A SYSTEM FOR AUTHORISING THE USE OF A FINANCIAL TRANSACTION CARD

BACKGROUND OF THE INVENTION

THIS invention relates to a system for authorising the use of a financial transaction card.

"Card skimming" is a technique criminals use to commit fraud on the user of a financial institution account. Such a user will typically have a debit or credit card which is a magnetic stripe card or a smart card.

The criminal will temporarily obtain access to the card and swipe the card through a card reader which will retrieve the details of the card.

If necessary, the criminal will also observe the legitimate user of the card to obtain the personal identification number (PIN) that the user must enter when using the card.

Using the retrieved details of the card the criminal is then able to make a duplicate card and using the PlN the criminal is then able to either pay for goods and services with the card or even approach an automatic teller machine or the like and withdraw funds from the user's account.

It is an object of the invention to address this problem.

SUMMARY

According to an example embodiment there is provided a system for authorising the use of a financial transaction card, the system including:

a card reading module for reading last transaction data from a memory of the card;

a database for storing the last transaction data for a plurality of cards; and

a comparator module for comparing the last transaction data read from the card with the last transaction data stored in the database and if the data is the same then authorising the transaction.

The system may further include a card writing module for writing data to the memory of the card, wherein if the transaction is authorised then the comparator module changes the last transaction data stored in the database and the card writing module correspondingly changes the last transaction data on the memory of the card so that the last transaction data in the database and the card is the same.

The last transaction data may be a transaction counter, wherein the transaction counter is incremented after a transaction has been authorised.

Alternatively, the last transaction counter may be based on dynamic transaction variables which are both written to the card memory and the database.

According another example embodiment there is provided a method for authorising the use of a financial transaction card, the method comprising:

storing last transaction data for a plurality of cards in a database;

receiving last transaction data read from a memory of a card;

comparing the last transaction data read from the card with the last transaction data stored in the database; and

if the data is the same then authorising the transaction.

The method may further include writing data to the memory of the card, wherein if the transaction is authorised then the last transaction data stored in the database and the last transaction data on the memory of the card are changed so that the last transaction data in the database and the card are the same.

Preferably, the last transaction data is a transaction counter and wherein the transaction counter is incremented after a transaction has been authorised.

BRIEF DESCRIPTION OF THE DRAWINGS

Figure 1 is schematic diagram of a system according to an example embodiment;

Figure 2 is a flow chart showing the method of an example embodiment.

DESCRIPTION OF PREFERRED EMBODIMENTS

Referring to Figure 1 , a system for authorising the use of a financial transaction card includes a card reading module 10 for reading last transaction data from a memory of the card.

In the illustrated embodiment the card reading module 10 is associated with an automatic teller machine (ATM) 16 which a user will use to withdraw money from their account with a financial institution or which the user will use to conduct another transaction such as obtain an account balance or statement, for example.

However, it will be appreciated that the card reading module 10 could be associated with another device such as a point of sale terminal where the card will be used to pay for goods and or services purchased.

The card itself is typically a debit or credit card but could be another card of a financial institution which gives a user access to their funds or to a credit facility. The card will typically be a magnetic stripe card or a smart card with a memory thereon.

Smart card chips are found in two broad varieties namely memory only chips with storage space for data, and microprocessor chips which have a processor controlled by a card operating system in addition to the memory. It is envisaged that the invention could be implemented by either of these types of smart cards.

Alternatively, the memory means may be in the form of a magnetic stripe of the kind typically used on debit or credit cards.

In any event, a database 12 is used for storing last transaction data for a plurality of cards which will be explained in more detail below.

A comparator module 14 is associated with the database 12 and is used for comparing the last transaction data read from the card with the last transaction data stored in the database and if the data is the same then to authorise the transaction.

The comparator module 14 may be implemented in the form of a server in communication with the card reader 10 via a communications network 18.

It will be appreciated that the server may form part of the larger systems of a financial institution or may be a third party server.

The system further includes a card writing module for writing data to the memory of the card, wherein if the transaction is authorised then the comparator module 14 changes the last transaction data stored in the database 12 and the card writing module correspondingly changes the last transaction data on the memory of the card so that the last transaction data in the database and the card is the same.

The data written to the card memory may be encrypted.

It is envisaged that the card writing module will be integrally formed with the card reading module 10.

In one embodiment, the last transaction data could be an incremental counter which keeps a record of the number of transactions for which the card has been used.

Alternatively, the last transaction counter may be based on dynamic transaction variables which are both written to the card memory and the database.

It will be appreciated that in one example embodiment the system operates as follows. The last transaction data for a plurality of cards are stored in the database 12.

A user wishing to use their card to withdraw funds from an ATM, for example, inserts the card into the ATM.

The card reader 10 associated with the ATM reads the last transaction data from a memory of the card and transmits this to the comparator module 14.

The comparator module 14 compares the last transaction data read from the card with the last transaction data stored in the database and if the data is the same then authorise the transaction.

The data will be the same if both the card and the database have stored in them that the card has been used in 8 transactions, for example.

Once the transaction has been authorized the transaction counter stored in the memory of the card and in the database are incremented. In this example they will be incremented to 9.

The present invention prevents fraud since in the case of a pre-transaction skim, the copied card is ineffective as the customers original card will have been changed since the last transaction and the skimming incident.

In the case of a post-transaction skim, the fraudsters card is exactly the same as the customers except if the customer uses their card first, the card is changed and is no longer the same as the fraudsters card rendering the fraudsters card ineffective.

If the fraudster uses his card first, the fraudsters card is changed (treated as the customer) rendering the customers card ineffective.

In this scenario, fraud will not be prevented until the customer's card is presented at which point all versions of the card will be retained. Thus it does limit fraud and the success is dependent on how soon the customer transacts.

In any event, once an invalid card is presented at any card accepting device of any institution, all variances of that card are retained including the customers.

Thus it will be appreciated that the system of the present invention assists in preventing fraud.