RU2395118C1 - System for protection of payment systems - Google Patents

Abstract

FIELD: information technologies. ^ SUBSTANCE: system comprises controller for analysis of transactions data. Comprises at least one switching network for transfer of transactions data within the limits of one or several facilities of access to data. Data access facilities generate coded information of their identification and coded data of transactions into system of data processing. System of data processing includes user interface communicated with remote access facility. It is connected to controller of data processing system and system for reduction of fraud operations number. Controller via protocol of data exchange is connected to server for storage of data, user interface and system for reduction of fraud operations. Prior to authorisation of transaction, processing in system for reduction of fraud operations number checks personal data of services user. One list is generated with data of payments processed earlier for its benefit. List with receiver data on previously processed transactions for its benefit. List with data of all payment receivers on transactions that were earlier processed by user. Lists are sent to controller of data processing system to compare data on processed payments with data of current payment. Availability of similar payments is analysed (by sums, essentials) for the benefit of this receiver from other payers. Availability of similar receivers on earlier made payments of user, which make it possible to cash funds, frequency and sums of such payments. Availability of payments for the benefit of this user and assessment of current payment for the benefit of specified receiver for the possibility of further cashing of payment funds by user. Compliance and consistency of current payment parametres (user, receiver, technical data, etc.) broken down by various characteristics on the basis of accumulated data on receiver on all earlier made transactions. Availability of transactions with payments for the benefit of payer on payment of current transaction, which are later recognised as fraud. In case data is available to reject authorisation of user transaction, system for reduction of fraud operations number sends rejection of transaction permission sends via communication network into controller of data processing system and/or access facility. ^ EFFECT: creation of additional system for reduction of fraud operations number when working with payment systems. ^ 3 dwg

Description

The present invention relates to systems for protecting payment systems and their users from intruders and is used when working with payment systems through remote terminals from which a request for authorization of a transaction is generated, transmitted to the processing center / core of the information system that interacts with the payment system, or directly to the payment system system, based on the parameters of the transaction, at least the data about the payee as a result of the transaction, a decision is made for permission or from kaz in transaction authorization.

The terminals include personal computers, workstations, workstations, mobile devices, payment machines, POS and ATM terminals.

A known method of protecting payment systems is that, to protect a transaction in a computer network, a once-used transaction password is transmitted to the service user, which is transmitted through the computer network from the service user to the provider (service provider) to confirm the transaction, and such a transaction password is transmitted through the network mobile radio communication to the mobile communication terminal device at the disposal of the user of the services, and before transmitting the password of the transaction to the user of the services, they are checked by his persons flax data, see. RU 2003109605, 2004.09.27.

The disadvantage of this analogue is the low efficiency in preventing fraudulent operations. This is due to the fact that in order to authorize a payment, fraudsters need to obtain the existing personal data of the payer-holder of payment cards and / or accounts and a PIN code, which are transmitted in clear form via an unsecured data transmission channel, and make a payment at the active time of the day, corresponding to the territorial affiliation payer. Since it is possible to obtain personal payer data and a PIN code, the described method does not provide high protection against fraudulent transactions. In addition, in this analogue, the hardware is not disclosed by which the declared proposal could be implemented.

The objective of the invention is the creation of an automated, reliable, highly effective, resistant to attempts to fraud, cost-effective system that processes electronic transactions with maximum reliability and reliability.

The objective of the invention is to create an additional system to reduce the number of fraudulent transactions when working with payment systems.

The specified technical result is achieved in that the protection system of payment systems contains at least one remote means of accessing data for entering and sending transaction data and identification information of the access means, the access means comprising a controller for controlling the input and forwarding of transaction data,

and at least one data processing system for processing, transferring, checking, analyzing and storing data and identification information, this system comprising a controller for analyzing transaction data, and at least one communication network for transmitting transaction data between one or more means of accessing data, and means of accessing data provide encrypted information of their identification and encrypted transaction data to the data processing system, and the data processing system contains a message nny remote user access interface means, coupled to the controller data processing system and reduce the number of fraudulent operations, wherein the controller through the communication protocol with the server for storing data as well as the user interface and system reducing the amount of fraudulent transactions,

Before authorizing the transaction by processing in an additional system for reducing the number of fraudulent transactions, they check the personal data of the user of the service, forming one list with data of previously made payments in his favor, a list with the data of the recipient about previously completed transactions in his favor, and a list with the data of all recipients of payment for transactions, by a previously committed user

lists are sent to the controller of the data processing system to compare data on payments made with the data of the current payment, while at least the presence of similar payments (in amounts, details) in favor of this recipient from other payers, the presence of similar recipients for previously made user payments are analyzed, allowing to cash out the funds, frequency and amount of such payments, after which, if there is data to refuse authorization of the user's transaction, the system to reduce the number of frauds their operations through a communications network transmits a controller data processing system and / or means of access refusal to allow the transaction.

The invention is illustrated by drawings, which show the following system diagrams, on:

figure 1 - description of the system when interacting with a payment system through an information system;

figure 2 - description of the system when interacting directly with the payment system;

figure 3 - diagram of the system.

The protection system of payment systems to reduce the number of fraudulent transactions is contained in the information system that interacts with the payment system (Fig. 1), or is contained directly in the payment system (Fig. 2) and interacts directly or indirectly with at least one remote access tool (user interface ) through which the User initializes the transaction and enters data (100). The remote access means provides data transmission (200) to the core (processing) of the information system interacting with the payment system (Fig. 1) or the payment system (Fig. 2) and forwarding messages to the User, also processing, analysis and data verification are carried out transactions, writing to the data warehouse (DB) and direct (300) or indirect (400) interaction with the payment system protection system, a system for reducing the number of fraudulent transactions, to which data on previously completed transactions is transmitted through processing Barrier-, user and payee of the current transaction to transaction analysis accessories to fraudulent transactions.

Before authorizing a transaction by processing in a system to reduce the number of fraudulent transactions, an analysis and verification of transaction data of membership in fraudulent transactions is carried out on the basis of the following data: information about the User and his payment card and / or account provided by the processing of the information system that interacts with the payment system (Fig. 1 ), and / or processing of the payment system; a list with data of previously conducted transactions with payments in favor of the User, a list with data of the payee for the current transaction with complete information on previously completed transactions with payments in favor of this recipient, a list with data of all recipients of payments for transactions made earlier by this User. The data from the lists is analyzed and compared with the data of the current transaction (User, payee, payment parameters, technical parameters of the transaction), while at least the presence of similar payments (in amounts, details) in favor of this recipient from other payers is analyzed; the presence of similar recipients for previously made payments by the User, allowing you to cash out the funds, frequency and amount of such payments; all payments and their parameters made in favor of the recipient specified in the payment of the current transaction; the feasibility and possibility of making a payment by the User and his payment card and / or account in favor of the recipient of the current payment based on the characteristics of the recipients of previously made payments. At least the current payment belongs to the laundering and illegal cash withdrawal or fundraising operations. After analysis, if there is data to refuse authorization of the User’s transaction, the system for reducing the number of fraudulent transactions sends a refusal to authorize the transaction through the communication network to the processing and / or access means.

By analyzing the accumulated data about the recipients, the number of fraudulent transactions is significantly reduced, since strict control and limits on authorization of payments in favor of the recipients are established, which allow to cash out the received funds in the future. Payments in favor of one beneficiary, causing suspicion of illegal collection of funds, are prevented. Payments suspicious of the expediency and interest of the owner of the payment card and / or payment account in favor of the indicated recipient are not authorized.

A block diagram of the logic of the system to reduce the number of fraudulent transactions is shown in Fig.3.

Recipient data is saved during the processing of each transaction, regardless of the payment results and contains the following parameters:

details of the payee, payment details, payment amount, date and time of payment, details of the payment card and / or account, personal data of the Paying User, technical parameters of the transaction.

1. A user through a terminal and a remote means of access to the system initiates a transaction for making a payment. In this case, the User indicates the payment parameters: recipient, amount, additional details, payment method and source of payment.

2. The system analyzes the transaction parameters: payment parameters, identification and information about the User, technical parameters of the transaction, which are determined using a remote access tool.

3. The system generates data for transaction and payment analysis and determination of their belonging to fraudulent transactions. As a result, the following data is determined:

a) information about the User and his payment card and / or account,

b) a list with data of previously conducted transactions with payments in favor of the User (b),

c) a list with the data of the payee for the current transaction with full information on previously completed transactions with payments in favor of this payee (s),

d) a list with the data of all recipients of payments for transactions made previously by this User (d).

4. The system analyzes and compares the accumulated information about the recipients with information on payment of the current transaction. At the same time, at least the following criteria are identified:

a) the presence of similar payments (in amounts, details) in favor of this recipient from other Users, the membership of these payments in the illegal receipt of funds is analyzed;

b) whether the recipient of the current payment is in the interests of the Paying User;

c) the availability of similar recipients for previously made payments by the User, allowing to cash the funds, frequency and amount of such payments;

d) the availability of payments in favor of this User and the assessment of the current payment in favor of the indicated recipient for the possibility of further cashing out of the means of payment by the User;

f) the correspondence and consistency of the parameters of the current User, payment card or account, technical parameters of the transaction and the recipient in the context of various characteristics (geographical location, details and payment amounts, etc.) based on accumulated data about the recipient for all previously conducted transactions;

f) the presence of transactions with payments to the beneficiary for payment of the current transaction, subsequently recognized as fraudulent.

5. To determine whether a transaction belongs to a fraudulent transaction, the system evaluates the identified criteria and compares it with a threshold acceptable value, without exceeding which the payment for the transaction can be authorized.

Before authorization of the payment, in addition to the existing means of checking and analyzing the details of the payment card and / or account and payment, personal data of the payer and technical means of payment, an analysis of the data on payment recipients accumulated in the declared system is used, which consists in the fact that the data is checked for consistency and consistency recipients of previously made payments with the data of the recipient of the current payment. All payments and their parameters made in favor of the recipient specified in the current payment are analyzed. The feasibility and possibility of making a payment by the payer and his payment card and / or account in favor of the recipient in the current payment based on the characteristics of the recipients of previously made payments is analyzed.

The affiliation of the current payment to laundering and illegal cash withdrawal or fundraising operations is revealed.

By analyzing the accumulated data about the recipients, the number of fraudulent transactions is significantly reduced, since strict control and limits on authorization of payments in favor of the recipients are established, which allow to cash out the received funds in the future. Payments in favor of one beneficiary, causing suspicion of illegal collection of funds, are prevented. Payments suspicious of the expediency and interest of the owner of the payment card and / or payment account in favor of the indicated recipient are not authorized. Recipient data is saved during each payment and contains the following parameters: data of the payee, payment details, payment amount, date and time of payment, details of the payment card and / or account, personal data of the payer, technical parameters of payment.

Before authorizing a payment, a list is first formed with data of previously made payments in favor of the recipient indicated in the current payment, and all payments made by the payer. The data in the list of payments is compared with the data of the current payment, while analyzing:

- the presence of similar payments (in amounts, details) in favor of this recipient from other payers, the membership of these payments in the illegal receipt of funds is analyzed;

- Does the recipient of the current payment meet the interests of the payer;

- the presence of similar recipients for previously made payments of the payer, allowing you to cash the funds, frequency and amount of such payments.

Based on the results of the analysis, a decision is made to authorize the payment.

Claims (1)

A payment system protection system comprising at least one remote data access means for entering and sending transaction data and access means identification information, the access means comprising a controller for controlling the input and transfer of transaction data and at least one data processing system for processing, transfer, verification, analysis and storage of data and identification information, and this system contains a controller for analyzing transaction data and at least one communication network for I transfer transaction data within between one or more data access means, the data access means issuing encrypted identification information and encrypted transaction data to the data processing system, and the data processing system contains a user interface communicated with the remote access means connected to the controller a data processing system and a system to reduce the number of fraudulent operations, while the controller through a protocol for exchanging data with the server to save data, as well as with the user interface and the system for reducing the number of fraudulent transactions, before authorizing a transaction by the processing system in the system for reducing the number of fraudulent transactions, they verify the personal data of the user of the service, forming one list with data of previously made payments in his favor, a list with the data of the recipient about previously completed transactions in his the benefit and a list with the data of all recipients of payments for transactions made previously by the user, issue lists to the controller of the data processing system for comparing the data on payments made with the data of the current payment, at the same time analyzing at least the presence of similar payments for the amounts and details in favor of this recipient from other payers, the presence of similar recipients for previously made user payments that allow you to cash out the funds, frequency and amount of such payments, the presence of transactions with payments to the beneficiary for the payment of the current transaction, subsequently recognized as fraudulent, after which, if there is data to refuse authorization user transactions, the system for reducing the number of fraudulent transactions transmits through the communication network to the controller of the data processing system and / or access means a refusal to authorize a transaction.

Images