PAYMENT CARD SECURITY SYSTEM AND PAYMENT METHOD USING ANONYMOUS PAYMENT CARD

Description

The invention relates to a system and method of making a secure credit transfer to payment card and to a method of making payments securely, that significantly reduce losses due to payment card data theft and fraud. As a payment card could be used debit/credit/charge/virtual card.

Today many billion purchases involve the use of payment cards including cash being withdrawn with cards. Unfortunately, side by side with the increasing use of payment cards is an ever-increasing incidence of card fraud. Losses of some hundred million Euros occur annually within Europe in illegal payment card transactions. Those buying via the Internet, mail order, telephone or fax are the most frequent victims. The Chip and PIN payment cards too could be open to fraud because it is possible to capture card and pin data to "produce" forged cards.

As to prevent an unauthorized access to encrypted data, solid state key is used, which produces a code by a prescribed algorithm and affords access to the data if the code is correct (US Patent 4,609,777, Int.CI. H04K001/02, 02.09.1986). Nevertheless the card user can not modify the security features, as code, credit limit, access time and others.

PCT application PCT/EP03/02811 , Int.CI. G06F 17/60, filed on 19.03.2003 and published as WO 03/105033, describes a payment system for cashless payment in electronic networks, in particular the Internet and mobile phone networks. The payment system allows a purchaser to use a means of payment personally formulated by him/her and provided with individual security features. However, this system needs a special computer and program for merchant, which accepts the means of payment and verifies the security features provided.

The present invention relates to a system and method of secure payment using anonymous payment card (credit/debit/charge/virtual card). Secure payment management system using anonymous payment card comprises a source of funds bank system unit comprising a source of funds bank system, an anonymous card (further referred as A-Card) issuer bank system unit comprising an A-Card issuer bank system, an anonymous payment card issued to an A-Card user, an A-Card user's mobile communication device and a merchant affiliated to the said system wherein the source of funds bank system unit is provided with a source of funds bank communication module and the A-Card issuer bank system unit is provided with a issuer bank communication module, wherein both modules are able to receive, convert and send messages between other system modules. Implementation of A-Card payment system does not require changes of infrastructure and procedures for merchants as the use of the A-Cards for payments and money withdrawals is exactly the same as for the any other payment card.

The method of secure payment includes sending a request for funds from A- Card user's mobile communication device to A-Card issuer bank system unit, receiving the funds into the A-Card account directly before the purchase according to prescribed security features from A-Card issuer bank system unit, paying for goods or services using existing credit card payment system and blocking of the A-Card account after predetermined time until next enablement. For the rest of time the A-Card is disabled thereby protecting the A-Card account from unpredictable (theft or fraud) loss of money. Another important feature of the A-Card is that the invention eliminates the need for the disclosure of card and account numbers as well as personal details to institutions other than banks issuing the credits thus minimizing losses to merchants caused by credit card data theft. In fact issuer of the A- Card is selling the requested amount of money, which is afterwards redeemed from the original source of funds (bank or credit card account) including service fee.

Another important feature of A-Card is that the invention eliminates the need for the disclosure of card and account numbers as well as personal details to institutions other than banks that are involved in the communication thus minimizing losses to users and merchants caused by credit card data theft. In addition to the security features A-Card can reduce expenses of banks for distribution of such cards as they do not require personalization, owners name and validity end date on it. A-Card is less subject to theft as persons

other than the A-Card user 1A will recognize that such card does not have money on it until the A-Card user 1A loads funds into A-Card account. On the other hand merchants will not require to check identity or signature of the A-Card user 1 A, but only availability of funds at the moment of the payment.

If the A-Card user's mobile communication device 1 B is lost then no cancellation of A-Card is necessary as after funds availability expiry there will be no money available to spend. The A-Card user 1A obtains a new mobile communication device 1 B and registers it within issuer bank and after downloading mobile banking application (PIN protected software) into the new mobile communication device 1 B and setting up the new A-Card and source of funds is ready for funds transfer.

Preferred embodiments will be presented in detail below, with the reference to the only drawing, where Fig. 1 shows the components of the system and data exchange between the components of the system of generating electronic means of payment with anonymous payment card in accordance with the preferred embodiment.

With the reference to the Fig. 1 , below is described how the secure payment method works and how the secure payment management system is built.

The present invention relates to a secure payment management system using anonymous payment card (A-Card) comprising a source of funds bank system unit 3 comprising a source of funds bank system 3A, an A-Card issuer bank system unit 2 comprising an A-Card issuer bank system 2A, an anonymous payment card issued to an A-Card user 1A, an A-Card user's mobile communication device 1 B and a merchant 4 affiliated to the said system wherein the source of funds bank system unit 3 is provided with a source of funds bank communication module 3B and the A-Card issuer Bank system unit 2 is provided with a issuer bank communication module 2B, wherein both modules are able to receive, convert and send messages between other system modules.

In one preferred embodiment of the invention, said A-Card issuer bank communication module 2B has a communication between A-Card issuer bank system 2A, source of funds bank communication module 3B and A- Card user's mobile communication device 1 B.

In one preferred embodiment of the invention, said the source of funds bank communication module 3B has a communication between source of funds bank system 3A, the A-Card issuer bank communication module 2B and A- Card user's mobile communication device 1 B.

Said A-Card user's mobile communication device 1 B also contains special PIN protected software that performs encryption and decryption, stores necessary data and communicates with the A-Card issuer bank communication unit 2B and the source of funds bank communication module 3B. In a preferred embodiment of the invention, said A-Card is credit or debit or charge or virtual card or any other banking product.

The invention also relates to a secure payment method using anonymous payment card as an electronic means of payment comprising the following steps:

(a) an A-Card user (1A) performs the steps of using A-Card user's mobile communication device (1 B) to request the funds on A-Card from the source of funds account and sending a message (M1) to the A-Card issuer bank system unit (2), wherein the A-Card user (1A) opens a PIN protected A-Card application on the A-Cards user's mobile communication device (1 B), and adds a new record and enters the A-Card number into the data memory of the A-Card user's mobile communication device (1 B), wherein the A-Card user fills a form on the A-Card user's mobile communication device (1 B) by entering (A1 ) at least one of the given parameters: the A-Card number, credit card or account number (source of funds), the amount requested, alias of the transaction between the source of funds account and the A-Card (for faster load in the future), encryption key, wherein the A-Card user (1A) enters (A1 ) in the mobile communication device (1 B) the time limit before which the A- Card account will be blocked, wherein the A-Cards user's mobile communication device (1 B) sends the message (M1 ) with the data as listed above to the A-Card issuer bank communication module (2B) to request the funds on the A-Card from the source of funds bank system unit 3;

(b) the A-Card issuer bank system unit (2) processes the message (M1) and requests the confirmation of availability of the requested funds from the source of funds bank system unit (3) via message (M2), wherein the A-Card issuer bank communication module (2B) identifies a number of the A-Card user's mobile communication device (1 B) and decrypts the message (M1 ) that was sent for requesting funds, wherein if the user's A-Card is valid then

the A-Card issuer bank communication module (2B) requests the confirmation of availability of the requested funds or credit from the identified source of funds bank communication module (3B) via message (M2); (c) the source of funds bank system unit (3) processes the message (M2) with the request and sends a request of transaction signature via message (M5) to the A-Card user's mobile communication device (1 B), wherein the source of funds bank communication module (3B) interprets the message (M2) into message (M3) and sends it to the source of funds bank system (3A) requesting funds, wherein the source of funds bank system (3A) validates availability of the requested funds and requests a transaction signature to the source of funds bank communication module 3B via message M4, wherein the source of funds bank communication module 3B forwards the message M4 to the A-Card user's mobile communication device 1 B via message M5; (d) the A-Card user's mobile communication device (1 B) processes the message (M5), wherein the A-Card user (1A) enters (A2) a transaction signature in the A-Card user's mobile communication device (1 B) and sends it via message M6 to the source of funds bank communication module (3B) in the source of funds bank system unit 3; (e) the source of funds bank system unit 3 processes the message M6 and then sends the confirmation of funds availability message M9 to the A-Card issuer bank system unit (2), wherein the source of funds bank communication module (3B) transforms and forwards the message (M6) to the source of funds bank system (3A) via the message (M7), wherein if the transaction signature in message (M7) matches with the signature expected by the source of funds bank system (3A), it sends a confirmation about the availability of the funds to the source of funds bank communication module (3B) via message (M8), wherein the source of funds bank communication module (3B) forwards the confirmation of funds availability message (M9) to the A-Card issuer bank communication module 2B;

(f) the A-Card issuer bank system unit 2 processes the message M9 and sends a message M12 as confirmation of funds availability in the A-Card account to the A-Card user's mobile communication device 1 B, wherein the A-Card issuer bank communication module 2B forwards the message M9 to the A-Card issuer bank system 2A as message M10, wherein the A-Card issuer bank system (2A) credits the A-Card account for the requested amount and debits the source of funds account in the source of funds bank system 3A, wherein the A-Card issuer bank system 2A sends the confirmation message M11 of crediting the A-Card account to the A-Card

issuer bank communication module 2B, wherein the A-Card issuer bank communication module 2B converts the message M11 into message M12 and forwards it to the A-Card user's mobile communication device 1 B; (g) after the A-Card user's mobile communication device (1 B) has received the confirmation message (M 12), A-Card user reads (A3) the confirmation and performs (A4 and A5) the payment using full or partial credit from the A- Card account;

(h) the source of funds bank system 3A in the source of funds bank system unit 3 performs a settlement A6 with A-Card issuer bank system 2A in the A- Card issuer bank system unit 2, wherein the step A7, which includes paying for transferred funds and/or spent money by A-Card user, is performed in common manner;

(j) the A-Card account is automatically blocked after expiry of the time limit set by the A-Card user 1A using message (M1 ) or by the default expire time period.

All messages sent from and to A-Card user's mobile communication device 1 B are converted into SMS or message of other applicable format. During the generation of means of payment the data exchanged between the system units 2A, 2B and 3A, 3B are secured by encryption and/or digitally signed in one or more steps.

The messages describing the problems of communication are sent to the A- Card user's mobile communication device 1 B thereby the process is suspended until the A-Card user 1 A fixes the problem by sending the correct information or cancels it.

The A-Card user 1A releases the funds blocked in A-Card account by sending a new message M1 , which initiates the full process to request the insufficient funds from the A-Card account in the source of funds bank system 3A in case if the requested amount is less than the remaining balance in the A-Card account or makes the requested amount available for the identified period of time by canceling the dummy purchase, that blocked the unused money in the account. In other words one of the means for blocking the unused money on the A-Card account is performing a dummy purchase.

The digital signature depending on bank's security requirements is obtained from a code card or generated by a separate code generator or memory of

the A-Card user's mobile communication device 1 B, or generated by a known PIN protected software that is stored in the A-Card user's mobile communication device 1 B.

Depending on the bank's security policies and rules against money laundering the system will limit the amount that can be transferred to the A- Card account, set daily and monthly limits, set maximum amount of one payment, enable use of the A-Card account for regular bank transactions using internet, or mobile banking, or in A-Card user's present situation, wherein this information is sent to the A-Card user's mobile communication device 1 B during the registration of A-Card. Optionally, A-Card user can enable/disable function for receiving information messages about A-Card transactions and remaining balance from A-Card issuer bank system unit 2.

In case of A-card loss, the A-Card user 1A can return the unused amount of money on the A-Card account in the source of funds bank system 3A. When an A-Card is lost, the maximum loss is limited to the amount loaded onto A- Card and it can be cancelled by sending one cancel message from A-Card user's mobile communication device 1 B to A-Card issuer bank system unit 2 where the A-Card account will be blocked for any further payments. If the A- Card user's mobile communication device 1 B is lost then no cancellation of A-Card is necessary as after funds availability expiry there will be no money available to spend. The A-Card user 1A obtains a new mobile communication device 1 B and registers it within issuer bank and after downloading mobile banking application (PIN protected software) into the new mobile communication device 1 B and setting up the new A-Card and source of funds is ready for funds transfer.

The invention also includes computer program for implementation said method.

It will be appreciated by those skilled in the art that the invention, as specifically shown in this document and described with reference to the preferred embodiment may be subject to changes in form and detail without the same detracting from its spirit and scope.