GB2330674A - Reducing card fraud - Google Patents

Reducing card fraud Download PDF

Info

Publication number
GB2330674A
GB2330674A GB9722235A GB9722235A GB2330674A GB 2330674 A GB2330674 A GB 2330674A GB 9722235 A GB9722235 A GB 9722235A GB 9722235 A GB9722235 A GB 9722235A GB 2330674 A GB2330674 A GB 2330674A
Authority
GB
United Kingdom
Prior art keywords
card
point
data
sale
image
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
GB9722235A
Other versions
GB9722235D0 (en
Inventor
Michael Ian Davis
Bryan Spencer Leeming
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to GB9722235A priority Critical patent/GB2330674A/en
Publication of GB9722235D0 publication Critical patent/GB9722235D0/en
Publication of GB2330674A publication Critical patent/GB2330674A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/253Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition visually
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1025Identification of user by a PIN code

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Computer Security & Cryptography (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Human Computer Interaction (AREA)
  • Credit Cards Or The Like (AREA)

Abstract

Credit and transaction card fraud is prevented by including, amongst the data carried on a semiconductor chip embedded in the card, image data allowing display of the cardholder's face on the screen of the point of sale terminal. The image data may be compressed and/or encrypted. Certain pixels of the image, at positions derived by hashing the user's PIN number, are modified so that some function (e.g. sum) of their values equals a number derived by hashing the PIN, for further security.

Description

A METHOD OF REDUCING CARD FRAUD This invention provides improved security in transactions which are authorised by cards, exemplified by credit cards.
Background : In many spheres of commerce, the "card" has become the method by which the individual identifies himself to the other party. A card typically is a laminated or monolithic plastic flat construct with dimensions approx. (but not essentially) 54 mm. x 86 mm., usually but not always, with a magnetic stripe and embossed visibly readable data. Because the data is embossed, it can be readily printed upon a sales transaction form which the customer may sign to complete the transaction.
Cards take a variety of types; the principal ones are: Credit cards (e.g. Visa, Mastercharge) Customers offer the card to a variety of vendors. The card company then bills the customer monthly, and offers credit terms to customers who do not wish to repay the total owing in repayment, and are prepared to pay a credit charge for this facility.
Debit cards, where the customer shops in the same way, but the card causes automatic deductions to the user's account.
Loyalty Cards as produced by major retailers. These offer preferential terms and bonuses to customers who have accrued a significant balance of trading with a particular store.
Security cards, which allow the holder to obtain access to an area, or to information.
Cheque cards, used to authenticate and guarantee the user's cheques.
Cash cards, used to obtain a cash advance from automatic teller machines, or from the equivalent, manned by humans.
There are a number of other types of card. All types of card fall into the domain of the present invention. For all of the above types of card, it is a major concern of all parties involved in the transaction that cards can be , and frequently are, stolen or used by unauthorised individuals. This form of theft constitutes a huge annual sum, and contributes in a major degree to the overheads of the issuing companies, who pass on some or all of these costs to their users. It is the purpose of the present invention to prevent fraudulent use of cards by unauthorised individuals, and thus reduce this loss.
In some cards, known as "smart cards", electronic memory means are included in each card, arranged so that further electronic means at each point-of sale (or point of use) terminal can interrogate the data on the card at the time it is tendered, and so ascertain, for example, the user's current balance. The techniques of reading and updating such cards at the point and time of use are well known to those skilled in the art.
The data presently stored in such cards may include name, address, Personal Identification Number ( PIN), current balance, account information and some history of previous transactions. This information is stored in a semiconductor chip included within the card. This chip provides any of a number of types of data storage means, more frequently ROM (Read Only Memory) or EEPROM (Electrically Erasable Read Only Memory). Such memory means allow the permanent retention of data. Some technologies, such as EEPROM, may allow changing of the data at the time and point of sale. Thus, for instance, the user's current balance can be amended immediately after a purchase. Other technology types do not permit this. They are, by their nature, capable of being written only once.
The fusible-link technology ROM is an example of this.
According to the present invention, storage means such as these are used to hold, in addition to any other data already demanded by the application, a digital representation of the image of the cardholder's face. This data is read by a workstation at the point of sale and is displayed on a visual display unit (VDU) so that the operator can compare it with the appearance of the person offering the card.
A specific embodiment of the invention will now be described by way of example with reference to the accompanying drawing Figure 1, which shows the major components of a point of sale workstation which is used in conjunction with the card described.
The workstation at the point of sale is typically a Personal Computer embodying a visual display unit (VDU). The present invention, however, is also applicable to point of sale units based on other data processing terminals, and to fixed function terminals using television standard screens.
When the user presents their card, hardware commonly in use in conjunction with handling smart cards reads the magnetic stripe, and also extracts the data from the memory means embedded within the card. This data is then decrypted (if required) and copied into part of the display buffer of the point of sale computer. The cardholder's face will then appear on the screen; the operator can then compare this with the cardholder's appearance. A typical installation capable of performing these functions is shown in Figure 1.
There are a number of conventions for representing an image in binary form. The present invention covers, but is not limited to: 1/. The JPEG (Joint Photographic Expert's Group) representation for still pictures. This representation allows the picture data to be compressed prior to storing it in the card's Read Only Memory. The compression and decompression are lossless, i.e. no data in the original representation is lost by the processes of compression and decompression.
2/. The MPEG 11 Standard (Motion Picture Expert Group) also provides for compression and decompression, but in this case there is a certain amount of loss in the process. The compressed data typically occupies less space than in JPEG representation.
Both JPEG and MPEG are sub-groups of the American National Standards Institute (ANSI), who are responsible for publishing the standards.
3/. The image data may be stored in uncompressed form in any of a number of standards in common use in personal computers. These are known as modes, and one is picked for example here, where the process of calculating the size of the storage means in the card is illustrated and shown to be practicable.
In mode 2E, the number of lines on the screen is 480 and the number of picture elements (pixels) per line is 640. This results in a rectangular picture in the landscape orientation with an aspect ratio of 4:3. A total of 640 x 480 = 307200 pixels are needed. It is not essential for the image of the cardholder to fill the screen. Some screen area may be simultaneously needed to display data and/or to provide prompts, menus or selection icons to the operator. If the image does not occupy the whole screen, the amount of data which must be retained is reduced accordingly.
To further reduce the possibility of an unauthorised alteration of the image data, we recommend that the following novel method, which is part of the present invention, be adopted. A small number (say five, for example) of the pixels which make up the image of the cardholder's face are designated for the purpose of security. The position of these pixels in the picture is different for every card, and is derived from a hashing algorithm applied to the user's PIN number ( personal identification number). Thus, these pixels will appear in seemingly random and different positions on each card. A rule is made that the numerical value of some function of these pixels individual values (in a very simple case, the sum of their values) shall equal a number derived by a hashing technique from the cardholder's PIN.
The system which scanned the original picture is aware of the values which these pixels should take, but will modify their values slightly so that the summation rule is met. Some of the five pixels may now be a slightly different colour, but to any observer, this tiny effect will be swamped by normal error diffusion in the original. There is thus no way for an intending counterfeiter to discover which pixels are involved. If he scans his own picture into the card, the rule will not be met. The rule is checked automatically by the computer in the point of sale terminal.
Using two binary digits (bits) of information to represent one pixel allows the pixel to take any of four values. This is quite adequate for a monochrome picture, is less expensive than colour (both per card and for each workstation) it should be noted that many screens in use today are monochrome, particularly those in the liquid crystal technology.
If a colour picture of the cardholder is required, the number of bits per pixel is increased. The more bits per pixel, the better the quality of the picture: a value of 8 bits per pixel has been shown to be satisfactory, and happens to coincide with the standard on Mode 2E. Other nodes with other numbers of bits per pixel are not excluded by the present invention.
Thus for a monochrome picture, 307200 x 2 = 614400 bits of storage are required, while for a colour picture, 307200 x 8 = 2457600 bits would be required at 8 bits per pixel. Read Only Memory chips of both technology types discussed earlier are readily available in capacities up to 16 million bits, so the cardholder's image data fits easily within such a chip, leaving room for other data. Naturally, if the data is compressed by 'PEG, MPEG or other techniques, the requirement is less. 'PEG, for example, often leads to compression ratios of ten to one, so that the number of bits required would reduce to 61440 for monochrome and 245760 for colour.
The various encryption techniques available usually increase the number of bits required, but only by an acceptably small amount.
By using the type of Read Only Memory which is only writable once, the data cannot be rewritten by a would-be fraud. Such a person would have to manufacture a whole new card and to be familiar with every security safeguard built into the manufacturing processes. This will discourage criminals because the effort required is not worth the payback.
The use of EEPROM in a smart card is mandated by the need to update parameters stored on the card (e.g. current balance). EEPROM is not the best technology to choose to hold the picture information as it can be changed after manufacture. However, it is possible for the chip manufacturer to arrange that the ability to rewrite selected areas of the EEPROM can be destroyed after the picture has been loaded by the card manufacturer. This does not prevent other desired areas of the chip retaining the necessary read/write capability.
The problem can also be overcome by combining ROM and EEPROM on the same chip. Each technology can then be used for retention of the appropriate types of data. Such mixed technology chips are available from several major vendors.
During the following detailed description of the operation of the point of sale terminal, the numbers in brackets refer to Figure 1.
The computer (1) shown is typical of personal computers and consists of a processor (3) capable of executing instructions and a memory (2) usually of several million bytes capacity capable of storing said instructions in the form of one or more computer programs, and also of storing the data on which processing is to take place. An I/O (input/output) bus (11) connects the processor (3) to a plurality of I/O adapters (4), (5), (6), (7), (8), and (9). These are hardware elements whose function is to match the characteristics of each physical I/O device to the signalling conventions of the I/O bus. The hardfile adapter (8) controls the hardfile, which is the repository within the system for large volumes of data, and also acts as a residence for the various programs. The communications adapter (9) and the associated modem ( modulator/demodulator) are optional and provide data communications facilities over telephone lines or a local area network to other sites. Data regarding the transaction are transferred by this means.
The keyboard adapter (6) connects keyboard (13) to the system, and the display adapter (7) connects the VDU to the system. Figure 1 shows a monitor (12) as the VDU, but a liquid crystal or other flat screen technology are often used.
All items described so far are common in most personal computers. The items which are specifically also required in a point of sale installation to handle smart cards are the Magnetic stripe reader (14) and the ROM reader (15) with their adapters (4) and (5) respectively. The ROM reader (15) and its adapter (5) are also capable of writing to the ROM The ROM reader (15) and the Magnetic stripe reader (14) together form the card entry station.
In operation, under the control of computer programs resident on hardfile (8) executed by processor (3) using memory (2) as a source of data and the currently executing section of programming, the presence of a card is sensed. The magnetic stripe data is moved by the processor (3) into memory (2) from Magnetic stripe reader (14), Magnetic stripe reader adapter (4) and I/O bus (11). The image data is moved by the processor (3) into memory (2) from ROM reader (15), ROM reader adapter (5) and I/O bus (11). After decryption and decompression as required have been executed, the image data is moved to a specific part of memory (2) or alternatively into dedicated memory housed within display adapter (7) from which pixel data are extracted in correct sequence by display adapter (7) and sent to the VDU [monitor (12) in Figure 1].
The operator can now compare this picture with the cardholder's appearance.

Claims (1)

  1. CLAIMS 1/. In a credit or transaction card of any type in which electronic storage means exist to hold a variety of data items, the storage of image data in computer readable form and which image data represents a picture of the face of the authorised user, which can be displayed on the VDU of the point of sale terminal.
    2/. That the availability of such an image as claimed in Claim 1 on a display unit conveniently accessible to the operator of a point of sale or other type of authorisation terminal will render the presentation of the card by an unauthorised individual very difficult or impossible.
    3/. That the display of such images as claimed in Claim 1 can be carried out on any suitably equipped terminal, at any location in the world, without the need for bulk storage of many cardholder's images, and without the need to transmit images from one location to another.
    4/. That the number of cardholders able to obtain authorisation at the same time and without unnecessary delay is limited only by the number of point of sale terminals, and not by the availability, proximity and performance of any other apparatus or transmission path for data.
    51. A combination of card and point of sale terminal as claimed in Claim 1 in which compression and decompression techniques are used to reduce the volume of data to be stored.
    6/. A combination of card and point of sale terminal as claimed in Claim 1 or Claim 5 in which encryption and decryption techniques are used to increase the security of the data.
    7/. The use of facilities at point of sale terminals to extract the image data from the card, and to display the image of the cardholder's face.
    8/. A combination of card and point of sale terminal as claimed in Claim 1 or Claim 5 or Claim 6 in which the use of certain pixels to carry security checking information is included, to prevent unauthorised modification of the image.
GB9722235A 1997-10-21 1997-10-21 Reducing card fraud Pending GB2330674A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB9722235A GB2330674A (en) 1997-10-21 1997-10-21 Reducing card fraud

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB9722235A GB2330674A (en) 1997-10-21 1997-10-21 Reducing card fraud

Publications (2)

Publication Number Publication Date
GB9722235D0 GB9722235D0 (en) 1997-12-17
GB2330674A true GB2330674A (en) 1999-04-28

Family

ID=10820870

Family Applications (1)

Application Number Title Priority Date Filing Date
GB9722235A Pending GB2330674A (en) 1997-10-21 1997-10-21 Reducing card fraud

Country Status (1)

Country Link
GB (1) GB2330674A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2919414A1 (en) * 2007-07-25 2009-01-30 Pietro Nieddo Credit card legal holder identifying device for use during payment in store, has digitized photography integrated during printing of credit card and visible by merchant, and digitized signature integrated during printing of plastic card

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4703347A (en) * 1985-03-25 1987-10-27 Matsushita Electric Works, Ltd. Individuality discriminating system
WO1989008899A1 (en) * 1988-03-10 1989-09-21 Datacard Corporation Credit card transaction apparatus and method
EP0334616A2 (en) * 1988-03-21 1989-09-27 Leighton, Frank T. Method and system for personal identification
US5214699A (en) * 1992-06-09 1993-05-25 Audio Digital Imaging Inc. System for decoding and displaying personalized indentification stored on memory storage device
WO1993019942A1 (en) * 1992-04-07 1993-10-14 Intelicard Technologies, Inc. Process and system for reading and writing images and related data to an integrated circuit card
US5259025A (en) * 1992-06-12 1993-11-02 Audio Digitalimaging, Inc. Method of verifying fake-proof video identification data
US5268963A (en) * 1992-06-09 1993-12-07 Audio Digital Imaging Inc. System for encoding personalized identification for storage on memory storage devices

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4703347A (en) * 1985-03-25 1987-10-27 Matsushita Electric Works, Ltd. Individuality discriminating system
WO1989008899A1 (en) * 1988-03-10 1989-09-21 Datacard Corporation Credit card transaction apparatus and method
EP0334616A2 (en) * 1988-03-21 1989-09-27 Leighton, Frank T. Method and system for personal identification
WO1993019942A1 (en) * 1992-04-07 1993-10-14 Intelicard Technologies, Inc. Process and system for reading and writing images and related data to an integrated circuit card
US5214699A (en) * 1992-06-09 1993-05-25 Audio Digital Imaging Inc. System for decoding and displaying personalized indentification stored on memory storage device
US5268963A (en) * 1992-06-09 1993-12-07 Audio Digital Imaging Inc. System for encoding personalized identification for storage on memory storage devices
US5259025A (en) * 1992-06-12 1993-11-02 Audio Digitalimaging, Inc. Method of verifying fake-proof video identification data

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2919414A1 (en) * 2007-07-25 2009-01-30 Pietro Nieddo Credit card legal holder identifying device for use during payment in store, has digitized photography integrated during printing of credit card and visible by merchant, and digitized signature integrated during printing of plastic card

Also Published As

Publication number Publication date
GB9722235D0 (en) 1997-12-17

Similar Documents

Publication Publication Date Title
US9792608B2 (en) System and method for customer video authentication to prevent identity theft
US5259025A (en) Method of verifying fake-proof video identification data
US5214699A (en) System for decoding and displaying personalized indentification stored on memory storage device
US6592044B1 (en) Anonymous electronic card for generating personal coupons useful in commercial and security transactions
US6494367B1 (en) Secure multi-application card system
US6068183A (en) Chip card system
JP2889486B2 (en) Credit card verification system
DE60316498T2 (en) Smart card, portable terminal and access control method
US6669100B1 (en) Serviceable tamper resistant PIN entry apparatus
US6615194B1 (en) System for secure execution of credit based point of sale purchases
US20050086160A1 (en) Method for implementing anonymous credit card transactions using a fictitious account name
Sherman et al. Secure network access using multiple applications of AT&T's smart card
US20040010462A1 (en) Method and system for a multi-purpose transactional platform
CA2898041A1 (en) Authentication device & related methods
US6028940A (en) Virtual shop computer network system which displays member shops and member shop certification method
CN108090382A (en) Show the method and apparatus of sensitive information
GB2273629A (en) Method for visual authentication by images transmitted over a telecommunication system
WO1993019942A1 (en) Process and system for reading and writing images and related data to an integrated circuit card
WO2007021124A1 (en) Method for encryption and decryption of data using pixel
GB2330674A (en) Reducing card fraud
Turban et al. Using smart cards in electronic commerce
EP0638880A1 (en) A method of verifying fake-proof video identification data
RU2158962C2 (en) Method for identification of means of payment, system of payment of transaction and method for realization of transaction
JPH02173869A (en) Personal authentication system using ic card
NL9200876A (en) Identification system with chip card