Field of the invention

The present disclosure relates to authorising electronic transactions. In particular, systems and methods for authorising electronic transactions on the basis of an accurate location determination.

Background of the invention

Location is an important aspect of reducing fraud in relation to electronic transactions. That is, transactions that occur within a certain distance of a provider have been shown to reduce instances of fraud. However, there are technical issues for ensuring that a mobile device is actually where it reports its location, and a device, using relatively easy to access tools, can simply spoof its location. Therefore there is little assurance that a device is actually in the location that it is reported to be in.

Other technical problems include relying on Global Positioning System (GPS) which require line-of-sight in order to establish a position. This is not practical for many urban and suburban locations where buildings and other urban structures interfere with the satellite signals. Bluetooth beacons, or Wi-Fi access points, can be moved and collusion (a type of insurance fraud) can occur. Bluetooth also requires significant battery usage and can cause battery life degradation. As a result, device positioning systems can be inaccurate and electronic transaction systems cannot always rely on the location results provided to authorise electronic transactions.

Therefore there is a need for a technological solution for authorising electronic transactions based on an accurate location and proximity sensing.

Reference to any prior art in the specification is not an acknowledgment or suggestion that this prior art forms part of the common general knowledge in any jurisdiction or that this prior art could reasonably be expected to be understood, regarded as relevant, and/or combined with other pieces of prior art by a skilled person in the art.

Summary of the invention

In one aspect there is provided a computer implemented method for authorisation via proximity detection of an electronic transaction by a mobile device at a terminal comprising: determining one or more local transmission services available to the mobile device; determining an approximate position of the mobile device based on one or more generic device positioning systems; determining one or more local transmission services available to the terminal; determining an approximate position of the terminal based on one or more generic device positioning systems; calculating an adjusted and/or assured position of the mobile device by adjusting or assuring the approximate position of the mobile device using bespoke device positioning or position adjusting or assurance systems based on the one or more local transmission services available to the mobile device; calculating an adjusted or assured position of the terminal by adjusting and/or assuring the approximate position of the terminal using bespoke device positioning or position assurance systems based on the one or more local transmission services available to the terminal; and authorising the electronic transaction by the mobile device if the adjusted and/or assured position of the mobile device and the adjusted and/or assured position of the terminal are within an authorised operating location.

In some embodiments, the adjusted and/or assured position of the terminal or the adjusted and/or assured position of the mobile device is determined based on one or more adjustments including: a data fingerprint of data produced by the terminal; device signal availability; and device variability.

In some embodiments, using bespoke device positioning and/or position assurance systems may comprise: determining one or more local transmission services available to a second mobile device; determining an approximate position of the second mobile device based on one or more generic device positioning systems; storing one or more measurements of the local transmission services made by the second mobile device in combination with the approximate position; and determining the adjusted and/or assured position of the mobile device based on the one or more stored measurements if the approximate position of the second mobile device is similar to the approximate position of the mobile device.

In some embodiments, using bespoke device positioning systems comprise: determining one or more local transmission services available to a second terminal; determining an approximate position of the second terminal based on one or more generic device positioning systems; storing one or more measurements of the local transmission services made by the second terminal in combination with the approximate position; and determining the adjusted position of the terminal based on the one or more stored measurements if the approximate position of the second terminal is similar to the approximate position of the terminal.

In some embodiments, using bespoke device positioning systems may further comprise: determining one or more adjustments for calculating the adjusted position of the second mobile device; storing the one or more adjustments in combination with the approximate position of the second mobile device; and determining the adjusted position of the mobile device based on the one or more stored adjustments if the approximate position of the second mobile device is similar to the approximate position of the mobile device.

In some embodiments, using bespoke device positioning systems may further comprise: determining one or more adjustments for calculating the adjusted position of the second terminal; storing the one or more adjustments in combination with the approximate position of the second terminal; and determining the adjusted position of the terminal based on the one or more stored adjustments if the approximate position of the second terminal is similar to the approximate position of the terminal.

In some embodiments, wherein the one or more mobile device positions systems and one or more terminal positions systems include: Network-based positioning; Device- based positioning; or any combination of the above.

In some embodiments, network-based positioning comprises: triangulation; trilateration; multilateration; cell identification; cell tower triangulation; and advanced forward link trilateration.

In some embodiments device-based positioning comprises: Global Navigation Satellite Systems; Global positioning system (GPS); Global Navigational Satellite System (GLONASS); Enhanced Observed Time Difference (E-OTD); network fingerprinting; raw radio measurements; local positioning system; Wi-Fi based positioning; and Local service based positioning.

In some embodiments, an authorised operating location is a specified horizontal distance from a point location associated with the provider. In some embodiments, the method may further comprise authorising the electronic transaction if one or more specific functional thresholds are met.

In some embodiments, the one or more specific functional thresholds include: time of day; blacklist; whitelist; and confidence intervals.

In some embodiments, the one of more specific functional thresholds have a specified default value.

In another aspect there is provided a server system comprising: a memory; and a processor to: determine one or more local transmission services available to the mobile device; determine an approximate position of the mobile device based on one or more generic device positioning systems; determine one or more local transmission services available to the terminal; determine an approximate position of the terminal based on one or more generic device positioning systems; calculate an adjusted and/or assured position of the mobile device by adjusting and/or assuring the approximate position of the mobile device using bespoke device positioning or position assurance systems based on the one or more local transmission services available to the mobile device; calculate an adjusted and/or assured position of the terminal by adjusting and/or assuring the approximate position of the terminal using bespoke device positioning or position assurance systems based on the one or more local transmission services available to the terminal; and authorise the electronic transaction by the mobile device if the adjusted and/or assured position of the mobile device and the adjusted and/or assured position of the terminal are within an authorised operating location.

As used herein, except where the context requires otherwise, the term "comprise" and variations of the term, such as "comprising", "comprises" and "comprised", are not intended to exclude further additives, components, integers or steps.

Further aspects of the present invention and further embodiments of the aspects described in the preceding paragraphs will become apparent from the following description, given by way of example and with reference to the accompanying drawings.

Brief description of the drawings

Examples of the present disclosure will be described with reference to: Figure 1 a is an illustration of an example environment for authorisation via proximity detection of an electronic transaction by a mobile device at a terminal;

Figure 1 b is a block diagram of an example server system;

Figure 2 is an illustration of an example method for authorisation via proximity detection of an electronic transaction by a mobile device at a terminal;

Figure 3a is an illustration of determining approximate locations of a mobile device and a terminal;

Figure 3b is an illustration of an authorised operating location;

Figure 4 is an example illustration of a scenario with a Wi-Fi service;

Figure 5 is an example illustration of the scenario of figure 4 with an adjusted location of the terminal;

Figure 6 is an example illustration of a scenario with a Wi-Fi service and a Bluetooth service;

Figure 7 is an example illustration of the scenario of figure 6 with an adjusted location of the mobile device, and

Figure 8 is an example illustration of a scenario where other user devices can be used to adjust the location of a user device.

Detailed description of the embodiments

The present disclosure relates to a method and system for authorising a transaction based on a geolocation. An accurate geolocation on mobile devices is calculated to determine whether a provider and user are within an acceptable proximity to each other. Further the system also determines whether the provider is within an acceptable proximity to the authorised operating location.

Example environment Figure 1 illustrates an example proximity proofing environment 100 in which embodiments and features of the present disclosure are implemented.

The example environment 100 includes a communications network 130 which interconnects a user device 102, a provider device (also referred to in this disclosure as a terminal) 104, a server system 120, and third party location services 140. In this example, a user who is a patient in a medical practice is attempting to make a transaction to a medical services provider via a provider device. The user device 102 is associated with the user, and the provider device (terminal) 104 is associated with the provider.

User device 102 is a computer processing system with a user module 1 12, which is a proximity proofing client application.

When executed by the user device 102 (e.g. by a processor thereof), the proximity proofing client application 1 12 configures the user device 102 to provide client-side proximity proofing system functionality by communicating (using a communication interface similar to the communications interface 164 described below) with the proximity proofing server system 120 (and, in particular, the proximity proofing server module 122). Proximity proofing client application 1 12 may be a dedicated client application that communicates with a proximity proofing application server using an API. Alternatively, Proximity proofing client application 1 12 may be a web browser (such as Chrome, Safari, Internet Explorer, Firefox, or an alternative web browser) which communicates with a proximity proofing web server module 122 using http/https protocols.

Similarly, provider device 104 is a computer processing system with a provider module 1 14, which is a proximity proofing provider application. The proximity proofing provider application works much the same way as the proximity proofing client application 112 described above. When executed by the provider device 104 (e.g. by a processor thereof), the proximity proofing provider application 1 12 configures the provider device 104 to provide provider-side proximity proofing system functionality by communicating (using a communication interface similar to the communications interface 164 described below) with the proximity proofing server system 120 (and, in particular, the proximity proofing server module 122). User device 102 may be any form of computing device. Typically, user device 102 will be a mobile device - e.g. a mobile phone, although it is possible tablets or other mobile devices could be used. While a single user device 102 has been illustrated, an environment would typically include multiple user devices 102 interacting with the proximity proofing server system 120.

The proximity proofing server system 120 includes a proximity proofing server module 122 and a proximity proofing database server 124 and data store 126, which may be a shared data store. The proximity proofing server module 122 configures the proximity proofing server system 120 to provide server side proximity proofing system functionality - e.g. by receiving and responding to requests from proximity proofing clients (e.g. client 1 12) and storing/retrieving data from the proximity proofing data store 126 as required.

Proximity proofing server 120 may be a web server (for interacting with web browser clients) or an application server (for interacting with dedicated application clients). While proximity proofing server system 120 has been illustrated with a single server 122, environment 100 may provide multiple servers (e.g. one or more web servers and/or one or more application servers).

In certain embodiments, proximity proofing server system 120 is a scalable system including multiple distributed server nodes connected to the shared data store 126 (e.g. a shared file server). Depending on demand from clients (and/or other performance requirements), proximity proofing server system 120 server nodes can be provisioned/de-provisioned on demand to increase/decrease the number of servers offered by the proximity proofing server system 120. Each proximity proofing server module 122 may run on a separate computer system and include one or more application programs, libraries, APIs or other software that implement server-side functionality. Similarly, the proximity proofing database server 124 may run on the same computer system as an proximity proofing server 122, or may run on its own dedicated system (accessible to proximity proofing server(s) 122 either directly or via a communications network).

The proximity proofing server 122 (running on the proximity proofing server system 120), proximity proofing client application 1 12 (running on user device 102), and proximity proofing provider application 114 (running on provider device 104) operate together to provide the proximity proofing system functionality. Generally speaking, operations described herein as proximity proofing operations or operations being performed by the proximity proofing system may be performed by the proximity proofing client 112 (operating on user device 102), proximity proofing provider 1 12 (operating on provider device 104) the proximity proofing server module 122 (operating on proximity proofing server system 120) or the proximity proofing client 1 12, proximity proofing provider 1 14 and proximity proofing server module 122 in cooperation.

Proximity proofing operations involving the display of user information involve the user device 102 as controlled by the proximity proofing client 1 12. The data displayed, however, may be generated by the proximity proofing client 1 12 itself, or generated by the proximity proofing server 122 communicated to the proximity proofing client 1 12. Equally, the same applies to the display of provider information.

Similarly, proximity proofing operations involving user input involve the user device 102 receiving user input (e.g. at an input device) and passing that input to the proximity proofing client 1 12. The information input may be processed by the proximity proofing client 1 12 itself, or communicated by the proximity proofing client 1 12 to the proximity proofing server 122 to be processed by the proximity proofing server 122. Proximity proofing operations involving writing data to the proximity proofing data store 126 via the database server 124 involve the proximity proofing server 122. The data written to the proximity proofing data store 124 may, however, be communicated to the proximity proofing server 122 by the proximity proofing client 112.

Third party location services 140 may be used to provide some of the location operations described in the present disclosure. Typically, such third party location services 140 are internet accessible and provide a publicly accessible API. In this disclosure, a third party location service 140 can be provided inputs such as location measurements performed by the user device 102 or the provider device 104. The third part location services 140 will typically return a point location in the form of a latitude and longitude as well as a degree of accuracy, which would typically be a distance measured in metres.

Proximity proofing server system The present invention is necessarily implemented using a server system 120. The server system 120 is, or will include, a computer processing system.

Figure 1 b provides a block diagram of one example of a computer processing system 120. System 120 as illustrated in Figure 1 b is a general-purpose computer processing system. It will be appreciated that Figure 1 b does not illustrate all functional or physical components of a computer processing system. For example, no power supply or power supply interface has been depicted, however system 120 will either carry a power supply or be configured for connection to a power supply (or both). It will also be appreciated that the particular type of computer processing system will determine the appropriate hardware and architecture, and alternative computer processing systems suitable for implementing aspects of the invention may have additional, alternative, or fewer components than those depicted, combine two or more components, and/or have a different configuration or arrangement of components.

The computer processing system 120 includes at least one processing unit 152. The processing unit 152 may be a single computer-processing device (e.g. a central processing unit, graphics processing unit, or other computational device), or may include a plurality of computer processing devices. In some instances all processing will be performed by processing unit 152, however in other instances processing may also, or alternatively, be performed by remote processing devices accessible and useable (either in a shared or dedicated manner) by the system 100.

Through a communications bus 150 the processing unit 152 is in data communication with a one or more machine-readable storage (memory) devices that store instructions and/or data for controlling operation of the processing system 120. In this instance system 120 includes a system memory 154 (e.g. a BIOS), volatile memory 156 (e.g. random access memory such as one or more DRAM modules), and non-volatile memory 158 (e.g. one or more hard disk or solid state drives).

System 120 also includes one or more interfaces, indicated generally by 160, via which system 120 interfaces with various devices and/or networks. Generally speaking, other devices may be physically integrated with system 120, or may be physically separate. Where a device is physically separate from system 120, connection between the device and system 120 may be via wired or wireless hardware and communication protocols, and may be a direct or an indirect (e.g. networked) connection. Wired connection with other devices/networks may be by any appropriate standard or proprietary hardware and connectivity protocols. For example, system 120 may be configured for wired connection with other devices/communications networks by one or more of: USB; FireWire; eSATA; Thunderbolt; Ethernet; OS/2; Parallel; Serial; HDMI; DVI; VGA; SCSI; AudioPort. Other wired connections are, of course, possible.

Wireless connection with other devices/networks may similarly be by any appropriate standard or proprietary hardware and communications protocols. For example, system 100 may be configured for wireless connection with other devices/communications networks using one or more of: infrared; Bluetooth; Wi-Fi; near field communications (NFC); Global System for Mobile Communications (GSM), Enhanced Data GSM Environment (EDGE), long term evolution (LTE), wideband code division multiple access (W-CDMA), code division multiple access (CDMA). Other wireless connections are, of course, possible.

Generally speaking, the devices to which system 120 connects - whether by wired or wireless means - allow data to be input into/received by system 120 for processing by the processing unit 152, and data to be output by system 120. Example devices are described below, however it will be appreciated that not all computer-processing systems will include all mentioned devices, and that additional and alternative devices to those mentioned may well be used.

For example, system 120 may include or connect to one or more input devices by which information/data is input into (received by) system 120. Such input devices may include physical buttons, alphanumeric input devices (e.g. keyboards), pointing devices (e.g. mice, track pads and the like), touchscreens, touchscreen displays, microphones, accelerometers, proximity sensors, GPS devices and the like. System 100 may also include or connect to one or more output devices controlled by system 100 to output information. Such output devices may include devices such as indicators (e.g. LED, LCD or other lights), displays (e.g. CRT displays, LCD displays, LED displays, plasma displays, touch screen displays), audio output devices such as speakers, vibration modules, and other output devices. System 100 may also include or connect to devices which may act as both input and output devices, for example memory devices (hard drives, solid state drives, disk drives, compact flash cards, SD cards and the like) which system 100 can read data from and/or write data to, and touch-screen displays which can both display (output) data and receive touch signals (input).

System 120 may also connect to communications networks (e.g. the Internet, a local area network, a wide area network, a personal hotspot etc.) to communicate data to and receive data from networked devices, which may themselves be other computer processing systems.

It will be appreciated that system 120 may be any suitable computer processing system such as, by way of non-limiting example, a desktop computer, a laptop computer, a netbook computer, tablet computer, a smart phone, a Personal Digital Assistant (PDA), a cellular telephone, a web appliance. Typically, system 120 will include at least user input and output devices 162 and (if the system is to be networked) a communications interface 164 for communication with a network 130. The number and specific types of devices which system 100 includes or connects to will depend on the particular type of system 120. For example, if system 120 is a desktop computer it will typically connect to physically separate devices such as (at least) a keyboard, a pointing device (e.g. mouse), a display device (e.g. a LCD display). Alternatively, if system 120 is a laptop computer it will typically include (in a physically integrated manner) a keyboard, pointing device, a display device, and an audio output device. Further alternatively, if system 120 is a tablet device or smartphone, it will typically include (in a physically integrated manner) a touchscreen display (providing both input means and display output means), an audio output device, and one or more physical buttons.

System 120 stores or has access to instructions and data which, when processed by the processing unit 102, configure system 120 to receive, process, and output data. Such instructions and data will typically include an operating system such as Microsoft Windows®, Apple OSX, Apple IOS, Android, Unix, or Linux.

System 120 also stores or has access to instructions and data (i.e. software) which, when processed by the processing unit 152, configure system 120 to perform various computer-implemented processes/methods in accordance with embodiments of the invention (as described below). It will be appreciated that in some cases part or all of a given computer-implemented method will be performed by system 120 itself, while in other cases processing may be performed by other devices in data communication with system 120. Instructions and data are stored on a non-transient machine-readable medium accessible to system 120. For example, instructions and data may be stored on non transient memory 158. Instructions may be transmitted to/received by system 120 via a data signal in a transmission channel enabled (for example) by a wired or wireless network connection.

Generic and Bespoke device positioning systems

This disclosure references generic and bespoke device positioning systems. Generic positioning systems are those types of device positioning systems that can be offered by third parties, such as the third party location services 140 illustrated in figure 1 a. As above, examples of third parties include Google, Apple and Microsoft. Generic positioning systems are able to provide an approximate position of a device such as a mobile device or a terminal, but are unable to provide an adjusted position of the device or any assurance that the device is in fact where the device reports it is.

Bespoke device positioning or position assurance systems are device positioning systems that can make specific adjustments to an approximate location in certain circumstances or locations, in order to make the location more accurate or to give an assurance that a device is where the device reported it to be. There are a number of adjustments that can be made to an approximate location determined by generic positioning systems. These include adjustments based on a data fingerprint, device variability and device signal availability. These adjustments are described in more detail below.

Where an approximate position is determined by a generic positioning system, the bespoke device positioning system can store one or more measurements of the local transmission services made by another mobile device (or the same device earlier) in a previous transaction. In combination with the approximate position this can be used by the bespoke device positioning systems to determine the adjusted position of the mobile device based on the one or more stored measurements if the approximate position of the earlier mobile device is similar to the approximate position of the mobile device. A similar approach can be applied to determine the adjusted position of the terminal. That is, the measurements made to determine an approximate position for one device can be used to determine an adjusted position for other devices, or the same device at a later time. Further, bespoke device positioning systems can keep track of the adjustments for calculating the adjusted position of other mobile devices or terminals. These adjustments can be stored in combination with the approximate position of the other mobile device. Later the adjustments can be used by the bespoke device positioning systems to determine the adjusted position of the mobile device based on the stored adjustments if the approximate position of the mobile device is similar to the approximate position of one or more of the other mobile devices. That is, the position adjustments made for one device can be made for other devices, or the same device at a later time.

Example method

Figure 2 is an illustration of an example method 200 for authorisation via proximity detection of an electronic transaction by a mobile device at a terminal.

Method 200 involves a first step of determining one or more local transmission services available to the mobile device. Many user devices 102 have Global Positioning System (GPS) functionality enabled. Similarly many such devices 102 have Wi-Fi and Bluetooth functionality. User devices 102 when attempting to determine the location of the device 102 will typically scan all the publicly available information that can be used to identify a local transmission service such as a Wi-Fi or Bluetooth service. This information is can be communicated to the proximity proofing server 120 and stored along with any location data subsequently determined by the device 102. Therefore a Wi-Fi or Bluetooth service can be later used to provide location information about any other user device that is near enough to these services that they can be scanned by the user device.

A second step of the method 200 is to determine 204 an approximate position of the mobile device based on one or more generic mobile device positioning systems. The position can be calculated by reference to the local transmission services that have been identified, GPS, or any combination. The third party location services 140 can also be used to calculate the approximate position.

A third step of the method 200 is to determine 206 one or more local transmission services available to the terminal. A terminal, much like the user devices described above have Global Positioning System (GPS) functionality enabled. Also similarly, a terminal 104 generally has Wi-Fi and Bluetooth functionality. A terminal 102 when attempting to determine the location of the terminal 102 can scan all the publicly available information that can be used to identify a local transmission service such as a Wi-Fi or Bluetooth service. Further, the terminal will generally produce a consistent set of data, which can be stored by the proximity proofing server system 120 along with the location that the terminal determines. This may help to identify and locate the terminal in circumstances where the location is inaccurate or outside the usual location for the terminal.

The next step is to determine 208 an approximate position of the terminal based on one or more terminal positioning systems. Similar to the above, the approximate position can be calculated by reference to the local transmission services that have been identified, GPS, or any combination. The third party location services 140 can be used to calculate the approximate position of the terminal.

A fifth step of the method 200 is to calculate 210 an adjusted position of the mobile device by adjusting the approximate position of the mobile device using bespoke device positioning systems based on the one or more local transmission services available to the mobile device. The approximate position provided above may not be accurate enough for the purposes of authorisation. As a result, there may need to be adjustments made. Even where adjustments are not required, this effectively amounts to an assurance process that can add to a level of assurance that the device is where it is reportedly located. Examples of adjustments are described below.

A sixth step of the method 200 is to calculate 212 an adjusted position of the terminal by adjusting the approximate position of the terminal using bespoke device positioning systems based on the one or more local transmission services available to the terminal. As above, the approximate position of the terminal provided above may not be accurate enough for the purposes of authorisation. As a result, there may need to be adjustments made. Even where adjustments are not required, the adjustment or assurance process can add to a level of assurance that the device is where it is reportedly located. Examples of adjustments are described below.

A final step is authorising 214 the electronic transaction by the mobile device if the adjusted position of the mobile device and the adjusted position of the terminal are within an authorised operating location. The medical services provider has a geolocation associated with it which is the authorised operating location. That is, a transaction involving a medical services provider where a user device 102 associated with a user and a provider device 104 associated with a provider are within the authorised operating location. Where one or both devices are outside the authorised operating location, then the transaction may not be authorised. There are a number of options that may be implemented in such circumstances. The transaction in one example may simply fail or the user may be requested to move to the operating location or notified to turn on one or more services which may assist to more accurately identify the location.

A local transmission service (such as a nearby wireless service) that has been recorded previously by a user device can be used to provide a location for any other user device. The more user devices that determine a location will make the location associated with the wireless service more accurate. As discussed above, many third party solutions for this data exist, including Google, Apple and Microsoft. Google for example will track a unique identifier of a Wi-Fi access point - the media access control (MAC) address - along with the location determined by a user device.

Determining location

In the example of Figure 3a the user device 102 determines an approximate position 312 for the user device and terminal 104 determines an approximate position 322 for the terminal. The approximate position of the user device 102 is initially provided by a calculation based on one or more available wireless services. Examples of available wireless services include Wi-Fi, Bluetooth, and cellular services. Each of these wireless services has a signal, the strength of which can be measured at the device.

Once the available wireless services are measured, the user device 102 determines an approximate position. Each of the wireless services that are available provides a degree of accuracy, therefore the more wireless services available the more likely the approximate position is accurate. It is possible to determine the approximate position accurately with multiple wireless services such that no adjustments are required.

Similarly the location of the terminal 104 is initially provided by a calculation based on one or more wireless services available to the terminal. The approximate position 322 of the terminal 104 is initially provided by a calculation based on one or more available wireless services. Examples of available wireless services include Wi-Fi, Bluetooth, and cellular services. Each of these wireless services has a signal, the strength of which can be measured at the terminal.

In one example, the user device can utilise an application programmable interface (API) of an online third party service 140 such as Google to calculate an approximate position. That is, the measurements of the wireless services are inputted into the online service and a result is returned to the user device. The result in this example is a combination of latitude, longitude and a degree of accuracy. The accuracy in this case is measured in metres.

The elements of an approximate position form a circle, where the latitude and longitude make the centre of the circle 312 and the accuracy is the radius of the circle 344. Once the approximate position is determined a number of adjustments or assurances can be made to make the location determination more accurate, or to assure its current accuracy. Adjustments or assurances include adjustments based on a data fingerprint, device variability and device signal availability.

A second circle 322 is formed by the location of the terminal 104. That is, the terminal has a latitude and longitude, which in this example is fixed. It is possible that a terminal has a variable latitude and longitude, such as where the terminal is mobile. However whether the terminal is fixed or mobile does not affect how the calculation is performed. That is, a similar calculation to the above describing the user device may be made to determine the terminal location. If the terminal is fixed, then for the reasons described above, the location is more likely to be calculated with greater accuracy.

The system 120 then determines if there is sufficient overlap between the user device location, terminal location and the authorised operating location 302. If there is sufficient overlap between the two, and the provider device is within the authorised operating location as well, then the transaction made by the user is authorised by the system.

The system 120 may also calculate the distance 330 between the mobile device 102 and the terminal 104. In some embodiments, this distance 330 may also form an authorisation requirement, such as where the terminal and mobile device must be within 5 metres of each other.

Authorised operating location In the example of Figure 3a, the authorised operating location 302 is depicted as a rectangle. In some embodiments the authorised operating location 302 may be a latitude and longitude along with a horizontal distance.

Figure 3b is an illustration of this example authorised operating location 340. In this example, the authorised operating location 340 is a defined by a horizontal distance 350 and a centre point 360. This does not necessarily completely correspond with the physical properties of the provider’s location (such as the medical centre). This means that, as depicted, there could be parts of the physical medical centre that are within the authorised operating location 340, and parts that are not within the physical medical centre that are also within the authorised operating location.

Adjustments

Figure 4 is an example illustration where a user is attempting to perform a transaction. In this example, there is a nearby Wi-Fi service 402 operated by a bank for its customers although the signal is measurable outside the confines of the bank itself. Although there would typically be no authorisation at this stage, if the approximate positions 312 and 322 of the mobile device 102 and terminal 104 respectively were used they would be determined by the system 120 to be outside the authorised operating location 302. Therefore in this example, adjustments would be required.

There are a number of adjustments or assurances that can be made to an approximate position. These include an adjustment or assurance based on data fingerprint, device variability and device signal availability. Each of these is discussed below.

Data fingerprint

A terminal or provider device typically transmits a consistent set of data which can be considered a data fingerprint. This data would identify the provider device using a pin pad ID (PPID) which is a unique number associated with provider device such as a terminal. The PPID can be used to ensure fraudulent devices can be identified.

The data fingerprint would also indicate the provider device is not moving and is in a constant location. That is, the measurements that the provider device makes are generally likely to be the same or similar if it is a legitimate device that does not move much within the authorised operating location. Wi-Fi, Bluetooth, and cell services do not typically move so their measurements can be used alone or in combination with the identification data to determine the data fingerprint for a provider device.

In some cases, the approximate position of the provider device may continually be calculated with low accuracy or the provider device may be reported to be outside its authorised operating location. If the system recognises the data fingerprint, the system can adjust the position of the provider device to a location known by the system to be associated with a particular data fingerprint before calculating the proximity threshold.

Figure 5 is the same example as Figure 4 above but where a user is attempting to perform a transaction after typical business hours at a time such as 5pm. In this example, the same nearby Wi-Fi service 402 operated is not available. This is because the service only operates between the hours of 9am and 4pm, which are the operating hours of the bank. The provider in this case is a medical practice that operates until 6pm - that is, the medical practice accepts transactions until 6pm. In this example, the wireless services that would have been available during earlier business hours have been turned off.

The lack of wireless services mean that, in this example, the terminal location is determined with less accuracy and therefore the system determines the device location to be outside the authorised operating location. However, the terminal 104 in reality is still in the same location it was earlier in the day as it has not moved. If the approximate position 322 is utilised, then the transaction would not be authorised when it otherwise might have been.

Therefore the system 120 may adjust the approximate position 322 of Figure 4 by detecting the data fingerprint of the terminal 104, noting it is consistent with one or more transactions that occurred earlier in the day and adjusting the location of the terminal on this basis to the adjusted location 422 with the new accuracy of 424. Adjusting the location in this example means that the terminal 104 is now determined to be within the authorised operating location 302 and the transaction can be authorised.

Device variability

In some cases, the device type may affect the location determination and the system may correct for any consistent location errors that may occur for those device types. Figure 6 is an illustration of another example 600 where a user is attempting to perform a transaction in a scenario with a Wi-Fi service 602 and a Bluetooth service 604. The user device 102 measures the available wireless services nearby. In this case, the location 312 that is determined is less accurate because the user device is a low cost ZTE handset. The ZTE handset is known to have a limitation in its Bluetooth capabilities that it does not detect Bluetooth signals that are greater than 10 metres away. In this example, the device 120 has not been able to detect the Bluetooth signal 604 as it is further than 10 metres away from it. This is problematic, for example, if the wireless signals are measured such that the Bluetooth signal provides significant location information and that a lack of the Bluetooth signal is determined to mean that the device is not in the location that it actually is.

Figure 7 is an illustration of a further example 700 where a user is attempting to perform a transaction in a scenario as outlined in relation to Figure 6 above with a Wi-Fi service 402 and a Bluetooth service 604. However, in this case the system 120 has found ZTE handsets that have been used in previous transactions and identified that all ZTE handsets operate the same way. Therefore the system 120 recognises the same ZTE handset and adjusts the location 312 on the basis of the Bluetooth limitation to the adjusted position 712 with the adjusted accuracy 744. In some embodiments, the system 120 may discount the Bluetooth signal 604 as providing any location information.

Device Signal Availability

A user device may have certain services turned on or off in various combinations. The availability of these services affects the location calculation.

In the example 800 illustrated by figure 8, a user device 104 measures and submits the cell tower and GPS data to provide an approximate position 312. However, it does not measure and submit the Wi-Fi 402 and Bluetooth 604 measurements. This is because, in this example, the user’s device 104 has the Wi-Fi and Bluetooth services turned off. The system in this case may recognise that no Wi-Fi and Bluetooth services have been submitted, which is distinct from the services being turned on on the device but where no services were detected. In this case, the system 120 may fill in the missing services by determining a likely default value or measurement for the missing services. To do this, the system 120 keeps track of measurements for user devices in the same or similar location. In this example, another second user device 802 performed a transaction in a similar approximate position and reported a Wi-Fi service 402 and its signal strength was approximately -80dBm. The system 120 recognises this and utilises then this value for this Wi-Fi service 402 can be substituted for the missing values and the location is adjusted on this basis. A similar calculation can be performed for the Bluetooth service 604 on the basis of the strength reported by second device 802. The values for the missing services can be substituted based on a specified default value, or the default value may be calculated based on the other available wireless services.

Functional Thresholds

The system may also impose some functional thresholds to authorising transactions. The functional thresholds provide a way in which certain transactions may be authorised or not, even if the location requirements are met.

For example, the system keeps track of the time of day as different wireless services may be available at different times. However, a provider may only accept transactions between certain times, such as business hours between 9am and 5pm. Other functional thresholds may be defaults in relation to where a location of the user device or provider device (terminal) is not available. For example, the provider device may simply be unable to measure any signals that would provide location information. The functional threshold may be to simply allow this transaction anyway or to block the transaction because the location of the provider device could not be calculated.

Other functional thresholds include maintaining a blacklist for services that will not be authorised, and whitelists for services that will be authorised. Further services may have specific thresholds around edge cases, such as where a user device is right on the boundary of an authorised operating location. The functional threshold of a confidence interval may require the user device to be no closer than, say, half a metre from the boundary to have a greater confidence that the user is actually within the authorised operating location. The confidence interval may be set by the provider or be imposed by the health insurer in relation to which a transaction is being made. It will be understood that the invention disclosed and defined in this specification extends to all alternative combinations of two or more of the individual features mentioned or evident from the text or drawings. All of these different combinations constitute various alternative aspects of the invention.