Field of Invention

This disclosure relates to processing financial transactions. More specifically, but not exclusively, this disclosure relates to processing financial transactions for users in a secure manner when users make financial transactions in different locations at different points in time.

Background of the Invention

There is a general trend of financial transactions shifting away from cash or cheque exchanges, which continues to grow as both purchasers and vendors seek the flexibility and convenience of newer schemes of transactions such as credit/debit cards, contactless payments and electronic payments.

Alongside this trend is the growth of widespread travel as increasing globalisation leads to more frequent opportunities for business development abroad and cheaper flights enable increased worldwide personal travel. These two trends come to a head on the issue of banking security. To protect consumers, credit cards or other payment methods are typically blocked from working in countries other than the user's resident country. This is to reduce the risk of fraudulent activity of unauthorised payment requests being made by someone who has been able to acquire the user's banking/card details. When the user legitimately wishes to conduct a financial transaction, for example make a purchase at a vendor while travelling, it is a common occurrence for such transactions to be denied and the payment capabilities locked down as appearing as suspicious activity. This poses the difficulty how to allow legitimate purchases abroad whilst still retaining the necessary security measures to prevent fraud.

Previously, the most common approach to tackle this difficulty is for banks to require their account holders to declare ahead of time when and where they are intending to travel. This is then noted on the account record and referred to as the account activity is being monitored. This rudimentary approach allows for a basic level of security for the user before, after and during the user's travel period but requires a significant amount of effort to put in place and has little to no flexibility. In particular, the requirement of the user to notify their bank requires going through a series of security steps to verify their identity either by phone, online or in person which is often a point of frustration. Additionally, once the note has been placed on the user's account any subsequent changes to their plan will not be reflected without contacting the bank once again. All this results in a substantial amount of inconvenience to the user and an increased amount of communications to be made in order to avoid the result of the user being caught without access to funds in a foreign country.

The above issues can be expressed by the trade-off that in prior systems, increasing strength of security measures inevitably also increases the inflexibility to the user whereas improved flexibility leads to unacceptably low security measures. It would therefore be a substantial improvement to achieve a method for processing financial transactions for a user travelling abroad that not only improves security but also reduces the amount of effort required from the user.

Summary of the Invention In accordance with an aspect of the disclosure there is provided a method for monitoring a location of a user device associated with a user and determining whether or not to process financial transactions for the user based on the user's location.

The method comprises receiving, at a computer system, first device location data identifying a location of a user device associated with a user. The method further comprises receiving, at the computer system, a request to process a financial transaction associated with the user. The method further comprises determining, at the computer system, transaction location data identifying a location of the financial transaction. The method further comprises either enabling or preventing, at the computer system, the financial transaction to be completed based on the first device location data and the transaction location data. The location of the financial transaction may be the location of the user when the financial transaction is requested.

The transaction location data may be determined from the request to process the financial transaction.

The first device location data may be indicative of the location of the user device when the financial transaction is initiated. The enabling or preventing of the financial transaction may be based on a comparison of the transaction location data and the first device location data.

The financial transaction may be enabled if a result of the comparison indicates that the financial transaction is at the same location as the user device

The financial transaction may be prevented if the result of the comparison indicates that the financial transaction is at a different location to the user device. The method may further comprise receiving, at the computer system, new device location data identifying a new location of the user device, the device location data issued in response to the user device travelling from a previous location further than a determined distance within which the device can travel without sending a location update. The method may further comprise determining a geographical region that the user device is in based on the first device location data, wherein the enabling or preventing of the financial transaction to be completed is based on whether or not the location of the financial transaction is in the determined geographical region.

The determined distance within which the user device can travel without sending a location update may be determined based on the minimum distance from the previous location to a boundary of the geographical region.

The geographical region may be a country. The boundary of the geographic region may be a border of the country. The transaction location data may identify in which country the user is in when the financial transaction is requested. The geographical region may be a city or town rather than a country.

The first location data may be a data sample of a plurality of data samples used to create a profile of the usual locations and/or movements of the user. The enabling or preventing may be based on the first device location data and the transaction location data by comparing the transaction location data with the profile of the usual locations and/or movements of the user.

In accordance with another aspect of the disclosure a method for operating a user device associated with a user for use in the process of monitoring a location of the user device and determining whether or not to process financial transactions for the user based on the user's location is provided, the method comprises transmitting first device location data identifying a location of the user device to a computer system for enabling or preventing a financial transaction associated with the user, the enabling or preventing being based on the first device location data and transaction location data which identifies a location of a financial transaction associated with the user; determining whether the user device has travelled farther than a predetermined distance from the location of the user device defined by the first device location data; and transmitting, in response to determining that the user device has travelled farther than the predetermined distance, second device location data identifying a new location of the user device to the computer system. The step of determining may comprise determining the second device location data identifying a second location of the user device, and determining, from the first and second device location data, whether the user device has travelled farther than the predetermined distance.

Also disclosed herein is computer-readable media comprising instructions that are executable by a processor to perform any method disclosed herein.

Apparatus is also disclosed comprising a processor and a memory, the memory storing instructions that are executable by the processor to perform any method disclosed herein.

Brief Description of the Drawings

Exemplary arrangements of the disclosure shall now be described with reference to the drawings in which:

Figure 1 illustrates components of the system disclosed herein along with a process implemented on the system.

Throughout the description and the drawings, like reference numerals refer to like parts.

Specific Description

In the present disclosure, a user wishing to make a financial transaction in different locations globally, e.g. purchase goods from a vendor, is able to do so through a system which tracks a user device, such as a smartphone, which is carried by the user and allows only transactions that occur where the user is to be successfully processed. This means that the user does not need to update his or her bank every time there are new travel plans. A computerised system associated with the user's bank stays updated via the user device as to where the user is presently located and accordingly allows transactions to be processed at the location that the user is and block transactions elsewhere. As a result of this, the user can travel without a restriction to certain countries or regions which have been previously declared to the bank. As such, the user is free to move as the user's bank can dynamically track where to allow transactions. This system also provides for an improved scheme of security, as wherever the user is, be it at home or while travelling abroad, the system prevents fraudulent activity relating to the user's details in any place other than where the user is located. Hence the user has high levels of flexibility regarding travel plans as well as improved security measures. In one arrangement, the functionality discussed above is achieved by the following method. The user's smartphone, or any other portable electronic device associated with the user, determines its location and communicates its location to the user's bank. When the user makes a purchase, using a credit card or initiating some other kind of financial transaction, a request to process the payment is received by the bank and it will compare the location of the user as indicated by the transaction location with the location received from the user's smartphone and accordingly either allow the purchase if the locations to match or block the purchase if they do not.

The specific arrangement of components and a method of operating those components to provide improved security for financial transactions shall now be discussed in detail with reference to Figure 1. Firstly, the components of the system involved in process will be described.

The consumer 100 is a private customer of a bank that makes card payments whilst travelling internationally. Consumer 100 may hold accounts with several banks and may have several cards used to make payments.

Smartphone App 1 10 is software installed on a smartphone of the consumer 100, or equivalently some other form of personal portable device. The smartphone app 1 10 is able to monitor the location of the smartphone, which is for the purpose of this system assumed to be the location of the consumer, and communicate to and from a central server 160 throughout the method of secure-travel banking. The communications with the central server 1 60 include sending information indicative of the location of the consumer.

Merchant 120 is a vendor that the consumer approaches for the purpose of buying services or goods via credit or debit card. From the merchant's perspective, the secure-travel banking system of the present disclosure does not change how transactions are carried out. As such, no further explanation of merchant or how the merchant processes transactions is required because well-known processes are used.

Online bank 130 is an online banking service provided by bank 140 to allow the consumer 100 to monitor and manage the consumer's bank accounts; this can be used by the consumer 100 to register for the secure-travel banking system. The online bank 130 is in communication with the bank for passing details and managing the consumer's account via an online interface. The bank 140 functions as a typical bank by managing the consumer's account and authorising transactions according to its verification procedures and security measures. There is a bank component 150 of the secure-travel banking system which is software installed on the bank's servers that can communicate with the central server 160 for the purpose of receiving location updates from the central server, which in turn comes from the user's smartphone as mentioned above. The bank component 150 is also in

communication with the bank such that it can receive information from transaction requests made to the bank by the merchant 120 when there is the consumer 100 is purchasing something from the merchant 120. The software of bank component 150 is capable of being executed, thereby performing operations such as storing details of the consumer who has enrolled into the secure-travel banking system. Furthermore, the bank component 150 is arranged to receive the relevant information from each of the bank and central server identifying the transaction location and consumer location respectively. The bank component 150 can then determine whether or not the transaction should be approved or denied based on whether or not the transaction location and consumer location match, to verify that the transaction did indeed originate from the consumer and is not fraudulent.

The central server 160 of the secure-travel banking system manages the location tracking process on behalf of the bank. The central server 160 is in communication with the consumer's smartphone via the smartphone app 1 10 and the bank 140 via the bank component 150. Although the steps of the process are described with respect to one bank and consumer, the central server 160 may be in communication with many different banks managing the secure-travel system via additional bank components and smartphone apps relating to additional consumers. The central server 160 receives the location of the consumer's smartphone from the smartphone app 1 10 and also can receive information from the bank component 150 regarding information that a consumer has enrolled to use the secure-travel system. The central server 160 is also able to transmit information to the smartphone app 1 10 and bank component 150 as will be described below with respect to the operation of the system. The processes implemented on the components of the system set out above, shall now be discussed in detail below. The steps depicted in Figure 1 can be categorised broadly as: enrolment steps S1 1-S15; location notification steps S21 -S26; and transaction steps S31- S35. The steps shall therefore be discussed in terms of these three categories.

Enrolment steps To begin the enrolment steps S1 1-S15, the consumer 100 instructs his or her online banking service 130 to initiate the secure-travel system in step S1 1. Where the consumer 100 has more than one banking card, the consumer may choose which cards should be enrolled into the system. During the enrolment the online bank 130 receives a one-time password which is displayed to the consumer 100, the consumer 100 then uses this to set-up the enrolment process at the smartphone app 1 10. In order to enrol the consumer 100 onto the system the online bank 130 passes on the details of enrolment such as card numbers to the bank component 150 in step S12. The transferred details are stored through known encryption techniques compliant with Payment Card Industry Data Security Standards.

At step S13, the bank component 150 communicates with the central server 160, via an application programming interface (API), to update which bank cards are presently enrolled and equivalently removing those which are to no longer be enrolled. Once cards have been successfully enrolled onto the system, steps S14 and S15 notify the online bank 130 and consumer 100 respectively of the successful enrolment.

Location notification steps The steps S21 -S24 describe the process by which the smartphone app 1 10 can

communicate the location of the consumer 100 to the central server 160 and bank component 150. The steps S25-S26 describe a further process by which the smartphone app 1 10 repeatedly updates the central server 160 and bank component 150 in accordance with certain arrangements of the present disclosure. In step S21 , when the consumer 100 installs and runs the smartphone app 1 10 for the first time, the consumer 100 is prompted to provide an identifier such as the consumer's social security number which is hashed into a number used to form a consumer ID which will be used to refer specifically to the consumer 100. The smartphone app 1 10 uses its locating system such as GPS to generate the geographical coordinates that indicate the location of the consumer's smartphone. The smartphone app 1 10 stores the coordinate values in readable memory of the smartphone so these can be referred to subsequently. In step S22, the geographical coordinates are sent to the central server 160 along with the consumer ID. The central server 160 may process the geographical coordinates to determine the country where the consumer is presently located. Alternatively, a different geographical region can be determined such as which group of countries the consumer is located in (for example inside or outside the EU) or which region within a given country the consumer is located. The central server 160 is also able to determine using the consumer ID which bank 140 the consumer has an account with. At step S23, the central server 160 notifies the consumer's bank 140 which country the consumer is located in, using the consumer ID to specify the consumer 100 being referred to.

The central server 160 may also determine how far the consumer 100 is from a boundary of the geographical region using the received geographical coordinates. For example, the central server may use the minimum distance to the nearest international border as the boundary of the geographical region that the consumer 100 is in. In other words, this distance can represent the maximum distance the consumer 100 can travel whilst maintaining certainty that the consumer 100 has not crossed a border into a separate geographical region. The distance to the nearest boundary can be used to establish a distance within which the consumer's smartphone (hence also the consumer) can travel without the smartphone app 1 10 being prompted to send another set of geographical coordinates. In an example, this can be considered as a radius of a circle within which the consumer 100 is identified as being in unless further communication of geographical coordinates is received. The value of the distance within which the consumer's smartphone can travel without sending a location update is communicated to the smartphone app 1 10 in step S24.

The smartphone app 1 10, having received the distance within which the consumer may travel from the central server 160 before sending another location update, periodically retrieves the geographical coordinates of the consumer's present location, as shown by step S25. This may be based on a fixed time period, such as every 5 minutes, or may be determined via the settings of the smartphone app 1 10 or via instructions from the central server 160. Each time the smartphone app 1 10 retrieves the geographical coordinates indicating the consumer's present location, the coordinates are compared to the coordinates that had been sent to the central server 160 at the most recent update. If the comparison between the two sets of coordinates indicates that the consumer has not travelled further than determined distance that is allowed without sending a location update, the smartphone app 1 10 simply takes no action, or goes into power saving mode for an interval of time before the next coordinate check is carried out. If the comparison between the two sets of coordinates indicates that consumer 100 has travelled further than the determined distance that the consumer may travel without sending a location update, the smartphone app 1 10 then proceeds with step S26 by updating the central server 160 with the new coordinates that indicate the consumer's present location. The central server 160 can then respond to this determining a new distance within which the consumer can travel without sending a location update and communicate this back to the smartphone app 1 10, in an equivalent manner to step S24. Likewise, the central server 160 can repeat the process of determining the geographical region the consumer 100 is in and notify the bank component 140 to this effect in a similar manner to S23. The steps of S25 and S26 can be repeated, whereby the smartphone app 1 10 monitors the location of the consumer and updates the central server 160 whenever the consumer has travelled a sufficient distance that there is a possibility that the consumer may have moved into a different geographical region.

This arrangement provides the advantage that the central server 160 is continually aware of the location of the consumer, without the need for continual streaming of data from the smartphone. This results in reduced power consumption from the smartphone, reduced processing required both at the smartphone app 1 10 and the central server 160 and reduced bandwidth required for the communications as less data is required to be sent.

Transaction steps Steps S31 -S35 describe a procedure for when a consumer 100 goes to make a purchase, or some other form of financial transaction, with a merchant 120. In particular, the steps describe how the central server 160, bank 140 and bank component 150 authorise the transaction.

In S31 , the consumer 100 initiates a financial transaction with merchant 120. This may simply entail the consumer making a purchase at a retail store, but in general can apply to any form of financial transaction the consumer 100 intends to partake in. The step of S32 does not require any special features beyond the normal protocol for payment transactions to be sent from the merchant 120 to the consumer's bank 140. This may comprise swiping the consumer's card at the merchant's point-of-sale terminal and an IS08583 transaction being sent directly to the bank 140. The IS08583 format already contains the relevant information required to utilise the improved security system such as card number, type of vendor and location of transaction. Hence no set-up is required at any individual merchant 120 to enable the improved security for transactions using the system of the present disclosure. Upon receiving the transaction request from the merchant 120, the bank 140 directs this request to the bank component 150, as shown by step S33. Hence the bank component 150 is capable of interpreting IS08583 transactions through its application programming interface.

At the bank component 150, the relevant information is extracted from the transaction request received in the IS08583 format. For example, as a first step, the banking component checks the card details received and checks whether or not the bank card has been enrolled on to the secure-travel system. This can be done by comparing the bank card details with a database of those received during enrollment at stage S12. If the card is not enrolled then the bank component 150 can redirect the transaction back to the bank 140 to handle according to its own standard protocols. If the card is enrolled, the bank component 150 can query certain fields of the IS08583 transaction to determine if the transaction is an internet purchase or made by a worldwide merchant, that is one which has its own 'Card Acceptor Business Code', the transaction is accepted without further processing. If the transaction comes from a vendor without a 'Card Acceptor Business Code', the bank component 150 extracts the country code from the 'Card Acceptor Name Location' field of the IS08583 transaction. Alternatively, the location of the transaction can be determined with respect to its geographical region such as a sub-region within a country or which city the transaction originates from based on the address of the merchant 120. The bank component then compares the location of the transaction with the information it received from the central server 160 identifying the location of the consumer through the geographical coordinates supplied by the smartphone app 1 10. The bank component 150 then determines whether or not the transaction should be enabled or prevented based on the relationship between the transaction location and the consumer's geographical coordinates. In the situation where the central server 160 calculates the country in which the consumer is presently located and where the bank component extracts the country code from the transaction request, the determination step may be a direct comparison whereby the transaction is allowed if the countries are the same and the transaction is denied is the countries are different. There are many other schemes for comparing the transaction location with the consumer's coordinates such as based on sub-national regions or cities. Once the bank component 150 has determined if the transaction should be authorized, it notifies the bank 140 in step S34. The bank 140 can then either approve or decline the transaction to the merchant using conventional protocol, as shown in step S35.

The secure-travel system therefore provides improved security to transactions by tracking the consumer's location and using this to determine whether or not to authorise transactions based on the location of the transaction. This provides significant advantages over previous methods for consumers to use their banking services abroad. In particular, the present disclosure reduces the risk of card fraud by declining payments made away from the vicinity of the card owner and also allows the user to travel freely without being concerned that his or her card will be blocked. This removes the need of repeatedly having to contact the consumer's bank to notify it when and where the consumer intends to travel and laboriously going through additional security checks to make each update. These advantages give rise to further benefits by reducing the amount of communication required to be input by the consumer and bank operators and minimises the communication between the two. In addition to the arrangements set out above with respect to Figure 1 , there are many variations which are entirely possible which also provide the advantages discussed above without deviating from the scope of the appended claims.

Although several of the components are discussed it is possible that there may be more or fewer components capable of achieving the necessary steps of the method for improved security. For example, central server 160, bank component 150 associated with bank 140 and online bank 130 may all be part of a single computer system 200, thereby reducing the number or communication steps between these components. Likewise, the processing done at each of the components could all be computed at the single processor. It is also possible that not all steps described above with respect to Figure 1 are required. For example, for the central server 160 to locate the consumer's location via the consumer's smartphone for use in the secure-travel system, steps S21 -S23 may only be required. Steps S24-S26 in that situation provide an additional advantage of reducing the amount of communication required to keep the computer system 200 updated with the location of the consumer 100.

On determining a positive match between user device and transaction locations, the transaction may be enabled by a response being sent to the transaction request verifying that the purchase is approved. Additionally, the system may notify the bank and/or user of such a result in order to raise the alert of potentially fraudulent requests taking place.

This request may have been send directly from a merchant from whom the user is purchasing goods. Alternatively, this request may be from a bank which has received a payment request from the merchant or the user wishing to make a purchase from the merchant. There may also be further intermediary steps through which the request for a transaction associated with the user reaches the computer system.

In the methods set out herein, cryptographic techniques may be implemented. Such techniques may use a public key infrastructure (PKI) embedded in the components of the electronic payment system 100. The cryptographic keys may be unique to the electronic payment system and will not find use in any other context. Further, all cryptography is implemented in dedicated modules of each system component utilizing an API with abstracted functions. However, in other arrangements, the cryptographic technique implemented in the dedicated cryptographic modules may be replaced and/or modified to implement a custom PKI method. Accordingly, the electronic payment system is not limited to one type of encryption technique and may be adapted to implement any PKI based encryption techniques.

In alternative arrangements, the payment made by the consumer to the merchant may be made via a smartphone. In such an arrangement, the process discussed above in the same way in that the location of the smartphone is compared to the location of the transaction.

Such an arrangement is beneficial for catching digital card fraud in which one smartphone is used to impersonate another smartphone for the purpose of making a fraudulent transaction.

It will be appreciated that while the process described above specifically discusses providing authorization for consumer's transactions when travelling abroad, the process can be used for authorizing any transactions. The comparison of the location of a consumer's smartphone with respect to the location of a transaction by the consumer may be used as an authentication step for all users.

Furthermore, in other arrangement, a trend map for a consumer may be created to identify usual geographical areas or locations visited by a consumer, either globally or in a home city or region of the consumer, as well as expected movements of the consumer. This trend map may be stored in memory as part of a user profile associated with the consumer. The approval or otherwise of transactions by the consumer will then be based on a comparison between the location of a transaction and the usual geographical locations and/or movements of the user. This approach is particularly useful because people do not always have their smartphone with them and on occasion smartphones lose power. As such, this approach mitigates for such problems while still providing a suitable level of security.

The various methods described above may be implemented by one or more computer program products. A computer program product may include computer code arranged to instruct a computer to perform the functions of one or more of the various methods described above. The computer program and/or the code for performing such methods may be provided to an apparatus, such as a computer, on a computer readable medium or computer program product. Such methods may be implemented by a number of computer readable media spread across a number of computers. A computer readable medium may be transitory or non-transitory. A computer readable medium could be, for example, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, or a propagation medium for data transmission, for example for downloading the code over the Internet. Alternatively, the computer readable medium could take the form of a physical computer readable medium such as semiconductor or solid state memory, magnetic tape, a removable computer diskette, a random access memory (RAM), a read-only memory (ROM), a rigid magnetic disc, and an optical disk, such as a CD-ROM, CD-R/W or DVD.

An apparatus such as a computer may be configured in accordance with such code to perform one or more processes in accordance with the various methods discussed herein. Such an apparatus may take the form of a data processing system. Such a data processing system may be a distributed system. For example, such a data processing system may be distributed across a network.