HK1148595A - Cardless financial transactions system - Google Patents
Cardless financial transactions system Download PDFInfo
- Publication number
- HK1148595A HK1148595A HK11102668.4A HK11102668A HK1148595A HK 1148595 A HK1148595 A HK 1148595A HK 11102668 A HK11102668 A HK 11102668A HK 1148595 A HK1148595 A HK 1148595A
- Authority
- HK
- Hong Kong
- Prior art keywords
- user
- account
- consumer
- cfts
- incomplete
- Prior art date
Links
Abstract
Users are enabled to conduct financial transactions in a secured manner without the need to use traditional financial instruments, such as credit cards, debit cards, prepaid cards, ATM cards, checks, cash, etc. In addition, user's identity is kept confidential in the financial transactions.
Description
Cross Reference to Related Applications
This application claims priority to U.S. provisional application No. 61/211,335, filed on 30/3/2009, the disclosure of which is expressly incorporated herein by reference in its entirety.
Technical Field
The present disclosure relates generally to financial transaction systems. More particularly, the present disclosure relates to conducting financial transactions without the use of any conventional financial instrument, such as credit cards, debit cards, ATM cards, debit cards, stored value cards, pre-paid cards, cash, checks, and the like.
Background
Conventional payment cards, such as credit cards, debit cards, ATM cards, stored value cards, cash cards, prepaid cards, and the like, may be easily stolen and counterfeited. For example, by a servicer in a bribery restaurant, a fraudster can easily steal card information from the restaurant guest. Fraudsters can use stolen card information to pay a symbolic fee to many background search sites on the internet to find useful personal information based on the card holder's name displayed on the stolen card. Counterfeit cards and counterfeit identification documents, such as driver's licenses, can be easily forged using this method.
Once such a card is stolen or counterfeited by a fraudster, the fraudster can quickly conduct many illegal financial transactions before the affected financial institution, organization or individual recognizes the fraud and disables the card. Many individuals, organizations, and financial institutions have suffered significant substantial losses and damage due to fraud in financial transactions.
Indeed, today, financial instruments can be easily stolen. Many financial institutions and merchants maintain personal information of their customers, including information of financial instruments (such as credit cards, debit cards, etc.) in their databases. It is common for employees of financial institutions, merchants, or consumer reporting companies to steal consumer information, frauds, and/or sell that information to fraudsters.
In addition to credit cards, debit cards, and the like, checks remain one of the most popular financial instruments today. It is easier to forge a counterfeit check than a counterfeit card. There are many cases of counterfeit checks that are involved in use with counterfeit identification documents.
Furthermore, online merchants cannot readily discern whether a remote consumer has the correct identity. If the correct card information (which can be obtained from stolen cards) and the correct billing address (which can be obtained from an internet search website) are presented, the merchant cannot readily discern whether the remote consumer is actually a fraudster. An experienced cheater can easily conduct fraudulent online transactions. As a result, online merchants lose a tremendous amount of money each year.
Moreover, mailing new financial instruments to new consumers or to existing customers when their old financial instruments expire is a significant overhead for the financial institution. In addition to the large amount of resources used in the mailing process, these financial instruments may also be easily stolen and utilized by cheats during the mailing process.
In addition to the examples given above, since users are often identified by user IDs and/or personal identification numbers ("PINs") and passwords, criminals can be easily implemented in the computer age. Once a fraudster steals another person's user ID and/or PIN and password, the fraudster can conduct many criminal activities by accessing the account. Thus, fraud is a major threat to online banking, online commerce, e-commerce, and many other computer-related activities.
In summary, financial transaction fraud is easily performable today, and individuals, organizations, merchants, and financial institutions are suffering tremendous loss and disruption. There is a need for better financial transaction systems.
Disclosure of Invention
The present disclosure enables consumers to conduct financial transactions in a secure manner without the use of any traditional financial instruments that are easily stolen or counterfeited.
For the purposes of this disclosure, the consumer does not need to carry traditional financial instruments such as checks, credit cards, debit cards, stored value cards, prepaid cards, ATM cards, cash cards, and the like.
Traditionally, customers of a financial institution are identified by account numbers. For example, a credit card has a credit card account number. The check has a check account number. The stock trading account has a trading account number. The applicant has an insurance policy number (or account number). This is the traditional way for financial institutions to identify and manage billions of customers without confusion.
Because account numbers are very long and may not be remembered by the customer, financial institutions routinely issue financial instruments that contain account numbers. Therefore, it has become common practice to conduct financial transactions through cards.
However, if the financial instrument information of the consumer is stolen, a fraudster can forge a counterfeit financial instrument (such as a credit card, a debit card, or a check) using the stolen information or give a counterfeit instruction. Therefore, protecting financial instruments has become important to prevent financial transaction fraud.
Throughout history, a number of methods have been disclosed to protect financial instruments. For example, some approaches propose that the financial institution provide the customer with a temporary card number that will automatically expire when certain criteria are met. Some methods propose that card holders should deactivate their card number when they are not using the card and activate their card number again before they use their card. Generally, these methods incur enormous administrative expenses for financial institutions and consumers.
The present disclosure is directed to reducing or eliminating reliance on traditional financial instruments, such as checks, credit cards, debit cards, ATM cards, prepaid cards, stored value cards, cash cards, monetary instruments, wire transfers, and the like, so that no thing can be stolen by a fraudster.
In one embodiment of the present disclosure, a computer system for conducting financial transactions without the use of traditional financial instruments includes a computer processor and a memory device coupled to a network, and a database stored on the memory device for storing at least two sets of data of a user and contact information of a personal communication device in association with a user account. The first set of data consists of a portion of the user's personally identifying information that the user knows and does not need any special effort to remember. The second set of data is a short string of data that the user can remember with minimal effort. The second set of data ensures the uniqueness of the combination of the first and second sets of data in the database.
The computer system uses the communication module to send a new verification code to the user's personal communication device in substantially real time in response to receiving the first and second sets of data from the subject and the user's account meeting the predetermined criteria. The verification code has a predetermined life span. Additionally, the computer system uses a transaction processing module that allows the principal to conduct at least one transaction in response to receiving the passcode from the principal before the passcode expires.
In another embodiment of the present disclosure, a computer system for conducting a financial transaction without the use of a financial transaction instrument comprises: a computer processor and a memory device coupled to a network, and a database stored on the memory device for storing at least authentication file information of government issued official authentication files of a user and contact information of a personal communication device of the user in association with an account of the user.
The computer system uses the communication module to send a new verification code to the user's personal communication device in substantially real time in response to receiving the authentication document information provided by the principal and read by the device interface and the user account meeting the predetermined condition. The verification code has a predetermined life span. Additionally, the computer uses a transaction processing module that allows the principal to conduct at least one transaction in response to receiving the passcode from the principal before the passcode expires.
In an alternative embodiment of the present disclosure, a computer system for conducting financial transactions without the use of traditional financial instruments includes: a computer processor and a memory device coupled to the network, and a database stored on the memory device for storing at least account identification information of the user and contact information of the personal communication device in association with an account of the user.
The computer system uses the communication module to send the user's account identification information to the user's personal communication device. The communication module transmits a new verification code to the personal communication device of the user in substantially real time in response to receiving that the account identification information read by the device interface from the personal communication device provided by the subject and the user account meet a predetermined condition. The device interface is connected to the computer through a network. The verification code has a predetermined life span. Additionally, the computer system uses a transaction processing module that allows the principal to conduct at least one transaction in response to receiving the passcode from the principal before the passcode expires.
Further, in one embodiment of the present disclosure, a computerized method for securing login security includes: (1) storing at least account identification information of the user and contact information of the personal communication device in association with an account of the user; (2) transmitting a new passcode to the user personal communication device in substantially real time in response to receiving account identifying information entered by the subject intending to login, wherein the passcode is assigned a predetermined lifetime; and (3) allowing the principal to log in response to receiving the passcode from the principal before the passcode expires.
Further, in one embodiment of the present disclosure, a computerized method for opening a financial account for a remote principal includes: (1) receiving personal identification information from the subject, the personal identification information being read by the device interface from an official authentication document issued by a government; (2) receiving biometric information from the subject, the biometric information being read from the subject by the device interface; and (3) opening an account based on the identification information of the subject when the biometric information read from the subject corresponds to the personal identification information read from the official authentication document and the subject is not on the blacklist.
In the present disclosure, the term "network" generally refers to a communication network, which may be a wireless or wired network, a private or public network, a real-time or non-real-time network, or a combination thereof, and includes the well-known internet.
In this disclosure, the term "computer" or "computer system" generally refers to a single computer or group of computers that can work together or separately to achieve the objectives of a system.
In this disclosure, the term "processor" generally refers to a single processor or a group of processors that can work together or separately to achieve the purpose of a computer system.
In the present disclosure, "bank" or "financial institution" generally refers to a financial service provider, bank or non-bank that provides financial services.
In this disclosure, "bank account" or "financial account" generally refers to an account associated with a financial institution (bank or non-bank) that can conduct financial transactions through financial instruments such as cash, checks, credit cards, debit cards, ATM cards, stored value cards, debit cards, prepaid cards, wire transfers, monetary instruments, credit cards, notes, securities, commercial notes, commodities, precious metals, electronic funds transfers, automated clearing houses, and the like.
In this disclosure, "financial transactions" generally refer to transactions relating to financial activities, including but not limited to: payment, funds transfer, monetary services, payroll, invoicing, trading, conditional delivery obligations, insurance, promised payment, merger, procurement, account opening, account closing, etc.
In this disclosure, "trade" refers generally to trade behavior, either private or public, including but not limited to: stock trading, currency trading, commodity trading, entitlement trading, value trading, securities trading, derivative trading, goods trading, services trading, commodity trading, and the like.
In this disclosure, "Securities" generally refers to Securities that conform to the definition in 1933's Securities Act. For example, securities may generally include: tickets, equity certificates, contracts, bonds, checks, remittance instructions, licenses, travelers checks, credit certificates, warehouse receipts, shippable bills, debt certificates, benefit certificates or participation certificates in any benefit sharing agreement, vouching trust certificates, pre-establishment certificate of equity, negotiable shares, investment contracts, voting trust certificates, valid or blank motor vehicle ownership certificates, tangible or intangible property ownership certificates, tools or documents or words to certify ownership or any right, ownership, benefit or transfer or distribution of goods, items and commodities; or, in general, any instrument known as a "security", or any agreement or participating certificate, temporary or temporary certificate, receipt, license, or right to book or purchase any of the foregoing.
In this disclosure, "consumer" generally refers to a consumer, person, principal person, payer, user, or customer, etc. seeking to conduct a transaction with an individual, organization, merchant, and/or financial institution.
As used herein, the term "official authentication document" refers generally to passports, driver licenses, election cards, relief cards, student identification cards, social security cards, national identification cards, legal status certificates, and other official documents and information bearing instruments issued or certified by a leadership, embassy, government agency, or other government body and protected from unauthorized copying or tampering by the responsible government that identify a designated individual by a particular verifiable feature. In particular, such an "official authentication document" may be formed of various materials, including paper, plastic, polycarbonate, PVC, ABS, PET, Teslin, composite materials, and the like, and may embed identification information in various forms, including information printed or embossed on a document (or card), information written on a magnetic medium, information programmed into an electronic device, information stored in a memory, and combinations thereof. "identifying information" may include, but is not limited to: name, identification number, date of birth, signature, address, password, telephone number, email address, personal identification number, tax identification number, national identification number, country from which the ID was issued, state from which the ID was issued, ID expiration date, photograph, fingerprint, iris scan, physical description, and other biometric information. The embedded information may be read via optical, acoustic, electronic, magnetic, electromagnetic, and other media.
In this disclosure, "personal identification information" generally refers to a name, address, date of birth, personal identification number, usage ID, password, tax identification number, type of authentication file used, identification number associated with the authentication file, country of issuing the authentication file, state, government and/or private organization, telephone number, nickname, email address, photograph, fingerprint, iris scan, body build description, and other biometric information.
In the present disclosure, "personal information" includes at least: personal identification information, personal relationships, personal status, personal context, personal interests, and personal financial information including information related to financial instruments, financial accounts, and financial behaviors.
In this disclosure, "financial instrument" generally refers to an instrument for conducting financial transactions. Examples of financial instruments include: cash, credit cards, debit cards, ATM cards, prepaid cards, stored value cards, debit cards, checks, monetary instruments, wire transfers, credit cards, tickets, securities, commercial tickets, commodities, goods, silver, and the like.
In this disclosure, "personal communication device" generally refers to a device interface used for personal communication purposes.
In this disclosure, "device interface" generally refers to keyboards, keypads, monitors, displays, terminals, computers, control panels, vehicle dashboards, network interfaces, machine interfaces, video interfaces, audio interfaces, electrical interfaces, electronic interfaces, magnetic interfaces, electromagnetic interfaces including electromagnetic wave interfaces, optical interfaces, acoustic interfaces, video interfaces, audio interfaces, remote control interfaces, mobile phone interfaces, smart book interfaces, other communication device interfaces, Personal Digital Assistant (PDA) interfaces, handheld device interfaces, authoring device interfaces, wireless interfaces, wired interfaces, and other interfaces.
In this disclosure, the term "terminal" or "kiosk" generally refers to a device that interfaces a user with a computer network, including: a computer and/or its peripherals, a microprocessor and/or its peripherals, an ATM terminal, a check cashing kiosk, a monetary kiosk, a merchant checkout, a cash register, a coin changer, a parking lot payment kiosk, other payment kiosks, a remote control device, a wired phone, a mobile phone, a smart book, a personal communication device, a PDA, a digital assistant, an entertainment device, a network interface device, a router, and/or a Personal Digital Assistant (PDA), etc., such that a user can interact with the computer system and other devices connected to the computer network.
The nature and advantages of the disclosure may be further understood with reference to the following description taken in conjunction with the accompanying drawings.
Drawings
FIG. 1 illustrates a system and network diagram of a cardless financial transaction system ("CFTS") that enables consumers, financial institutions, and merchants to conduct secure financial transactions.
FIG. 2 is a flow diagram of an example process showing how a consumer registers with the computer system of the CFTS shown in FIG. 1.
Fig. 3A and 3B are flow diagrams illustrating an example process of how the system shown in fig. 1 enables a consumer to conduct a secure financial transaction with a retail store at a point of sale or with a remote merchant through a telephone call.
Fig. 4A and 4B are flow diagrams illustrating an example process of how the system shown in fig. 1 enables a consumer to conduct a secure financial transaction with a retail store through an automated checkout station or with an online merchant through a computer user interface. These flow diagrams also illustrate how a consumer can conduct financial transactions through an ATM, kiosk (kiosk), or other type of device interface.
Fig. 5A and 5B are flow charts illustrating an example process of how the system shown in fig. 1 enables a consumer to conduct a secure financial transaction with a retail store through his/her personal communication device, such as a mobile phone.
Fig. 6 is a flow chart illustrating an example process of how the system shown in fig. 1 can ensure that a criminal cannot log into the system even if the criminal has stolen the correct user ID and/or PIN and password.
Fig. 7A and 7B are flow charts illustrating an example process of how the system shown in fig. 1 enables a consumer to conduct a secure financial transaction with a retail store through his/her official identification document, such as a driver's license. These flow diagrams also illustrate how a consumer can conduct financial transactions through an ATM, kiosk, or other type of device interface.
Detailed Description
Because financial instruments such as credit cards may be easily stolen or counterfeited, one of the primary purposes of the present disclosure is to preclude the use of traditional transaction instruments. Conventional transaction instruments provide an important function of associating consumers to accounts in their financial institutions. Therefore, if the conventional financial instrument is cancelled, the association function needs to be provided in a different method.
In one embodiment of the present disclosure, a consumer can use his official identification document to associate the consumer with his financial account.
In another embodiment of the present disclosure, the customer's account identification information is sent to the customer's personal communication device, such as a smart phone or the like. Such account identification information can be converted into a graphical pattern (e.g., a bar code) that can be displayed on the personal communication device for easy scanning by the optical device. The graphical pattern will associate the consumer with his financial account. In addition, the consumer can request from time to time that a new account identification be changed, and a new graphical pattern will be sent to the user, making it difficult for a fraudster to steal the user's graphical pattern.
In an alternative embodiment of the present disclosure, the customer's account identifying information can be sent to the customer's personal communication device, and such account identifying information can be converted into an acoustic, electronic, electromagnetic, or magnetic signal so that the customer's account identifying information can be easily read by the device interface. In addition, the consumer may request to change to a new account identification from time to time, making it difficult for a fraudster to steal the consumer's account identification information.
Because the new account identification information can be immediately transmitted to the consumer's personal communication device, there is no need to worry about shipping, transit, and related fraud that can occur with conventional financial instruments.
Further, in one embodiment of the present disclosure, a password or authentication code can be used to protect a personal communication device so that a fraudster who has stolen a consumer personal communication device cannot use the personal communication device without the correct password or authentication code.
In another alternative embodiment of the present disclosure, the consumer remembers the number (including alphanumeric number) or data string that can be associated to his account. In addition, each consumer can change the number or data string from time to time, making it difficult for a fraudster to know or use the number or data string.
There are approximately 60 million people on earth, each of which should be uniquely identified to avoid confusion in financial transactions. In addition, each financial institution needs to be uniquely identified. This is why credit card or debit card numbers always have a length of about 15 to 20 bits.
It is difficult for many people to remember 15-bit to 20-bit long numbers or data strings. In fact, most people only remember a maximum of 6 or 7 digits of a number with confidence. On the other hand, a 6 or 7 digit number can only uniquely identify 1 million or 1 million accounts, and is not sufficient to cover all the population on earth for account identification purposes.
In addition, official identification documents, account identification information, and the aforementioned consumer-memorized numbers or data strings may still be stolen by fraudsters. Although traditional financial instruments are not used to associate consumers to their financial accounts, the above approaches are still vulnerable to fraud threats.
In the present disclosure, a computer network having a device interface and a central computer system having memory, databases, and peripherals connect consumers, organizations, merchants, financial institutions, and the like through the device interface. The central computer system is used to manage all consumers, organizations, merchants, financial institutions, accounts, financial activities, etc. on the network in a secure manner.
For purposes of illustration, payment transactions are often used as an example of the present disclosure. However, the present disclosure can be applied to other types of financial transactions besides payment transactions.
In one embodiment of the present disclosure, an individual logs into a CFTS computer through a device interface, opens an account with the CFTS's computer system, and provides the CFTS with personal information for the individual, including personally identifying information.
In another embodiment of the present disclosure, the embedded information of the official identification document is read by the device interface to provide personally identifying information. Since the official identification document is protected by the corresponding government, reading the embedded information directly from the official identification document can effectively prevent fraud.
To be sure that the individual is the true owner of the official identification document, the embedded information of the official identification document can be used to verify the identity of the individual. For example, if the biometric information of the individual, such as a fingerprint, iris pattern, photograph, etc., corresponds to biometric information embedded within or located on an official identification document, the individual must be the true owner of the official identification document.
Alternatively, if a person can accurately provide certain private information embedded within an official identification document, such as a personal identification number, then the person is likely to be the true owner of the official identification document. This verification method is much more accurate than conventional methods that rely on manual comparisons between the person's appearance and photographs on official identification documents. Furthermore, because the authentication method does not require the involvement of other personnel, the consumer can open an account at a terminal, kiosk, or the like.
The CFTS computer processes the personal information submitted by the person and approves the account opening for that person according to regulations and laws. Once the account is opened, the individual can be identified by a non-complete set of personally identifying information pairs.
For example, the consumer may be identified by a combination of the zip code of the address, year of birth, last 4 digits of the ID number, first two letters of the first name, last two letters of the last name, country/state of issuing the ID, due date of the ID, etc., displayed on the consumer's identification document. The true identity of the consumer is not disclosed because only a non-complete set of data of the consumer's personally identifying information is used. Furthermore, the personally identifying information cannot be recovered from or through the set of incomplete data.
Although only a non-complete set of data of the consumer's personally identifying information is used, if enough non-complete data is used, the probability of a mismatch when two persons have the same non-complete set of data can be substantially reduced to 0. In the present example, the probability of a mismatch is on the order of about 1022And one-fourth. Number 1022Is according to 105(5-digit postal code) × 102(two birth years based on 100 years lifetime) × 104(4 bits of ID number) × 262(2 letters of name) × 262(2 letters of last name) × 200 (estimated number of participating countries) × 365 × 4 (4-year validity period of ID).
Even if two consumers have the same set of incomplete data, such confusion can be easily resolved by other methods. For example, a computer system of a CFTS can assign an additional number having a very short length, such as a 6-bit additional number, to distinguish between people who happen to have the same set of incomplete personally identifying information.
Because there are only about 60 million people (i.e., 6 × 10) on earth9) So if enough incomplete personal identification data is used, the total number of people who may have the same set of incomplete personal identification data is a very small number. As a result, when a non-complete set of personal identification data is also used for identification purposes, a digital number is sufficient to identify all the people on earth. In practice, it may even be sufficient to have 2 or 3 bits.
Since the computer system of the CFTS allocates only a few digits and the consumer should know his/her own personal identification information, the consumer only needs to remember the short digit number.
For the purposes of this disclosure, this abbreviated number is referred to as an Account Identification Number (AIN). The equivalent account identification (equivalent to the traditional account number) of the CFTS may then be a combination of AIN and a set of personal identification data. For example, a possible account identification for a CFTS may consist of the consumer's 5-digit zip code, the last 4 digits of the consumer's telephone number, and 6 AIN digits. Typically, consumers remember their zip codes and telephone numbers. The consumer then only needs to remember his/her brief AIN.
In one embodiment of the present disclosure, the AIN is assigned by the CFTS computer. To further reduce the need for the consumer to remember a number, in another embodiment of the present disclosure, the consumer can propose his or her own preferred AIN, and the CFTS computer can approve that particular AIN if no other person in the CFTS database having the same set of incomplete personal identification data as the consumer has used the proposed AIN.
If a zip code is not used in a particular country or region, the possible account numbers for the CFTS may consist of, for example, the last 5 digits of the consumer's official identification document number, the last 4 digits of the consumer's primary telephone number, and the 6 AIN assigned by the CFTS computer. In fact, many other different sets of incomplete personally identifying information may be used to achieve the same purpose.
Because only incomplete personal identification information is used, the identity of the consumer cannot be recovered according to a group of incomplete personal identification information, and the privacy of the consumer is fully protected.
In an alternative embodiment of the present disclosure, if privacy is not a concern, the individual's personal telephone number, as well as the individual's country code and area code, can uniquely identify the individual.
In one embodiment of the present disclosure, the abbreviated AIN further contains one or two control bits to further enhance the security of the account number of the CFTS. For example, the control bit may be obtained by taking the last bit from the sum of all other bits of the CFTS account identification. Another example is: the control bit is obtained by taking the last bit of the sum of the squares of every other bit of the CFTS account identification.
Due to these control bits, not all numbers may be used for account identification in the CFTS database. These control bits can effectively reduce the chances that a fraudster can randomly pick a number and use it as a CFTS account identifier.
The above method of using incomplete personally identifying information to identify an account can also be used by automated checkout stations, ATM terminals, kiosks, or other types of device interfaces.
In the event that the consumer cannot remember the short AIN in the number of digits, in one embodiment of the present disclosure, the consumer is able to use his identification document to conduct a financial transaction. The information on the identification document may be entered by the consumer, merchant, or financial institution. The use of "official" identification documents is preferred for this purpose, since they are protected by the respective governmental organization which issued the official identification document.
In another embodiment of the invention, a device interface, such as a terminal, is capable of reading information embedded within or located on the identification document. The consumer can then pay for the goods or services at the automated checkout station using their identification document.
In one embodiment of the present disclosure, all of the information of the identification document need not be sent to the CFTS computer. In order to protect the personal identification information of a consumer that may be stolen during data transmission, a set of partial data of the personal identification information may be used for identification purposes. For example, a 5-digit zip code, the last 6 digits of an identification document number, and the first digit of a last name may be used for identification purposes. In this example, the chance of a mismatchIs 2.6 parts per billion (i.e., 26 x 10)5×106)。
In another embodiment of the present disclosure, a Personal Identification Number (PIN) may be used for two purposes: (1) eliminate the chance of a mismatch, and (2) enhance security.
In one embodiment of the present disclosure, the PIN may be assigned by the CFTS computer. In another embodiment of the present disclosure, the PIN may be proposed by the consumer and validated after computer approval of the CFTS.
In yet another embodiment of the present disclosure, the PIN may consist of some digits set forth by the consumer and some digits assigned by the CFTS computer. In an alternative embodiment of the invention, AIN or a portion of AIN may also be used as a PIN. In yet another alternative embodiment of the present invention, a PIN or a portion of a PIN may also be used as AIN.
If privacy is not a concern, in one embodiment of the present disclosure, the entire identification document number may be used for account identification purposes to reduce the probability of a mismatch. Because there are many different countries, states, and governments that may issue identification documents (such as driver licenses, passports, etc.), identification document numbers may not be unique. In this case, the PIN and/or AIN can eliminate such confusion. In another embodiment of the present disclosure, identification document numbers, zip codes, and PINs and/or AIN can be used together for account identification purposes.
The above identification document method may also be used by an automated checkout station, ATM terminal, kiosk, or other type of device interface.
Alternatively, in one embodiment of the present disclosure, the CFTS computer system can send account identification information to the consumer's personal communication device. The consumer's personal communication device can send such account identification information to the payee's device interface for account identification via optical, acoustic, electronic, magnetic, and/or electromagnetic media.
For security, in one embodiment of the present disclosure, the PIN and/or AIN may also be used to secure such transactions. The above methods may also be used by automated checkout stations, ATM terminals, kiosks, or other types of device interfaces.
In one embodiment of the present disclosure, the consumer uploads his recent photos to the computer system of the CFTS. Because a person's face is exposed to the public every day, and many online social networks may have posted a photograph of the person on the internet, a consumer's photograph is not generally considered "private information". The photo can be used to enhance the security of the CFTS.
In one embodiment of the present disclosure, to open an account, a consumer may upload their name and tax ID so that the CFTS can verify the consumer's presence through government records. Because each consumer has a unique tax ID in a country, each consumer has only one opportunity to open an account with the CFTS' computer. If duplicate tax IDs are detected, the CFTS can investigate to identify which consumer has the correct tax ID and can filter fraudsters. The tax ID can be encrypted in a database or in a separate database so that no one can see or use the tax ID after the account opening process.
To comply with anti-money laundering and anti-terrorist financial needs, in one embodiment of the present disclosure, the computer system may screen the consumer against a regulatory list (regulatory list) to ensure that the CFTS is able to transact with the consumer in compliance with applicable regulations and laws. In another embodiment of the present disclosure, the computer system of the CFTS is capable of conducting transaction monitoring to discover suspicious behavior according to applicable regulations and laws.
In yet another embodiment of the present disclosure, the consumer may provide information regarding the financial account under the consumer's name. The CFTS can conduct transactions with a consumer's financial account and request that the consumer report the amount and/or type of transaction. If the consumer is unable to report correctly, the consumer may be a cheater because he/she cannot tell what is going on with respect to his/her own financial account. The financial account information can be encrypted so that no one can see or use it.
To ensure that the personally identifying information stored in the CTFS database is up-to-date, in one embodiment of the present disclosure, the consumer may update his personally identifying information in the CFTS database at any time as the personally identifying information changes. For example, when a consumer moves to another state, his driver's license and address may change and the consumer may update the personal identification information stored in the CFTS database.
In one embodiment of the present disclosure, the CFTS computer system is able to discover a possible address change if the location of the consumer transaction has substantially changed to a new region. Upon such discovery of a possible address change, the computer system may send a message to the consumer and request the consumer to update their personally identifying information.
In one embodiment of the present disclosure, a consumer may provide one or more contact phone numbers and/or email addresses for contact.
In one embodiment of the present disclosure, a consumer may enter into the CFTS database a list of questions and answers designed by the consumer and involving unique knowledge only known to the consumer. For example, a question may be "what is the name of a person sitting next to me during grade 1? ", the answer to the question will be almost unique. Because the questions are designed by the consumer, the chances of the cheater knowing the answers are essentially negligible. For the purposes of this disclosure, these problems are referred to as "test problems".
In another embodiment of the present disclosure, the test question may be "what is the key code? ", and requires the consumer to enter a key code into the device interface of the CFTS computer. For the purposes of this disclosure, a key code is an alphanumeric combination designed by the consumer, substantially similar to a password. The chance that another person knows or correctly guesses the key code is low.
To further enhance the protection to the consumer, in yet another embodiment of the present disclosure, the CFTS may use each key only once within a predetermined period of time. The consumer may update the key code periodically. Alternatively, the consumer may store multiple key codes at once to avoid the burden of frequently updating the key codes.
To provide additional protection to the consumer, in one embodiment of the present disclosure, the consumer may select his/her own user ID, personal identification number, AIN, password, or the like. In another embodiment of the present disclosure, the consumer may change his/her user ID, personal identification number, password, etc. from time to time as additional protection against theft of such data used by the CFTS.
Because each user of the CFTS registers with the CFTS' computer system and uses the CFTS service based on a unique identity, the CFTS is able to conduct financial transactions for that user. There are a variety of ways for electronically transferring funds between accounts of entities (e.g., payers) in financial institutions and accounts of entities in CFTS. For example, in one embodiment of the present disclosure, automated clearing house ("ACH") transactions are currently capable of such electronic funds transfer at very low cost.
In other embodiments of the present disclosure, funds may be transferred electronically between accounts of entities in the financial institution and accounts of entities in the CFTS using a debit card network, credit card network, ATM, or other real-time and non-real-time network.
As a result, any consumer, organization, merchant, or financial institution is able to transfer funds to another consumer, organization, merchant, or financial institution via CFTS. CFTS can become a common platform for businesses by consumers, merchants, and financial institutions.
After a consumer opens an account to the CFTS's computer, if a fraudster attempts to conduct a financial transaction at a bank using the stolen identity of the consumer, in one embodiment of the disclosure, a cashier may enter into the CFTS's computer system a subset of the incomplete personal identification information used by the CFTS. The computer system of the CFTS is able to search its database to find and display the consumer's picture.
Alternatively, in another embodiment of the present disclosure, rather than manually entering a subset of the incomplete personal identification information into the computer system of the CFTS, the cashier may scan the official identification document of the fraudster. The computer system of the CFTS is able to search its database to find and display the consumer's picture. If the cheater does not correspond to the consumer's photograph, the cashier may reject his/her transaction.
In another embodiment of the present disclosure, if a cashier cannot discern the fraudster based on the consumer's picture, the cashier may ask a test question or ask for a key code designed by the consumer. If the person fails to answer the test question correctly or gives a key code, the person may be a cheater.
In another embodiment of the present disclosure, the cashier may ask the person to provide additional incomplete personal information. The computer system of the CFTS may compare the person's additional information to the consumer information stored in the CFTS database to determine whether the person is the consumer.
In yet another embodiment of the present disclosure, an authorized person at a financial institution may dial the consumer's phone number provided by the consumer and stored in the CFTS database to verify that the consumer is the person conducting transactions at the financial institution. In an alternative embodiment of the present disclosure, authorized personnel at the financial institution may send an email to the consumer to verify whether the consumer requests that the financial institution conduct a particular transaction.
In one embodiment of the present disclosure, if a cashier declines the transaction, the cashier can notify a CFTS computer, and the CFTS computer can send a warning information message to the consumer, so that the consumer is warned that there may be fraud for the consumer. Similarly, in other embodiments of the present disclosure, if a fraudster attempts to use a consumer's identity to purchase goods or services at a merchant after stealing the consumer's identity, the fraudster may be discovered using the consumer's photograph, test questions, key code, and/or other incomplete information.
In another embodiment of the present disclosure, if a merchant declines a transaction, the merchant notifies the CFTS computer, and the CFTS computer can send a message to the consumer so that the consumer can be alerted that there may be fraud for the consumer.
In another embodiment of the present disclosure, if a fraudster attempts to purchase goods or services online using the consumer's identity, the online merchant may use test questions, key codes, and/or other non-complete personal information to discover the fraudster.
In yet another embodiment of the present disclosure, if the CFTS computer rejects the transaction due to an answer error, the CFTS computer may also send a message to the consumer, so that the consumer is alerted that there may be fraud for the consumer.
In one embodiment of the present disclosure, the CFTS may alert the consumer's financial institution after identifying possible identity theft and/or fraud for the consumer, so that the financial institution may take action to protect the consumer and financial institution.
In another embodiment of the present disclosure, the computer system may use the alerts provided by the CFTS computer to implement additional measures to protect the consumer, financial institution, and possibly other customers of the financial institution. Based on the warnings provided by the CFTS computer, an additional software system may be built into the financial institution's computer for anti-fraud purposes.
As a result, CFTS also enables consumers, financial institutions, and merchants to jointly discover and prevent fraud in financial transactions.
To further automate the process of financial crime prevention, in one embodiment of the present disclosure, a transaction network of a financial institution, such as a credit card network, debit card network, trade network, insurance network, etc., may be associated with the CFTS computer such that photographs, test questions, key codes, and/or other information of a consumer may be used when the consumer, merchant, or financial institution conducts transactions over these transaction networks.
In another embodiment of the invention, the CFTS may be integrated into an existing network for credit cards, debit cards, stored value cards, ATM cards, cash cards, prepaid cards, and the like. To facilitate anti-fraud payment transactions by consumers, in one embodiment of the present disclosure, a consumer (e.g., a payer) may provide to a merchant (i.e., a payee) a CFTS account identification of the payer (the identification consisting of an AIN and a set of incomplete personal identification data), an official identification document of the payer, or account identification information sent from a personal communication device by, for example, a bar code, an electronic signal, an acoustic signal, a magnetic signal, an electromagnetic signal, or the like. The payee may then enter the account identification or official identification document number into the device interface provided by the CFTS computer over the network. Alternatively, the official identification document number, the bar code, the acoustic signal, the electronic signal, the magnetic signal or the electromagnetic signal may be read by the device interface, and the PIN or AIN may be used alternatively.
In addition, the payee or payer may input the monetary amount that the payer should pay. If the payer's CFTS account has sufficient amount to pay the payment amount, the CFTS computer may freeze the amount in the payer's account and issue a new "passcode" whose value is unpredictable prior to issuance. In one embodiment of the present disclosure, the passcode, monetary amount, and/or payee name is sent to the payer via a mobile phone, Personal Digital Assistant (PDA), or other personal communication device using text messaging, voice mail, instant messaging, and the like. In another embodiment of the present disclosure, the passcode, monetary amount, and/or payee name is sent to the payer via email, wireline phone, or fax.
Upon receiving the validation code and confirming the monetary amount and the name of the payee, in one embodiment of the present disclosure, the payer may provide the validation code to the payee, who may enter the validation code into the device interface of the CFTS computer. If the passcode entered by the payee matches the passcode sent to the payer, the CFTS computer may transfer the amount frozen in the payer account to the payee account, thereby completing the payment transaction. Alternatively, the payer may enter the validation code into the payee's equipment interface for the point-of-sale transaction, or into the payee's computer user interface for the online transaction or the transaction at the automated checkout station. In another embodiment of the present disclosure, upon receiving the passcode, the payer may send a text message, instant message, email, fax, voice mail, etc. to the computer of the CFTS to authorize the transaction based on the particular passcode associated with the particular transaction.
The financial transactions involved in the present disclosure are not limited to payment transactions. The same systems and methods may be used for other types of financial instructions. For example, in another embodiment of the present disclosure, a consumer (e.g., a stock trader) may provide a CFTS account identification of the stock trader, an identification file of the stock trader, or an optical, acoustical-electronic, electromagnetic, or magnetic signal to a stock broker (i.e., the other party) from the personal communication device of the trader. The stock broker may then enter the account identification, identification file number, or receive optical, acoustic, electronic, electromagnetic, or magnetic signals through the facility interface of the CFTS computer. In addition, the stock broker may enter transaction details provided by the stock trader. If the stock merchant's account meets the trading requirements of the particular transaction, the CFTS computer may freeze the amount contained in the stock merchant's account to pay for the transaction and issue a new "passcode" whose value was not predictable prior to issuance.
In one embodiment of the present disclosure, the authentication code, transaction details, and/or the name of the stock broker are sent to the stock trader via a mobile phone, Personal Digital Assistant (PDA), or other personal communication device using text messaging, instant messaging, voice mail, or the like. In another embodiment of the present disclosure, the passcode, transaction details, and/or the name of the stock broker are sent to the stock trader via e-mail, wireline phone, fax, etc.
Upon receiving the passcode and confirming the transaction details and the name of the stock broker, in one embodiment of the disclosure, the stock merchant may provide the passcode to the stock broker, which may enter the passcode into a device interface of the CFTS computer. If the passcode entered by the stock broker matches the passcode sent to the stock trader, the CFTS computer may complete the transaction based on instructions provided by the stock trader.
Alternatively, the stock trader may enter the passcode into the equipment interface of the stock broker for point of sale trading or into the user interface of the stock broker for online trading. In another embodiment of the present disclosure, after receiving the passcode, the stock merchant may send a text message, instant message, email, fax, voice mail, etc. to the computer of the CFTS to approve a particular transaction based on the particular passcode associated with the transaction. In addition to stock trading transactions, other financial transactions may also be conducted through the CFTS computer in a similar manner.
In one embodiment of the present disclosure, the CFTS computer may change the AIN or PIN of the consumer (or payer) upon request by the consumer (or payer).
In another embodiment of the present disclosure, the authentication code is given a fixed length lifetime. If the correct verification code is not entered into the device interface of the CFTS computer within the fixed time, the verification code may expire, the transaction may be automatically cancelled and the amount frozen in the consumer's account may be defrosted for return to the consumer.
To further protect the consumer, in one embodiment of the present disclosure, if a predetermined number of error verification codes are entered for a consumer's account, the consumer's account may be frozen as someone may be attempting to fraud the consumer through trial and error. The frozen account may be restored (i.e., thawed) to normal conditions by the consumer. The customer may also request the CFTS computer to change its account identification or AIN before restoring the account status to normal.
In one embodiment of the present disclosure, if the monetary amount of a transaction exceeds a threshold set by the consumer, the consumer's account may be frozen until the consumer returns the account to normal. In another embodiment of the present disclosure, a consumer account may be frozen if the total amount of transactions for the consumer account exceeds a threshold set by the consumer within a predetermined time period. The frozen account may be restored to normal conditions by the consumer. In yet another embodiment of the present disclosure, the consumer's account may be frozen if the total number of transactions in the consumer's account within a predetermined time period exceeds a threshold set by the consumer. The consumer may restore or unfreeze the account.
The consumer may log into the CFTS computer to restore the consumer's account. Alternatively, the opposite party (or payee) or the consumer may enter an authorization code known only to the consumer to restore the account.
Since the verification code is newly generated by the computer of the CFTS in each transaction, the opposite party to the transaction cannot steal money from the consumer because the opposite party does not know what the verification code is before the consumer confirms the monetary amount and provides the verification code to the opposite party in each transaction. Since only the verification code is sent to the consumer, third parties are prevented from stealing money from the consumer because they do not receive the verification code for completing the transaction. Thus, even if the opposing party or third party steals the consumer's CFTS account identification, identification document or optical, acoustic, electronic, electromagnetic or magnetic signal, the opposing party or third party cannot fraud the consumer.
The consumer cannot delinquent the payment because the payment amount is verified and frozen in the consumer's account before the verification code is generated and sent to the consumer.
Thus, CFTS is usable for a variety of financial transactions, including point-of-sale transactions where the parties face each other, and online and remote transactions where the other party (or payee) cannot verify who the consumer (or payer) is.
In one embodiment of the present disclosure, when a payer places an order on the internet, the payer may enter into the internet merchant's user interface a payer CFTS account identification consisting of AIN and a set of incomplete personal identification data. The internet merchant then sends the CFTS account identifier to the CFTS computer, which may send a verification code to the payer. The payer may then enter the verification code into the user interface of the internet merchant. The internet merchant then sends the verification code to the CFTS computer to transfer the payment from the payer's CFTS account to the payee's CFTS account and complete the transaction.
In an alternative embodiment of the present disclosure, after receiving the passcode, the payer may send a text message, instant message, email, fax, voice mail, etc. to the computer of the CFTS to authorize the transaction based on the particular passcode associated with the particular transaction. Accordingly, the payer can complete the online transaction securely without revealing any personally identifying information, thereby suppressing the possibility of fraud and protecting the payer and the payee.
In another embodiment of the present disclosure, by providing the payer CFTS account identification to the payee, the payer may order the good or service via a telephone call. After the payee enters the CFTS account identification of the payer into the CFTS' device interface, the CFTS computer sends a validation code to the payer. The payer provides the payee with the verification code to complete the transaction. As a result of the present disclosure, the payee may complete the transaction without needing to know the identity of the payer, thereby sufficiently protecting both parties in the transaction.
In another embodiment of the present disclosure, the payer may complete the payment transaction at the automated checkout station itself. The payer may enter his CFTS account identification into a checkout station, which may then send the payer's CFTS account identification to a CFTS computer. Alternatively, the official identification document of the paying party or an optical, acoustic, electronic, electromagnetic or magnetic signal transmitted by the personal communication device of the paying party may be read by the checkout stand. Alternatively, a PIN may be used. The CFTS computer may send the verification code to the payer, such as by text message, instant message, voice mail, email, etc., to the payer's PDA, mobile phone, etc. The payer may then enter the verification code into a checkout station. The verification code is sent to the CFTS computer to transfer payment from the payer's account to the payee's account and complete the transaction.
In an alternative embodiment of the present disclosure, after receiving the passcode, the payer may send a text message, instant message, voicemail, email, fax, etc. to the CFTS computer to approve the transaction based on the particular passcode associated with the particular transaction. The payer and payee are substantially protected from fraud and the identity of the payer is not exposed in the transaction.
Similarly, CFTS account identification, a consumer's personal identification document, and/or optical, acoustic, electronic, electromagnetic, or magnetic signals transmitted by a payer's personal communication device may also be used for ATMs, kiosks, or other types of device interfaces. After the CFTS account of the consumer is identified by the CFTS account identification, the consumer's personal identification document, and/or an optical, electronic, acoustic, electromagnetic, or magnetic signal transmitted by the payer's personal communication device, a new verification code is transmitted to the consumer's personal communication device. The consumer may enter the passcode into an ATM, kiosk, or other type of device interface. If the verification code is correct, the consumer may proceed with the financial transaction through an ATM, kiosk, or other type of device interface.
The present disclosure may also be used to protect CFTS account user IDs, passwords, and/or PINs from theft. Traditionally, a security token device is used to secure the login. Such methods are often expensive due to the need for hashing, synchronization, digital signatures, encryption, and/or other complex techniques to generate the token. In addition, the token device itself costs money. In addition, a fraudster may still steal the token device from the user.
In one embodiment of the present disclosure, a new authentication code is generated by the system after the user (e.g., consumer, merchant, or financial institution) correctly enters the user ID, password, and/or PIN when attempting to log in from the source application. The CFTS computer system can easily produce such a captcha at very low cost, as hashing, synchronization, digital signing, encryption, or other complex techniques are not required to generate the captcha.
The authentication code is immediately sent to the destination rather than to the source application from which the user is attempting to log in. For example, the destination may be an email address, a phone number, etc., based on contact information of a formally registered user stored within the system. The user must enter the correct authentication code into the system before the authentication code expires in order to complete the login process. Thus, even if a fraudster steals a user ID, password and/or PIN, the fraudster cannot log into the system without an important authentication code. Since the authentication code is different at each login, a third party cannot steal such an authentication code.
There is no need to purchase any token device, which may be very expensive. The login procedure of the present disclosure can be quickly implemented as long as the user has a certain communication device, such as a mobile phone, which is now very popular.
Thus, the present disclosure provides greater protection for computer-based systems from financial transaction fraud.
The system of the present disclosure can potentially replace all traditional payment instruments while improving protection for consumers, organizations, merchants, and financial institutions. In addition, the consumer need not carry traditional financial instruments such as cash, checks, credit cards, debit cards, prepaid cards, debit cards, stored value cards, ATM cards, financial instruments, and the like.
Further, the present disclosure can quickly and securely transfer money anywhere by accessing the CFTS. The CFTS is a global money transfer network.
It is additionally convenient for a consumer that, in one embodiment of the present disclosure, the consumer may not carry traditional financial instruments to purchase goods, such as cash, credit cards, debit cards, prepaid cards, stored value cards, cash cards, checks, financial instruments, and the like. For example, the merchant may enter the monetary amount and the CFTS account identification of the customer into the CFTS' device interface. The consumer may obtain the passcode from his/her personal communication device and provide the passcode to the merchant to complete the transaction. This method is very useful for protecting young children, since parents of young children are not reassured to have the children carry cash or prepaid cards for safety reasons.
In fact, the consumer can easily make any payment as long as he/she carries a personal communication device such as a mobile phone, a smart book, a PDA, etc. As a result, in the event that the consumer forgets his/her wallet with a financial instrument (e.g., cash, credit card, debit card, cash card, etc.), he/she may still pay the merchant through his/her CFTS account. If the consumer also forgets to carry a cell phone, PDA, etc., he/she may still log in to the CFTS using the merchant's computer to transfer funds directly from the consumer's CFTS account to the merchant's CFTS account.
In summary, the present invention discloses a number of different embodiments, and combinations of embodiments, to protect financial transactions from fraud. Particular embodiments or particular combinations of embodiments may be applied to financial transactions based on the risks involved in the financial transactions. Alternatively, a particular embodiment or a particular combination of embodiments may be selected based on business reasons.
As envisaged in the described embodiments, one of many possible combinations is described below as an example. As shown in FIG. 1, a computer system 500 and a network (such as the Internet 600) of a cardless financial transaction network ("CFTS") enable secure financial transactions to be conducted by consumers 100, financial institutions 200, retail stores 300, and online merchants 400.
Referring now to the flow diagram shown in FIG. 2 in conjunction with the system diagram shown in FIG. 1, FIG. 1 and FIG. 2 together illustrate how a consumer opens an account to the computer system of the CFTS 500.
First (block 2001), the device interface reads the embedded information from the consumer's official identification document. The device interface verifies the identity of the consumer 100 by comparing the embedded identification information to information provided by the consumer 100 (block 2002). For example, if the fingerprint of the consumer 100 matches the biometric information embedded within the official identification document, the consumer 100 must be owned by the official identification document.
Depending on the verification result, the device interface may take different actions (decision block 2003). If the consumer's identity is incorrect (no branch 2004), i.e., the identity of consumer 100 cannot be verified, the device interface denies consumer 100 to open an account (block 2010).
If the consumer's identity is correct ("yes" branch 2005), i.e., consumer 100 is the owner of the official identification document, CFTS computer 500 determines whether consumer 100 is on the blacklist used by CFTS computer 500 (decision block 2006). The blacklist includes information provided by government agencies (e.g., foreign asset control agencies) and business organizations.
If the consumer 100 is on the blacklist (yes branch 2007), the consumer is denied access to an account (block 2010). If the consumer 100 is not on the blacklist ("NO" branch 2008), the consumer is allowed to proceed to complete the process and open an account with the CFTS computer 500 (block 2009).
After the consumer 100 opens an account to the CFTS computer 500, the consumer 100 may conduct a secure financial transaction with the retail store 300 at the point of sale or with the remote merchant 400 via a telephone call. The flow diagrams shown in fig. 3A and 3B, in conjunction with the system diagram shown in fig. 1, illustrate how these types of transactions may be conducted.
The consumer 100 provides the retail store 300 or the remote merchant 400 with an incomplete set of personally identifying data, such as the last four digits of a driver's license number and a zip code of 5 digits. In addition, consumer 100 provides retail store 300 or merchant 400 with his/her CFTS Account Identification Number (AIN). Retail store 300 or merchant 400 enters the incomplete personal identification and AIN of consumer 100 into the device interface of the CFTS (block 3001).
The incomplete set of personal identification data and the AIN of the consumer 100 are transmitted to the CFTS computer 500 via the network 600. The CFTS computer 500 uses the received information to identify the account of the consumer 100 (block 3002).
The CFTS computer 500 determines whether there is sufficient money in the customer's account for the transaction (decision block 3003). If there is not enough money (NO branch 3004), the CFTS computer 500 denies the transaction (block 3012). If there is sufficient amount (yes branch 3005), the CFTS computer 500 freezes the amount for the transaction and sends the new verification code to the consumer 100 (block 3006).
The consumer 100 provides the passcode to the retail store 300 or merchant 400, and the retail store 300 or merchant 400 enters the passcode into the device interface of the CFTS (block 3007). The CFTS computer 500 determines whether the received verification code is the same as the verification code sent to the consumer 100 (decision block 3008).
If the validation code is incorrect (NO branch 3009), the CFTS computer 500 denies the transaction (block 3012). If the verification code is correct (yes branch 3010), i.e., the same verification code is received, CFTS computer 500 completes the transaction for consumer 100 (block 3011).
At times, retail store 300 may allow consumer 100 to interact directly with the device interface within retail store 300. In addition, an automated checkout station may desire that the consumer 100 directly coordinate with the checkout station. Additionally, for online commerce, consumer 100 may interact directly with the user interface provided by online merchant 400 through network 600. In such a case, the flow diagrams shown in fig. 4A and 4B, in conjunction with the system diagram shown in fig. 1, illustrate how these transactions may be conducted over a CFTS.
The consumer 100 enters incomplete personal identification data, such as the last four digits of the driver's license number and the 5 digit zip code, as well as AIN, into a device interface that sends the entered data to the CFTS computer 500 over the network 600 (block 4001). The CFTS computer 500 uses the received information to identify the customer's account (block 4002).
The CFTS computer 500 determines whether there is sufficient money in the consumer's account for the transaction (decision block 4003). If there is not enough money (NO branch 4004), the CFTS computer 500 denies the transaction (block 4012). If there is a sufficient amount (yes branch 4005), the CFTS computer 500 freezes the amount for the transaction and sends the new verification code to the consumer 100 (block 4006).
The consumer 100 enters the verification code into a device interface, which sends the verification code to the CFTS computer 500 (block 4007). The CFTS computer 500 determines whether the received passcode is the same as the passcode sent to the consumer 100 (decision block 4008). If the verification code is incorrect (NO branch 4009), the CFTS computer 500 denies the transaction (block 4012). If the verification code is correct (yes branch 4010), i.e., the same verification code is received, CFTS computer 500 completes the transaction for consumer 100 (block 4011).
Alternatively, the consumer 100 may complete a secure financial transaction using a barcode sent by the CFTS computer 500 onto his/her personal communication device. The flow diagrams shown in fig. 5A and 5B, in conjunction with the system diagram shown in fig. 1, illustrate how such transactions are conducted over a CFTS.
The device interface at the retail store 300 reads the barcode from the personal communication device of the consumer 100 (block 5001) and sends the barcode data to the CFTS computer 500 over the network 600. The CFTS computer uses the barcode to identify the customer's account (block 5002).
The consumer enters his/her Personal Identification Number (PIN) into the device interface, which sends the PIN to the CFTS computer 500 via the network 600 (block 5003).
The CFTS computer determines whether the PIN entered by the consumer 100 is correct (block 5004). If the PIN is incorrect (no branch 5005), the CFTS computer 500 denies the transaction (block 5016). If the PIN is correct (yes branch 5006), the CFTS computer 500 determines if there is sufficient money in the customer's account for the transaction (decision block 5007). If there is not enough money (no branch 5008), the CFTS computer 500 denies the transaction (block 5016). If there is sufficient amount ("yes" branch 5009), the CFTS computer 500 freezes the amount for the transaction and sends the new verification code to the consumer 100 (block 5010).
The consumer 100 enters the verification code into the device interface, which sends the verification code to the CFTS computer 500 (block 5011).
The CFTS computer 500 determines whether the received verification code is the same as the verification code sent to the consumer 100 (decision block 5012). If the verification code is incorrect (no branch 5013), the CFTS computer 500 denies the transaction (block 5016). If the verification code is correct (yes branch 5014), i.e., the same verification code is received, the CFTS computer 500 completes the transaction for the consumer 100 (block 5015).
The system and method of the present disclosure may also improve the login security of the computer system. The flow chart shown in fig. 6 illustrates how a fraudster may not log into a computer system even with the correct user ID and password.
The principal enters the correct user ID and password to log in to the computer system (block 6001). Based on the correct user ID and password, the computer system sends a new authentication code to the registered user (block 6002). The principal is prompted to enter the verification code into the computer system (block 6003).
The computer system determines whether the passcode entered by the principal is the same passcode sent to the registered user (decision block 6004). If the verification code is incorrect (no branch 6005), the computer system denies the principal to log in (block 6008). If the verification code is correct (YES branch 6006), the computer system allows the principal to log into the computer system (block 6007).
The system and method of the present disclosure may also be used to conduct financial transactions through personal identification documents. The flow diagrams shown in fig. 7A and 7B, in conjunction with the system diagram shown in fig. 1, illustrate how a financial transaction may be completed in this manner.
The device interface reads the embedded data from the personal identification document of the consumer 100 and sends the embedded data to the CFTS computer 500 (block 7001).
The CFTS computer 500 identifies the account of the consumer 100 using the data received from the device interface (block 7002).
The CFTS computer 500 determines whether the customer's account allows the requested transaction (decision block 7003). For example, if the consumer's account is a credit account, the account allows the requested transaction if it has available credit for the transaction. If the consumer's account is a prepaid account, the account allows the requested transaction if it has a sufficient amount for the transaction. If the account does not allow the transaction ("NO" branch 7004), the CFTS computer 500 denies the transaction (block 7012). If the account allows such a transaction ("yes" branch 7005), CFTS computer 500 freezes the amount of money for the transaction and sends a new verification code to consumer 100 (block 7006).
Consumer 100 provides the verification code to the merchant. The merchant enters the passcode into the device interface, which sends the passcode to the CFTS computer 500 (block 7007).
The CFTS computer 500 determines whether the received passcode is the same as the passcode sent to the consumer 100 (decision block 7008). If the verification code is incorrect (no branch 7009), the CFTS computer 500 denies the transaction (block 7012). If the verification code is correct (yes branch 7010), i.e., the same verification code is received, the CFTS computer 500 completes the transaction for the consumer 100 (block 7011).
The methods described herein may be implemented in a variety of ways depending on the application. For example, the methods may be implemented in hardware, firmware, software, or any combination thereof. For a hardware implementation, the processes may be implemented within one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), processors, controllers, micro-controllers, microprocessors, electronic devices, other electronic units designed to perform the functions described herein, or a combination thereof.
For a firmware implementation and/or a software implementation, the methodologies may be implemented with modules (e.g., procedures, functions, and so on) that perform the functions described herein. Any machine-readable medium tangibly embodying instructions may be used in implementing the methodologies described herein. For example, software codes may be stored in a memory and executed by a processor. The memory may be implemented within the processor or external to the processor. The term "memory" as used herein refers to any long term, short term, volatile, non-volatile, or other memory and is not to be limited to any particular type of memory or number of memories, or type of media upon which content is stored.
If implemented in firmware and/or software, the functions may be stored as one or more instructions or code on a computer-readable medium. Examples include computer-readable media encoded with a data structure and computer-readable media encoded with a computer program. Computer readable media includes physical computer storage media. A storage media may be any available media that can be accessed by a computer. By way of example, and not limitation, such computer-readable media can comprise RAM, ROM, EEPROM, CD-ROM, DVD or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium that can be used to store desired program code in the form of instructions or data structures and that can be accessed by a computer; disk and disc, as used herein, includes Compact Disc (CD), laser disc, optical disc, Digital Versatile Disc (DVD), floppy disk and blu-ray disc where disks usually reproduce data magnetically, while discs reproduce data optically with lasers. Combinations of the above should also be included within the scope of computer-readable media.
In addition to being stored on a computer-readable medium, the instructions and/or data may also be provided as signals on a transmission medium included in the communication device. For example, the communication device may include a transceiver having signals representing instructions and data. The instructions and data are configured to cause one or more processors to implement the functions described in the claims. The communication device may not store all of the instructions and/or data on the computer-readable medium.
The embodiments described in this disclosure may be combined as desired to form a variety of applications. Those skilled in the art and technology to which this disclosure pertains will appreciate that: changes and modifications may be made to the described structure without departing substantially from the principles, spirit and scope of the present disclosure. Such alterations and modifications are not to be construed as a departure from the disclosure.
Claims (20)
1. A computer system for conducting financial transactions without the use of traditional financial instruments and maintaining a user's identity secret during said financial transactions, the computer system comprising:
a computer processor and a memory device;
a database stored on the memory device for storing in association with an account of a user at least incomplete personal identification information of the user sufficient for identifying the user and contact information of a personal communication device of the user;
a communication device operable by the processor to send a new verification code to the user's personal communication device in substantially real time in response to receiving incomplete personal identification information of the user from a subject and the user's account meeting a predetermined condition, the new verification code having a predetermined lifetime; and
a transaction processing module operable by the processor to authorize the user's account for a financial transaction and to allow the subject to conduct the financial transaction in response to receiving the new passcode from the subject prior to expiration of the new passcode.
2. The computer system of claim 1, wherein the processor generates an instruction to freeze the user's account when an incorrect verification code is received from the subject.
3. The computer system of claim 1, wherein the communication device is further operable by the processor to send a photograph of the user to a party interacting with the principal in response to receiving incomplete personally identifying information of the user from the principal.
4. The computer system of claim 1, wherein the incomplete personally identifying information for the user includes at least an incomplete phone number associated with the user.
5. The computer system of claim 1, wherein the incomplete personal identification information of the user comprises an incomplete phone number and a short code associated with the user.
6. The computer system of claim 1, wherein the user's incomplete personal identification information comprises a set of data read from an official government issued identification document.
7. The computer system of claim 1, wherein the user's incomplete personal identification information comprises a set of data read from an official government issued identification document and a short code associated with the user.
8. The computer system of claim 1, wherein the predetermined condition comprises having sufficient funds available in the user's account.
9. The computer system of claim 1, wherein the predetermined condition comprises having sufficient credit available in the user's account.
10. The computer system of claim 1, wherein the predetermined condition comprises an account of the user being qualified.
11. A computerized method for conducting a financial transaction without the use of traditional financial instruments and keeping the identity of a user secret during said financial transaction, the computerized method comprising:
storing, in association with an account of a user, at least incomplete personal identification information of the user and contact information of a personal communication device of the user, the incomplete personal identification information of the user being sufficient for identifying the user;
in response to receiving incomplete personal identification information of the user from a subject and an account of the user meeting a predetermined condition, sending a new verification code to the personal communication device of the user in substantially real-time, the new verification code having a predetermined lifespan; and
approving the user's account for the financial transaction and allowing the principal to conduct the financial transaction in response to receiving the new passcode from the principal before the new passcode expires.
12. The computerized method of claim 11, further comprising: freezing the account of the user when an incorrect verification code is received from the subject.
13. The computerized method of claim 11, further comprising: in response to receiving incomplete personally identifying information for the user from the principal, sending a photograph of the user to a party interacting with the principal.
14. The computerized method of claim 11, wherein the incomplete personally identifying information for the user comprises a telephone number associated with the user.
15. The computerized method of claim 11, wherein the incomplete personal identification information of the user includes at least an incomplete phone number and a short code associated with the user.
16. The computerized method of claim 11, wherein the user's incomplete personally identifying information comprises a set of data read from an official government issued identification document.
17. The computerized method of claim 11, wherein the user's incomplete personally identifying information comprises a set of data read from an official government issued identification document and a short code associated with the user.
18. The computerized method of claim 11, wherein the predetermined condition comprises having sufficient funds available in the user's account.
19. The computerized method of claim 11, wherein the predetermined condition comprises having sufficient credit available in the user's account.
20. The computerized method of claim 11, wherein the predetermined condition comprises an account of the user being qualified.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US61/211,335 | 2009-03-30 | ||
| US12/726,218 | 2010-03-17 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| HK1148595A true HK1148595A (en) | 2011-09-09 |
Family
ID=
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10521798B2 (en) | Digital financial transaction system | |
| US12039532B2 (en) | Universal customer identification system | |
| US20240153027A1 (en) | Online authorization system | |
| US20220101329A1 (en) | Advanced check clearance system | |
| US12423709B2 (en) | System of security that prevents abuse of identity data in global commerce via mobile wireless authorizations | |
| US20100044430A1 (en) | Automated Remittance Network | |
| US20110029428A1 (en) | Mobile Remittance Network | |
| US20110225045A1 (en) | Paperless Coupon Transactions System | |
| HK1148595A (en) | Cardless financial transactions system | |
| HK1148143A (en) | Privacy protected anti-identity theft and payment network |