The pay card (PC) is a generalizing term, which denotes all kinds of plastic or other cards, including debit cards, credit cards, front money cards, international cards, virtual cards. According to the production technology pay cards can be subdivided into: magnetic stripe cards, smartcards, non-contact cards, combined magnetic smartcards.
The Pay Card Holder is a physical or legal body in whose name the PC is emitted on terms provided for in the reciprocal liabilities with the Organization. The circulation of PCs involves the convenience and efficiency of their use while drafting, payment for merchandise and services.
Since the PC protection is not sufficient at present the number of abuses and frauds committed by unauthorized persons has increased. One of the most wide-spread means of fraud is production of a PC copy or “doublet”.
A PC copy can be produced by obtaining the known protection elements by dishonest employees of financial institutions where the PC Holder performs operations involving payments for merchandise and services. The level of modern technology development provides opportunities for producing a PC copy or “doublet” without having to spend considerable amounts of time and finance.
At present there is a large number of methods, devices, systems for additional PC protection. The most wide-spread techniques of additional PC protection are:
- techniques involving additional protection elements directly on the PC. Thus, Invention application No. PCT/FR2004/002676 offers perforation directly on the PC, which is an element of additional protection. Patent No. US 5317636 offers installation of an electronic scheme which will perform the function of additional protection directly on the PC;
- techniques involving additional installation of identification cards on a mobile phone (see Invention application No. PCT/FR2000/000412). The identification card installed on a mobile phone transmits the information of the PC while payment for merchandise and services is being carried out;
- techniques imposing limits on the amount of financial means and the time of their usage (see Patents No. US 5326906, No. US 5326960, No. US 7136835).
Previously offered PC additional protection methods have considerable shortcomings: there is a way of unauthorized access to the PCs or their copies, the need for changing the current standards, high financial costs involved in the installation of information read-out devices for additional protection in automatic teller machines and payment terminals, absence of opportunity to perform charge operations exceeding the prescribed limits.
The PC additional protection system has been developed and tested successfully in Kharkiv, Ukraine (Invention application No. 2007 05348 from April 3, 2007 “Secure Charge Operations Technique Using Pay Cards and the System for Its Realization”).
The gist of the invention is as follows: we offer to deactivate the PC with the purpose of increasing its additional protection. Before charge operations are performed the PC Holder activates the PC. At the same time the PC activation is carried out through the identification of the SMS sent from the Holder’s mobile phone to one of the Control Center’s (CC) telephone numbers which contains: the command, the mobile phone number, the PC Holder’s e-signature. After the charge operations are completed the PC is deactivated either automatically or by the PC Holder.
The merits of this invention are: impossibility of usage of the PC or their doublets by unauthorized persons, minimal financial expenses, connected with the invention implementation, no necessity to change the current standards, no influence on the security of payment systems, availability of the PC additional protection elements, easy operation.
The PC remains deactivated which provides no opportunity to carry out any charge operations. In order to activate the PC unauthorized persons are supposed to obtain information about the PC Holder’s mobile phone number, the Control Center’s telephone number, to which the SMS should be sent, about the content of the e-signature, and they are also supposed to produce the SIM card doublet. The presence of the additional protection elements of the mobile phone number, of the Control Center telephone number, e-signature and also the absence of information considering PC details in the information exchange, decreases the possibility of the PC activation by unauthorized persons.
The participants of the information exchange (the bank, the CC, the communication operator) don’t have sufficient information to activate the PC, which decreases the possibility of abuses by the employees of these organizations.
The system contains:
100. The Operating Center (OC);
101. The OC central processing unit;
102. The OC commands database;
103. The OC keys database;
104. The OC codes database;
105. The OC identification number;
106. The OC timing device;
107. The pay cards control system;
108. The OC data exchange means;
200. The Control Center (CC);
201. The CC data exchange means;
202. The CC central processing unit;
203. The CC commands database;
204. The CC codes database;
205. The CC identification number;
206. The authorization database;
207. The OC telephone numbers database;
208. The CD telephone numbers database;
209. The e-signatures database;
210. The CC timing device;
211. The random-number generator;
212. The printing means;
300. The communication operator;
400. The communication device.
The control center (200) carries out the formation of the code-converters. The legal body of the CC (200) makes the contract with banks on the PC link-up with the system of secure charge operations fulfillment. Then the CC (200) provides banks with the code-converters and also customizes the system.
The bank informs the PC Holder about the PC additional protection. The PC Holder concludes an agreement on the usage of this method, and then he is provided with the code-envelope containing identification number public information and code restricted information. The bank operator forms a key for the PC control, and besides while key formation there are no mathematics or other dependence on card-account, the PC’s and the Holder’s details. The bank operator transfers the PC to the passive conditions. The PC Holder using the code carries out the registration of mobile phone number, e-signature in the control center’s database.
Before the fulfillment of the charge operation the PC Holder activates the PC, for what the PC Holder forms SMS in the following format: (order – e-signature) and with the help of the mobile phone (400) sends it to the CC (200) trough the OC (300). The OC (300) identifies the mobile phone number (400) and transfers the SMS to the CC (200). The control center carries out identity check of the SMS data, and then the PC is activated and the PC Holder receives the SMS about the PC activation on his mobile phone (400). On the fulfillment of the charge operation the PC is being automatically deactivated.
The PC additional defense system through the mobile operator has an opportunity to carry out the registration and deletion of all numbers used by the PC Holder, the registration and deletion of the e-signature, to carry out the control of attempts to activate the PC by strange persons, PC blocking.
The PC Holder’s mobile phone number and e-signature registration trough the mobile operator prevents the possibility of obtaining by unauthorized persons the necessary data for the PC activation.
It is obvious that this invention is not limited by the concrete variants set forth above and could be used for the increase of the additional protection of: current accounts, electronic locks, access to the Internet recourses etc.
In this connection, in line with this invention, the PC can imply various types of accounts, electronic locks, electronic systems which have authorized access and if there is a necessity of limitation unauthorized persons’ access. With the aim to fulfill the additional protection of other systems and devices it is necessary to replace the pay cards control system (107) by: accounts control system, electronic locks control system, electronic systems control system etc.
This invention has large information content (the invention formula, problem definition, algorithms, graphics, system operation description etc.), that is why it is not possible to provide detailed information in this article.
For more information please contact usPrint