WO2012044260A1 - Method for securing a transaction by means of an electronic wallet, the transaction being performed from a self-service transaction equipment, and system thereof - Google Patents

Method for securing a transaction by means of an electronic wallet, the transaction being performed from a self-service transaction equipment, and system thereof Download PDF

Info

Publication number
WO2012044260A1
WO2012044260A1 PCT/TH2010/000035 TH2010000035W WO2012044260A1 WO 2012044260 A1 WO2012044260 A1 WO 2012044260A1 TH 2010000035 W TH2010000035 W TH 2010000035W WO 2012044260 A1 WO2012044260 A1 WO 2012044260A1
Authority
WO
WIPO (PCT)
Prior art keywords
transaction
self
time password
electronic wallet
service
Prior art date
Application number
PCT/TH2010/000035
Other languages
French (fr)
Inventor
Lsrabhol Cheawiriyabunya
Original Assignee
True Money Co. Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by True Money Co. Ltd filed Critical True Money Co. Ltd
Priority to PCT/TH2010/000035 priority Critical patent/WO2012044260A1/en
Publication of WO2012044260A1 publication Critical patent/WO2012044260A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/349Rechargeable cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes

Definitions

  • the field of the invention is that of transactions by electronic wallet (or electronic money account) performed from a self-service transaction equipment (or kiosk), for example a bill-payment kiosk.
  • the invention relates to the improvement of the securing of such transactions.
  • Self-service transaction kiosks offer a variety of conveniences while performing multiple transactions (for example, payment of different kinds of bills) at any time of the day at any place.
  • Such self-service transaction kiosks can be placed, for example, in payment centres, convenience stores, supermarkets or in the street (like a telephone box).
  • Known self-service transaction kiosks are equipped with an electronic card module, for allowing consumers to perform transactions by means of an electronic card.
  • a classic transaction securing technique consists of authenticating the electronic card involved in the transaction by means of a personal code known by the owner of said card, for example a 4-digit code. Such a technique is not however completely reliable, insofar as said code can be discovered, for example by observation when the code is entered at the time of a transaction, or by searching by means of a program, in order to use the card stolen from its owner.
  • the invention in at least one of its embodiments is aimed at overcoming these different drawbacks of the prior art.
  • an objective of at least one embodiment of the invention is to provide a technique enabling the securing and authentication of transactions to be reinforced.
  • a method for securing a transaction by means of an electronic wallet the transaction being performed from a self-service transaction equipment by the owner of said electronic wallet, a transaction server in charge of managing transactions involving said electronic wallet having previously recorded access data relating to said electronic wallet, said self-service transaction equipment performing the steps of:
  • said electronic wallet is associated with a mobile terminal belonging to said owner.
  • the method is such that it comprises the following steps:
  • the invention is based on a novel and inventive approach to the securing of transactions, which consists in conditioning the execution (i.e. authorization) of a transaction performed from a self-service transaction kiosk by the detection that a mobile terminal associated with the owner of an electronic wallet involved in the transaction is near the self- service transaction kiosk. This detection is based on a one-time password mechanism.
  • the transaction server has previously recorded an identifier of said mobile terminal.
  • said step of obtaining, by said mobile terminal, of a one-time password comprises the following step, performed by the transaction server:
  • said step of obtaining, by said mobile terminal, of a one-time password comprises the following steps, performed by the self-service transaction equipment:
  • said one-time password is transmitted via a "SMS" ("Short Message Service”).
  • SMS Short Message Service
  • said one-time password is transmitted according to a communication technique belonging to the group including:
  • the communication between the self-service transaction equipment and the mobile terminal is implemented via different technologies, varying for example according to the type of mobile terminal involved.
  • said self-service transaction equipment performs at least one transaction belonging to the group including: —
  • a system for securing a transaction by means of an electronic wallet comprising:
  • a transaction server in charge of managing transactions involving said electronic wallet having previously recorded access data relating to said electronic wallet.
  • the self-service transaction equipment comprises:
  • said electronic wallet is associated with a mobile terminal (15) belonging to said owner.
  • said transaction server comprises means for generating a one-time password.
  • said self-service transaction equipment comprises:
  • said transaction server upon detection by said transaction server of said one-time password transmitted by the means for transmitting of said self-service transaction equipment, said transaction server authorizes the transaction to be effective.
  • Figure 1 shows an example of a system for implementing the invention according to an embodiment.
  • Figure 2 shows the main steps of the securing method according to a particular embodiment of the invention, in a system as shown in figure 1.
  • the general principle of an exemplary aspect of the invention consists in conditioning the execution of a transaction performed from a self-service transaction kiosk by the detection that a mobile terminal associated with the owner of an electronic wallet involved in the transaction is near the self-service transaction kiosk (i.e. if the mobile terminal is carried by its owner).
  • This detection is based on a one-time password mechanism.
  • This one-time password mechanism is implemented at the level of a transaction server belonging to the banking organization in charge of the management of transactions involving the electronic wallet in question.
  • Such one-time password mechanism enables a reinforcement of the securing of the transaction, while requiring no use of additional identification modules at self-service transaction kiosk level.
  • Figure 1 shows an example of a system 1 for implementing an aspect of the disclosure, according to a particular embodiment.
  • a user 10 has previously opened an electronic wallet account with a bank entity (such as, for example, TrueMoney).
  • the electronic wallet contains electronic money that user uses, for example, for buying products or services.
  • the bank entity has a bank server 20 in which the user's electronic wallet is stored.
  • a self-service transaction kiosk 30 is located, for example, in the street near the user's house. The user 10 can use, at any time and at any day, the self-service transaction kiosk 30 for performing particularly (but not exclusively) the following electronic transactions by means of his electronic wallet:
  • the system comprises a number n of self-service transaction kiosks which are distributed over a plurality of stores, malls, train stations, airport, and so on.
  • the user carries a mobile terminal 15 comprising at least one transmitting antenna and one receiving antenna.
  • the self-service transaction kiosk 30 is capable of communicating with the mobile terminal 15 of the user, according to various short-range communications technologies, such as, for example, "Wi-Fi", "RFID” or infrared technology.
  • the bank entity also has a transaction server 40 in charge of managing transactions involving the electronic wallet of the user.
  • the transaction server 40 stores access data relating to the electronic wallet of the user. For example, the transaction server 40 stores the electronic wallet account number and a password for accessing such electronic wallet account.
  • the transaction server 40 stores an identifier of the user's mobile terminal 15 among the access data relating to the electronic wallet of the user.
  • the user's mobile terminal 15 is a mobile telephone.
  • the transaction server 40 stores, for example, the MSISDN number associated to the mobile telephone.
  • system 1 further comprises:
  • a system 50 named "NiEW” New IEW
  • KIMs for "KIOSK Monitoring and Management System”
  • PCS Payment Centralize System
  • BO report for "Business Object Report” in charge of creating financial report and account report
  • CCR Web for "Call Center Representative”
  • CPG Centralize Payment Gateway
  • Touch DB a database 120 named "Touch DB” in charge of storing information relative to payment using an electronic money purse (defined here below);
  • PPGW PrePay GateWay
  • prepaid mobile phone service such as, for example, the one provided by True Move network
  • PCT Personal Communication Telephone
  • D2C for "Dealer to Customer”
  • This D2C system allows associating amount of money with amount of days. For example, if customer adds 300THB he will get a period of 30 days for using mobile phone service;
  • PCS Payment Centralize System
  • the electronic money purse shall be understood as the means comprised in a mobile device for storing a .certain user electronic money data which allow said user to pay commodities or services in person.
  • a first step the user selects a transaction to perform through a menu displayed on the screen of the self-service transaction kiosk 30. Then, the self-service transaction kiosk 30 asks the user to confirm the selected transaction.
  • the selected transaction is a top-up of an electronic money purse with money stored in an electronic wallet account.
  • the user indicates the amount of money he wants to transfer from his electronic wallet account to his electronic money purse.
  • a step SI the user confirms his selection by using, for example, the touch screen of the self-service transaction kiosk 30.
  • the self-service transaction kiosk 30 transmits to the transaction server 40 a message containing an information relative to the selected transaction and the amount of money the user wants to transfer from his electronic wallet account to his electronic money purse.
  • the transaction server 40 sends (step S3) to the self-service transaction kiosk 30 a message asking the user to input an electronic wallet account number and a corresponding password.
  • the message sent by the transaction server 40 can ask for a MSISDN number and a PIN code.
  • the self-service transaction kiosk 30 displays on its screen the message asking the user to input an electronic wallet account number and a corresponding password.
  • a step S5 the user inputs his electronic wallet account number and his password.
  • the user can use a user interface provided on the self- service transaction kiosk 30 (such as, for example, a touch screen, keyboard,).
  • the user can use his mobile terminal 15 for transmitting these information to the self-service transaction kiosk 30 via a short range communication technology (such as, for example, "WiFi", "RFID”,).
  • a short range communication technology such as, for example, "WiFi", "RFID”,.
  • the self-service transaction kiosk 30 transmits to the transaction server 40 a message containing the electronic wallet account number and the password inputted by the user at step S5.
  • the transaction server 40 Upon detection of valid electronic wallet account number and valid password, the transaction server 40 generates (step S7) a random one-time password (for example, a four digits password). Then, the transaction server 40 sends (step S8) to the mobile terminal 15 a message (for example, a "SMS") containing the one-time password, via a Merchant Gate Way and a First Hop.
  • a message for example, a "SMS"
  • the user receives the message containing the one-time password.
  • the self-service transaction kiosk 30 then asks the user to input a password.
  • the user inputs the one-time password he has received on his mobile terminal 15 by using, for example, the user interface of the self-service transaction kiosk 30.
  • the self-service transaction kiosk 30 can ask the user to input additional access data, such as, for example, a PIN code.
  • the user can use his mobile terminal 15 for transmitting automatically the received one-time password to the self-service transaction kiosk 30 via a short range communication technology. This is convenient when the one-time password comprises a large number of digits.
  • the self-service transaction kiosk 30 transmits to the transaction server 40 a message containing the one-time password inputted by the user at step S9.
  • step SI 2 Upon detection of valid one-time password (step SI 1), the transaction server 40 creates a communication session (step SI 2) with the bank server 20 in which the user's electronic wallet account is stored.
  • the transaction server 40 transmits to the bank server 20 a message containing the electronic wallet account number of the user and the amount of money the user wants to transfer from his electronic wallet account to his electronic money purse.
  • the bank server 20 verifies that the user's electronic wallet account comprises the amount of money that the user wants to transfer. Upon positive verification, the bank server 20 transfers the amount of money specified by the user from his electronic wallet account to his electronic money purse.
  • the self-service transaction kiosk 30 sends to the mobile terminal 15 a message (for example, a "SMS") for confirming , success of the transaction.
  • a message for example, a "SMS"
  • the self-service transaction kiosk 30 can print a transaction receipt.

Abstract

The present invention relates to a method for securing a transaction by means of an electronic wallet, the transaction being performed from a self-service transaction equipment (30) by the owner (10) of the electronic wallet, a transaction server (40) in charge of managing transactions involving the electronic wallet having previously recorded access data relating to the electronic wallet. According to a first aspect of the present invention, the self-service transaction equipment performs the steps of: - obtaining the access data from the owner; - transmitting a first message containing the obtained access data to the transaction server. Advantageously, the electronic wallet is associated with a mobile terminal (15) belonging to the owner. According to a second aspect of the present invention, the method comprises the following steps: obtaining, by the mobile terminal, a one-time password generated by the transaction server; - obtaining, by the self-service transaction equipment, the one-time password provided by the owner; - transmitting, by the self-service transaction equipment, a first message containing the one-time password to the transaction server; upon detection by the transaction server of the one-time password transmitted by the self-service transaction equipment, authorizing the transaction to be effective.

Description

METHOD FOR SECURING A TRANSACTION BY MEANS OF AN ELECTRONIC WALLET, THE TRANSACTION BEING PERFORMED FROM A SELF-SERVICE
TRANSACTION EQUIPMENT, AND SYSTEM THEREOF FIELD OF THE INVENTION
The field of the invention is that of transactions by electronic wallet (or electronic money account) performed from a self-service transaction equipment (or kiosk), for example a bill-payment kiosk.
More specifically, the invention relates to the improvement of the securing of such transactions.
BACKGROUND OF THE INVENTION
Self-service transaction kiosks offer a variety of conveniences while performing multiple transactions (for example, payment of different kinds of bills) at any time of the day at any place. Such self-service transaction kiosks can be placed, for example, in payment centres, convenience stores, supermarkets or in the street (like a telephone box).
Known self-service transaction kiosks are equipped with an electronic card module, for allowing consumers to perform transactions by means of an electronic card.
A classic transaction securing technique consists of authenticating the electronic card involved in the transaction by means of a personal code known by the owner of said card, for example a 4-digit code. Such a technique is not however completely reliable, insofar as said code can be discovered, for example by observation when the code is entered at the time of a transaction, or by searching by means of a program, in order to use the card stolen from its owner.
To overcome these disadvantages, known self-service transaction kiosks are equipped with additional identification modules (code bar reader, wireless smart card reader,...) for identifying the card owner. However, the use of such additional modules increases the cost of one self-service transaction kiosk, what can be problematic for a business industry who wishes to put in operation thousands of self-service transaction kiosks. GOALS OF THE INVENTION
The invention in at least one of its embodiments is aimed at overcoming these different drawbacks of the prior art.
More specifically, an objective of at least one embodiment of the invention is to provide a technique enabling the securing and authentication of transactions to be reinforced.
It is another goal of at least one embodiment of the invention to provide such a technique that does not require the use of additional identification modules at kiosk level.
SUMMARY OF THE INVENTION
According to a particular aspect of the present invention, there is provided a method for securing a transaction by means of an electronic wallet, the transaction being performed from a self-service transaction equipment by the owner of said electronic wallet, a transaction server in charge of managing transactions involving said electronic wallet having previously recorded access data relating to said electronic wallet, said self-service transaction equipment performing the steps of:
- obtaining said access data from said owner;
- transmitting a first message containing the obtained access data to the transaction server.
According to a particular aspect of the present invention, said electronic wallet is associated with a mobile terminal belonging to said owner.
The method is such that it comprises the following steps:
- obtaining, by said mobile terminal, a one-time password generated by the transaction server;
- obtaining, by said self-service transaction equipment, said one-time password provided by the owner;
- transmitting, by the self-service transaction equipment, a first message containing said one-time password to the transaction server; - upon detection by the transaction server of said one-time password transmitted by the self-service transaction equipment, authorizing said transaction to be effective.
Thus, the invention is based on a novel and inventive approach to the securing of transactions, which consists in conditioning the execution (i.e. authorization) of a transaction performed from a self-service transaction kiosk by the detection that a mobile terminal associated with the owner of an electronic wallet involved in the transaction is near the self- service transaction kiosk. This detection is based on a one-time password mechanism.
Advantageously, the transaction server has previously recorded an identifier of said mobile terminal.
According to a first particular embodiment of the present invention, said step of obtaining, by said mobile terminal, of a one-time password comprises the following step, performed by the transaction server:
transmitting a second message containing said one-time password to the mobile terminal identified by means of said identifier.
According to a second particular embodiment of the present invention, said step of obtaining, by said mobile terminal, of a one-time password comprises the following steps, performed by the self-service transaction equipment:
- receiving, from the transaction server, a third message containing said one-time password and said identifier;
- transmitting a fourth message containing said one-time password to the mobile terminal identified by means of said identifier.
Advantageously, said one-time password is transmitted via a "SMS" ("Short Message Service").
According to an exemplary aspect of the invention, said one-time password is transmitted according to a communication technique belonging to the group including:
- "Wi-Fi" technology;
- "RFID" technology;
infrared technology.
Thus, according to various embodiments of the invention, the communication between the self-service transaction equipment and the mobile terminal is implemented via different technologies, varying for example according to the type of mobile terminal involved. Advantageously, said self-service transaction equipment performs at least one transaction belonging to the group including: —
- payment of bills or services;
- top-up pre-paid electronic card or electronic money purse;
- payment of code for top-up pre-paid electronic card, wireless internet code, or code for satellite television services;
- transfer money from electronic wallet to a predetermined bank account.
In one particular embodiment of the invention, there is proposed a system for securing a transaction by means of an electronic wallet, the system comprising :
- a self-service transaction equipment from which the owner of said electronic wallet performs the transaction;
a transaction server in charge of managing transactions involving said electronic wallet having previously recorded access data relating to said electronic wallet.
The self-service transaction equipment comprises:
- means for obtaining said access data from said owner;
means for transmitting a first message containing the obtained access data to the transaction server.
Advantageously, said electronic wallet is associated with a mobile terminal (15) belonging to said owner.
Advantageously, said transaction server comprises means for generating a one-time password.
Advantageously, said self-service transaction equipment comprises:
- means for obtaining said one-time password from the owner;
- means for transmitting a message containing said one-time password to the transaction server.
According to a particular aspect of the invention, upon detection by said transaction server of said one-time password transmitted by the means for transmitting of said self-service transaction equipment, said transaction server authorizes the transaction to be effective. BRIEF DESCRIPTION OF THE DRAWINGS
Other features and advantages of the invention will become clearer in view of the following description of a specific embodiment, provided as a simple illustrative and non- limiting example, and appended drawings, in which:
Figure 1 shows an example of a system for implementing the invention according to an embodiment.
Figure 2 shows the main steps of the securing method according to a particular embodiment of the invention, in a system as shown in figure 1.
DETAILED DESCRIPTION OF ILLUSTRATIVE EMBODIMENTS
The general principle of an exemplary aspect of the invention consists in conditioning the execution of a transaction performed from a self-service transaction kiosk by the detection that a mobile terminal associated with the owner of an electronic wallet involved in the transaction is near the self-service transaction kiosk (i.e. if the mobile terminal is carried by its owner). This detection is based on a one-time password mechanism. This one-time password mechanism is implemented at the level of a transaction server belonging to the banking organization in charge of the management of transactions involving the electronic wallet in question. Thus, such one-time password mechanism enables a reinforcement of the securing of the transaction, while requiring no use of additional identification modules at self-service transaction kiosk level.
Figure 1 shows an example of a system 1 for implementing an aspect of the disclosure, according to a particular embodiment.
A user 10 has previously opened an electronic wallet account with a bank entity (such as, for example, TrueMoney). The electronic wallet contains electronic money that user uses, for example, for buying products or services.
The bank entity has a bank server 20 in which the user's electronic wallet is stored. A self-service transaction kiosk 30 is located, for example, in the street near the user's house. The user 10 can use, at any time and at any day, the self-service transaction kiosk 30 for performing particularly (but not exclusively) the following electronic transactions by means of his electronic wallet:
- payment for goods and/or services;
- payment of electricity bills, water supply bills, insurance company;
- top-up pre-paid electronic card or electronic money purse;
- buying code for top-up pre-paid electronic card, wireless internet code, or code for satellite television services;
- transfer money from electronic wallet account, for example, to a bank account of a charity organization.
In an alternative embodiment, the system comprises a number n of self-service transaction kiosks which are distributed over a plurality of stores, malls, train stations, airport, and so on.
The user carries a mobile terminal 15 comprising at least one transmitting antenna and one receiving antenna. According to a particular embodiment, the self-service transaction kiosk 30 is capable of communicating with the mobile terminal 15 of the user, according to various short-range communications technologies, such as, for example, "Wi-Fi", "RFID" or infrared technology.
The bank entity also has a transaction server 40 in charge of managing transactions involving the electronic wallet of the user. The transaction server 40 stores access data relating to the electronic wallet of the user. For example, the transaction server 40 stores the electronic wallet account number and a password for accessing such electronic wallet account.
According to a particular embodiment, the transaction server 40 stores an identifier of the user's mobile terminal 15 among the access data relating to the electronic wallet of the user. As shown in the example of figure 1, the user's mobile terminal 15 is a mobile telephone. In this case, the transaction server 40 stores, for example, the MSISDN number associated to the mobile telephone.
As shown in the example of figure 1, the system 1 further comprises:
- a system 50 named "NiEW" (New IEW) in charge of making the interface between a TCP/IP protocol used by the mobile terminal 15 and a SOAP protocol used by the transaction server 40; - a system 60 named "KIMs" (for "KIOSK Monitoring and Management System"). This system 60 allows bank entity staff to manage and support maintenance of self-service transaction kiosk;
- a system 70 named "PCS" (for "Payment Centralize System") in charge of managing payment of bills, sending and receiving bills information of client;
a system 80 named "BO report" (for "Business Object Report") in charge of creating financial report and account report;
- a system 90 named "CCR Web" (for "Call Center Representative"). This system 90 allows bank entity staff to examine the customer's transaction;
- a system 100 named "CPG" (for "Centralize Payment Gateway") in charge of creating a communication channel between the transaction server 40 of the bank entity and a server 110 of another bank entity. This system 100 allows a secure bank to bank link.
- a database 120 named "Touch DB" in charge of storing information relative to payment using an electronic money purse (defined here below);
- a group of systems 130 comprising:
• a system named "PPGW" (for "PrePay GateWay") in charge of managing transaction relative to prepaid mobile phone service (such as, for example, the one provided by True Move network) or PCT (Personal Communication Telephone);
• a system named "D2C" (for "Dealer to Customer"). This D2C system allows associating amount of money with amount of days. For example, if customer adds 300THB he will get a period of 30 days for using mobile phone service;
• a system named "PCS" (for "Payment Centralize System") in charge of:
• examining billing's status and the amount of money that client must pay for service bill, and
• recording bill payment activities of client.
It is sought more particularly here below in this document to describe an embodiment in which a user uses the self-service transaction kiosk 30 for performing a top-up of an electronic money purse comprised in his mobile telephone with money stored in his electronic wallet account. The electronic money purse shall be understood as the means comprised in a mobile device for storing a .certain user electronic money data which allow said user to pay commodities or services in person.
In reference to Figure 2, the main steps of the method for securing a transaction will now be described according to a particular embodiment of the invention, as well as the steps relating to the transaction itself.
In a first step (not represented), the user selects a transaction to perform through a menu displayed on the screen of the self-service transaction kiosk 30. Then, the self-service transaction kiosk 30 asks the user to confirm the selected transaction. For illustrative purpose, in the following of this document it is considered that the selected transaction is a top-up of an electronic money purse with money stored in an electronic wallet account. Thus, during this first step, the user indicates the amount of money he wants to transfer from his electronic wallet account to his electronic money purse.
In a step SI, the user confirms his selection by using, for example, the touch screen of the self-service transaction kiosk 30.
In a step S2, the self-service transaction kiosk 30 transmits to the transaction server 40 a message containing an information relative to the selected transaction and the amount of money the user wants to transfer from his electronic wallet account to his electronic money purse.
In response to this message, the transaction server 40 sends (step S3) to the self-service transaction kiosk 30 a message asking the user to input an electronic wallet account number and a corresponding password. In an alternative embodiment, the message sent by the transaction server 40 can ask for a MSISDN number and a PIN code.
In a step S4, the self-service transaction kiosk 30 displays on its screen the message asking the user to input an electronic wallet account number and a corresponding password.
In a step S5, the user inputs his electronic wallet account number and his password. For this aim, in a particular embodiment, the user can use a user interface provided on the self- service transaction kiosk 30 (such as, for example, a touch screen, keyboard,...). In an alternative embodiment, the user can use his mobile terminal 15 for transmitting these information to the self-service transaction kiosk 30 via a short range communication technology (such as, for example, "WiFi", "RFID",...). In a step S6, the self-service transaction kiosk 30 transmits to the transaction server 40 a message containing the electronic wallet account number and the password inputted by the user at step S5.
It is assumed that the transaction server has previously recorded the mobile terminal phone number.
Upon detection of valid electronic wallet account number and valid password, the transaction server 40 generates (step S7) a random one-time password (for example, a four digits password). Then, the transaction server 40 sends (step S8) to the mobile terminal 15 a message (for example, a "SMS") containing the one-time password, via a Merchant Gate Way and a First Hop.
The user receives the message containing the one-time password. The self-service transaction kiosk 30 then asks the user to input a password. In a step S9, the user inputs the one-time password he has received on his mobile terminal 15 by using, for example, the user interface of the self-service transaction kiosk 30. In an alternative embodiment, the self-service transaction kiosk 30 can ask the user to input additional access data, such as, for example, a PIN code. In an alternative embodiment, the user can use his mobile terminal 15 for transmitting automatically the received one-time password to the self-service transaction kiosk 30 via a short range communication technology. This is convenient when the one-time password comprises a large number of digits.
In a step S10, the self-service transaction kiosk 30 transmits to the transaction server 40 a message containing the one-time password inputted by the user at step S9.
Upon detection of valid one-time password (step SI 1), the transaction server 40 creates a communication session (step SI 2) with the bank server 20 in which the user's electronic wallet account is stored.
In a step SI 3, the transaction server 40 transmits to the bank server 20 a message containing the electronic wallet account number of the user and the amount of money the user wants to transfer from his electronic wallet account to his electronic money purse.
Then, in a step S14, the bank server 20 verifies that the user's electronic wallet account comprises the amount of money that the user wants to transfer. Upon positive verification, the bank server 20 transfers the amount of money specified by the user from his electronic wallet account to his electronic money purse. Finally, in a step S I 5, the self-service transaction kiosk 30 sends to the mobile terminal 15 a message (for example, a "SMS") for confirming, success of the transaction. In an alternative embodiment, the self-service transaction kiosk 30 can print a transaction receipt.
Although the present disclosure has been described with reference to a limited number of examples, workers skilled in the art will recognize that changes may be made in form and detail without departing from the scope of the disclosure and/or the appended claims.

Claims

A method for securing a transaction by means of an electronic wallet, the transaction being performed from a self-service transaction equipment (30) by the owner (10) of said electronic wallet, a transaction server (40) in charge of managing transactions involving said electronic wallet having previously recorded access data relating to said electronic wallet, said self-service transaction equipment performing the steps of:
- obtaining said access data from said owner;
transmitting a first message containing the obtained access data to the transaction server,
wherein said electronic wallet is associated with a mobile terminal (15) belonging to said owner,
and wherein said method comprises the following steps:
- obtaining, by said mobile terminal, a one-time password generated by the transaction server;
- obtaining, by said self-service transaction equipment, said one-time password provided by the owner;
- transmitting, by the self-service transaction equipment, a first message containing said one-time password to the transaction server;
- upon detection by the transaction server of said one-time password transmitted by the self-service transaction equipment, authorizing said transaction to be effective.
The method for securing a transaction according to claim 1, wherein the transaction server has previously recorded an identifier of said mobile terminal,
and wherein said step of obtaining, by said mobile terminal, of a one-time password comprises the following step, performed by the transaction server:
transmitting a second message containing said one-time password to the mobile terminal identified by means of said identifier.
The method for securing a transaction according to claim 1, wherein the transaction server has previously recorded an identifier of said mobile terminal,
and wherein said step of obtaining, by said mobile terminal, of a one-time password comprises the following steps, performed by the self-service transaction equipment: receiving, from the transaction server, a third message containing said one-time password and said identifier;
- transmitting a fourth message containing said one-time password to the mobile terminal identified by means of said identifier.
4. The method for securing a transaction according to claim 2 or 3, wherein said one-time password is transmitted via a "SMS" ("Short Message Service").
5. The method for securing a transaction according to claim 4, wherein said one-time password is transmitted according to a communication technique belonging to the group including:
- "Wi-Fi" technology;
- " FID" technology;
infrared technology.
6. The method for securing a transaction according to any of claims 1 to 5, wherein said self- service transaction equipment (30) performs at least one transaction belonging to the group including:
- payment of bills or services;
- top-up pre-paid electronic card or electronic money purse;
- payment of code for top-up pre-paid electronic card, wireless internet code, or code for satellite television services;
- transfer money from electronic wallet to a predetermined bank account.
7. A system for securing a transaction by means of an electronic wallet, the system comprising :
a self-service transaction equipment (30) from which the owner (10) of said electronic wallet performs the transaction;
- a transaction server (40) in charge of managing transactions involving said electronic wallet having previously recorded access data relating to said electronic wallet, said self-service transaction equipment comprising:
- means for obtaining said access data from said owner;
- means for transmitting a first message containing the obtained access data to the transaction server,
wherein said electronic wallet is associated with a mobile terminal (15) belonging to said owner, and wherein said transaction server (40) comprises means for generating a one-time password, - and wherein said self-service transaction equipment (30) comprises:
means for obtaining said one-time password from the owner;
means for transmitting a message containing said one-time password to the transaction server,
and wherein upon detection by said transaction server of said one-time password transmitted by the means for transmitting of said self-service transaction equipment, said transaction server authorizes the transaction to be effective..
A computer program product comprising program code instructions for implementing the above-mentioned method for securing a transaction according to at least one of the claims 1 to 6 when said program is executed on a computer.
A computer-readable storage means storing a computer program comprising a set of instructions executable by a computer to implement the method for securing a transaction according to at least one of the claims 1 to 6.
PCT/TH2010/000035 2010-09-28 2010-09-28 Method for securing a transaction by means of an electronic wallet, the transaction being performed from a self-service transaction equipment, and system thereof WO2012044260A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/TH2010/000035 WO2012044260A1 (en) 2010-09-28 2010-09-28 Method for securing a transaction by means of an electronic wallet, the transaction being performed from a self-service transaction equipment, and system thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/TH2010/000035 WO2012044260A1 (en) 2010-09-28 2010-09-28 Method for securing a transaction by means of an electronic wallet, the transaction being performed from a self-service transaction equipment, and system thereof

Publications (1)

Publication Number Publication Date
WO2012044260A1 true WO2012044260A1 (en) 2012-04-05

Family

ID=43608635

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/TH2010/000035 WO2012044260A1 (en) 2010-09-28 2010-09-28 Method for securing a transaction by means of an electronic wallet, the transaction being performed from a self-service transaction equipment, and system thereof

Country Status (1)

Country Link
WO (1) WO2012044260A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9064268B2 (en) 2010-11-01 2015-06-23 Outerwall Inc. Gift card exchange kiosks and associated methods of use
USD748196S1 (en) 2014-08-27 2016-01-26 Outerwall Inc. Consumer operated kiosk for sampling products
US9799014B2 (en) 2011-11-23 2017-10-24 Coinstar Asset Holdings, Llc Mobile commerce platforms and associated systems and methods for converting consumer coins, cash, and/or other forms of value for use with same
US10182048B1 (en) * 2016-05-24 2019-01-15 Symantec Corporation Systems and methods for automatically populating one-time-password input fields

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080255947A1 (en) * 2007-04-11 2008-10-16 First Data Corporation Mobile commerce infrastructure systems and methods
US20090104888A1 (en) * 2007-10-17 2009-04-23 First Data Corporation Onetime Passwords For Mobile Wallets

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080255947A1 (en) * 2007-04-11 2008-10-16 First Data Corporation Mobile commerce infrastructure systems and methods
US20090104888A1 (en) * 2007-10-17 2009-04-23 First Data Corporation Onetime Passwords For Mobile Wallets

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9064268B2 (en) 2010-11-01 2015-06-23 Outerwall Inc. Gift card exchange kiosks and associated methods of use
US9799014B2 (en) 2011-11-23 2017-10-24 Coinstar Asset Holdings, Llc Mobile commerce platforms and associated systems and methods for converting consumer coins, cash, and/or other forms of value for use with same
USD748196S1 (en) 2014-08-27 2016-01-26 Outerwall Inc. Consumer operated kiosk for sampling products
US10182048B1 (en) * 2016-05-24 2019-01-15 Symantec Corporation Systems and methods for automatically populating one-time-password input fields

Similar Documents

Publication Publication Date Title
CN102859544B (en) The system and method paid for using mobile device to be traded
US20120078783A1 (en) Method, apparatus, and system for enabling purchaser to direct payment approval, settlement, and membership subscription using mobile communication terminal
KR101689894B1 (en) Method and System for payment gateway using mobile terminal
KR100366060B1 (en) Optical payment transceiver and system using the same
US6142369A (en) Electronic transaction terminal for conducting electronic financial transactions using a smart card
KR101171804B1 (en) System and method for electronic payment, and server, communication terminal and program therefor
EP2061001A1 (en) Payment method, payment system and suitable devices therefor
KR20040016770A (en) Card/account managing system and method of the same
CN102629921A (en) Systems and methods for establishing a communication session between communication devices
KR20110019887A (en) Mobile virtual machine settlement system of account and card and method using virtual machine trading stamp
CN106056374A (en) Systems, methods, and computer readable media for payment and non-payment virtual card transfer between mobile devices
CN110678888B (en) Customer initiated payment transaction system and method
CN104704520B (en) Method of payment based on cloud
WO2012044260A1 (en) Method for securing a transaction by means of an electronic wallet, the transaction being performed from a self-service transaction equipment, and system thereof
KR20060093575A (en) Method for settling using a portable phone
KR20140047543A (en) Insurance watch and pament agent system and method based on location of mobile
KR101852943B1 (en) Real-time currency exchange apparatus using mobile cards
KR20170024518A (en) Method, server and system for providing digital contents
KR102572349B1 (en) Management server using virtual account and method thereof
US20170132588A1 (en) Electronic Payment System and Relative Method
KR100662278B1 (en) electronic payment system and method for making payment of the same
KR101864891B1 (en) Settlement Method using Fin-tech Wearable Device for Putting a Money on and Paying the Money
AU2022204348A1 (en) Methods and systems for linking and operating digital wallets and venue accounts
KR20170033628A (en) Easy payment system and method of post payment type
KR100934103B1 (en) System for Payment by Using WireWireless Network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10776197

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10776197

Country of ref document: EP

Kind code of ref document: A1