This application relates generally to securing purchases made with a credit card. The application relates more particularly to use of confirming transactions biometrically and via transaction confirmation via devices that have been pre-associated with a user's account information.
There is an ongoing transition away from using cash for purchases. Most purchases today are completed with a credit or debit card. Card purchases may be at a retail outlet via a point-of-sale terminal. A user may present their card to a sales associate who scans a magnetic strip or uses a chip reader to read an embedded chip to acquire account information. A check may be made with a financial institution, such as a bank or credit agency, to determine whether there are sufficient funds available to make a purchase. Once a purchase is approved, the sale is completed and the user's account balance adjusted accordingly. In other situations, a user makes their purchase online, such as via a website or telephone call with a sales associate. In these instances, the user may supply their credit or debit account information directly.
If a user's credit or debit card is lost or stolen, there can be a risk that it will be used by another fraudulently. A card, such as a debit card, may be associated with a personal information number (PIN) where a code, such as a four digit code, must also be supplied to complete a transaction. A user's PIN can be discovered or intercepted. In an online credit transaction, secondary information, such as a card identification (CID) code may need to be supplied. However, this information is readily apparent to one in possession of an actual card.
Various embodiments will become better understood with regard to the following description, appended claims and accompanying drawings wherein:
The systems and methods disclosed herein are described in detail by way of examples and with reference to the figures. It will be appreciated that modifications to disclosed and described examples, arrangements, configurations, components, elements, apparatuses, devices methods, systems, etc. can suitably be made and may be desired for a specific application. In this disclosure, any identification of specific techniques, arrangements, etc. are either related to a specific example presented or are merely a general description of such a technique, arrangement, etc. Identifications of specific details or examples are not intended to be, and should not be, construed as mandatory or limiting unless specifically designated as such.
During credit or debit transactions, use of a static PIN bears risks of a third party intercepting the code, freeing them up to make fraudulent transactions. In example embodiments disclosed herein, a static PIN is replaced or supplemented with a one-time use PIN that is generated for a financial transaction and communicated to a portable user device that has been pre-associated with a user's account information. When making a credit or debit transaction, the user's account information is received and communicated to a server which returns a one-time PIN to the user's device. The user reads the newly generated PIN and enters it to confirm authenticity of the transaction.
Another example embodiment provides still further security and addresses a situation such as when a third party acquires both a user's credit card and smartphone. Both may be, for example, stored in a purse that is lost or stolen. A one-time PIN sent to the smartphone could then be available to the third party, allowing them to still complete a fraudulent transaction. In this example embodiment, the one-time PIN is decoded and displayed only when the user supplies appropriate fingerprint information through a fingerprint scanner associated with a point of sale (POS) terminal or their portable data device. In another further example, the PIN can be encrypted or decrypted associatively with the user's fingerprint information.
In accordance with the subject application,
The user's account information, such as credit or debit card information, is communicated to cloud server 124 through network cloud 128, suitably comprised of a local area network (LAN), a wide area network (WAN) which may comprised the Internet, or any suitable combination thereof. Cloud server 124 stores customer account information, including that of user 104, associatively with address information for digitally contacting a user device pre-associated with the user. Address information may be a cell phone number for sending a text or the user's email address. Cloud server 124 also suitably stores information for the user's fingerprint.
In a first example of
In another example of
Turning now to
Processor 204 is also in data communication with a storage interface 206 for reading or writing to a data storage system 208, suitably comprised of a hard disk, optical disk, solid-state disk, or any other suitable data storage as will be appreciated by one of ordinary skill in the art.
Processor 204 is also in data communication with a network interface controller (NIC) 230, which provides a data path to any suitable network or device connection, such as a suitable wireless data connection via wireless network interface 238. A suitable data connection to a cloud is via a data network, such as a local area network (LAN), a wide area network (WAN), which may comprise the Internet, or any suitable combination thereof, as well as a cellular connection. A digital data connection is also suitably directly with devices, such as a POS terminal, via Bluetooth, optical data transfer, Wi-Fi direct, near field communication (NFC), or the like.
Processor 304 is also in data communication with a user input/output (I/O) interface 240 which provides data communication with user peripherals, such as touch screen display 244 via display generator 246, as well as keyboards, mice, track balls, touch screens, or the like. Connection is also suitably made with fingerprint reader 250. It will be understood that functional units are suitably comprised of intelligent units, including any suitable hardware or software platform.
While certain embodiments have been described, these embodiments have been presented by way of example only, and are not intended to limit the scope of the inventions. Indeed, the novel embodiments described herein may be embodied in a variety of other forms; furthermore, various omissions, substitutions and changes in the form of the embodiments described herein may be made without departing from the spirit of the inventions. The accompanying claims and their equivalents are intended to cover such forms or modifications as would fall within the spirit and scope of the inventions.