1. Field of the Invention
The present invention relates to the field of security, particularly identification and economic security, and more particularly to such security in combination with cards or elements that have information that is readable with magnetic stripe readers. The invention also relates to devices that may be used to assist in maintaining security and detecting fraudulent information or at least fraudulently applied information.
2. Background of the Art
It is critical to the security of economic systems that the means of implementing economic transactions not be reproducible without providing independent value into that economic system. This is why actions such as forgery, in which false replications are made of economic transactional items such as checks, currency, credit cards and the like, are serious threats to the security interests of people, businesses and nations. There are severe criminal penalties attached to the commission of these crimes of forgery or counterfeiting because of the potential for widespread societal harm from counterfeiting. Unfortunately, technological advances aid the enactment of the crime of forgery as much as it improves the detection of false replications.
The conflict between forgery and detection is hardly new, tracing back further than Greek history, where the proposition of Archimedes' principle was based on an effort to enable detection of forgery. Archimedes was an advisor to the state, which had commissioned the molding of a solid gold crown for a religious ceremony. The authorities wished to assure that the crown was in fact pure gold, but they could not cut into the crown once it had been made as that would have been sacrilegious. While sitting in a bath tub, Archimedes noted the rise and fall of the water level as he lifted various parts of his body in and out of the tub. He predicted that the volume of water displaced was equal to either the volume submerged in the water or the weight of material which floated on the water. The story has it that he ran through the streets yelling “Eureka!” at the discovery, and upon submerging a block of gold equal to the weight of the crown, found that a different volume of water was displaced by the crown than the block of gold. The two items were of different densities and therefore the crown was not pure gold. The forgery was thus detected.
It is both a Federal and state offense to be in unauthorized possession of credit or debit cards belonging to another person (as few as two cards in some states). To avoid arrest and prosecution, identity thieves record stolen credit card numbers and related information in two ways:                (1) Thieves will record stolen debit or credit card information on the magnetic stripe affixed to a plastic card that does not have the appearance of a credit/debit card but can be read by a standard credit card reader. A favorite example is a hotel room entry, key card. Another is a casino membership player card.        (2) Thieves will disguise the encoded stolen data so that when a law enforcement officer uses a portable reader to read the card, the card will not be recognized, by a standard card reader, as a credit or debit card. Of course, a disguised card cannot be read by an ATM either. So, the thieves subsequently re-activate a disguised card by unscrambling, removing or adding the data, effectively removing the disguise, before a card is used.        
There are examples of thieves being caught with hundreds of room keys who could not be arrested because the on-site law enforcement officers did not have an available magnetic stripe reader or because the cards did not show up on card readers as credit or debit cards.
The inventors anticipate that soon after card readers are designed that can penetrate disguised data, thieves will change their encoding schemes, or disguises, in an attempt to stay one step ahead of law enforcement. By equipping law enforcement officers with portable readers that have been consistently, and automatically, updated to combat each new disguise scheme, more identity thieves will be apprehended.
U.S. Pat. Nos. 5,988,500; 6,053,406; and 6,254,002 (Litman) describe that security may be enhanced for any magnetically readable system that may be applied or built into items, such as apparel, credit cards, currency, identification cards, or other transactional items. These and similar items, with informational content that can be varied may be used in systems for authenticating items and/or transactions. Such as system and method could include, for example, a method of verifying the authenticity of the source of information comprising: a) providing a first signal from a source of information by moving an item along a path relative to a reading element, said relative movement along said path allowing a signal to be read that identifies the speed of relative movement of said item with respect to said reading element at a time during which information is being obtained from said item, b) transmitting said signal to a location where prior records or information attributed to previous signal from said item are stored, c) comparing said first signal to a defined signal(s) attributed to previous signals from said item, d) said comparing evaluating whether said first signal has a level of conformity to said defined signal(s) which exceeds a predetermined level of conformity, and e) providing a warning signal if the predetermined level of conformity is not achieved or is not exceeded.
Biometric tests or analysis for security are also being developed. Current stylus-type verification systems use metric-type sensors-accelerometers and pressure sensors to measure stylus pressure and stroke sweep in the users' signature. U.S. Pat. No. 5,774,571 (Marshall) discloses a stylus with multiple sensors for biometric verification including grip pressure sensors and gyroscopes. U.S. Pat. No. 4,513,437 (Chainer et al.) discloses another data input stylus for signature verification which includes accelerometers and pressure sensors. U.S. Pat. No. 5,247,137 (Epperson) discloses a stylus that enables biometric identification by means of comparison of graphics data and textural data from a remote location. The stylus also captures strokes and gestures which can also be used for confirming identification. U.S. Pat. No. 5,103,486 (Grippi) discloses a system for using a combination of biometrics at POS terminals. Prisms are used to capture the fingerprint of the index finger while the individual signs his/her name. The fingerprint image and the signature are processed to form a composite representative for comparison with information shown on a credit card for processing of commercial transactions.
Various improved credit cards and methods are known in the prior art for preventing credit card fraud. U.S. Pat. No. 5,538,291 to Gustafson discloses a credit card which must be enabled by a separate mechanical key lock. U.S. Pat. No. 5,446,273 to Leslie discloses a credit card with encrypted personal information on the cardholder. U.S. Pat. No. 5,397,881 to Mannik discloses a credit card magnetically written with multiple expiration dates. U.S. Pat. No. 5,365,046 to Haymann discloses a credit card associated with a personal identification number, which must be verified before a transaction can be completed. U.S. Pat. No. 5,163,098 to Dahbura discloses a credit card system which uses an encryption algorithm to generate a first encoded text from the card number and a password supplied by the user. The card user is verified by comparing the first encoded text with an encoded text recorded on the card. U.S. Pat. No. 4,667,087 to Quintana discloses a credit card with a keyboard and a microprocessor. U.S. Pat. No. 4,643,453 to Shapiro et al. discloses a credit card with auxiliary characters and corresponding dates at which each of the characters should be used. U.S. Pat. No. 4,641,017 to Lopata discloses a credit card with a hologram.
U.S. Pat. No. 6,094,643 (Anderson et al.) discloses how counterfeit financial card fraud may detected based on the premise that the fraudulent activity will reflect itself in clustered groups of suspicious transactions. A system for detecting financial card fraud uses a computer database comprising financial card transaction data reported from a plurality of financial institutions. The transactions are scored by assigning weights to individual transactions to identify suspicious transactions. The geographic region where the transactions took place as well as the time of the transactions are recorded. An event building process then identifies cards involved in suspicious transactions in a same geographic region during a common time period to determine clustered groups of suspicious activity suggesting an organized counterfeit card operation which would otherwise be impossible for the individual financial institutions to detect
U.S. Pat. No. 6,254,000 (Degen et al.) describes how to identify and notify credit card issuing banks of an increased risk of credit card fraud. An early warning system assists credit card transaction processors and credit card issuing banks reduce occurrences of credit card fraud. By analyzing transaction data and credit card account information, an authorization decision is made and transmitted to the merchant. The authorization decision either approves or denies the credit card transaction. Conventional authorization systems employ a security code that can be transmitted with an authorization request to limit authorization to transactions including the proper security code. Because some issuing banks do not utilize the security code system, they are exposed to an increased risk of credit card fraud. The early warning system can be used to monitor the authorization decisions that are transmitted by the processor to the merchant. By compiling data on the occurrences of mismatches between an expected security code and the security code provided by the authorization request, the early warning system can notify processors and/or issuing banks that they are exposed to an increased risk of credit card fraud. Additionally, the early warning system can detect attempts by credit card thieves to identify exposed banks. Detected attempts at credit card fraud can also be used to initiate investigations to apprehend credit card thieves.
Published U.S. Patent Application No. 20040258281 (Delgrosso et al.) discloses a system for assisting in the biometric identification of users of credit cards. A system and method for verifying the identity of an individual for check cashing and other financial purposes is disclosed. A client, such as a bank or other financial institution, obtains a biometric identifier from a customer and can either try to match it in a local database or send it to a central database to be matched. Either database can be filtered according to a tag or location of the institution to speed up the matching process. The central database transmits information associated with the matched individual to determine whether or not to complete the transaction. A heuristic computing and software system is used with this technique.
Published U.S. Patent Application No. 20040034604 (Klebanoff) describes a method and system for identifying merchants at which payment accounts (e.g., credit card accounts) have been compromised. A set of “pre-fraud” payment accounts is first identified, the pre-fraud accounts being compromised accounts previously used to conduct legitimate transactions. A set of suspect merchant accounts is selected, wherein transactions with each of the suspect merchant accounts have been conducted with no fewer than a threshold number of the pre-fraud payment accounts, and wherein at least a threshold percentage of the business transacted with the merchant was transacted using pre-fraud payment accounts. Once selected, the suspect merchant accounts can be subjected to further investigation.
Published U.S. Patent Application No. 20040019564 (Goldthwaite et al.) describes an electronic payment system utilized by a customer to pay for the purchase of a good and/or a service with a payment card. The payment system includes a merchant server, an authentication server and a communication device. The merchant server is in connection with a first network and is adapted to receive a purchase order by the customer for the purchase of a good and/or a service and to create a digital purchase order. The authentication server is in connection with the first network and is adapted to receive the digital purchase order from the merchant server over the first network, format the digital purchase order into a first message and route it over a second network to the communication device. The communication device includes the identification information of the payment card, and is adapted to receive the first message from the authentication server over the second network, display the first message to the customer, request and receive authorization for payment for the purchase order from the customer, retrieve payment card identification information, request and receive payment card security information from the customer, and route the authorization result and in case of a positive authorization result the payment card identification and security information to the authentication server over the second network. The authorization result and payment card identification and security information are routed over the first network from the authentication server to the financial institution that has issued the payment card. The financial institution is asked to approve and execute the requested payment and to route the payment approval result through the authentication server to the merchant server and to the communication device.
U.S. Pat. No. 6,676,017 (Smith, III) describes a personal identification security device. The personal device includes an identification verification system that receives first identification data from a physical identification device, such as by inserting a driver's license into a card reader that is adapted to receive a driver's license. Second identification data such as a PIN number is also received. Payment authorization data or other suitable data is generated if the driver's license corresponds to the PIN. A payment selection system or other suitable system receives the payment authorization data and displays one or more payment accounts for selection by a user. Where a payment selection system is used, the payment selection system transmits payment account data to a point-of-sale system. This includes a fingerprint recognition system associated with the personal device.
U.S. Pat. No. 6,850,916 (Wang) describes a portable transaction arrangement for permitting a user to conduct a charge card transaction vis-a-vis a charge card terminal of an electronic transaction system. The charge card terminal is configured to communicate with a charge card for the purpose of conducting the charge card transaction. The charge card is one of a magnetic stripe card and an electronic smart card. The portable transaction arrangement includes an emulation card having an emulation card interface. The emulation card interface emulates an interface of the charge card. The interface of the charge card facilitates communication between the charge card and the charge card terminal. There is also included a portable emulation card configuring device arranged to be used in conjunction with the emulation card, which in turn includes a memory configured to store first charge card data pertaining to a first charge card of the user, and an authentication mechanism. The portable emulation card configuring device is configured to write from the memory the first charge card data to the emulation card if the user is authenticated through the authentication mechanism, thereby allowing the emulation card to appear through the emulation card interface, after writing and for the purpose of conducting the transaction, like the first charge card to the charge card terminal and enabling the charge card terminal to read the first charge card data from the emulation card to conduct the charge card transaction.
U.S. Pat. No. 6,844,660 (Scott) discloses methods for obtaining biometric identification data for an individual using a sensor and a processor coupled to the sensor presented. In an embodiment, the present invention involves placing a portion of a biological object such as a finger, thumb, palm or foot of the individual proximate to piezo ceramic elements of the sensor and generating an output signal with the sensor that is representative of at least one feature of the biological object. The output signal is processed using the processor to produce biological data useful for identifying the individual. In an embodiment of the present invention, the sensor includes at least fifty thousand piezo ceramic elements arranged in an array. These piezo ceramic elements are spaced on a pitch equal to or less than approximately two hundred microns. A multiplexer couples the output of the sensor to the processor.
Most of these systems deal with the analysis of the actual data transmitted during the transaction, and only a few deal with identification of the fraudulent card itself. Each of these references is incorporated herein by reference for the entirety of their teachings, including hardware, software and processes.