NARAINSAMY, Selvanathan (Douglas Saunders Drive, Block ASυnbury Park, La Luci, KwaZulu-Natal 4019 Durban, ZA)
| CLAIMS: 1. A pre-authorization system for card transactions includes a mobile communication device, one or more servers including databases, the servers being in communication with one or more financial institutions connected with/linked to the card, the mobile communication device being adapted in use to transmit a message to a receiver in communication with the servers, characterised in that the message contains a multi factor authentication code interpretable by the server in order to pre-authenticate a transaction up to a predetermined maximum value. 2. A pre-authorization system for card transactions according to claim 1 characterised in that the message contains multiple information seeds encapsulated in the multifactor authentication code. 3. A pre-authorization system for card transactions according to claim 2 characterised in that the information sees relates to the value of the proposed transaction. 4. A pre-authorization system for card transactions according to claim 2 characterised in that the information such relate to the transaction date. 5. A pre-authorization system for card transactions according to claim 2 characterised in that the information such relate to the transaction time. 6. A pre-authorization system for card transactions according to claim 2 characterised in that the information such relate to the expiration time of the authentication code. 7. A pre-authorization system for card transactions according to claim 2 characterised in that the information such relate to the mobile communication. 8. A pre-authorization system for card transactions according to claim 2 characterised in that the information such relate to the user's bank account. 9. A pre-authorization system for card transactions according to claim 2 characterised in that the information such relate to the country in which the transaction is taking place. 10. A pre-authorization system for card transactions according to claim 2 characterised in that the information such relate to the transaction comments. 11. A pre-authorization system for card transactions according to claim 1 characterised in that the authentication code is contained within or generated by software saved on the mobile device. 12. A pre-authorization system for card transactions according to claim 1 1 characterised in that the code is generated in response to selection by a user of a predetermined maximum value of a proposed transaction from a list of option, the selected option being transmitted to the authentication server in the form of an alpha- numerical code, the code being received and interpreted by the authentication server which will permit a transaction for any value lower than the selected maximum value, provided that there are sufficient funds in the account limited to the card. 13. A pre-authorization system for card transactions according to claim 12 characterised in that the server is adapted to transmit a message to the originating mobile communication device and/or a vendor, the message containing information communicating the pre-authorisation. 14. A pre-authorization system for card transactions according to claim 13 characterised in that the message further contains information regarding available funds. 15. A pre-authorization system for card transactions according to claim 1 characterised in that a predetermined time window is provided within which the transaction must be completed failing which the authorisation is cancelled automatically. 16. A pre-authorization system for card transactions according to claim 1 characterised in that a function is provided for cancelling an authorisation. 17. A pre-authorization system for card transactions according to claim 16 characterised in that the cancellation takes place by means of sending of a second message to the server informing it of the cancellation, the message also containing a multifactor authentication code. 18. A pre-authorization system for card transactions according to claim 1 characterised in that the mobile communication device includes one or more icons representing possible transactions. |
TECHNICAL FIELD OF THE INVENTION
This invention relates to pre-authorization of card transactions by means of single or multiple transaction signing events.
For purposes of this patent specification a transaction card includes a credit, debit or any other card adapted to receive value which can be deducted by use of a normal card transaction terminal.
Transactions of this nature will further be understood to include remote purchasing with a card such as tele-sales or online sales, and also automated teller machine (ATM) cash withdrawals.
A seed can be defined as one or more parameter/s included in a encryption string which is used to add unique characteristics to the encryption algorithm, thus when decryption of the encrypted string takes place, the seeds are retrieved along with further information.
BACKGROUND ART
Card related transaction fraud has been a major issue for some time.
This type of fraud can be committed in a number of ways, the simplest being to use a card to make a transaction without being authorized to do so. This may be accomplished with a stolen card to make a telephone or online purchase.
In an effort to combat this type of fraud a number of inventions have been proposed and implemented to a limited degree. One of the most successful of these was to integrate an electronic chip into the card - upon use of the card the user is required to enter an authorization code (EMV smart cards). Although this method is successful to help prevent the physical use of stolen cards, the method still has a number of disadvantages and flaws which are exploited by criminals. These include the fact that the code may be electronically intercepted during authorized use after which a copy or 'clone' of the card is made and used with the intercepted code.
Another flaw in this method is that it is of no use during remote card purchases - which accounts for most card related fraud.
In an effort to overcome these disadvantages the applicant has devices a pre- authentication method as described in WO2005/001670 entitled Transaction Verification System (Narainsamy er a/.).
This invention describes the use of separate, parallel communication channels to authorize and authenticate transactions. In its simplest form a user receives a text message on a registered mobile telephone before a transaction is authorized by the financial institution. If the transaction is not authorized it will simply fail, whereas if the transactions is desired the user will return a text message to authorize the transaction.
In a refinement of this invention the user authorizes the transaction be returning a unique code or PIN (personal identification number).
Although extremely effective, this system also has a number of disadvantages including the fact that the system makes performing a transaction with a card take a longer time than usual. This is due to the fact that a user needs to receive and transmit a text message during the authentication and/or authorization of a transaction.
Another issue with this system is that it still relies on a financial institution to authorize a transaction and not on the individual himself. This leaves scope for misuse by would-be fraudsters.
Despite the fact that one cannot entirely remove the financial institution from this type of transaction since an enquiry into available funds will always be necessary before a transaction is approved, it is desirable to provide the user with as much authority as possible to reject or approve transactions.
In an effort to make this system more practical, a pre-authorization was envisioned in which the user contacts his financial institution to inform them of a transaction before it is made. The obvious disadvantage of such a system is that a user is not always certain of the exact amount of his proposed transaction.
A further disadvantage of the current credit card system is often encountered when a user travels internationally. Before leaving the country in which the credit card was issued, the client needs to advise the bank of their itinerary, usually by informing a bank employee verbally that one will not be home for a period of time. This is not a desirably or safe option. The bank then makes a note of one's itinerary on the relevant bank records. If the itinerary changes afterwards and one fails to inform the bank or one makes purchases that do not match the purchasing profile, the credit card is automatically blocked. The telephone call to the bank also does not guard clients against possible fraud that could be perpetrated in the country which forms part of their itinerary.
It is an object of this invention to provide an alternative to the above systems which does not have the abovementioned disadvantages and which will place the onus to pre-authorise a transaction with the user and not with the financial institution, thus placing the client in control.
DISCLOSURE OF THE INVENTION
According to the invention a pre-authorization system for card transactions includes a mobile communication device, one or more servers including databases, the servers being in communication with one or more financial institutions connected with/linked to the card, the mobile communication device being adapted in use to transmit a message to a receiver in communication with the servers, the message containing a multi factor authentication code interpretable by the server in order to pre- authenticate a transaction up to a predetermined maximum value. In the preferred form the message contains multiple information seeds encapsulated in the multifactor authentication code.
The multifactor authentication code may include information seeds relating to the value of the proposed transaction. Other factors which may be included as seeds in the code are the transaction date, time, expiration time of code, information regarding the mobile communication device, the user account, country in which transaction is taking place, transaction comments and the like.
In use software containing the code or capable of generating the code is saved on the mobile device, usually a mobile telephone. The user selects a predetermined maximum value of a proposed transaction from a list of options and transmits this option to the authentication server.
The code is generated and transmitted in the form of an alpha numerical code. The code is received and interpreted by the authentication server which will then allow a transaction for any value lower than the selected maximum value, provided there are sufficient funds in the account linked to the card.
In the preferred form of the invention the server is adapted to transmit a message to the originating mobile communication device and/or a vendor containing information in which the pre-authorization, and possibly information regarding the available funds, is communicated.
The system may include a function to cancel an authorization, for instance by sending another message to the server informing it of such cancelation. In the preferred form the cancellation is also a multifactor authentication code to prevent tampering.
The system may also be adapted to allow a predetermined time window in which the transaction needs to be completed failing which the authorization is cancelled automatically.
In a refinement of the invention, the system is simplified for use by illiterate persons. In this form the mobile phone may include an icon for instance an image of an ATM. The user selects this icon which causes a message to be transmitted as described above to pre-authorise the proposed withdrawal of cash from the ATM.
This form may also have the option of pre-approval without specifying the intended value in an effort to make it more user friendly.
BRIEF DESCRIPTION OF THE DRAWINGS
An embodiment of the invention is described below with reference to the accompanying drawings, in which:
Figure 1 is a schematic representation of a pre-authorisation system according to the invention;
and
Figure 2 is a schematic representation of an alternative form of the invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
In the drawing a user 10 who wishes to make a purchase using a card 12 either at a retail outlet 14 or for an online purchase 16 accesses an application 18 on a mobile telephone 20.
The application provides the user with a number of preselected maximum upper values for transactions, for instance:
1. 100
2. 200
3. 300
4. 400
5. 500
6. 600
7. 700
8. 800
9. 900 10. 1000
11. 5000
12. 10 000
13. 30 000
14. 50 000
15. 100 000
This is merely an indication and the preferred amounts can be amended according to the financial institution or the customer's specifications.
A transaction of 100 000 will be highly unusual.
The user selects one of these options which causes a code 22 to be generated and transmitted to a server 24 which contains a database. The server is connected to the financial institution 26 where the user account which is linked to the card is held. The option which the user selects authorises any amount up to that selected maximum upper value, therefore any transaction for a value lower than the selected option will be authorised.
The code is a multifactor authentication code containing information regarding the time, date, originating phone, selected maximum value and the like.
The server is adapted to interpret this information and, provided that the funds are available for the transaction, to allow the transaction as authorised by the user/account holder.
A message 30 may be transmitted from the financial institution to the vendor to this effect. A further message 31 may be transmitted to the mobile phone to confirm the pre- authentication.
The application may further include a cancelation option 32 which a user may select at any time to cancel a pre-authorised transaction. This cancellation message may follow the same route as an authorization. In another form of the invention a user 40 who wishes to use a card 42 to withdraw cash from an ATM 44 is provided with an icon 46 on his mobile telephone 48.
Selecting this icon causes a multifactor authentication code 50 to be generated and transmitted 52 to a server 54 located at the financial institution 56 where the account connected to the card is held.
In this form a value is not selected so the user effectively authorises a withdrawal without specifying an intended value. It may however be possible to provide the user with a list of options to select a value as in Figure 1 above, or even to allow a user to enter his own desired value which will then be factored into the code and interpreted by the server.
The server then transmits a signal 60 to the ATM to allow the proposed withdrawal. The pre-authorization may also be communicated 62 to the mobile device.
As with the above example this form includes a cancellation function. In this form it may be an icon 64 to indicate a wish to cancel a pre-authorization for an ATM withdrawal.
In both form the system may be adapted to automatically cancel a pre-authorization after a predetermined time has elapsed without the transaction realising.
Next Patent: A PRESSURE INDICATING DEVICE