[go: nahoru, domu]

GB2398152A - A Credit or debit card with a changing card number - Google Patents

A Credit or debit card with a changing card number Download PDF

Info

Publication number
GB2398152A
GB2398152A GB0302852A GB0302852A GB2398152A GB 2398152 A GB2398152 A GB 2398152A GB 0302852 A GB0302852 A GB 0302852A GB 0302852 A GB0302852 A GB 0302852A GB 2398152 A GB2398152 A GB 2398152A
Authority
GB
United Kingdom
Prior art keywords
card
transaction
previous
credit
debit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0302852A
Other versions
GB0302852D0 (en
Inventor
Stephen Anthony Gerar Chandler
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to GB0302852A priority Critical patent/GB2398152A/en
Publication of GB0302852D0 publication Critical patent/GB0302852D0/en
Publication of GB2398152A publication Critical patent/GB2398152A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/02Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by keys or other credit registering devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/343Cards including a counter
    • G06Q20/3437Cards including a counter the counter having non-monetary units, e.g. trips
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The basic invention is a credit or debit card containing an electronic circuit which functions similarly to existing smart cards, but whose card number changes in a random or pseudo-random manner known to the card issuing or account holding institution, after each transaction. An enhanced version incorporates the ability to modify the number according to the amount of the transaction and/or a PIN number, thereby providing further checking and enabling the card to record within itself a reliable record of transactions.

Description

2398 1 52 Credit and debit cards
Introduction
This invention relates to credit and debit cards and devices of similar functionality. s
An increasing number of purchases of goods and services as well as cash withdrawals from Automatic Teller Machines (ATM), are being performed using credit and debit cards. This makes the use of cards a prime target for fraudsters. ATM machines are relatively secure, requiring the use of a Personal Identification Number (PIN) as well as the physical card in order to withdraw money. Fraud by the use of bogus ATM machines, for example, have though, been reported. The use of smart cards containing active electronic circuits should help somewhat. The security of payment for goods in person is enhanced by the requirement for a handwritten signature to confirm the purchase.
However when paying for goods or services by telephone or over the Internet, the only information used is the card number. There is in fact nothing to prevent purchases being debited twice, by mistake or by deliberate fraud, or even totally bogus transactions implemented, once the number has been disclosed. The only protection is provided by the fact that the name of the payee is recorded on the statement. Theoretically this should enable action to be taken, but in reality it would be likely to be too much effort unless the sum involved were large, particularly if the payee is located in another part of the world. It certainly gives no re-assurance to potential users who are unlikely to have any hard evidence of a transaction and certainly not that a transaction did not take place. Of particular concern is the double clicking problem in which the same goods or service can easily be ordered twice. The fact that even some of the largest and well-known names can refuse to refund multiple payments even it is evident that this could not have been intended. An example of this, which stimulated this patent, involved paying for Internet service provision. Although inconceivable that anyone would wish to pay for multiple contract to use the Internet from the same telephone, the ISP, one of the leading names, only agreed to refund the multiple payment when it was proved that the person who performed the multiple click was a minor. The feeling of powerlessness which results from such not uncommon experiences, is probably a major concern restricting the payment for goods over the internet.
Another restriction on the payment of goods over the Internet is that those to whom payments may be made by card are carefully vetted by the credit card companies. Inevitably there is a balance to be struck between security and flexibility of use of credit or debit cards.
On the other hand payment by cheque gives the payee considerable control and security. The cheque number is printed on statements giving a ready means of verifying the validity of a debit. They may also be used for payment of anyone with a bank account, rather than only a certain, though increasing number of trading organizations. The difference is essentially that a cheque can only be used once, whereas a credit card number can be used any number of times without the protection afforded by the direct debit guarantee.
Prior Art
One solution to this problem is provided by the American Express Single Use Card. This would enable a single purchase to be made without revealing a credit card number, which would not be of any use to anyone who intercepts it apart from for the original transaction. This is obviously not convenient for the usual usage of credit or debit cards.
Another solution was for a set of check numbers printed on a scratch card to be used to validate credit card transactions. The trouble with this is that this would be a procedure different to that normally used for credit card transactions and would probably be deprecated by the merchants who would have to modify their software and procedures for what would initially be a minority payment mechanism. The invention disclosed below achieved the same objective without requiring any change of software or procedures from those currently in use. The fact that this idea does not seem to have caught on suggests that the advantages which the method obviously has, are outweighed by the issues mentioned above.
McCown et al in patent WO 02/103642 A2 disclose a method of enhancing security by transmitting a digest of various information, which could include the transaction number. However, it is a change to the process of information exchange between the parties involved which would again require a major change to all e-commerce software as well as being more difficult to use for telephone payments. These are the nearest prior art to the method disclosed of which the author is aware.
The Invention The basic invention is a credit or debit card or device of similar functionality, referred to henceforth as card, containing an electronic circuit which functions similarly to existing smart cards, but whose card number changes in a random or pseudo-random manner known to the card issuing or account holding institution, henceforth for simplicity referred to as the Bank, after each transaction.
An enhanced version incorporates the ability to modify the number according to the amount of the transaction and/or the identity of the payee, thereby providing further checking and enabling the card to record within itself a reliable record of transactions.
Drawings In order that the invention may be more fully understood, reference will now be made, by way of example, to the accompanying drawings, in which: Figure I shows a card being an embodiment of the invention using connected electronically to the bank computer.
Figure 2 shows the same embodiment connected to a personal docking station as it would be used to make a purchase by telephone or the internet.
Figure 3 shows a card being an embodiment with enhanced functionality
Detailed Description
Memory technology is now such that there would be no problem in storing enough card numbers to last the lifetime of a physical card. If the level of use were such that the numbers in a card were to be about to run out, this would be known to the Bank which could easily issue a new card in the normal manner.
Electronic re-charging at an ATM machine for example, though straightforward to implement, would probably be unnecessary. 1 his number would be accesses in the normal manner for smart cards using electrical connection for ATM transactions or customer present purchases from merchants with the appropriate technology. However, for telephone or Internet applications the number could be read by placing it in the customer's own docking station, being a low cost device designed for the purpose, which would probably have the appearance of a calculator. In another embodiment the card could be made with an LCD display for the card number and means for entering the conclusion of transactions.
The advantage of the latter would be convenience of use, whereas the former has the advantage of a lower cost card and increased functionality as, for example, the enhanced version below.
Credit, or debit card numbers contain the identity of the Bank, the identity of the account, and check digits to ensure that the probability of a random number with the right number of digits being a valid card number is sufficiently small. For example four decimal check digits would give a probability of a random choice being correct as 0.0001. The fact that this information is subject to a mapping process to produce the actual number on the card does not affect this structure.
In the invention described above, random or pseudo random check digit combinations are used by the Bank to generate an ordered list of card numbers referring to a particular account which are stored or, with less security, re-generated as an identical list, on the card itself.
The changeable card number would only be used for situations in which the payee has on-line connection to the account holding institution, which would use the members of the list in sequence for successive payments. Memory technology is now such that there would be no problem in storing enough card numbers to last the expected lifetime of a physical card. If the numbers in a card were to be about to run out, this would be known to the Bank which could easily issue a new card in the normal manner. Electronic re-charging of the card with new numbers at an ATM machine for example, though straightforward to implement, would probably be unnecessary. For ATM transactions or customer present purchases from merchants with the appropriate technology providing electrical connection to the eard, this number would be transferred in the normal manner for such smart cards. This is illustrated in Figure 1, where the eard 1 comprises a memory means 2 containing the list of card numbers, a microcontroller or electronic control and interfacing logic 3, and a nonvolatile counter 4.5 represents means by which the eard is electronically connected to the bank computer or database containing 6 which holds the bank's copy of the same data as in 2 which it references using its copy 14 of the current transaction number which should be the same as held in 4. Arrows indicate the directions signals or information may be passed. The card would probably be powered from 5 rather than contain its own power source.
When the numbers are entered into 2, the list in 7 would be copied into 2 in an appropriately secure manner. Once this is done the design of 2, 3 and 4 is such that numbers may only be read out once and In sequence.
However for telephone or Internet applications the number could be read by the card holder either by placing it in a docking station, being a low cost device designed for the purpose, which would probably have the appearance of a calculator. This is illustrated in Figure 2 in which the card is connected to a docking station 8, containing a display device 9, together with a key or other means 10 of signalling the start and completion of a transaction to the eard. Dashed arrows between and the merchant's terminal device 11 indicate that communication involves the card owner reading the number displayed by 9 and forwarding this information verbally or by keying it into a website, and conveying the completion of the transaction using 10.
In another embodiment, the card itself could be made with an LCD display for the card number and means for entering the conclusion of transactions. The advantage of the latter would be convenience of use, whereas the former has the advantage of a lower cost eard and increased functionality as, for example, the enhanced version below.
When a payment has been made, the eard must be informed by some means so that it uses the next number for the next transaction. This could be most easily implemented by incrementing a counter in non-volatile memory pointing to successive entries in the number list. Ensuring that this is done is straightforward when the eard is connected electronically to a card reading machine, but is more difficult where the eard is read from a display manually. The docking station approach makes it easier to ensure this, by requiring the user to answer whether a transaction has taken place or not before the card can be removed. However since the payee would be aware of the problem in attempting to clear the transaction, the eard user would be prompted to tell his card of a previous transaction if that had been omitted. The card would then output the next number which would be accepted. It is also possible that the user could inadvertently manually tell his card of the same transaction twice. This would mean the card would effectively use the next-but-one check digit combination in place of the correct one.
This would be rejected by the bank, and the customer would then try again with the next number. The probability that two successive random choices of check digits would be those of the two next entries in the list is the square of the probability of guessing a correct card number, and there is therefore a negligible degradation of security in making the bank accept and act upon the premise that the counter 4 had got out of step. The process of declining invalid transaction attempts therefore provides a means of re-synchronising 13 with 4.
In an alternative, but deprecated variant on the technique, the number could depend on the time of the transaction rather than the transaction count. This would make resynchronisation of the card with the bank information easier so long as the clock used by the card could be guaranteed to be sufficiently accurate, and the time period between successive number changes sufficiently large for timing skew between the request for the number being made to the card and the actual transaction time to be small.
This would though have the effect of reducing the protection against double entry errors or fraud. It would also be susceptible to someone with knowledge of the dependence of eard entries on time presenting a fraudulent payment request at a time they knew the same number would be used as they had overheard. These issues, together with the technical problems of providing and powering a clock on the card, make this approach unsuitable.
The variable numbering system would obviously not be compatible with older technology using embossed digits or magnetic strip readers, though the latter usually have the facility for manual entry which obviously could be used. However these are only applicable to customer present transactions which are not the concern of the invention. However there is no reason that the same card could be used, but with a different, fixed, card number for use in such transactions. The account holding institution could then refuse to accept these numbers for customer absent transactions.
An enhancement of the basic form of the invention, as illustrated in Figure 3, is to modify the card number by some one to one mapping according to some algebraic function of either or both of the value of the transaction and a PIN number. This would have a number of advantages, one being for the cardholder to ensure that the correct amount is debited, another being to enhance security in the case of theft of the card. This would require the credit card to be told the amount of the transaction and/or the PIN number before it would generate the variable card number. This would almost certainly require the use of the docking station approach. Payment in different currencies would pose difficulties, though these are not insurmountable.
Confirmation of such a transaction would ensure that the correct payment had been debited, but also that the correct data had been entered into the card. This would enable the card, if provided with non volatile memory 13 such as Flash, to be used to hold a reliable record of the transaction information, which could be used to check statements of account, and would provide reliable evidence of fraud or error. In this respect it would be much better than a cheque book.
In short, the device disclosed would not only provide greater security against fraud but also give much greater confidence to those who increasingly require to disclose their credit card or debit card numbers in customer absent transactions, and thereby assist the growth of ebusiness.

Claims (9)

  1. Claims 1. A credit or debit card or device of similar functionality
    containing a means to supply an identification number which changes from transaction to transaction in a manner which the bank or S other card issuing or account holding institution or information network serving it may interpret correctly using information held by or available to them and used to validate a single transaction.
  2. 2.A device as in claim I wherein the numbers supplied by the card are selected in turn from an ordered list known to the card issuing or account holding institution or information network serving it.
  3. 3.A device according to claim I or 2 wherein the current positions in the list held in the card and that held by the account holding or transaction networking database may be synchronized by means of feedback provided by the rejection of transaction attempts.
  4. 4.A device according to any previous claim wherein the card numbers are modified according to the value of the transaction the identity of the payee or a PIN number.
  5. 5.A device according to any previous claim wherein the number provided by the device is communicated by electrical signals
  6. 6.A device according to any previous claim wherein the number provided by the device is communicated by a person reading from optical display device.
  7. 7.A device according to any previous claim containing memory means adapted for the storage of transaction information.
  8. 8.A device according to any previous claim wherein the communications sent to and from the device conform to the standards used for existing credit or debit card transactions.
  9. 9.A device substantially as herein described above and illustrated in the accompanying drawings
GB0302852A 2003-02-07 2003-02-07 A Credit or debit card with a changing card number Withdrawn GB2398152A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB0302852A GB2398152A (en) 2003-02-07 2003-02-07 A Credit or debit card with a changing card number

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0302852A GB2398152A (en) 2003-02-07 2003-02-07 A Credit or debit card with a changing card number

Publications (2)

Publication Number Publication Date
GB0302852D0 GB0302852D0 (en) 2003-03-12
GB2398152A true GB2398152A (en) 2004-08-11

Family

ID=9952635

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0302852A Withdrawn GB2398152A (en) 2003-02-07 2003-02-07 A Credit or debit card with a changing card number

Country Status (1)

Country Link
GB (1) GB2398152A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2423175A (en) * 2005-02-15 2006-08-16 Paul Baker Payment system
EP2041663A2 (en) * 2006-06-19 2009-04-01 Visa U.S.A. Inc. Portable consumer device configured to generate dynamic authentication data
EP2278564A1 (en) 2005-09-08 2011-01-26 Cardlab ApS A dynamic transaction card and a method of writing information to the same
EP2306415A1 (en) * 2009-09-25 2011-04-06 Sony Corporation Communication device, communication method, information processing device, information processing method, program, and communication system
EP3035230A1 (en) 2014-12-19 2016-06-22 Cardlab ApS A method and an assembly for generating a magnetic field
US10095968B2 (en) 2014-12-19 2018-10-09 Cardlabs Aps Method and an assembly for generating a magnetic field and a method of manufacturing an assembly
US10558901B2 (en) 2015-04-17 2020-02-11 Cardlab Aps Device for outputting a magnetic field and a method of outputting a magnetic field

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0257596A2 (en) * 1986-08-26 1988-03-02 Siemens Aktiengesellschaft Method for recognizing the misuse of an IC card
US5627355A (en) * 1994-07-13 1997-05-06 Rahman; Sam Transaction device, equipment and method for protecting account numbers and their associated personal identification numbers
EP1162581A1 (en) * 2000-06-07 2001-12-12 Richard Mervyn Gardner Secure payment card and system with apparatus for remote authentication

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0257596A2 (en) * 1986-08-26 1988-03-02 Siemens Aktiengesellschaft Method for recognizing the misuse of an IC card
US5627355A (en) * 1994-07-13 1997-05-06 Rahman; Sam Transaction device, equipment and method for protecting account numbers and their associated personal identification numbers
EP1162581A1 (en) * 2000-06-07 2001-12-12 Richard Mervyn Gardner Secure payment card and system with apparatus for remote authentication

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2423175A (en) * 2005-02-15 2006-08-16 Paul Baker Payment system
EP2278564A1 (en) 2005-09-08 2011-01-26 Cardlab ApS A dynamic transaction card and a method of writing information to the same
US8375441B2 (en) 2006-06-19 2013-02-12 Visa U.S.A. Inc. Portable consumer device configured to generate dynamic authentication data
EP2041663A4 (en) * 2006-06-19 2011-03-23 Visa Usa Inc Portable consumer device configured to generate dynamic authentication data
EP2041663A2 (en) * 2006-06-19 2009-04-01 Visa U.S.A. Inc. Portable consumer device configured to generate dynamic authentication data
US11107069B2 (en) 2006-06-19 2021-08-31 Visa U.S.A. Inc. Transaction authentication using network
EP2306415A1 (en) * 2009-09-25 2011-04-06 Sony Corporation Communication device, communication method, information processing device, information processing method, program, and communication system
CN102035650A (en) * 2009-09-25 2011-04-27 索尼公司 Communication device, communication method, information processing device, information processing method, program, and communication system
US8677137B2 (en) 2009-09-25 2014-03-18 Sony Corporation Communication device, communication method, information processing device, information processing method, program, and communication system
EP3035230A1 (en) 2014-12-19 2016-06-22 Cardlab ApS A method and an assembly for generating a magnetic field
US10095968B2 (en) 2014-12-19 2018-10-09 Cardlabs Aps Method and an assembly for generating a magnetic field and a method of manufacturing an assembly
US10614351B2 (en) 2014-12-19 2020-04-07 Cardlab Aps Method and an assembly for generating a magnetic field and a method of manufacturing an assembly
US10558901B2 (en) 2015-04-17 2020-02-11 Cardlab Aps Device for outputting a magnetic field and a method of outputting a magnetic field

Also Published As

Publication number Publication date
GB0302852D0 (en) 2003-03-12

Similar Documents

Publication Publication Date Title
TW412696B (en) A system for performing financial transactions using a smart card
US4630201A (en) On-line and off-line transaction security system using a code generated from a transaction parameter and a random number
US8950680B2 (en) Multifunction removable cover for portable payment device
JP2597672B2 (en) Multi-user card having a plurality of variable personal identification information and a card system provided with the card
US8820637B1 (en) Time-varying security code for enabling authorizations and other uses of financial accounts
US8376225B1 (en) Secure card
US20120143754A1 (en) Enhanced credit card security apparatus and method
US8275714B2 (en) Method for performing a digital cash transaction
US20010034717A1 (en) Fraud resistant credit card using encryption, encrypted cards on computing devices
US20020087869A1 (en) System and method of authenticating a credit card using a fingerprint
US20100123003A1 (en) Method for verifying instant card issuance
WO2009089099A1 (en) Dynamic card verification value
WO2007146575A2 (en) Personal electronic payment system and related method
JP2017041001A (en) Program of budget transfer terminal for internet banking, budget transfer method, and cash card
CN109804398A (en) Prepaid card, debit card and credit card security code generate system
WO2009148980A2 (en) Portable consumer transaction device with on-board powered access control
WO2008082777A2 (en) System and method for issuing prepaid negotiable instruments
US20200334683A1 (en) Authentication method for e-wallet carrier
CN101501708A (en) Transaction instruments with enhanced security PIN and expiration date generation
GB2398152A (en) A Credit or debit card with a changing card number
US20150060540A1 (en) Fully-automatic digital electronic payment transaction identity authentication method with high security
TWI810485B (en) Decentralized paymentsystem based on biological features
TWI363999B (en)
Read EFTPOS: electronic funds transfer at point of sale
TWI658417B (en) Information management system and method of electronic payment

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)