PROCEDURE AND SYSTEM FOR VERIFICATION OF SUBSCRIPTIONS
TECHNICAL FIELD
The present invention relates to a procedure and a payments system for verification of payment authority, more exactly authentication of cashless payments via account subscriptions with utilization of one by the card holder/ owner approved mobile unit for transaction.
PRIOR ART
The security at payment with credit/pay/transaction card is at present not good and the card companies are each year loosing large sums by account frauds. In many countries it is enough that anyone hands out the credit card at paying without showing any identification/legitimation or giving any PIN-code. Even at paying over the Internet it is in many cases sufficient to state the card number and date of validity to be allowed to buy for rather large sums . Therefore it is enough if anybody has got hold of the card or a card number to get a possibility to buy. Since the card number in addition to that can be found on many receipts when paying with credit cards in shops, it will even be enough that somebody gets hold of a receipt to make it possible to buy with somebody else's card. For that reason it would be desirable to increase the security at the payments so that it will not be enough with a card or a card number to make purchases possible.
It is earlier known to use another communication system than the one that is used for request for a transaction, to request verification from a user.
US 5,615,110 shows a procedure for secure payment, where a user is informed about that his/her credit card is used for a transaction, and is asked to verify this, the
communication with the user occurs over an "account receiver", which for instance can be a mobile telephone.
US 6,012,144 shows a procedure for secure payment, according to which a verification request is transmitted over another communication channel than the transaction, for instance when a transaction is executed over the Internet and the verification is executed over the common/ordinary telecommunication network.
WO 98/47116 shows a procedure for secure payment, where a transaction and verification both are executed over the mobile telephone network, possibly with a position control added.
US 5,550,897 shows a procedure for secure payment, where a credit card reader and a mobile telephone are interconnected with each other.
SUMMARY OF THE INVENTION
The present invention relates to a procedure and a payment system for verification of subscription. The payment system connects/associates a pay/credit card to a cardholder's position or mobile terminal.
One aim with the invention is to increase the security at payment with credit cards. Therefore it is desirable for the account issuer and the card holder to in a simple way increase the security at account payments.
One procedure to verify transaction, when an account subscription is used, in a payment system consists of the following steps: - that the account holder connects his/her account subscription to the payment system so that a certain
type of control/check can be made at transaction by the account holder indicating his/her account subscription and a mobile unit with belonging ID- number; - that a first signal is transmitted to the payment system so that a transaction with the account subscription has started; that authentication is made by control/check of the transaction, which means that the payment system transmits an inquiry/information to the account holder about in which way the account holder wants to make his/her authentication, which gives the account holder possibility to select between the conditions/states: direct message, position indication, or any other state that, at the direct message, the account holder via the mobile unit will have option that control shall be executed, not executed, or a so called time out; or - that, at the position indication, this is made to the account holder's position in relation to where the transaction takes place; that a terminating signal is transmitted to the payment system; - that the transaction with the account subscription is finished.
A payment system to verify transaction, when an account subscription is used consists of: At least one unit for account subscription, at least one verification unit, one unit for an account holder to verify the transaction, at least one mobile unit, one unit for position indication, and at least one unit for storing of position.
The invention solves this problem by cooperation between the payment system and a wireless telecommunication system.
This is done by having the pay/credit card itself connected/associated to a verification unit to the account holder's account, for instance a mobile telephone subscription with belonging mobile terminal. The security at payment transactions is increased according to the invention by the identity of the account being connected/associated to one for the account holder unique telephone subscription. This is done by an identity which is unique being connected/associated to the account holder's mobile terminal, for instance an account number which is connected/associated to one on a SIM-card stored mobile telephone number. At payment with the card, the account holder's identity is verified by control/check of the telephone number to which the credit card is connected/ associated, whereupon a direct message, for instance an
SMS, is transmitted to the terminal to which the number is connected/associated and where the message contains information about that a purchase is going to be executed, the size of the amount, place of purchase etc. In the case the account holder responds to the message, and by that authenticates the purchase, the transaction will take place. In the case when the account holder does not respond to the message, and by that does not authenticate the purchase, the transaction will not take place. Further, the procedure includes a possibility for the account holder to temporary/definitely remove the control/check function in the payment system.
Another way to verify payment of a purchase with credit card is to let the account holder's position decide if a purchase shall be accepted or not. This means that to the account is associated one more verification unit to the account holder, for instance a mobile subscription with belonging terminal. Each time the credit card is used for transaction is by that the user's position checked in order to increase the security at the payment procedure.
One advantage of the invention is that the security is increased at transaction with account payments.
Another advantage is that direct messages and/or position indication can be integrated in existing payment systems, and by that be offered a service which makes it more secure for customers to pay via the account.
Another advantage is that the frauds can be reduced in connection with account payments.
Another advantage is that when a pay/credit card is connected/associated to a mobile terminal, attempts of fraud can be detected earlier and by that pay/credit card numbers can be blocked.
BRIEF DESCRIPTION OF THE DRAWINGS
The invention will be described more in detail in the following with references to enclosed drawings, in which: Figure 1 shows a payment system for transactions with credit cards,
Figure 2 shows a principle sketch of the procedure, Figure 3 shows a flow chart of the procedure .
DESCRIPTION OF PREFERRED EMBODIMENTS
The invention is intended to be utilized in cooperation between a payment system and a device which either can transmit and receive direct messages (for instance SMS, MMS) or can be positioned by present and/or future mobile positioning technologies (for instance Bluetooth, CGI+TA, E-OTD, GPS and A-GPS) .
The invention is a procedure which verifies payments via pay/credit cards by the account holder's mobile terminal. This means in practice that besides the account, further one entity is connected/associated to the account holder,
for instance a mobile terminal. Each time the account is used for transaction, the transaction is checked by the account holder approving the transaction.
Figure 1 shows a payment system 100 for transactions with the credit card 116. The credit card 116 is connected/ associated to an account subscription 102 connected/ associated to, for instance, a bank, firm, company or any other type of business activity which pays via account. In the payment system 100 there is some type of collected information in one or more computers or smaller systems 118 which in their turn consist of at least one verification unit 104, at least one unit for storing of position 112, the user's entered position or a card terminal 118 position, at least one unit for position indication 114 storing of mobile terminal 106 position. Besides the payment system 100 can consist of at least one unit to verify the transaction 106, for instance a mobile unit, at least one unit for Internet connection 110, and/or at least one unit 108 for reading of cards, for instance a card terminal. There are different connections between the account subscription 102 and the verification unit 106 which in this case is called line 3. Another such connection can be line la which interconnects the verification unit 104 and the card terminal 108. Another similar connection is line lb between the Internet connection 110 and the verification unit 104. In Figure 1 also another connection between the mobile unit 106 and the verification unit 104, line 2, is shown. Of course it will be possible to connect several different units to the verification unit 104, depending on owned equipment. If, for instance, Bluetooth is used, it will be possible to have several different lines connected to the verification unit 104.
Figure 2 shows a principle sketch over the procedure to verify a transaction. This Figure 2 is a simplified drawing of Figure 1. Figure 2 shows more information about how the line connection between the different parts look like.
Figure 3 shows a flow chart for the procedure to verify a transaction 300. First, the holder connects 308 his/her account subscription 102 to the payment system 100 so that verification of transaction 300 can be made at the transaction. To connect 308 account to the account holder provides increased security. The account subscription 102 is connected to the account holder in some way. This is done by an account identity IDI which uniquely decides account identity being interconnected with a verification identity ID2 which is unique and identifies the account holder's terminal 106. One example of this is to, for example, connect an account number 102 to a mobile telephone number 106 (subscriber number) . Because the account 102 and the mobile telephone 106 are associated with each other, it also will be possible to block the credit card 116 in case of theft of the mobile telephone 106, and vice versa.
When use of the card 302 is made, that is a transaction being initialized, a first signal is transmitted to the payment system 100 that a transaction with the account subscription 102 has started. After that an authentication 304 is made that the transaction is allowed or not, thus a check of the transaction. Finally the transaction is terminated by a terminating signal 306 being transmitted to the payment system 100 so that the transaction with the account subscription 102 is finished.
In the procedure step authentication 304, the payment system 100 transmits an inquiry/information 310 to the account holder about in which way the account holder wants
to make his/her authentication 304. The authentication 304 can be divided into different cases: Authentication via direct message 312, or via positioning 314.
When direct message 312 is used, the account holder will get a direct message with information about the purchase. After that, he/she can inform the payment system 100 about that he/she approves the purchase or not 306. At transaction with the specific pay/credit card, the telephone number to which the account is connected/ associated is checked, whereupon a direct message 312 is transmitted to this telephone number. The message contains information about that a purchase is going to be executed, where it shall be executed, and the size of the amount of the purchase. If the account holder does not respond within a certain period of time, alternatively declines the purchase, the purchase is not executed. If the account holder responds to the message, it is probable that it is just he/she who executes the purchase since both the account and the terminal then are hold by the purchaser, and by that the purchase is executed. In this way the account holder can by his/her terminal 106 get information about when any impostor tries to make a purchase on the account 102. After that, the account holder will, via the mobile unit 106, get the option 316 that check shall be made, not be made, or time out. Time out means that a certain period of time has been set by the verification unit: If no response has been given, the transaction is performed or not performed. It depends on what value the account holder has set. The account holder can any time change his/her status in different ways by communicating with the verification unit and provide the parameters the account holder wants .
At position indication 314 is by that checked the position of the account holder (terminal) 114 in order to increase
the security at the procedure of payment. The payment system 100 then consists of at least one unit for storing of position 112. At payment with the specific pay/credit card, the account holder's terminal is positioned 106, and after that this position is compared with the position where the pay/credit card has been used 108, 110. In order to automatically find out at which place the pay/credit card is used, is required that there is a card terminal 108 located at a geographical place. The card terminal 108 is in this case a physical unit where the transaction can be registered. In the cases where there is no card terminal 108 at a geographical place, for instance at payment via Internet 110, the account holder himself/herself must state/indicate his/her position 112 where the transaction has taken place. At the case position indication 314, check 318 of that the account holder' s position 114 in relation to where the transaction 112 takes place is made.
When the card terminal 108 is at a certain/defined geographical place, for instance in a shop, the payment system 100 does not need to find out the position of the card terminal. This information may come from the card terminal 108 itself, or be derived from a database 112. When the position of the terminal is determined, the account holder is positioned via his/her mobile terminal
106. The positions of the card terminal 108 and the account holder 114 are compared, and if they match the transaction is executed. The transaction can be executed because it is probable that it is the card holder who executes the transaction since both account card 116 and mobile terminal 106 are at the suitable place. A possible impostor therefore cannot make a purchase by only getting hold of somebody else's account or wallet, but must in addition have access to the account holder's terminal 106.
When a transaction is made on an unspecified geographical place, the transaction can be made from a plurality of places, for instance at payment over Internet 110, the payment system 100 cannot connect/associate the account 102 to a specific place. This is solved by the account holder in connection with the payment in addition to card number indicates his/her position 112 where the transaction has taken place. The position 112 can for instance be indicated by the account holder indicating his/her position on a map, writing the address of where he/she is, or checking his/her position via his/her terminal. When the position is indicated, the account holder is positioned 114 by the payment system 100, and if the account holder is in/at the place 112 which he/she has indicated/stated, the purchase is executed. A possible impostor therefore cannot execute a purchase only by getting hold of anybody else' s account or wallet, but must in addition have access to the account holder's terminal 106, or know where the person is when the purchase is executed.
Besides, other states/conditions can be used depending on different fields of use, such as at Bluetooth or similar technical fields. Of course there is possibility to freely combine different cases to different extent. At direct message 312 and position indication 314, there in addition can be a possibility for the account holder to remove the check/control 304. For the account holder shall have possibility to buy even if he/she has forgotten his/her terminal at home, the batteries have ran out, etc. This would be possible to solve for instance via a web interface or via a voice answer back function. There should be a possibility to switch off/switch on the message control 314 during a certain period of time (for instance for a few hours or a day) or to switch it off/on until further notice. It, however, will be probable that some tradesmen, for instance at purchase over Internet 110, will demand
that the account holder shall utilize this function for acceptance of the purchase. The payment system 100 can have different levels of interaction with the account holder where security is weighed against simplicity. Notice that this procedure 300 can be used without the account holder needing to interact with the terminal 106 which becomes/is being positioned. This means that when pay/credit card well is connected to for instance a telephone number, the account holder need not interact with the telephone at payment, but the information about the account holder's position is taken automatically from the mobile telephone network. In order to even further increase the security, a PIN-code can be used at approval of a purchase if the mobile terminal 106 is switched on when it is at a person who is not authorized to use this mobile terminal.
Below some examples of use of the service in the respective cases are given.
Birgitta is out on her ordinary Sunday shopping to buy some clothes. Earlier she always paid cash, but has got more and more used to pay with 'cards and discovered that it is much more comfortable. In addition she has arranged secure payments via payment function which connects 308 her to the payment system 100. When she shall buy a jumper she just hand over her card. The woman cashier swipes the card in the card reader 108 and hands the card back to Birgitta. The payment system 100 by that reads Birgitta 's card number IDI and checks 304 'with the bank that there is coverage on/ at the account. At the same time Birgitta 's telephone 106, which she has in the handbag, is positioned 314 and
Birgitta 's position 114 is compared 318 with the position 112 of the card terminal. Since the two places match, the purchase is executed and Birgitta can gladly proceed. She now has a higher security at her payments but without, for that reason, it will take longer time or be more complicated.
- Bengt wants to buy a new graphics card to his computer via Internet 110. Bengt earlier has been suspicious of giving out his card number on the network for fear of that somebody shall start buying articles on his card. Now, however, Bengt has via this payment function connected 308 his account IDI to his mobile telephone number ID2. When Bengt shall pay, he indicates his card number and date of validity. The service checks 304 which telephone number that is connected/associated 312 to the account number and after that sends/transmits an inquiry about approval of payment to Bengt ' s telephone. Since Bengt has his mobile telephone at hand, he answers/responds 316 to the message, whereupon the purchase is executed.
- Mr. X has got hold of an account number by a receipt he has found. Mr. X has the intention to line his pocket at somebody else's expense by buying a DVD-player to himself by utilizing this account number. He opens up an Internet page and orders a DVD, whereupon he indicates the card number IDI. Since the holder of the card 116 has used this service for authentication 304 via direct message 312, the rightful owner of the card will have a message to his/her mobile telephone about approval of a purchase of a DVD- player at a price of 5487 kr . Since he/she has not ordered any DVD-player he/she declines the purchase and after that calls his/her bank to block the account. Mr. X receives an answer about that the purchase has not been executed and in best case the tradesman can contact the police and trace Mr. X's computer.