.
In the drawings and specification, there have been disclosed exemplary aspects of the disclosure. However, many variations and modifications can be made to these aspects without substantially departing from the principles of the present disclosure. Thus, the disclosure should be regarded as illustrative rather than restrictive, and not as being limited to the particular aspects discussed above. Accordingly, although specific terms are employed, they are used in a generic and descriptive sense only and not for purposes of limitation.
The description of the example embodiments provided herein have been presented for purposes of illustration. The description is not intended to be exhaustive or to limit example embodiments to the precise form disclosed, and modifications and variations are possible in light of the above teachings or may be acquired from practice of various alternatives to the provided embodiments. The examples discussed herein were chosen and described in order to explain the principles and the nature of various example embodiments and its practical application to enable one skilled in the art to utilize the example embodiments in various manners and with various modifications as are suited to the particular use contemplated. The features of the embodiments described herein may be combined in all possible combinations of methods, apparatus, modules, systems, and computer program products. It should be appreciated that the example embodiments presented herein may be practiced in any combination with each other.
It should be noted that the word "comprising" does not necessarily exclude the presence of other elements or steps than those listed and the words "a" or "an" preceding an element do not exclude the presence of a plurality of such elements. It should further be noted that any reference signs do not limit the scope of the claims, that the example embodiments may be implemented at least in part by means of both hardware and software, and that several "means", "units" or "devices" may be represented by the same item of hardware.
The various example embodiments described herein are described in the general context of method steps or processes, which may be implemented in one aspect by a computer program product, embodied in a computer-readable medium, including computer-executable instructions, such as program code, executed by computers in networked environments. A computer-readable medium may include removable and non-removable storage devices including, but not limited to, Read Only Memory, ROM, Random Access Memory, RAM, compact discs, CDs, digital versatile discs, DVD, etc. Generally, program modules may include routines, programs, objects, components, data structures, etc. that performs particular tasks or implement particular abstract data types. Computer-executable instructions, associated data structures, and program modules represent examples of program code for executing steps of the methods disclosed herein. The particular sequence of such executable instructions or associated data structures represents examples of corresponding acts for implementing the functions described in such steps or processes. In the drawings and specification, there have been disclosed exemplary embodiments. However, many variations and modifications can be made to these embodiments. Accordingly, although specific terms are employed, they are used in a generic and descriptive sense only and not for purposes of limitation, the scope of the embodiments being defined by the following claims.

Claims

A method performed in an electronic communication terminal (101) for evaluating an identity of a user when performing an electronic financial transaction facilitated by the electronic communication terminal (101), the method comprising: providing access (SI) to a database (104, 105) comprising previously stored sensor data corresponding to electronic financial transactions performed by the user, obtaining new sensor data (S2) corresponding to the electronic financial transaction, obtaining a deviation (S3) between the obtained new sensor data and the sensor data in the database (104, 105), and evaluating the identity (S4) of the user, based on the obtained deviation.
The method according to claim 1, wherein the obtained sensor data defines a condition in or within a predefined distance from of the electronic communication terminal.
The method according to any of the preceding claims wherein the sensor data is sound, light, movement or geographic position data.
The method according to any of the preceding claims, wherein the sensor data defines a condition occurring during at least a part of the electronic financial transaction.
The method according to any of the preceding claims, wherein the sensor data defines a condition occurring during a period before and/or after the electronic financial transaction.
The method according to any of the preceding claims comprising initiating a security action (S5) based on the evaluation (S4).
7. The method according to claim 6, the security action (S5) comprising at least one of: o initiating a authentication request from the electronic communication terminal (101) to authorize the electronic communication terminal (101) to facilitate an electronic financial transaction o denying authorization of the electronic communication terminal (101 to facilitate an electronic financial transaction o limiting the monetary amount that can be transferred o sending a warning flag to a payment server (107) o sending a warning message to a predefined receiver
8. The method according to any of the preceding claims comprising: storing (S6) the obtained new sensor data in the database (104,105) as at least part of the previously stored sensor data corresponding to electronic financial transactions performed by the communication terminal.
9. The method according to any of the preceding claims comprising: finalizing or interrupting (S7) the electronic financial transaction based on the evaluation (S4).
10. The method according to any of the preceding claims wherein finalizing or interrupting (S7) the transaction by the electronic financial transaction comprises connecting the electronic communication terminal (101) to a payment server (107) located in a remote node (109) connected to the electronic communication terminal (101) via a communication network.
11. The method according to any of the preceding claims wherein the senor data comprises information about software activity in the electronic communication terminal.
12. The method according to any of the preceding claims wherein obtaining a deviation (S3) between the obtained new sensor data and the previously stored sensor data in the database comprises: o retrieving (S31a), from the database (104, 105), previously stored sensor data corresponding to electronic financial transactions of the user, and o calculating (S32a) the deviation in the electronic communication terminal (101) by comparing the obtained new sensor data (S2) corresponding to the electronic financial transaction with the previously stored sensor data retrieved from the database.
13. The method according to any of the preceding claims wherein obtaining a deviation (S3) between the obtained new sensor data and the previously stored sensor data in the database comprises: o sending (S31b) the obtained new sensor data to a remote node (109) via a communication network o receiving (S32b) the deviation from the remote node (109).
The method according to any of the preceding claims, wherein the evaluating (S4) of the identity comprises determining if the deviation is above or below a predetermined threshold value.
The method according to any of the preceding claims wherein the obtaining (S2) of new sensor data comprises reading sensor data from a sensor device (102a) located in the electronic communication terminal (101) or receiving sensor data from a remote sensor device (102b,102c) connected to the electronic communication terminal (101).
16. An electronic communication terminal (101) configured for identifying a user when performing an electronic financial transaction facilitated by an electronic communication terminal (101), the electronic communication terminal (101) comprising:
- a communication interface (103) for providing communication with a remote server (107) facilitating electronic financial transactions
- processing circuitry (108) configured to cause the electronic communication terminal: o to provide access (SI) to a database (104, 105) comprising previously stored sensor data corresponding to electronic financial transactions of the user o to obtain new sensor data (S2) corresponding to an electronic financial transaction, o to obtain a deviation (S3) between the obtained new sensor data and the previously stored sensor data in the database (104, 105), and o to evaluate (S4) the identity of the user, based on the obtained deviation.
17. An electronic communication terminal (101) according to claim 16, wherein the processing circuitry is further configured to: o retrieve (S31a), from the database (104, 105), previously stored sensor data corresponding to electronic financial transactions of the user, and o calculate (S32a) the deviation in the electronic communication terminal (101) by comparing the obtained new sensor data (S2) corresponding to the electronic financial transaction with the previously stored sensor data retrieved from the database
18. An electronic communication terminal (101) according to claims 16-17, wherein the processing circuitry (108) is configured to: o send (S31b) the obtained new sensor data to a remote node (109) via a communication network o receive (S32b) the deviation from the remote node (109)
19. An electronic communication terminal (101) according claims 16-18, comprising :
-a sensor device (102a) located in the electronic communication terminal (101) and/or
- a communication interface (103) to a remote sensor device (102b,102c) connected to the electronic communication terminal (101) wherein the processing circuitry (108) is configured to o read sensor data from the sensor device (102a) located in the electronic communication terminal (101) receive sensor data from a remote sensor device (102b,102c) connected to the electronic communication terminal (101) via the communication interface (103)
PCT/EP2016/054901 2016-03-08 2016-03-08 User identity evaluation WO2017152956A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2016/054901 WO2017152956A1 (en) 2016-03-08 2016-03-08 User identity evaluation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2016/054901 WO2017152956A1 (en) 2016-03-08 2016-03-08 User identity evaluation

Publications (1)

Publication Number Publication Date
WO2017152956A1 true WO2017152956A1 (en) 2017-09-14

Family

ID=55486676

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2016/054901 WO2017152956A1 (en) 2016-03-08 2016-03-08 User identity evaluation

Country Status (1)

Country Link
WO (1) WO2017152956A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140289822A1 (en) * 2013-03-22 2014-09-25 Brendon J. Wilson System and method for confirming location using supplemental sensor and/or location data
US20150066671A1 (en) * 2013-08-28 2015-03-05 Timothy C. Nichols Merchant point of sale security system
US20150310444A1 (en) * 2014-04-25 2015-10-29 Broadcom Corporation Adaptive biometric and environmental authentication system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140289822A1 (en) * 2013-03-22 2014-09-25 Brendon J. Wilson System and method for confirming location using supplemental sensor and/or location data
US20150066671A1 (en) * 2013-08-28 2015-03-05 Timothy C. Nichols Merchant point of sale security system
US20150310444A1 (en) * 2014-04-25 2015-10-29 Broadcom Corporation Adaptive biometric and environmental authentication system

Similar Documents

Publication Publication Date Title
US20180204205A1 (en) System and Method for Location-Based Transactions
US9911110B2 (en) Predicting approval of transactions
AU2010324763B2 (en) Interaction terminal
US20150088751A1 (en) Transaction verification system based on user location
US20140279503A1 (en) Providing customer alerts based on geo-thresholds
US11783335B2 (en) Transaction confirmation and authentication based on device sensor data
US20140214674A1 (en) Method and system for conducting secure transactions with credit cards using a monitoring device
US20210365954A1 (en) Transaction card security device
US11494755B2 (en) Systems and methods for providing low-latency access to cardholder location data and determining merchant locations and types
US10692075B2 (en) Portable terminal, control method, and non-transitory information recording medium
US11763293B2 (en) Computer-based systems involving temporary cards and associated server and/or mobile device features and methods of use thereof
US20230222881A1 (en) Detecting a skimmer via a vibration sensor
US20170011373A1 (en) Location based transaction tracking based on data from devices at transaction location
US10521792B2 (en) Systems and methods for location based account integration and electronic authentication
WO2017152956A1 (en) User identity evaluation
AU2014268252B2 (en) Interaction terminal
US11392948B2 (en) Method and system for user address validation
US20220188814A1 (en) Appending local contextual information to a record of a remotely generated record log
US11354648B2 (en) Transaction card utilizing voice-activated commands
US20230410114A1 (en) Card skimming detection
US20230281588A1 (en) Ambient wallet selection for sensor-based checkout systems

Legal Events

Date Code Title Description
DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16708668

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 16708668

Country of ref document: EP

Kind code of ref document: A1