WO2008156424A1 - Method for verification of a payment, and a personal security device for such verification - Google Patents

Method for verification of a payment, and a personal security device for such verification Download PDF

Info

Publication number
WO2008156424A1
WO2008156424A1 PCT/SE2008/050746 SE2008050746W WO2008156424A1 WO 2008156424 A1 WO2008156424 A1 WO 2008156424A1 SE 2008050746 W SE2008050746 W SE 2008050746W WO 2008156424 A1 WO2008156424 A1 WO 2008156424A1
Authority
WO
WIPO (PCT)
Prior art keywords
card
security device
personal security
code
purchase
Prior art date
Application number
PCT/SE2008/050746
Other languages
French (fr)
Inventor
Fredrik Schell
Original Assignee
Fredrik Schell
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fredrik Schell filed Critical Fredrik Schell
Publication of WO2008156424A1 publication Critical patent/WO2008156424A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/326Payment applications installed on the mobile devices
    • G06Q20/3263Payment applications installed on the mobile devices characterised by activation or deactivation of payment capabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3229Use of the SIM of a M-device as secure element
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists

Definitions

  • the present invention relates to a method for the verification- tion of a payment for purchase with the aid of a debit card or a credit card, in particular for such purchase over the Internet.
  • the invention concerns also a personal security device for the execution of the method according to a special embodiment .
  • Payment is often a problem when purchasing goods or services over the Internet.
  • One of the solutions that are available, and a solution that many people consider to be a good solution in principle, is that of paying with the aid of a credit card, in order subsequently to perform the payment together with the payment of other purchases, possibly once a month.
  • Credit card fraud has become evermore common on the Internet, in which a credit card number that belongs to another person is used to make a payment for goods or a ser- vice. This has led to the readiness to use credit cards for payment over the Internet not increasing as much as expected, from a fear of having one's credit card or account used by others .
  • a further problem is that many people today feel insecure also during purchase in a shop, restaurant, or similar, where
  • the above-mentioned purpose of the invention is achieved through a request that the sale is to be paid being sent from the seller to a credit card company of a bank, when a purchase is to be paid with the aid of the debit card or credit card, which credit card company or bank sends a code to the holder of the card that the card-holder enters into a personal security device, which personal security device generates a new code, a conformation code, that the card-holder specifies in order to confirm that the request of the seller for payment is to be approved, and only when the card-holder has confirmed to the credit card company or bank that the payment is to be made does the credit card company or bank send a confirmation to the seller such that the purchase can be completed.
  • the debit card or credit card is a card that is blocked for purchase unless the procedure described above is carried out.
  • the debit card or credit card is a card that does not have a magnetic strip or chip.
  • the personal security device is integrated in a mobile telephone.
  • a further purpose of the invention is to achieve a new personal security device that is easy to carry always.
  • This purpose of the invention is achieved through the personal security device being integrated in a mobile telephone.
  • the mobile telephone is arranged such that it is able to transmit the confirmation code that has been produced by the security device to a receiving terminal, such as a payment terminal in a shop.
  • Figure 1 shows schematically the procedure for the payment of a purchase through the Internet
  • Figure 2 shows schematically the procedure during purchase in which the verification of the payment by the card- holder takes place with the aid of a mobile telephone.
  • the invention will first be described with reference to a purchase over the Internet.
  • a user sits at a computer 1, and is interested in purchasing goods or a service from a sales company 2.
  • the company 2 offers the purchaser the opportunity to pay for the goods or service with the aid of a debit card or credit card.
  • the purchaser enters his or her account number for the relevant card in the field intended for this on the page that he or she sees on the monitor of the com- puter 1, whereby this account number will be forwarded by the sales company 2 to a credit card company or a bank 3 that has issued or that administrates the card.
  • the credit card com ⁇ pany or bank will be referred under to as "the bank”.
  • the bank 3 notes that the card is such a card as requires a se- cure confirmation from the card-holder in order for the seller to accept that payment is to be drawn from the debit card or credit card.
  • the bank 3 therefore transmits a request to the computer 1 of the card-holder that the purchaser is to confirm the purchase, through the bank transmitting a code to the purchaser or card-holder that he or she is to enter the code into a personal security device, such as the device known as a "digipass", 4.
  • the personal security device 4 then generates a new code, a confirmation code, that the purchaser or card-holder enters with the aid of the keyboard 5 to approve that payment of the purchase is to take place with the card specified, whereby this confirmation is sent to the bank 3, which in turn transmits a confirmation directly to the sales company 2 that the payment has been approved such that the purchase can thereby be carried out.
  • This request for confirmation of the payment can be sent to the purchaser through information being displayed in a new window on the computer 1 of the purchaser, such that the purchaser visits the website of the bank at which he or she then receives a code or several codes that he or she is to enter into the personal security device in order to generate the confirmation code that he or she must enter with the aid of the keyboard in order to approve the purchase.
  • a personal security device is included in a mobile telephone or in its SIM card.
  • a user of the mobile telephone always to have available a "personal security device”, and would always be able to generate with the aid of the mobile telephone the confirmation code that is required for verification of a purchase, independently of whether this is over the Internet or in a shop.
  • the personal security device integrated into a mobile telephone may either be loaded as a program that is read into the mobile telephone, or it may be integrated into the SIM card of the mobile telephone.
  • the user of the mobile telephone can in this case simply obtain the confirmation code, and enter this into the card terminal of the shop in order to approve the purchase, and in this way avoid the necessity of using his or her signature.
  • a confirmation code which is a code that is generated in the personal security device or in the mobile telephone
  • the bank can always be certain that it is the correct person who executes the receipt, which is security not only for the cardholder and bank but also for the seller, who in this manner does not risk having the payment subsequently refused on the grounds that the card was a stolen card.
  • the debit card or credit card that is used is a card that has been blocked for purchase unless the above-described secure confirmation procedure for the purchase has been carried out.
  • the debit card or credit card may be a card that lacks a magnetic strip or chip, and this ensures that the possibilities of misuse of the card are minimised, since it is not possible to use the card even in such simple payment machines in which a check of the validity of the card is not carried OUt .
  • such a special debit card or credit card be coupled with a normal debit card or credit card such that purchases are accounted on the same invoice or statement as those of the normal debit card or credit card. It is advantageously arranged that the normal debit card or credit card is blocked for purchase over the Internet when such a special debit card or credit card is issued, which means that anyone who has obtained the account number of the ordinary card, or the complete card, illicitly at least cannot use it for purchase over the Internet.
  • the method can be used, for example, in a normal shop 6 that possesses a debit card terminal or a payment terminal 7, where a purchaser, the card-holder, can enter a confirmation code in order to approve a purchase.
  • the sales company, the shop 6, transmits in the normal way information concerning an intended purchase using the debit card or credit card to a credit card company or a bank 8, which notes that a secure payment confirmation is required for the card that is in- volved.
  • the bank 8 then transmits a code to the payment terminal 7 of the shop, which code the card-holder must enter into his or her mobile telephone (the personal security device) 9 in order to generate the confirmation code that is required for verification of the payment.
  • the bank could transmit an SMS to the mobile telephone of the card-holder containing the code that is to be used to generate the confirmation code that is to be used for the intended purchase.
  • the card-holder can subsequently enter the generated confirmation code, and the confirmation for the purchase, into the debit card terminal 7 of the shop.
  • the bank 8 transmits a confirmation to the shop 6 that the payment has been approved such that the purchase can in this way be completed.
  • the method that has been described above, and the personal security code can advantageously be used also for the withdrawal of cash from cash machines, in order to increase secu- rity through avoiding the fixed codes that are currently used. It can thus be arranged that when inserting the card into a cash machine that the machine when it detects that this is a card for secure withdrawal, specifies on the screen of the machine the codes that the user is to enter into the personal security device, and where the user then enters the confirmation code that has been generated in order to complete the withdrawal.
  • the withdrawal from cash machines is equivalent to purchase as it has been used in the description, and thus also the seller is equivalent to the cash machine.
  • the concept of "code” involves the bank sending to the card-holder one or several groups of characters, normally numbers, that the card-holder is to enter into the personal security device. It may also be the case, as is currently known, that the user before entering the codes that have been received from the bank, must enter a personal, memorised, PIN into the personal security device in order to activate it.
  • the confirmation code that is generated by the personal security device should contain at least three characters, again normally numbers, and preferably 4-6 numbers.
  • the code that is generated as has been suggested above may, naturally, contain other characters than solely numbers, such as letters or other characters.
  • the device may be provided with a fingerprint reader, such that the user can activate the security device solely by sweeping his or her finger across the reader.
  • the personal security device is provided with a real-time rotating disc for the verification, and that the bank or credit card company that has issued or programmed the personal security device has a parallel real-time rotating disc for the particular user. It would in this case be sufficient that the user generate a relevant code in the personal security device and enter this instead of entering any codes that are transmitted at each individual occasion.
  • This system with two coupled real-time rotating discs is thus comparable with a system in which the bank transmits a code on each individual occasion, which code the user is to enter in order to generate a confirmation code.
  • Such a coupled real-time rotating disc may be so de- signed that the generated code has only a short period of validity, such as one to two minutes.
  • the invention thus solves a problem that arises during purchase with the aid of the debit card or credit card from sales points that may be considered as insecure, through the use of a debit card or credit card that requires a secure confirmation from the card-holder to be given before a purchase can be completed.
  • the use of the method according to the invention solves not only the technical problem of verifying that it is the correct person who is using the credit card during purchase over the Internet, but also the problem of skimming credit cards.
  • the method according to the invention releases one from the need to use fixed PINs for the verification of purchases, and this means that the loss of a credit card or having it be subject to skimming does not lead to the ability of any other person to use the credit card for purchase.
  • a credit card number cannot be used for purchase by mail order or over the Internet, since a confirmation code that is created separately is required for each purchase, and this confirmation code is created by a personal security device that is unique to a particular user.

Abstract

A method for the payment for purchases with the aid of a debit card or credit card, where according to the invention when a purchase (1) is to be paid with the aid of the debit card or credit card, a request that the sale is to be paid is sent from the seller (2) to a credit card company or a bank (3, 8), which credit card company or bank (3) sends a code to the holder of the card that the card-holder enters into a personal security device, which personal security device generates a new code, a conformation code, that the card-holder specifies in order to confirm that the request of the seller (2) for payment is to be approved, and only when the card-holder has confirmed to the credit card company or bank (3) that the payment is to be made does the credit card company or bank (3) send a confirmation to the seller (2) such that the purchase can be completed. The invention concerns also a personal security device integrated in a mobile telephone.

Description

Method for verification of a payment, and a personal security device for such verification
The present invention relates to a method for the verifica- tion of a payment for purchase with the aid of a debit card or a credit card, in particular for such purchase over the Internet. The invention concerns also a personal security device for the execution of the method according to a special embodiment .
Payment is often a problem when purchasing goods or services over the Internet. One of the solutions that are available, and a solution that many people consider to be a good solution in principle, is that of paying with the aid of a credit card, in order subsequently to perform the payment together with the payment of other purchases, possibly once a month. Credit card fraud, however, has become evermore common on the Internet, in which a credit card number that belongs to another person is used to make a payment for goods or a ser- vice. This has led to the readiness to use credit cards for payment over the Internet not increasing as much as expected, from a fear of having one's credit card or account used by others .
It is common among some companies that sell over the Internet also to have a link to a bank in order to make a secure payment directly through an account at an Internet bank, and in this case verifying the payment with the aid of a personal security device, known as a "digipass", or another form of secure verification through, preferably, a code for one-time use.
A further problem is that many people today feel insecure also during purchase in a shop, restaurant, or similar, where
RECORDCOPY-TRANSLATION (Rule 12.4) one is afraid of having the credit card skimmed such that others can use the information that is stored on the card in order to make copies of the card, which copies can then be used for making purchases.
It is therefore one purpose of the present invention to achieve a new method for secure payment of purchases with the aid of debit cards and credit cards.
The above-mentioned purpose of the invention is achieved through a request that the sale is to be paid being sent from the seller to a credit card company of a bank, when a purchase is to be paid with the aid of the debit card or credit card, which credit card company or bank sends a code to the holder of the card that the card-holder enters into a personal security device, which personal security device generates a new code, a conformation code, that the card-holder specifies in order to confirm that the request of the seller for payment is to be approved, and only when the card-holder has confirmed to the credit card company or bank that the payment is to be made does the credit card company or bank send a confirmation to the seller such that the purchase can be completed.
According to one preferred embodiment, the debit card or credit card is a card that is blocked for purchase unless the procedure described above is carried out.
According to a further preferred embodiment, the debit card or credit card is a card that does not have a magnetic strip or chip.
According to a further embodiment, the personal security device is integrated in a mobile telephone. A further purpose of the invention is to achieve a new personal security device that is easy to carry always.
This purpose of the invention is achieved through the personal security device being integrated in a mobile telephone.
According to a preferred embodiment of the security device integrated in a mobile telephone, the mobile telephone is arranged such that it is able to transmit the confirmation code that has been produced by the security device to a receiving terminal, such as a payment terminal in a shop.
The invention will now be described in more detail in the form of a pair of embodiments, illustrated with the aid of the attached drawings, where Figure 1 shows schematically the procedure for the payment of a purchase through the Internet, and Figure 2 shows schematically the procedure during purchase in which the verification of the payment by the card- holder takes place with the aid of a mobile telephone.
The invention will first be described with reference to a purchase over the Internet. A user sits at a computer 1, and is interested in purchasing goods or a service from a sales company 2. The company 2 offers the purchaser the opportunity to pay for the goods or service with the aid of a debit card or credit card. The purchaser enters his or her account number for the relevant card in the field intended for this on the page that he or she sees on the monitor of the com- puter 1, whereby this account number will be forwarded by the sales company 2 to a credit card company or a bank 3 that has issued or that administrates the card. The credit card com¬ pany or bank will be referred under to as "the bank". The bank 3 notes that the card is such a card as requires a se- cure confirmation from the card-holder in order for the seller to accept that payment is to be drawn from the debit card or credit card. The bank 3 therefore transmits a request to the computer 1 of the card-holder that the purchaser is to confirm the purchase, through the bank transmitting a code to the purchaser or card-holder that he or she is to enter the code into a personal security device, such as the device known as a "digipass", 4. The personal security device 4 then generates a new code, a confirmation code, that the purchaser or card-holder enters with the aid of the keyboard 5 to approve that payment of the purchase is to take place with the card specified, whereby this confirmation is sent to the bank 3, which in turn transmits a confirmation directly to the sales company 2 that the payment has been approved such that the purchase can thereby be carried out.
This request for confirmation of the payment can be sent to the purchaser through information being displayed in a new window on the computer 1 of the purchaser, such that the purchaser visits the website of the bank at which he or she then receives a code or several codes that he or she is to enter into the personal security device in order to generate the confirmation code that he or she must enter with the aid of the keyboard in order to approve the purchase.
According to one preferred embodiment of the invention, it is also possible to envisage that a personal security device is included in a mobile telephone or in its SIM card. With such a solution it would be possible for a user of the mobile telephone always to have available a "personal security device", and would always be able to generate with the aid of the mobile telephone the confirmation code that is required for verification of a purchase, independently of whether this is over the Internet or in a shop. The personal security device integrated into a mobile telephone may either be loaded as a program that is read into the mobile telephone, or it may be integrated into the SIM card of the mobile telephone.
If the purchase takes place in a shop or at another location with a payment terminal, the user of the mobile telephone can in this case simply obtain the confirmation code, and enter this into the card terminal of the shop in order to approve the purchase, and in this way avoid the necessity of using his or her signature. Through the specification of such a confirmation code, which is a code that is generated in the personal security device or in the mobile telephone, the bank can always be certain that it is the correct person who executes the receipt, which is security not only for the cardholder and bank but also for the seller, who in this manner does not risk having the payment subsequently refused on the grounds that the card was a stolen card.
As has been mentioned above, it is appropriate that the debit card or credit card that is used is a card that has been blocked for purchase unless the above-described secure confirmation procedure for the purchase has been carried out. The debit card or credit card may be a card that lacks a magnetic strip or chip, and this ensures that the possibilities of misuse of the card are minimised, since it is not possible to use the card even in such simple payment machines in which a check of the validity of the card is not carried OUt .
It is appropriate that such a special debit card or credit card be coupled with a normal debit card or credit card such that purchases are accounted on the same invoice or statement as those of the normal debit card or credit card. It is advantageously arranged that the normal debit card or credit card is blocked for purchase over the Internet when such a special debit card or credit card is issued, which means that anyone who has obtained the account number of the ordinary card, or the complete card, illicitly at least cannot use it for purchase over the Internet.
It is also possible, as is shown with the aid of Figure 2, to use the method according to the invention during other purchases than those that take place over the Internet. The method can be used, for example, in a normal shop 6 that possesses a debit card terminal or a payment terminal 7, where a purchaser, the card-holder, can enter a confirmation code in order to approve a purchase. The sales company, the shop 6, transmits in the normal way information concerning an intended purchase using the debit card or credit card to a credit card company or a bank 8, which notes that a secure payment confirmation is required for the card that is in- volved. The bank 8 then transmits a code to the payment terminal 7 of the shop, which code the card-holder must enter into his or her mobile telephone (the personal security device) 9 in order to generate the confirmation code that is required for verification of the payment.
Alternatively, it would be possible for the bank to transmit an SMS to the mobile telephone of the card-holder containing the code that is to be used to generate the confirmation code that is to be used for the intended purchase. The card-holder can subsequently enter the generated confirmation code, and the confirmation for the purchase, into the debit card terminal 7 of the shop. When the bank 8 in this way receives con¬ firmation from the card-holder that the purchase is to be carried out, the bank 8 transmits a confirmation to the shop 6 that the payment has been approved such that the purchase can in this way be completed.
It is thus possible with the aid of the embodiment according to Figure 2 to obtain increased security when using debit cards even at such purchase locations in which it may be feared that the card number may be copied or stored in order to be used later for unauthorised purposes.
Many mobile telephones are today provided with transmitters or receivers for IR, and this means that it is possible to send the confirmation code directly from the mobile telephone to the payment terminal of the shop, and this means that it is not necessary to enter manually the confirmation code into the terminal.
The method that has been described above, and the personal security code, can advantageously be used also for the withdrawal of cash from cash machines, in order to increase secu- rity through avoiding the fixed codes that are currently used. It can thus be arranged that when inserting the card into a cash machine that the machine when it detects that this is a card for secure withdrawal, specifies on the screen of the machine the codes that the user is to enter into the personal security device, and where the user then enters the confirmation code that has been generated in order to complete the withdrawal. Thus the withdrawal from cash machines is equivalent to purchase as it has been used in the description, and thus also the seller is equivalent to the cash machine.
As has been mentioned above, the concept of "code" involves the bank sending to the card-holder one or several groups of characters, normally numbers, that the card-holder is to enter into the personal security device. It may also be the case, as is currently known, that the user before entering the codes that have been received from the bank, must enter a personal, memorised, PIN into the personal security device in order to activate it. The confirmation code that is generated by the personal security device should contain at least three characters, again normally numbers, and preferably 4-6 numbers. The code that is generated as has been suggested above may, naturally, contain other characters than solely numbers, such as letters or other characters.
Instead of the user entering a PIN into the personal security device, the device may be provided with a fingerprint reader, such that the user can activate the security device solely by sweeping his or her finger across the reader.
It is also possible to conceive that the personal security device is provided with a real-time rotating disc for the verification, and that the bank or credit card company that has issued or programmed the personal security device has a parallel real-time rotating disc for the particular user. It would in this case be sufficient that the user generate a relevant code in the personal security device and enter this instead of entering any codes that are transmitted at each individual occasion. This system with two coupled real-time rotating discs is thus comparable with a system in which the bank transmits a code on each individual occasion, which code the user is to enter in order to generate a confirmation code. Such a coupled real-time rotating disc may be so de- signed that the generated code has only a short period of validity, such as one to two minutes.
The invention thus solves a problem that arises during purchase with the aid of the debit card or credit card from sales points that may be considered as insecure, through the use of a debit card or credit card that requires a secure confirmation from the card-holder to be given before a purchase can be completed. The use of the method according to the invention solves not only the technical problem of verifying that it is the correct person who is using the credit card during purchase over the Internet, but also the problem of skimming credit cards. The method according to the invention releases one from the need to use fixed PINs for the verification of purchases, and this means that the loss of a credit card or having it be subject to skimming does not lead to the ability of any other person to use the credit card for purchase. In the same manner, a credit card number cannot be used for purchase by mail order or over the Internet, since a confirmation code that is created separately is required for each purchase, and this confirmation code is created by a personal security device that is unique to a particular user.
It is certainly possible for the invention to be used in many other cases than those that have been described above, without deviating from its innovative concept.

Claims

Claims
1. A method for the verification of payment for purchase with the aid of debit cards or credit cards, characterised in that when a purchase (1, 7) is to be paid with the aid of the debit card or credit card, a request that the sale is to be paid is sent from the seller (2, 6) to a credit card company or a bank (3, 8), which credit card company or bank (3, 8) sends a code to the holder of the card that the card- holder enters into a personal security device, which personal security device generates a new code, a conformation code, that the card-holder specifies in order to confirm that the request of the seller (2, 6) for payment is to be approved, and only when the card-holder has confirmed to the credit card company or bank (3, 8) that the payment is to be made does the credit card company or bank (3, 8) send a confirmation to the seller (2, β) such that the purchase can be completed.
2. The method according to claim 1, characterised in that the purchase is a purchase over the Internet.
3. The method according to claim 1, characterised in that the purchase is a purchase that is completed with the aid of a payment terminal (7) at the seller (6), where the code that the card-holder is to enter into his or her personal security device is displayed on the payment terminal (7) .
4. The method according to claim 1, characterised in that the purchase is a purchase that is completed with the aid of a payment terminal (7) at the seller (6), where the code that the card-holder is to enter into his or her personal security device is printed onto a receipt by the pay- ment terminal (7), and in that the card-holder specifies as confirmation of his or her approval of the purchase the confirmation code that the personal security device has generated.
5. The method according to any one of the preceding claims, characterised in that the debit card or credit card is blocked for other purchases than those that have been approved according to claim 1.
6. The method according to any one of the preceding claims, characterised in that the debit card or credit card is a card that does not have a magnetic strip or chip.
7. The method according to claim 1 or 2, characterised i n that the personal security device is integrated into a mobile telephone.
8. The method according to claim 7, characterised in that the credit card company or bank (8) transmits the code directly to the mobile telephone (9) of the card-holder such that the card-holder can enter or activate the code in the security device that is integrated in the mobile telephone.
9. The method according to claim 4 and 7, characterised in that the personal security device transmits the code that has been generates directly to the payment terminal (7) .
10. A personal security device for the generation of a code for the verification of a transaction, characterised i n that the personal security device is integrated into a mobile telephone (9) .
11. The personal security device according to claim 10, characterised in that it is arranged in the form of a program in the mobile telephone.
12. The personal security device according to claim 10, characterised in that it is arranged in the SIM card of the mobile telephone.
13. The personal security device according to any one of claims 10-12, characterised in that the mobile telephone (9) is arranged such that it is able to transmit the confirmation code that has been generated by the security device to a receiving terminal, such as a payment terminal (7) in a shop.
14. The personal security device according to claim 13, characterised in that the mobile telephone (9) is arranged to transmit the confirmation code using IR technology.
15. The personal security device according to any one of claims 10-14, characterised in that the personal security device (9) comprises a fingerprint reader.
PCT/SE2008/050746 2007-06-21 2008-06-23 Method for verification of a payment, and a personal security device for such verification WO2008156424A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SE0701514-2 2007-06-21
SE0701514 2007-06-21

Publications (1)

Publication Number Publication Date
WO2008156424A1 true WO2008156424A1 (en) 2008-12-24

Family

ID=40156462

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2008/050746 WO2008156424A1 (en) 2007-06-21 2008-06-23 Method for verification of a payment, and a personal security device for such verification

Country Status (1)

Country Link
WO (1) WO2008156424A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012005653A1 (en) * 2010-07-09 2012-01-12 Nordic Wallet Ab Secure user identification
CN102799981A (en) * 2011-05-24 2012-11-28 中国银联股份有限公司 Safe closed loop payment system and method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010054148A1 (en) * 2000-02-18 2001-12-20 Frank Hoornaert Field programmable smart card terminal and token device
US20020029342A1 (en) * 2000-09-07 2002-03-07 Keech Winston Donald Systems and methods for identity verification for secure transactions
US20040039651A1 (en) * 2000-09-14 2004-02-26 Stefan Grunzig Method for securing a transaction on a computer network
US20060136739A1 (en) * 2004-12-18 2006-06-22 Christian Brock Method and apparatus for generating one-time password on hand-held mobile device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010054148A1 (en) * 2000-02-18 2001-12-20 Frank Hoornaert Field programmable smart card terminal and token device
US20020029342A1 (en) * 2000-09-07 2002-03-07 Keech Winston Donald Systems and methods for identity verification for secure transactions
US20040039651A1 (en) * 2000-09-14 2004-02-26 Stefan Grunzig Method for securing a transaction on a computer network
US20060136739A1 (en) * 2004-12-18 2006-06-22 Christian Brock Method and apparatus for generating one-time password on hand-held mobile device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012005653A1 (en) * 2010-07-09 2012-01-12 Nordic Wallet Ab Secure user identification
CN102799981A (en) * 2011-05-24 2012-11-28 中国银联股份有限公司 Safe closed loop payment system and method

Similar Documents

Publication Publication Date Title
US7567934B2 (en) Credit card system and method
US8025223B2 (en) System and method for mass transit merchant payment
EP1357527A2 (en) A payee account payment system
EP2688024A1 (en) Method For Online Payment, And System And Electronic Device For Implementing The Same
EP3281165A1 (en) Methods and systems for using a mobile device to effect a secure electronic transaction
KR20110019887A (en) Mobile virtual machine settlement system of account and card and method using virtual machine trading stamp
WO2008018052A2 (en) Secure mechanism and system for processing financial transactions
US20060004658A1 (en) Method of processing credit payments at delivery
JP2007521556A (en) Method of authorizing payment order by credit card and related devices
GB2496595A (en) Smart phone payment application using two-dimensional barcodes
EP1265200A1 (en) Credit card system and method
KR20000012607A (en) certification system using radio communication device
US20060259425A1 (en) Security systems for a payment instrument
WO2004104528A1 (en) Security method and apparatus for preventing credit card fraud
KR20180089136A (en) Electronic transation method and system using virtual payment information
WO2008156424A1 (en) Method for verification of a payment, and a personal security device for such verification
KR20180106446A (en) Payment system and method using mobile terminal of a salesclerk
JP2002032572A (en) Authentication system, authentication method and settlement system
KR20180106456A (en) Payment system and method using mobile terminal
US20230041655A1 (en) Slap pay and snap pay contactless payment and data systems
GB2475301A (en) Payment Authentication System and Processing Method
KR20080044459A (en) Credit card payment system using rfid license stored identification of credit card and method
EP1308912A2 (en) Method and apparatus for crediting debit service accounts
US20080217395A1 (en) Secure Internet Payment Apparatus and Method
KR20130082784A (en) Card affiliate store settlement system and terminal with account transfer reporting function and, method for settling the same

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08767212

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08767212

Country of ref document: EP

Kind code of ref document: A1