This invention relates to secure payment systems, of the kind used by call centres to take payment details for goods and services ordered by telephone.
Existing systems are known which ensure that the caller giving the payment details is authorised to use the account for which he is giving the details. This is conventionally done by requiring the payer to supply details such as a password or security code which would only be known to the account holder but can be checked by the retailer or call centre operative against a database. However, there is at present no way for the payer (account holder) to know whether or not he is disclosing his credit card details to a trusted individual in a trusted organisation, nor whether the amount he intends to pay is indeed the amount that would be withdrawn from his credit card and actually paid/be destined for the company from which he wishes to obtain services.
It is known from United Kingdom patent GB2473376 (Semafone) to intercept and modify DTMF tones on the fly so that they cannot be intercepted by call centre agents. If such a system were used by the call centre, its operatives would be unable to intercept the data. When a transaction is to be performed, the agent goes into a secure mode, e.g. by entering a special code on his or her terminal. This triggers DTMF tones delivered from the customer to be intercepted at the retailer platform and forwarded to the secure system, without being displayed on the agent's terminal. Use of this system allows the retailer to ensure that its operatives cannot have access to data that they could subsequently misuse, thereby enabling the retailer to be satisfied that they have a secure system in place. However, the caller (buyer) has no way of knowing if he is dealing with a genuine call agent and whether the call agent is actually securing the call during the payment transaction rather than merely pretending to do so, whilst in reality the caller's details are being captured and a different transaction is being dealt with.
There is therefore a need for a system that allows a caller to ascertain whether his call is indeed secured, and that any supplied credit card information is not being stored or disclosed at the merchants call center or by the call center agent.
It is therefore desirable to provide a method by which a caller can ascertain that a voice call is going through trusted payment supplier before conveying credit card details, by providing a service platform to which both the payer and the payee have access, such that the payer can provide secure payment data to the service platform and the service platform provides confirmation to the payee that a payment has been made, without the payee having access to the payer's security information. It is also desirable that the payer can satisfy himself, independently of any assurances from the payee's agent, that such a process is in operation.
According to the invention, there is provided a data security platform for processing data signals carried on a telephone call, having a first data interface for receiving and transmitting data signals to and from a first data connection, and a second data interface for receiving data signals from a second data connection separate from the first data connection, and a third data interface for receiving and transmitting data signals to and from a third data connection, the data security platform having a connection management system responsive to commands received over the first data connection to establish a second data connection, and for generating an output for transmission over the third data connection indicative of the existence of the second data connection.
According to another aspect, there is provided a method of processing data signals carried on a telephone call, wherein data signals are transmitted between a security system and a first termination over a first data connection, wherein the first termination transmits command data to the security system to establish a second data connection between the security system and a second termination, the second data connection being routed by way of the first termination, the second data connection being a telephone connection arranged to carry data signals, wherein the security system is arranged to generate an output on a third data connection independant of the first termination indicative of the existence of the second data connection.
Initiating the trust verification process from the caller end relies on the fact that the caller would in advance know how to verify if his communication channel is indeed secured. (It would defeat the object to have the call centre agent communicate the web address during the call). Instead, a trusted organisation such as the user's own bank or credit card company would inform the user of availability of the service, and the process for accessing the security system using its website's universal resource locator (“url”) for example when the service is first introduced, or when the user opens an account with the bank. The same security system would be available for verifying transactions between the user and any call centre system making use of the system.
In one embodiment, the connection management system is arranged to identify a calling line identity of the second data connection and output the calling line identity over the third data connection. In an alternative embodiment, the connection management system is arranged to transmit a challenge message over the second data connection, and to receive a response to the challenge message over the third data connection (or vice versa), the response being indicative that the termination of the second connection and the termination of the third connection are under the control of the same person. The third data connection may be an Internet connection or a telephone connection suitable for carrying DTMF tones.
The platform is intended to be used in a system in which the first data connection and the second data connection are both connected to a first termination point, the second data connection being arranged by the first termination point to be securely forwarded from a second termination point such that it cannot be intercepted at the first termination point.
The invention allows a user, via a second communication means, to get a positive confirmation that the call is indeed secured, and he can be kept informed by the secure system of the progress and content of the payment being transacted, rather than relying on the assurances of an unknown call centre agent. This second communication means can be a website known in advance to the user, or a second call to a number known in advance to the user. Using that second communication means, the user can interrogate the secure payment system if there is a transaction running for him and follow the progress of that transaction in real time. The second call can be made on a separate network connection, or the user may use the same network connection as he is using for talking to the call centre operative, putting the operative on hold whilst carrying out the transaction.
In the event of users calling from corporate networks, a variant can be provided in which the user goes to the same website, and when it indicates that calling line is not known, system then generates a random code which the user then types on his telephone keypad (or hold phone to PC microphone). The secure system listens to this code on the voice call on the part coming from the end-user (not on the part coming from the agent) and as such the system can know whether it is indeed a call that is being secured by it or not.
Alternatively, the user could press an access code, the system could speak a few random digits which the user then types in on the website.