SG172224A1 - Security measures for credit card - Google Patents
Security measures for credit card Download PDFInfo
- Publication number
- SG172224A1 SG172224A1 SG2011044435A SG2011044435A SG172224A1 SG 172224 A1 SG172224 A1 SG 172224A1 SG 2011044435 A SG2011044435 A SG 2011044435A SG 2011044435 A SG2011044435 A SG 2011044435A SG 172224 A1 SG172224 A1 SG 172224A1
- Authority
- SG
- Singapore
- Prior art keywords
- card
- code
- generating
- related transactions
- dynamic authentication
- Prior art date
Links
- 238000000034 method Methods 0.000 claims abstract description 18
- 238000004891 communication Methods 0.000 description 2
- 230000001934 delay Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/385—Payment protocols; Details thereof using an alias or single-use codes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/102—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce
Abstract
A method for generating a code on card related transactions such as credit card transactions includes loading multi-factor authentication software onto the card itself. The software is read by a card transaction terminal such as an ATM or a similar payment station which generates a time and/or date specific code which is verified with a code generated on a remote CPU running similar or identical multi-factor authentication software. The two codes need not be identical, but should be similar to a sufficient tolerance to ensure that there is no security breach. Once the code is verified the transaction may proceed as it would normally.
Description
SECURITY MEASURES FOR CREDIT CARD
This invention. relates to security measures for bank card related transactions.
For purposes of this specification the term ‘card’ as applied to card related transactions shall be understood to include any type of ‘smartcard’ which includes any form of electronic processor and/or electronic memory and/or electronic storage capacity.
Card related fraud is a well documented worldwide problem. In recent studies credit card fraud was estimated to amount to 52 billion US dollars in the United States in 2007.
Diverse methods have been devised to commit card fraud including intercepting the cards, copying the secure information contained on the card and using that information to either directly make purchases or clones the card.
One of the most important steps during this process is to obtain the confidential authorization code which verifies the authenticity and detail on the card with a card reading machine. This code is unique to each card and is stored in the magnetic strip or the electronic chip on the card.
Current practise is for the code to be programmed onto the card when it is issued, and for that code to remain unchanged during the lifetime of the card.
This unchanging or static code has many drawbacks, the most important being that once it is intercepted, a would-be fraudster is free to clone the card and is capable of validating the authenticity thereof for any transaction.
The code is usually intercepted while being verified by a card reading machine. This may be accomplished by adding software to the machine (or another handheld device) which reads the card and intercepts/copies the code without otherwise affecting the transaction. The user is therefore unaware of this interception.
It is an object of this invention to provide an alternative to the single programmed static authentication code on credit and debit cards or similar card related transactions.
According to the invention a method of generating a dynamic authentication code for card related transactions includes the steps of loading algorithm generating software onto the card to generate a time and/or date specific code when used in combination with a card transaction machine, and synchronising the generated code with one similarly generated at a remote terminal.
In the preferred form of the invention, suitable algorithm-generating and/or multifactor authentication software is loaded onto a card such as a credit card. The software may be loaded onto the micro-chip or any similar storage means and/or memory of the card, or wherever suitable.
The software may be interpreted by a card reading machine such as an ATM or a card transacting terminal to generate a time and date specific code. This code may be sent to a remote terminal, on which the same software may be running and on which an identical code may be generated on similar terms.
The remote terminal may verify the authenticity of the card and allow the transaction to proceed as it would normally.
In the preferred form of the invention the software loaded onto the card may be any suitable multi factor authentication software.
In a refinement of the invention the card transaction terminal transmits a signal to the remote terminal which responds by sending a time and/or the date according to the terminal or the time zone in which the remote terminal is located.
This signal and subsequent time and date ensures that the time and/or date on the remote terminal and the card transaction terminal are identical so that an identical or suitably matched code may be generated. :
The method may be adapted to generate a new code for each new transaction, which may be valid for a specific time interval, for instance three minutes. This variation should negate any delays caused by time-and-date verification or similar communication interruptions and should ensure that the codes are always identical.
An embodiment of the invention is described below with reference to the accompanying flow diagram.
In the drawing multi-factor authentication software 12 is loaded onto a credit or debit card 10. In this embodiment multi factor authentication software is used but any suitable algorithm generating authentication software may be used.
The software may be loaded onto the microchip (not shown) of the card. It may be possible and necessary for the software to be loaded on other storage means in future depending on the evolution of card transactions.
The software is also loaded onto a remote terminal 20.
When the card is used 14 with a card reading machine 16 such as an ATM or a credit card transaction terminal the following two steps occur:
Firstly the card terminal transmits a signal or a ‘ping’ 18 to the remote terminal 20 located at a banking institution or the like (not shown). The remote terminal responds by sending back a signal 18 containing the time and/or date to the card terminal
The reasoning behind this step is to ensure that the terminals are synchronised with regards to the time and date, irrespective of time zone differences or whether the machine's time and date are set accurately.
In the next step that the card terminal reads the software from the card and interprets it, taking the time and date into account, to generate a code 24 unique to the card for that specific time and/or date.
Once the card terminal has generated the code it transmits the code 28 to the remote terminal where it is decrypted and interpreted to verify whether it is valid or not. If the codes satisfies the necessary criteria the remote terminal transmits a signal for receipt by the card terminal to authorise the transaction.
In the preferred form of the invention this whole method takes place in a matter of seconds. It is however envisioned that a code may be time interval generated and that a code will be valid for a few minutes to ensure that communication delays or transaction traffic does not affect the generation and verification of codes.
This time interval may for instance be three minutes.
Claims (11)
1. A method of generating a dynamic authentication code for card related transactions characterised in that it includes the steps of loading algorithm generating software onto the card to generate a time and date specific code when used in combination with a card transaction machine, and synchronising the generated code with one similarly generated at a remote terminal.
2. A method of generating a dynamic authentication code for card related transactions according to claim 1 characterised in that algorithm-generating and/or multifactor authentication software is loaded onto a card such as a credit card.
3. A method of generating a dynamic authentication code for card related transactions according to claim 1 or 2 characterised in that the software is loaded onto the micro-chip memory of the card.
4, A method of generating a dynamic authentication code for card related transactions ~ according to any of claims 1 to 3 characterised in that the software is interpreted by a card transacting terminal to generate a time and date specific code.
5. A method of generating a dynamic authentication code for card related transactions according to claim 4 characterised in that the card transaction terminal is an ATM (Automatic Teller Machine).
6. A method of generating a dynamic authentication code for card related transactions according to any of the above claims characterised in that the code is sent to a remote terminal, on which the same software is running and on which an identical code is generated on similar terms.
7. A method of generating a dynamic authentication code for card related transactions according to claim 8 characterised in that the code is negligibly similar to the code generated by the card transaction terminal.
8. A method of generating a dynamic authentication code for card related transactions according to any of the above claims characterised in that the remote terminal verifies the authenticity of the card and allows the transaction to proceed.
9. A method of generating a dynamic authentication code for card related transactions according to any of the above claims characterised in that the card transaction terminal transmits a signal to the remote terminal which responds by sending a time and/or the date according to the terminal or the time zone in which the remote terminal is located.
10. A method of generating a dynamic authentication code for card related transactions according to any of the above claims characterised in that method is adapted to generate a new code for each new transaction, which is valid for a specific time interval.
11. A method of generating a dynamic authentication code for card related transactions according to claim 10 characterised in that the time interval is three minutes.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| ZA200810812 | 2008-12-17 | ||
| PCT/ZA2009/000111 WO2010071904A2 (en) | 2008-12-17 | 2009-12-17 | Security measures for credit card |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| SG172224A1 true SG172224A1 (en) | 2011-07-28 |
Family
ID=42135951
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| SG2011044435A SG172224A1 (en) | 2008-12-17 | 2009-12-17 | Security measures for credit card |
Country Status (7)
| Country | Link |
|---|---|
| EP (1) | EP2380122A2 (en) |
| CN (1) | CN102301384A (en) |
| AU (1) | AU2009327344A1 (en) |
| CA (1) | CA2747249A1 (en) |
| SG (1) | SG172224A1 (en) |
| WO (1) | WO2010071904A2 (en) |
| ZA (1) | ZA201100774B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106330891A (en) * | 2016-08-21 | 2017-01-11 | 上海林果实业股份有限公司 | Smart card, verification code verifying method and system |
| WO2019031717A1 (en) * | 2017-08-09 | 2019-02-14 | 주식회사 센스톤 | Intra-store communication network-based payment system, portable terminal comprising intra-store communication network-based payment function, method for providing intra-store communication network-based payment service, and program for performing same |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7363494B2 (en) * | 2001-12-04 | 2008-04-22 | Rsa Security Inc. | Method and apparatus for performing enhanced time-based authentication |
| CA2394742A1 (en) * | 2002-01-17 | 2003-07-17 | Michel Caron | Portable device, activated by the fingerprint of the holder, that will provide a unique and different access code each time the holder uses it |
| AU2003293125A1 (en) * | 2002-11-27 | 2004-06-23 | Rsa Security Inc | Identity authentication system and method |
| CN1806217A (en) * | 2003-06-19 | 2006-07-19 | 皇家飞利浦电子股份有限公司 | Method and apparatus for authenticating a password |
| KR100645401B1 (en) * | 2006-05-01 | 2006-11-15 | 주식회사 미래테크놀로지 | Time sync type otp generation device in mobile phone and generation method |
| US8359630B2 (en) * | 2007-08-20 | 2013-01-22 | Visa U.S.A. Inc. | Method and system for implementing a dynamic verification value |
-
2009
- 2009-12-17 SG SG2011044435A patent/SG172224A1/en unknown
- 2009-12-17 CA CA2747249A patent/CA2747249A1/en not_active Abandoned
- 2009-12-17 CN CN200980151333.1A patent/CN102301384A/en active Pending
- 2009-12-17 WO PCT/ZA2009/000111 patent/WO2010071904A2/en active Application Filing
- 2009-12-17 EP EP09813865A patent/EP2380122A2/en not_active Withdrawn
- 2009-12-17 AU AU2009327344A patent/AU2009327344A1/en not_active Abandoned
-
2011
- 2011-01-31 ZA ZA2011/00774A patent/ZA201100774B/en unknown
Also Published As
| Publication number | Publication date |
|---|---|
| CN102301384A (en) | 2011-12-28 |
| AU2009327344A1 (en) | 2011-07-21 |
| ZA201100774B (en) | 2011-10-26 |
| WO2010071904A9 (en) | 2010-11-11 |
| EP2380122A2 (en) | 2011-10-26 |
| CA2747249A1 (en) | 2010-06-24 |
| WO2010071904A2 (en) | 2010-06-24 |
| WO2010071904A3 (en) | 2010-08-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107925572B (en) | Secure binding of software applications to communication devices | |
| US20190172048A1 (en) | Security system incorporating mobile device | |
| RU2427917C2 (en) | Device, system and method to reduce time of interaction in contactless transaction | |
| KR101236957B1 (en) | System for paying credit card using mobile otp security of mobile phone and method therefor | |
| US9984371B2 (en) | Payment de-tokenization with risk evaluation for secure transactions | |
| EP2332092B1 (en) | Apparatus and method for preventing unauthorized access to payment application installed in contactless payment device | |
| AU2012265824B2 (en) | A transaction system and method for use with a mobile device | |
| US20150287031A1 (en) | Methods and apparatus for card transactions | |
| US20150332261A1 (en) | Method for mutual authentication for payment device | |
| US20190362341A1 (en) | Binding cryptogram with protocol characteristics | |
| JP7345509B2 (en) | System and method for secure read-only authentication | |
| US11432155B2 (en) | Method and system for relay attack detection | |
| SG172224A1 (en) | Security measures for credit card | |
| CA3047954A1 (en) | Method for carrying out a transaction, corresponding terminal, server and computer program | |
| van den Breekel et al. | A security evaluation and proof-of-concept relay attack on dutch emv contactless transactions | |
| RU2736507C1 (en) | Method and system for creating and using trusted digital image of document and digital image of document created by this method | |
| EP3937454A1 (en) | Secure end-to-end pairing of secure element to mobile device | |
| KR20120075588A (en) | System for paying credit card using internet otp security of mobile phone and method therefor | |
| Ion et al. | Don’t trust POS terminals! Verify in-shop payments with your phone | |
| AU2016253607B2 (en) | Apparatus and method for preventing unauthorized access to application installed in a device | |
| Barisani et al. | Practical EMV PIN interception and fraud detection |