TECHNICAL FIELD
The invention generally relates to financial transaction authentication. More
particularly, the invention relates to enhancing security of contactless card.
BACKGROUND
With advent of technology, proximity based payment or contactless payment has
gained wide popularity. Example of such contactless payment includes near filed
communication (NFC) based payments. In such NFC based payment, an NFC enabled reader
device reads information from an NFC enabled card or contactless card to authenticate the
contactless card and to enable payment using the contactless card when the contactless card is
in near proximity with the NFC enabled device. As the contactless cards can be read without
a physical contact between the NFC enabled reader device and the contactless card, sharing
of confidential authentication information such PIN and CVV number is not required during
a transaction.
However, since the information from the contactless card is read over short range
wireless communication, the information can be stolen using a malicious hardware/software
component in the NFC enabled reader device. To overcome such security risk, in one
technique, the NFC enabled reader device is authenticated prior to reading information from
the contactless card.
However, such authentication fails to prevent unauthorized transactions if the
contactless card is stolen or lost. Generally, such unauthorized transactions are identified after
the unauthorized transactions are processed completely and successfully. Consequently, a
user of the contactless card is left with very few options such as hot-listing the contactless
card and destroying the card. However, both the options permanently block the contactless
cards from usage and require the user to opt for a new contactless card that is a time
consuming and lengthy process.
.
3
Thus, there exists a need to provide a better technique for preventing such
unauthorized transactions using the contactless cards.
SUMMARY OF THE INVENTION
In accordance with the purposes of the invention, the present invention as embodied
and broadly described herein, provides for enhancing security of contactless card.
Accordingly, in one embodiment, a user creates an account with a server and
associates one or more contactless cards issued to the user by one or more issuers. Upon
association, an operable state for each of the one or more contactless cards is set. The
operable state can be either locked state or unlocked state. In a locked state, transactions
using the contactless card are prevented. In an unlocked state, transactions using the
contactless card are allowed.
To enhance the security of the contactless card, the user sends a request to the server
for enabling the one or more associated contactless cards. Upon receiving the request, the
server determines an operable state of the contactless card. Thereafter, the server activates a
proximity mode of a mobile device associated with the contactless cards when the operable
state is determined as locked state. Accordingly, the server switches the operable state to
unlocked state and then activates the proximity mode of the mobile device. Upon activating
the proximity mode, the mobile device detects proximity with the contactless cards and
shares proximity status information periodically with the server.
Further, during a transaction using the contactless card, the server obtains proximity
status information indicative of proximity of the contactless card with the mobile device.
Thereafter, the server authenticates the contactless card when proximity status information
indicates the mobile device and contactless card are within a predefined range. On the
contrary, the server prevents any transaction using the contactless card when proximity status
information indicates the mobile device and contactless card are out of the predefined range.
Furthermore, the server blocks the contactless card from subsequent use if the proximity
status information indicates the mobile device and contactless card are out of the predefined
range for a consecutive number of occurrences.
4
The advantages of the invention include, but not limited to, enhanced security of the
associated contactless cards by detecting proximity of the contactless cards with the mobile
device associated with the contactless cards. Thus, ensuring processing of only authorized
transactions using the associated contactless cards when the contactless cards is in near
proximity with the associated mobile device, thereby eliminating chances of unauthorized
transactions using a stolen contactless card. In addition, the user can activate or deactivate
detection of the proximity of the contactless cards with associated mobile devices as and
when required. Moreover, lost or stolen contactless card gets automatically blocked from
further use when the contactless card is out of the predefined range from the associated
mobile device. Thus, an easy solution is provided to the user as opposed to blocking or hotlisting
the contactless card and destroying the contactless card.
Additionally, an easy solution is provided for safeguarding the contactless cards while
travelling and in various other scenarios where proximity status information is not available
from the mobile device since the contactless cards are automatically blocked from further use
when the contactless card is out of the predefined range from the associated mobile device.
Examples of such scenarios include, but not limited to, (1) when both the mobile device and
the contactless card are stolen and the stolen mobile device is switched off subsequently; (2)
when the mobile device is not reachable; (3) when the mobile device is unable to share the
proximity status information periodically with the server; and (4) when the user leaves the
contactless card at home or any other location intentionally or unintentionally.
Further, two-step security verification is provided during a transaction. Accordingly,
in the first step verification, a current operable state of the contactless card is determined and
the transaction is prevented if the current operable state is determined as locked state.
However, if the current operable state is determined as unlocked state, second step
verification is performed. In second step verification, proximity of the contactless card with
the mobile device is detected and the transaction is prevented if the mobile device and
contactless card are out of the predefined range. Thus, the transaction is allowed only if the
contactless card is in unlocked state and is within the predefined range of proximity with the
mobile device. As such, the security of the contactless card is greatly enhanced.
5
These and other aspects as well as advantages will be more clearly understood from
the following detailed description taken in conjunction with the accompanying drawings and
claims.
BRIEF DESCRIPTION OF THE ACCOMPANYING DRAWINGS:
To further clarify advantages and aspects of the invention, a more particular
description of the invention will be rendered by reference to specific embodiments thereof,
which is illustrated in the appended drawings. It is appreciated that these drawings depict
only typical embodiments of the invention and are therefore not to be considered limiting of
its scope. The invention will be described and explained with additional specificity and detail
with the accompanying drawings, which are listed below for quick reference.
Figures 1a-1c illustrates an exemplary method for enhancing security of a contactless
card, in accordance with an embodiment of present invention.
Figure 2 illustrates an exemplary server for enhancing security of a contactless card,
in accordance with an embodiment of present invention.
Figures 3a & 3b illustrate exemplary network environment that implements the server
to enhance security of a contactless card, in accordance with an embodiment of present
invention.
Figures 4, 5a-5c, and 6 schematically illustrate various operations of the server to
enhance security of a contactless card, in accordance with an embodiment of present
invention.
It may be noted that to the extent possible, like reference numerals have been used to
represent like elements in the drawings. Further, those of ordinary skill in the art will
appreciate that elements in the drawings are illustrated for simplicity and may not have been
necessarily drawn to scale. For example, the dimensions of some of the elements in the
drawings may be exaggerated relative to other elements to help to improve understanding of
aspects of the invention. Furthermore, the one or more elements may have been represented
in the drawings by conventional symbols, and the drawings may show only those specific
details that are pertinent to understanding the embodiments of the invention so as not to
6
obscure the drawings with details that will be readily apparent to those of ordinary skill in the
art having benefit of the description herein.
DETAILED DESCRIPTION
It should be understood at the outset that although illustrative implementations of the
embodiments of the present disclosure are illustrated below, the present invention may be
implemented using any number of techniques, whether currently known or in existence. The
present disclosure should in no way be limited to the illustrative implementations, drawings,
and techniques illustrated below, including the exemplary design and implementation
illustrated and described herein, but may be modified within the scope of the appended
claims along with their full scope of equivalents.
The term “some” as used herein is defined as “none, or one, or more than one, or all.”
Accordingly, the terms “none,” “one,” “more than one,” “more than one, but not all” or “all”
would all fall under the definition of “some.” The term “some embodiments” may refer to no
embodiments or to one embodiment or to several embodiments or to all embodiments.
Accordingly, the term “some embodiments” is defined as meaning “no embodiment, or one
embodiment, or more than one embodiment, or all embodiments.”
The terminology and structure employed herein is for describing, teaching and
illuminating some embodiments and their specific features and elements and does not limit,
restrict or reduce the spirit and scope of the claims or their equivalents.
More specifically, any terms used herein such as but not limited to “includes,”
“comprises,” “has,” “consists,” and grammatical variants thereof do NOT specify an exact
limitation or restriction and certainly do NOT exclude the possible addition of one or more
features or elements, unless otherwise stated, and furthermore must NOT be taken to exclude
the possible removal of one or more of the listed features and elements, unless otherwise
stated with the limiting language “MUST comprise” or “NEEDS TO include.”
Whether or not a certain feature or element was limited to being used only once,
either way it may still be referred to as “one or more features” or “one or more elements” or
“at least one feature” or “at least one element.” Furthermore, the use of the terms “one or
7
more” or “at least one” feature or element do NOT preclude there being none of that feature
or element, unless otherwise specified by limiting language such as “there NEEDS to be one
or more . . . ” or “one or more element is REQUIRED.”
Unless otherwise defined, all terms, and especially any technical and/or scientific
terms, used herein may be taken to have the same meaning as commonly understood by one
having an ordinary skill in the art.
Reference is made herein to some “embodiments.” It should be understood that an
embodiment is an example of a possible implementation of any features and/or elements
presented in the attached claims. Some embodiments have been described for the purpose of
illuminating one or more of the potential ways in which the specific features and/or elements
of the attached claims fulfil the requirements of uniqueness, utility and non-obviousness.
Use of the phrases and/or terms such as but not limited to “a first embodiment,” “a
further embodiment,” “an alternate embodiment,” “one embodiment,” “an embodiment,”
“multiple embodiments,” “some embodiments,” “other embodiments,” “further
embodiment”, “furthermore embodiment”, “additional embodiment” or variants thereof do
NOT necessarily refer to the same embodiments. Unless otherwise specified, one or more
particular features and/or elements described in connection with one or more embodiments
may be found in one embodiment, or may be found in more than one embodiment, or may be
found in all embodiments, or may be found in no embodiments. Although one or more
features and/or elements may be described herein in the context of only a single embodiment,
or alternatively in the context of more than one embodiment, or further alternatively in the
context of all embodiments, the features and/or elements may instead be provided separately
or in any appropriate combination or not at all. Conversely, any features and/or elements
described in the context of separate embodiments may alternatively be realized as existing
together in the context of a single embodiment.
Any particular and all details set forth herein are used in the context of some
embodiments and therefore should NOT be necessarily taken as limiting factors to the
attached claims. The attached claims and their legal equivalents can be realized in the context
of embodiments other than the ones used as illustrative examples in the description below.
8
Figures 1a, 1b, and 1c illustrate an exemplary method (100) for enhancing security
of contactless cards, in accordance with an embodiment of present invention. In said
embodiment, referring to Figure 1a, the method (100) comprises steps of: receiving (101), in
respect of an account, a request to enable one or more contactless cards, the account being
associated with the one or more contactless cards issued to a user of the account by one or
more issuers; determining (102) an operable state of the one or more contactless cards, the
operable state being one of a locked state and an unlocked state; and activating (103) a
proximity mode of a mobile device associated with the one or more contactless cards when
the operable state is determined as locked state, wherein the mobile device detects a
proximity with the one or more contactless cards during the activated proximity mode.
Further, when the operable state is determined as locked state, the method (100)
further comprises switching (104) the operable state from the locked stated to unlocked state.
Further, the step of activating (103) the proximity mode comprises transmitting (105)
a trigger to a contactless module of the mobile device, the contactless module being adapted
to communicate with the one or more contactless cards and to detect the proximity.
Further, the contactless card is one of a credit card, a debit card, an automated teller
machine (ATM) card, a fleet card, stored-value card, prepaid card, and a gift card.
Further, the request in the step (101) is received via one of: a web based application, a
mobile-based application, a short message service (SMS) message, an Unstructured
Supplementary Service Data (USSD) message, and interactive voice response (IVR).
Further, in the locked state of a contactless card, use of the contactless card is
prevented and a proximity mode of a mobile device associated with the contactless card is
deactivated.
Further, in the unlocked state of a contactless card, use of the contactless card is
allowed and a proximity mode of a mobile device associated with the contactless card is
activated.
Further, the mobile device detects the proximity with the one or more contactless
cards periodically during the activated proximity mode.
9
In addition, the method (100) further comprises a step of switching (108) the operable
state of the one or more contactless cards to locked state in absence of receiving proximity
status information from the mobile device for a consecutive number of occurrences.
Referring to Figure 1b, the method (100) further comprises steps of: receiving (106)
proximity status information from the mobile device periodically, the proximity status
information being indicative of the detected proximity with the one or more contactless cards;
and storing (107) the proximity status information in a database.
Further, the proximity status information in step (106) is received from a data
transmission module of the mobile device via one of: a data communication mode of the
mobile device and a non-data communication mode of the mobile device.
In addition, the method (100) further comprises a step of switching (108) the operable
state of the one or more contactless cards to locked state when the received proximity status
information indicates the mobile device and the contactless card are out of a predefined range
for a consecutive number of occurrences.
Referring to Figure 1c, the method (100) further comprises steps of: receiving (109) a
request to authorize a contactless card in respect of a transaction initiated using the
contactless card, the contactless card being one of said one or more cards; obtaining (110) a
proximity status information indicative of a proximity of the contactless card and a mobile
device associated with the card; and transmitting (111) an alert message to the mobile device
in case the proximity status information indicates the mobile device and the contactless card
are out of a predefined range.
The method (100) further comprises the step of determining (112) an operable state of
the contactless card such that the proximity status information is obtained when the operable
state is determined as an unlocked state.
Further, in one embodiment, the proximity status information in step (110) is obtained
from a database, the database being adapted to store the proximity status information received
periodically from the mobile device.
Further, in one embodiment, the proximity status information in step (110) is obtained
from the mobile device via a data communication mode of the mobile device.
10
Further, in one embodiment, the proximity status information in step (110) is obtained
from the mobile device via a non-data communication mode of the mobile device. In an
example, the proximity status information is obtained from the mobile device via one of a
short message service (SMS) message and Unstructured Supplementary Service Data (USSD)
message.
Figure 2 illustrates an exemplary server 200 for enhancing security of a contactless
card, in accordance with an embodiment of present invention. As would be understood, the
server 200 is capable of implementing the methods as described with reference to preceding
Figures 1a, 1b, and 1c.
In said embodiment, the server 200 comprises a request receiving unit 201 to receive,
in respect of an account, a request to enable one or more contactless cards, the account being
associated with the one or more contactless cards issued to a user of the account by one or
more issuers. The receiving unit 201 is adapted to receive the request via one of: a web based
application, a mobile-based application, a short message service (SMS) message, a
Unstructured Supplementary Service Data (USSD) message, and interactive voice response
(IVR). In addition, the request receiving unit 201 is adapted to receive one or more further
inputs from the user.
Further, the server 200 comprises a processor 202 and an analysis unit 203. The
processor 202 is adapted to determine an operable state of the one or more contactless cards,
the operable state being one of a locked state and an unlocked state.
Further, the analysis unit 203 is adapted to activate a proximity mode of a mobile
device associated with the one or more contactless cards when the operable state is
determined as locked state, wherein the mobile device detects proximity with the one or more
contactless cards during the activated proximity mode. To activate the proximity mode, the
analysis unit 203 is further adapted to transmit a trigger to a contactless module of the mobile
device, the contactless module being adapted to communicate with the one or more
contactless cards and to detect the proximity.
Furthermore, when the operable state is determined as locked state, the analysis unit
203 is adapted to switch the operable state from the locked stated to unlocked state. Further,
during a locked state of a contactless card, the analysis unit 203 is adapted to prevent a use of
11
the contactless card and deactivate a proximity mode of the contactless card. Furthermore,
during an unlocked state of a contactless card, the analysis unit 203 is adapted to allow a use
of the contactless card and activate a proximity mode of the contactless card.
In said embodiment, the server 200 further comprises an information receiving unit
204. The information receiving unit 204 is adapted to receive a proximity status information
from the mobile device periodically, the proximity status information being indicative of the
detected proximity with the one or more contactless cards. As such, the information receiving
unit 204 receives the proximity status information from a data transmission module of the
mobile device via one of: a data communication mode of the mobile device and a non-data
communication mode of the mobile device. The information receiving unit 204 is further
adapted to store the proximity status information in a database 205 coupled to the server. In
an example, the database 205 is external to the server 200, as shown in the figure. In another
example, the database 205 is integrated within the server 200.
In said embodiment, the analysis unit 203 is further adapted to determine if the
received proximity status information is indicative of the mobile device and the contactless
card being out of a predefined range for a consecutive number of occurrences. Thereupon, the
analysis unit 203 is adapted to switch the operable state of the one or more contactless cards
to locked state in accordance to the determination.
In said embodiment, the analysis unit 203 is further adapted to determine non-receipt
of proximity status information from the mobile device for a consecutive number of
occurrences. Thereupon, the analysis unit 203 is adapted to switch the operable state of the
one or more contactless cards to locked state in accordance to the determination.
In said embodiment, the server 200 further comprises an authorizing unit 206. The
authorizing unit 206 is adapted to receive a request to authorize a contactless card in respect
of a transaction initiated using the contactless card, the contactless card being one of said one
or more cards. The authorizing unit 206 is further adapted to obtain proximity status
information indicative of proximity of the contactless card and a mobile device associated
with the card; and to transmit an alert message to the mobile device in case the proximity
status information indicates the mobile device and the contactless card are out of a predefined
range. Further, the authorizing unit 206 is adapted to determine the operable state of the
12
contactless card, such that proximity status information is obtained when the operable state is
determined as an unlocked state.
Further, in one embodiment, the authorizing unit 206 is adapted to obtain the
proximity status information from the database 205 that is adapted to store the proximity
status information received periodically from the mobile device.
Further, in one embodiment, the authorizing unit 206 is adapted to obtain the
proximity status information from the mobile device via a data communication mode of the
mobile device.
Further, in one embodiment, the authorizing unit 206 is adapted to obtain the
proximity status information from the mobile device via a non-data communication mode of
the mobile device. In an example, the proximity status information is obtained from the
mobile device via one of a short message service (SMS) message and Unstructured
Supplementary Service Data (USSD) message.
It would be understood, that the processor 202 may include software components to
perform the necessary functions. Further, the analysis unit 203, the information receiving unit
204, and the authorizing unit 206 may be implemented using hardware components or
software components or combination of both. In one embodiment, the analysis unit 203, the
information receiving unit 204, and the authorizing unit 206 may form a single unit/module.
In another embodiment, the processor 202, the analysis unit 203, the information receiving
unit 204, and the authorizing unit 206 may form a single unit/module.
In said embodiment, the server 200 may further include a message generating unit 207
adapted to generate the message and a message transmitting unit 208 adapted to transmit the
generated message. Additionally, the server 200 may include a memory 209 adapted to store
the outputs of each of the previously mentioned units. In addition, the server 200 may include
a bus system (not shown in the figure) for enabling communication between the various units,
communication interface (not shown in the figure), and network interface unit (not shown in
the figure). Further, it would be understood that in one embodiment the above-mentioned
functions of various units can be performed by a single unit.
Although specific hardware components have been depicted in reference to the server
200, it is to be understood that the server 200 and the various components therein may
13
include other hardware components and/or software components as known in the art for
performing necessary functions.
Figures 3a & 3b illustrate exemplary network environment that implements the
server 200 to enhance security of a contactless card and Figures 4-6 schematically illustrate
various operations of the server 200 thereof, in accordance with an embodiment of present
invention.
Referring to Figure 3a, the network environment 300 includes one or more
computing devices 301-1, 301-2, … 301-N, (hereinafter referred to as computing device 301
indicating one computing device and computing devices 301 indicating a plurality of
computing devices). Examples of commuting device 301 include the desktop, notebook,
tablet, smart phone, and laptop. The server 200 is coupled to the computing devices 301 over
a network 302. Examples of the network 302 include wireless network, wired network, and
cloud based network. Although only one server 200 is shown in the figure, it is to be
understood that multiple servers 200 can be coupled with multiple computing device 301.
Further, the network environment 300 includes a plurality of issuer systems 303-1,
303-2, ... 303-N, (hereinafter referred to as issuer system 303 indicating one issuer system
and issuer systems 303 indicating a plurality of issuer systems) corresponding to plurality of
issuers such as banks and merchants. The issuers, among various other services, issue one or
more contactless cards to a user for conducting financial transactions such as purchase
transactions and banking transactions. Examples of the issuer systems 303 include systems
employed by banks and merchants. The issuer systems 303 are coupled with the server 200
over the network 302. In an example, the issuer systems 303 are registered with the server
200.
Furthermore, the network environment 300 includes a plurality of point of transaction
(POT) systems 304-1, 304-2, … 304-N, (hereinafter referred to as POT system 304 indicating
one POT system and POT systems 304 indicating a plurality of POT systems). The POT
system 304 enables the user to perform financial transactions using the one or more
contactless cards issued to the user by the issuers. Examples of the POT system 304 include
point of sale (POS) systems, automated teller machines (ATMs), and web-based applications
and mobile-based applications, such as banking applications and shopping applications,
where the user engages in a financial transaction. The POT systems 304 are coupled with
14
issuer systems 303 over the network 302. Further, the POT systems 304 may be coupled with
other systems (not shown in the figure) such as inventory systems, catalogue systems,
customer relationship management (CRM) system, and bill processing systems, as well as
third party systems over the network 302.
Referring to Figure 3b, the server 200 provides various services to users for
managing their financial equipment such as contactless cards. Examples of the contactless
cards include a credit card, a debit card, an automated teller machine (ATM) card, a fleet
card, stored-value card, prepaid card, and a gift card. One such service includes enhancing
security of the contactless cards. Accordingly, a user accesses the server 200 through the
computing device 301 over the network 302 and creates an account 305 with the server 200.
The creation of such account 305 is similar to methods known in the art. In an example, the
user accesses a web-based application or a mobile-based application hosted by the server 200
on the computing device 301 and creates the account 305. The account 305 includes details of
the user such as name and address. The server 200 stores the details of the account 305 and
the associated details of the user in the database 205.
Further the user associates one or more contactless cards 306-1, 306-2 … 306-N
(hereinafter referred to as contactless card 306 indicating one contactless card and contactless
cards 306 indicating a plurality of contactless cards) with the account 305 through the
computing device 301. It would be understood that the associated contactless cards 306 might
be issued to the user by one issuer or by multiple issuers. In one example, the user accesses
the account 305 using web-based application or mobile-based application provided by the
issuer. In another example, the user accesses the account 305 using web-based application or
mobile-based application provided by the server 200. The association of the one or more
contactless cards 306 may include providing details of the associated contactless card 306
and the corresponding issuer issuing the associated contactless card 306. Thereafter the
association is performed as known in the art. In an example, the association includes mapping
the details of the associated contactless card 306 with the corresponding issuer and storing the
mapped data in the databased 205.
Furthermore, the contactless card 306 includes a secure element 307 embedded within
the contactless card 306. The secure element 307 is adapted to use short-range wireless
communication for secure data communication. Examples of the short-range wireless
15
communication include, but not limited to, Wireless Fidelity (Wi-Fi), Near Field
Communication (NFC), Bluetooth, Bluetooth Low Energy (BLE), Zigbee, Wi-Fi Direct
(WFD), and Ultra Wideband (UWB). The secure element 307 includes various components
(not shown in the figure) such as a power supply module, short-range wireless
communication module, memory module, a processing unit, and a communication bus
system. The memory module stores details of the contactless card 306 such as account
number, user identification details, user verification number, account balance information,
and transaction record information. In an example, the short-range wireless communication
module is a NFC sensor, which may further include a transceiver module and an antenna
module. The short-range wireless communication sensor enables communication of such data
when the contactless card 306 is in proximity with short-range wireless communication
enabled devices.
Further, each of the contactless cards 306 is associated with a mobile device 308-1,
308-2 … 308-N (hereinafter referred to as mobile device 308 indicating one mobile device
and mobile devices 308 indicating a plurality of mobile devices). As would be understood,
the mobile device 308 is associated with the contactless card 306 through a mobile subscriber
identification number (MSIDN) of the mobile device 308. In one example, each of the
contactless cards 306 is associated with a single mobile device 308. In another example, each
of the contactless cards 306 is associated with different mobile devices 308.
In said embodiment, the mobile device 308 is a short-range wireless communication
enabled mobile device. Examples of the short-range wireless communication include, but not
limited to, Wireless Fidelity (Wi-Fi), Near Field Communication (NFC), Bluetooth,
Bluetooth Low Energy (BLE), Zigbee, Wi-Fi Direct (WFD), and Ultra Wideband (UWB).
Accordingly, the mobile device 308 includes a contactless module 309, which is adapted to
use short-range wireless communication protocols for secure data communication. In one
example, the contactless module 309 is pre-installed in the mobile device 308 by a
manufacturer of the mobile device 308 or a network service provider. In another example, the
contactless module 309 is downloaded onto the mobile device 308 from the server 200. In
one another example, the contactless module 309 is integrated with a mobile-based
application provided by the server 200. In yet another example, the contactless module 309 is
separate from the mobile-based application provided by the server 200.
16
Further, in said embodiment, the contactless module 309 is adapted to communicate
with the secure element 307 of the contactless card 306 over short-range radio waves 310 and
to detect proximity with the contactless card 306. The communication with the secure
element 307 is enabled when the contactless card 306 and the mobile device 308 are within a
predefined range. Furthermore, the contactless module 309 is adapted to communicate with
the server 200 via communication mode 311. Examples of the communication mode 311
include data communication mode and non-data communication mode. In said embodiment,
the contactless module 309 communicates proximity status information to the server 200
when the server 200 activates a proximity mode of the mobile device 308. The proximity
mode of mobile device 200 is activated by sending a trigger to the contactless module 309.
When the proximity mode is activated, the contactless module 309 detects proximity of the
contactless card 306 with the mobile device 308. More specifically, the contactless module
309 detects proximity of the secure element 307 of the contactless card 306 with the
contactless module 309. Thus, the proximity status information is indicative of the detected
proximity of the contactless card 306 with the mobile device 308.
Further, in said embodiment, the server 200 stores the details of the associated
contactless cards 306 along with mobile device 308 in the database 205 such that the account
305 is mapped with each of the contactless cards 306 and the mobile device 308. In an
example, a flag is set to indicate the association of the contactless card 306 with the account
305. In addition, the server 200 shares association details with the issuer systems 303 of the
corresponding issuers. The association details are indicative that the server 200 will perform
authentication of the associated contactless cards 306. In the example above, the server 200
shares information regarding the setting of the flag for each of the associated contactless
cards 306 with the issuer systems 303 of the corresponding issuer of the associated
contactless card 306. The issuer systems 303 save the association details in a database (not
shown in the figure). In an example, the issuer system 303 saves a list of associated
contactless cards 306 along with the flag details in the database. Thus, upon receiving
information of a transaction using the associated contactless card 306, the issuer system 303
sends a validation request to the server 200 based on the association details, as will be
described in subsequent Figures and paragraphs.
In addition, in one embodiment, the user may specify cash limit value/credit limit
value for one or more of the associated contactless cards 306. As would be understood, the
17
user may also specify cash limit value/credit limit value for the one or more of the associated
contactless cards 306 at the corresponding issuer system 303.
Furthermore, the server 200 sets an operable state for each of the associated
contactless cards 306 and saves the operable state in the database 205. The operable state can
be either an unlocked state or a locked stated. In accordance with the present embodiment,
when the operable state of the contactless card 306 is a locked state, the server 200 prevents a
transaction using the contactless card 306 and deactivates a proximity mode of the mobile
device associated with the contactless card 306. Conversely, when the operable state of the
contactless card 306 is an unlocked state, the server 200 allows a transaction using the
contactless card 306 and activates a proximity mode of the mobile device associated with the
contactless card 306.
In one embodiment, the server 200 sets the operable state as locked stated by default
for each of the associated contactless card 306. In another embodiment, the server 200 sets
the operable state as unlocked stated by default for each of the associated contactless card
306. In yet another embodiment, the server 200 sets the operable state either as locked state
or unlocked state upon receiving a request from the user for the one or more associated
contactless card 306. In such embodiment, the user selects an option pertaining to the setting
of locked state or unlocked state. In one example, the user selects the option through the webbased
application or the mobile-based application on the computing device 301.
Figure 4 illustrates the operations performed by the server 200 to enhance a security
of the associated contactless cards 306, in accordance with an embodiment of present
invention.
Referring to Figures 2 and 3 along with Figure 4, at step 401 the user sends a
request to the server 200. The request pertains to enabling the one or more associated
contactless cards 306. In said embodiment, the enabling request is indicative of activating the
proximity mode of the mobile device 308 associated with the contactless card 306. As
described earlier, when the proximity mode of the mobile device 308 is activated, the mobile
device 308 detects proximity with the contactless card 306. The user sends the request
through one of the following methods: a web-based application, a mobile-based application, a
short message service (SMS) message, an Unstructured Supplementary Service Data (USSD)
message, and interactive voice response (IVR). In one example, the user sends the request
18
from the computing device 301. In another example, the user sends the request from the
mobile device 308 associated with the contactless card 306.
As such, the request includes an identifier indicative of the activation of the proximity
mode. The request further includes details of the account 305 and/ or details of the associated
contactless card 306. In one embodiment, the request pertains to one associated contactless
card 306. In such embodiment, the user sends separate requests for each of the associated
contactless cards 306 as required. Each such request includes details of the account 305 and
details of the associated contactless card 306. In another embodiment, the request pertains to
all of the associated contactless cards 306. In such embodiment, the user sends one such
request. In an example, such request includes only the details of the account 305.
At step 402, the receiving unit 201 of the server 200 receives the request from the
computing device 301 or the mobile device 308. Upon receiving the request, the processor
202 determines an operable state of the contactless card 306 mentioned in the request from
the database 205. If the operable state is determined as locked state, the analysis unit 203
switches the operable state to unlocked state. Upon switching of the operable state, the
message generating unit 207 generates a challenge message for the user, as known in the art.
Examples of the challenge message include one-time-password (OTP) and captcha message.
In addition, the message generating unit 207 may generate a response message and store in
the memory 209. In an example, the response message is same as the challenge message.
Additionally, the analysis unit 203 saves the switched operable state as a current operable
state for the contactless card 306 in the database 205. On the contrary, if the operable state is
determined as unlocked state, the message generating unit 207 generates a message indicative
of the activated proximity mode and the unlocked state of the contactless card 306.
At step 403, the message transmitting unit 208 of the server 200 transmits the
challenge message to the user. In one example, the message transmitting unit 208 transmits
the challenge message to the computing device 301. In another example, the message
transmitting unit 208 transmits the challenge message to the mobile device 308 associated
with the contactless card 306. In one another example, the message transmitting unit 208
transmits the challenge message to the same device sending the request. In yet another
example, the message transmitting unit 208 transmits the challenge message to a device
different from the device sending the request.
19
At step 404, the request receiving unit 201 receives a response message from the user
in response to the challenge message.
At step 405, the processor 202 validates the received response message by matching
the received response message with the stored response message.
At step 406, the analysis unit 203 activates the proximity mode of the mobile device
308, if a positive match is obtained at step 405. As described earlier, when the proximity
mode of the mobile device 308 is activated, the mobile device 308 detects proximity with the
contactless card 306. Accordingly, the analysis unit 203 sends a trigger to the contactless
module 309 of the mobile device 308 to activate the proximity mode of the mobile device
308.
At step 407, upon receiving the trigger, the contactless module 309 pings the secure
element 307 of the contactless card 306 periodically and determines proximity with the
secure element 307 of the contactless card 306. The contactless module 309 then transmits
the proximity status information to the server 200 periodically. The contactless module 309
may transmit the proximity status information via data communication mode or non-data
communication mode. In an example, the contactless module 309 sends proximity status
information in form of messages such as short message service (SMS) message and
unstructured supplementary service data (USSD) messages via the non-data communication
mode.
Consequently, the information receiving unit 204 of the server 200 receives the
proximity status information sent periodically by the mobile device 308 and stores the
proximity status information in the database 205. Further, the analysis unit 203 determines if
the received proximity status information is indicative of the mobile device 308 and the
contactless card 306 being out of a predefined range for a consecutive number of
occurrences. In an example, the predefined range is few meters. In an example, the
consecutive number of occurrences is predefined as three. Upon such determination, the
analysis unit 203 switches the operable state of the contactless card 306 to locked state and
transmits an alert message to the mobile device 308. In an example, the alert message
indicates the user to resend the request to enable the contactless card 306. Further, the
analysis unit 203 deactivates the proximity mode of the mobile device 308. Furthermore, the
authorizing unit 206 prevents a transaction using the contactless card 306 from completion at
20
an instance when the received proximity status information indicates the mobile device 308
and the contactless card 306 are out of a predefined range. The same shall be explained in
detail with reference to further figures.
For example, the below table illustrates the proximity status information received
periodically from the mobile device 308.
Time Instance (TN) T1 T2 T3 T4 T5 T6 T7 T8
Proximity Status Information (SF for Far
Proximity and SN for Near Proximity)
SN SF SN SF SN SF SF SF
From the above table and in accordance with an embodiment, the analysis unit 203
will not switch the operable state to locked state at time instances T2 and T4. However, the
analysis unit 203 will switch the operable state to locked stated at time instance T8 since the
proximity status information indicates far proximity or mobile device 308 and the contactless
card 306 being out of a predefined range for 3 consecutive number of occurrences.
Accordingly, the message generating unit 207 generates the alert message and the message
transmitting unit 208 transmits the alert message to the mobile device 308. Further, the
analysis unit 203 deactivates the proximity mode of the mobile device 308 upon switching
the operable state to locked state.
Further, in accordance with the above table, the authorizing unit 206 prevents a
transaction using the contactless card 306 T2, T4, T6, T7, and T8. Thus, the authorizing unit 206
prevents a transaction at any instance when the contactless card 306 is in far proximity with
the mobile device 308.
Furthermore, when the information receiving unit 204 of the server 200 does not
receive the periodic proximity status information from the mobile device 308 for a
consecutive number of occurrences, the analysis unit 203 switches the operable state of the
contactless card 306 to locked state. In an example, the predefined range is few meters. In an
example, the consecutive number of occurrences is predefined as three. Additionally, the
analysis unit 203 transmits an alert message to the mobile device 308. In an example, the alert
message indicates the user to resend the request to enable the contactless card 306. Further,
the analysis unit 203 deactivates the proximity mode of the mobile device 308. Furthermore,
the authorizing unit 206 prevents a transaction using the contactless card 306 from
21
completion at an instance when the proximity status information is not received. The same
shall be explained in detail with reference to further figures.
For example, the below table illustrates the proximity status information received
periodically from the mobile device 308.
Time Instance (TN) T1 T2 T3 T4 T5 T6 T7 T8
Proximity Status Information (R for
Received and N for not received)
R N R N R N N N
From the above table and in accordance with an embodiment, the analysis unit 203
will not switch the operable state to locked state at time instances T2 and T4. However, the
analysis unit 203 will switch the operable state to locked stated at time instance T8 since the
proximity status information is not received from the mobile device 308 for 3 consecutive
number of occurrences. Accordingly, the message generating unit 207 generates the alert
message and the message transmitting unit 208 transmits the alert message to the mobile
device 308. Further, the analysis unit 203 deactivates the proximity mode of the mobile
device 308 upon switching the operable state to locked state.
Further, in accordance with the above table, the authorizing unit 206 prevents a
transaction using the contactless card 306 T2, T4, T6, T7, and T8. Thus, the authorizing unit 206
prevents a transaction at any instance when the proximity status information is not received.
Further, in one embodiment of the invention, the analysis unit 203 monitors the nonreceipt
of the proximity status information and far proximity at each time instance.
Accordingly, if the proximity status information is not received or if the received proximity
status information is indicative of far proximity, for a consecutive number of occurrences,
then the analysis unit 203 switches the operable state of the contactless card 306 to locked
state. In an example, the consecutive number of occurrences is predefined as three
Additionally, the analysis unit 203 transmits an alert message to the mobile device 308. In an
example, the alert message indicates the user to resend the request to enable the contactless
card 306. Further, the analysis unit 203 deactivates the proximity mode of the mobile device
308.
For example, the below table illustrates the proximity status information received
periodically from the mobile device 308.
22
Time Instance (TN) T1 T2 T3 T4
Proximity Status Information (R for
Received and N for not received)
R N R N
Proximity Status Information (SF for Far
Proximity and SN for Near Proximity)
SN SF
From the above table and in accordance with an embodiment, the analysis unit 203
will not switch the operable state to locked state at time instances T3. However, the analysis
unit 203 will switch the operable state to locked stated at time instance T4 since the proximity
status information is not received from the mobile device 308 at time instances T2 and T4 and
the received proximity status information indicates far proximity at time instance T3. Thus,
the analysis unit 203 monitored the proximity status information and the non-receipt of the
proximity status information for 3 consecutive occurrences and switched the operable state to
locked stated. Accordingly, the message generating unit 207 generates the alert message and
the message transmitting unit 208 transmits the alert message to the mobile device 308.
Further, the analysis unit 203 deactivates the proximity mode of the mobile device 308 upon
switching the operable state to locked state.
Thus, the switching of the operable state to locked state in various scenarios as
explained above provides enhanced security for the contactless card 306.
At step 408, the message generating unit 207 generates a success message indicative
of the positive match at step 405. In an example, the success message indicates successful
activation of the proximity mode of the mobile device 308 or enabling of the contactless card
306. The message transmitting unit 208 then transmits the success message to the user. In an
example, the message transmitting unit 208 transmits the challenge message to the computing
device 301. In another example, the message transmitting unit 208 transmits the challenge
message to the mobile device 308.
On the contrary, if a match is not obtained at step 405, the message generating unit
207 generates a failure message. In an example, the failure message indicates unsuccessful
activation of the proximity mode or enabling of the contactless card 306. The failure message
further indicates the user to resend the request for enabling. Further, the analysis unit 203
switches the operable state from unlocked state to locked state. Additionally, the analysis unit
23
203 saves the switched operable state as the current operable state for the contactless card
306 in the database 205.
Figures 5a to 5c illustrate the operations performed by the server 200 during a
transaction initiated by the associated contactless card 306, in accordance with an
embodiment of present invention.
Referring to Figures 2 and 3, along with Figure 5a, at step 501, the POT system 304
transmits a validation request to the issuer system 303 when a financial transaction is initiated
using a contactless card by the user. Examples of the transaction include banking transaction
at ATM, purchase transaction at POS system, e-commerce purchase on web-based
application or mobile-based application, and banking transaction on web-based application or
mobile-based application. The validation request includes authentication credentials of the
POT system 304, transaction information, and card identifier data indicating details about the
contactless card, and location information in respect of the transaction. In an example, in case
of POS system and ATM, the location information is a geographic location of the POS
system and ATM. In another example, in case of the web-based application or mobile-based
application, the location information is geographic location of the computing device 301
which access the web-based applications or mobile-based applications. In addition to the
validation request, the POT system 304 may also transmit authentication credentials such as
PIN and Password associated with the contactless card and known only to the user.
At step 502, upon receiving the validation request, the issuer system 303 determines if
the contactless card is one of the associated contactless cards 306. In an example, the issuer
system 303 retrieves the list of associated contactless cards 306 along with flag details from a
database and determines if the contactless card is one of the associated contactless cards 306
based on the flag details. If the flag is set, the contactless card is determined as the associated
contactless card 306 for which the server 200 performs the authentication. Thereafter, the
issuer system 303 forwards the validation request to the server 200.
On the contrary, if the flag is not set, the contactless card is determined as not being
one of the associated contactless cards 306. Consequently, the issuer system 303 will not send
the validation request to the server 200. Thereafter, the issuer system 303 performs validation
of the contactless card in a manner as known in the art. In an example, the issuer system 303
validates the authentication credentials received along with the validation request.
24
At step 503, upon receiving the validation request, the authorizing unit 206 obtains a
current operable state of the contactless card from the database 205corresponding to a time of
the transaction.
At step 504, the authorizing unit 206 determines if the current operable state is
“locked state”. If the current operable state is determined as “locked state”, the authorizing
unit 206 prevents the transaction. Accordingly, the message generating unit 207 generates a
failure message indicative of the “locked state” of the contactless card. In addition to the
failure message, the message generating unit 207 generates an alert message for the user. The
alert message indicates details about the transaction and “locked state” of the contactless card
in respect of the transaction.
Further, in one embodiment, upon determining “locked state” of the contactless card
for predetermined number of successive transactions, the authorizing unit 206 blocks further
transactions using the contactless card. Accordingly, the message generating unit 207
generates a blocked message.
At step 505, the message transmitting unit 208 of the server 200 transmits the failure
message to the issuer system 303.
At step 506, the message transmitting unit 208 transmits the alert message to the
mobile device 308. Further, the message transmitting unit 208 transmits the blocked message
to the user after the predetermined number of unsuccessful transactions. In an example, the
message transmitting unit 208 transmits the alert message to the mobile device 308.
At step 507, upon receiving the failure message, the issuer system 303 prevents the
processing of the transaction. In examples, the banking transaction at ATM, purchase
transaction at POS system, e-commerce purchase on web-based application or mobile-based
application, and banking transaction on web-based application or mobile-based application
are prevented from completion. Upon preventing the transaction, the issuer system 303
transmits a transaction unsuccessful message to the POT system 304. Upon receiving the
transaction unsuccessful message, the POT system 304 may display an appropriate message
on a display unit (not shown in the figure) of the POT system 304.
Further, in one embodiment, upon receiving the failure message for a predetermined
number of successive transactions initiated by using the contactless card, the issuer system
25
303 blocks further transactions using the contactless card in a manner as known in the art.
Accordingly, the issuer system 303 transmits a blocked message to the user as known in the
art. In an example, the issuer system 303 transmits the blocked message to the mobile device
308. In another example, the issuer system 303 transmits the blocked message to the
computing device 301.
At step 508, the issuer system 303 transmits a transaction unsuccessful message to the
user as known in the art. In an example, the issuer system 303 transmits the transaction
unsuccessful message to the mobile device 308. In another example, the issuer system 303
transmits the transaction unsuccessful message to the computing device 301.
However, if at step 504, the current operable state of the contactless card is
determined as “unlocked state”, then the process flows to step 509 in Figure 5b.
Referring to Figures 2 and 3, along with Figure 5b, at step 509, the authorizing unit 206
obtains current proximity status information of the contactless card corresponding to the time
of the transaction. Accordingly, in one embodiment, the authorizing unit 206 may obtain the
current proximity status information from the mobile device 308 associated with the
contactless card at the time of transaction. Thus, at step 509-1, the authorizing unit 206 may
obtain the current proximity status information from the mobile device 308 associated with
the contactless card. As such, the authorizing unit 206 may transmit a request to the
contactless module 309 for current proximity status information. The authorizing unit 206
may send the request over a data communication mode when the data communication mode
of the mobile device 308 is enabled. The authorizing unit 206 may send the request over a
non-data communication mode when the data communication mode of the mobile device 308
is disabled.
Upon receiving the request for current proximity status information from the server
200, the contactless module 309 in the mobile device 308 detects current proximity with the
contactless card and transmits the current proximity status information to the server 200. The
contactless module 309 may transmit the current proximity status information over the data
communication mode when the data communication mode of the mobile device 308 is
enabled. The contactless module 309 may transmit the current proximity status information
over the non-data communication mode when the data communication mode of the mobile
device 308 is disabled.
26
In another embodiment, at step 509-2, the authorizing unit 206 may obtain the current
proximity status information from the database 205. As such, the authorizing unit 206 obtains
the latest proximity status information received from the mobile device 308 prior to the
transaction or at the time of transaction and stored in the database 205.
In one another embodiment, the authorizing unit 206 may obtain the current proximity
status information corresponding to the time of transaction simultaneously from the database
205 and the mobile device 308.
Accordingly, the authorizing unit 206 may dynamically select a source of obtaining
the current proximity status information based on predefined rules. The source can be the
mobile device 308, the database 205, or both, as described above.
At step 510, the authorizing unit 206 of the server 200 determines if the contactless
card and the mobile device 308 are within the predefined range based on the current
proximity status information.
Upon determining the contactless card and the mobile device 308 are within the
predefined range, at step 511, the server 200 transmits a success message to the issuer system
303. Accordingly, the message generating unit 207 generates a success message indicative of
near proximity with the mobile device 308 and the message transmitting unit 208 transmits
the success message to the issuer system 303.
In addition, in one embodiment, the authorizing unit 206 also compares a value of the
transaction with the cash limit value/credit limit value specified by the user in the account
305. Based on the comparison, the message generating unit 207 generates a transaction value
message. In an example, the transaction value message indicates, the value of the transaction
is above the specified cash limit value/credit limit value. In another example, the transaction
value message indicates the value of the transaction is below the specified cash limit
value/credit limit value. In one another example, the transaction value message is included in
the success message. In one another example, the transaction value message is separate from
the success message.
At step 512, upon receiving the success message, the issuer system 303 successfully
processes and completes the transaction. In examples, the banking transaction at ATM,
purchase transaction at POS system, e-commerce purchase on web-based application or
27
mobile-based application, and banking transaction on web-based application or mobile-based
application are successfully completed.
However, the completion of the transaction is further based on transaction value. In
one embodiment, the issuer system 303 completes the transaction based on the transaction
value message received from the server 200. In an example, if the transaction value message
indicates that the value of the transaction is below the specified cash limit value/credit limit
value, the transaction is completed. In an example, if the transaction value message indicates
that the value of the transaction is above the specified cash limit value/credit limit value, the
transaction is not completed. In another embodiment, the issuer system 303 completes the
transaction based on the cash limit value/credit limit value specified by the user.
Upon completing the transaction, the issuer system 303 transmits a transaction
successful message POT system 304. Upon receiving the transaction successful message, the
POT system 304 may generate a paper bill having transaction information and payment
information.
At step 513, the issuer system 303 transmits a transaction successful message to the
user as known in the art. In an example, the issuer system 303 transmits the transaction
successful message to the mobile device 308. In another example, the issuer system 303
transmits the transaction successful message to the computing device 301.
However, if at step 510, the authorizing unit 206 determines the contactless card and
the mobile device 308 are out of the predefined range based on the current proximity status
information, then the process flows to step 514 in Figure 5c.
Further, in one embodiment, if at step 509-1, the authorizing unit 206 does not receive
the current proximity status information from the mobile device 308, the authorizing unit 206
determines the contactless card and the mobile device 308 are out of the predefined range,
and the process flows to step 514 in Figure 5c. Additionally, the authorizing unit 206
switches the current operable state of the contactless card 306 to ‘locked state’.
Referring to Figures 2 and 3, along with Figure 5c, at step 514, the server 200
transmits a failure message to the issuer system 303. Accordingly, the message generating
unit 207 generates a failure message indicative of far proximity with the mobile device 308
and the message transmitting unit 208 transmits the failure message to the issuer system 303.
28
In addition to the failure message, the message generating unit 207 generates an alert
message for the user. The alert message indicates details about the transaction and details
about far proximity of the contactless card with the mobile device 308 in respect of the
transaction. Further, in one embodiment, the alert message indicates details about switching
of the current operable state of the contactless card 306 to ‘locked state’ when the authorizing
unit 206 does not receive the current proximity status information from the mobile device 308
at step 509-1.
Furthermore, in one embodiment, upon determining far proximity with the mobile
device 308 for a predetermined number of successive transactions, the authorizing unit 206
blocks further transactions using the contactless card. Accordingly, the message generating
unit 207 generates a blocked message. At step 515, the message transmitting unit 208
transmits the alert message to the user. In an example, the message transmitting unit 208
transmits the alert message to the mobile device 308. In another example, the transmitting
unit 204 transmits the alert message to the computing device 301.
Further, the message transmitting unit 208 transmits the blocked message to the user
after the predetermined number of unsuccessful transactions.
At step 516, upon receiving the failure message, the issuer system 303 prevents the
processing of the transaction. In examples, the banking transaction at ATM, purchase
transaction at POS system, e-commerce purchase on web-based application or mobile-based
application, and banking transaction on web-based application or mobile-based application
are prevented from completion. Upon preventing the transaction, the issuer system 303
transmits a transaction unsuccessful message to the POT system 304. Upon receiving the
transaction unsuccessful message, the POT system 304 may display an appropriate message
on a display unit (not shown in the figure) of the POT system 304.
Further, in one embodiment, upon receiving the failure message for a predetermined
number of successive transactions initiated by using the card, the issuer system 303 blocks
further transactions using the card in a manner as known in the art. Accordingly, the issuer
system 303 transmits a blocked message to the user as known in the art. In an example, the
issuer system 303 transmits the blocked message to the mobile device 308. In such example,
the mobile device 308 is associated with the card. In an example, the issuer system 303
29
transmits the blocked message to the computing device 301. In one another example, the
issuer system 303 transmits the blocked message to a mobile device 308.
At step 517, the issuer system 303 transmits a transaction unsuccessful message to the
user as known in the art. In an example, the issuer system 303 transmits the transaction
unsuccessful message to the mobile device 308. In another example, the issuer system 303
transmits the transaction unsuccessful message to the computing device 301.
Thus, the transaction is allowed only if the contactless card is in unlocked state and is
within the predefined range of proximity with the mobile device 308. As such, the security of
the contactless card is greatly enhanced as a two-step security verification is provided.
Figure 6 illustrates the operations performed by the server 200 to disable the
contactless card 306 and deactivate the proximity mode of the mobile device 308, in
accordance with an embodiment of present invention.
Referring to Figures 2, 3, 4, & 6, at step 601, the user sends a request to the server
200 as described in step 401 earlier. The request pertains to disabling the one or more
associated contactless cards 306. In said embodiment, the disabling request is indicative of
deactivating the proximity mode of the mobile device 308 associated with the contactless
card 306. Thus, contactless module 309 in the mobile device 308 discontinues detecting
proximity of the mobile device 308 with the contactless card 306.
At step 602, the receiving unit 201 receives the request from the computing device
301 or the mobile device 308. As described in reference to step 402, upon receiving the
request, the processor 202 determines a current operable state of the contactless card 306
mentioned in the request from the database 205.
At step 603, the analysis unit 203 transmits a challenge message to the mobile device
308 as described in reference to step 402 if the operable state is determined as “unlocked
state”. On the contrary, if the operable state is determined as “locked state”, the analysis unit
203 transmits a message indicative of “locked state” to the mobile device 308. In addition,
the message indicates that the proximity mod of mobile device 308 is currently deactivated.
At step 604, the request receiving unit 201 receives a response message from the user
in response to the challenge message.
30
At step 605, the processor 202 validates the received response message by matching
the received response message with the stored response message.
At step 606, the analysis unit 203 deactivates the proximity mode of the mobile
device 308, if a positive match is obtained at step 605. When the proximity mode of the
mobile device 308 is deactivated, the mobile device 308 does not detect proximity with the
contactless card 306. Accordingly, the analysis unit 203 sends a trigger to the contactless
module 309 of the mobile device 308 to deactivate the proximity mode of the mobile device
308. Further, the analysis unit 203 switches the operable state to locked state and saves the
switched operable state as a current operable state for the contactless card 306 in the database
205.
At step 607, the message generating unit 207 generates a success message indicative
of the positive match. In an example, the success message indicates successful deactivation of
the proximity mode of the mobile device 308 or disabling of the contactless card 306. The
message transmitting unit 208 then transmits the success message to the user. In an example,
the message transmitting unit 208 transmits the success message to the computing device
301. In another example, the message transmitting unit 208 transmits the success message to
the mobile device 308
On the contrary, if a match is not obtained at step 605, the message generating unit
207 generates a failure message. In an example, the failure message indicates unsuccessful
deactivation of the proximity mode or disabling of the contactless card 306. The failure
message further indicates the user to resend the request.
Although, the above steps have been written from the perspective of a single user, it
would be understood that multiple users can follow the same steps for enhancing the security
of card based financial transactions.
While certain present preferred embodiments of the invention have been illustrated
and described herein, it is to be understood that the invention is not limited thereto. Clearly,
the invention may be otherwise variously embodied, and practiced within the scope of the
following claims.

We Claim:
1. A method comprising:
- receiving, in respect of an account, a request to enable one or more contactless
cards, the account being associated with the one or more contactless cards
issued to a user of the account by one or more issuers;
- determining an operable state of the one or more contactless cards, the
operable state being one of a locked state and an unlocked state; and
- activating a proximity mode of a mobile device associated with the one or
more contactless cards when the operable state is determined as locked state,
wherein the mobile device detects a proximity with the one or more
contactless cards during the activated proximity mode.
2. The method as claimed in claim 1, when the operable state is determined as locked
state, the method further comprises:
- switching the operable state from the locked stated to unlocked state.
3. The method as claimed in claim 1, wherein the contactless card is one of: a credit
card, a debit card, an automated teller machine (ATM) card, a fleet card, stored-value
card, prepaid card, and a gift card.
4. The method as claimed in claim 1, wherein the request is received via one of: a web
based application, a mobile based application, a short message service (SMS)
message, a Unstructured Supplementary Service Data (USSD) message, and
interactive voice response (IVR).
5. The method as claimed in claim 1, wherein in the locked state of a contactless card,
use of the contactless card is prevented and a proximity mode of a mobile device
associated with the contactless card is deactivated.
6. The method as claimed in claim 1, wherein in the unlocked state of a contactless card,
use of the contactless card is allowed and a proximity mode of a mobile device
associated with the contactless card is activated.
32
7. The method as claimed in claim 1, wherein the mobile device detects the proximity
with the one or more contactless cards periodically during the activated proximity
mode.
8. The method as claimed in claim 1, wherein activating the proximity mode further
comprises:
- transmitting a trigger to a contactless module of the mobile device, the
contactless module being adapted to communicate with the one or more
contactless cards and to detect the proximity.
9. The method as claimed in claim 1 further comprises:
- receiving proximity status information from the mobile device periodically,
the proximity status information being indicative of the detected proximity
with the one or more contactless cards; and
- storing the proximity status information in a database.
10. The method as claimed in claim 9, wherein the proximity status information is
received from the mobile device via one of: a data communication mode of the mobile
device and a non-data communication mode of the mobile device.
11. The method as claimed in claim 9 further comprises:
- switching the operable state of the one or more contactless cards to locked
state when the received proximity status information indicates the mobile
device and the contactless card are out of a predefined range for a consecutive
number of occurrences.
12. The method as claimed in claim 1 further comprises:
- switching the operable state of the one or more contactless cards to locked
state in absence of receiving proximity status information from the mobile
device for a consecutive number of occurrences.
13. The method as claimed in claim 1 further comprises:
33
- receiving a request to authorize a contactless card in respect of a transaction
initiated using the contactless card, the contactless card being one of said one
or more cards;
- obtaining a proximity status information indicative of a proximity of the
contactless card and a mobile device associated with the card; and
- transmitting an alert message to the mobile device in case the proximity status
information indicates the mobile device and the contactless card are out of a
predefined range.
14. The method as claimed in claim 13, wherein the proximity status information is
obtained from a database, the database being adapted to store the proximity status
information received periodically from the mobile device.
15. The method as claimed in claim 13, wherein the proximity status information is
obtained from the mobile device via a data communication mode of the mobile
device.
16. The method as claimed in claim 13, wherein the proximity status information is
obtained from the mobile device via a non-data communication mode of the mobile
device.
17. The method as claimed in claim 13 further comprises:
- determining an operable state of the contactless card such that the proximity
status information is obtained when the operable state is determined as an
unlocked state.
18. A server comprising:
- a request receiving unit to receive, in respect of an account, a request to enable
one or more contactless cards, the account being associated with the one or
more contactless cards issued to a user of the account by one or more issuers;
- a processor to determine an operable state of the one or more contactless cards,
the operable state being one of a locked state and an unlocked state; and
34
- an analysis unit to activate a proximity mode of a mobile device associated
with the one or more contactless cards when the operable state is determined
as locked state, wherein the mobile device detects a proximity with the one or
more contactless cards during the activated proximity mode.
19. The server as claimed in claim 18, wherein the analysis unit further:
- when the operable state is determined as locked state, switches the operable
state from the locked stated to unlocked state; and
- activates the proximity mode of the mobile device.
20. The server as claimed in claim 18, wherein the receiving unit is receives the request
via one of: a web based application, a mobile based application, a short message
service (SMS) message, a Unstructured Supplementary Service Data (USSD)
message, and interactive voice response (IVR).
21. The server as claimed in claim 18, wherein during a locked state of a contactless card,
the analysis unit prevents a use of the contactless card and deactivates a proximity
mode of the contactless card.
22. The server as claimed in claim 18, wherein during an unlocked state of a contactless
card, the analysis unit allows a use of the contactless card and activates a proximity
mode of the contactless card.
23. The server as claimed in claim 18, the analysis unit further:
- transmits a trigger to a contactless module of the mobile device to activate the
proximity mode, the contactless module being adapted to communicate with
the one or more contactless cards and to detect the proximity.
24. The server as claimed in claim 18 further comprises:
- an information receiving unit to:
- receive a proximity status information from the mobile device
periodically, the proximity status information being indicative of the
detected proximity with the one or more contactless cards; and
35
- store the proximity status information in a database coupled with the
server.
25. The server as claimed in claim 24, wherein the information receiving unit receives the
proximity status information from the mobile device via one of: a data communication
mode of the mobile device and a non-data communication mode of the mobile device.
26. The server as claimed in claim 24, wherein the analysis unit further:
- determines the received proximity status information is indicative of the
mobile device and the contactless card being out of a predefined range for a
consecutive number of occurrences; and
- switches the operable state of the one or more contact less cards to locked state
in accordance to the determination.
27. The server as claimed in claim 18 further comprises:
- an authorizing unit to:
- receive a request to authorize a contactless card in respect of a
transaction initiated using the contactless card, the contactless card
being one of said one or more cards;
- obtain a proximity status information indicative of a proximity of the
contactless card and a mobile device associated with the card; and
- transmit an alert message to the mobile device in case the proximity
status information indicates the mobile device and the contactless
card are out of a predefined range.
28. The server as claimed in claim 27, wherein the authorizing unit obtains the proximity
status information from a database coupled to the server, the database being adapted
to store the proximity status information received periodically from the mobile device.
29. The server as claimed in claim 27, wherein the authorizing unit obtains the proximity
status information from the mobile device via a data communication mode of the
mobile device.
36
30. The server as claimed in claim 27, wherein the authorizing unit obtains the proximity
status information from the mobile device via a non-data communication mode of the
mobile device.
31. The server as claimed in claim 27, wherein the authorizing unit further:
- determines the operable state of the contactless card, such that proximity status
information is obtained when the operable state is determined as an unlocked
state.
32. The server as claimed in claim 24, the analysis unit further:
- determines non-receipt of proximity status information from the mobile device
for a consecutive number of occurrences; and
- switches the operable state of the one or more contact less cards to locked state
in accordance to the determination.