WO2001052203A1 - Online credit card security system - Google Patents
Online credit card security system Download PDFInfo
- Publication number
- WO2001052203A1 WO2001052203A1 PCT/IB2001/000014 IB0100014W WO0152203A1 WO 2001052203 A1 WO2001052203 A1 WO 2001052203A1 IB 0100014 W IB0100014 W IB 0100014W WO 0152203 A1 WO0152203 A1 WO 0152203A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- credit card
- changeable
- account information
- account
- vendor
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/04—Payment circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/22—Payment schemes or models
- G06Q20/24—Credit schemes, i.e. "pay after"
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/385—Payment protocols; Details thereof using an alias or single-use codes
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
Definitions
- the invention relates to the field of secure credit card transactions over networks such as the internet. Description of the Related Art:
- the invention is directed to a method of providing secure credit card transactions, comprising the steps of providing first credit card account information to a card holder.
- the credit card account information includes a predetermined account field, and a changeable account field.
- the changeable account field contains changeable account information which is changeable by the card holder.
- An authorization request is received by a credit card issuer from a vendor; the authorization request includes second credit card account information. Charges to the credit card account are authorized only when the second credit card account information provided by the vendor matches the first credit card account information, including the changeable account information in the changeable account field.
- the invention also comprises a system for providing credit card security, with the system comprising a network for interconnecting a plurality of computing devices, and a user terminal connected to the network.
- the user terminal provides a user interface between a user and the network.
- a credit card issuer unit is connected to the network, and contains credit card account records and data, and a user programmable code field for each credit card account record.
- a vendor terminal is connected to the network, with the vendor terminal configured to send and receive authorization data regarding selected credit card accounts.
- the user through the user terminal, can selectively access the credit card issuer unit and modify the user programmable code field of a selected account.
- the credit card issuer terminal will only provide authorization data to the vendor terminal if information submitted bythevendorterminal matches a current user programmable code in the user programmable code field.
- Figure 1 illustrates a configuration of a network according to the present invention
- Figure 2 illustrates a credit card number code sequence according to the present invention
- FIG. 3 is a block diagram of a security system according to the invention.
- the present invention is intended to minimize the risk of unauthorized charges being placed on a credit card account by online vendors, or parties who may have access to credit card information on the servers for vendor's web sites.
- FIG. 1 a simplified system diagram is provided which illustrates cardholder terminal 1 , in communication with a network such as internet 2. Also in communication with network 2 is a card issuer server 3, and a vendor server 4. Cardholder terminal 1 can be a personal computer or internet terminal of a known type, and card issuer server 3 and vendor server 4 are network servers. According to the invention, when the card issuer, which is typically a bank, credit company, or other type of entity creates a credit card for a cardholder, an additional code is used in order to enable the cardholder to limit or control the validity of an account. This enables transactions to be controlled, by enabling the credit cardholder to change authorization codes of the card at will.
- the card issuer which is typically a bank, credit company, or other type of entity creates a credit card for a cardholder
- an additional code is used in order to enable the cardholder to limit or control the validity of an account. This enables transactions to be controlled, by enabling the credit cardholder to change authorization codes of the card at will.
- the typical credit card includes an account number and an expiration date.
- the card issuer would add additional codes to the credit card account company. These additional codes can be changed by the cardholder, in order to essentially invalidate the code information which had previously been provided to a vendor. Assume, for example, the added code for a particular credit card were ABC123, and this information had been provided to a vendor for charges. Until this code is changed, the account number, expiration date, and this specific combination of added code would be necessary in order to put charges on the particular credit card account.
- the cardholder By accessing the particular account information at the card issuer's server, the cardholder could change this code, thereby making it impossible for that particular vendor to add additional charges to the card, and also make it impossible for anyone having stolen or misappropriated the credit card number to make any additional charges on the account.
- ABC123 could be changed, for example, to DEF999, thereby invalidating ABC123.
- a cardholder sought to change the added code to his credit card account, he would log on to network 2 via cardholder terminal 1. Logging on to the network would include appropriate network access through an internet sen/ice provider in the case of the internet, or other necessary server. He would then access card issuer server 3 using an appropriate password, using encryption, or other secure communication method if available, and access the added code portion of his credit card number. The added code could be changed within any parameters which have been predetermined by the credit card issuer, and the cardholder would receive instant confirmation of the new code over the network 2. Then, when the cardholder sought to make purchases from vendor 4, he would access vendor server 4 through network 2, and make appropriate purchases using the newly activated added code.
- the vendor through server 4, would be able to virtually instantaneously receive authorization for the charges, at which point the cardholder would be free to once again access card issuer server 3, to change the added code.
- This provides users a significantly higher level of control with respect to credit card actions, and also allow instantaneous ability to essentially deactivate the card in the event that the card is lost or stolen.
- Figure 3 illustrates a flow chart of how a credit card or account would be created according to the invention.
- a credit card or account is created, wherein a permanent account number is assigned. An expiration date is assigned to the credit card, and the added code field is either left blank, or a default code is placed therein.
- a user accesses card issuer server 3 from card holder terminal 1 , and selects a new code, thereby invalidating the previous added code, if desired. It should be noted that it is not necessary to invalidate the previous code.
- a transaction occurs, and a vendor, whom has been given the credit card information and the added code information, will attempt to receive charge authorization from card issuer server 3. If the added code information which the vendor has does not match the currently selected or currently valid added code information, authorization will not be provided, and no charges will therefore be authorized.
Abstract
A method of providing secure credit card transactions includes the steps of providing first credit card account information to a card holder, with the credit card account information including a predetermined account field. A changeable account field is provided with the changeable account field containing changeable account information being changeable by the card holder. An authorization request is received from a vendor. The authorization request includes second credit card account information. Charges to the credit card account are authorized only when the second credit card account information provided by the vendor matches the first credit card account information, including changeable account information.
Description
TITLE OF THE INVENTION:
ONLINE CREDIT CARD SECURITY SYSTEM
CROSS REFERENCE TO RELATED APPLICATIONS: This application claims priority of United States provisional patent application
Serial No. 60/174,912, filed on January 10, 2000. The contents of this provisional patent application is hereby incorporated by reference.
BACKGROUND OF THE INVENTION: Field of the Invention:
The invention relates to the field of secure credit card transactions over networks such as the internet. Description of the Related Art:
The significant growth in electronic commerce has resulted in a significant increase in the amount of credit card transactions which are performed over networks such as the internet. Any credit card transaction requires complete details relating to the credit card to be transmitted over the internet, to a selected vendor. The information includes the credit card account number and the expiration date, which is all of the information necessary to put charges on the card holder's account. Once the credit card information has been obtained by the vendor, there is currently no way to prevent the vendor from improperly duplicating the credit card information, and/or placing improper charges on the cardholder's account. The same problem exists in the event that an unscrupulous third party electronically eavesdrops on either the transmission of the credit card information, or the information residing on the vendor's server, therefor obtaining information necessary to place invalid or fraudulent charges on the cardholder's account. Although encryption technology can make it more difficult for any one other than the intended vendor to read the information, once the information is stored on the vendor's computer, the information is available and readable in a non-encrypted form. Employees, consultants, or other individuals could access the information and use it for improper purposes. Also, encryption technologies can be defeated. Furthermore, vendors can, once they have the appropriate credit card information,
add additional charges onto the cardholder's account without explicit authorization. While these types of unauthorized charges have some protections under consumer protection laws in the United States, other jurisdictions do not offer these protections. Additionally, it is always the responsibility of the cardholder to properly identify and dispute any improper charges.
SUMMARY OF THE INVENTION:
The invention, therefore, is directed to a method of providing secure credit card transactions, comprising the steps of providing first credit card account information to a card holder. The credit card account information includes a predetermined account field, and a changeable account field. The changeable account field contains changeable account information which is changeable by the card holder. An authorization request is received by a credit card issuer from a vendor; the authorization request includes second credit card account information. Charges to the credit card account are authorized only when the second credit card account information provided by the vendor matches the first credit card account information, including the changeable account information in the changeable account field.
The invention also comprises a system for providing credit card security, with the system comprising a network for interconnecting a plurality of computing devices, and a user terminal connected to the network. The user terminal provides a user interface between a user and the network. A credit card issuer unit is connected to the network, and contains credit card account records and data, and a user programmable code field for each credit card account record. A vendor terminal is connected to the network, with the vendor terminal configured to send and receive authorization data regarding selected credit card accounts. The user, through the user terminal, can selectively access the credit card issuer unit and modify the user programmable code field of a selected account. The credit card issuer terminal will only provide authorization data to the vendor terminal if information submitted bythevendorterminal matches a current user programmable code in the user programmable code field.
BRIEF DESCRIPTION OF THE DRAWINGS:
Figure 1 illustrates a configuration of a network according to the present invention;
Figure 2 illustrates a credit card number code sequence according to the present invention; and
Figure 3 is a block diagram of a security system according to the invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS:
The present invention is intended to minimize the risk of unauthorized charges being placed on a credit card account by online vendors, or parties who may have access to credit card information on the servers for vendor's web sites.
Referring to Figure 1 , a simplified system diagram is provided which illustrates cardholder terminal 1 , in communication with a network such as internet 2. Also in communication with network 2 is a card issuer server 3, and a vendor server 4. Cardholder terminal 1 can be a personal computer or internet terminal of a known type, and card issuer server 3 and vendor server 4 are network servers. According to the invention, when the card issuer, which is typically a bank, credit company, or other type of entity creates a credit card for a cardholder, an additional code is used in order to enable the cardholder to limit or control the validity of an account. This enables transactions to be controlled, by enabling the credit cardholder to change authorization codes of the card at will. When the card issuer issues the card, therefore, the typical credit card includes an account number and an expiration date. According to the invention, however, the card issuer would add additional codes to the credit card account company. These additional codes can be changed by the cardholder, in order to essentially invalidate the code information which had previously been provided to a vendor. Assume, for example, the added code for a particular credit card were ABC123, and this information had been provided to a vendor for charges. Until this code is changed, the account number, expiration date, and this specific combination of added code would be necessary in order to put charges on the particular credit card account. By accessing the particular account information at the card issuer's server, the cardholder could
change this code, thereby making it impossible for that particular vendor to add additional charges to the card, and also make it impossible for anyone having stolen or misappropriated the credit card number to make any additional charges on the account. ABC123 could be changed, for example, to DEF999, thereby invalidating ABC123.
If a cardholder sought to change the added code to his credit card account, he would log on to network 2 via cardholder terminal 1. Logging on to the network would include appropriate network access through an internet sen/ice provider in the case of the internet, or other necessary server. He would then access card issuer server 3 using an appropriate password, using encryption, or other secure communication method if available, and access the added code portion of his credit card number. The added code could be changed within any parameters which have been predetermined by the credit card issuer, and the cardholder would receive instant confirmation of the new code over the network 2. Then, when the cardholder sought to make purchases from vendor 4, he would access vendor server 4 through network 2, and make appropriate purchases using the newly activated added code. The vendor, through server 4, would be able to virtually instantaneously receive authorization for the charges, at which point the cardholder would be free to once again access card issuer server 3, to change the added code. This provides users a significantly higher level of control with respect to credit card actions, and also allow instantaneous ability to essentially deactivate the card in the event that the card is lost or stolen.
Figure 3 illustrates a flow chart of how a credit card or account would be created according to the invention. In step 31 , a credit card or account is created, wherein a permanent account number is assigned. An expiration date is assigned to the credit card, and the added code field is either left blank, or a default code is placed therein. At step 32, a user accesses card issuer server 3 from card holder terminal 1 , and selects a new code, thereby invalidating the previous added code, if desired. It should be noted that it is not necessary to invalidate the previous code. At step 33, a transaction occurs, and a vendor, whom has been given the credit card information and the added code information, will attempt to receive charge authorization from card issuer server 3. If the added code information which the
vendor has does not match the currently selected or currently valid added code information, authorization will not be provided, and no charges will therefore be authorized.
It should be noted that the examples of account number, expiration date, and added code are submitted as examples only, as is the network configuration of Figure 1. The invention would work with virtually any combination of letters, numbers, symbols, or other characters for the credit card information and added code, and would also work with any communication method, including telephone access, wireless communication, etc.
Claims
1. A method of providing secure credit card transactions, said method comprising the steps of: providing first credit card account information to a card holder, said credit card account information including a predetermined accountfield, and a changeable account field, said changeable account field containing changeable account information being changeable by the card holder; receiving an authorization request from a vendor, said authorization request including second credit card account information; authorizing charges to said credit card account only when said second credit card account information provided by the vendor matches the first credit card account information, including changeable account information.
2. A method as recited in claim 1 , further comprising a step of changing said changeable account information in said changeable account field, wherein when the authorization request from the vendor includes changeable account information which does not correspond to current changeable account information, the authorization request is denied.
3. A method as recited in claim 1 , wherein said authorization request from the vendor, and the authorization of charges, are sent over a computer network.
4. A method as recited in claim 2, wherein said step of changing the changeable account information is performed by accessing a credit card issuer server from a user terminal on a computer network.
5. A method as recited in claim 4, wherein said step of accessing the credit card issuer server comprises the step of logging in to a credit card issuer database on the credit card issuer server, then modifying the changeable account information in a database record containing the first credit card account information.
6. A system for providing credit card security, said system comprising: a network for interconnecting a plurality of computing devices; a user terminal connected to said network, said user terminal providing a user interface between a user and the network; a credit card issuer unit connected to said network, said credit card issuer unit containing credit card account records and data, and a user programmable code field therein for each credit card account record; a vendor terminal connected to said network, said vendor terminal configured to send and receive authorization data regarding selected credit card accounts; wherein the user, through the user terminal, can selectively access the credit card issuer unit and modify the user programmable code field of a selected account, and wherein the credit card issuer terminal will only provide authorization data to the vendor terminal if information submitted by the vendor terminal matches a current user programmable code in the user programmable code field.
7. A system as recited in claim 6, wherein said network comprises the internet.
8. A system as recited in claim 6, wherein said credit card issuer unit contains a login unit to ensure that only an authorized user can access and modify the user programmable code field for a predetermined credit card account record.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AU2001228726A AU2001228726A1 (en) | 2000-01-10 | 2001-01-10 | Online credit card security system |
Applications Claiming Priority (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US17491200P | 2000-01-10 | 2000-01-10 | |
| US60/174,912 | 2000-01-10 | ||
| US50669300A | 2000-02-18 | 2000-02-18 | |
| US09/506,693 | 2000-02-18 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| WO2001052203A1 true WO2001052203A1 (en) | 2001-07-19 |
Family
ID=26870659
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/IB2001/000014 WO2001052203A1 (en) | 2000-01-10 | 2001-01-10 | Online credit card security system |
Country Status (2)
| Country | Link |
|---|---|
| AU (1) | AU2001228726A1 (en) |
| WO (1) | WO2001052203A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016099468A1 (en) * | 2014-12-16 | 2016-06-23 | Empire Technology Development Llc | Use of encryption to provide secure credit card payments |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5132521A (en) * | 1989-09-15 | 1992-07-21 | Smith Charles M | System and method for acquisition and encoding of ATM card data |
| US5239583A (en) * | 1991-04-10 | 1993-08-24 | Parrillo Larry A | Method and apparatus for improved security using access codes |
| US5267149A (en) * | 1986-08-20 | 1993-11-30 | Oki Electric Industry Co. Ltd. | System and method for registering passwords |
| US5883810A (en) * | 1997-09-24 | 1999-03-16 | Microsoft Corporation | Electronic online commerce card with transactionproxy number for online transactions |
| US5956699A (en) * | 1996-10-03 | 1999-09-21 | Jaesent Inc. | System for secured credit card transactions on the internet |
| US6000832A (en) * | 1997-09-24 | 1999-12-14 | Microsoft Corporation | Electronic online commerce card with customer generated transaction proxy number for online transactions |
-
2001
- 2001-01-10 WO PCT/IB2001/000014 patent/WO2001052203A1/en active Application Filing
- 2001-01-10 AU AU2001228726A patent/AU2001228726A1/en not_active Abandoned
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5267149A (en) * | 1986-08-20 | 1993-11-30 | Oki Electric Industry Co. Ltd. | System and method for registering passwords |
| US5132521A (en) * | 1989-09-15 | 1992-07-21 | Smith Charles M | System and method for acquisition and encoding of ATM card data |
| US5239583A (en) * | 1991-04-10 | 1993-08-24 | Parrillo Larry A | Method and apparatus for improved security using access codes |
| US5956699A (en) * | 1996-10-03 | 1999-09-21 | Jaesent Inc. | System for secured credit card transactions on the internet |
| US5883810A (en) * | 1997-09-24 | 1999-03-16 | Microsoft Corporation | Electronic online commerce card with transactionproxy number for online transactions |
| US6000832A (en) * | 1997-09-24 | 1999-12-14 | Microsoft Corporation | Electronic online commerce card with customer generated transaction proxy number for online transactions |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016099468A1 (en) * | 2014-12-16 | 2016-06-23 | Empire Technology Development Llc | Use of encryption to provide secure credit card payments |
Also Published As
| Publication number | Publication date |
|---|---|
| AU2001228726A1 (en) | 2001-07-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7353014B2 (en) | Universal portable unit | |
| US6829711B1 (en) | Personal website for electronic commerce on a smart java card with multiple security check points | |
| KR101155858B1 (en) | Electronic transfer system | |
| US8296228B1 (en) | Dual transaction authorization system and method | |
| US20070170247A1 (en) | Payment card authentication system and method | |
| US20090192907A1 (en) | Smart Card Application System and Method | |
| US20130087612A1 (en) | Method and devices for the production and use of an identification document that can be displayed on a mobile device. | |
| US20020131601A1 (en) | Cryptographic key management method | |
| US20100043064A1 (en) | Method and system for protecting sensitive information and preventing unauthorized use of identity information | |
| GB2387253A (en) | Secure credit and debit card transactions | |
| AU2001283128A1 (en) | Trusted authentication digital signature (TADS) system | |
| MX2007007511A (en) | Authentication device and/or method. | |
| EA006395B1 (en) | System and method for secure credit and debit card transactions | |
| EP1604257B1 (en) | A method and system for identifying an authorized individual by means of unpredictable single-use passwords | |
| US20160267476A1 (en) | Method of Approving a Transaction | |
| US20030130961A1 (en) | System and method for making secure data transmissions | |
| WO2002071177A2 (en) | Method and system for substantially secure electronic transactions | |
| WO2005022474A1 (en) | A method of, and a system for, inhibiting fraudulent online transactions | |
| WO2001052203A1 (en) | Online credit card security system | |
| CA2381074A1 (en) | Secure system for conducting electronic transactions and method for use thereof | |
| EP1396139B1 (en) | Method and systems for improving security in data communication systems | |
| JP2001243391A (en) | Credit card settlement system | |
| KR20000050138A (en) | Credit Card Identification Controlling Device for User Authentication on the Internet and Authentication Method thereof | |
| WO2002001517A1 (en) | A method for carrying out electronic commerce transactions | |
| WO2001059547A2 (en) | System and method for providing services to a remote user through a network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW |
|
| AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
| 121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
| DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
| REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
| 32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 69(1)EPC- EPO FORM 1205A OF 24.09.02 |
|
| 122 | Ep: pct application non-entry in european phase | ||
| NENP | Non-entry into the national phase |
Ref country code: JP |