[go: up one dir, main page]

AU2004312730B2 - Transaction processing system and method - Google Patents

Transaction processing system and method Download PDF

Info

Publication number
AU2004312730B2
AU2004312730B2 AU2004312730A AU2004312730A AU2004312730B2 AU 2004312730 B2 AU2004312730 B2 AU 2004312730B2 AU 2004312730 A AU2004312730 A AU 2004312730A AU 2004312730 A AU2004312730 A AU 2004312730A AU 2004312730 B2 AU2004312730 B2 AU 2004312730B2
Authority
AU
Australia
Prior art keywords
user
transaction
information
financial
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
AU2004312730A
Other versions
AU2004312730A1 (en
Inventor
Keith Davis
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ADVANCED PAYMENT SYSTEMS Ltd
Original Assignee
ADVANCED PAYMENT SYSTEMS Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ADVANCED PAYMENT SYSTEMS Ltd filed Critical ADVANCED PAYMENT SYSTEMS Ltd
Publication of AU2004312730A1 publication Critical patent/AU2004312730A1/en
Assigned to ADVANCED PAYMENT SYSTEMS LIMITED reassignment ADVANCED PAYMENT SYSTEMS LIMITED Alteration of Name(s) of Applicant(s) under S113 Assignors: EFTWIRE LIMITED
Application granted granted Critical
Publication of AU2004312730B2 publication Critical patent/AU2004312730B2/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Description

WO 2005/066907 1 PCT/NZ2004/000007 I TRANSACTION PROCESSING SYSTEM AND METHOD 2 TECHNICAL FIELD 3 The present invention relates to a system, method and/or apparatus used to process 4 transactions. Preferably, the present invention may be used to process the financial 5 transactions of a user where the user employs a portable wireless terminal device 6 such as a cellular telephone to access the faculty provided. Reference throughout this 7 specification will in general be made to the use of portable terminals being employed 8 in conjunction with the present invention, but those skilled in the art should 9 appreciate that other implementations which do not necessarily use such terminals are 10 also envisioned. 11 BACKGROUND ART 12 The ability to execute financial transactions quickly and easily is of advantage to 13 businesses. For example, in retail situations a consumer or customer is more likely to 14 purchase goods or services on the spur of the moment if the financial transaction 15 involved can be completed conveniently. Physical cash, credit cards or electronic 16 point of sale (EFTPOS) access cards all allow the user or consumer to quickly and 17 easily execute a financial transaction to pay for goods or services. 18 In general, the most common forms of payment used in financial transactions require 19 a customer or user to be physically present at the point of sale. A purchaser normally 20 has to present some form of physical token, such as cash, or a credit, debit, bank or 21 EFTPOS card which validates the purchaser's authority to access funds available 22 through a financial institution. 23 This can be inconvenient for some people as they may wish to order and pay for 24 goods or services from a location remote from the point of sale. Furthermore, this 25 "point of sale" approach also requires that the purchaser carry some form of token at WO 2005/066907 2 PCT/NZ2004/000007 1 all times at which they may want to complete such transactions, where this token 2 must be secured against theft or unauthorised access. 3 One alternative approach to the point of sale situation discussed above is through the 4 use of credit cards and telecommunications or information technology networks. 5 Credit card payment networks allow a customer to transmit the characteristic 6 numbers and information printed onto their credit card to facilitate and authorise a 7 credit card transaction remote from the point of sale. The credit card information is 8 then collected by the seller or vendor and batch processed at a later time. 9 Although this scenario does allow users to complete a financial transaction remote 10 from the point of sale, there are still some problems with this approach. There is 11 limited security associated with the use of credit cards in such remote transaction 12 scenarios. The user of the credit card does not necessarily have to present any form 13 of authentication information or token to complete the transaction and trigger the 14 delivery of goods or services. This allows for stolen credit cards to be used to uplift 15 goods and services if the thief has access to a telephone or internet terminal. 16 Furthermore, the large number of digits and particulars of the credit card which needs 17 to be communicated to a retailer can put some customers off completing such 18 transactions. A customer needs to read out all the information printed on their credit 19 card slowly and clearly and ensure that this information is correctly relayed to the 20 retailer or seller involved. 21 In addition, this form of remote payment facility is not necessarily available to all 22 potential customers of a retailer. It is sometimes common for some of a retailer's 23 customers not to be issued with or have access to a credit card required for such 24 remote transactions. 25 One attempt to address the above problems is disclosed in US Patent No. 5,991,749. 26 This document describes the use of wireless mobile devices (such as cellular WO 2005/066907 3 PCT/NZ2004/000007 I telephones) to facilitate financial transactions where one of the parties of the 2 transaction is remote from the point of sale involved. The system described also 3 requires a user to register with the system prior to use. When employed to facilitate a 4 financial transaction the system receives identification information from the user 5 which authorises the completion of a transaction through the system's connections to 6 a financial network or institution. 7 However, again there are some limitations with the approach described in this 8 document. 9 Through limitations in the security of the system the finances or credit of a user may 10 potentially be accessed by an unauthorised third party. A user account may be set up II in conjunction with such system through information which could readily be obtained 12 through public channels or personal documentation which is not normally considered 13 to be of sensitive or secure nature. 14 For example, in some instances a bank account number or customer number for the 15 cellular telephone network provider to register an account for use with such a service. 16 Such accounts may be set up with insecure information and then subsequently used 17 anonymously to access the finances or available credit of the unsuspecting owner of 18 the information used in the registration process. Typically these accounts are set up 19 using a paper form, giving personal details over a telephone or entering personal 20 details into an internet registration form. 21 However, there is great reluctance by users to enter this information onto any form, 22 and all of these types of registration processes are time consuming. In addition, all of 23 these types of registration processes can expose confidential, personal data to other 24 sources and therefore they cannot be fully secure or trusted. These registration 25 processes require a user to sign confirming their acceptance of the terms and 26 conditions, and there is no guarantee that the signature upon the document is not WO 2005/066907 4 PCT/NZ2004/000007 I forged. 2 Furthermore, established financial institutions such as banks or other major lending 3 providers are not provided with a secure channel for transactions into their own 4 transaction processing systems or networks. As the registration or application 5 procedures employed in the system discussed above do not necessarily comply with 6 the standard, secure access protocols of normal banking institutions, there is potential 7 for these institutions to exhibit a high degree of resistance to taking up or offering 8 transactions through such a facility. 9 These types of systems also store identification information that validates the user. If 10 this information store were compromised a person would have immediate access to 11 all the information necessary to perform fraudulent transactions. 12 A system, method and/or apparatus which addressed any or all of the above problems 13 would be of advantage. A system which allows the user to remotely register for its 14 use without having to enter personal details onto a paper form, reveal personal details 15 over a telephone or enter personal details into an internet registration form and that 16 such registration occurs within existing, secure banking standards would be of 17 advantage. A system which allows the user to easily and simply participate in a 18 range of financial transactions using a number of different access terminals from a 19 wide variety of locations would also be of advantage. A system which allowed 20 access to a financial processing network where the security of the access rights is on a 21 par with existing banking or financial institutions security standards, and which 22 preferably allowed wireless or mobile electrical devices to access such financial 23 networks or services would also be of advantage. A system which has its own 24 payment authorisation process but also uses the financial institutions accepted, secure 25 payment authorisation process would be of advantage. A system which stores 26 information in such a way that if the information store was compromised, a person 27 could not use the gained information for fraudulent purposes would also be of WO 2005/066907 5 PCT/NZ2004/000007 1 advantage. A system that creates a virtual EFTPOS or ATM machine that is 2 exclusive for the user and allows the user to pay for goods would also be of 3 advantage. 4 All references, including any patents or patent applications cited in this specification 5 are hereby incorporated by reference. No admission is made that any reference 6 constitutes prior art. The discussion of the references states what their authors assert, 7 and the applicants reserve the right to challenge the accuracy and pertinency of the 8 cited documents. It will be clearly understood that, although a number of prior art 9 publications are referred to herein, this reference does not constitute an admission 10 that any of these documents form part of the common general knowledge in the art, in 11 New Zealand or in any other country. 12 It is acknowledged that the term 'comprise' may, under varying jurisdictions, be 13 attributed with either an exclusive or an inclusive meaning. For the purpose of this 14 specification, and unless otherwise noted, the term 'comprise' shall have an inclusive 15 meaning - i.e. that it will be taken to mean an inclusion of not only the listed 16 components it directly references, but also other non-specified components or 17 elements. This rationale will also be used when the term 'comprised' or 'comprising' 18 is used in relation to one or more steps in a method or process. 19 It is an object of the present invention to address the foregoing problems or at least to 20 provide the public with a useful choice, 21 Further aspects and advantages of the present invention will become apparent from 22 the ensuing description which is given by way of example only. 23 DISCLOSURE OF INVENTION 24 Accordingly in one aspect the invention relates to creating stored transaction 25 authorisation information at a remote location comprising commencing a secure 26 transaction session at a secure terminal, reading user information from a user WO 2005/066907 6 PCT/NZ2004/000007 1 transaction card in the secure terminal and remotely securely storing the information, 2 remotely securely storing information relating to a user terminal address attribute for 3 an authorisation terminal to be authorised by the user to initiate financial transactions, 4 and generating and securely storing a valid user code as a PIN offset to identify a PIN 5 to be used from the authorised terminal type. 6 Preferably the secure terminal is an ATM or EFTPOS terminal. 7 Alternatively the invention relates to a method of authorising a financial transaction 8 from a financial account comprising storing in a secure database information 9 sufficient to authorise a transaction, this information including a Personal 10 Identification Number (PIN) and a PIN offset differing from other PIN offsets of that 11 account holder, storing in said database information identifying a terminal device 12 usable by an initiator of a financial transaction, receiving from that terminal device a 13 transaction authorisation which authorisation contains a PIN, detecting whether the 14 received PIN is offset the specified amount from the stored PIN, and authorising the 15 transaction when the PIN is offset by the correct amount. 16 In yet another embodiment the invention relates to a financial transaction processing 17 system accessible by a remote user terminal, said terminal having at least one 18 associated address attribute, the system including an information store adapted to 19 secure financial information sourced from a plurality of remote users, the financial 20 transaction processing system being characterised in that a user's financial 21 information is released by the information store to process a financial transaction 22 upon receipt by the information store of a valid user terminal address attribute and a 23 valid user access code. 24 Preferably the terminal is a telephone and the terminal address attribute is the 25 telephone number of the terminal, and the user access code is a PIN. 26 In a further alternative embodiment the invention relates to a method of processing a 27 financial transaction using the financial transaction processing system substantially as 28 described above, said method being characterised by execution of the steps of: 29 receiving a user terminal address and user access code, receiving transaction 30 information, determining a transaction type from the received transaction 31 information, and releasing a user's stored financial information to process a financial WO 2005/066907 7 PCT/NZ2004/000007 1 transaction if a valid user terminal address attribute and valid user access code are 2 received and if the transaction type determined is allowed for the terminal type of the 3 remote user terminal. 4 Preferably the allowable transaction types differ for differing terminal types. 5 Preferably the allowable transaction limits differ for differing terminal types. 6 Preferably the user terminal address is a mobile telephone number and the user access 7 code is a user PIN. 8 Preferably the user terminal address is a network card address and the user access 9 code is a PIN. 10 Preferablythe authorised transaction may be a transaction which repeats at specified 11 intervals, the repetition being instigated by scheduled procedures which again release 12 the user stored financial information. 13 According to another aspect of the present invention there is provided a financial 14 transaction processing system accessible by a remote user terminal, said terminal 15 having at least one associated address attribute, 16 the system including 17 an information store adapted to secure financial information sourced from a plurality 18 of remote users, 19 the financial transaction processing system being characterised in that a user's 20 financial information is released by the information store to process a financial 21 transaction upon receipt by the information store of a valid user terminal address 22 attribute. 23 According to another aspect of the present invention there is provided a financial 24 transaction processing system substantially as described above wherein the system 25 stores financial information which is transmitted to a financial institution to process 26 the financial transaction required.
WO 2005/066907 8 PCT/NZ2004/000007 I Preferably the present invention is adapted to provide a financial transaction 2 processing system. Furthermore, the present invention may also encompass a method 3 of processing financial transactions using such a system in addition to any apparatus, 4 components or physical hardware employed within such a method to implement the 5 system required. The present invention may also encompass financial transaction 6 processing software adapted to be run or executed using computer hardware forming 7 the apparatus of the system. Reference throughout this specification will in general 8 be made to the present invention providing a financial transaction processing system, 9 but those skilled in the art should appreciate that various other components or aspects 10 of the present invention are also encompassed by such terminology. 11 A financial transaction as processed in accordance with the present invention may 12 facilitate the transfer of funds or credit between (preferably) two parties. The 13 channels or facilities employed to transfer such funds may preferably be implemented 14 through standard or existing banking channels, used for example for credit card 15 transactions or preferably electronic funds transfer point of sale (EFTPOS) 16 transactions. 17 According to a further aspect of the present invention there is provided a method of 18 processing a financial transaction using the financial transaction processing system 19 substantially as described above, said method being characterised by execution of the 20 steps of: 21 receiving a user terminal address and user access code, and 22 receiving transaction information, and 23 determining a transaction type from the receiver transaction information, and 24 releasing a user's stored financial information to process a financial transaction if a 25 valid user terminal address attribute and valid user access code are received and if the WO 2005/066907 PCT/NZ2004/000007 1 transaction type determined is allowed for the terminal type of the remote user 2 terminal. 3 Reference throughout this specification will also be made to the financial transaction 4 processed being EFTPOS transactions between a retailer or vendor of goods or 5 services and a customer of such a vendor. However, those skilled in the art should 6 appreciate that other relationships and other types of transactions or protocols may 7 also be employed in conjunction with the present invention and reference to the 8 above only throughout this specification should in no way be seen as limiting. For 9 example, in some embodiments the present invention may be adapted to set up bill 10 payment or bill payment authorisation facility which triggers the payment of a regular 11 charge or bill between a customer and a particular vendor of goods or services (such 12 as for example, a utilities company). 13 Preferably the system provided may also service the needs of a plurality of users or 14 the customers of one or more vendors of goods or services. Such a system may 15 facilitate financial transactions preferably between a large number of customers and 16 vendors, with the system, apparatus, or components employed to implement the 17 present invention providing secure access to financial information associated with 18 each of the users or customers involved. Preferably the present invention may also 19 provide customers or users remote access to such transactions where the user need 20 not necessarily be present at the point of sale involved for a particular transaction. 21 Preferably the present invention may include an information store. Such an 22 information store may be accessed by a user employing a remote user terminal to 23 facilitate the release of a user's stored and secured financial information from the 24 information store. The information store provided may be connected to or in 25 communication with a financial institution's transaction processing network to allow 26 the present invention to release sensitive, secure financial information associated with 27 a particular user to implement a required financial transaction. Preferably the WO 2005/066907 10 PCT/NZ2004/000007 1 financial information involved may be stored in electronic form or format thereby 2 allowing computerised information technology systems to be employed to both 3 manage, secure and also transmit and communicate said information on demand. 4 Preferably the financial information secured and stored in conjunction with the 5 present invention may be transmitted or supplied to a further financial institution to 6 process the financial transaction required. The present invention may act to facilitate 7 the release of such information and in turn allow the financial institution involved to 8 process the transaction required. 9 Reference throughout this specification will also be made to the present invention 10 being used in this application, but those skilled in the art should also appreciate that 11 in an alternative embodiment the actual processing of the transaction may also be 12 completed by a systems or apparatus employed in conjunction with the present 13 invention if required. 14 In a further preferred embodiment the information store provided may be 15 implemented through use of at least one computer system loaded with software 16 adapted to provide a database or other similar type of data storage and retrieval 17 facility. Database technology is well known in the art and may be used effectively to 18 store the financial information associated with a plurality of users in a secure yet 19 easily and quickly accessible facility. Furthermore, the information store provided 20 may also include security software and/or hardware used to validate information or 21 communications from a user wishing to access secured financial information. Such 22 components can be employed to determine whether the user involved has the 23 authority to execute a particular financial transaction using the secured financial 24 information involved. 25 Preferably the present invention may allow a user or customer to employ a remote 26 user terminal to communicate with the information store and subsequently trigger the WO 2005/066907 11 PCT/NZ2004/000007 1 release of secured financial information to execute a required transaction. Preferably 2 the remote user terminal employed may communicate with the information store 3 using existing communications infrastructure procedures, protocols or facilities which 4 are secured against authorised interception. 5 In a further preferred embodiment a mobile remote user terminal may be employed to 6 access or use the present invention. A mobile terminal, such as for example, a 7 cellular telephone or cellular enabled personal digital assistant (PDA), or laptop 8 computer may be employed in conjunction with the present invention. These types of 9 terminals can allow convenient and secure access to the financial transaction facility 10 provided. Reference throughout this specification will also be made to the remote 11 user terminal employed being a cellular telephone or other type of wireless or radio 12 frequency based transceiver. However, those skilled in the art should appreciate that 13 other types of terminals may also be used in conjunction with the present invention 14 and reference to the above only throughout this specification should in no way be 15 seen as limiting. For example, in one alternative embodiment land line telephones 16 may also be employed as a user terminal if required. 17 Preferably a terminal used to access or communicate with the information store may 18 include or have associated at least one address attribute. An address attribute may 19 uniquely identify the specific user terminal involved and preferably may provide a 20 communication routing address normally used to facilitate communications with the 21 terminal involved. For example, in a preferred embodiment a cellular telephone may 22 be employed as a remote user terminal, where the telephone number of the cellular 23 phone makes up the address attribute required or used. 24 Those skilled in the art should appreciate that the address attribute associated with 25 terminal employed will be determined by the type of terminal in addition to 26 communications channels or protocols used by the terminal. For example, in other 27 alternative embodiments internet protocol addresses for computer systems, network WO 2005/066907 12 PCT/NZ2004/000007 I card MAC addresses or remote access point addresses for wireless computer 2 networks may also provide address attributes to be employed in conjunction with the 3 present invention. 4 Preferably a prior user registration procedure may be implemented in conjunction 5 with the present invention before a user is allowed to access the facilities provided in 6 accordance with the present invention. This prior user registration process may be 7 employed to secure access to the financial information held by the information store. 8 This procedure may be implemented to prevent an unauthorised user from gaining 9 access to such information and subsequently completing an unauthorised financial 10 transaction. 11 Preferably as part of this registration process, a user may provide or supply details of 12 the address attribute of a remote terminal they wish to employ to access the facilities 13 provided in accordance with the present invention. For example, in a further 14 preferred embodiment where the remote user terminal employed is a cellular 15 telephone, the telephone number of the cellular phone involved may be supplied as 16 part of this registration process. Preferably the prospective user of the present 17 invention may provide an address attribute which uniquely identifies their terminal, 18 and where the terminal involved preferably is only accessible to the user wishing to 19 execute financial transactions in accordance with the present invention. 20 Reference throughout this specification will also be made to the user terminal 21 employed being a cellular telephone. The address attribute provided may in such 22 instances be the telephone number of such as cellular 'terminal', which can uniquely 23 identify the terminal involved. Furthermore, reference throughout this specification 24 will also be made to a user communicating with the financial transaction processing 25 system using a single terminal only which has a single address attribute. However, 26 those skilled in the art should appreciate that more than one terminal may be 27 employed by a single user, as may more than one address attribute for a single WO 2005/066907 13 PCT/NZ2004/000007 1 terminal if required. Those skilled in the art should appreciate that other 2 configurations and arrangements of the present invention are envisioned and 3 reference to the above only throughout this specification should in no way be seen as 4 limiting. 5 In a preferred embodiment as part of this user registration process, a user may also be 6 supplied with an access code or the user may choose a specific code. Such an access 7 code can, in combination with a received valid user terminal address attribute, 8 authorise a user's access to the financial information which is secured in the 9 information store and hence provide the ability to complete financial transactions 10 using said information. 11 In a further preferred embodiment the access code provided may take the form of a 12 password or a sequence of alphanumeric characters. Most users of the present 13 invention would be familiar with personal identification numbers (PINs) used to 14 access EFTPOS based transactions. A distinct alphanumeric access code may 15 preferably take the form of a number of digits that may be lesser than, equal to or 16 greater than the format of standard banking PIN numbers where this access code 17 should only be known to the user registering to employ the facilities provided in 18 accordance with the present invention. 19 Preferably the information store provided may be adapted to release the stored and 20 secured financial information of a particular user upon receipt of a valid user terminal 21 address and valid access code for the owner of the information involved. Preferably 22 the owner of such information may be the only person or party with access to both 23 the remote user terminal (which has the associated received address attribute) and 24 who is the only person or party in possession of the access code employed. Upon 25 receipt of a valid terminal address attribute and access code associated with a 26 particular user, the user's secured financial information may then be released and 27 used to implement or execute a financial transaction.
WO 2005/066907 14 PCT/NZ2004/000007 1 In a further preferred embodiment the terminal address attribute employed to validate 2 or authorise access to such financial information may preferably be extracted from 3 communications made directly between the information store and remote user 4 terminal. The information store may query or receive such address attribute 5 information from the remote terminal, and may authorise or subsequently refuse 6 access to the financial information stores depending on whether the correct address 7 attribute for an identified user's terminal is received. For example, in one 8 embodiment caller line identification technology can be employed to obtain or extract 9 the telephone number address attribute of a calling user's telephone. 10 In a further preferred embodiment the level of security that the remote user terminal 11 supports and the level of security on the communication lines employed determine 12 the range of financial services that the user of the remote terminal may expect to gain 13 access to. 14 For example, in one preferred embodiment the progress of a transaction may be 15 allowed or refused in conjunction with the present invention depending on the 16 particular type of terminal employed by a user. Different types of terminals and 17 communications equipment have differing levels of security facilities some of which 18 can allow unauthorised persons to receive and interpret communications, giving them 19 the potential to fraudulently execute a transaction with a user's financial details. 20 In a preferred embodiment each financial transaction which may be executed or 21 processed in conjunction with the present invention may be assigned a particular 22 type. The type of transaction will preferably be determined by the significance or 23 liability involved to a user if the transaction could be completed by an authorised 24 person. For example, one-off bill payments to an assigned payee associated with the 25 user may be provided with a different transaction type to direct electronic transfers of 26 funds to any indiscriminant third party bank account. Different transaction types may 27 be allowed for more secure types of terminal (such as for example WAP enabled WO 2005/066907 15 PCT/NZ2004/000007 I cellular telephones), while the same transaction can be disabled for the more basic 2 forms of terminals (such as voice only cellular telephones or land lines). 3 In a further preferred embodiment each financial transaction that occurs within the 4 system may be matched against limits or regulated in some way so as to monitor and 5 prevent fraudulent use of the system. 6 In yet another embodiment of the present invention monitoring software or processes 7 may also track historical transaction activity for a particular user. Such monitoring 8 algorithms (also known as "scoring engines") can monitor transactions processed in 9 association with a particular user to detect irregular usage patterns or patterns that 10 indicate the potential for fraud or unauthorised use of financial details has occurred. 11 Such monitoring algorithms may disable further transactions being made in 12 association with a particular user if such potential fraudulent activities are detected. 13 According to a further aspect of the present invention there is provided a method of 14 registering a user with a financial transaction processing system, said user having 15 been issued with a token by a financial institute, said token being used to facilitate 16 financial transactions 17 the method of registering a user being characterised by the steps of: 18 i) receiving token information associated with the token issued to the user 19 requesting registration, and 20 ii) receiving an institution authorisation code from said user, said authorisation 21 code being used to make a valid identification of said user, and 22 iii) receiving at least one address attribute associated with a remote user terminal to 23 be used by the user to access the financial transaction processing system, and 24 iv) generating and/or receiving an access code to the user to allow access to the WO 2005/066907 16 PCT/NZ2004/000007 1 financial transaction processing system. 2 According to a further aspect of the present invention there is provided a method of 3 registering a user with a financial transaction processing system, said user having 4 been issued with a token by a financial institute, said token being used to facilitate 5 financial transactions 6 the method of registering a user being characterised by the steps of: 7 i) receiving token information associated with the token issued to the user 8 requesting registration, said token normally being used by said financial 9 institute to identify financial details of said user, and 10 ii) receiving an institution authorisation code from said user, said authorisation 11 code being used to make a valid identification of said user, and 12 iii) receiving at least one address attribute associated with a remote user terminal to 13 be used by the user to access the financial transaction processing system, and 14 iv) assigning or receiving an access code to the user to allow access to the financial 15 transaction processing system. 16 According to a further aspect of the present invention there is provided a method of 17 registering a user substantially as described above wherein said registration method 18 occurs without the user having to communicate or disclose any financial details 19 identified by the financial institution using the token information associated with the 20 token issued to the user. 21 According to yet another aspect of the present invention there is provided a method 22 of registering a user substantially as described above wherein the assigned access 23 code is generated for and communicated to the user. 24 According to yet another aspect of the present invention there is provided a method WO 2005/066907 1 7 PCT/NZ2004/000007 1 of registering a user substantially as described above wherein the assigned access 2 code is generated by the user and communicated to the system employed to 3 implement the present invention. 4 According to a further aspect of the present invention there is provided a method of 5 registering a user with a financial transaction processing system substantially as 6 described above, wherein said institution authorisation code is adapted to authorise 7 transactions to be completed in conjunction with the token issued to the user. 8 According to a further aspect of the present invention there is provided a method of 9 registering a user with a financial transaction processing system substantially as 10 described above wherein an automatic teller machine is used to receive the token 11 information and institution authorisation code. 12 According to yet another aspect of the present invention there is provided a method 13 of registering a user with a financial transaction processing system substantially as 14 described above wherein the institution authorisation code is adapted to facilitate 15 point of sale financial transactions in conjunction with the token issued to the user. 16 Preferably the present invention may employ tokens issued by existing or established 17 financial institutions, where these tokens are used by the customers of such 18 institutions to facilitate financial transactions. Preferably the transactions involved 19 may be point of sale transactions where the token provides the financial information 20 required to execute a transaction between the customer or user involved and vendor 21 of goods or services. 22 Those skilled in the art should appreciate that a financial institution as referred to 23 throughout this specification may be defined as any entity, group, or association 24 which provides financial services. Such institutions may provide standard banking 25 facilities and/or additional credit or loan facilities to customers or members - and 26 hence will be issuing tokens to users or customers which allow access to or which can WO 2005/066907 18 PCT/NZ2004/000007 1 facilitate the execution of financial transaction. Furthermore, a financial institution as 2 discussed in accordance with the present invention may also employ, implement or 3 run the financial transaction processing system provided in accordance with the 4 present invention if required. 5 In a further preferred embodiment, a token used in the registration process may be an 6 electronic funds transfer point of sale (EFTPOS) card. EFTPOS cards are well 7 known in the art and commonly employed by the customers of financial institutions 8 to execute financial transactions using an EFTPOS transaction network. EFTPOS 9 cards can also be used with automatic teller machines (ATM's) which are provided 10 by financial and banking institutions to allow customers to have access to financial 11 services or transactions outside of the normal operating hours of the institution or 12 bank. 13 Reference throughout this specification will also be made to the token employed in 14 the registration process being an EFTPOS card. EFTPOS cards are commonly used 15 by a wide number and variety of customers of financial institutions to obtain access 16 to debit balance, funds or credit facilities available through such institutions with 17 these cards also being known as ATM cards, debit cards, EFTPOS cards or bank 18 cards. However, those skilled in the art should appreciate that other types of tokens 19 issued by financial institutions may also be used in conjunction with the present 20 invention and references to EFTPOS cards only in isolation throughout this 21 specification should in no way be seen as limiting. Furthermore, references will also 22 be made to an EFTPOS card being composed of a small plastic sheet or token with a 23 strip of magnetised material being applied to the surface of same or a smart chip 24 imbedded in or applied to the surface of same. This magnetised strip or smart chip 25 may have encoded specific information in relation to the particulars of the card where 26 this information can be extracted to execute or implement a financial transaction. 27 Again those skilled in the art should appreciate that alternative types of cards or WO 2005/066907 19 PCT/NZ2004/000007 I tokens may also be employed in conjunction with the present invention and reference 2 to the above only throughout this specification should in no way be seen as limiting. 3 Preferably in the primary or first stage of the registration process, token information 4 may be received relating to the specific EFTPOS card or other type of transaction 5 based token issued to a specific user. The token information received can be similar 6 to that extracted from an EFTPOS card to facilitate a transaction using the EFTPOS 7 network. In a further preferred embodiment, the token information received or 8 extracted may include information encoded onto a magnetic stripe or smart chip 9 mounted on the card. This magnetic strip or smart chip can provide specific 10 information in relation to the card or token issued by a particular financial institution. 11 Preferably the token information received may encompass all information required to 12 facilitate an EFTPOS transaction in addition to any information required to 13 authenticate or validate a particular user's rights to access or implement such 14 transaction. 15 For example in a preferred embodiment, token information may be supplied which 16 consists of any number or combination of a unique card or token number, an account 17 or customer number for the user or customer issued the token, a PIN block associated 18 with a personal identification number or institution authorisation code, as well as 19 ownership or user validation information either printed or stamped into the material 20 of the token or card, or alternatively encoded into a magnetic stripe portion or smart 21 chip of the card. 22 In a further preferred embodiment, an institution authorisation code may also be 23 received as part of the registration process executed. This authorisation code may be 24 used to make a valid identification of the specific user who wishes to register to gain 25 access to the facilities or functions provided by the financial transaction processing 26 system involved. In a further preferred embodiment, the institution authorisation WO 2005/066907 20 PCT/NZ2004/000007 I code received may be the same code which authorises transactions to be implemented 2 in relation to the token or EFTPOS card issued to the user. This institution 3 authorisation code may preferably be used in conjunction with the card or token 4 issued to authorise point of sale transactions. .5 In a preferred embodiment, where an EFTPOS card is employed as the user token 6 involved, the institution authorisation code may be formed from or composed of the 7 personal identification or PIN number issued to a user to authorise point of sale 8 transactions. The level of security of information afforded by the use of an EFTPOS 9 card and a PIN number as an access code meets the same standards, criteria's and 10 protocols commonly accepted as secure by the existing financial institution which 11 issued the card or token involved. These standards and protocols follow 3 basic 12 rules: 13 i) something the user has (EFTPOS card), 14 ii) something the user knows (their PIN number), 15 iii) something the user wants (to register). 16 By employing the EFTPOS card and associated PIN number as part of a user 17 registration process, the financial institution issuing the card to their customer (who is 18 registering to use the present invention) can be assured that security standards on a 19 par with or equivalent to their own are being used to control the registration process. 20 Preferably as part of the user registration process executed, at least one address 21 attribute of a remote user terminal may also be received. An address attribute can 22 uniquely identify a specific terminal device to be employed by the user registering to 23 access the financial transaction processing system, as discussed above. After details 24 of a user's EFTPOS card have been received and the identity of a user has been 25 confirmed through receipt of a correct PIN number, the address attribute or attributes WO 2005/066907 21 PCT/NZ2004/000007 1 of a user's terminal may then be recorded. As discussed above, a cellular telephone 2 number for a user's cellular phone can be employed as an address attribute where this 3 phone number in combination with an authentic or valid access code will allow a user 4 to execute transactions in accordance with the present invention. 5 Preferably once the above information has been received and the identity of the user 6 wishing to register has been validated or confirmed, an access code may be generated 7 and released to the newly registered user. This access code can be used in 8 conjunction with the address attribute of the user's terminal to gain access to and 9 facilitate the execution of financial transactions using the present invention. In a 10 further preferred embodiment, the access code provided may be generated or chosen 11 by the user and subsequently supplied to the components, equipment or personnel 12 employed to complete the registration process. Alternatively and in other 13 embodiments a random or secure access code may be generated and supplied to the 14 user. 15 Preferably once the access code has been generated or received, the registration 16 terminal will then calculate an access code offset. The access code offset is the 17 numeric difference between the user's access code and the PIN number entered by the 18 user to validate the token. By using this access offset code, it ensures that the system 19 does not store the user's access code or the user's EFTPOS PIN number within its 20 information store and therefore this protects the data within the information store 21 from fraudulent use. 22 In this embodiment the provision of an access code offset avoids the need for the 23 present invention to store a user's EFTPOS card PIN number or financial institution 24 authorisation code, thereby eliminating the chance of unauthorised persons obtaining 25 access to a user's card PIN number from the information store. Furthermore, 26 financial transactions may be processed or forwarded to a financial institution for 27 processing without validation of the access code supplied by a user. The access code WO 2005/066907 22 PCT/NZ2004/000007 1 supplied will in turn be used to generate an EFTPOS card PIN number which is in 2 turn incorporated into a transaction quest forwarded to a financial institution. If the 3 supplied access code is incorrect then the associated EFTPOS card PIN number 4 generated will be incorrect and the transaction involved will be refused by the 5 financial institution. 6 Reference throughout this specification will also be made to the present invention 7 employing or storing an access code offset in relation to a particular user to in turn 8 avoid storing the user's EFTPOS card PIN number or financial institution 9 authorisation code. However, those skilled in the art should appreciate that other 10 configurations of the present invention are envisioned and reference to the above only 11 throughout this specification should in no way be seen as limiting. 12 Preferably once this registration process procedure has been completed, the token or 13 card information received and the access code offset assigned to the user may be 14 stored within the information store provided as part of the financial transaction 15 processing system. The token or card information received may therefore form at 16 least a portion of the financial information to be recorded and secured within the 17 information store. Furthermore, the information store may also retain or associate as 18 part of the financial information of a user both the supplied address attributed or 19 attributes for a user terminal in addition to the access code offset generated from the 20 access code assigned to the user. Upon receipt of a transmission or connection with 21 the user's terminal, the information store may release financial information 22 incorporating or including the token information received when a valid access code is 23 supplied, and when the information store can determine that the communicating 24 terminal has the same address attribute as that stored or recorded. 25 Preferably, the financial information secured by the information store may be used to 26 allow the information store and associated hardware or software to emulate the 27 functions of an EFTPOS terminal normally used to complete an EFTPOS financial WO 2005/066907 23 PCT/NZ2004/000007 I transaction. The information store can retain a 'virtual' record of the EFTPOS card 2 which can be accessed by an authorised remote user to complete financial 3 transactions. The virtual card recorded in the information store can allow the 4 information store to act substantially the same as an EFTPOS terminal after an 5 EFTPOS card's magnetic strip has been swiped and read. 6 Furthennore, in an additional preferred embodiment the user supplied access code 7 and the stored access code offset can be used to generate or calculate the banking PIN 8 number or institution authorisation code to be used to authorise the execution of an 9 EFTPOS based transaction. The PIN number or institution authorisation code 10 required can be calculated from the difference between the stored access code offset 11 and the access code supplied by a user. A calculated card PIN number can then be 12 used as part of the payload of a financial transaction to be processed by a financial 13 institution. 14 In a preferred embodiment an automatic teller machine or ATM may be used to 15 receive token information from a user wishing to register to use the financial 16 transaction processing system discussed above. An ATM machine normally includes 17 a magnetic swipe or stripe card reader or smart chip card reader which can be 18 employed to extract or retrieve the token information required as part of the 19 registration process. Furthermore ATM machines are generally housed or located 20 within relatively secure locations to prevent tampering with same. 21 In a further preferred embodiment an ATM machine may also be employed to receive 22 the institution authorisation code or PIN number from a user associated with the 23 particular EFTPOS card or token read by the ATM. Again existing banking or 24 financial institution infrastructure already employed by the ATM machine may be 25 used to check the received PIN number against records held by the financial institute 26 to make valid identification of the user wishing to register. Existing hardware or 27 components employed in the design and construction of an ATM machine (such as a WO 2005/066907 24 PCT/NZ2004/000007 I key pad) may be employed by a user to supply a PIN number or institution 2 authorisation code required as part of the registration process. 3 In a further preferred embodiment an ATM machine may also be adapted to receive 4 the address information or attribute associated with the particular terminal device a 5 user wishes to employ. Again a keypad or other similar type of hardware or 6 components may be employed in conjunction with the ATM machine to receive such 7 an address attribute or attributes as part of the registration process. 8 In a further preferred embodiment an ATM machine may also be adapted to generate 9 or receive the access code a user wishes to employ. Again a screen or keypad or 10 other similar type of hardware or components may be employed in conjunction with 11 the ATM machine to receive, deliver or assign such access code as part of the 12 registration process. 13 In a further preferred embodiment an ATM machine may also be adapted to generate 14 an access code offset. For example, and as discussed above, the access code offset 15 may be calculated from the difference between the entered card PIN or institution 16 authorisation code and the access code assigned to the user, where the access code is 17 either generated by the ATM machine or alternatively by the user. 18 Reference throughout this specification will also be made to an automatic teller 19 machine or ATM being employed by a prospective user to register for access to the 20 financial transaction processing system provided. An existing ATM machine may be 21 employed to read card or token information, receive a institution assigned PIN 22 number to validate the identity of the user and to subsequently receive an address 23 attribute of a user's terminal and to issue or receive an access code to a user and to 24 calculate an access code offset. 25 However, those skilled in the art should appreciate that other components, hardware 26 or systems may also be employed and reference to the above only throughout this WO 2005/066907 25 PCT/NZ2004/000007 1 specification should in no way be seen as limiting. For example, standard car readers 2 or keypads available to the counter or branch staff of a financial institute or bank may 3 be employed, as potentially could existing EFTPOS terminals used by merchants or 4 vendors of goods and services. 5 The present invention may provide many potential advantages over the prior art. 6 The present invention may enable a user to execute point of sale transactions from a 7 remote location. A number of convenient remote terminal devices such as cellphones 8 or PDA's may be employed by the user to participate in a remote EFTPOS 9 transaction for example, with the user being provided with secure and convenient 10 access to these types of transactions. 11 Furthermore, the registration system discussed above improves a security of access to 12 these transactions, as existing financial institution and banking security procedures 13 are implemented to ensure only authorised users have access to the present invention. 14 In addition the registration system discussed above allows a user to be registered 15 without the user having to disclose or provide confidential financial details or 16 information. The card or token issued to a user may be employed to access such 17 sensitive information without said information needing to be written down, 18 transmitted or otherwise disclosed as part of the registration process. '19 The present invention may also provide a financial transaction processing system 20 which can be configured in such a way that if the stored information was 21 compromised, an unauthorised person could not use the gained information for 22 fraudulent purposes through the availability of only user access codes offsets as 23 opposed to institution authorisation codes. 24 The system implemented in conjunction with the present invention may also provide 25 significant advantages and improve facilities over the existing prior art. The present WO 2005/066907 26 PCT/NZ2004/000007 1 invention may allow remote EFTPOS based transactions to be executed in real time 2 to allow the user with convenient mechanism for completing a transaction, similar to 3 that currently available widely for credit cards. Furthermore, in one instance, the 4 present invention may be applied to allow a user to execute a financial transaction to 5 purchase the rights to use a credit card or credit card number assigned a specific 6 credit value. The credit card number and associated credit purchase may be used (for 7 example) with on-line internet based commerce websites known to accept only credit 8 card numbers as a payment option. 9 Furthermore the present invention may also allow remote EFTPOS transactions to be 10 executed in real time. The system, apparatus and software employed in conjunction 11 with the present invention may resemble or build an EFTPOS transaction and 12 forward same to a financial institute for processing while the user waits. An 13 immediate answer as to the availability of said transaction can then be supplied back 14 to the user again in real time while in turn the transaction required is processed. 15 BRIEF DESCRIPTION OF DRAWINGS 16 Further aspects of the present invention will become apparent from the following 17 description which is given by way of example only and with reference to the 18 accompanying drawings in which: 19 Figure 1 illustrates a block schematic diagram of components employed to 20 provide a financial transaction processing system in accordance with 21 a preferred embodiment, with these components being distributed 22 over a number of remote locations, and 23 Figure 2 shows a sequence diagram for communication and information 24 flows executed by a financial transaction processing system 25 provided in accordance with an alternative embodiment, where the 26 system is used to facilitate an EFTPOS transaction, and WO 2005/066907 27 PCT/NZ2004/000007 1 Figure 3 shows a sequence diagram for communications and information 2 flows executed by a financial transaction processing system 3 provided in accordance with an alternative embodiment where the 4 system is used to register a new user to use the system. 5 Figure 4 shows generally the components required to securely register a user 6 to enable them to make use of the access code system. 7 BEST MODES FOR CARRYING OUT THE INVENTION 8 Figure 1 illustrates a block schematic diagram of components employed to provide a 9 financial transaction processing system in accordance with a preferred embodiment. 10 These components include a users telephone 101, connected via an interface server 11 102 to an EFTPOS terminal server 103. This latter detects that the call is from a 12 specified telephone and in conjunction with an access code supplied by the user 13 queries a virtual card provider 104 and track 2 database 105. The track 2 database 14 stores all the information on track 2 of a standard card and releases this information 15 for a financial transaction process to occur on EFTPOS transaction processor 106 16 only if the user is calling on a specified telephone with an access code which is 17 approved for that telephone. 18 The majority of the components of the financial transaction processing system 19 provided are located within a secure hosting environment with physical access -to 20 same being restricted to authorised persons only. The system provided includes an 21 EFTPOS transaction server (ETS), a track-2 database (T2DB), and a virtual card data 22 provider (VCD) all located within the secure hosting environment provided. The 23 transaction processing system also includes an interface server (EIS) located outside 24 of the secure hosting environment which is associated with a telecommunication 25 service providers network. The interface server provides a link or connection 26 between the infrastructure of a telecommunications network and the EFTPOS WO 2005/066907 28 PCT/NZ2004/000007 I terminal server located within the secure hosting environment. 2 The transaction processing system also includes links to an EFTPOS transaction 3 processing system or network (ETSL) within the secure hosting environment, where 4 the ETSL also normally receives and processes EFTPOS transactions from other 5 sources. 6 The telecommunications network provides a communications channel between the 7 transaction processing system and a remote user terminal, shown in this embodiment 8 as a cellular telephone. The cellular telephone is employed by a user to execute 9 EFTPOS based financial transactions. 10 The track-2 database (T2DB) is adapted to form the main portion of the information 11 store employed in conjunction with the present invention. The IS and ETS facilitate 12 the management of communications with other external elements systems while the 13 VCD employs decryption and security algorithms to generate an institution 14 authorisation code or an institution PIN number for a particular user. This code is 15 used to implement a standard EFTPOS transaction within the secure hosting 16 environment. 17 Figures 2 and 3 show in more detail both the use of the system to execute EFTPOS 18 based financial transaction and also the registration of a new user with the system to 19 authorise such a user to execute EFTPOS based transactions. 20 As shown with respect to figure 2, the first steps used to implement a financial 21 transaction occur at stages 1 and 2 where a user creates a session with the system by 22 dialling a specific number with their cellular phone or remote terminal. At stage 2 23 the telecommunications network sets up the call required, and at stage 3 connects the 24 call to the interface server employed. 25 At stage 4 the Interface Server obtains the telephone number of the calling cellphone WO 2005/066907 29 PCT/NZ2004/000007 1 (being the terminal's address attribute) using caller line identification technology. At 2 this stage the interface server then requests that the user key in an access code where 3 this access code, when keyed in is transmitted through the network to the interface 4 server. At this stage the user is also prompted to enter in details of the transaction 5 they wish to implement, such as an account number or designated payee to which 6 funds are being transferred in addition to the amount to be transferred and the date of 7 transfer. Lastly, once all the information required to implement the transaction has 8 been received, this information "payload" from the interface server is encrypted and 9 at stage 5, transmitted to the EFTPOS transaction (ETS) located within the secure 10 hosting environment. 11 At stage 6 the ETS decrypts the received payload from the IS and applies an 12 alternative encryption (known as 3DES to those skilled in the art) to this information 13 and subsequently transmits same to the track-2 database (T2DB). At stage 7 T2DB 14 receives encrypted information from the ETS and decrypts same using the 3DES 15 encryption scheme employed by the ETS. The decrypted information is then used to 16 address and access financial information stored by the track-2 database with respect 17 to the specific user contact in the system. The T2DB then returns the stored financial 18 information associated with the particular user identified by both the calling 19 cellphone number and access code provided. In the embodiment discussed 20 information from the second track of the magnetic stripe card provided in the 21 identified user's EFTPOS card is returned encrypted to the ETS, again using the same 22 encryption scheme originally employed by the ETS. 23 At stage 8 of this process, the information returned from the T2DB is then decrypted 24 by the ETS, thereby providing the ETS with essentially the same information 25 available to a standard merchant EFTPOS terminal after a customer's EFTPOS card 26 has been read and the customer has entered the secure EFTPOS card PIN number. 27 The secure EFTPOS card PIN is calculated at stage 9 in conjunction with the virtual WO 2005/066907 30 PCT/NZ2004/000007 1 card data provider (VCD) discussed with respect to figure 1. The track-2 data 2 retrieved from T2DB includes access code offset data which indicates a value by 3 which the user's access code is offset from the user's EFTPOS card PIN number or 4 financial institution authorisation code. This allows a user's EFTPOS card PlN 5 number to be calculated in real time for use in a transaction without the need to have 6 this PIN number stored and potentially available for compromise and use by an 7 unauthorised person. 8 The calculated card PIN can then, in combination with received details of the 9 EFTPOS card number and a PIN offset coded into said card, be used to construct a 10 standard EFTPOS transaction. This transaction payload can then at stage 9 be 11 transmitted to the standard EFTPOS transaction processing system (ETSL). 12 The ETSL then processes the EFTPOS transaction and forwards the transaction to the 13 user's financial institution and returns a response from the financial institution at 14 stage 10 indicating that the transaction proposed was accepted and processed, or 15 declined. Subsequently at stage 11 the ETS system returns the results of the 16 transaction submission to the interface server including any particulars of the 17 transaction processed. 18 At stage 12 a utility database (U1DB) of, in this instance, the payee involved with the 19 transaction is then updated to indicate that a transaction is being processed for the 20 user identified. 21 At stage 13 the interface server subsequently generates a response message to be 22 transmitted back to the user's cellular phone, which at stage 14 gives the user 23 feedback regarding the success or otherwise of the transaction proposed. 24 Figure 3 shows in a similar form to figure 2, a sequence of communications or 25 information transmissions implemented in conjunction with the present invention to 26 register a new user and authorise same to use the financial transaction processing WO 2005/066907 31 PCT/NZ2004/000007 I system discussed above. 2 In a first stage of this process the terminal shown or discussed is an automatic teller 3 machine which includes a swipe card or magnetic strip card reader or smart chip 4 reader. This reader is used at stage 1 shown to read information encoded to a 5 magnetic stripe or smart chip of a user's ATM card. At stage 1 the ATM is also used 6 to receive via keypad a mobile telephone number for the user in addition to an access 7 code selected by the user to be employed to use the financial transaction processing 8 system. At this stage the ATM is also used to receive the ATM card PIN number, 9 normally used by the user to implement a transaction using their own ATM card. 10 This information is then transmitted from the ATM machine to the standard ATM 11 transaction processing network which is connected to ETSL or direct to the financial 12 institution that issued the ATM card. The ETSL component in turn at stage 2 13 contacts the financial institution which issued the ATM card to the registering user 14 and supplies the received ATM card PIN number to obtain a valid identification and 15 authorisation for the user. At stage 3 the results of this identification or authorisation 16 based on the PIN number supplied are returned by the bank systems, and an 17 indication of the success or otherwise of the authorisation process is returned from 18 the ETSL to the terminal ATM machine at stage 4. 19 Provided that the correct ATM card PIN number has been supplied by the registering 20 user, stage 5 is then executed where the PIN offset is calculated by the ATM and the 21 magnetic track-2 card data or smart chip data extracted from the user's ATM card by 22 the ATM is transmitted to the ETSL system in the form of a pre-authorisation 23 transaction request. In turn the ETSL system forwards this track-2 based "payload" 24 information onto the visual card data (VCD) system and associated track-2 database 25 (T2DB) employed in conjunction with the present invention. This payload 26 information consisting of the financial information to be recorded in association with 27 the registering user, which is processed by the VCD and T2DB at stages 5 and 6.
WO 2005/066907 32 PCT/NZ2004/000007 1 Once this required financial information has been successfully stored, the ETSL will 2 be advised at stage 7 of this successful result and the ETSL will in turn return a result 3 message at stage 8 to the tenninal ATM machine to indicate to the user that they have 4 been successfully registered for use with the financial processing system provided. 5 Figure 4 shows a block diagram of a terminal allowing the registration of user data in 6 this way with a circuit board 120. A card read by magnetic stripe or chip reader 128 7 triggers presentation of a menu on screen 121, one of the menu options being 8 registration of the user for remote transaction via an insecure link. Choice of this 9 option allows the user to enter the required information under control of the software 10 embedded in chips 123 (the standard base software) and 123a (the software for 11 eliciting the telephone number and associated access code) into keyboard 122. This 12 information is then transmitted in encrypted form, preferably DES encrypted, to the 13 EFTPOS Terminal Server by communications chip 127 together with the track 2 14 information from the users card and the users bank PIN. The track 2 data is recorded 15 in the track 2 database (T2DB). The information recorded includes a telephone PIN 16 (TPIN) which is recorded in the form of an offset from the bank PIN. This offset PIN 17 should differ from both the actual calculated PIN and from the PIN which is normally 18 used by the user and which is also stored as an offset. Typically this TPIN would be 19 entered twice to allow validation at entry. 20 Calculation of the offset may be carried out by the terminal at which the entry is done 21 or at the destination. Any transmission of the PIN offset is required to be encrypted. 22 A single user may have several associated telephone numbers and TPINs, and the 23 facilities associated with each may vary depending upon the inherent security of the 24 telephone type. 25 Aspects of the present invention have been described by way of example only and it 26 should be appreciated that modifications and additions may be made thereto without WO 2005/066907 PCT/NZ2004/000007 33 1 departing from the scope thereof 2 INDUSTRIAL APPLICABILITY 3 The methods and apparatus of the present invention relate to the field of financial 4 transactions and to the manner in which information is held to allow authorisation of 5 a transaction from a nominally insecure terminal. The process of registering to carry 6 out a financial transaction of this type involves a modified secure terminal, and the 7 process of carrying out a transaction involves the use of a modified transaction server 8 network in cooperation with a users input.

Claims (11)

1. A method of creating stored transaction authorisation information at a remote location comprising commencing a secure transaction session at a secure terminal, reading user information from a user transaction card in the secure terminal and remotely securely storing the information, remotely securely storing information relating to a user terminal address attribute for an authorisation terminal to be authorised by the user to initiate financial transactions, and generating and securely storing a, valid user code as a PIN offset to identify a PIN to be used from the authorised terminal type.
2. A method as claimed in claim 1 wherein the secure terminal is an ATM or lFPOS terminal.
3. A method of authorising a financial transaction from a financial account comprising storing in a secure database information sufficient to authorise a transaction, this information including in formation allowing calculation of a Personal Identification Number (PIN) and a PIN offset differing from other PIN offsets of that account holder, storing in said database information identifying a terminal device usable by an initiator of a financial transaction, receiving from that terminal device a transaction authorisation which authorisation contains a PIN, detecting whether the received PIN is offset the specified amount from the stored PIN , and passing information authorising the transaction to a, remote financial transaction server when the calculated PIN is offset by the correct amount
4. A financial transaction processing system accessible by a remote user terminal, said terminal having at least one associated address attribute, the system including an information store adapted to secure financial information sourced from a plurality of remote users, the financial transaction processing system being characterised in that a user's financial information is released by the information store to a remote financial transaction server to allow processing of a financial transaction upon receipt by the in formation store of a valid user terminal address attribute and a valid user access code. IndMAOWrLAnamd~iimi ZO1. 200 .doc 35
5. A financial transaction processing system-as claimed in claim 4 wherein the terminal is a telephone and the terminal address attribute is the telephone number of the terminal, and the user access code is a PIN.
6. A method of processing a financial transaction using the financial transaction processing system substantially as claimed in claim 4, said method being characterised by execution of the steps of: receiving a user terminal address and user access code, receiving transaction information, determining a transaction type from the received transaction information, and releasing a user's stored financial information to a remote financial transaction processor to process a financial transaction if a valid user terminal address attribute and valid user access code are received and if the transaction type determined is allowed for the terminal type of the remote user terminal.
7. A method as claimed in claim 6 wherein the allowable transaction types differ for differing terminal types.
8. A method as claimed in claim 6 wherein there are allowable transaction limits and the allowable transaction limits differ for differing terminal types.
9. A method as claimed in claim 6 wherein the user terminal address is a mobile telephone number and the user access code is a user PIN.
10, A method as claimed in claim 6 wherein the user terminal address is a network card address and the user access code is a PIN.
11. A method as claimed in claim 6 wherein the authorised transaction may be a transaction which repeats at specified intervals, the repetition being instigated by scheduled procedures which again release the user stored financial information.
AU2004312730A 2004-01-12 2004-01-12 Transaction processing system and method Ceased AU2004312730B2 (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/NZ2004/000007 WO2005066907A1 (en) 2004-01-12 2004-01-12 Transaction processing system and method

Publications (2)

Publication Number Publication Date
AU2004312730A1 AU2004312730A1 (en) 2005-07-21
AU2004312730B2 true AU2004312730B2 (en) 2009-11-12

Family

ID=34748261

Family Applications (1)

Application Number Title Priority Date Filing Date
AU2004312730A Ceased AU2004312730B2 (en) 2004-01-12 2004-01-12 Transaction processing system and method

Country Status (2)

Country Link
AU (1) AU2004312730B2 (en)
WO (1) WO2005066907A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008119168A1 (en) * 2007-04-03 2008-10-09 Cpni Inc. A system and method for merchant discovery and transfer of payment data
US9269010B2 (en) 2008-07-14 2016-02-23 Jumio Inc. Mobile phone payment system using integrated camera credit card reader
US9305230B2 (en) 2008-07-14 2016-04-05 Jumio Inc. Internet payment system using credit card imaging
US10552697B2 (en) 2012-02-03 2020-02-04 Jumio Corporation Systems, devices, and methods for identifying user data
US9641752B2 (en) 2015-02-03 2017-05-02 Jumio Corporation Systems and methods for imaging identification information

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002063580A2 (en) * 2001-02-02 2002-08-15 Hodgson Robert B Apparatus for and method of secure atm debit card and credit card payment transactions via the internet
WO2003047208A1 (en) * 2001-11-29 2003-06-05 Mobile Commerce Limited Credit card payment by mobile phone

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002063580A2 (en) * 2001-02-02 2002-08-15 Hodgson Robert B Apparatus for and method of secure atm debit card and credit card payment transactions via the internet
WO2003047208A1 (en) * 2001-11-29 2003-06-05 Mobile Commerce Limited Credit card payment by mobile phone

Also Published As

Publication number Publication date
AU2004312730A1 (en) 2005-07-21
WO2005066907A1 (en) 2005-07-21

Similar Documents

Publication Publication Date Title
US6612488B2 (en) Method and system to prevent fraudulent payment in credit/debit card transactions, and terminals therefor
US6834270B1 (en) Secured financial transaction system using single use codes
US7069001B2 (en) Method for supporting cashless payment
US7231372B1 (en) Method and system for paying for goods or services
US20110103586A1 (en) System, Method and Device To Authenticate Relationships By Electronic Means
US20030191945A1 (en) System and method for secure credit and debit card transactions
US20170278105A1 (en) Method and System for Secure Handling of Electronic Financial Transactions
NZ535428A (en) System and method for secure credit and debit card transactions using dynamic random CVV2 code to mobile communications device
US11694182B2 (en) Systems and methods for displaying payment device specific functions
JP2005004764A (en) Method of payment from account by customer having mobile user terminal, and customer authentication network
KR101039696B1 (en) Mobile card payment system using phone number, mobile payment service method using him
US20150227920A1 (en) Management of identities in a transaction infrastructure
GB2457445A (en) Verifying payment transactions
CN106330888B (en) The method and device of payment safety in a kind of guarantee the Internet line
WO2002021767A1 (en) Virtual payment card
JP2011044151A (en) Method and system for safe payment by portable terminal
US20020078360A1 (en) Method of conducting transactions
AU2004312730B2 (en) Transaction processing system and method
WO2006004441A2 (en) Electronic banking
NZ523709A (en) Transaction processing system and method of creating stored transaction authorisation information at a remote location
NZ544070A (en) Electronic transaction authorisation with authentic terminal verification
EP1396139B1 (en) Method and systems for improving security in data communication systems
KR20060008149A (en) IC chip payment method and system
AU2002349173A1 (en) System and method for facilitating electronic financial transactions using a mobile telecommunication device

Legal Events

Date Code Title Description
FGA Letters patent sealed or granted (standard patent)
MK14 Patent ceased section 143(a) (annual fees not paid) or expired