WO2010046911A2 - A method and system of financial instrument authentication in a communication network - Google Patents

A method and system of financial instrument authentication in a communication network Download PDF

Info

Publication number
WO2010046911A2
WO2010046911A2 PCT/IN2009/000535 IN2009000535W WO2010046911A2 WO 2010046911 A2 WO2010046911 A2 WO 2010046911A2 IN 2009000535 W IN2009000535 W IN 2009000535W WO 2010046911 A2 WO2010046911 A2 WO 2010046911A2
Authority
WO
WIPO (PCT)
Prior art keywords
financial instrument
transaction
mobile communication
communication identifier
user
Prior art date
Application number
PCT/IN2009/000535
Other languages
French (fr)
Other versions
WO2010046911A3 (en
Inventor
Sanjay Swamy
Bharavi Gade
Original Assignee
Mchek India Payment System Pvt. Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mchek India Payment System Pvt. Ltd. filed Critical Mchek India Payment System Pvt. Ltd.
Publication of WO2010046911A2 publication Critical patent/WO2010046911A2/en
Publication of WO2010046911A3 publication Critical patent/WO2010046911A3/en

Links

Classifications

    • AHUMAN NECESSITIES
    • A61MEDICAL OR VETERINARY SCIENCE; HYGIENE
    • A61KPREPARATIONS FOR MEDICAL, DENTAL OR TOILETRY PURPOSES
    • A61K36/00Medicinal preparations of undetermined constitution containing material from algae, lichens, fungi or plants, or derivatives thereof, e.g. traditional herbal medicines
    • A61K36/18Magnoliophyta (angiosperms)
    • A61K36/185Magnoliopsida (dicotyledons)
    • A61K36/53Lamiaceae or Labiatae (Mint family), e.g. thyme, rosemary or lavender
    • AHUMAN NECESSITIES
    • A61MEDICAL OR VETERINARY SCIENCE; HYGIENE
    • A61KPREPARATIONS FOR MEDICAL, DENTAL OR TOILETRY PURPOSES
    • A61K36/00Medicinal preparations of undetermined constitution containing material from algae, lichens, fungi or plants, or derivatives thereof, e.g. traditional herbal medicines
    • A61K36/18Magnoliophyta (angiosperms)
    • A61K36/185Magnoliopsida (dicotyledons)
    • A61K36/55Linaceae (Flax family), e.g. Linum
    • AHUMAN NECESSITIES
    • A61MEDICAL OR VETERINARY SCIENCE; HYGIENE
    • A61KPREPARATIONS FOR MEDICAL, DENTAL OR TOILETRY PURPOSES
    • A61K36/00Medicinal preparations of undetermined constitution containing material from algae, lichens, fungi or plants, or derivatives thereof, e.g. traditional herbal medicines
    • A61K36/18Magnoliophyta (angiosperms)
    • A61K36/185Magnoliopsida (dicotyledons)
    • A61K36/80Scrophulariaceae (Figwort family)
    • AHUMAN NECESSITIES
    • A61MEDICAL OR VETERINARY SCIENCE; HYGIENE
    • A61KPREPARATIONS FOR MEDICAL, DENTAL OR TOILETRY PURPOSES
    • A61K36/00Medicinal preparations of undetermined constitution containing material from algae, lichens, fungi or plants, or derivatives thereof, e.g. traditional herbal medicines
    • A61K36/18Magnoliophyta (angiosperms)
    • A61K36/88Liliopsida (monocotyledons)
    • A61K36/906Zingiberaceae (Ginger family)
    • A61K36/9068Zingiber, e.g. garden ginger
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3221Access to banking information through M-devices

Definitions

  • This present disclosure relates to a system for processing financial transactions. More specifically, the disclosure relates to authentication of ownership of a financial instrument over a communication network.
  • This invention seeks to address some or all the above mentioned problems by providing an authentication method and process for the linking of a card or account to a mobile phone and authenticating the identity and ownership of that card or account by the user.
  • the invention seeks to introduce a mechanism at least partly to automate these processes rather than relying on existing manual verification and authentication processes.
  • Figure 1 is a block diagram illustrating a method for authentication of a financial transaction according to an embodiment of the invention
  • Figure 2 is a block diagram illustrating an alternative method for authenticating of a financial transaction in accordance to an embodiment of the invention
  • FIG. 3 is a schematic illustration of an authentication system in accordance with an embodiment of the invention.
  • the invention relates to a method of linking a financial instrument to a mobile communication identifier at an authentication system comprising receiving at the authentication system from a user of the financial instrument details of the financial instrument along with details of the mobile communication identifier to which the financial instrument is to be linked; carrying out a financial transaction on the financial instrument for an amount and on receiving transaction authorization storing details of the authorized transaction in a database of the authentication system; receiving transaction information from the user of the financial instrument, the transaction information obtained by the user from the provider of the financial instrument; comparing the transaction information received from the user with the transaction details stored in the database; and linking the financial instrument to the mobile communication identifier on the transaction information received from the user matching the transaction information stored in the database.
  • the invention also relates to a method of linking a financial instrument to a mobile communication identifier at an authentication system comprising receiving at the authentication system from a user of the financial instrument details of the financial instrument along with details of the mobile communication identifier to which the financial instrument is to be linked; carrying out a financial transaction on the financial instrument at the bank for the authentication system for an amount; authorizing the transaction at the bank for the provider of the financial instrument and on receiving transaction authorization storing details of the authorized transaction in a database of the authentication system; the authentication system transmitting to the bank for the provider of the financial instrument transaction information and details of the mobile communication identifier; authenticating the mobile communication identifier at the bank for the provider of the financial instrument; and linking the financial instrument to the mobile communication identifier on receiving an authentication of the mobile communication identifier from the bank for the provider of the financial instrument and storing the mobile communication identifier as verified.
  • the invention also provides for an authentication system for linking a financial instrument to a mobile communication identifier comprising an interface for receiving from a user of the financial instrument details of the financial instrument along with details of the mobile communication identifier to which the financial instrument is to be linked; a switch for communicating with the provider of the financial instrument to authenticate the transaction and to receive transaction authorization; an authentication processor for carrying out a financial transaction on the financial instrument for an amount through the switch; and a database for storing details of an authorized transaction for a user; wherein the interface is also configured to receive transaction information from the user of the financial instrument, the transaction information obtained by the user from the provider of the financial instrument; and the authentication processor also configured to compare the transaction information received from the user with the transaction details stored in the database and to link the financial instrument to the mobile communication identifier on the transaction information received from the user matching the transaction information stored in the database.
  • modules may be implemented as a hardware circuit comprising custom very large scale integration circuits or gate arrays, off-the-shelf semiconductors such as logic, chips, transistors, or the other discrete components.
  • a module may also be implemented in programmable hardware devices such as field programmable gate arrays, programmable array logic, programmable logic devices or the like.
  • Modules may also be implemented in software for execution by various types of processors.
  • An identified module of executable code may, for instance, comprise one or more physical or logical blocks of computer instructions which may, for instance, be organised as an object, procedure, or function. Nevertheless, the executables of an identified module need not be physically located together, but may comprise disparate instructions stored in different locations which, when joined together, comprise the module and achieve the started purpose for the module.
  • a module of executable code could be a single instruction, or many instructions, and may even be distributed over several different code segments, among different programs, and across several memory devices.
  • operational data may be identified and illustrated herein within modules, and may be embodied in any suitable form and organised within any suitable type of data structure. The operational data maybe collected as a single data set, or may be distributed over different locations including over different member disks, and may exist, at least partially, merely as electronic signals on a system or network.
  • an "authorisation code” is a code that is representative of a transaction and is often essential to allow a transaction to be completed;
  • a "cardholder” is a user in possession of a credit / debit / prepaid / stored value card linked to a financial account with a financial institution; whereas an “account holder” refers to a user with an account with a financial institution;
  • An authorization system is a third-party independent institution facilitating financial transactions over a communication network; an "acquiring bank” is the financial institution that processes payments for the products or services on behalf of a merchant; an “issuer bank” is a financial institution that provides the financial instrument to the "cardholder” and authorizes payments on this financial instrument .
  • a financial instrument such as. credit or debit or prepaid or stored value card or a bank account
  • a method and system of authenticating ownership of a financial instrument over a communication network is discussed.
  • the method provides for authenticating the ownership of a financial instrument such as a credit or debit or prepaid or stored value card or even a bank account and linking the same to a mobile communication identifier at a third party authentication system.
  • the authentication system On receiving a user request to link a financial instrument with a mobile communication identifier such as a mobile number, the authentication system carries out a transaction on the financial instrument, details of which are accessible to the authenticated owner of the financial instrument.
  • the user is required to provide details of this transaction to the authentication system in order to authenticate ownership. Once the ownership of the financial instrument is established, the same is linked to the mobile number of the user with a verified status, and the user may carry out subsequent transactions on the mobile number using the authenticated financial instrument linked to it.
  • the mobile communication identifier such as a mobile number or device number is pre-registered with the authentication system.
  • the ownership of the mobile communication identifier may be checked by way of physical checks or in the manner as described herein.
  • the authentication system may be an independent institution facilitating transactions over a communication channel.
  • the authentication system may be a Financial Institution, a Biller, a service provider, etc.
  • the authentication system may be linked with a bank, to authenticate and verify users and transactions on behalf of the bank.
  • a method of authenticating ownership of a card is illustrated in figure 1.
  • a cardholder submits the financial instrument details such as the card number, date of expiry, card verification code and /or card PIN and registers a financial instrument.
  • This financial instrument is to be linked to a mobile communication identifier such as but not limited to a mobile phone number.
  • the details of such a mobile communication device are also provided by the cardholder to the authentication system.
  • the authentication system carries out a transaction on the financial instrument (as indicated by step 2) and receives a transaction confirmation from the bank (as indicated by step 3).
  • the cardholder is required to access details of this transaction from the bank (as indicated by step 4a) and submit the same to the authentication system (as indicated by step 5) in order to confirm ownership of the financial instrument.
  • This transaction may be in the form of an authorisation request.
  • the issuer bank sends the transaction details to the registered mobile phone number for that cardholder (as indicated by step 4b).
  • the cardholder in turn submits or forwards these details to the authentication system (as indicated by step 5).
  • the authentication system does not submit the mobile phone number registered with it to the bank at the time of the transaction, while the bank sends the transaction details to the registered mobile phone number, the submission of the transaction details by a cardholder validates the ownership of the financial instrument as well as the mobile phone number.
  • the transaction carried out by the authentication system may be for a random or fixed amount.
  • the transaction may also be a complete (i.e. settled) transaction where the cardholder is charged or an incomplete (i.e. authorized but not settled) transaction where the transaction is held pending.
  • the transaction amount could be a small amount of Rs. 1 or Rs. 2 and should be enough to ensure infrastructure recognition and acceptance of the individual authorizations but not so much as to unnecessarily, though temporarily, burden the account.
  • one or more such authorization transactions may be carried out and the cardholder is required to submit details of such transactions.
  • the total amount of such transactions may be any amount again so long as the account is not unnecessarily burdened.
  • the purpose is to randomize the total amount of transactions so as to preclude a fraudulent cardholder from guessing at the verification information.
  • the randomly selected amount of the transaction therefore serves as temporary identification code to permit electronic, near-real-time verification of the cardholder as an authorized owner of the card.
  • the cardholder may access the transaction details either by logging into the bank's website, calling the bank and authenticating himself or other conventional means.
  • the bank may send a message to the registered mobile device of the cardholder with the transaction details.
  • the transaction details required for confirming ownership at the authentication system may include the transaction amount, the authorization code or any other transaction identifier. In the event of a fixed amount transaction, the authorization code or other transaction details may be used for verification.
  • an authorization code is a secret key, such as an alphanumeric string that is used for authentication the cardholder.
  • the cardholder is required to submit the transaction details from the mobile phone number which he has also registered with the authentication system. As the cardholder has successfully obtained the transaction details after due verification at the bank and has submitted details of the transaction to the authentication system, the ownership of the financial instrument is confirmed. In addition, if the cardholder submits the transaction details using the registered mobile communication identifier such as the mobile phone number, then the mobile phone number is also validated as belonging to the owner of the financial instrument.
  • the token transaction may be reversed after successful validation, if necessary. However, the token transaction may not need to be revered if it was only for authorization and no settlement information is sent.
  • the authentication system After successful validation of ownership of the financial instrument, the authentication system links the financial instrument to the mobile phone number, with a verified status and the cardholder may now carry out subsequent transactions using the mobile phone number.
  • the authentication system acts as the financial gateway for a mobile communication network and the cardholder is not required to independently submit his financial instrument details at each vendor.
  • a method of authenticating ownership of a card is illustrated in Figure 2.
  • a cardholder submits the financial instrument details such as the card number, date of expiry, card verification code and /or card PIN and registers a financial instrument (as indicated by step 1).
  • This financial instrument is to be linked to a mobile communication identifier such as but not limited to a mobile phone number.
  • the authentication system carries out a random transaction on the financial instrument of the cardholder (as indicated by step 2).
  • the cardholder's mobile number must be registered with the issuer bank.
  • the third-party bank referred to as the acquiring bank obtains the transaction request.
  • the acquiring bank In order to authorize the transaction, the acquiring bank in turn validates the transaction with the issuer bank, for card (as indicated by step 3).
  • the Issuer Bank verifies the transaction and if successfully authorised, issues the transaction details to the acquiring bank (as indicated by step 4).
  • the acquiring bank On receiving a validation from the issuer bank, the acquiring bank sends the transaction details to the authentication system (as indicated by step 5) and validates the transaction with the third-party.
  • the authentication system on completing a transaction with the bank and on receiving transaction details from the acquiring bank, sends the transaction details to the issuing bank along with the mobile phone number that was registered with it by the cardholder (as indicated by step 6).
  • the issuing bank is requested to confirm both the transaction details and the mobile phone number for that cardholder.
  • the cardholder On receiving a successful validation for the mobile phone number from the issuing bank, the cardholder is validated at the authentication system, with a verified status (as indicated by step T).
  • the mobile phone is also validated and the authentication system may mark the phone as well as the card as verified.
  • FIG. 3 illustrates an Authentication system 200 for authenticating ownership in accordance with an embodiment.
  • the Authentication System 200 includes an Interface 600, an Authentication Processor 700, a Database 800 and a Switch 900.
  • the database 800, Interface 600 and the switch 900 are controlled by the Authentication processor 700.
  • the Authentication System 200 receives information from the user including details of the financial instrument along with details of the mobile communication identifier to which the financial instrument is to be linked through the interface 600.
  • the interface 600 may be configured by a web module to permit users to log on to the authentication system. Alternatively, the interface 600 may be configured to receive user information from a mobile device.
  • the mobile device 100 is capable of communicating remotely over a communications network with the Authentication System 200 by means of an SMS, MMS, mobile modules, etc.
  • the interface 600 facilitates cross-platform communication between the authentication system and a mobile device.
  • the Interface 600 may include a security protocol that performs security related and data integrity related checks on the communication between the Authentication System 200 and the mobile communication network 100.
  • the security protocol may be SSL (Secure Socket Layer), TLS (Transport Layer Security), PPP (Point-to-Point protocol) or any other protocol known in the art.
  • the database 800 may hold user related details like mobile number, credit card details, CVV, expiry date of card, issuing bank details, etc.
  • the database may also hold transaction information including authorized transactions for a user.
  • the Authenticating processor 700 communicates with the database 800 to authenticate the cardholder and the financial instrument.
  • the switch 900 is an interface that assists the authentication system 200 to connect and exchange information with the Bank 300.
  • the switch 900 helps the authentication system 200 to communicate with the bank 300 to authenticate a card and a financial transaction.
  • the switch 900 may include a security protocol such as a Secure Socket Layer (SSL) or Virtual Private Network (VPN) protocol to confidently and securely communicate with the bank.
  • SSL Secure Socket Layer
  • VPN Virtual Private Network
  • Authentication Processor 700 helps in registering the cardholder and carries out a random transaction on the cardholder's card/ account.
  • the Authentication Processor 700 also authenticates and verifies the cardholder's ownership of the card/ account.
  • the Authentication Processor 700 controls the functioning of the authentication system 200 and communicates with the cardholder's mobile device 100 and the bank 300 with the help of the interface 600 and the switch 900 respectively.
  • the authentication processor is driven by an authentication module that is configured to execute a financial transaction on a financial instrument.
  • the authentication module is also configured to store the transaction authorization status received from the bank of the provider of the financial instrument and store it in the database.
  • the authentication module is also configured to compare the transaction information received from the provider of the financial instrument with the transaction information received from the user.
  • a cardholder 100 submits the financial instrument details such as the card number, date of expiry, card verification code and /or card PIN to the authentication system 200.
  • This financial instrument is to be linked to the cardholder's mobile phone number.
  • the details of such a mobile communication device are also provided by the cardholder to the authentication system.
  • the interface 600 receives the registration request and performs data security related checks on the incoming data.
  • the interface 600 forwards the registration request to the Authentication Processor 700.
  • the Authentication Processor 700 stores the registration details in the database 800 of the authentication system 200.
  • the Authentication Processor 700 registers the cardholder and the authentication module carries out a transaction on the financial instrument.
  • the transaction carried out may be for a random or fixed amount and the transaction amount could be a small amount of Rs. 1 or Rs. 2.
  • the Authentication Processor 700 sends an authentication request to the cardholder's bank 300 via a switch 800.
  • the Switch 800 enables cross platform communication between the authentication system 200 and the cardholder's bank 300.
  • the Authentication Processor 700 may initially send the authentication request to a merchant's bank (acquiring bank), in the case where the merchant's and the cardholder's bank (issuer's bank) is not same.
  • the Authentication Processor 700 receives a transaction confirmation from the bank via the switch 800.
  • the transaction confirmation may include an authorization code or transaction details sent by the bank 300.
  • the cardholder 100 obtains the details of this transaction from the bank 300 and submits the same to the authentication system 200 in order to confirm ownership of the financial instrument.
  • the cardholder may obtain the transaction details from the bank by logging on to his account or accessing his account by an interactive voice response system.
  • the user may send an SMS containing the transaction details to the authentication system 200 to confirm of ownership of the card.
  • the interface 600 checks the data integrity of the SMS and forwards the SMS to the Authentication Processor 700 for execution.
  • the Authentication Processor 700 checks the SMS sent by the user and matches with the details provided by the bank 300. If successfully matched, the bank verifies the ownership of the card.
  • the Authentication Processor 700 of the third-party system 200 does not submit the mobile phone number registered with it to the bank at the time of the conducting a transaction, while the bank sends the transaction details to the registered mobile phone number of the cardholder, the submission of the transaction details by the cardholder to the third-party system 200 validates the ownership of the financial instrument as well as the mobile phone number.
  • the mobile communication identifier is any device used for communication over a wireless communication network and includes a mobile phone, a smart phone, a Personal Digital Assistant (PDA) or a pager.
  • PDA Personal Digital Assistant
  • a method of linking a financial instrument to a mobile communication identifier at an authentication system comprising receiving at the authentication system from a user of the financial instrument details of the financial instrument along with details of the mobile communication identifier to which the financial instrument is to be linked; carrying out a financial transaction on the financial instrument for an amount and on receiving transaction authorization storing details of the authorized transaction in a database of the authentication system; receiving transaction information from the user of the financial instrument, the transaction information obtained by the user from the provider of the financial instrument; comparing the transaction information received from the user with the transaction details stored in the database; and linking the financial instrument to the mobile communication identifier on the transaction information received from the user matching the transaction information stored in the database.
  • a method wherein the transaction information is received from a mobile device comprising identifying the mobile communication identifier from which the transaction information is received and comparing the identified mobile communication identifier with the mobile communication identifier to which the financial instrument is to be linked.
  • a method further comprising marking the mobile communication identifier to which the financial instrument is to be linked as verified if the mobile communication identifier from which information is received is the same as the mobile communication identifier to which the financial instrument is to be linked.
  • a method as described above wherein the user obtaining the transaction information from the provider of the financial instrument comprises the user authenticating himself at the provider of the financial instrument to access a user account linked to the financial instrument.
  • a method as described above wherein the user obtaining the transaction information from the provider of the financial instrument comprises the provider of the financial instrument transmitting transaction information to the registered mobile device of the user.
  • a method of linking a financial instrument to a mobile communication identifier at an authentication system comprising receiving at the authentication system from a user of the financial instrument details of the financial instrument along with details of the mobile communication identifier to which the financial instrument is to be linked; carrying out a financial transaction on the financial instrument at the bank for the authentication system for an amount; authorizing the transaction at the bank for the provider of the financial instrument and on receiving transaction authorization storing details of the authorized transaction in a database of the authentication system; the authentication system transmitting to the bank for the provider of the financial instrument transaction information and details of the mobile communication identifier; authenticating the mobile communication identifier at the bank for the provider of the financial instrument; and linking the financial instrument to the mobile communication identifier on receiving an authentication of the mobile communication identifier from the bank for the provider of the financial instrument and storing the mobile communication identifier as verified.
  • An authentication system for linking a financial instrument to a mobile communication identifier comprising an interface for receiving from a user of the financial instrument details of the financial instrument along with details of the mobile communication identifier to which the financial instrument is to be linked; a switch for communicating with the provider of the financial instrument to authenticate the transaction and to receive transaction authorization; an authentication processor for carrying out a financial transaction on the financial instrument for an amount through the switch; and a database for storing details of an authorized transaction for a user; wherein the interface is also configured to receive transaction information from the user of the financial instrument, the transaction information obtained by the user from the provider of the financial instrument; and the authentication processor also configured to compare the transaction information received from the user with the transaction details stored in the database and to link the financial instrument to the mobile communication identifier on the transaction information received from the user matching the transaction information stored in the database.
  • a system as described above wherein the transaction information is received from a mobile device comprising the authentication processor configured to identify the mobile communication identifier from which the transaction information is received and compare the identified mobile communication identifier with the mobile communication identifier to which the financial instrument is to be linked.

Abstract

A method and system of linking a financial instrument to a mobile communication identifier at an authentication system id described comprising receiving at the authentication system from a user of the financial instrument details of the financial instrument along with details of the mobile communication identifier to which the financial instrument is to be linked; carrying out a financial transaction on the financial instrument for an amount and on receiving transaction authorization storing details of the authorized transaction in a database of the authentication system; receiving transaction information from the user of the financial instrument, the transaction information obtained by the user from the provider of the financial instrument; comparing the transaction information received from the user with the transaction details stored in the database; and linking the financial instrument to the mobile communication identifier on the transaction information received from the user matching the transaction information stored in the database.

Description

A Method and System of Financial Instrument Authentication in a Communication Network
This present disclosure relates to a system for processing financial transactions. More specifically, the disclosure relates to authentication of ownership of a financial instrument over a communication network. Background
In existing systems employed for the authorisation of financial transactions utilizing credit cards and debit cards, it is difficult to acquire a firm guarantee that the person initiating the financial transaction is authentic and authorised to conclude the financial transaction. Currently the processes employed by financial institutions e.g., banks do little more than guarantee the availability of funds in the account in issue. It is a process that provides no more than authorisation of the financial transaction after ensuring that funds are accessible to complete the financial transaction. However, these processes do not provide any means of authenticating the ownership of the financial instrument being used by the individual making the transaction.
Instances of fraud and charge-backs in mobile-based transactions are a constant concern, and validation of the mobile number in this regard is also useful. Banks and other financial institutions are still exploring the use of mobile commerce to allow their customers to not only access account information, but also make transactions, e.g. purchasing products and services, remitting money via mobile phones and other forms of mobile commerce. However, there exists security concerns of such transactions and particularly issues relating to ownership of the financial instruments used in such transactions.
This invention seeks to address some or all the above mentioned problems by providing an authentication method and process for the linking of a card or account to a mobile phone and authenticating the identity and ownership of that card or account by the user. In addition, the invention seeks to introduce a mechanism at least partly to automate these processes rather than relying on existing manual verification and authentication processes. Brief Description of Drawings
Examples of embodiments of the invention are illustrated by way of illustration and not limitation in the figures of the accompanying drawings, in which like references indicate similar element and in which;
Figure 1 is a block diagram illustrating a method for authentication of a financial transaction according to an embodiment of the invention;
Figure 2 is a block diagram illustrating an alternative method for authenticating of a financial transaction in accordance to an embodiment of the invention;
Figure 3 is a schematic illustration of an authentication system in accordance with an embodiment of the invention;
Summary
The invention relates to a method of linking a financial instrument to a mobile communication identifier at an authentication system comprising receiving at the authentication system from a user of the financial instrument details of the financial instrument along with details of the mobile communication identifier to which the financial instrument is to be linked; carrying out a financial transaction on the financial instrument for an amount and on receiving transaction authorization storing details of the authorized transaction in a database of the authentication system; receiving transaction information from the user of the financial instrument, the transaction information obtained by the user from the provider of the financial instrument; comparing the transaction information received from the user with the transaction details stored in the database; and linking the financial instrument to the mobile communication identifier on the transaction information received from the user matching the transaction information stored in the database.
The invention also relates to a method of linking a financial instrument to a mobile communication identifier at an authentication system comprising receiving at the authentication system from a user of the financial instrument details of the financial instrument along with details of the mobile communication identifier to which the financial instrument is to be linked; carrying out a financial transaction on the financial instrument at the bank for the authentication system for an amount; authorizing the transaction at the bank for the provider of the financial instrument and on receiving transaction authorization storing details of the authorized transaction in a database of the authentication system; the authentication system transmitting to the bank for the provider of the financial instrument transaction information and details of the mobile communication identifier; authenticating the mobile communication identifier at the bank for the provider of the financial instrument; and linking the financial instrument to the mobile communication identifier on receiving an authentication of the mobile communication identifier from the bank for the provider of the financial instrument and storing the mobile communication identifier as verified.
The invention also provides for an authentication system for linking a financial instrument to a mobile communication identifier comprising an interface for receiving from a user of the financial instrument details of the financial instrument along with details of the mobile communication identifier to which the financial instrument is to be linked; a switch for communicating with the provider of the financial instrument to authenticate the transaction and to receive transaction authorization; an authentication processor for carrying out a financial transaction on the financial instrument for an amount through the switch; and a database for storing details of an authorized transaction for a user; wherein the interface is also configured to receive transaction information from the user of the financial instrument, the transaction information obtained by the user from the provider of the financial instrument; and the authentication processor also configured to compare the transaction information received from the user with the transaction details stored in the database and to link the financial instrument to the mobile communication identifier on the transaction information received from the user matching the transaction information stored in the database. Detailed Description
For the purpose of promoting an understanding of the principles of the invention, reference will now be made to the embodiment illustrated in the drawings and specific language will be used to describe the same. It will nevertheless be understood that no limitation of the scope of the invention is thereby intended, such alterations and further modifications in the illustrated system, and such further applications of the principles of the invention as illustrated therein being contemplated as would normally occur to one skilled in the art to which the invention relates.
It will be understood by those skilled in the art that the foregoing general description and the following detailed description are exemplary and explanatory of the invention and are not intended to be restrictive thereof. Throughout the patent specification, a convention employed is that in the appended drawings, like numerals denote like components.
Many of the functional units described in this specification have been labelled as modules, in order to more particularly emphasize their implementation independence. For example, a module may be implemented as a hardware circuit comprising custom very large scale integration circuits or gate arrays, off-the-shelf semiconductors such as logic, chips, transistors, or the other discrete components. A module may also be implemented in programmable hardware devices such as field programmable gate arrays, programmable array logic, programmable logic devices or the like.
Modules may also be implemented in software for execution by various types of processors. An identified module of executable code may, for instance, comprise one or more physical or logical blocks of computer instructions which may, for instance, be organised as an object, procedure, or function. Nevertheless, the executables of an identified module need not be physically located together, but may comprise disparate instructions stored in different locations which, when joined together, comprise the module and achieve the started purpose for the module.
Indeed, a module of executable code could be a single instruction, or many instructions, and may even be distributed over several different code segments, among different programs, and across several memory devices. Similarly, operational data may be identified and illustrated herein within modules, and may be embodied in any suitable form and organised within any suitable type of data structure. The operational data maybe collected as a single data set, or may be distributed over different locations including over different member disks, and may exist, at least partially, merely as electronic signals on a system or network.
Reference throughout this specification to "one embodiment" "an embodiment" or similar language means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the present invention. Thus, appearances of the phrase "in one embodiment", "in an embodiment" and similar language throughout this specification may, but do not necessarily, all refer to the same embodiment.
In the context of this specification: an "authorisation code" is a code that is representative of a transaction and is often essential to allow a transaction to be completed;
The terms user, cardholder and account holder are used interchangeably in the context of the following description. A "cardholder" is a user in possession of a credit / debit / prepaid / stored value card linked to a financial account with a financial institution; whereas an "account holder" refers to a user with an account with a financial institution;
An authorization system is a third-party independent institution facilitating financial transactions over a communication network; an "acquiring bank" is the financial institution that processes payments for the products or services on behalf of a merchant; an "issuer bank" is a financial institution that provides the financial instrument to the "cardholder" and authorizes payments on this financial instrument .
In mobile commerce scenario, a financial instrument, such as. credit or debit or prepaid or stored value card or a bank account, is linked to a mobile number which is subsequently used for transactions. A method and system of authenticating ownership of a financial instrument over a communication network is discussed. The method provides for authenticating the ownership of a financial instrument such as a credit or debit or prepaid or stored value card or even a bank account and linking the same to a mobile communication identifier at a third party authentication system. On receiving a user request to link a financial instrument with a mobile communication identifier such as a mobile number, the authentication system carries out a transaction on the financial instrument, details of which are accessible to the authenticated owner of the financial instrument. The user is required to provide details of this transaction to the authentication system in order to authenticate ownership. Once the ownership of the financial instrument is established, the same is linked to the mobile number of the user with a verified status, and the user may carry out subsequent transactions on the mobile number using the authenticated financial instrument linked to it.
It is preferred that the mobile communication identifier such as a mobile number or device number is pre-registered with the authentication system. The ownership of the mobile communication identifier may be checked by way of physical checks or in the manner as described herein.
The authentication system may be an independent institution facilitating transactions over a communication channel. The authentication system may be a Financial Institution, a Biller, a service provider, etc. The authentication system may be linked with a bank, to authenticate and verify users and transactions on behalf of the bank.
In accordance with an embodiment, a method of authenticating ownership of a card is illustrated in figure 1. A cardholder (as indicated by step 1) submits the financial instrument details such as the card number, date of expiry, card verification code and /or card PIN and registers a financial instrument. This financial instrument is to be linked to a mobile communication identifier such as but not limited to a mobile phone number. The details of such a mobile communication device are also provided by the cardholder to the authentication system. The authentication system carries out a transaction on the financial instrument (as indicated by step 2) and receives a transaction confirmation from the bank (as indicated by step 3). The cardholder is required to access details of this transaction from the bank (as indicated by step 4a) and submit the same to the authentication system (as indicated by step 5) in order to confirm ownership of the financial instrument. This transaction may be in the form of an authorisation request.
In accordance with an embodiment, the issuer bank sends the transaction details to the registered mobile phone number for that cardholder (as indicated by step 4b). The cardholder in turn submits or forwards these details to the authentication system (as indicated by step 5). As the authentication system does not submit the mobile phone number registered with it to the bank at the time of the transaction, while the bank sends the transaction details to the registered mobile phone number, the submission of the transaction details by a cardholder validates the ownership of the financial instrument as well as the mobile phone number.
The transaction carried out by the authentication system may be for a random or fixed amount. The transaction may also be a complete (i.e. settled) transaction where the cardholder is charged or an incomplete (i.e. authorized but not settled) transaction where the transaction is held pending. In accordance with an embodiment, the transaction amount could be a small amount of Rs. 1 or Rs. 2 and should be enough to ensure infrastructure recognition and acceptance of the individual authorizations but not so much as to unnecessarily, though temporarily, burden the account.
In accordance with a further embodiment, one or more such authorization transactions may be carried out and the cardholder is required to submit details of such transactions.
Those skilled in the art will recognize that the total amount of such transactions may be any amount again so long as the account is not unnecessarily burdened. The purpose is to randomize the total amount of transactions so as to preclude a fraudulent cardholder from guessing at the verification information. The randomly selected amount of the transaction, therefore serves as temporary identification code to permit electronic, near-real-time verification of the cardholder as an authorized owner of the card.
The cardholder may access the transaction details either by logging into the bank's website, calling the bank and authenticating himself or other conventional means. Alternatively, the bank may send a message to the registered mobile device of the cardholder with the transaction details.
The transaction details required for confirming ownership at the authentication system may include the transaction amount, the authorization code or any other transaction identifier. In the event of a fixed amount transaction, the authorization code or other transaction details may be used for verification.
In accordance with an embodiment, an authorization code is a secret key, such as an alphanumeric string that is used for authentication the cardholder.
In accordance with an embodiment, the cardholder is required to submit the transaction details from the mobile phone number which he has also registered with the authentication system. As the cardholder has successfully obtained the transaction details after due verification at the bank and has submitted details of the transaction to the authentication system, the ownership of the financial instrument is confirmed. In addition, if the cardholder submits the transaction details using the registered mobile communication identifier such as the mobile phone number, then the mobile phone number is also validated as belonging to the owner of the financial instrument.
The token transaction may be reversed after successful validation, if necessary. However, the token transaction may not need to be revered if it was only for authorization and no settlement information is sent.
After successful validation of ownership of the financial instrument, the authentication system links the financial instrument to the mobile phone number, with a verified status and the cardholder may now carry out subsequent transactions using the mobile phone number. The authentication system acts as the financial gateway for a mobile communication network and the cardholder is not required to independently submit his financial instrument details at each vendor. In accordance with an alternate embodiment, a method of authenticating ownership of a card is illustrated in Figure 2. A cardholder submits the financial instrument details such as the card number, date of expiry, card verification code and /or card PIN and registers a financial instrument (as indicated by step 1). This financial instrument is to be linked to a mobile communication identifier such as but not limited to a mobile phone number. The authentication system carries out a random transaction on the financial instrument of the cardholder (as indicated by step 2). The cardholder's mobile number must be registered with the issuer bank.
The third-party bank referred to as the acquiring bank obtains the transaction request. In order to authorize the transaction, the acquiring bank in turn validates the transaction with the issuer bank, for card (as indicated by step 3). The Issuer Bank verifies the transaction and if successfully authorised, issues the transaction details to the acquiring bank (as indicated by step 4). On receiving a validation from the issuer bank, the acquiring bank sends the transaction details to the authentication system (as indicated by step 5) and validates the transaction with the third-party.
The authentication system on completing a transaction with the bank and on receiving transaction details from the acquiring bank, sends the transaction details to the issuing bank along with the mobile phone number that was registered with it by the cardholder (as indicated by step 6). The issuing bank is requested to confirm both the transaction details and the mobile phone number for that cardholder. On receiving a successful validation for the mobile phone number from the issuing bank, the cardholder is validated at the authentication system, with a verified status (as indicated by step T). The mobile phone is also validated and the authentication system may mark the phone as well as the card as verified.
Figure 3 illustrates an Authentication system 200 for authenticating ownership in accordance with an embodiment. The Authentication System 200 includes an Interface 600, an Authentication Processor 700, a Database 800 and a Switch 900. The database 800, Interface 600 and the switch 900 are controlled by the Authentication processor 700. The Authentication System 200 receives information from the user including details of the financial instrument along with details of the mobile communication identifier to which the financial instrument is to be linked through the interface 600. The interface 600 may be configured by a web module to permit users to log on to the authentication system. Alternatively, the interface 600 may be configured to receive user information from a mobile device. The mobile device 100 is capable of communicating remotely over a communications network with the Authentication System 200 by means of an SMS, MMS, mobile modules, etc. The interface 600 facilitates cross-platform communication between the authentication system and a mobile device. The Interface 600 may include a security protocol that performs security related and data integrity related checks on the communication between the Authentication System 200 and the mobile communication network 100. The security protocol may be SSL (Secure Socket Layer), TLS (Transport Layer Security), PPP (Point-to-Point protocol) or any other protocol known in the art.
The database 800 may hold user related details like mobile number, credit card details, CVV, expiry date of card, issuing bank details, etc. The database may also hold transaction information including authorized transactions for a user. The Authenticating processor 700 communicates with the database 800 to authenticate the cardholder and the financial instrument.
The switch 900 is an interface that assists the authentication system 200 to connect and exchange information with the Bank 300. The switch 900 helps the authentication system 200 to communicate with the bank 300 to authenticate a card and a financial transaction. The switch 900 may include a security protocol such as a Secure Socket Layer (SSL) or Virtual Private Network (VPN) protocol to confidently and securely communicate with the bank.
Authentication Processor 700 helps in registering the cardholder and carries out a random transaction on the cardholder's card/ account. The Authentication Processor 700 also authenticates and verifies the cardholder's ownership of the card/ account. The Authentication Processor 700 controls the functioning of the authentication system 200 and communicates with the cardholder's mobile device 100 and the bank 300 with the help of the interface 600 and the switch 900 respectively.
The authentication processor is driven by an authentication module that is configured to execute a financial transaction on a financial instrument. The authentication module is also configured to store the transaction authorization status received from the bank of the provider of the financial instrument and store it in the database. The authentication module is also configured to compare the transaction information received from the provider of the financial instrument with the transaction information received from the user.
In accordance with a specific embodiment, a cardholder 100 submits the financial instrument details such as the card number, date of expiry, card verification code and /or card PIN to the authentication system 200.
This financial instrument is to be linked to the cardholder's mobile phone number. The details of such a mobile communication device are also provided by the cardholder to the authentication system.
The interface 600 receives the registration request and performs data security related checks on the incoming data. The interface 600 forwards the registration request to the Authentication Processor 700. The Authentication Processor 700 stores the registration details in the database 800 of the authentication system 200.
The Authentication Processor 700 registers the cardholder and the authentication module carries out a transaction on the financial instrument. The transaction carried out may be for a random or fixed amount and the transaction amount could be a small amount of Rs. 1 or Rs. 2. The Authentication Processor 700 sends an authentication request to the cardholder's bank 300 via a switch 800. The Switch 800 enables cross platform communication between the authentication system 200 and the cardholder's bank 300.
In accordance with an embodiment, the Authentication Processor 700 may initially send the authentication request to a merchant's bank (acquiring bank), in the case where the merchant's and the cardholder's bank (issuer's bank) is not same. The Authentication Processor 700 receives a transaction confirmation from the bank via the switch 800. The transaction confirmation may include an authorization code or transaction details sent by the bank 300.
The cardholder 100 obtains the details of this transaction from the bank 300 and submits the same to the authentication system 200 in order to confirm ownership of the financial instrument. The cardholder may obtain the transaction details from the bank by logging on to his account or accessing his account by an interactive voice response system.
The user may send an SMS containing the transaction details to the authentication system 200 to confirm of ownership of the card. The interface 600 checks the data integrity of the SMS and forwards the SMS to the Authentication Processor 700 for execution. The Authentication Processor 700 checks the SMS sent by the user and matches with the details provided by the bank 300. If successfully matched, the bank verifies the ownership of the card.
In accordance to an aspect, the Authentication Processor 700 of the third-party system 200 does not submit the mobile phone number registered with it to the bank at the time of the conducting a transaction, while the bank sends the transaction details to the registered mobile phone number of the cardholder, the submission of the transaction details by the cardholder to the third-party system 200 validates the ownership of the financial instrument as well as the mobile phone number.
The mobile communication identifier is any device used for communication over a wireless communication network and includes a mobile phone, a smart phone, a Personal Digital Assistant (PDA) or a pager.
Specific Embodiments:
A method of linking a financial instrument to a mobile communication identifier at an authentication system comprising receiving at the authentication system from a user of the financial instrument details of the financial instrument along with details of the mobile communication identifier to which the financial instrument is to be linked; carrying out a financial transaction on the financial instrument for an amount and on receiving transaction authorization storing details of the authorized transaction in a database of the authentication system; receiving transaction information from the user of the financial instrument, the transaction information obtained by the user from the provider of the financial instrument; comparing the transaction information received from the user with the transaction details stored in the database; and linking the financial instrument to the mobile communication identifier on the transaction information received from the user matching the transaction information stored in the database.
A method as described above wherein the mobile communication identifier is a mobile number or a mobile device number.
A method as described wherein the mobile communication identifier is previously registered with the authentication system.
A method as described wherein the transaction amount is a random amount and wherein the transaction information received from the user is the transaction amount or an authorization code.
A method wherein the transaction amount is a fixed amount and the transaction information received from the user is the transaction authorization code.
A method wherein the transaction information is received from a mobile device, comprising identifying the mobile communication identifier from which the transaction information is received and comparing the identified mobile communication identifier with the mobile communication identifier to which the financial instrument is to be linked.
A method further comprising marking the mobile communication identifier to which the financial instrument is to be linked as verified if the mobile communication identifier from which information is received is the same as the mobile communication identifier to which the financial instrument is to be linked.
A method as described above wherein the user obtaining the transaction information from the provider of the financial instrument comprises the user authenticating himself at the provider of the financial instrument to access a user account linked to the financial instrument.
A method as described above wherein the user obtaining the transaction information from the provider of the financial instrument comprises the provider of the financial instrument transmitting transaction information to the registered mobile device of the user.
A method of linking a financial instrument to a mobile communication identifier at an authentication system comprising receiving at the authentication system from a user of the financial instrument details of the financial instrument along with details of the mobile communication identifier to which the financial instrument is to be linked; carrying out a financial transaction on the financial instrument at the bank for the authentication system for an amount; authorizing the transaction at the bank for the provider of the financial instrument and on receiving transaction authorization storing details of the authorized transaction in a database of the authentication system; the authentication system transmitting to the bank for the provider of the financial instrument transaction information and details of the mobile communication identifier; authenticating the mobile communication identifier at the bank for the provider of the financial instrument; and linking the financial instrument to the mobile communication identifier on receiving an authentication of the mobile communication identifier from the bank for the provider of the financial instrument and storing the mobile communication identifier as verified.
A method as described above wherein the mobile communication identifier is a mobile number and the mobile number is previously registered with the bank for the provider of the financial instrument.
A method as described above further comprising receiving the transaction information from the mobile communication identifier to which the financial instrument is to be linked. An authentication system for linking a financial instrument to a mobile communication identifier comprising an interface for receiving from a user of the financial instrument details of the financial instrument along with details of the mobile communication identifier to which the financial instrument is to be linked; a switch for communicating with the provider of the financial instrument to authenticate the transaction and to receive transaction authorization; an authentication processor for carrying out a financial transaction on the financial instrument for an amount through the switch; and a database for storing details of an authorized transaction for a user; wherein the interface is also configured to receive transaction information from the user of the financial instrument, the transaction information obtained by the user from the provider of the financial instrument; and the authentication processor also configured to compare the transaction information received from the user with the transaction details stored in the database and to link the financial instrument to the mobile communication identifier on the transaction information received from the user matching the transaction information stored in the database.
A system as described above wherein the transaction information is received from a mobile device comprising the authentication processor configured to identify the mobile communication identifier from which the transaction information is received and compare the identified mobile communication identifier with the mobile communication identifier to which the financial instrument is to be linked.
While specific language has been used to describe the invention, any limitations arising on account of the same are not intended. As would be apparent to a person in the art, various working modifications may be made to the system in order to i immnpilpemmpeinntt t thhfe
Figure imgf000016_0001
r cnonnrcpenptt a ass t taanugσhhtt h hperrpeiinn.

Claims

We claim:
1. A method of linking a financial instrument to a mobile communication identifier at an authentication system comprising:
a. receiving at the authentication system from a user of the financial instrument details of the financial instrument along with details of the mobile communication identifier to which the financial instrument is to be linked;
b. carrying out a financial transaction on the financial instrument for an amount and on receiving transaction authorization storing details of the authorized transaction in a database of the authentication system;
c. receiving transaction information from the user of the financial instrument, the transaction information obtained by the user from the provider of the financial instrument;
d. comparing the transaction information received from the user with the transaction details stored in the database; and
e. linking the financial instrument to the mobile communication identifier on the transaction information received from the user matching the transaction information stored in the database.
2. A method as claimed in claim 1 wherein the mobile communication identifier is a mobile number or a mobile device number.
3. A method as claimed in claim 2 wherein the mobile communication identifier is previously registered with the authentication system.
4. A method as claimed in claim 1 wherein the transaction amount is a random amount.
5. A method as claimed in claim 4 wherein the transaction information received from the user is the transaction amount.
6. A method as claimed in claim 1 wherein the transaction amount is a fixed amount.
7. A method as claimed in claims 4 or 6 wherein the transaction information received from the user is the transaction authorization code.
8. A method as claimed in claim 1 wherein the transaction information is received from a mobile device, comprising identifying the mobile communication identifier from which the transaction information is received and comparing the identified mobile communication identifier with the mobile communication identifier to which the financial instrument is to be linked.
9. A method as claimed in claim 8 comprising marking the mobile communication identifier to which the financial instrument is to be linked as verified if the mobile communication identifier from which information is received is the same as the mobile communication identifier to which the financial instrument is to be linked.
10. A method as claimed in any preceding claim wherein the user obtaining the transaction information from the provider of the financial instrument comprises the user authenticating himself at the provider of the financial instrument to access a user account linked to the financial instrument.
11. A method as claimed in any preceding claim wherein the user obtaining the transaction information from the provider of the financial instrument comprises the provider of the financial instrument transmitting transaction information to the registered mobile device of the user.
12. A method of linking a financial instrument to a mobile communication identifier at an authentication system comprising:
a. receiving at the authentication system from a user of the financial instrument details of the financial instrument along with details of the mobile communication identifier to which the financial instrument is to be linked;
b. carrying out a financial transaction on the financial instrument at the bank for the authentication system for an amount;
c. authorizing the transaction at the bank for the provider of the financial instrument and on receiving transaction authorization storing details of the authorized transaction in a database of the authentication system;
d. the authentication system transmitting to the bank for the provider of the financial instrument transaction information and details of the mobile communication identifier;
e. authenticating the mobile communication identifier at the bank for the provider of the financial instrument; and f. linking the financial instrument to the mobile communication identifier on receiving an authentication of the mobile communication identifier from the bank for the provider of the financial instrument and storing the mobile communication identifier as verified.
13. A method as claimed in claim 12 wherein the mobile communication identifier is a mobile number and the mobile number is previously registered with the bank for the provider of the financial instrument.
14. A method as claimed in any preceding claim comprising receiving the transaction information from the mobile communication identifier to which the financial instrument is to be linked.
15. An authentication system for linking a financial instrument to a mobile communication identifier comprising:
a. an interface for receiving from a user of the financial instrument details of the financial instrument along with details of the mobile communication identifier to which the financial instrument is to be linked;
b. a switch for communicating with the provider of the financial instrument to authenticate the transaction and to receive transaction authorization;
c. an authentication processor for carrying out a financial transaction on the financial instrument for an amount through the switch; and
d. a database for storing details of an authorized transaction for a user; wherein the interface is also configured to receive transaction information from the user of the financial instrument, the transaction information obtained by the user from the provider of the financial instrument; and the authentication processor also configured to compare the transaction information received from the user with the transaction details stored in the database and to link the financial instrument to the mobile communication identifier on the transaction information received from the user matching the transaction information stored in the database.
16. A system as claimed in claim 15 wherein the transaction information is received from a mobile device comprising the authentication processor configured to identify the mobile communication identifier from which the transaction information is received and compare the identified mobile communication identifier with the mobile communication identifier to which the financial instrument is to be linked.
17. A method of linking a financial instrument to a mobile communication identifier at an authentication system substantially as herein described with reference to and as illustrated by the accompanying drawings.
18. An authentication system substantially as herein described with reference to and as illustrated by the accompanying drawings.
PCT/IN2009/000535 2008-09-29 2009-09-29 A method and system of financial instrument authentication in a communication network WO2010046911A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN2079MU2008 2008-09-29
IN2079/MUM/2008 2008-09-29

Publications (2)

Publication Number Publication Date
WO2010046911A2 true WO2010046911A2 (en) 2010-04-29
WO2010046911A3 WO2010046911A3 (en) 2010-06-24

Family

ID=41259280

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IN2009/000535 WO2010046911A2 (en) 2008-09-29 2009-09-29 A method and system of financial instrument authentication in a communication network

Country Status (2)

Country Link
AU (1) AU2009100984B4 (en)
WO (1) WO2010046911A2 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030004827A1 (en) * 1998-04-27 2003-01-02 Wang Ynjiun P. Payment system
US20070143230A1 (en) * 2003-06-30 2007-06-21 Selvanathan Narainsamy Transaction verification system

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1802155A1 (en) * 2005-12-21 2007-06-27 Cronto Limited System and method for dynamic multifactor authentication
US8934865B2 (en) * 2006-02-02 2015-01-13 Alcatel Lucent Authentication and verification services for third party vendors using mobile devices
NZ547322A (en) * 2006-05-18 2008-03-28 Fronde Anywhere Ltd Authentication method for wireless transactions
EP2080158A4 (en) * 2006-09-29 2011-06-22 Scammell Dan A system and method for verifying a user's identity in electronic transactions
SE531960C2 (en) * 2007-01-26 2009-09-15 Smartrefill I Helsingborg Ab Method of securely executing a payment transaction

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030004827A1 (en) * 1998-04-27 2003-01-02 Wang Ynjiun P. Payment system
US20070143230A1 (en) * 2003-06-30 2007-06-21 Selvanathan Narainsamy Transaction verification system

Also Published As

Publication number Publication date
WO2010046911A3 (en) 2010-06-24
AU2009100984A4 (en) 2009-11-05
AU2009100984B4 (en) 2009-12-03

Similar Documents

Publication Publication Date Title
US9779345B2 (en) Mobile device with scannable image including dynamic data
US10282724B2 (en) Security system incorporating mobile device
US20110208600A1 (en) Point of Sale Payment System and Method
US20080189209A1 (en) Real-Time Funds Transfer
US20070265984A1 (en) Financial transaction using mobile devices
US20020170958A1 (en) Computer readable universal authorization card system and method for using same
US20130173474A1 (en) Offline mobile phone payments
US20050097049A1 (en) Methods for verifying cardholder authenticity and for creating billing address database
US20210166242A1 (en) System and method for purchasing using biometric authentication
US20220060889A1 (en) Provisioning initiated from a contactless device
KR20040095363A (en) System and method for secure credit and debit card transactions
KR20140125449A (en) Transaction processing system and method
US11750368B2 (en) Provisioning method and system with message conversion
US20040139014A1 (en) Anti-fraud remote cash transaction system
US20210383378A1 (en) Validation Service For Account Verification
WO2015004677A1 (en) A computer implemented system and method for performing cashless transactions
US20230062507A1 (en) User authentication at access control server using mobile device
US20220353253A1 (en) Secure and accurate provisioning system and method
AU2009100984A4 (en) A Method and System of Financial Instrument Authentication in a Communication Network
AU2009101171A4 (en) 3D security for mobile devices
US20230153800A1 (en) Token processing for access interactions
US20230231717A1 (en) Domain validations using verification values
US20220270104A1 (en) Payment system using customer's fingerprints
AU2009101174A4 (en) Integrated 3D security for mobile devices
KR100869133B1 (en) System and Method for Operating Variable Accountor Card Authentication Means and Program Recording Medium

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09821691

Country of ref document: EP

Kind code of ref document: A2

122 Ep: pct application non-entry in european phase

Ref document number: 09821691

Country of ref document: EP

Kind code of ref document: A2

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 20/09/2011)

122 Ep: pct application non-entry in european phase

Ref document number: 09821691

Country of ref document: EP

Kind code of ref document: A2