TITLE OF THE INVENTION:
ONLINE CREDIT CARD SECURITY SYSTEM
CROSS REFERENCE TO RELATED APPLICATIONS: This application claims priority of United States provisional patent application
Serial No. 60/174,912, filed on January 10, 2000. The contents of this provisional patent application is hereby incorporated by reference.
BACKGROUND OF THE INVENTION: Field of the Invention:
The invention relates to the field of secure credit card transactions over networks such as the internet. Description of the Related Art:
The significant growth in electronic commerce has resulted in a significant increase in the amount of credit card transactions which are performed over networks such as the internet. Any credit card transaction requires complete details relating to the credit card to be transmitted over the internet, to a selected vendor. The information includes the credit card account number and the expiration date, which is all of the information necessary to put charges on the card holder's account. Once the credit card information has been obtained by the vendor, there is currently no way to prevent the vendor from improperly duplicating the credit card information, and/or placing improper charges on the cardholder's account. The same problem exists in the event that an unscrupulous third party electronically eavesdrops on either the transmission of the credit card information, or the information residing on the vendor's server, therefor obtaining information necessary to place invalid or fraudulent charges on the cardholder's account. Although encryption technology can make it more difficult for any one other than the intended vendor to read the information, once the information is stored on the vendor's computer, the information is available and readable in a non-encrypted form. Employees, consultants, or other individuals could access the information and use it for improper purposes. Also, encryption technologies can be defeated. Furthermore, vendors can, once they have the appropriate credit card information,
add additional charges onto the cardholder's account without explicit authorization. While these types of unauthorized charges have some protections under consumer protection laws in the United States, other jurisdictions do not offer these protections. Additionally, it is always the responsibility of the cardholder to properly identify and dispute any improper charges.
SUMMARY OF THE INVENTION:
The invention, therefore, is directed to a method of providing secure credit card transactions, comprising the steps of providing first credit card account information to a card holder. The credit card account information includes a predetermined account field, and a changeable account field. The changeable account field contains changeable account information which is changeable by the card holder. An authorization request is received by a credit card issuer from a vendor; the authorization request includes second credit card account information. Charges to the credit card account are authorized only when the second credit card account information provided by the vendor matches the first credit card account information, including the changeable account information in the changeable account field.
The invention also comprises a system for providing credit card security, with the system comprising a network for interconnecting a plurality of computing devices, and a user terminal connected to the network. The user terminal provides a user interface between a user and the network. A credit card issuer unit is connected to the network, and contains credit card account records and data, and a user programmable code field for each credit card account record. A vendor terminal is connected to the network, with the vendor terminal configured to send and receive authorization data regarding selected credit card accounts. The user, through the user terminal, can selectively access the credit card issuer unit and modify the user programmable code field of a selected account. The credit card issuer terminal will only provide authorization data to the vendor terminal if information submitted bythevendorterminal matches a current user programmable code in the user programmable code field.
BRIEF DESCRIPTION OF THE DRAWINGS:
Figure 1 illustrates a configuration of a network according to the present invention;
Figure 2 illustrates a credit card number code sequence according to the present invention; and
Figure 3 is a block diagram of a security system according to the invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS:
The present invention is intended to minimize the risk of unauthorized charges being placed on a credit card account by online vendors, or parties who may have access to credit card information on the servers for vendor's web sites.
Referring to Figure 1 , a simplified system diagram is provided which illustrates cardholder terminal 1 , in communication with a network such as internet 2. Also in communication with network 2 is a card issuer server 3, and a vendor server 4. Cardholder terminal 1 can be a personal computer or internet terminal of a known type, and card issuer server 3 and vendor server 4 are network servers. According to the invention, when the card issuer, which is typically a bank, credit company, or other type of entity creates a credit card for a cardholder, an additional code is used in order to enable the cardholder to limit or control the validity of an account. This enables transactions to be controlled, by enabling the credit cardholder to change authorization codes of the card at will. When the card issuer issues the card, therefore, the typical credit card includes an account number and an expiration date. According to the invention, however, the card issuer would add additional codes to the credit card account company. These additional codes can be changed by the cardholder, in order to essentially invalidate the code information which had previously been provided to a vendor. Assume, for example, the added code for a particular credit card were ABC123, and this information had been provided to a vendor for charges. Until this code is changed, the account number, expiration date, and this specific combination of added code would be necessary in order to put charges on the particular credit card account. By accessing the particular account information at the card issuer's server, the cardholder could
change this code, thereby making it impossible for that particular vendor to add additional charges to the card, and also make it impossible for anyone having stolen or misappropriated the credit card number to make any additional charges on the account. ABC123 could be changed, for example, to DEF999, thereby invalidating ABC123.
If a cardholder sought to change the added code to his credit card account, he would log on to network 2 via cardholder terminal 1. Logging on to the network would include appropriate network access through an internet sen/ice provider in the case of the internet, or other necessary server. He would then access card issuer server 3 using an appropriate password, using encryption, or other secure communication method if available, and access the added code portion of his credit card number. The added code could be changed within any parameters which have been predetermined by the credit card issuer, and the cardholder would receive instant confirmation of the new code over the network 2. Then, when the cardholder sought to make purchases from vendor 4, he would access vendor server 4 through network 2, and make appropriate purchases using the newly activated added code. The vendor, through server 4, would be able to virtually instantaneously receive authorization for the charges, at which point the cardholder would be free to once again access card issuer server 3, to change the added code. This provides users a significantly higher level of control with respect to credit card actions, and also allow instantaneous ability to essentially deactivate the card in the event that the card is lost or stolen.
Figure 3 illustrates a flow chart of how a credit card or account would be created according to the invention. In step 31 , a credit card or account is created, wherein a permanent account number is assigned. An expiration date is assigned to the credit card, and the added code field is either left blank, or a default code is placed therein. At step 32, a user accesses card issuer server 3 from card holder terminal 1 , and selects a new code, thereby invalidating the previous added code, if desired. It should be noted that it is not necessary to invalidate the previous code. At step 33, a transaction occurs, and a vendor, whom has been given the credit card information and the added code information, will attempt to receive charge authorization from card issuer server 3. If the added code information which the
vendor has does not match the currently selected or currently valid added code information, authorization will not be provided, and no charges will therefore be authorized.
It should be noted that the examples of account number, expiration date, and added code are submitted as examples only, as is the network configuration of Figure 1. The invention would work with virtually any combination of letters, numbers, symbols, or other characters for the credit card information and added code, and would also work with any communication method, including telephone access, wireless communication, etc.