WO1992016913A1 - Securing financial transactions - Google Patents

Securing financial transactions Download PDF

Info

Publication number
WO1992016913A1
WO1992016913A1 PCT/GB1992/000512 GB9200512W WO9216913A1 WO 1992016913 A1 WO1992016913 A1 WO 1992016913A1 GB 9200512 W GB9200512 W GB 9200512W WO 9216913 A1 WO9216913 A1 WO 9216913A1
Authority
WO
WIPO (PCT)
Prior art keywords
card
data
magnetic stripe
coded marking
bar code
Prior art date
Application number
PCT/GB1992/000512
Other languages
French (fr)
Inventor
Alan J. Bell
Colin Henry Bloy
Original Assignee
The Security Systems Consortium Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by The Security Systems Consortium Limited filed Critical The Security Systems Consortium Limited
Publication of WO1992016913A1 publication Critical patent/WO1992016913A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/08Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code using markings of different kinds or more than one marking of the same kind in the same record carrier, e.g. one marking being sensed by optical and the other by magnetic means
    • G06K19/10Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code using markings of different kinds or more than one marking of the same kind in the same record carrier, e.g. one marking being sensed by optical and the other by magnetic means at least one kind of marking being used for authentication, e.g. of credit or identity cards
    • G06K19/14Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code using markings of different kinds or more than one marking of the same kind in the same record carrier, e.g. one marking being sensed by optical and the other by magnetic means at least one kind of marking being used for authentication, e.g. of credit or identity cards the marking being sensed by radiation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/347Passive cards
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1025Identification of user by a PIN code
    • G07F7/1058PIN is checked locally
    • G07F7/1066PIN data being compared to data on card

Definitions

  • This invention relates to securing financial transactions.
  • the PIN number approach provides a relatively high degree of security. Its use is however limited by the need to have the number checked and correlated with the data on the cash card at the time of the transaction. This is conventionally effected by connecting the automated teller machine on-line to a mainframe computer which, if a correct PIN number is provided by the user of the machine, authorises the transaction and enables the machine to dispense the cash.
  • the present invention sales to provide an improved system using an improved form of card and novel authentication equipment.
  • an authentication card having a magnetic strip with magnetically recorded data thereon, and additional coded marking which is invisible to the naked eye but machine readable.
  • This provides a first line of defence against card fraud if it is arranged that part of the data recorded magnetically and part of the invisibly recorded data are correlated in some way since then any magnetic tampering with the magnetically recorded data (which is often undertaken by professional thieves) will remove the correlation and enable a simple self-contained detector unit to show at the point of the transaction that the card has been tampered with.
  • the coded marking is invisible to the naked eye, it is not immediately apparent usually to the would-be card forger that the marking is there at all.
  • the marking is coded, for purposes which appear more fully below, the additional marking may also serve as a security feature merely by its presence.
  • the additional marking is effected using a material having certain physical characteristics and which is one not normally found in credit and charge cards, or one the synthesis of which is difficult to achieve, a forged card may be distinguished from a genuine merely by the presence of the material making up the coded marking.
  • the data on the magnetic strip and the data in the additional coded marking may be directly correlated to enable simple detection of tampering of the magnetic data.
  • a major advantage of the present invention is that such data as is coded in the magnetic strip and the coded marking may be correlated via a PIN number known to the holder of the card but apparent from neither the magnetic data nor the invisible data.
  • a card coded in this way it is possible to authenticate a transaction without the necessity of referring to a mainframe computer but with a very high degree of certainty by reading data from the card, both the magnetic data and the non-visible data, and correlating that data with a PIN number provided by the card holder at the time of the transaction.
  • the PIN number may be inserted into the detector unit by the card holder in a fashion which does not reveal the PIN number to the bystander, or for example the cashier, at the vending establishment.
  • a detector unit may be used to validate the transaction.
  • validation apparatus for use with a card of the type described above which comprises means for reading data recorded magnetically on a magnetic strip of the card, means for reading data from the additional coded marking thereon, personal identification number input means, a pre-programmed processing unit adapted to process data input from the magnetic strip coded marking and PIN number inputs and to display the results of such processing as a visual indication corroborating or denying the validity of a proposed transaction.
  • swipe readers for cards bearing a magnetically coded stripe are well known and find application in numerous areas of technology, for example in electronic tills and card operated telephone boxes. They usually include a channel along which the card is passed, either by hand or driven by appropriate machinery, so that the magnetic stripe on the card passes over a magnetic reading head.
  • the invisibly coded marking on the card can be read at the same time, this generally implying that the coded marking extends linearly in a direction parallel to that of the magnetic stripe.
  • a preferred marking is a bar code type marking which is easily applied during manufacture of the card. The bar code marking may be on the same side of the card as the magnetic stripe or on the opposite side and the swipe reader will need to be constructed accordingly.
  • the additional coded marking on the card is invisible to the naked eye.
  • the marking may be effected in a material which is itself effectively invisible (transparent or the same colour as the material of card) or it may be made in a material which when directly viewed is visible but which is rendered invisible by being covered with an opaque layer rendering it invisible to the human eye but where the opaque layer is not opaque to some appropriate form of sensing.
  • the code may be printed using a material giving a detectable infra-red absorption or reflectance but covered by a material transparent to infra-red radiation but opaque to the human eye. Putting the marking in the interior of the card also makes it much more difficult for a person who wishes to commit fraud by using a stolen card to change the data on the card.
  • a particularly preferred form of card in accordance with the present invention is a plastics card having, printed in the interior thereof, a marking readable at non-visible wavelengths, preferably at infra-red wavelengths, the marking being located between a plastics card base and a cover laminated to the base and transparent to the wavelength at which the bar code is readable.
  • a stylised credit card 1 which may be of standard shape and size.
  • a magnetic stripe 2 of standard construction.
  • bar code 3 and a patch 4 are also printed on the card.
  • Bar code 3 and patch 4 may be made of the same material or may be different. Although barcode 3 is shown on the drawing for clarity visibly, it may be printed in a material visually indistinguishable from the background. Barcode 3 and patch 4 may be printed on the card base and then covered with, for example, a visually opaque, infra-red transparent cover sheet.
  • the bar code 3 and patch 4 may be printed on the card or on a layer making up the card by any convenient means. Ink jet printing of bar codes is a convenient and inexpensive means of printing bar codes on successive cards which vary from card to card. This is important for reasons indicated below.
  • Cards of the type illustrated in the top left of the accompanying drawing, and including e.g. printing with graphic material indicative of the intended card issuer are produced by standard mass production processes. However for use, cards must carry data personal to the user. Standard machines are accordingly available in commerce for processing pre-manufactured cards to personalise them. A typical such machine is commercially available under the trade designation Datacard 4650 from Data Card Limited and its affiliates. Other card embossing and recording systems are available from other manufacturers.
  • box 10 having an input tray 11 for cards to be personalised and an output delivery 12 where cards which have been processed collect.
  • the card embossing and recording system 10 is connected via a suitable data transmission links 15 and 16 with a mainframe computer schematically indicated at 20 and under the control of the card issuer, for example a bank, finance company or the like.
  • the invisible bar code 3 is read by a suitable reader within unit 10. This is fed via data transmission line 15 to the mainframe computer 20 together with a request to provide data to be put on the card. Thus the mainframe computer may be requested to provide the embossing and recording system with the account number name and details of the intended card holder. This is then transmitted from the mainframe computer 20 to the embossing and recording system 10 via data link 16.
  • the mainframe computer which receives the data as to the bar code 3, carries out suitable mathematical processing on the number represented by the bar code and on other numbers associated with the particular account or person to whom the card will be issued.
  • the mathematical process or algorithm used may vary widely but is used to combine the invisible number from bar code 3 with data e.g. from the person's account number, and with a randomly generated PIN number which will be assigned to the cardholder.
  • one form of mathematical processing may be to take the number represented by the bar code 3, add the person's account number to it, multiply that sum by the randomly generated PIN number and discard all but the last three digits of the resulting large number. Those three digits can then be regarded as a checking number which is then fed back via data link 16 to the embossing and recording system 10.
  • the embossing and recording system may be arranged to record those three digits on to the magnetic stripe 2.
  • the top right hand corner of the drawing shows diagrammatically the card after processing. It still has unchanged bar code 3, patch 4 and magnetic stripe 2. However the cardholder's account number 30 has been embossed thereon and is shown and this number and the check digits are recorded on magnetic stripe 2.
  • the card may also be appropriately embossed or otherwise identified e.g. with the name of the cardholder and an expiry date.
  • the so processed card can then be transmitted to the cardholder in the usual way while the mainframe computer 20 (which of course knows the PIN number allotted to that customer) may generate a separate letter which the computer separately despatches to the cardholder advising him or her of the PIN number he or she has been assigned.
  • the mainframe computer 20 which of course knows the PIN number allotted to that customer
  • the card may include a conventional signature strip and may be validated by signature comparison or using some form of on-line validation as is well known. However, because of the presence of bar code 3 in the card and patch 4 further means of validation are now available.
  • the bottom of the attached drawing shows diagrammatically a self contained validator unit which may be located at any appropriate transaction processing station for example in a store, supermarket, restaurant or the like.
  • This unit has a slot 40 through which the card 1 may be swiped.
  • Located either side of slot 40 within the validator unit are appropriate sensors for reading magnetic data on magnetic stripe 2 and the coded data on bar code 3.
  • Patch 4 may be used in conjunction with the bar code to facilitate reading. For example if patch 4 is of known width, the amount of time patch 4 is under a detector head may give an indication of appropriate clocking speed for reading the bar code, thus compensating for different swipe speeds.
  • the card is first swiped through the slot 40 and the cardholder is then invited to input his or her PIN number via a conventional keypad 41.
  • Keypad 41 is surrounded by screens 42,43 in order to minimise the chance of the PIN number being detected by a casual observer.
  • This is arranged to receive data read from the card and data input form the keypad 41 and then to take the data read from the card (the account number from magnetic stripe 2 and the bar code 3) and combine it in the same way as the mainframe computer 20 did when the card was being personalised, to generate a large number and therefor the three check digits by the system explained above.
  • the circuit also contains comparison means to determine whether the three check digits so generated match the three check digits read from magnetic stripe 2. If they do, an indicator such as a bright light emitting diode 50 located on the side of the validator unit lights up green thus enabling the proposed transaction to be authorised while if they do not match, diode 50 lights red. - li ⁇
  • the validator unit shown at the bottom of the drawing may simply act as a transaction validator as indicated above or it may be more sophisticated. For example it may include large quantities of electronic memory enabling it to record details of each transaction for example the date the identity of the checkout store and perhaps of the checkout operator and perhaps other data enabling tracing to be carried out if it is subsequently decided that a use of particular card needs to be traced.
  • the circuitry within the unit may also for example incorporate programming enabling detection of operation at unusual hours or to enable an unusual pattern of operation to be detected, for example if repeated attempts are made to validate the same card using a succession of different PIN numbers as would occur if a member of a supermarket staff who had picked up a lost card but not declared that tried to find the PIN number related to that card by repeated trial and error.
  • the validator unit may of course have means enabling it to be programmed or reprogrammed or enabling material stored by it to be downloaded for subsequent investigative processing.
  • the unit must of course be rendered reasonably secure against tampering by any appropriate means including for example means erasing its programming if the casing is opened by an unauthorised person.

Abstract

A system for securing financial transactions involving credit and charge cards is described. As well as the normal magnetic stripe (2), the card includes non visible coded information, for example an infra-red readable (but not human eye visible) bar code (3). When the card is personalised, data recorded on to magnetic stripe (2) may be combined with the bar code (3) and a randomly generated PIN number to produce check digits following a given algorithm. Those check digits can be recorded in the magnetic stripe (2). A stand alone validator i.e. not connected to a mainframe computer, can read both data from magnetic stripe (2) and the coded data such as bar code (3) and process the data and the PIN number input via a keypad (41) according to the algorithm to produce the check digits if they match, an indication validating the proposed transaction can be given, for example a green LED (50) lights up.

Description

SECURING FIHAMCIAL TRANSACTIONS
This invention relates to securing financial transactions.
In recent years there has been a substantial move to cashless financial transaction using, as an essential element of the transaction, a plastics card. A variety of such cards, directed to use in differing types of financial transaction, has emerged. Mention may be made of credit cards, charge cards, cheque guarantee cards and cash cards.
Two main methods have emerged for the authentication of the card at the time of transaction. In the case of credit cards, charge cards and cheque guarantee cards, this is the signature of the user, which is applied to both the card (when the user initially receives it) and at the time of the transaction, either a credit or charge card voucher produced by the provider of goods or services at the time of the transaction, or a cheque form produced by the card holder in the case of a cheque guarantee card. The other method is use of a personal identification number (PIN number) known theoretically only to the card holder and for use in cash card transactions. The requirement for a personal identification number arises from the majority of cash card transactions being effected via so called automated teller machines, which produce cash for the user without the cash dispenser being present in person in the form of a human cashier or teller.
When properly used, the PIN number approach provides a relatively high degree of security. Its use is however limited by the need to have the number checked and correlated with the data on the cash card at the time of the transaction. This is conventionally effected by connecting the automated teller machine on-line to a mainframe computer which, if a correct PIN number is provided by the user of the machine, authorises the transaction and enables the machine to dispense the cash.
While such a system is effective, it requires a very substantial investment in mainframe computer back-up and, for obvious reasons, tends to "fail safe" i.e. if the correct PIN number is not introduced, or if there is some other problem such as the misreading of magnetic data on the cash card, the transaction is simply blocked. While this is inconvenient to the user at the time, it generally inconveniences no-one else. Hold-ups, however, at other financial transaction processing stations, for example supermarket check-outs, which might be occasioned by a failed transaction of this nature, are unacceptable.
In situations such as supermarket check-outs, however, there is currently neither the equipment available to deal with on-line authentication nor would problems of delay be acceptable. Instead, authentication is effected by signature. Despite the presumed uniqueness of signatures, they do not in fact work very well as a security measure. The standard problem with cheque guarantee cards is that, despite instructions to the contrary, users tend to keep them conveniently with their cheque books, and if both are stolen together the thief may well be able to learn a passable imitation of the signature on the card and then go out and make a substantial number of transactions over a short period of time before any alarm can be raised. This is clearly unsatisfactory.
The present invention sales to provide an improved system using an improved form of card and novel authentication equipment.
According to a first general feature of the present invention there is provided on an authentication card having a magnetic strip with magnetically recorded data thereon, and additional coded marking which is invisible to the naked eye but machine readable. This provides a first line of defence against card fraud if it is arranged that part of the data recorded magnetically and part of the invisibly recorded data are correlated in some way since then any magnetic tampering with the magnetically recorded data (which is often undertaken by professional thieves) will remove the correlation and enable a simple self-contained detector unit to show at the point of the transaction that the card has been tampered with.
Additionally, since the coded marking is invisible to the naked eye, it is not immediately apparent usually to the would-be card forger that the marking is there at all. Although the marking is coded, for purposes which appear more fully below, the additional marking may also serve as a security feature merely by its presence. Thus if the additional marking is effected using a material having certain physical characteristics and which is one not normally found in credit and charge cards, or one the synthesis of which is difficult to achieve, a forged card may be distinguished from a genuine merely by the presence of the material making up the coded marking.
As noted above, the data on the magnetic strip and the data in the additional coded marking may be directly correlated to enable simple detection of tampering of the magnetic data. However, a major advantage of the present invention is that such data as is coded in the magnetic strip and the coded marking may be correlated via a PIN number known to the holder of the card but apparent from neither the magnetic data nor the invisible data.
Using a card coded in this way, it is possible to authenticate a transaction without the necessity of referring to a mainframe computer but with a very high degree of certainty by reading data from the card, both the magnetic data and the non-visible data, and correlating that data with a PIN number provided by the card holder at the time of the transaction. The PIN number may be inserted into the detector unit by the card holder in a fashion which does not reveal the PIN number to the bystander, or for example the cashier, at the vending establishment.
A detector unit may be used to validate the transaction. Thus according to a further feature of the present invention there is provided validation apparatus for use with a card of the type described above which comprises means for reading data recorded magnetically on a magnetic strip of the card, means for reading data from the additional coded marking thereon, personal identification number input means, a pre-programmed processing unit adapted to process data input from the magnetic strip coded marking and PIN number inputs and to display the results of such processing as a visual indication corroborating or denying the validity of a proposed transaction.
Such validator apparatus may be embodied in a relatively small, relatively inexpensive unit. So called swipe readers for cards bearing a magnetically coded stripe are well known and find application in numerous areas of technology, for example in electronic tills and card operated telephone boxes. They usually include a channel along which the card is passed, either by hand or driven by appropriate machinery, so that the magnetic stripe on the card passes over a magnetic reading head.
Conveniently the invisibly coded marking on the card can be read at the same time, this generally implying that the coded marking extends linearly in a direction parallel to that of the magnetic stripe. A preferred marking is a bar code type marking which is easily applied during manufacture of the card. The bar code marking may be on the same side of the card as the magnetic stripe or on the opposite side and the swipe reader will need to be constructed accordingly.
As noted above, the additional coded marking on the card is invisible to the naked eye. This can be effected by a variety of means, preferred systems being to incorporate the marking in the interior of the card. The marking may be effected in a material which is itself effectively invisible (transparent or the same colour as the material of card) or it may be made in a material which when directly viewed is visible but which is rendered invisible by being covered with an opaque layer rendering it invisible to the human eye but where the opaque layer is not opaque to some appropriate form of sensing. For example the code may be printed using a material giving a detectable infra-red absorption or reflectance but covered by a material transparent to infra-red radiation but opaque to the human eye. Putting the marking in the interior of the card also makes it much more difficult for a person who wishes to commit fraud by using a stolen card to change the data on the card.
Thus a particularly preferred form of card in accordance with the present invention is a plastics card having, printed in the interior thereof, a marking readable at non-visible wavelengths, preferably at infra-red wavelengths, the marking being located between a plastics card base and a cover laminated to the base and transparent to the wavelength at which the bar code is readable.
The invention as illustrated by way of example in the accompanying drawing which shows diagrammatically card manufacture and transaction validation using the card.
Referring to the drawing this shows at the top left a stylised credit card 1 which may be of standard shape and size. On one side of the card is a magnetic stripe 2 of standard construction. Also printed on the card is a bar code 3 and a patch 4. Bar code 3 and patch 4 may be made of the same material or may be different. Although barcode 3 is shown on the drawing for clarity visibly, it may be printed in a material visually indistinguishable from the background. Barcode 3 and patch 4 may be printed on the card base and then covered with, for example, a visually opaque, infra-red transparent cover sheet.
The bar code 3 and patch 4 may be printed on the card or on a layer making up the card by any convenient means. Ink jet printing of bar codes is a convenient and inexpensive means of printing bar codes on successive cards which vary from card to card. This is important for reasons indicated below.
Cards of the type illustrated in the top left of the accompanying drawing, and including e.g. printing with graphic material indicative of the intended card issuer are produced by standard mass production processes. However for use, cards must carry data personal to the user. Standard machines are accordingly available in commerce for processing pre-manufactured cards to personalise them. A typical such machine is commercially available under the trade designation Datacard 4650 from Data Card Limited and its affiliates. Other card embossing and recording systems are available from other manufacturers.
In the drawing, such a machine is represented diagrammatically by box 10 having an input tray 11 for cards to be personalised and an output delivery 12 where cards which have been processed collect.
The card embossing and recording system 10 is connected via a suitable data transmission links 15 and 16 with a mainframe computer schematically indicated at 20 and under the control of the card issuer, for example a bank, finance company or the like.
Card personalisation is now effected by the embossing and recording system 10 as follows:
The invisible bar code 3 is read by a suitable reader within unit 10. This is fed via data transmission line 15 to the mainframe computer 20 together with a request to provide data to be put on the card. Thus the mainframe computer may be requested to provide the embossing and recording system with the account number name and details of the intended card holder. This is then transmitted from the mainframe computer 20 to the embossing and recording system 10 via data link 16.
In accordance with the invention, the mainframe computer which receives the data as to the bar code 3, carries out suitable mathematical processing on the number represented by the bar code and on other numbers associated with the particular account or person to whom the card will be issued. The mathematical process or algorithm used may vary widely but is used to combine the invisible number from bar code 3 with data e.g. from the person's account number, and with a randomly generated PIN number which will be assigned to the cardholder. For example one form of mathematical processing may be to take the number represented by the bar code 3, add the person's account number to it, multiply that sum by the randomly generated PIN number and discard all but the last three digits of the resulting large number. Those three digits can then be regarded as a checking number which is then fed back via data link 16 to the embossing and recording system 10. The embossing and recording system may be arranged to record those three digits on to the magnetic stripe 2.
The top right hand corner of the drawing shows diagrammatically the card after processing. It still has unchanged bar code 3, patch 4 and magnetic stripe 2. However the cardholder's account number 30 has been embossed thereon and is shown and this number and the check digits are recorded on magnetic stripe 2. The card may also be appropriately embossed or otherwise identified e.g. with the name of the cardholder and an expiry date.
The so processed card can then be transmitted to the cardholder in the usual way while the mainframe computer 20 (which of course knows the PIN number allotted to that customer) may generate a separate letter which the computer separately despatches to the cardholder advising him or her of the PIN number he or she has been assigned.
Once the cardholder is in possession of the card, it can be used in the normal way. Although this is not indicated for the sake of clarity and drawing, the card may include a conventional signature strip and may be validated by signature comparison or using some form of on-line validation as is well known. However, because of the presence of bar code 3 in the card and patch 4 further means of validation are now available.
The bottom of the attached drawing shows diagrammatically a self contained validator unit which may be located at any appropriate transaction processing station for example in a store, supermarket, restaurant or the like. This unit has a slot 40 through which the card 1 may be swiped. Located either side of slot 40 within the validator unit are appropriate sensors for reading magnetic data on magnetic stripe 2 and the coded data on bar code 3. Patch 4 may be used in conjunction with the bar code to facilitate reading. For example if patch 4 is of known width, the amount of time patch 4 is under a detector head may give an indication of appropriate clocking speed for reading the bar code, thus compensating for different swipe speeds.
In practice, the card is first swiped through the slot 40 and the cardholder is then invited to input his or her PIN number via a conventional keypad 41. Keypad 41 is surrounded by screens 42,43 in order to minimise the chance of the PIN number being detected by a casual observer. There is no display of what PIN number has been entered but within the cabinet of the validator unit which includes slot 40 is an appropriately programmed integrated circuit. This is arranged to receive data read from the card and data input form the keypad 41 and then to take the data read from the card (the account number from magnetic stripe 2 and the bar code 3) and combine it in the same way as the mainframe computer 20 did when the card was being personalised, to generate a large number and therefor the three check digits by the system explained above. The circuit also contains comparison means to determine whether the three check digits so generated match the three check digits read from magnetic stripe 2. If they do, an indicator such as a bright light emitting diode 50 located on the side of the validator unit lights up green thus enabling the proposed transaction to be authorised while if they do not match, diode 50 lights red. - li ¬
lt can be seen from the above that validation is essentially carried out by the checking process indicated and using the appropriate algorithm. There is no need to refer to a mainframe computer.
The validator unit shown at the bottom of the drawing may simply act as a transaction validator as indicated above or it may be more sophisticated. For example it may include large quantities of electronic memory enabling it to record details of each transaction for example the date the identity of the checkout store and perhaps of the checkout operator and perhaps other data enabling tracing to be carried out if it is subsequently decided that a use of particular card needs to be traced. The circuitry within the unit may also for example incorporate programming enabling detection of operation at unusual hours or to enable an unusual pattern of operation to be detected, for example if repeated attempts are made to validate the same card using a succession of different PIN numbers as would occur if a member of a supermarket staff who had picked up a lost card but not declared that tried to find the PIN number related to that card by repeated trial and error.
The validator unit may of course have means enabling it to be programmed or reprogrammed or enabling material stored by it to be downloaded for subsequent investigative processing. The unit must of course be rendered reasonably secure against tampering by any appropriate means including for example means erasing its programming if the casing is opened by an unauthorised person.

Claims

1. An authentication card for securing financial transactions consisting of a card base, a magnetic strip having magnetically recorded data thereon and characterised by an additional coded marking invisible to the naked eye but machine-readable.
2. An authentication card according to Claim 1, wherein the additional coded marking is in the form of a bar code.
3. An authentication card according to Claim 1 or 2, wherein the additional coded marking is readable using infra-red radiation.
4. An authentication card according to any one of Claims 1 to 3, wherein the magnetic strip contains as part of the magnetically recorded data a plurality of check digits obtained by applying an algorithm to other data recorded on the magnetic strip and the additional coded marking.
5. Validation apparatus for use with an authentication card and in accordance with any one of the preceding claims and including means for reading data recorded magnetically on the magnetic strip on the card and means for inputting a personal identification number, and characterised by means for reading the data from the additional coded marking on the card and by a pre-programmed processing unit adapted to process data input from the magnetic stripe coded marking, the PIN number input and the additional coded marking and adapted to compare the results of such processed data with data also recorded magnetically on the magnetic strip and display the results of such comparison.
6. Validation apparatus according Claim 5 and including a channel along which the card may be moved, a magnetic reading head adapted to read data from the magnetic stripe thereon and characterised by means for reading the additional coded marking thereon.
PCT/GB1992/000512 1991-03-20 1992-03-20 Securing financial transactions WO1992016913A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB9105851.1 1991-03-20
GB919105851A GB9105851D0 (en) 1991-03-20 1991-03-20 Securing financial transactions

Publications (1)

Publication Number Publication Date
WO1992016913A1 true WO1992016913A1 (en) 1992-10-01

Family

ID=10691857

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB1992/000512 WO1992016913A1 (en) 1991-03-20 1992-03-20 Securing financial transactions

Country Status (3)

Country Link
AU (1) AU1451592A (en)
GB (1) GB9105851D0 (en)
WO (1) WO1992016913A1 (en)

Cited By (35)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0609937A2 (en) * 1993-01-26 1994-08-10 Be'eri Printers Monetary instruments
WO1994019770A1 (en) * 1993-02-19 1994-09-01 Her Majesty In Right Of Canada, As Represented By The Minister Of Communications Secure personal identification instrument and method for creating same
WO1994027259A1 (en) * 1993-05-14 1994-11-24 Abathorn Limited Security system
EP0683471A1 (en) * 1992-02-07 1995-11-22 American Bank Note Holographics, Inc. Enhancement of document security
WO1999019823A2 (en) * 1997-10-10 1999-04-22 Interval Research Corporation Methods and systems for providing human/computer interfaces
US5984366A (en) * 1994-07-26 1999-11-16 International Data Matrix, Inc. Unalterable self-verifying articles
US6256638B1 (en) 1998-04-14 2001-07-03 Interval Research Corporation Printable interfaces and digital linkmarks
US6262711B1 (en) 1995-08-03 2001-07-17 Interval Research Corporation Computerized interactor systems and method for providing same
GB2366645A (en) * 2000-09-09 2002-03-13 Ibm Human readable barcode label
US6439459B1 (en) 1997-10-07 2002-08-27 Interval Research Corporation Methods and systems for providing human/computer interfaces
US6467691B1 (en) * 1996-11-23 2002-10-22 Thorn Secure Science Limited Record carrier and method of labelling an article of value
WO2002097707A2 (en) * 2001-05-31 2002-12-05 Giesecke & Devrient Gmbh Hand-held test apparatus
WO2003060794A1 (en) * 2002-01-04 2003-07-24 Mastercard International Incorporated Method and system for conducting transactions using a payment card with account information encoded in bar code
US6857566B2 (en) 2001-12-06 2005-02-22 Mastercard International Method and system for conducting transactions using a payment card with two technologies
EP1529653A1 (en) * 2003-11-07 2005-05-11 Sicpa Holding S.A. Security document, method for producing a security document and the use of a security document
US6940486B2 (en) 1995-08-03 2005-09-06 Vulcan Patents Llc Computerized interactor systems and methods for providing same
EP1571606A1 (en) * 2002-12-02 2005-09-07 Kabushiki Kaisha Nippon Conlux Cardless sales method and system
WO2006002670A1 (en) 2004-07-01 2006-01-12 Daniel Bossert Leaf-type sheet and method for producing secure data on said sheet and for verifying the latter
WO2007006084A1 (en) * 2005-07-08 2007-01-18 Smarq Pty Ltd Card processing apparatus and method
US7379919B2 (en) 2000-04-11 2008-05-27 Mastercard International Incorporated Method and system for conducting secure payments over a computer network
US7422157B2 (en) 2004-07-15 2008-09-09 Mastercard International Incorporated Payment card signal characterization methods and circuits
US7559466B2 (en) * 2003-10-02 2009-07-14 Neopost Technologies Item authentication
US7669772B2 (en) 2004-07-15 2010-03-02 Mastercard International Incorporated Method and system using a bitmap for passing contactless payment card transaction variables in standardized data formats
US7708198B2 (en) 1998-05-29 2010-05-04 E-Micro Corporation Wallet consolidator to facilitate a transaction
USRE43157E1 (en) 2002-09-12 2012-02-07 Xatra Fund Mx, Llc System and method for reassociating an account number to another transaction account
US8439271B2 (en) 2004-07-15 2013-05-14 Mastercard International Incorporated Method and system using a bitmap for passing contactless payment card transaction variables in standardized data formats
US8690055B2 (en) 2000-05-15 2014-04-08 Privasys, Inc. Electronic card
US8872619B2 (en) 2001-07-10 2014-10-28 Xatra Fund Mx, Llc Securing a transaction between a transponder and a reader
USRE45416E1 (en) 2001-07-10 2015-03-17 Xatra Fund Mx, Llc Processing an RF transaction using a routing number
US9024719B1 (en) 2001-07-10 2015-05-05 Xatra Fund Mx, Llc RF transaction system and method for storing user personal data
US9031880B2 (en) 2001-07-10 2015-05-12 Iii Holdings 1, Llc Systems and methods for non-traditional payment using biometric data
US9336634B2 (en) 2001-07-10 2016-05-10 Chartoleaux Kg Limited Liability Company Hand geometry biometrics on a payment device
US9454752B2 (en) 2001-07-10 2016-09-27 Chartoleaux Kg Limited Liability Company Reload protocol at a transaction processing entity
US9672515B2 (en) 2000-03-15 2017-06-06 Mastercard International Incorporated Method and system for secure payments over a computer network
US10839388B2 (en) 2001-07-10 2020-11-17 Liberty Peak Ventures, Llc Funding a radio frequency device transaction

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4114033A (en) * 1976-02-18 1978-09-12 Nippondenso Co., Ltd. Bar code information card
DE2901521A1 (en) * 1978-01-19 1979-07-26 Datasaab Ab PERSONAL IDENTIFICATION SYSTEM
DE3013211C2 (en) * 1980-04-03 1989-08-24 Gao Gesellschaft Fuer Automation Und Organisation Mbh, 8000 Muenchen, De

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4114033A (en) * 1976-02-18 1978-09-12 Nippondenso Co., Ltd. Bar code information card
DE2901521A1 (en) * 1978-01-19 1979-07-26 Datasaab Ab PERSONAL IDENTIFICATION SYSTEM
DE3013211C2 (en) * 1980-04-03 1989-08-24 Gao Gesellschaft Fuer Automation Und Organisation Mbh, 8000 Muenchen, De

Cited By (57)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0683471A1 (en) * 1992-02-07 1995-11-22 American Bank Note Holographics, Inc. Enhancement of document security
EP0609937A2 (en) * 1993-01-26 1994-08-10 Be'eri Printers Monetary instruments
EP0609937A3 (en) * 1993-01-26 1996-01-10 Be Eri Printers Monetary instruments.
WO1994019770A1 (en) * 1993-02-19 1994-09-01 Her Majesty In Right Of Canada, As Represented By The Minister Of Communications Secure personal identification instrument and method for creating same
GB2289965A (en) * 1993-02-19 1995-12-06 Ca Minister Communications Secure personal indentification instument and method for creating same
WO1994027259A1 (en) * 1993-05-14 1994-11-24 Abathorn Limited Security system
US5984366A (en) * 1994-07-26 1999-11-16 International Data Matrix, Inc. Unalterable self-verifying articles
US6940486B2 (en) 1995-08-03 2005-09-06 Vulcan Patents Llc Computerized interactor systems and methods for providing same
US6262711B1 (en) 1995-08-03 2001-07-17 Interval Research Corporation Computerized interactor systems and method for providing same
US6467691B1 (en) * 1996-11-23 2002-10-22 Thorn Secure Science Limited Record carrier and method of labelling an article of value
US6989816B1 (en) 1997-10-07 2006-01-24 Vulcan Patents Llc Methods and systems for providing human/computer interfaces
US6540141B1 (en) 1997-10-07 2003-04-01 Interval Research Corporation Methods and systems for providing human/computer interfaces
US6518950B1 (en) 1997-10-07 2003-02-11 Interval Research Corporation Methods and systems for providing human/computer interfaces
US6439459B1 (en) 1997-10-07 2002-08-27 Interval Research Corporation Methods and systems for providing human/computer interfaces
WO1999019823A3 (en) * 1997-10-10 1999-08-19 Interval Research Corp Methods and systems for providing human/computer interfaces
US6164541A (en) * 1997-10-10 2000-12-26 Interval Research Group Methods and systems for providing human/computer interfaces
WO1999019823A2 (en) * 1997-10-10 1999-04-22 Interval Research Corporation Methods and systems for providing human/computer interfaces
US6256638B1 (en) 1998-04-14 2001-07-03 Interval Research Corporation Printable interfaces and digital linkmarks
US8225995B1 (en) 1998-05-29 2012-07-24 Frank Joseph Gangi Retail point-of-transaction system, program products, and related methods to provide a customized set of identification data to facilitate a transaction using electronic coupons
US7828208B2 (en) 1998-05-29 2010-11-09 E-Micro Corporation Retail point-of-transaction system, program products, and related methods to provide a customized set of identification data to facilitate a transaction using electronic coupons
US7708198B2 (en) 1998-05-29 2010-05-04 E-Micro Corporation Wallet consolidator to facilitate a transaction
US7712658B2 (en) 1998-05-29 2010-05-11 E-Micro Corporation Wallet consolidator and related methods of processing a transaction using a wallet consolidator
US9672515B2 (en) 2000-03-15 2017-06-06 Mastercard International Incorporated Method and system for secure payments over a computer network
US7379919B2 (en) 2000-04-11 2008-05-27 Mastercard International Incorporated Method and system for conducting secure payments over a computer network
US8690055B2 (en) 2000-05-15 2014-04-08 Privasys, Inc. Electronic card
GB2366645A (en) * 2000-09-09 2002-03-13 Ibm Human readable barcode label
WO2002097707A3 (en) * 2001-05-31 2003-11-13 Giesecke & Devrient Gmbh Hand-held test apparatus
WO2002097707A2 (en) * 2001-05-31 2002-12-05 Giesecke & Devrient Gmbh Hand-held test apparatus
US9024719B1 (en) 2001-07-10 2015-05-05 Xatra Fund Mx, Llc RF transaction system and method for storing user personal data
US9031880B2 (en) 2001-07-10 2015-05-12 Iii Holdings 1, Llc Systems and methods for non-traditional payment using biometric data
US9336634B2 (en) 2001-07-10 2016-05-10 Chartoleaux Kg Limited Liability Company Hand geometry biometrics on a payment device
US9454752B2 (en) 2001-07-10 2016-09-27 Chartoleaux Kg Limited Liability Company Reload protocol at a transaction processing entity
USRE45416E1 (en) 2001-07-10 2015-03-17 Xatra Fund Mx, Llc Processing an RF transaction using a routing number
US8872619B2 (en) 2001-07-10 2014-10-28 Xatra Fund Mx, Llc Securing a transaction between a transponder and a reader
US9886692B2 (en) 2001-07-10 2018-02-06 Chartoleaux Kg Limited Liability Company Securing a transaction between a transponder and a reader
US10839388B2 (en) 2001-07-10 2020-11-17 Liberty Peak Ventures, Llc Funding a radio frequency device transaction
US7287695B2 (en) 2001-12-06 2007-10-30 Mastercard International Incorporated Method and system for conducting transactions using a payment card with two technologies
US6857566B2 (en) 2001-12-06 2005-02-22 Mastercard International Method and system for conducting transactions using a payment card with two technologies
WO2003060794A1 (en) * 2002-01-04 2003-07-24 Mastercard International Incorporated Method and system for conducting transactions using a payment card with account information encoded in bar code
USRE43157E1 (en) 2002-09-12 2012-02-07 Xatra Fund Mx, Llc System and method for reassociating an account number to another transaction account
EP1571606A4 (en) * 2002-12-02 2006-06-14 Nippon Conlux Co Ltd Cardless sales method and system
EP1571606A1 (en) * 2002-12-02 2005-09-07 Kabushiki Kaisha Nippon Conlux Cardless sales method and system
US7559466B2 (en) * 2003-10-02 2009-07-14 Neopost Technologies Item authentication
EA008228B1 (en) * 2003-11-07 2007-04-27 Сикпа Холдинг С.А. Security document, method for producing a security document and the use of a security element
EP1529653A1 (en) * 2003-11-07 2005-05-11 Sicpa Holding S.A. Security document, method for producing a security document and the use of a security document
WO2005044583A2 (en) * 2003-11-07 2005-05-19 Sicpa Holding S.A. Security document, method for producing a security document and the use of a security element
WO2005044583A3 (en) * 2003-11-07 2005-11-10 Sicpa Holding Sa Security document, method for producing a security document and the use of a security element
WO2006002670A1 (en) 2004-07-01 2006-01-12 Daniel Bossert Leaf-type sheet and method for producing secure data on said sheet and for verifying the latter
US7520435B2 (en) 2004-07-15 2009-04-21 Mastercard International Incorporated Contactless payment card reader with a frusto-conical operating volume
US7422157B2 (en) 2004-07-15 2008-09-09 Mastercard International Incorporated Payment card signal characterization methods and circuits
US7424977B2 (en) 2004-07-15 2008-09-16 Mastercard International Incorporated Method and system for conducting contactless payment card transactions
US7431217B2 (en) 2004-07-15 2008-10-07 Mastercard International Incorporated Reference equipment for testing contactless payment devices
US8439271B2 (en) 2004-07-15 2013-05-14 Mastercard International Incorporated Method and system using a bitmap for passing contactless payment card transaction variables in standardized data formats
US7717346B2 (en) 2004-07-15 2010-05-18 Mastercard International Incorporated Collision detection and avoidance scheme for contactless card payment systems
US7669772B2 (en) 2004-07-15 2010-03-02 Mastercard International Incorporated Method and system using a bitmap for passing contactless payment card transaction variables in standardized data formats
US7775445B2 (en) 2004-07-15 2010-08-17 Mastercard International Incorporated Reference equipment for testing contactless payment devices
WO2007006084A1 (en) * 2005-07-08 2007-01-18 Smarq Pty Ltd Card processing apparatus and method

Also Published As

Publication number Publication date
GB9105851D0 (en) 1991-05-08
AU1451592A (en) 1992-10-21

Similar Documents

Publication Publication Date Title
WO1992016913A1 (en) Securing financial transactions
US6003763A (en) Method and apparatus for recording magnetic information on traveler's checks
US5416306A (en) Method for comparing and verifying security codes at point of sale
JP5612332B2 (en) Fraud prevention security card storing biometric information and method of using the same
EP0783742B1 (en) Credit document connected to a document or customised card, independent customised credit card and associated issuance and validation equipment
US5336871A (en) Holographic enhancement of card security
US8959029B2 (en) System, apparatus, and methods for currency processing control and redemption
US4385285A (en) Check dispensing terminal
US3862716A (en) Automatic cash dispenser and system and method therefor
US6135355A (en) Method and apparatus for impeding the counterfeiting of cards, instruments and documents
EP0683471A1 (en) Enhancement of document security
JPH02297297A (en) Method for preventing malfeasant use of card type information medium
EP0152703A2 (en) Fraudulent card intercept system
US6560017B1 (en) Compound secure optical identification method and means
US7404516B2 (en) Tamper resistant presentation instruments and methods
GB2255934A (en) Integrated circuit card with display.
US20030098995A1 (en) Media dispensing
US7617986B2 (en) Laminate security feature
JPH09198474A (en) Graphic code card
JP3624714B2 (en) Underage identification device for vending machines
GB2290053A (en) Fingerprint validation of security card user.
JPH06115287A (en) Card, card reader and identifying method for card forgery
JP2553770B2 (en) Card and card processing device
GB2212641A (en) Security apparatus
CA2121830C (en) Holographic enhancement of card security

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AU CA JP US

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH DE DK ES FR GB GR IT LU MC NL SE

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
NENP Non-entry into the national phase

Ref country code: CA

122 Ep: pct application non-entry in european phase