This invention relates generally to mobile devices and to the use of mobile devices for financial transactions. More specifically, the invention relates to providing improved security for mobile devices, particularly when used for financial transactions, such as money transfers.
Third party money transfer services are widely used to transfer money and pay bills through the use of wire transfers, money orders, and the like. Such services, however, usually require face-to-face contact between an individual representing the third party service provider and the sender and/or the recipient. For example, if a sender is “wiring” money to a recipient, the money is typically deposited with the third party in person, and the sender typically obtains the money from the third party in person. If the money is transferred in the form of a money order, the sender typically deposits the money with the third party in person and receives a money order.
The use of mobile devices in various types of transactions is becoming more common. For example, various forms of wireless or mobile devices, such as cell phones, Personal Digital Assistants (PDAs), and mobile computers (laptop, notebook and tablet computers) can be used to initiate contactless or wireless communication with a money transfer system in order for the user of the device to transfer funds to another party. These devices provide greater convenience to the user, and can also be used to provide other functions with regard to financial accounts to which they may be linked or related.
However, money transfer services and systems are sometimes vulnerable to fraud, e.g., a dishonest person may attempt to send or receive money by impersonating a legitimate sender or recipient. While systems employing a mobile device will frequently require a user to know a unique username, a password or some other security code in order to make a transaction more secure, such arrangements can be circumvented. For example, an unauthorized person might surreptitiously learn a security code, e.g., by watching a user enter his or her code at a device, by employing systems that hack money transfer systems and gain access to codes, or by learning enough about a user to make attempts to guess a code until one guessed code is found to work.
Sometimes the financial systems to which a mobile devices are connected enhance security by being programmed to recognize a mobile device being used by a legitimate user (such as by asking for a device or user identifier stored in the device), and to reject a transaction if the proper device identifier is not received. Such an arrangement prevents fraudulent transactions by a person that uses a stolen username/security code and attempts a transaction on a device not known to the system or not associated with the stolen username/security code. However, if the mobile device itself is stolen, and the thief uses the stolen device and knows the user's security code, such security measures can be circumvented, since the system is tricked into thinking that it is connected to a legitimate user through his or her authorized device.
For these and other reasons, there is a need in the art for improving security in the use of mobile devices, and particularly for improving the security of financial transactions conducted at mobile devices.