WO1992016913A1 - Securing financial transactions - Google Patents
Securing financial transactions Download PDFInfo
- Publication number
- WO1992016913A1 WO1992016913A1 PCT/GB1992/000512 GB9200512W WO9216913A1 WO 1992016913 A1 WO1992016913 A1 WO 1992016913A1 GB 9200512 W GB9200512 W GB 9200512W WO 9216913 A1 WO9216913 A1 WO 9216913A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- card
- data
- magnetic stripe
- coded marking
- bar code
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/08—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code using markings of different kinds or more than one marking of the same kind in the same record carrier, e.g. one marking being sensed by optical and the other by magnetic means
- G06K19/10—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code using markings of different kinds or more than one marking of the same kind in the same record carrier, e.g. one marking being sensed by optical and the other by magnetic means at least one kind of marking being used for authentication, e.g. of credit or identity cards
- G06K19/14—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code using markings of different kinds or more than one marking of the same kind in the same record carrier, e.g. one marking being sensed by optical and the other by magnetic means at least one kind of marking being used for authentication, e.g. of credit or identity cards the marking being sensed by radiation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/347—Passive cards
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1025—Identification of user by a PIN code
- G07F7/1058—PIN is checked locally
- G07F7/1066—PIN data being compared to data on card
Definitions
- This invention relates to securing financial transactions.
- the PIN number approach provides a relatively high degree of security. Its use is however limited by the need to have the number checked and correlated with the data on the cash card at the time of the transaction. This is conventionally effected by connecting the automated teller machine on-line to a mainframe computer which, if a correct PIN number is provided by the user of the machine, authorises the transaction and enables the machine to dispense the cash.
- the present invention sales to provide an improved system using an improved form of card and novel authentication equipment.
- an authentication card having a magnetic strip with magnetically recorded data thereon, and additional coded marking which is invisible to the naked eye but machine readable.
- This provides a first line of defence against card fraud if it is arranged that part of the data recorded magnetically and part of the invisibly recorded data are correlated in some way since then any magnetic tampering with the magnetically recorded data (which is often undertaken by professional thieves) will remove the correlation and enable a simple self-contained detector unit to show at the point of the transaction that the card has been tampered with.
- the coded marking is invisible to the naked eye, it is not immediately apparent usually to the would-be card forger that the marking is there at all.
- the marking is coded, for purposes which appear more fully below, the additional marking may also serve as a security feature merely by its presence.
- the additional marking is effected using a material having certain physical characteristics and which is one not normally found in credit and charge cards, or one the synthesis of which is difficult to achieve, a forged card may be distinguished from a genuine merely by the presence of the material making up the coded marking.
- the data on the magnetic strip and the data in the additional coded marking may be directly correlated to enable simple detection of tampering of the magnetic data.
- a major advantage of the present invention is that such data as is coded in the magnetic strip and the coded marking may be correlated via a PIN number known to the holder of the card but apparent from neither the magnetic data nor the invisible data.
- a card coded in this way it is possible to authenticate a transaction without the necessity of referring to a mainframe computer but with a very high degree of certainty by reading data from the card, both the magnetic data and the non-visible data, and correlating that data with a PIN number provided by the card holder at the time of the transaction.
- the PIN number may be inserted into the detector unit by the card holder in a fashion which does not reveal the PIN number to the bystander, or for example the cashier, at the vending establishment.
- a detector unit may be used to validate the transaction.
- validation apparatus for use with a card of the type described above which comprises means for reading data recorded magnetically on a magnetic strip of the card, means for reading data from the additional coded marking thereon, personal identification number input means, a pre-programmed processing unit adapted to process data input from the magnetic strip coded marking and PIN number inputs and to display the results of such processing as a visual indication corroborating or denying the validity of a proposed transaction.
- swipe readers for cards bearing a magnetically coded stripe are well known and find application in numerous areas of technology, for example in electronic tills and card operated telephone boxes. They usually include a channel along which the card is passed, either by hand or driven by appropriate machinery, so that the magnetic stripe on the card passes over a magnetic reading head.
- the invisibly coded marking on the card can be read at the same time, this generally implying that the coded marking extends linearly in a direction parallel to that of the magnetic stripe.
- a preferred marking is a bar code type marking which is easily applied during manufacture of the card. The bar code marking may be on the same side of the card as the magnetic stripe or on the opposite side and the swipe reader will need to be constructed accordingly.
- the additional coded marking on the card is invisible to the naked eye.
- the marking may be effected in a material which is itself effectively invisible (transparent or the same colour as the material of card) or it may be made in a material which when directly viewed is visible but which is rendered invisible by being covered with an opaque layer rendering it invisible to the human eye but where the opaque layer is not opaque to some appropriate form of sensing.
- the code may be printed using a material giving a detectable infra-red absorption or reflectance but covered by a material transparent to infra-red radiation but opaque to the human eye. Putting the marking in the interior of the card also makes it much more difficult for a person who wishes to commit fraud by using a stolen card to change the data on the card.
- a particularly preferred form of card in accordance with the present invention is a plastics card having, printed in the interior thereof, a marking readable at non-visible wavelengths, preferably at infra-red wavelengths, the marking being located between a plastics card base and a cover laminated to the base and transparent to the wavelength at which the bar code is readable.
- a stylised credit card 1 which may be of standard shape and size.
- a magnetic stripe 2 of standard construction.
- bar code 3 and a patch 4 are also printed on the card.
- Bar code 3 and patch 4 may be made of the same material or may be different. Although barcode 3 is shown on the drawing for clarity visibly, it may be printed in a material visually indistinguishable from the background. Barcode 3 and patch 4 may be printed on the card base and then covered with, for example, a visually opaque, infra-red transparent cover sheet.
- the bar code 3 and patch 4 may be printed on the card or on a layer making up the card by any convenient means. Ink jet printing of bar codes is a convenient and inexpensive means of printing bar codes on successive cards which vary from card to card. This is important for reasons indicated below.
- Cards of the type illustrated in the top left of the accompanying drawing, and including e.g. printing with graphic material indicative of the intended card issuer are produced by standard mass production processes. However for use, cards must carry data personal to the user. Standard machines are accordingly available in commerce for processing pre-manufactured cards to personalise them. A typical such machine is commercially available under the trade designation Datacard 4650 from Data Card Limited and its affiliates. Other card embossing and recording systems are available from other manufacturers.
- box 10 having an input tray 11 for cards to be personalised and an output delivery 12 where cards which have been processed collect.
- the card embossing and recording system 10 is connected via a suitable data transmission links 15 and 16 with a mainframe computer schematically indicated at 20 and under the control of the card issuer, for example a bank, finance company or the like.
- the invisible bar code 3 is read by a suitable reader within unit 10. This is fed via data transmission line 15 to the mainframe computer 20 together with a request to provide data to be put on the card. Thus the mainframe computer may be requested to provide the embossing and recording system with the account number name and details of the intended card holder. This is then transmitted from the mainframe computer 20 to the embossing and recording system 10 via data link 16.
- the mainframe computer which receives the data as to the bar code 3, carries out suitable mathematical processing on the number represented by the bar code and on other numbers associated with the particular account or person to whom the card will be issued.
- the mathematical process or algorithm used may vary widely but is used to combine the invisible number from bar code 3 with data e.g. from the person's account number, and with a randomly generated PIN number which will be assigned to the cardholder.
- one form of mathematical processing may be to take the number represented by the bar code 3, add the person's account number to it, multiply that sum by the randomly generated PIN number and discard all but the last three digits of the resulting large number. Those three digits can then be regarded as a checking number which is then fed back via data link 16 to the embossing and recording system 10.
- the embossing and recording system may be arranged to record those three digits on to the magnetic stripe 2.
- the top right hand corner of the drawing shows diagrammatically the card after processing. It still has unchanged bar code 3, patch 4 and magnetic stripe 2. However the cardholder's account number 30 has been embossed thereon and is shown and this number and the check digits are recorded on magnetic stripe 2.
- the card may also be appropriately embossed or otherwise identified e.g. with the name of the cardholder and an expiry date.
- the so processed card can then be transmitted to the cardholder in the usual way while the mainframe computer 20 (which of course knows the PIN number allotted to that customer) may generate a separate letter which the computer separately despatches to the cardholder advising him or her of the PIN number he or she has been assigned.
- the mainframe computer 20 which of course knows the PIN number allotted to that customer
- the card may include a conventional signature strip and may be validated by signature comparison or using some form of on-line validation as is well known. However, because of the presence of bar code 3 in the card and patch 4 further means of validation are now available.
- the bottom of the attached drawing shows diagrammatically a self contained validator unit which may be located at any appropriate transaction processing station for example in a store, supermarket, restaurant or the like.
- This unit has a slot 40 through which the card 1 may be swiped.
- Located either side of slot 40 within the validator unit are appropriate sensors for reading magnetic data on magnetic stripe 2 and the coded data on bar code 3.
- Patch 4 may be used in conjunction with the bar code to facilitate reading. For example if patch 4 is of known width, the amount of time patch 4 is under a detector head may give an indication of appropriate clocking speed for reading the bar code, thus compensating for different swipe speeds.
- the card is first swiped through the slot 40 and the cardholder is then invited to input his or her PIN number via a conventional keypad 41.
- Keypad 41 is surrounded by screens 42,43 in order to minimise the chance of the PIN number being detected by a casual observer.
- This is arranged to receive data read from the card and data input form the keypad 41 and then to take the data read from the card (the account number from magnetic stripe 2 and the bar code 3) and combine it in the same way as the mainframe computer 20 did when the card was being personalised, to generate a large number and therefor the three check digits by the system explained above.
- the circuit also contains comparison means to determine whether the three check digits so generated match the three check digits read from magnetic stripe 2. If they do, an indicator such as a bright light emitting diode 50 located on the side of the validator unit lights up green thus enabling the proposed transaction to be authorised while if they do not match, diode 50 lights red. - li ⁇
- the validator unit shown at the bottom of the drawing may simply act as a transaction validator as indicated above or it may be more sophisticated. For example it may include large quantities of electronic memory enabling it to record details of each transaction for example the date the identity of the checkout store and perhaps of the checkout operator and perhaps other data enabling tracing to be carried out if it is subsequently decided that a use of particular card needs to be traced.
- the circuitry within the unit may also for example incorporate programming enabling detection of operation at unusual hours or to enable an unusual pattern of operation to be detected, for example if repeated attempts are made to validate the same card using a succession of different PIN numbers as would occur if a member of a supermarket staff who had picked up a lost card but not declared that tried to find the PIN number related to that card by repeated trial and error.
- the validator unit may of course have means enabling it to be programmed or reprogrammed or enabling material stored by it to be downloaded for subsequent investigative processing.
- the unit must of course be rendered reasonably secure against tampering by any appropriate means including for example means erasing its programming if the casing is opened by an unauthorised person.
Abstract
A system for securing financial transactions involving credit and charge cards is described. As well as the normal magnetic stripe (2), the card includes non visible coded information, for example an infra-red readable (but not human eye visible) bar code (3). When the card is personalised, data recorded on to magnetic stripe (2) may be combined with the bar code (3) and a randomly generated PIN number to produce check digits following a given algorithm. Those check digits can be recorded in the magnetic stripe (2). A stand alone validator i.e. not connected to a mainframe computer, can read both data from magnetic stripe (2) and the coded data such as bar code (3) and process the data and the PIN number input via a keypad (41) according to the algorithm to produce the check digits if they match, an indication validating the proposed transaction can be given, for example a green LED (50) lights up.
Description
SECURING FIHAMCIAL TRANSACTIONS
This invention relates to securing financial transactions.
In recent years there has been a substantial move to cashless financial transaction using, as an essential element of the transaction, a plastics card. A variety of such cards, directed to use in differing types of financial transaction, has emerged. Mention may be made of credit cards, charge cards, cheque guarantee cards and cash cards.
Two main methods have emerged for the authentication of the card at the time of transaction. In the case of credit cards, charge cards and cheque guarantee cards, this is the signature of the user, which is applied to both the card (when the user initially receives it) and at the time of the transaction, either a credit or charge card voucher produced by the provider of goods or services at the time of the transaction, or a cheque form produced by the card holder in the case of a cheque guarantee card. The other method is use of a personal identification number (PIN number) known theoretically
only to the card holder and for use in cash card transactions. The requirement for a personal identification number arises from the majority of cash card transactions being effected via so called automated teller machines, which produce cash for the user without the cash dispenser being present in person in the form of a human cashier or teller.
When properly used, the PIN number approach provides a relatively high degree of security. Its use is however limited by the need to have the number checked and correlated with the data on the cash card at the time of the transaction. This is conventionally effected by connecting the automated teller machine on-line to a mainframe computer which, if a correct PIN number is provided by the user of the machine, authorises the transaction and enables the machine to dispense the cash.
While such a system is effective, it requires a very substantial investment in mainframe computer back-up and, for obvious reasons, tends to "fail safe" i.e. if the correct PIN number is not introduced, or if there is some other problem such as the misreading of magnetic data on the cash card, the transaction is simply blocked. While this is inconvenient to the user at the time, it generally inconveniences no-one else. Hold-ups, however, at other financial transaction processing stations, for example supermarket check-outs, which might be occasioned by a failed transaction of this nature, are unacceptable.
In situations such as supermarket check-outs, however, there is currently neither the equipment available to deal with on-line authentication nor would problems of delay be acceptable. Instead, authentication is effected
by signature. Despite the presumed uniqueness of signatures, they do not in fact work very well as a security measure. The standard problem with cheque guarantee cards is that, despite instructions to the contrary, users tend to keep them conveniently with their cheque books, and if both are stolen together the thief may well be able to learn a passable imitation of the signature on the card and then go out and make a substantial number of transactions over a short period of time before any alarm can be raised. This is clearly unsatisfactory.
The present invention sales to provide an improved system using an improved form of card and novel authentication equipment.
According to a first general feature of the present invention there is provided on an authentication card having a magnetic strip with magnetically recorded data thereon, and additional coded marking which is invisible to the naked eye but machine readable. This provides a first line of defence against card fraud if it is arranged that part of the data recorded magnetically and part of the invisibly recorded data are correlated in some way since then any magnetic tampering with the magnetically recorded data (which is often undertaken by professional thieves) will remove the correlation and enable a simple self-contained detector unit to show at the point of the transaction that the card has been tampered with.
Additionally, since the coded marking is invisible to the naked eye, it is not immediately apparent usually to the would-be card forger that the marking is there at all.
Although the marking is coded, for purposes which appear more fully below, the additional marking may also serve as a security feature merely by its presence. Thus if the additional marking is effected using a material having certain physical characteristics and which is one not normally found in credit and charge cards, or one the synthesis of which is difficult to achieve, a forged card may be distinguished from a genuine merely by the presence of the material making up the coded marking.
As noted above, the data on the magnetic strip and the data in the additional coded marking may be directly correlated to enable simple detection of tampering of the magnetic data. However, a major advantage of the present invention is that such data as is coded in the magnetic strip and the coded marking may be correlated via a PIN number known to the holder of the card but apparent from neither the magnetic data nor the invisible data.
Using a card coded in this way, it is possible to authenticate a transaction without the necessity of referring to a mainframe computer but with a very high degree of certainty by reading data from the card, both the magnetic data and the non-visible data, and correlating that data with a PIN number provided by the card holder at the time of the transaction. The PIN number may be inserted into the detector unit by the card holder in a fashion which does not reveal the PIN number to the bystander, or for example the cashier, at the vending establishment.
A detector unit may be used to validate the transaction. Thus according to a further feature of the present invention there is provided validation apparatus for use
with a card of the type described above which comprises means for reading data recorded magnetically on a magnetic strip of the card, means for reading data from the additional coded marking thereon, personal identification number input means, a pre-programmed processing unit adapted to process data input from the magnetic strip coded marking and PIN number inputs and to display the results of such processing as a visual indication corroborating or denying the validity of a proposed transaction.
Such validator apparatus may be embodied in a relatively small, relatively inexpensive unit. So called swipe readers for cards bearing a magnetically coded stripe are well known and find application in numerous areas of technology, for example in electronic tills and card operated telephone boxes. They usually include a channel along which the card is passed, either by hand or driven by appropriate machinery, so that the magnetic stripe on the card passes over a magnetic reading head.
Conveniently the invisibly coded marking on the card can be read at the same time, this generally implying that the coded marking extends linearly in a direction parallel to that of the magnetic stripe. A preferred marking is a bar code type marking which is easily applied during manufacture of the card. The bar code marking may be on the same side of the card as the magnetic stripe or on the opposite side and the swipe reader will need to be constructed accordingly.
As noted above, the additional coded marking on the card is invisible to the naked eye. This can be effected by a variety of means, preferred systems being to incorporate the marking in the interior of the card. The marking may
be effected in a material which is itself effectively invisible (transparent or the same colour as the material of card) or it may be made in a material which when directly viewed is visible but which is rendered invisible by being covered with an opaque layer rendering it invisible to the human eye but where the opaque layer is not opaque to some appropriate form of sensing. For example the code may be printed using a material giving a detectable infra-red absorption or reflectance but covered by a material transparent to infra-red radiation but opaque to the human eye. Putting the marking in the interior of the card also makes it much more difficult for a person who wishes to commit fraud by using a stolen card to change the data on the card.
Thus a particularly preferred form of card in accordance with the present invention is a plastics card having, printed in the interior thereof, a marking readable at non-visible wavelengths, preferably at infra-red wavelengths, the marking being located between a plastics card base and a cover laminated to the base and transparent to the wavelength at which the bar code is readable.
The invention as illustrated by way of example in the accompanying drawing which shows diagrammatically card manufacture and transaction validation using the card.
Referring to the drawing this shows at the top left a stylised credit card 1 which may be of standard shape and size. On one side of the card is a magnetic stripe 2 of standard construction. Also printed on the card is a bar code 3 and a patch 4. Bar code 3 and patch 4 may be made of the same material or may be different.
Although barcode 3 is shown on the drawing for clarity visibly, it may be printed in a material visually indistinguishable from the background. Barcode 3 and patch 4 may be printed on the card base and then covered with, for example, a visually opaque, infra-red transparent cover sheet.
The bar code 3 and patch 4 may be printed on the card or on a layer making up the card by any convenient means. Ink jet printing of bar codes is a convenient and inexpensive means of printing bar codes on successive cards which vary from card to card. This is important for reasons indicated below.
Cards of the type illustrated in the top left of the accompanying drawing, and including e.g. printing with graphic material indicative of the intended card issuer are produced by standard mass production processes. However for use, cards must carry data personal to the user. Standard machines are accordingly available in commerce for processing pre-manufactured cards to personalise them. A typical such machine is commercially available under the trade designation Datacard 4650 from Data Card Limited and its affiliates. Other card embossing and recording systems are available from other manufacturers.
In the drawing, such a machine is represented diagrammatically by box 10 having an input tray 11 for cards to be personalised and an output delivery 12 where cards which have been processed collect.
The card embossing and recording system 10 is connected via a suitable data transmission links 15 and 16 with a
mainframe computer schematically indicated at 20 and under the control of the card issuer, for example a bank, finance company or the like.
Card personalisation is now effected by the embossing and recording system 10 as follows:
The invisible bar code 3 is read by a suitable reader within unit 10. This is fed via data transmission line 15 to the mainframe computer 20 together with a request to provide data to be put on the card. Thus the mainframe computer may be requested to provide the embossing and recording system with the account number name and details of the intended card holder. This is then transmitted from the mainframe computer 20 to the embossing and recording system 10 via data link 16.
In accordance with the invention, the mainframe computer which receives the data as to the bar code 3, carries out suitable mathematical processing on the number represented by the bar code and on other numbers associated with the particular account or person to whom the card will be issued. The mathematical process or algorithm used may vary widely but is used to combine the invisible number from bar code 3 with data e.g. from the person's account number, and with a randomly generated PIN number which will be assigned to the cardholder. For example one form of mathematical processing may be to take the number represented by the bar code 3, add the person's account number to it, multiply that sum by the randomly generated PIN number and discard all but the last three digits of the resulting large number. Those three digits can then be regarded as a checking number which is then fed back via data link 16 to the embossing
and recording system 10. The embossing and recording system may be arranged to record those three digits on to the magnetic stripe 2.
The top right hand corner of the drawing shows diagrammatically the card after processing. It still has unchanged bar code 3, patch 4 and magnetic stripe 2. However the cardholder's account number 30 has been embossed thereon and is shown and this number and the check digits are recorded on magnetic stripe 2. The card may also be appropriately embossed or otherwise identified e.g. with the name of the cardholder and an expiry date.
The so processed card can then be transmitted to the cardholder in the usual way while the mainframe computer 20 (which of course knows the PIN number allotted to that customer) may generate a separate letter which the computer separately despatches to the cardholder advising him or her of the PIN number he or she has been assigned.
Once the cardholder is in possession of the card, it can be used in the normal way. Although this is not indicated for the sake of clarity and drawing, the card may include a conventional signature strip and may be validated by signature comparison or using some form of on-line validation as is well known. However, because of the presence of bar code 3 in the card and patch 4 further means of validation are now available.
The bottom of the attached drawing shows diagrammatically a self contained validator unit which may be located at any appropriate transaction processing station for example in a store, supermarket, restaurant or the like.
This unit has a slot 40 through which the card 1 may be swiped. Located either side of slot 40 within the validator unit are appropriate sensors for reading magnetic data on magnetic stripe 2 and the coded data on bar code 3. Patch 4 may be used in conjunction with the bar code to facilitate reading. For example if patch 4 is of known width, the amount of time patch 4 is under a detector head may give an indication of appropriate clocking speed for reading the bar code, thus compensating for different swipe speeds.
In practice, the card is first swiped through the slot 40 and the cardholder is then invited to input his or her PIN number via a conventional keypad 41. Keypad 41 is surrounded by screens 42,43 in order to minimise the chance of the PIN number being detected by a casual observer. There is no display of what PIN number has been entered but within the cabinet of the validator unit which includes slot 40 is an appropriately programmed integrated circuit. This is arranged to receive data read from the card and data input form the keypad 41 and then to take the data read from the card (the account number from magnetic stripe 2 and the bar code 3) and combine it in the same way as the mainframe computer 20 did when the card was being personalised, to generate a large number and therefor the three check digits by the system explained above. The circuit also contains comparison means to determine whether the three check digits so generated match the three check digits read from magnetic stripe 2. If they do, an indicator such as a bright light emitting diode 50 located on the side of the validator unit lights up green thus enabling the proposed transaction to be authorised while if they do not match, diode 50 lights red.
- li ¬
lt can be seen from the above that validation is essentially carried out by the checking process indicated and using the appropriate algorithm. There is no need to refer to a mainframe computer.
The validator unit shown at the bottom of the drawing may simply act as a transaction validator as indicated above or it may be more sophisticated. For example it may include large quantities of electronic memory enabling it to record details of each transaction for example the date the identity of the checkout store and perhaps of the checkout operator and perhaps other data enabling tracing to be carried out if it is subsequently decided that a use of particular card needs to be traced. The circuitry within the unit may also for example incorporate programming enabling detection of operation at unusual hours or to enable an unusual pattern of operation to be detected, for example if repeated attempts are made to validate the same card using a succession of different PIN numbers as would occur if a member of a supermarket staff who had picked up a lost card but not declared that tried to find the PIN number related to that card by repeated trial and error.
The validator unit may of course have means enabling it to be programmed or reprogrammed or enabling material stored by it to be downloaded for subsequent investigative processing. The unit must of course be rendered reasonably secure against tampering by any appropriate means including for example means erasing its programming if the casing is opened by an unauthorised person.
Claims
1. An authentication card for securing financial transactions consisting of a card base, a magnetic strip having magnetically recorded data thereon and characterised by an additional coded marking invisible to the naked eye but machine-readable.
2. An authentication card according to Claim 1, wherein the additional coded marking is in the form of a bar code.
3. An authentication card according to Claim 1 or 2, wherein the additional coded marking is readable using infra-red radiation.
4. An authentication card according to any one of Claims 1 to 3, wherein the magnetic strip contains as part of the magnetically recorded data a plurality of check digits obtained by applying an algorithm to other data recorded on the magnetic strip and the additional coded marking.
5. Validation apparatus for use with an authentication card and in accordance with any one of the preceding claims and including means for reading data recorded magnetically on the magnetic strip on the card and means for inputting a personal identification number, and characterised by means for reading the data from the additional coded marking on the card and by a pre-programmed processing unit adapted to process data input from the magnetic stripe coded marking, the PIN number input and the additional coded marking and adapted to compare the results of such processed data with data also recorded magnetically on the magnetic strip and display the results of such comparison.
6. Validation apparatus according Claim 5 and including a channel along which the card may be moved, a magnetic reading head adapted to read data from the magnetic stripe thereon and characterised by means for reading the additional coded marking thereon.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB9105851.1 | 1991-03-20 | ||
GB919105851A GB9105851D0 (en) | 1991-03-20 | 1991-03-20 | Securing financial transactions |
Publications (1)
Publication Number | Publication Date |
---|---|
WO1992016913A1 true WO1992016913A1 (en) | 1992-10-01 |
Family
ID=10691857
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/GB1992/000512 WO1992016913A1 (en) | 1991-03-20 | 1992-03-20 | Securing financial transactions |
Country Status (3)
Country | Link |
---|---|
AU (1) | AU1451592A (en) |
GB (1) | GB9105851D0 (en) |
WO (1) | WO1992016913A1 (en) |
Cited By (35)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0609937A2 (en) * | 1993-01-26 | 1994-08-10 | Be'eri Printers | Monetary instruments |
WO1994019770A1 (en) * | 1993-02-19 | 1994-09-01 | Her Majesty In Right Of Canada, As Represented By The Minister Of Communications | Secure personal identification instrument and method for creating same |
WO1994027259A1 (en) * | 1993-05-14 | 1994-11-24 | Abathorn Limited | Security system |
EP0683471A1 (en) * | 1992-02-07 | 1995-11-22 | American Bank Note Holographics, Inc. | Enhancement of document security |
WO1999019823A2 (en) * | 1997-10-10 | 1999-04-22 | Interval Research Corporation | Methods and systems for providing human/computer interfaces |
US5984366A (en) * | 1994-07-26 | 1999-11-16 | International Data Matrix, Inc. | Unalterable self-verifying articles |
US6256638B1 (en) | 1998-04-14 | 2001-07-03 | Interval Research Corporation | Printable interfaces and digital linkmarks |
US6262711B1 (en) | 1995-08-03 | 2001-07-17 | Interval Research Corporation | Computerized interactor systems and method for providing same |
GB2366645A (en) * | 2000-09-09 | 2002-03-13 | Ibm | Human readable barcode label |
US6439459B1 (en) | 1997-10-07 | 2002-08-27 | Interval Research Corporation | Methods and systems for providing human/computer interfaces |
US6467691B1 (en) * | 1996-11-23 | 2002-10-22 | Thorn Secure Science Limited | Record carrier and method of labelling an article of value |
WO2002097707A2 (en) * | 2001-05-31 | 2002-12-05 | Giesecke & Devrient Gmbh | Hand-held test apparatus |
WO2003060794A1 (en) * | 2002-01-04 | 2003-07-24 | Mastercard International Incorporated | Method and system for conducting transactions using a payment card with account information encoded in bar code |
US6857566B2 (en) | 2001-12-06 | 2005-02-22 | Mastercard International | Method and system for conducting transactions using a payment card with two technologies |
EP1529653A1 (en) * | 2003-11-07 | 2005-05-11 | Sicpa Holding S.A. | Security document, method for producing a security document and the use of a security document |
US6940486B2 (en) | 1995-08-03 | 2005-09-06 | Vulcan Patents Llc | Computerized interactor systems and methods for providing same |
EP1571606A1 (en) * | 2002-12-02 | 2005-09-07 | Kabushiki Kaisha Nippon Conlux | Cardless sales method and system |
WO2006002670A1 (en) | 2004-07-01 | 2006-01-12 | Daniel Bossert | Leaf-type sheet and method for producing secure data on said sheet and for verifying the latter |
WO2007006084A1 (en) * | 2005-07-08 | 2007-01-18 | Smarq Pty Ltd | Card processing apparatus and method |
US7379919B2 (en) | 2000-04-11 | 2008-05-27 | Mastercard International Incorporated | Method and system for conducting secure payments over a computer network |
US7422157B2 (en) | 2004-07-15 | 2008-09-09 | Mastercard International Incorporated | Payment card signal characterization methods and circuits |
US7559466B2 (en) * | 2003-10-02 | 2009-07-14 | Neopost Technologies | Item authentication |
US7669772B2 (en) | 2004-07-15 | 2010-03-02 | Mastercard International Incorporated | Method and system using a bitmap for passing contactless payment card transaction variables in standardized data formats |
US7708198B2 (en) | 1998-05-29 | 2010-05-04 | E-Micro Corporation | Wallet consolidator to facilitate a transaction |
USRE43157E1 (en) | 2002-09-12 | 2012-02-07 | Xatra Fund Mx, Llc | System and method for reassociating an account number to another transaction account |
US8439271B2 (en) | 2004-07-15 | 2013-05-14 | Mastercard International Incorporated | Method and system using a bitmap for passing contactless payment card transaction variables in standardized data formats |
US8690055B2 (en) | 2000-05-15 | 2014-04-08 | Privasys, Inc. | Electronic card |
US8872619B2 (en) | 2001-07-10 | 2014-10-28 | Xatra Fund Mx, Llc | Securing a transaction between a transponder and a reader |
USRE45416E1 (en) | 2001-07-10 | 2015-03-17 | Xatra Fund Mx, Llc | Processing an RF transaction using a routing number |
US9024719B1 (en) | 2001-07-10 | 2015-05-05 | Xatra Fund Mx, Llc | RF transaction system and method for storing user personal data |
US9031880B2 (en) | 2001-07-10 | 2015-05-12 | Iii Holdings 1, Llc | Systems and methods for non-traditional payment using biometric data |
US9336634B2 (en) | 2001-07-10 | 2016-05-10 | Chartoleaux Kg Limited Liability Company | Hand geometry biometrics on a payment device |
US9454752B2 (en) | 2001-07-10 | 2016-09-27 | Chartoleaux Kg Limited Liability Company | Reload protocol at a transaction processing entity |
US9672515B2 (en) | 2000-03-15 | 2017-06-06 | Mastercard International Incorporated | Method and system for secure payments over a computer network |
US10839388B2 (en) | 2001-07-10 | 2020-11-17 | Liberty Peak Ventures, Llc | Funding a radio frequency device transaction |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4114033A (en) * | 1976-02-18 | 1978-09-12 | Nippondenso Co., Ltd. | Bar code information card |
DE2901521A1 (en) * | 1978-01-19 | 1979-07-26 | Datasaab Ab | PERSONAL IDENTIFICATION SYSTEM |
DE3013211C2 (en) * | 1980-04-03 | 1989-08-24 | Gao Gesellschaft Fuer Automation Und Organisation Mbh, 8000 Muenchen, De |
-
1991
- 1991-03-20 GB GB919105851A patent/GB9105851D0/en active Pending
-
1992
- 1992-03-20 WO PCT/GB1992/000512 patent/WO1992016913A1/en active Application Filing
- 1992-03-20 AU AU14515/92A patent/AU1451592A/en not_active Abandoned
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4114033A (en) * | 1976-02-18 | 1978-09-12 | Nippondenso Co., Ltd. | Bar code information card |
DE2901521A1 (en) * | 1978-01-19 | 1979-07-26 | Datasaab Ab | PERSONAL IDENTIFICATION SYSTEM |
DE3013211C2 (en) * | 1980-04-03 | 1989-08-24 | Gao Gesellschaft Fuer Automation Und Organisation Mbh, 8000 Muenchen, De |
Cited By (57)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0683471A1 (en) * | 1992-02-07 | 1995-11-22 | American Bank Note Holographics, Inc. | Enhancement of document security |
EP0609937A2 (en) * | 1993-01-26 | 1994-08-10 | Be'eri Printers | Monetary instruments |
EP0609937A3 (en) * | 1993-01-26 | 1996-01-10 | Be Eri Printers | Monetary instruments. |
WO1994019770A1 (en) * | 1993-02-19 | 1994-09-01 | Her Majesty In Right Of Canada, As Represented By The Minister Of Communications | Secure personal identification instrument and method for creating same |
GB2289965A (en) * | 1993-02-19 | 1995-12-06 | Ca Minister Communications | Secure personal indentification instument and method for creating same |
WO1994027259A1 (en) * | 1993-05-14 | 1994-11-24 | Abathorn Limited | Security system |
US5984366A (en) * | 1994-07-26 | 1999-11-16 | International Data Matrix, Inc. | Unalterable self-verifying articles |
US6940486B2 (en) | 1995-08-03 | 2005-09-06 | Vulcan Patents Llc | Computerized interactor systems and methods for providing same |
US6262711B1 (en) | 1995-08-03 | 2001-07-17 | Interval Research Corporation | Computerized interactor systems and method for providing same |
US6467691B1 (en) * | 1996-11-23 | 2002-10-22 | Thorn Secure Science Limited | Record carrier and method of labelling an article of value |
US6989816B1 (en) | 1997-10-07 | 2006-01-24 | Vulcan Patents Llc | Methods and systems for providing human/computer interfaces |
US6540141B1 (en) | 1997-10-07 | 2003-04-01 | Interval Research Corporation | Methods and systems for providing human/computer interfaces |
US6518950B1 (en) | 1997-10-07 | 2003-02-11 | Interval Research Corporation | Methods and systems for providing human/computer interfaces |
US6439459B1 (en) | 1997-10-07 | 2002-08-27 | Interval Research Corporation | Methods and systems for providing human/computer interfaces |
WO1999019823A3 (en) * | 1997-10-10 | 1999-08-19 | Interval Research Corp | Methods and systems for providing human/computer interfaces |
US6164541A (en) * | 1997-10-10 | 2000-12-26 | Interval Research Group | Methods and systems for providing human/computer interfaces |
WO1999019823A2 (en) * | 1997-10-10 | 1999-04-22 | Interval Research Corporation | Methods and systems for providing human/computer interfaces |
US6256638B1 (en) | 1998-04-14 | 2001-07-03 | Interval Research Corporation | Printable interfaces and digital linkmarks |
US8225995B1 (en) | 1998-05-29 | 2012-07-24 | Frank Joseph Gangi | Retail point-of-transaction system, program products, and related methods to provide a customized set of identification data to facilitate a transaction using electronic coupons |
US7828208B2 (en) | 1998-05-29 | 2010-11-09 | E-Micro Corporation | Retail point-of-transaction system, program products, and related methods to provide a customized set of identification data to facilitate a transaction using electronic coupons |
US7708198B2 (en) | 1998-05-29 | 2010-05-04 | E-Micro Corporation | Wallet consolidator to facilitate a transaction |
US7712658B2 (en) | 1998-05-29 | 2010-05-11 | E-Micro Corporation | Wallet consolidator and related methods of processing a transaction using a wallet consolidator |
US9672515B2 (en) | 2000-03-15 | 2017-06-06 | Mastercard International Incorporated | Method and system for secure payments over a computer network |
US7379919B2 (en) | 2000-04-11 | 2008-05-27 | Mastercard International Incorporated | Method and system for conducting secure payments over a computer network |
US8690055B2 (en) | 2000-05-15 | 2014-04-08 | Privasys, Inc. | Electronic card |
GB2366645A (en) * | 2000-09-09 | 2002-03-13 | Ibm | Human readable barcode label |
WO2002097707A3 (en) * | 2001-05-31 | 2003-11-13 | Giesecke & Devrient Gmbh | Hand-held test apparatus |
WO2002097707A2 (en) * | 2001-05-31 | 2002-12-05 | Giesecke & Devrient Gmbh | Hand-held test apparatus |
US9024719B1 (en) | 2001-07-10 | 2015-05-05 | Xatra Fund Mx, Llc | RF transaction system and method for storing user personal data |
US9031880B2 (en) | 2001-07-10 | 2015-05-12 | Iii Holdings 1, Llc | Systems and methods for non-traditional payment using biometric data |
US9336634B2 (en) | 2001-07-10 | 2016-05-10 | Chartoleaux Kg Limited Liability Company | Hand geometry biometrics on a payment device |
US9454752B2 (en) | 2001-07-10 | 2016-09-27 | Chartoleaux Kg Limited Liability Company | Reload protocol at a transaction processing entity |
USRE45416E1 (en) | 2001-07-10 | 2015-03-17 | Xatra Fund Mx, Llc | Processing an RF transaction using a routing number |
US8872619B2 (en) | 2001-07-10 | 2014-10-28 | Xatra Fund Mx, Llc | Securing a transaction between a transponder and a reader |
US9886692B2 (en) | 2001-07-10 | 2018-02-06 | Chartoleaux Kg Limited Liability Company | Securing a transaction between a transponder and a reader |
US10839388B2 (en) | 2001-07-10 | 2020-11-17 | Liberty Peak Ventures, Llc | Funding a radio frequency device transaction |
US7287695B2 (en) | 2001-12-06 | 2007-10-30 | Mastercard International Incorporated | Method and system for conducting transactions using a payment card with two technologies |
US6857566B2 (en) | 2001-12-06 | 2005-02-22 | Mastercard International | Method and system for conducting transactions using a payment card with two technologies |
WO2003060794A1 (en) * | 2002-01-04 | 2003-07-24 | Mastercard International Incorporated | Method and system for conducting transactions using a payment card with account information encoded in bar code |
USRE43157E1 (en) | 2002-09-12 | 2012-02-07 | Xatra Fund Mx, Llc | System and method for reassociating an account number to another transaction account |
EP1571606A4 (en) * | 2002-12-02 | 2006-06-14 | Nippon Conlux Co Ltd | Cardless sales method and system |
EP1571606A1 (en) * | 2002-12-02 | 2005-09-07 | Kabushiki Kaisha Nippon Conlux | Cardless sales method and system |
US7559466B2 (en) * | 2003-10-02 | 2009-07-14 | Neopost Technologies | Item authentication |
EA008228B1 (en) * | 2003-11-07 | 2007-04-27 | Сикпа Холдинг С.А. | Security document, method for producing a security document and the use of a security element |
EP1529653A1 (en) * | 2003-11-07 | 2005-05-11 | Sicpa Holding S.A. | Security document, method for producing a security document and the use of a security document |
WO2005044583A2 (en) * | 2003-11-07 | 2005-05-19 | Sicpa Holding S.A. | Security document, method for producing a security document and the use of a security element |
WO2005044583A3 (en) * | 2003-11-07 | 2005-11-10 | Sicpa Holding Sa | Security document, method for producing a security document and the use of a security element |
WO2006002670A1 (en) | 2004-07-01 | 2006-01-12 | Daniel Bossert | Leaf-type sheet and method for producing secure data on said sheet and for verifying the latter |
US7520435B2 (en) | 2004-07-15 | 2009-04-21 | Mastercard International Incorporated | Contactless payment card reader with a frusto-conical operating volume |
US7422157B2 (en) | 2004-07-15 | 2008-09-09 | Mastercard International Incorporated | Payment card signal characterization methods and circuits |
US7424977B2 (en) | 2004-07-15 | 2008-09-16 | Mastercard International Incorporated | Method and system for conducting contactless payment card transactions |
US7431217B2 (en) | 2004-07-15 | 2008-10-07 | Mastercard International Incorporated | Reference equipment for testing contactless payment devices |
US8439271B2 (en) | 2004-07-15 | 2013-05-14 | Mastercard International Incorporated | Method and system using a bitmap for passing contactless payment card transaction variables in standardized data formats |
US7717346B2 (en) | 2004-07-15 | 2010-05-18 | Mastercard International Incorporated | Collision detection and avoidance scheme for contactless card payment systems |
US7669772B2 (en) | 2004-07-15 | 2010-03-02 | Mastercard International Incorporated | Method and system using a bitmap for passing contactless payment card transaction variables in standardized data formats |
US7775445B2 (en) | 2004-07-15 | 2010-08-17 | Mastercard International Incorporated | Reference equipment for testing contactless payment devices |
WO2007006084A1 (en) * | 2005-07-08 | 2007-01-18 | Smarq Pty Ltd | Card processing apparatus and method |
Also Published As
Publication number | Publication date |
---|---|
GB9105851D0 (en) | 1991-05-08 |
AU1451592A (en) | 1992-10-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO1992016913A1 (en) | Securing financial transactions | |
US6003763A (en) | Method and apparatus for recording magnetic information on traveler's checks | |
US5416306A (en) | Method for comparing and verifying security codes at point of sale | |
JP5612332B2 (en) | Fraud prevention security card storing biometric information and method of using the same | |
EP0783742B1 (en) | Credit document connected to a document or customised card, independent customised credit card and associated issuance and validation equipment | |
US5336871A (en) | Holographic enhancement of card security | |
US8959029B2 (en) | System, apparatus, and methods for currency processing control and redemption | |
US4385285A (en) | Check dispensing terminal | |
US3862716A (en) | Automatic cash dispenser and system and method therefor | |
US6135355A (en) | Method and apparatus for impeding the counterfeiting of cards, instruments and documents | |
EP0683471A1 (en) | Enhancement of document security | |
JPH02297297A (en) | Method for preventing malfeasant use of card type information medium | |
EP0152703A2 (en) | Fraudulent card intercept system | |
US6560017B1 (en) | Compound secure optical identification method and means | |
US7404516B2 (en) | Tamper resistant presentation instruments and methods | |
GB2255934A (en) | Integrated circuit card with display. | |
US20030098995A1 (en) | Media dispensing | |
US7617986B2 (en) | Laminate security feature | |
JPH09198474A (en) | Graphic code card | |
JP3624714B2 (en) | Underage identification device for vending machines | |
GB2290053A (en) | Fingerprint validation of security card user. | |
JPH06115287A (en) | Card, card reader and identifying method for card forgery | |
JP2553770B2 (en) | Card and card processing device | |
GB2212641A (en) | Security apparatus | |
CA2121830C (en) | Holographic enhancement of card security |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AU CA JP US |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): AT BE CH DE DK ES FR GB GR IT LU MC NL SE |
|
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
NENP | Non-entry into the national phase |
Ref country code: CA |
|
122 | Ep: pct application non-entry in european phase |