WO2007006084A1 - Card processing apparatus and method - Google Patents

Abstract

This invention relates to the field of card transactions and in particular to the physical card checking process associated with the use of a card by a merchant prior to obtaining authorisation to accept the associated transaction. There are numerous frauds associated with these types of cards (that may include magnetic stripe cards and smart cards) and the apparatus and method of the invention reduces or minimises the use of fraudulent cards. The apparatus and method forces the checking of the information contained in the magnetic stripe with the information printed or embossed on the card by automating the extraction of information both embedded in the card and optically readable on the card. In one example the Card Verification Code is optically read or manually inserted into the merchant apparatus and checked before verification of the transaction.

Description

CARD PROCESSING APPARATUS AND METHOD

This invention relates to the field of card transactions and in particular to the physical card checking process associated with the use of a card by a merchant prior to obtaining authorisation to accept the associated transaction.

BACKGROUND

The field of card transactions and in particular but not exclusively credit card transactions have been, for as long as they have been available, subject to fraudulent actions.

There are numerous frauds associated with these types of cards some of which include: a) Lost or stolen cards, which are being used by another person illegally. b) Never Received Issue, which are cards stolen while in transit and used by another person illegally. c) Fraudulent applications, which include cards issued on the basis of counterfeit or fraudulent documents. d) Identity takeover, where people use 'real names', not their own, to gain a card fraudulently. e) Card generator programs used to generate credit card numbers and magnetic strip encoding that appear to be legitimate cards to card readers. f) Multiple imprints (either electronically or manually) of the cardholder's cards at the time of payment to assist identity theft and illegal card reuse for re-orders. g) Mail order, telephone order or Internet use of legitimate or fraudulent card details for the delivery of goods. h) Skimming or copying of electronic data contained on the magnetic strip on the rear of a legitimate card and used to re-debit the cardholder's account at a later date or to encode a stolen or counterfeit card. One quick swipe, and the card name, number and expiry date are copied. Credit card fraud in Australia costs about AU$100 million a year as at 2003 and skimming accounts for 40 to 50 per cent of this and this type of fraud activity is on the increase. In the U.S. credit card fraud is costing up to US$1.5 billion per year at present.

Counterfeit plastic cards can be created fraudulently by: i) manufacturing a complete card and embossing and encoding stolen details j) embossed only cards used at collusive merchants for manual transactions k) encoded only white plastic for use through EFTPOS terminals (telephone, petrol pumps) or with collusive merchants (PIN input is required at some sites)

1) re-encoded or re-embossed genuine credit cards that have been obtained by theft, lost etc.

Various procedures are recommended for the merchant to follow to help reduce fraud against the merchant and their customers including:

i. Switching off the EFTPOS (credit and cash processing) machine at night, ii. Check card signatures against the signature applied by the cardholder on the post-authorisation signature. Noting that the signature is only to establish at any future date whether the signer is in fact the cardholder and allows for the card company to counter a cardholder's non- repudiation of the transaction. iii. Check that the card numbers on the front and back of the card match, iv. Make sure holograms on the card are clearly visible, v. Check for valid expiration date, vi. Check for ghosting or shading used to cover-up changed numbers. vii. Ask for further identification if unsure.

Clearly it is in the best interests of the merchant to follow these procedures mainly because the merchant is going to be ultimately responsible in many cases if the transaction turns out to be a fraudulent one. That is, if for example, they did not check the signature and then the legitimate cardholder disputes the transaction, the credit card company will rightly claim that the signature was not checked and the liability for the fraud falls to the merchant who could have prevented it occurring if they had followed procedure.

However, even if the merchant follows all the recommended procedures assuming that in many cases they will not have a basis for being unsure and requiring, for example photo identification, then the transaction can still be fraudulent. This arises because the merchant using existing equipment cannot detect all the types of fraudulent cards mentioned above.

For example, if the card presented is one that is of the type e) or h) mentioned above [generated card numbers and cards that have a reprogrammed magnetic strip] then procedures i) to vi) would not assist the merchant as the card would be apparently legitimate in every other way discernible by the merchant.

A further merchant risk arises when the merchant offers goods and services on-line and accepts card details from the customer. This is referred to as a card-not-present transaction and, since the cardholder is not able to provide a written signature in the normal manner, the merchant takes the risk that an unauthorised user of the card is using the card. Clearly, the normal card number (on the face of the card) and expiry date checks only provide enough information for card authorisation and card fraud can easily occur as the true cardholder can still repudiate the transaction.

Authorisation means in all cases only that a) The account number is valid; b) The card has not been reported lost or stolen (although it may in fact be lost or stolen); and c) There are sufficient funds available to cover the transaction.

Since the merchant must do a great deal of technical investigation to prove the cardholder wrong, the merchant compounds their risk of fraud and recovery from fraud.

Card authorisation systems all require connection to the authorising agency at the time of the transaction, and in most cases this means that the card reading equipment used to swipe the card during the transaction is connected via a telecommunications link typically a landline, however, wireless communication systems are available. In many cases merchants cannot afford the equipment that is used to transact card authorisations, and it is possible for them to enter into an arrangement with an intermediary (commonly referred to as the aggregator) that offers a service and equipment to many merchants for an agreed percentage of the value of total transactions by each merchant. In such an arrangement it is not the authorisation of the transaction that is a problem to the merchant, but the fact that the transactions for the day's trading are not communicated to the aggregator until the end of the day. This has its own problems since any loss of transmission capability or loss of the records held in the equipment can mean permanent loss of funds to the merchant. In addition, the details held in the equipment are valuable to fraudsters since they include sufficient information to replicate cards that can be legitimately used to commit further fraud.

The transaction is aggregated and sent as one transaction to a clearing institution such as a bank. This means that the actual funds transfer to the merchant's account does not occur until the card credit provider has processed the transactions and the aggregator is paid. Further it is only at that time that the precious information within the equipment is removed.

It is an aim of this invention to provide a solution to one or more of the problems discussed above or at least provide an alternative.

BRIEF DESCRIPTION OF THE INVENTION In a broad aspect of the invention there is provided a method for checking the integrity of information associated with a financial transaction card having a digital information storage element and optically readable information, the method consisting of the steps of: a) extracting information from the digital information storage element; b) transforming by optical means the optically readable information into digital information representative of the optically readable information; c) comparing a portion of the extracted information with a predetermined portion of the optically readable information wherein if the comparison is a match, information associated with the transaction card is likely to have integrity; and d) indicating whether the outcome of the comparison is a match or not a match indicating the likely integrity of the information associated with the card.

In an aspect of the invention a system for checking the integrity of information associated with a financial transaction card having a digital information storage element and optically readable information, includes an extraction device for extracting information from the digital information storage element; a visual display for displaying a portion of the extracted information for comparison with a predetermined portion of the optically readable information, wherein if the comparison is a match, information associated with the card is likely to have integrity, and communication device for communicating a predetermined portion of the optically readable information and a portion of the extracted information for confirmation of the integrity of the information associated with the card.

In a further aspect the system further includes an optical reader for reading said optically readable information; wherein the visual display means also displays said optically read information for comparison by a user of said apparatus with the displayed information.

In yet a further aspect, the system further includes an information comparison means for comparing a portion of the extracted information with a predetermined portion of the optically read information and may include an integrity indicator that is operable to indicate the result of said comparison of the likely integrity of the information associated with the card.

In yet a further aspect the system for checking the integrity of information associated with a financial transaction card having a digital information storage element and optically readable information, includes an extraction element for extracting information from the digital information storage element; communication element for communicating a portion of the extracted information; a visual display for receiving the communicated information and displaying a portion of the extracted information for comparison with a predetermined portion of the optically readable information, wherein if the comparison is a match, information associated with the card is likely to have integrity, and visual display communication element for communicating a predetermined portion of the optically readable information and a portion of the extracted information for confirmation of the integrity of the card.

In yet a further aspect of the invention a system for checking the integrity of information associated with a financial transaction card having a digital information storage element and optically readable information, includes a card transaction device having a digital information extraction element and an information transmitter element, the device extracting information from the digital information storage element and transmitting a portion of the extracted information, an information communication device having an information receiver, an information display, a user operable information input and an information communications element, the information communication device receiving at the information receiver the extracted information from the transmitter element of the card transaction device and displaying on the information display the received extracted information for a user of the information communication device to compare the displayed extracted information with optically readable information determined by the user, and if there is a match, the user inputs information confirming the match using the user operable information input and also inputs optically read information from the transaction card and associated financial transaction information using the user operable information input, wherein the information communication element communicates a portion of the extracted information and the optically read information, plus information relating to the confirmation and financial transaction information associated with said card, external of the information communication device, an information processing device for receiving information communicated by the information communication device, wherein the information communication device does not process to authorise the financial transaction associated with the card unless the information associated with the transaction card is likely to have integrity as determined by the user of the information communication device including information confirming the match; and wherein the information processing device uses a portion of the communicated extracted information and a predetermined portion of the communicated optically read information to determine the likely integrity of the information associated with the card before processing the financial transaction associated with the transaction card.

In another aspect of the system the extraction and communication elements are included in a first device and the visual display and visual display communication elements are included in a second device physically separate from the first device.

In another aspect a system for checking the integrity of information associated with a financial transaction card having a digital information storage element and optically readable information, including a card information extraction and optical reading apparatus for extracting information from the digital information storage element and optically reading some or all of the optically readable information and comparing predetermined portions of said extracted and read information to determine whether the information matches thereby indication the likely integrity of information associated with the card and transmitting an indication of the likely integrity of the information associated with the card with predetermined portions of the extracted and optically read information external of the apparatus, an information communication device for receiving an indication of the likely integrity of the information associated with the card with predetermined portions of the extracted and optically read information and also transferring a portion of the extracted information and a predetermined portion of the optically read information associated with said card external of the communications device, and having input by a user of the information communication device financial transaction information associated with the card for initiating a financial transaction, wherein the information communication device does not transfer information for authorisation unless the financial transaction card is likely to have integrity as determined by the card information extraction and optical reading apparatus, and an information processing device for receiving information from the information communication device and authorising the financial transaction associated with the card, wherein the information processing device uses a portion of the extracted information and a predetermined portion of the optically read information to determine the integrity of the information associated with the card and processing the financial transaction.

In yet another aspect of the invention the optically read information includes the Card Verification Code (CVC) and the information processor recalculates the CVC from information associated with the card holders' card information and checks that they match or otherwise compares the received CVC with a CVC associated with the card holders' card information and/or the card information extraction and optical reading apparatus uses one or more portions of the extracted information and/or the optically read information to generate a Card Verification Code (CVC) for the information obtained from the card and checks or otherwise compares that the generated CVC matches the CVC optically read from card.

In yet a further broad aspect of the invention a system for checking the integrity of information associated with a financial transaction card having a digital information storage element and optically readable information, includes a card reader device including a card information extraction apparatus; a visual display for displaying a portion of the extracted information; an extracted information communication device for communicating at least, a predetermined portion of the extracted information external of the card reader device; and an information communication device for receiving the extracted information from the card reader device, the information communication device including an information input for a user to input financial transaction information, and an information display for displaying a portion of the extracted information for a user to compare the displayed information with a predetermined portion of optically readable information on the card and if there is a match, information associated with the card is likely to have integrity and predetermined portions of the extracted information is commanded by the user to be communicated external of the information communication device; and transferring information using the information communication device, including a portion of the financial transaction information and a predetermined portion of the extracted information for confirmation of the integrity of the card by an authorisation system to confirm the integrity of information associated with the card and authorise the financial transaction.

The reference to any prior art in this specification is not, and should not be taken as an acknowledgment or any form of suggestion that such prior art forms part of the common general knowledge.

Throughout this specification and the claims that follow unless the context requires otherwise, the words 'comprise' and 'include' and variations such as 'comprising' and 'including' will be understood to imply the inclusion of a stated integer or group of integers but not the exclusion of any other integer or group of integers.

Specific embodiments of the invention will now be described in some further detail with reference to and as illustrated in the accompanying figures. These embodiments are illustrative, and not meant to be restrictive of the scope of the invention. Suggestions and descriptions of other embodiments may be included within the scope of the invention but they may not be illustrated in the accompanying figures or alternatively features of the invention may be shown in the figures but not described in the specification.

BRIEF DESCRIPTION OF FIGURES

Fig. 1 is a pictorial representation of a prior art system arrangement;

Fig. 2 is a pictorial representation of the devices of an embodiment of the invention;

Fig. 3 is a pictorial representation of the front of a card;

Fig. 4 is a pictorial representation of the rear of a card;

Fig. 5 is a pictorial representation of the steps involved in using the card reader of the system;

Fig. 6 is a pictorial representation of the steps involved in using the reader and cellular device of the system;

Fig. 7 is a pictorial representation of the network involved in using the system; and

Fig. 8 is a receipt generated by the transaction printer that allows the recipient to obtain full details of the transaction from a server on a computer network.

DETAILED DESCRIPTION OF EMBODIMENTS OF THE INVENTION In this specification the term card will include without limitation transaction card, credit card, charge card, cash card, smart card, stored value card, etc. In all cases the card has optically readable data /information and data /information that needs to be extracted by means other than optically.

Figure 1 depicts a prior art system for credit card use of the magnetic strip type shown in Figures 3 and 4. Magnetic strip cards as they are referred to, comprise a plastic carrier 40 on which is embossed and indelibly printed a thirteen to nineteen (typically sixteen digits as per included Figures 3 and 4) digit number (the same thirteen to nineteen digit number located on the front of the card is printed on the rear of the card which consists of part of the optically readable data/information associated with the card) and it also carries a High Coercivity (HiCo) magnetic strip 42 (both of which are shown pictorially in Fig. 4). The magnetic strip is encoded with data according to a common standard and includes at least, the thirteen to nineteen digit numbers, the expiry date of the card, the type of account and the account holder's name along with other data required to provide a check of the correct reading of the data (check bits). More details of the information contained in the magnetic strip will be provided later in the specification. The data/information can only be extracted (read) by means that is not an optically readable method and which is preferably electromagnetic in nature. When a smartcard is used, contact and non-contact electronic means are used to extract data /information from the electronic memory included in such cards.

The apparatus for authorisation involves the installation at the merchant's location of a card reader 10 that is powered 12 from via mains power and connected to a communications medium, in most cases the wired telephone system 14. When a customer's card is to be used in a transaction it is swiped in the slot 16 provided in the card reader 10 and the data in the magnetic strip (sometimes referred to as a stripe or magstripe) is read and used to form a message for communication to the card transaction authorisation entity 20 via (optionally) a aggregator 18 of transactions.

With regards the current magnetic strip card either a credit card (used as an example) or debit card type, there are three information tracks on the magnetic strip 20. Each track is about one-tenth of an inch wide. The ISO/IEC standard 7811, which is used by banks, specifies: • Track one is 210 bits per inch (bpi), and holds 79 6-bit plus parity bit read-only characters.

• Track two is 75 bpi, and holds 404-bit plus parity bit characters.

• Track three is 210 bpi, and holds 1074-bit plus parity bit characters.

A credit card typically uses only tracks one and two. Track three is a read /write track (which includes an encrypted Personal Identification Number (PIN), country code, currency units and amount authorized), but its usage is not standardized among issuing authorities primarily the banks.

The information on track one is contained in two formats: A, which is reserved for proprietary use of the card issuer, and B, which includes the following:

• Start sentinel - one character • Format code="B" - one character (alpha only)

• Primary Account Number (PAN) - up to 19 characters

• Separator - one character

• Country code - three characters

• Name - two to 26 characters • Separator - one character

• Expiration date or separator - four characters or one character

• Discretionary data - enough characters to fill out maximum record length (79 characters total)

• End sentinel - one character • Longitudinal redundancy check (LRC) - one character

LRC is a form of computed check character. The format for track two, developed by the banking industry, is as follows:

• Start sentinel - one character • Primary account number - up to 19 characters

• Separator - one character

• Country code - three characters

• Expiration date or separator - four characters or one character • Discretionary data - enough characters to fill out maximum record length (40 characters total)

• LRC - one character

Authentication There are three basic methods for determining whether a credit card will pay for what is being charged:

Merchants with few transactions each month do voice authentication using a touch-tone phone.

Electronic Data Capture (EDC) magstripe-card swipe terminals are becoming more common — so is swiping your own card at the checkout Point of Sale (POS) terminal that require the concomitant use of a PIN to validate use of the card for that transaction.

Virtual terminals on the Internet

After the card holder or the cashier swipes the credit card through the reader 10, the EDC software at the POS terminal dials a stored telephone number (using a modem) to call the acquirer. When the acquirer company receives the credit-card authentication request, it checks the transaction for validity and the record on the magstripe for: Merchant ID

Valid card number

Expiration date

Credit-card limit

Card usage Single dial-up transactions are processed at 1,200 to 2,400 bits per second (bps), while direct Internet attachment uses much higher speeds via the secure transaction protocols of the commonly used TCP/IP protocol.

In some systems, the cardholder enters a personal identification number (PIN) using a local keypad and in most others the card holder provides a signature, in both cases involvement of the card holder is done so as to allow for non- repudiation of the transaction by the card holder.

The PIN may not be on the card but if it is it is encrypted (hidden in code using cryptography) on the card itself and in a database used by the authorising authority typically the bank. To reduce vulnerabilities, the PIN is combined with one or more other data strings that may include the cardholder's account number within the encrypted form. Before one obtains cash from an ATM, the ATM obtains the encrypted data from the card and sends it to the database to see if there is a match with the manually inserted PIN that is also independently encrypted. The PIN is stored in the bank's computers in an encrypted form (as a cipher). The transformation used in this type of cryptography is one-way. This means that it is easy to compute a cipher given the bank's secret key and the customer's PIN and possibly other information, but not computationally feasible to obtain the plaintext PIN from the cipher (which is stored on the card). This feature is used so as to protect the cardholder from being impersonated by someone who has access to the bank's computer but not the PIN. The bank therefore can only verify that the correct PIN was used by comparing the cipher received from the ATM with a recalculated cipher result created from its own database that includes the stored PIN and bank's secret key. When an ATM of other card reading device is used, data unique to the device may also included in the encrypted information sent to the central authority to allow for the identification of the reading device being used. This additional information can be used to further assure the Bank that the transaction is a legitimate one.

Importantly, the communication of data /information between the ATM and the bank's central computer are all encrypted (sometimes using a transaction authentication number) to prevent would-be thieves from tapping into the communication lines, recording the signals sent from and to the ATM that eventually authorize the dispensing of cash and then feeding those same signals to an ATM to trick it into unauthorized dispensing of cash.

The communication from the card reader is generated immediately and information contained in the magnetic strip plus the transaction amount and details of the merchant that are stored in the card reader are sent in the communication via the communications system typically the wired telephone system. Even when a wireless telephone system (cellular system) is used, the card reader may still retain all the information associated with the transaction so that it can be downloaded at a later predetermined time and in some cases that is to the aggregator 18.

In the initial communication the card details are sent to the card issuer sometimes via the aggregator 18 and most times direct to the card issuer/authorization entity 20 or its nominee. As stated above the communication is received and the information is checked for a number of things, including: the existence of the account in the corresponding system; that the account will support the requested transaction amount; the validity of the merchant device and the existence of the merchant in the corresponding system; and the internal consistency of the numbers that make up the thirteen to nineteen digit number which contains check digits for exactly that purpose along with the information described above.

Once those checks are complete, a communication is sent back to the requesting merchant's device in effect authorising the transaction with that card. It should be noted that all the risks previously mentioned are borne by the merchant, as they need to ensure that the cardholder cannot or does not repudiate the transaction.

The card reader has an associated (battery powered for mobile use or is mains powered for semi-permanent use at a location) printer (not shown) that prints out a merchant copy of the now authorised transaction including selected data within the magnetic strip 42 (Fig 4) including the thirteen to nineteen digit card number 46 and the account holder's name 48. This is the first opportunity for the merchant to check that the information associated with the card 40 is not in some way fraudulent, by comparing the numbers printed on the printout with the embossed numbers on the front of the card. Clearly if they do not match, then the magnetic strip does not belong to the card and the card is fraudulent. However, not many merchants check the whole number if any part of it at all. The merchant could also have checked the thirteen to nineteen embossed numbers on the front of the card with the thirteen to nineteen printed numbers on the rear of the card.

The cardholder signs the merchant copy of printed data and then the merchant has a further chance to check that the cardholder is the card owner by checking the signature 44 that is also on the rear of the card 40. It is well recognised that signature checking is notoriously difficult and not always preformed anyway.

A further print is generated for the cardholder to keep as a record of the transaction, which does not typically print all of the information available, for example it does not include all of the numbers of the card so that the receipt itself does not become a source of card numbers and expiry dates.

In a preferred embodiment of one aspect of the invention, refer to Fig I₁ the merchant is provided a battery or mains powered card reader device 24 that reads, at least in this embodiment, magnetic strip cards, but which can be made to read smart cards conforming to any required standard but most likely to be the EMV standard. It is a preferred functionality of this reader that it does not retain card data for any longer than it takes to read it and communicate it to a communications device 26 (preferably a cellular device such as a mobile phone) intermediate the card reader 24 and the card issuer 18' that will eventually need to authorise the transaction. A transaction receipt printer 28 is used to provide a hard copy receipt of the transaction for signing by the card holder in a credit transaction or a receipt for both the merchant and the card holder for a PIN authorised transaction.

The card reader can communicate in an approved /secure fashion the data read from the magnetic strip of the transaction card, in this preferred arrangement, the communication occurs over a small distance to an intermediate device, which in a preferred embodiment is a cellular phone 26. Communications could be achieved using Bluetooth or any other short distance wireless communications means although the invention is not limited to using a wireless connection when a suitable wired connection could be used at the insistence or convenience of the merchant.

In one example the cellular phone includes a Radio Frequency Identification Device (RFID) that has a NFC capability. Some of the functionality of the RFID includes the ability to be programmed by the phone device, in particular by commands received from a remote location and with the interactive control of the mobile user. Such a capability can be used to reprogram the RFID to interact with multiple types of RFID access or purchasing systems, e.g. allowing the mobile to make the RFID access a train network by merely calling and paying for that capability, or having the inbuilt RFID interact with a soft drink machine and to command the machine to release a product because it has been paid for through the phone.

It is also a function of such a device for the RFID to be capable of having stored value that can be used in transactions of the type contemplated and described herein. Thus by having the ability to release a portion (all or some) in a transaction by using a PIN know only to the cellular device holder, it is contemplated that a third party reader capable of communicating with the RFID and receiving the authorising PIN to verify that authority, transactions wherein the extracted information can be checked against other information to check the veracity of the RFID device to an acceptable degree as to reduce or eliminate the liability of the merchant when using these types of devices for transactions.

The mode of communications from the cellular device owned and controlled by a device holder (not unlike a card holder) can be in accord with non- cellular technologies such as, by way of example, the 801.11 family of standards that exist and that are being developed to accommodate higher speeds and greater security.

It should be noted that certain of the information extracted and planned for communication to the card issuer can be encrypted before it leaves the card reader such that only the card issuer can decrypt the information. This means that the intermediate device cannot know all of what has been extracted and even if it did retain that information, which it does not, it could not fraudulently use that information because it is encrypted. Encryption also secures the content of communications from unauthorised review.

Once the mobile communication device receives the data the merchant needs to do two things that are of importance to at least one embodiment of the invention.

The first step is to read at least a portion of that data of the optically readable data /information associated with the card, and in a preferred step the last four digits of the thirteen to nineteen digit number 46a on the front of the card, and check that those numbers are the same as the last four digits of the number provided from the reader that represents a portion of the extracted data from the card. A display on the reader or as displayed on an intervening mobile communication device can be used to observe the data obtained from the reading process, The use of the last four digits gives at least a 1 in 10,000 chance that the optically read numbers are not the same by chance as the extracted numbers when a fraudulent card has been used.

Having performed the previous check, the merchant can use the mobile phone keypad to enter the amount of the transaction and with information contained in the mobile phone can send the transaction details to the card issuer. The mobile phone software can add the merchant details and other data to the outgoing communication. In another embodiment the last four digits can be manually entered in to the intermediate device such as a cellular phone so that the processor in the phone performs the comparison to determine whether there is a match.

However before the communication is sent, it is another important part of the invention to have the merchant read a further portion of the optically readable information associated with the card. Note that the optically readable information may not always be text and may include logos, holographic information or digitally encoded data /information that is nonetheless optically readable, one example, being a bar code or another being a hologram.

In a preferred embodiment of the invention three more numbers are optically read from the card. In particular the three particular numbers are known as the Card Verification Code (CVC) 39 which is the three additional numbers located on the rear of the card at the end of the typed sixteen digit numbers 46 located (typically printed) on the cardholder's signature strip 40 shown in Fig. 4. This number is also referred to as a CW2 - Card Verification Value (Visa 3 digits); CVC2 - Card Validation Code (MasterCard 3 digits); or a CID - Card IDentification (Amex 4 digits, Diners Club 3 digits) and for the purpose of referral and meaning in this specification the terms Card Verification Code or CVC will be used. The principle is the same in all cases. The number is generated by the card issuer using a secret algorithm using predetermined information associated with the card and sometimes-other information not on the card known only to the card issuer.

In one embodiment of the invention there is need for an audit number to be associated with the transaction, that can be provided by the programme run by the mobile communication device that generates or retrieves the number or in an alternative arrangement the card issuer or central transaction authority provide one.

The additional optically read information (in this embodiment the CVC of the card) can in one embodiment be sent along with the information extracted from the card by the reader to the card issuer for authentication of the card from the mobile phone along with other transaction related information.

Alternatively, the software within the mobile communications device can recreate the CVC based on available information and then the mobile communications device could verify the veracity of the digital information stored in the cards magnetic strip 42 in this example or within the memory of a smart card.

The CVC is typically used in a card-not-present situation as in an on-line or over the phone purchase, but in this embodiment of the invention it is used when it would not have otherwise been possible to do so since the magnetic strip cannot be read when a phone order is being processed.

Once the card issuer has authenticated the card along with the transaction details an authentication is communicated to the merchant's mobile communication device and read by the merchant.

The card reader, which has in one embodiment an in-built printer, can then print a transaction record, using the necessary information it has retained solely for this purpose and the signing of the transaction record can take place as required as well as providing a duplicate copy for the cardholder.

The system can also optionally include a separate printer 25 for generating a record of the transaction.

Whether the printer is separate, battery or mains powered as will be described, in addition to the document receipt generated by the printer for use by the merchant (i.e. the copy signed by the card user and retained by the merchant as proof of the authority of the card holder to the transaction) a copy is also generated for the card holder as a record of the transactions. However, as discussed earlier the recept provided by the printer will not contain all the details, so a full receipt can also be provided by other means, which in one embodiment from a server accessible via a computer network e.g. the Internet at the convenience of the card holder.

In this optional system configuration, which includes a printer, the mobile communications device uses a portion of the available information to format the information to be printed and sends it wirelessly to the printer 25. An example of such a receipt 800 is depicted in Fig. 9, which shows that by accessing a computer server, in this example using the Universal Resource Locator (URL) 802 and providing an audit number 804 and authority code 806, a full receipt will be provided on screen that can be stored or printed as required by the user.

Once a transaction is approved and once the printing is finished almost all of the information extracted is wiped from the temporary storage in the printer and the mobile communication device.

The mobile communication device retains only a portion of the extracted information or a representation thereof to allow for voiding the immediately preceding transaction only if an input error or change of mind by the customer has occurred.

The minimally retained information is of a form such that it CANNOT be used to replicate a separate unauthorised transaction or be used to replicate account numbers and names, PIN numbers and the like. Certain physical and software security measures are required for the card reader and printer, which can be provided in accordance with industry standards known to those having skill in the art.

Once the merchant has checked the CVC and the last four digits of the card number, they can be as sure as they can be that the card is not fraudulent. In an embodiment of the invention the card reader can conduct that check by comparing the optically read information with the information extracted from the card. Wherein, the extracted information is checked against the information (such as the full card number or just a portion of optically read information such as the CVC) manually inserted into the cellular phone by he merchant.

The procedure described above and below will markedly reduce the incidence of card fraud of the types e), h), j) and 1) described earlier or at least increase the difficulty of transacting such cards because of the method and apparatus of the invention.

In a yet further embodiment the card reader not only extracts the noή-optical data, it can also optically scan one or both sides of the card to optically read the data/information carried on the card, such as for example all or a portion of the account number (embossed on the front of the card), all or a portion of the account number printed on the back of the card including the CVC, all or a portion of the account holder's name embossed on the front of the card, and all or a portion of other optically readable features of the card such as special or unique markings, symbols or the like that are used for security purposes. One example of such a marking is the hologram 41 displayed in Figure 3. Such information may also be used to check the visual authenticity of the card something that only trained merchants can do to a useful degree. Those skilled in the art are knowledgeable as to how to sense the hologram and conduct checks as to their veracity.

The card reader in this embodiment can then give an indication of the integrity of the card based on a number of predetermined metrics. The indication may be in the form of the presentation of the next step in the transaction process, or may be by way of a specific visual indicator that can be seen by the cardholder and the merchant or the merchant alone so that fraudulent cardholders are not alerted while the relevant authorities are advised.

The value of the optically read data /information is helpful then for automatically comparing that information with the extracted information. A comparison function located within the card reader or as in other embodiments within the mobile communications device in the form of software to Optically Character Recognise selected text marked on the card (embossed or printed) and compare it with the text equivalent (data contained within the magnetic stripe) obtained by the extraction process. In such a case, the information can remain wholly within the card reader and only selected portions sent external of the reader once it has been suitably encrypted. This adds further to the security of the process and thus benefits the card issuer and all merchants as the apparatus and process lessens the chance of future card fraud.

As described previously, it may also be possible to configure the above equipment to make the reader capable of calculating the CVC and thus provide a further level of surety that the card is legitimate. This configuration assumes the reader that will have stored access to the various proprietary algorithms for one or more of the card issuers so that it can also perform the step of recreating the CVC and compare it with the visual CVC information and thus perform the CVC check. For security reasons the algorithm may be provided in the reader in the form of hardware into which is input data and out of which is output only the confirmation of the correctness of the CVC. Thus the algorithms are kept confidential, as any physical disturbance to the hardware will null the software therein. Such devices are known in the art.

Figure 5 depicts a flow diagram of part of the processes of using the card reader. The card reader is switched on at step 502 and the cellular phone if also "on" is controlled via switches or preferably via screen displayed choices to activate 504 the payment application that will interact with the card reader. In this embodiment a credit card will be used to illustrate the functions of the system but it will be understood that the types of cards the system is capable of dealing with include and are not limited to; Charge cards; Smart cards; Magnetic Swipe cards; PINless debit cards; PINless chip cards; and all types of cards that can be used and require operation in conjunction with a PIN known to the cardholder.

Prior to operation of the application on the cellular phone there needs to be some setup procedures conducted on the system components which include; having a GPRS and Bluetooth capable phone that has both these functions activated; downloading of the payment system application to the cellular phone which is in one embodiment a Java applet capable of being run on the cellular phone; the card reader being a Bluetooth device being paired with the mobile phone; and the application being personalised for the merchant by the inclusion of the merchants details for use in the transaction information exchange and for printing on receipts. Optionally, unique software version and merchant use licensing identifying details are downloaded and installed on the cellular phone to further increase the security of use and transactions. With the transaction application operational the cellular display provides two options 506 whether to transact 1. " A payment" or 2. "Other". A selection of an option is achieved using the cellular user interface which could include the keyboard, the screen by way of icons and a selection tool such as a pointer, or even touch screen input. The functionality of the cellular device determines the selection modes available to the merchant.

If the Payment selection is made 508 the merchant enters the card into the card reader device so that it can perform one or more functions while the cellular card application waits 510 for the card reading functions to be completed 512.

The card reader can perform extraction of information as well as optical reading of information associated with the card as well as in one embodiment calculation/production of the CVC and then communicate all or a portion of the extracted and optically read information to the cellular device via in one embodiment a Bluetooth communications medium.

Once the card has been read 512 necessitating the card reader to communicate that event to the cellular device, the cellular device prompts 514 the merchant to enter 516 at least the last four digits of the PAN. In an optional approach the merchant enters the CVC read from the rear of the card. The cellular device prompts the merchant to wait 518 while a number of checks are performed.

The application in the cellular device in conjunction with the information communicated to it from the card reader compares 520 the PAN information as well, in another embodiment, the CVC information obtained from the two process steps. If the information matches 522 the process progresses further via path 526 to that depicted in Figure 6.

If the information does not match there is a problem 524 with the card and the merchant is directed by the cellular device to begin a new transaction process. Clearly, there could be a variety of reason for the information not to match the most obvious is that the extracted information (i.e. that which is obtained from the magnetic stripe or smart card memory) is different to that in the optically readable information, which would indicate the high likelihood that the card is fraudulent. It could also be that the extraction step was corrupted or for example the magnetic stripe is damaged and so is the information on it. In which case repeating the extraction process may assist but if unsuccessful again the card may need to viewed by the issuing authority. The merchant will need to have procedures in place to deal with the card and card holder especially if a fraudulent card is suspected. At least however the merchant has been able to avoid a fraudulent transaction for which they would most likely be liable.

If at the beginning of the transaction process 506 the merchant needed to perform an "Other" step the selection 528 would be made and in this embodiment the step of "voiding" an earlier transaction is provided 532 by the application but other options could be available. Two possibilities for selection 534 are provided by the application: 1. Void the "Last Transaction" and; 2. Void "Other Transaction".

To void the last transaction the appropriate selection is made by the merchant and the application identifies the last used transaction audit number 536 and exits the voiding process 538 which involves the communication of a voiding code along with the transaction audit number to a remote processor. The audit number has been previously obtained during an earlier transaction.

In one embodiment, a backend computer server operated by a third party having a cellular communications gateway receives cellular communications from the application resident on the one or more cellular devices. The back end server services the needs of multiple merchants as is depicted in the system diagram in Figure 8.

Likewise, to void a particular other transaction the respective transaction audit number is inserted into the cellular device 542 and once dealt with as described in the preceding paragraph the application exits 544 the voiding procedure.

The application is then may ready for a new transaction 540 joining the process back at the entry of a payment or other type of transaction 506.

Figure 6 depicts a flow diagram of a further part of the processes of using the card reader and cellular communication device to complete a selected transaction.

Following a successful match of the PAN (and in one embodiment both the PAN and the CVC) communication of relevant information takes place 600 to the third party computer (back-end server) with the purpose of obtaining an audit number for the current transaction. This communication results in the Transaction Audit Number 602 being available to the application in the cellular device as well as the associated Card Number and Expiry information 604 that was obtained from the information extraction process when the card reader was used 512. In another embodiment the Card Number and Expiry information can be obtained by being manually entered by the merchant, if for example the card reader is not functioning.

The merchant is prompted to enter a transaction value 606 which is entered into the application 608.

It is typical for there to be a predetermined maximum transaction limit 608 (1) and if the transaction is going to exceed that limit, it is also possible to enter a pre-approved code 608 (2) that if legitimate over-rides the predetermined transaction limit for that transaction.

The application checks the limit and pre-approved transaction code 610 and if the details 612 are not OK then the transaction path returns to the input step 608. If the details 612 are OK then the transaction path proceeds to communicate 614 relevant details to the third party server for card issuer authority to complete the transaction.

In another embodiment, not illustrated by way of a flow diagram, if the transaction is not a credit type a PIN will need to be entered to verify the card holder's authority for the transaction.

In which case, it is likely that the PIN will be entered onto a third party device and in this case the separate printer will be provided a PIN entry device or an additional device will have a pin entry facility. In any circumstance where PIN type information is to be entered it may also necessary or as an alternative to use a biometric input device working alone or in conjunction with a (PIN) entry device.

The communication of relevant information relating to a PIN or biometric information is securely communicated from the separate device to the cellular device for on communication for assisting the authorisation process.

Only details necessary for the card issuer /bank to authorise the transaction are communicated and they may include; the merchant identity, the PAN, the country, the name on the card, the card expiry, any discretionary data contained on the card and possibly prior obtained or generated redundancy check data.

The card issuer /bank or even aggregator if that is a model that is being used will reply to the third party server and they will communicate to the cellular device and to the application 616.

It may be that the card is legitimate but it has recently been stolen in which case the transaction will be rejected. In one example there will be a need to call the bank 618 with no referral provided by the application and then the application will exit 620 to a new transaction 622 input status at step 506.

It may be that there is an irregularity caused by an error in the process or information sent to be authorised 624 so the transaction process is returned to the beginning at step 506.

If the transaction progresses beyond step 616 to step 626 it becomes associated with the audit number with in the application so it can be referenced later, such as for a voiding procedure and enters the final acceptance /decline process 628 associated with the transaction.

If the actual card transaction is declined the cellular device will provide a message 630 to that effect for the merchant to show to the card holder. The message may also advise the card holder to contact the bank.

Optionally the printer can print a receipt of the rejection for the card holder and even the merchant. Thereafter the transaction process returns 632 to the new transaction step 506.

If the transaction is authorised 634 a receipt can be generated 636, one for signing if the transaction is a credit transaction and one for the card holder as a record of the transaction. Further details of the receipting of a transaction are provided elsewhere.

In one embodiment if the card holders cellular device number is known the receipt can be sent using one of a variety cellular communications facilities_/ including Small Message Service (SMS) 638 and 640 of directly via Bluetooth small range RF transmission, Radio Frequency Identification Device (RFID) NFC, Infrared, etc.

In an alternative using a separate hard copy generating device such as a printer that has Bluetooth communications capability or any other suitable communications capability 642, a merchant receipt copy with a card holder signing space is generated 644 as well as a card holder copy of the receipt. The receipt may have the format depicted in Figure 9 and as described previously.

If further receipts are required the process can be returned 646 to the generating step 636 or the process returns to the new transaction step at 506.

Figure 7 depicts a system diagram of the major computer processing elements used to complete a selected transaction. The process of checking the PAN and CVC can be controlled and orchestrated by software operating on not just a cellular device but also any device having a processor. This is made much more likely and possible if the software is written in language such as Java hence the depiction in Figure 7 of laptop and personal computers. There is also a recognition that the communications from such devices can be via the cellular system that will use ever faster protocols and modulation systems or from devices having processors that will use protocols such as TCP/IP and the Internet to transport the information to one or more third party servers and related or direct connect gateways to service multiple merchants.

It will be appreciated by those skilled in the art that the invention is not restricted in its use to the particular application described. Neither is the present invention restricted in its preferred embodiment with regard to the particular elements and/or features described or depicted herein. It will be appreciated that various modifications can be made without departing from the principles of the invention. Therefore, the invention should be understood to include all such modifications within its scope.

Claims

THE CLAIMS:

1. A method for checking the integrity of information associated with a financial transaction card having a digital information storage element and optically readable information, the method consisting of the steps of: a) extracting information from the digital information storage element; b) transforming by optical means the optically readable information into digital information representative of the optically readable information; c) comparing a portion of the extracted information with a predetermined portion of the optically readable information wherein if the comparison is a match, information associated with the transaction card is likely to have integrity; and d) indicating whether the outcome of the comparison is a match or not a match indicating the likely integrity of the information associated with the card.

2. A method according to claim 1 including the further step of: e) sending a predetermined portion of the optically readable information and a portion of the extracted information to a remote authority for confirmation of the information associated with the card.

3. A method according to claim 2 wherein the optically readable information and the extracted information are one or more of the group including the card number associated with the card, the name of the card holder, the country of the card issuing authority, the primary account number associated with the card, the card expiry date, the card format.

4. A method according to claim 1 wherein the portion of the extracted information compared with a predetermined portion of the optically readable information is the Card Verification Code (CVC).

5. A system for checking the integrity of information associated with a financial transaction card having a digital information storage element and optically readable information, including an extraction device for extracting information from the digital information storage element; a visual display for displaying a portion of the extracted information for comparison with a predetermined portion of the optically readable information, wherein if the comparison is a match, information associated with the card is likely to have integrity, and communication device for communicating a predetermined portion of the optically readable information and a portion of the extracted information for confirmation of the integrity of the information associated with the card.

6. A system according to claim 5 further including an optical reader for reading said optically readable information; wherein the visual display means also displays said optically read information for comparison by a user of said apparatus with the displayed information .

7. A system according to claim 6 further including an information comparison means for comparing a portion of the extracted information with a predetermined portion of the optically read information.

8. A system according to claim 6 further including an integrity indicator that is operable to indicate the result of said comparison of the likely integrity of the information associated with the card.

9. A system for checking the integrity of information associated with a financial transaction card having a digital information storage element and optically readable information, including an extraction element for extracting information from the digital information storage element; communication element for communicating a portion of the extracted information; a visual display for receiving the communicated information and displaying a portion of the extracted information for comparison with a predetermined portion of the optically readable information, wherein if the comparison is a match, information associated with the card is likely to have integrity, and visual display communication element for communicating a predetermined portion of the optically readable information and a portion of the extracted information for confirmation of the integrity of the card.

10. A system according to claim 9 wherein the extraction and communication elements are included in a first device and the visual display and visual display communication elements are included in a second device physically separate from the first device.

11. A system for checking the integrity of information associated with a financial transaction card having a digital information storage element and optically readable information, including a card transaction device having a digital information extraction element and an information transmitter element, the device extracting information from the digital information storage element and transmitting a portion of the extracted information, an information communication device having an information receiver, an information display, a user operable information input and an information communications element, the information communication device receiving at the information receiver the extracted information from the transmitter element of the card transaction device and displaying on the information display the received extracted information for a user of the information communication device to compare the displayed extracted information with optically readable information determined by the user, and if there is a match, the user inputs information confirming the match using the user operable information input and also inputs optically read information from the transaction card and associated financial transaction information using the user operable information input, wherein the information communication element communicates a portion of the extracted information and the optically read information, plus information relating to the confirmation and financial transaction information associated with said card, external of the information communication device, an information processing device for receiving information communicated by the information communication device, wherein the information communication device does not process to authorise the financial transaction associated with the card unless the information associated with the transaction card is likely to have integrity as determined by the user of the information communication device including information confirming the match; and wherein the information processing device uses a portion of the communicated extracted information and a predetermined portion of the communicated optically read information to determine the likely integrity of the information associated with the card before processing the financial transaction associated with the transaction card.

12. A system according to claim 11 wherein the information processing device communicates the authorisation of said financial transaction associated with the card to the information communication device.

13. A system for checking the integrity of information associated with a financial transaction card having a digital information storage element and optically readable information, including a card information extraction and optical reading apparatus for extracting information from the digital information storage element and optically reading some or all of the optically readable information and comparing predetermined portions of said extracted and read information to determine whether the information matches thereby indication the likely integrity of information associated with the card and transmitting an indication of the likely integrity of the information associated with the card with predetermined portions of the extracted and optically read information external of the apparatus, an information communication device for receiving an indication of the likely integrity of the information associated with the card with predetermined portions of the extracted and optically read information and also transferring a portion of the extracted information and a predetermined portion of the optically read information associated with said card external of the communications device, and having input by a user of the information communication device financial transaction information associated with the card for initiating a financial transaction, wherein the information communication device does not transfer information for authorisation unless the financial transaction card is likely to have integrity as determined by the card information extraction and optical reading apparatus, and an information processing device for receiving information from the information communication device and authorising the financial transaction associated with the card, wherein the information processing device uses a portion of the extracted information and a predetermined portion of the optically read information to determine the integrity of the information associated with the card and processing the financial transaction.

14. A system according to claim 13 wherein the optically read information includes the Card Verification Code (CVC) and the information processor recalculates the CVC from information associated with the card holders' card information and checks that they match or otherwise compares the received CVC with a CVC associated with the card holders' card information.

15. A system according to claim 13 wherein the card information extraction and optical reading apparatus uses one or more portions of the extracted information and /or the optically read information to generate a Card Verification Code (CVC) for the information obtained from the card and checks or otherwise compares that the generated CVC matches the CVC optically read from card.

16. A system according to claim 13 wherein the information processing device communicates the authorisation of the transaction associated with the card to the information communication device.

17. A system according to claim 16 further including a printer wherein the information communication device is operable to print or cause to be printed a transaction record including predetermined extracted information and financial transaction information using said printer.

18. A system for checking the integrity of information associated with a financial transaction card having a digital information storage element and optically readable information, including a card reader device including a card information extraction apparatus; a visual display for displaying a portion of the extracted information; an extracted information communication device for communicating at least, a predetermined portion of the extracted information external of the card reader device; and an information communication device for receiving the extracted information from the card reader device, the information communication device including an information input for a user to input financial transaction information, and an information display for displaying a portion of the extracted information for a user to compare the displayed information with a predetermined portion of optically readable information on the card and if there is a match, information associated with the card is likely to have integrity and predetermined portions of the extracted information is commanded by the user to be communicated external of the information communication device; and transferring information using the information communication device, including a portion of the financial transaction information and a predetermined portion of the extracted information for confirmation of the integrity of the card by an authorisation system to confirm the integrity of information associated with the card and authorise the financial transaction.