WO2019110972A1 - Mesures anti-fraude par rapport à des chèques - Google Patents
Mesures anti-fraude par rapport à des chèques Download PDFInfo
- Publication number
- WO2019110972A1 WO2019110972A1 PCT/GB2018/053503 GB2018053503W WO2019110972A1 WO 2019110972 A1 WO2019110972 A1 WO 2019110972A1 GB 2018053503 W GB2018053503 W GB 2018053503W WO 2019110972 A1 WO2019110972 A1 WO 2019110972A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- cheque
- data
- key
- computer
- validation
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/06009—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/04—Payment circuits
- G06Q20/042—Payment circuits characterized in that the payment protocol involves at least one cheque
- G06Q20/0425—Payment circuits characterized in that the payment protocol involves at least one cheque the cheque being electronic only
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/08—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code using markings of different kinds or more than one marking of the same kind in the same record carrier, e.g. one marking being sensed by optical and the other by magnetic means
- G06K19/10—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code using markings of different kinds or more than one marking of the same kind in the same record carrier, e.g. one marking being sensed by optical and the other by magnetic means at least one kind of marking being used for authentication, e.g. of credit or identity cards
- G06K19/14—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code using markings of different kinds or more than one marking of the same kind in the same record carrier, e.g. one marking being sensed by optical and the other by magnetic means at least one kind of marking being used for authentication, e.g. of credit or identity cards the marking being sensed by radiation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/04—Payment circuits
- G06Q20/042—Payment circuits characterized in that the payment protocol involves at least one cheque
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3827—Use of message hashing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/0806—Details of the card
- G07F7/0813—Specific details related to card security
- G07F7/082—Features insuring the integrity of the data on or in the card
Definitions
- the present invention is concerned with measures to be taken to enable detection of attempted fraud in relation to cheques.
- Cheque fraud is, and has long been, a major issue for the cheque clearing system.
- Fraudsters are known to tamper with cheques in a variety of ways in order to try to obtain improper payments from banks. This may for example involve theft of bona fide cheques which are then fraudulently infilled and signed prior to presentation to a bank. Tampering with a cheque covers both forgery of the cheque itself and illicit alteration of a genuine cheque's information content.
- cheques can be altered for fraudulent purposes. For example, by altering the payee on a completed cheque, the fraudster may divert payment into its own account. This type of tampering often involves adding characters to the end of the payee name. By altering the amount, the fraudster may obtain a larger payment than it is entitled to.
- the UK clearing system is currently reliant on exchange of paper cheques, (although some images are currently exchanged, but not to the exclusion of the exchange of paper) and it is planned that it will move to use of scanned cheque images in the near future, the paper cheque being discarded once it has been scanned.
- the limited image resolution also limits the amount of data that can be encoded in machine-readable form, which can be problematic if the payee name is a long one, especially as fraud often involves adding characters at the end of the payee name, so that it is desirable to avoid truncating the name if possible.
- a cheque there are (a) a cheque, (b) a method of analysis of a cheque and (c) a computer-implemented method of generating a cheque according to the appended claims.
- the cheque 10 represented in Figure 1 comprises a thin rectangular substrate which is paper in this example although it could in principle comprise some other suitable material, subject to applicable regulations in the relevant country.
- Printed upon the cheque in human-readable form (natural language) are certain items of cheque data which will be common to multiple cheques issued by a given drawer:-
- a number line comprising the bank branch sort code 16 and the drawer's bank account number 18.
- these are printed in magnetic ink, in a font which is suited to reading by MICR (magnetic ink character recognition) (the number line also includes a cheque serial number 22, which of course varies from one cheque to the next);
- the identity 20 of the drawer This is an example of a corporate cheque where the identity is often included in this or a similar position. A personal cheque will not show this, only by reference to an account name adjacent to the signature position. Additionally the cheque 10 includes "variable" human-readable printed cheque data which will vary from one cheque to another issued by a given drawer:-
- the cheque 10 additionally carries a machine-readable marking 34 which, in the present exemplary embodiment, is:-
- optically readable In the present embodiment it is visible to the naked eye, although in principle it could be detectable only by use of detectors operating at different electromagnetic frequencies.
- optical in this context refers to techniques involving light, but not necessarily light in the visible part of the electromagnetic spectrum. For instance cheque clearing can involve imaging the cheque using a UV sensitive detector, and the marking 34 could use UV visible ink;
- the marking 34 may be essentially unreadable by humans. It could take the form of a bar code, for instance, but in the present embodiment it comprises a 2D response code of the type commonly referred to as a QR Code, which is an abbreviation for "Quick Response code” and is a registered trade mark of Denso Wave Incorporated. Such codes are of course well known in themselves to the skilled person. Software for their generation is open source and is widely available. The present invention may be implemented using other 2D response codes or using other printable codes which are optically readable and able to be interpreted by computer system;
- the marking 34 represents in encrypted form a subset of the cheque data which is also printed in human-readable form on the cheque.
- the data encrypted in the marking 34 includes both "fixed” cheque data common to multiple cheques from the same drawer and "variable" cheque data which is expected to vary from one cheque to another. Specifically it includes the drawer's account number and sort code, the cheque number, date, amount payable and payee name. A different selection of data may be used in other embodiments of the present invention.
- the marking 34 also includes a key, whose creation and function will be explained below.
- the data represented in the marking 34 will be referred to below as "the validation data", regardless of the form in which it is represented.
- the validation data is, in the present embodiment, represented in a machine-readable, encrypted form in the marking 34. It is also printed in human-readable form on the cheque.
- the important items of information can thus be read from the image in two different ways - by machine reading of the human-readable data 12 - 30 and by reading and decryption of the marking 34.
- a discrepancy between the two may be indicative of attempted fraud and may lead to rejection of the cheque.
- the marking 34 should be encrypted in a manner which is difficult for potential malfeasors to break. That is, it should be difficult or impossible for malfeasors to infer from a study of valid cheques how the encryption is carried out, in order to carry out the same process themselves.
- part of the cheque data which is printed in human-readable form on the cheque is used to generate a key used in encrypting the validation data prior to its representation in the marking 34.
- the key is needed in order to decrypt the validation data.
- the cheque data used to generate the key (“the key generation data") can in principle be taken from any of the fixed cheque data 12-20 and/or the variable cheque data 22 - 30 written upon the cheque in human-readable form. It is preferred however that it includes variable cheque data, so that different cheques will have different keys. Of course it is possible that two or more cheques may be issued which have identical variable data in some fields, as for example where two cheques are made out to the same payee for the same amount.
- the cheque number is in the present embodiment included in the key generation data. It is not expected that two cheques from the same drawer will be issued with the same cheque number, so in this way it can be ensured that the key generation data is unique for each cheque.
- An alternative would be to include at least the closing digit or digits of the cheque number, making any duplication of the key generation data improbable although not necessarily impossible.
- the key generation data also includes digits of the legal amount 26 and characters taken from the payee name 24.
- the key generation data may omit the legal amount and the payee name.
- the key generation data is in some embodiments drawn only from data represented in the number line, which is easily machine readable.
- the key generation data is hashed to generate the key itself. Suitable hashing functions are well known to the skilled person.
- the key will typically be a character string which is shorter than the key generation data from which it is derived.
- the aforementioned validation data can be assembled in a character string to be supplied to the encryption algorithm.
- the string is of a fixed length of the order of 100 to 200 characters.
- Some fields of the validation data, such as the account number and sort code, are of fixed length.
- the amount payable and the payee name are strings of variable length. If they are especially long, e.g. because the payee has a long name, then the entire validation data set may be too long to fit in the available string length. In this case the validation data is truncated to fit in the string length.
- truncation is not applied first to the payee name, since it is desirable to include it in full if at all possible given that fraud often involves inserting extra characters at the end of the payee name, making it important to be able to detect tampering of that sort.
- other parts of the validation data are truncated, according to a predetermined order of preference, and the payee name itself is truncated only if necessary after those other parts of the data have been truncated as far as possible.
- the character string includes field delimiter characters to enable it to be parsed despite some parts of the string being of variable length. For example, delimiter characters may mark the beginning and end of the amount payable field, and the beginning and end of the payee field.
- Data fields of normally fixed length may be grouped together, with a field delimiter character at their end.
- the number of characters removed in the truncation can be determined by determining how far from its usual position the relevant string delimiter character has moved. Which specific characters have been removed in the truncation process can be determined by reference to the known order of preference.
- the character string is encrypted using the aforementioned key and converted to form the marking 34.
- the marking 34 takes the form of a QR code in the present embodiment. Testing has confirmed that following imaging of the cheque for the purposes of an image based cheque clearing system, a QR code containing the validation data remains readable to an acceptably low degree of error.
- QR codes have what is referred to as an error correction level.
- a code with a high error correction level is more reliably readable than one with a lower level. But for a given number of pixels in the QR code, the data carrying capacity decreases as the error correction level increases.
- the length of the character string made up of the validation data varies from cheque to cheque according to the length of the payee name and of the amount payable.
- the present embodiment provides for the error correction level to be set with reference to the length of the string of validation data, a higher correction level being set if the string is short and a lower correction level being set if the string is long.
- the marking 34 can be generated in a software package used to generate and print cheques. Such packages (albeit lacking the ability to generate and apply the marking 34 in accordance with the present invention) are widely available and used by a range of organisations that have a need to issue cheques in quantities.
- the marking may in other embodiments be generated elsewhere, e.g. in a remote server which could be cloud based.
- the cheque image Before funds are exchanged, the cheque image will also be subject to tests intended to determine whether it has been forged or tampered with. Such tests are, in the present embodiment of the invention, carried out in the clearing system itself, as a service to the banks, and include an authentication process carried out using the marking 34.
- the authentication process comprises several steps.
- the key In order to decrypt the marking 34, the key must be reconstructed from the human-readable data on the cheque image. This data is obtained by reading the image using OCR, and also by M ICR reading of the number line. The key generation data can then be selected from the data read from the cheque, and hashed using the known algorithm to reconstruct the key.
- the marking 34 is read from the cheque image in known manner. Using the reconstructed key, its data content can then be decrypted to reconstruct the character string containing the validation data. The character string is then parsed and its data content compared with the data read from the cheque by OCR/MICR.
- the validation process should be resistant to errors, be they false negatives or false positives.
- Known OCR techniques are not in themselves sufficiently error free for this purpose. But there is a statistical pattern to the errors made in OCR. For example some characters are difficult to distinguish and hence prone to be mistaken one for another. Because the present process involves comparing one known string against another, it is can be configured to be tolerant of certain OCR errors and so to avoid many false positives that might otherwise occur. For example, it may be that "o" is commonly misread as "c" in OCR.
- the system may be configured to ignore the discrepancy, or for example to ignore a certain proportion of such discrepancies before indicating a problem with the cheque.
- the marking 34 also provides resistance to simple errors in reading of the cheque which might otherwise result in transactions being wrongly processed.
- the aforegoing embodiments are presented by way of example and not limitation. Any number of variants and alternative embodiments are possible without departing from the scope of the invention as expressed in the appended claims.
- the marking 34 is a QR code in the specific embodiment, but various other computer readable codes exist and the marking may take any suitable alternative form.
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Accounting & Taxation (AREA)
- Theoretical Computer Science (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Character Discrimination (AREA)
Abstract
L'invention concerne la détection de fraude par rapport aux chèques. Elle est applicable notamment dans un système de compensation de chèque mis en œuvre à l'aide d'images numériques de chèques. Un chèque selon l'invention présente des marquages visibles (12 – 30) représentant en langage naturel des données de chèque comprenant des détails d'un paiement à effectuer auprès d'un bénéficiaire, ainsi qu'un marquage lisible par ordinateur (34) qui représente sous forme cryptée des données de validation qui comprennent des données de chèque sélectionnées. Les données de validation sont chiffrées au moyen d'une clé construite à partir de données de génération de clé qui comprennent des données de chèque représentées dans lesdits marquages visibles.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB1720503.0 | 2017-12-08 | ||
GB1720503.0A GB2569173B (en) | 2017-12-08 | 2017-12-08 | Anti-fraud measures in relation to cheques |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2019110972A1 true WO2019110972A1 (fr) | 2019-06-13 |
Family
ID=61007113
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/GB2018/053503 WO2019110972A1 (fr) | 2017-12-08 | 2018-12-04 | Mesures anti-fraude par rapport à des chèques |
Country Status (2)
Country | Link |
---|---|
GB (1) | GB2569173B (fr) |
WO (1) | WO2019110972A1 (fr) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US12039504B1 (en) * | 2023-09-13 | 2024-07-16 | U.S. Bank National Association | Mobile check deposit |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5341428A (en) * | 1992-01-30 | 1994-08-23 | Gbs Systems Corporation | Multiple cross-check document verification system |
US6073121A (en) * | 1997-09-29 | 2000-06-06 | Ramzy; Emil Y. | Check fraud prevention system |
US20020164021A1 (en) * | 1996-03-01 | 2002-11-07 | Sandru Calin A. | Apparatus and method for enhancing the security of negotiable instruments |
US20020184152A1 (en) * | 1999-06-30 | 2002-12-05 | Martin David A. | Method and device for preventing check fraud |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB201301787D0 (en) * | 2013-02-01 | 2013-03-20 | Communisis Plc | Fraud prevention measures |
-
2017
- 2017-12-08 GB GB1720503.0A patent/GB2569173B/en active Active
-
2018
- 2018-12-04 WO PCT/GB2018/053503 patent/WO2019110972A1/fr active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5341428A (en) * | 1992-01-30 | 1994-08-23 | Gbs Systems Corporation | Multiple cross-check document verification system |
US20020164021A1 (en) * | 1996-03-01 | 2002-11-07 | Sandru Calin A. | Apparatus and method for enhancing the security of negotiable instruments |
US6073121A (en) * | 1997-09-29 | 2000-06-06 | Ramzy; Emil Y. | Check fraud prevention system |
US20020184152A1 (en) * | 1999-06-30 | 2002-12-05 | Martin David A. | Method and device for preventing check fraud |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US12039504B1 (en) * | 2023-09-13 | 2024-07-16 | U.S. Bank National Association | Mobile check deposit |
Also Published As
Publication number | Publication date |
---|---|
GB201720503D0 (en) | 2018-01-24 |
GB2569173B (en) | 2020-02-19 |
GB2569173A (en) | 2019-06-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6212504B1 (en) | Self-authentication of value documents using encoded indices | |
US20060210138A1 (en) | Verification of authenticity of check data | |
US6195452B1 (en) | Method of authenticating negotiable instruments | |
US6170744B1 (en) | Self-authenticating negotiable documents | |
RU2370377C2 (ru) | Не поддающиеся подделке и фальсификации этикетки со случайно встречающимися признаками | |
US20090261158A1 (en) | Authentication of cheques and the like | |
US6073121A (en) | Check fraud prevention system | |
RU2470361C2 (ru) | Засекреченный штрихкод | |
US20030056104A1 (en) | Digitally watermarking checks and other value documents | |
US20060015733A1 (en) | Process and system for the material reduction of counterfeit and identity-maker fraud | |
EP2237546B1 (fr) | Dispositif et processus de protection de document numérique, et processus correspondant pour vérifier l'authenticité d'une copie papier imprimée | |
US20020067827A1 (en) | Method for preventing check fraud | |
CN112534775B (zh) | 数字文件防伪保护 | |
WO2006092626A1 (fr) | Traçabilite et authentification de papier infalsifiable | |
US20050273628A1 (en) | Registration and Verification System | |
US11363164B2 (en) | Method and system for automatically verifying the authenticity of documents | |
CN110517049A (zh) | 一种基于二维码及区块链的票据防伪识别方法与装置 | |
US20070088953A1 (en) | Method of preparing a document so that it can be authenticated | |
WO2019110972A1 (fr) | Mesures anti-fraude par rapport à des chèques | |
KR20160026387A (ko) | Oid 코드 패턴을 구비하는 유가 증권 및 그를 이용한 위변조 방지 시스템 및 방법 | |
RU2684498C2 (ru) | Способ сертификации и аутентификации защищенных документов на основании результата измерения отклонений относительного положения в различных процессах, вовлеченных в изготовление таких защищенных документов | |
RU2165643C1 (ru) | Способ подтверждения подлинности информации | |
US20060092476A1 (en) | Document with user authentication | |
CN1588435A (zh) | 防伪票据处理*** | |
WO2014102707A1 (fr) | Procédé de réalisation d'un chèque de banque et chèque de banque réalisé avec ledit procédé |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 18819461 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 18819461 Country of ref document: EP Kind code of ref document: A1 |