The present invention generally relates to a method for preventing unauthorized use of credit cards in remote payments, and an optional supplemental-code card for use in said method. More specifically, according to the method of the present invention each remote payment is secured by a unique code (for only one time use) which is known only to the credit card owner and to the credit company. According to one preferred embodiment of the present invention, lists of the unique codes are supplied to the credit card owners through automatic-teller machines (hereinafter called also A.T.M). According to another preferred embodiment, the unique codes are supplied to the credit card owners printed on supplemental-code cards, which supply lists of codes confidentially and help the credit card owners to find out the valid code for each particular remote payment. According to another preferred embodiment, the unique codes are supplied to the credit card owners by any electronic media such as Internet, e-mail, etc.
Remote payments by credit cards are constantly growing in importance in the world economy. In conventional credit card remote payments, a credit account is charged according to instructions and credit card details given by the customer, without checking the physical presence of the card in the customer hand. Many people hesitate to use a credit card, because its details can be reached and exploited by unauthorized users. The credit card companies have no effective way to prevent such illegal use of credit cards by unauthorized users.
The purpose of the present invention is to provide a facile and simple method for totally secure remote payments, without changing the conventional credit card held by the user.
The method according to the present invention is for distinguishing between authorized and unauthorized payments, and an optional supplemental-code card can be used in said method together with the conventional credit card. (Another advantage in using the method of the present invention is the avoidance of mistaken payments, such as double charging).
Such protection will encourage the use of credit cards in remote payments, while reducing the losses and the accompanying expenses caused by unauthorized and illegal use.
The method according to the present invention and the optional supplemental-code card can be used also for regular direct credit card payments (i.e. involving presenting the physical credit card by its owner to the creditor), all according to the economic policy of the credit company.
The use of the method according to the present invention will also release the existing psychological inhibitions in working with credit cards, thus increasing their request and usage.
In the context of the present invention:
The term xe2x80x9cremotexe2x80x9d relates to a payment performed through communication between a credit card owner and a remote creditor, made by any known physical way such as electrical wires, radio, optic fiber, and through any acceptable media such as: phone, fax machine, mail, interactive television or Internet.
The term xe2x80x9cpaymentsxe2x80x9d relates not only to payments, but to any remote activity which is involved with a transmission of valid credit card data, and makes use (or suited to make use) of the protection method of the present invention.
The term xe2x80x9cremote paymentxe2x80x9d relates to any payment by credit card, using the card data without the presence of the physical card at the physical site of the merchant.
The term xe2x80x9ccodexe2x80x9d relates to any combination of digits or letters.
The term xe2x80x9ccredit companyxe2x80x9d relates to any financial or commercial entity supplying remote payments services.
The term xe2x80x9ccredit cardxe2x80x9d relates not only to a concrete physical card but (and especially) to the constant data of a credit account and its owner, which is regularly used to perform conventional remote payments. However, it has to be noted that according to the present invention (and differently from conventional credit card payments), the constant data of a credit card do not have to include a constant identification number, and all the payments can be executed using only the single use codes, together with any constant data predetermined by the credit company as a precondition for accessing the registered code list copy of the specific credit card owner, in the credit company office.
The present invention relates to a method for preventing unauthorized use of credit cards in remote payments comprising the steps of:
(a) providing by a credit company a plurality of secret code lists for use with a plurality of credit cards, wherein each list is provided to the use of a single owner of at least one credit card, and each code is for only a single use (preferably, the secret codes are generated randomly by an appropriate computer program, as known in the art), and wherein a copy of the code content of each list is registered (preferably stored in a credit computer) in an office of the credit company on a name of its authorized user (hereinafter called xe2x80x9ccredit card ownerxe2x80x9d);
(b) transmitting one code from said list to a creditor by a credit card owner for every separate remote payment, together with any required conventional data of the credit card,;
(c ) verifying the said single code together with the other conventional credit card data through a dialogue (by either voice, interactive television, by computer, Internet, fax machine, mail or e-mail) between the creditor and the credit company, and accepting or rejecting the payment, according to the verification result. The said dialogue can be done either between humans, between a human and a machine or automatically between machines without the involvement of humans; and
(d) invalidating the single code used for an accepted payment, from the registered code list copy in the credit company office.
According to one preferred embodiment of the invention, the code list is supplied to the credit card owners through the known existing automatic teller machines (A.T.M.). The machine is programmed for producing lists of random codes (or receiving them on-line from the computer of the credit company), printing them on a voucher for the user, and transmitting them to the credit computer of the credit company for a registration on the name of its authorized user, wherein all said procedure is executed subsequently to the detection of a physical valid automatic-teller card inserted by a user into the machine, and only after typing-on its associate secret code.
According to another preferred embodiment the automatic teller machine (A.T.M.). is programmed for offering the user a selection of customer options, such as: determining which of the credit card activities will require a supplemental-code; determining the amount of codes in the generated code list; etc.
Actually, the present invention may be thought of as providing an advanced credit card type, having a variable card number, varying for every single use of the card. This variable card-number is a combination of the conventional fixed card-number and the single use code.
In another preferred embodiment the present invention provides a supplemental-code card (hereinafter called also xe2x80x9ccode cardxe2x80x9d) for preventing unauthorized use of credit cards according to the said method, wherein the code card contains a list of codes for use in said method. Preferably, each code is covered by a removable layer of opaque material, for removal by the credit card owner according to a predetermined uncovering progression, prior to performing each remote payment.
The covering material may be a removable sticker (preferably having a free end for facile pulling out), or a scratchable printing paint, or a combination thereof. In the combination, the sticker is covered with a layer of scratchable printing paint such that once it was removed it is permanently damaged, thus a double use or glimpsing the code by frauds is prevented. This combination integrates the advantage of a sticker (i.e. its facile removal) and the advantage of the scratchable paint (i.e. better confidence).
It has to be noted that the method of the present invention does not rely on any physical code card, and the code list may be supplied to the users through automatic-teller machines (A.T.M.)., through an electronic wallet, through phone by voice, through a mailed letter, or through electrical means such as by facsimile machine, by the Internet, by e-mail or by any other acceptable distribution way.
According to the present invention, the code may be of one character/digit or more (or a combination thereof), according to the required protection level and to other considerations of design.
In terms of credit card security, a 4 digit code may be considered as unbreakable, however there is no prevention to expand it to more than 4 digits, or to use letters additionally to the digit decade.
The number of codes included in one card is a matter of design. According to the present invention a card may include from one code up to several tens of codes (or more), according to the card dimensions, and the size of code characters (font size). The codes may be configured in any wanted form of columns or rows (and may be arranged either from one side or all sides of the card). Preferably, the code list can be designed to be used successively, and the computer of the credit company is programmed such that a non-permitted deviation from the successive order of the codes (there might be also a permitted deviation, all according to the predetermined rules of the credit-card company), disqualifies the whole respective code list. However, according to other embodiments, a non successive use of codes is permitted, provided that they are all of a single list, or more (as will be determined by the credit company).
The supplemental code card can be made of any material, and the codes may be printed or embedded on it in any known method, and in any predetermined configuration.
According to another embodiment, the codes in the card are not covered, however the card is perforated or has a cut near each code, allowing a facile removal or facile marking of used codes, by tearing the relevant perforated portions of the card, in order to prevent double use of codes.
According to one preferred embodiment of the method of the present invention, the codes are coupled in the office of the credit company to specific credit card owners, in advance.
According to other embodiments of the method of the present invention, each code list has its own identification label, and the code lists are distributed to the credit card owners randomly, by mail, stores or other acceptable distribution ways, and their copies in the office are coupled to the record of a specific credit card owner according to a later communication of each owner reporting to the company the label data of a code list to be used.
In order to reduce the memory space needed for storing large scale of code lists (especially when generated in advance for large scale distribution, as hereinbefore said) it is possible to generate the codes by means of a secret computer algorithm such that said identification label of each supplemental-code card is a key for the secret algorithm for generating the list, and such that code lists do not have to be stored in the computer memory (only the key label has to be coupled to the specific owner, wherein each code is computed momentarily for checking the legality of a current remote payment).