CN102129741A - Anti-theft system for bank card - Google Patents
Anti-theft system for bank cardDownload PDFInfo
- Publication number
- CN102129741A CN102129741ACN2010100229135ACN201010022913ACN102129741ACN 102129741 ACN102129741 ACN 102129741ACN 2010100229135 ACN2010100229135 ACN 2010100229135ACN 201010022913 ACN201010022913 ACN 201010022913ACN 102129741 ACN102129741 ACN 102129741A
- Authority
- CN
- China
- Prior art keywords
- card
- password
- bank
- bank card
- transaction
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012163sequencing techniqueMethods0.000claimsdescription7
- 238000012986modificationMethods0.000claimsdescription4
- 230000004048modificationEffects0.000claimsdescription4
- 238000004064recyclingMethods0.000claimsdescription2
- 238000000034methodMethods0.000abstractdescription24
- 230000000694effectsEffects0.000abstractdescription2
- 230000008569processEffects0.000description8
- 238000013459approachMethods0.000description7
- 238000005516engineering processMethods0.000description5
- 238000010586diagramMethods0.000description3
- 230000002265preventionEffects0.000description3
- 230000002950deficientEffects0.000description2
- 238000013475authorizationMethods0.000description1
- 230000005540biological transmissionEffects0.000description1
- 230000015572biosynthetic processEffects0.000description1
- 230000000903blocking effectEffects0.000description1
- 238000004891communicationMethods0.000description1
- 238000012790confirmationMethods0.000description1
- 239000012467final productSubstances0.000description1
- 238000004080punchingMethods0.000description1
- 230000010076replicationEffects0.000description1
- 230000001960triggered effectEffects0.000description1
Images
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
Description
Technical field
The present invention relates to the financial safety protection field, relate in particular to the bank card account security system.
Background technology
Because bank card is easy to carry, easy to use, for the consumer provides the modes of payments easily, increasing consumer has got used to extracting cash on the ATM, using bank card to pay during in consumption with bank card.But the offender usually utilizes the weakness of bank card on safety to steal other people bank card information and consumption password in recent years, duplicates other people bank card then and usurps, and causes the tremendous economic loss to the victim.At present domestic bank's card adopts the magnetic stripe mode to write down bank card information, is read the data of magnetic stripe stored and is sent to bank server by POS machine or ATM when user card punching uses and finish authentication work.There is bigger potential safety hazard in the magnetic stripe recording mode, is that mainly the data security of magnetic stripe recording is poor, can be read out by any magnetic stripe fetch equipment, is very easily stolen by the offender and writes with writing the card device that " clone " goes out a bank card in the blank card.The case that a lot of offenders duplicate the enchashment without restraint of user's bank card, consumption has taken place in recent years, they adopt at the self-help bank gate place of swiping the card or the ATM card inserting mouth is installed miniature reader device and stolen user's bank card account data, microcam is installed above the ATM input keyboard is stolen user's bank card password, utilize the user account data of stealing to duplicate bank card then and consume or extract cash, often after steal information, just make the user suffer the tremendous economic loss in very short time.Improve this potential safety hazard of bank card, a kind of way is the complete upgrading bank card system, adopts the IC chip to replace magnetic stripe to write down bank card data, has improved the offender so greatly and has stolen the technical threshold of bank card data and implement difficulty.But this method should all be replaced the bank card in user's hand, also wants the card-reading apparatus of whole upgrading ATM, POS machine, and high upgrade cost makes that this method feasibility is lower.
Chinese patent 200510110598.0 proposes a kind of method and system that prevents embezzlement of bank card, adopts the way that adds card master or authorized user people face information in bank card to guarantee that the user is a validated user.Though this method can greatly improve the security of bank card on principle, need the upgrading bank card system equally, comprise the bank card in user's hand, the POS machine and the ATM of trade company, need pay high cost and just can achieve the goal.Chinese patent 200710125086.0 proposes the another kind of method and system that prevents embezzlement of bank card, this method is utilized the Mobile Phone Locating technology, the POS machine or the ATM position of elder generation's consumer positioning mobile phone location and generation transaction when the user uses bank card, judge that whether both are at same position, if then allow transaction to finish, otherwise refusal transaction.Though this method can be improved the security of bank card to a certain extent, but the also inconvenience that brings some to use to the user, must carry mobile phone simultaneously when promptly using bank card, prior defective is, because Mobile Phone Locating and POS machine, ATM locating accuracy are all very limited, this method is easy to cause erroneous judgement, thereby use brings unnecessary trouble or stays opportunity to the offender to actual user.
This shows that consumer and bank all need a kind of simple, system that prevents embezzlement of bank card that cost is controlled, in order to the consumption safety of protection credit card and the legitimate rights and interests of oneself.
Summary of the invention
The present invention proposes a kind of system that utilizes the dynamic password technology to prevent embezzlement of bank card.Bank card and N trading password are bound by this system, N>1, and in transaction, recycle the authentication password of this N password as transaction.Wherein N trading password is provided with or revises by bank ATM, lobby service terminal, telephone bank or Web bank by card is main, comprises the sequencing that is provided with or revises numerical value, a N password content and N the password of N.System selects first password as the authentication password of concluding the business for the first time after password is set after the user finishes N password setting or revises automatically; Finish the authentication password that the back selects Next Password to conclude the business as next time according to sequencing automatically in each transaction then, and the like after using up N password, get back to first password once more; So circulation is revised password next time until the user.
Use system of the present invention need not change the formation and the operation flow of existing bank card system, implementation cost is cheap, and the user is easy to use, and effectively delinquency prevention molecular replication and usurp other people bank card is avoided causing economic loss to holder and bank.
Description of drawings
Fig. 1 is existing bank card security crime prevention system and transaction flow;
Fig. 2 is a basic thought synoptic diagram of the present invention;
Fig. 3 is the explanation of the invention process step;
Fig. 4 is that system of the present invention realizes approach one synoptic diagram;
Fig. 5 is that system of the present invention realizes approach two synoptic diagram;
Fig. 6 is the flow process that system of the present invention is provided with bank card password.
Embodiment
Describe the specific embodiment of the present invention in detail below in conjunction with accompanying drawing:
Existing bank card security crime prevention system as shown in Figure 1, comprising entity function unit such as user's bank card, the POS machine that is arranged on each franchised business, bank ATM machine, merchant bank, issuing bank, payment gateways.Concrete steps are as follows:
1) user's transaction of on the POS of trade company machine or bank ATM machine, swiping the card, POS machine or ATM read the bank card number that is stored on the magnetic stripe and the password of the on-the-spot input of user in real time;
2) POS machine or ATM send the Trading Authorization application to merchant bank, comprising user's the data of swiping the card;
3) user's the data of swiping the card is checked by merchant bank, if find the non-one's own profession distribution of this bank card, then send to issuing bank's request payment by will the swipe the card collecting account data of data and corresponding trade company of payment gateway, otherwise receive single file and be credit card issuer, issuing bank carries out authentication to information such as the bank card number in the data of swiping the card, user ciphers, sends authorized order by the back to POS machine or ATM;
4) credit card issuer is to the operation of withholing of this user account;
5) POS machine or ATM finish follow-up transaction operation after receiving the authorized order of credit card issuer.
Above-mentioned bank card comprises the credit card, debit card, debt-credit card of each commercial bank distribution etc.; The described data of swiping the card comprises bank card account data, POS machine or ATM identification data, type of transaction, dealing money etc.; Described payment gateway is meant to each commercial bank provides the bank card business of message exchange of bank card inter-bank and clearance service accepts network, comprises China Unionpay's card network, VISA network, American Express Card network, Master Card network etc.
From above-mentioned bank card business dealing process as seen, bank card security mainly guarantees by the bank card consumption password that sets in advance, and bank card password to finish before the retouching operation by modes such as ATM, Web bank, telephone banks up to the user all be changeless next time, in a single day the offender has stolen other people credit card number and encrypted message and just can utilize easily and forge the authentication link of blocking the credit card issuer of out-tricking.And real card master knows nothing, up to receiving that next bank statement could find embezzlement of bank card.At present but some bank opens the SMS notification service, even but also can only prevent the economic loss that the user is bigger like this, because the behavior of usurping has been finished during SMS notification.The present invention utilizes the dynamic password technology can improve this weak link preferably, its basic thought as shown in Figure 2, promptly changing present user's bank card number and trading password is the way of binding one to one, make the binding of a card number and a plurality of trading password into, bank card system recycles these passwords and carries out transaction authentication.Concrete steps are as shown in Figure 3:
The first step, the user is provided with the trading password quantity N of bank card, has set gradually N password simultaneously;
In second step, first password that bank card system selects the user to be provided with automatically is provided with the authentication password of concluding the business for the first time behind the password as the user;
The 3rd step, after each bank card business dealing is finished, the sequencing that bank card system is provided with according to the user is selected the authentication password of Next Password as user's transaction next time automatically, and the like after using up N password, get back to first password once more, so recycle N the password that the user is provided with, initiatively revise password next time up to the user.
Bank card business dealing flow process in the above steps is carried out according to aforementioned existing bank card business dealing flow process fully, avoid changing the use habit that the user has been familiar with, also avoided simultaneously existing bank card system is transformed on a large scale, reduced greatly and implement difficulty and cost.For the user, change just a plurality of passwords need be set simultaneously in password setting with when revising, and when transaction, use these passwords successively.Though can cause certain incompatibility and inconvenient to user's use like this, remember a plurality of passwords and sequencing such as needs, the good result that this inconvenience and this method of employing that below will narrate are brought is compared, and implementing the present invention is worth.And the user can adopt certain password setting skill to overcome this defective fully, such as a root password is set earlier, derive other N-1 password by it according to certain simple rule then, the user only need remember root password and Changing Pattern in fact like this, just can not make troubles to use.
In order to impel the user to be familiar with this new system that recycles a plurality of passwords as early as possible and safety precaution further to be provided, can behind each bank card business dealing, send SMS notification to the main mobile phone of card, announce this transaction situation and remind main this card trading password of card to change to n password automatically, n is the password sequence number of automatic transaction next time that is provided with of system.When bank card system find certain be stuck in that when transaction use be a last effective trading password time, can send reminding short message to the main mobile phone of card, remind main this card trading password of card to change to n password automatically.If find to have repeatedly effective trading password on the repeated attempt of people, send information warning then for the main mobile phone of card, repeatedly unsuccessful exchange hour and the place of attempting of announcement.The main mobile phone of above-mentioned card is meant the binding mobile phone that the user registers when this bank card is opened in application.
Safety precaution effect behind the employing said method is apparent, even the card number and the trading password information of user's bank card have been stolen in crime by certain means, immediately send partner's quick copy to by communication network and go out a pseudo-bank card, the offender also can't utilize this pseudo-bank card to steal other people wealth, this is because the inefficacy temporarily of original code this moment, bank card system has upgraded the trading password of this card automatically, and new password has only the card master to know in person and there is record in bank card authentication system.In theory, the offender's bank card that can hold this forgery for a long time goes constantly to attempt consumption or withdraw the money and bind this trading password up to bank card system once more by recycling.But in fact this risk exists hardly, this is that card is main recognizes whether have the people usurping his bank card because prompting that bank card system sends after the password authentification failure automatically or information warning can allow at once, the card master economic loss of can at once taking measures to prevent in view of the above is as report the loss to bank, revise password, report a case to the security authorities or the like to public security department at once.So act if the offender is genuine, public security department just in time can utilize the transaction record of bank card system in conjunction with the very fast locking of other safety-protection systems suspect.
The method that these a plurality of passwords were bound and recycled to the bank card that the present invention proposes and a plurality of trading password can realize by two kinds of approach:
First kind as shown in Figure 4, at first, comprise ATM, telephone bank, Web bank, bank counter service terminal, make the user that N password can be set all provide the part of user cipher setting and modification to carry out software upgrading in original bank card system, N>1 sets sequencing simultaneously.Specifically can take all factors into consideration system and realize that it is 3,4 or 5 that complexity and user's ease of use are selected N.Upgrade then credit card issuer background process subsystem in the bank card system, make the binding relationship of bank's card number and trading password in the data-base recording of user account become the relation of a pair of N, N can be specified by the user, and the bank card business dealing certificate server upgrades the trading password of this card automatically according to the principle that recycles successively after each transaction is finished.This realization approach does not need to change the functional unit and the workflow of existing bank card system, only need do upgrading on the function to the above-mentioned unit that relates to, and some functional unit internal work flow processs are done change slightly.
Second kind of approach increases an independent user cryptographic service unit as shown in Figure 5 on existing bank card system, be responsible for the user specially and be a plurality of passwords of bank card setting/revise, and this unit links to each other by bank's Intranet with bank background process subsystem.To the main use door that provides of card, the card master can rely on legal accounts information and cell-phone number to be applied for the registration of, and becomes validated user after the success by the public correspondence network in this cryptographic service unit.After landing, validated user can rely on card number, original password that N new password is set.Idiographic flow is as shown in Figure 6:
1) on cryptographic service use door, initiates application for registration, comprising accounts informations such as card number, the main names of card;
2) the cryptographic service unit is by inquiry bank card background system database, sends confirmation to the main mobile phone of card after examining this user profile legitimacy, the registration code that generates automatically comprising a system;
3) use door input registration code by the cryptographic service unit, finish remaining registration operation, comprise user name that the service door that accesses to your password is set, land password etc.;
4) the cryptographic service unit is checked user profile and registration code and is returned the message that succeeds in registration after errorless, notifies the user its legal identity information;
5) validated user lands cryptographic service and uses door;
6) the cryptographic service unit pushes password setting/modification interface to the user, comprises original code input frame, password number choice box, a N password setting frame etc.;
7) numerical value of password number N is set on this interface, and sets gradually this N password.
After using door to finish the setting/modification of N password by the cryptographic service unit, the cryptographic service unit upgrades the accounts information of this bank card in the subsystem database of bank card backstage automatically, trading password wherein is updated to first trading password of user's setting.After each subsequently transaction is finished, original bank card backstage subsystem is all to cryptographic service unit announcement Transaction Information, the trading password that the cryptographic service unit is triggered by Transaction Information and carries out once this bank card automatically upgrades operation, trading password is set to the Next Password of current password, if it is last that current password has been N, then be set to first password.System is after enabling the cryptographic service unit, user for the service of accessing to your password, the approach (by ATM, Web bank, telephone bank, business hall service terminal etc.) of revising password in the original system can be stopped using, also can continue to keep, the password that this moment, system default was revised by original mode gets final product for first password in user's new password system.This realization approach does not need to change any functional unit and the groundwork flow process of existing bank card system, only need to increase by one independently the cryptographic service unit link to each other with original bank card backstage subsystem, and original bank card backstage subsystem open user cipher to the cryptographic service unit and is revised interface, sends to conclude the business to it in each transaction back and announce simultaneously.
Industry technician should be appreciated that aforementioned SMS notification function has a lot of existing realization technology, as built-in note machine or built-in SMS transmission module and connect Short Message Service Gateway among the mobile network, does not therefore describe in detail in the invention described above embodiment.
Above in conjunction with case introduction system and method provided by the invention, do not depart from the scope of the present invention and conceive, the above-mentioned system and method that prevents that other people from usurping bank card can be made multiple change and distortion.Also can combine as above-mentioned user cipher service unit, become newly-increased functional module of Web bank or telephone bank rather than exist as separate functional unit with existing Web bank or telephone bank.Scope of the present invention is determined by appended claims.
Claims (8)
1. a system that prevents embezzlement of bank card is characterized in that described system with bank card and N trading password binding, N>1, and in transaction, recycle the authentication password of this N password as transaction.
2. system according to claim 1, its feature further is, a described N trading password is provided with or revises by bank ATM, lobby service terminal, telephone bank or Web bank, comprises the sequencing that is provided with or revises numerical value, a N password content and N the password of N.
3. according to the system described in the claim 1, its feature is that further the described N of a recycling password further comprises following operation:
(1) select first password as the authentication password of concluding the business for the first time behind the password is set automatically;
(2) after each bank card business dealing is finished, select the authentication password of Next Password automatically as transaction next time according to sequencing, and the like after using up N password, get back to first password once more;
(3) step (1) is got back in the operation of repeating step (2) next time after revising password.
4. according to the system of claim 1-3 described in each, its feature further is, described system comprises user's bank card, be arranged on the POS machine of trade company, the bank ATM machine, the lobby service terminal, Web bank's terminal, merchant bank's backstage subsystem, issuing bank's backstage subsystem and payment gateway, wherein payment gateway is meant to each commercial bank provides the bank card business of message exchange of bank card inter-bank and clearance service and accepts network, comprise China Unionpay's card network, the VISA network, American Express Card network and Master Card network, bank's backstage subsystem is made up of a plurality of functional units, comprises Database Unit, administrative unit, transaction authentication unit, telephone bank unit and Web bank unit.
5. according to the system of claim 1-4 described in each, its feature is that further described bank card comprises debit card, credit card and the accurate credit card of issued by banks.
6. according to the system of claim 1-5 described in each, its feature further is, described bank card business dealing comprises the account operation that account operation that the account operation of bank card on ATM, account operation that bank card is undertaken by the POS machine, account operation that bank card is undertaken by telephone bank, bank card are undertaken by the lobby service terminal and bank card are undertaken by Web bank, and described account operation comprises account inquiries, deposits and withdraws, transfers accounts, payment, cancellation and modification Password Operations.
7. according to the system of claim 1-6 described in each, its feature further is, described system sends prompting, prompting or information warning from trend card master mobile phone after the password authentification of finishing each transaction, the main mobile phone of described card be meant card main when bank card is opened in application that register and phone number bank card binding.
8. according to the system of claim 1-7 described in each, its feature is that further described system sends prompting, prompting or information warning from trend card master mobile phone and specifically comprises following operation after the password authentification of finishing each transaction:
(1) send information to the main mobile phone of card after Transaction Success, this card of cue card master transaction next time trading password has changed to n+1 password automatically, and n+1 is the password sequence number of automatic transaction next time that is provided with of system;
(2) when system discovery open use when being stuck in transaction be a last effective trading password time, send reminding short message to the main mobile phone of card, remind main this card trading password of card to change to n password automatically, n is system's password sequence number of this transaction of setting automatically;
(3) when the repeatedly unsuccessful transaction of system discovery all be that announcement is the when and where information of unsuccessful transaction repeatedly owing to when having used a last effective trading password, send information warning to the main mobile phone of card.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010100229135ACN102129741A (en) | 2010-01-18 | 2010-01-18 | Anti-theft system for bank card |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010100229135ACN102129741A (en) | 2010-01-18 | 2010-01-18 | Anti-theft system for bank card |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102129741Atrue CN102129741A (en) | 2011-07-20 |
Family
ID=44267812
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010100229135APendingCN102129741A (en) | 2010-01-18 | 2010-01-18 | Anti-theft system for bank card |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102129741A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105894277A (en)* | 2015-01-25 | 2016-08-24 | 汪风珍 | Dynamic password |
| CN106682903A (en)* | 2017-01-18 | 2017-05-17 | 齐宇庆 | Feedback verification method of bank payment permission authentication information |
- 2010
- 2010-01-18CNCN2010100229135Apatent/CN102129741A/enactivePending
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105894277A (en)* | 2015-01-25 | 2016-08-24 | 汪风珍 | Dynamic password |
| CN106682903A (en)* | 2017-01-18 | 2017-05-17 | 齐宇庆 | Feedback verification method of bank payment permission authentication information |
| CN106682903B (en)* | 2017-01-18 | 2017-11-28 | 齐宇庆 | A kind of feedback validation method of bank paying Licensing Authority information |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11138593B1 (en) | Systems and methods for contactless smart card authentication | |
| US8285648B2 (en) | System and method for verifying a user's identity in electronic transactions | |
| KR101915676B1 (en) | Card settlement terminal and card settlement system | |
| CN103186861B (en) | Electric paying method based on cloud data processing technique | |
| KR20010025234A (en) | A certification method of credit of a financing card based on fingerprint and a certification system thereof | |
| WO2014152419A1 (en) | Transaction-history driven counterfeit fraud risk management solution | |
| CN103745397A (en) | System and method for realizing electronic transaction risk control based on position scene identification | |
| JP2000515273A (en) | How to authenticate credit transactions to prevent unauthorized charges | |
| CN101540083A (en) | Method utilizing ID card number as bank account number and adopting fingerprint for ID authentication | |
| CN101140648A (en) | Method for bank bill online authorisation and off line trading | |
| US20060282395A1 (en) | Methods for using a mobile communications device in consumer, medical and law enforcement transactions | |
| CN104992324A (en) | Service processing method of self-service device and service processing system of self-service device | |
| CN103886449A (en) | Visible-code-based payment method and system with multiple security combination mechanisms | |
| JP2013527944A (en) | Reliable stored value payment system including unreliable retail store terminals | |
| CN102129740A (en) | Method for preventing bankcard from being stolen | |
| CN101178822A (en) | Method supporting user verifying legitimacy of bank brushing card terminal equipment | |
| CN101145229A (en) | Method for associating (binding) bank card for payment adopting the second generation identity card | |
| CN106327183A (en) | Data exchange system and method for onsite transaction processing | |
| CN102129743A (en) | System for preventing bank card from being stolen | |
| JP2001338151A (en) | Extra personal information storage substrate, security system for personal information storage substrate and security method for personal information storage substrate | |
| CN102129742A (en) | Method for preventing embezzlement of bank card | |
| CN102129741A (en) | Anti-theft system for bank card | |
| JPWO2002075676A1 (en) | Automatic transaction apparatus and transaction method therefor | |
| KR101152892B1 (en) | Method and apparatus for mmanaging withdrawal with bank card | |
| KR100542595B1 (en) | Credit card and cash card security system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication | Application publication date:20110720 |