In conventional manner, the method of the invention includes the following stages: on each occasion that an access means is presented to the system, the validity of a confidential code indicated by the user of said means, said verification being interpreted as a success if the code is valid and as a failure otherwise; keeping a trace, in memory, of the failures observed on successive occasions that access means are presented; and emitting a signal representative of a dishonest attempt when the number of failures exceeds a predetermined limit.
The invention is applicable to all cases where each access means comprise or contain data (which is generally public) enabling a relationship (which is kept secret) to be used to verify the validity of the confidential code which the user of the access means provides in an independent manner, for example via a keyboard.
In one of its implementations, it is even effective when there exists a priori a possibility of fraud based on a systematic search for the confidential numbers of several access means simultaneously.
Access means can be used dishonestly, for example with stolen magnetic credit cards, which are used in conjunction with a point-of-sale terminal including a keyboard via which customers desiring to pay with a magnetic credit card should normally indicate their confidential code.
Insofar as the result of the card user indicating an invalid confidential code gives rise to a refusal to accept payment, any person having access to such a cash register and in possession of a stolen magnetic card is, a priori, in a position to perform successive tests to search for the confidential code attributed to the card, and then to use the confidential code in order to debit a bank account belonging to someone else.
There are normally four digits in a confidential code, so a systematic search necessarily give rise to success after a number of tests not exceeding 10,000.
The conventional solution for preventing this fraud consists in maintaining a list in the memory of the point-of-sale terminal of the numbers or identification codes of the magnetic cards most recently used therewith, and for which the customer gave the wrong confidential code.
Security is obtained by imposing a limit on the number of times the same number may appear in the list, i.e., by imposing a maximum number of failures allowed for the same magnetic card.
If this number is exceeded, the card in question is cancelled.
The main drawback of this prior technique is that the memory containing the list of card numbers operates like a shift register. Once the list is full, any subsequent failure eliminates the oldest failure card number from the memory, such that all trace of said failure disappears.
The security arrangements can thus be circumvented by searching for the confidential codes of several magnetic cards at once, and using the cards one after another such that the ratio of the maximum number of numbers that can be stored in the list divided by the number of cards being tested remains less than the failure limit beyond which a card is cancelled.
In this context, the object of the present invention is to provide a security method and device which avoids the defects of the above-defined technique by being particularly economical with memory space.