A. Technical Field
The present invention relates generally to authentication in mobile banking, and more particularly, to systems, devices and methods of employing a location tracking function within a mobile device, such that a geographical location (geo-location) is tracked in real-time for the purpose of authenticating a user and a trusted transaction as this mobile device is configured to a mobile point-of-sale (POS) terminal in mobile banking applications.
B. Background of the Invention
Although they were initially introduced as communication terminals to receive and make phone calls, mobile devices have been applied in financial transaction during the past decade. The mobile devices allow each individual customer to own his or her own secure POS terminal, and offer unprecedented flexibility and mobility. Our traditional perspectives on the POS terminals have been revolutionized by this trend of applying mobile devices as secure POS terminals. Moreover, a term, “mobile banking,” is developed concerning financial activities involving a mobile POS device, and examples of these activities include, but are not limited to, transfer of monetary value in bank accounts, prepaid cards, store credits, virtual points, or credit cards.
In mobile banking, the conventional mobile device is conveniently configured to a secure mobile POS terminal by a software application. The software application is installed on the mobile device upon a request by the user, and normally each bank or retailer may support its own application that has a unique interface. The mobile POS terminal optionally includes an accessory card reader to read account information from an internal memory, or external credit and debit cards owned by the user. However, the account information may also be directly input by the user through the keyboard or touch screen of the mobile device at an interface provided by the software application. A request of a trusted transaction is also entered via the same software interface into the mobile POS terminal. Therefore, the mobile POS terminal successfully receives secure information for the account and trusted transaction.
The mobile POS terminal conveniently adopts an authentication method, such as a personal identification number (PIN), a passphrase, or a challenge/response. Among these methods, a username, coupled with a password, i.e., PIN, has been the most commonly applied method for electronic transactions that are implemented over the Internet. The account information is securely stored within the software application that also provides an interface for implementing trusted transactions. The user logs in the application by providing a username and a password, getting access to the account information and authorizing trusted transactions. The username and the password are selected by the user for each individual bank or retailer, and may be remembered by the software application or inputted by the user every time he or she accesses the application. Upon receiving the username and password, a remote server is controlled by the bank or retailer to authenticate the user and any trusted transactions that he or she requests.
The username and password authentication cannot provide sufficient security to trusted transactions over the mobile POS terminals. Such an authentication method has long existed since the internet was invented, and tamper techniques has reasonably caught up with the progress of this authentication method. In particular, when strength of the password is limited, a criminal can easily decipher it within a short period of time. Efforts to tamper the account are further reduced when the username and password are remembered by the software applications, since anyone that tampers the mobile device can get access to the account. As a result, manual input of complex password with improved strength is desirable, but it is unavoidably difficult for the user to manage, particularly when he or she owns multiple accounts and each account has a distinct username and password.
Although the existing mobile banking has fundamentally changed the format of financial transaction, user authentication is a big concern, and to certain extent, may compromise the benefits of flexibility and mobility of mobile banking in the long term. Most credit card fraud is associated with replacement of the physical credit or debit cards, and such card-not-present fraud may be exacerbated as the mobile devices are directly used for payment. A need exists to develop a highly reliable authentication method for a mobile POS terminal that reduces user input and preferably takes advantage of unique characteristics of mobile banking.