DESCRIPTION
TECHNICAL FIELD
The present invention generally relates to secure financial transaction. More particularly,
the invention relates to secure access of multiple financial cards during a single card based
financial transaction.
BACKGROUND
With advent of technology, card based financial transactions such as purchase
transactions and banking transactions have gained popularity. Examples of the cards include a
credit card, a debit card, an automated teller machine (ATM) card, a fleet card, stored-value card,
prepaid card, and a gift card. These cards generally include a magnetic strip and/or chip that
stores the details of the card. In addition, each of the cards has a Card Verification Value (CVV)
number and a card identification number.
To secure the cards from misuse, various security techniques are being used. In one
technique, transaction using the card is completed only upon positive authentication of Personal
Identification Number (PIN) associated with the card. In another technique, transaction using the
card is completed upon positive authentication of the CVV number along with PIN. In one
another technique, a one-time password (OTP) is sent to a user of the card and transaction is
completed upon receiving the same OTP from the user. In yet another technique, two-step
verification based on a combination of above-mentioned techniques is used.
However, data such as PIN and CVV can be easily stolen by using hidden camera near
transaction locations, malicious software in POS/ATM device processing card information for
transaction, and placing paper on the POS/ATM device accepting the card for transaction.
Further, the card can be cloned using malicious software in POS/ATM device. If PIN is known
to person who cloned the card, transaction can be made till the credit card limit exhaust.
There are various solutions available for ensuring the security of financial cards. In one
of the solutions, identification of a customer performing a transaction using a card is validated
using multifactor authentication. Accordingly, the customer sets a secondary pin prior to using
the card for transaction. The customer also needs to register his mobile number with an issuing
bank of the card. During ATM/POS transaction, the customer first enters primary pin provided
2
by the issuing bank, in an ATM/POS device. The primary PIN is then validated by the issuing
bank. Upon positive validation, the issuing bank sends an SMS to customer’s registered mobile
number requesting for the secondary pin. Upon receiving the secondary pin, the banking system
matches the received secondary PIN with the pre-set secondary pin. When the match is positive,
the transaction is completed, else the transaction is denied In another solution, validation of the
secondary pin is based on threshold conditions preset either by issuing system or the customer.
These conditions include transaction amount, credit limit, and frequency of use. In yet another
solution, the primary Pin and the secondary PIN can be biometric information. In both solutions,
the system first checks whether the primary pin received matches with the predefined primary
pin. Based on threshold conditions and positive match of primary PIN, the customer is requested
to provide the secondary PIN via the mobile device. When the secondary PIN received from the
mobile device matches with the secondary pin pre-stored in system, the transaction is completed.
In another solution, a user enters a PIN on a mobile device and sends the PIN, e.g., via
text message to a payment authority. The payment authority authenticates the user using at least
the PIN and identifier associated with the mobile device. If the user is authenticated, then the
payment authority will send a transaction code to the mobile device. The user can then provide
the transaction code to the merchant. The merchant can enter the transaction code into the POS
device and complete the transaction.
In one another solution, user authentication data is provided via a virtual keypad on a
mobile device. During a contactless transaction using a card at financial transaction computer
(FTC) such as ATM/POS device, the FTC sends a request to the mobile device to display the
virtual keypad arranged in a randomly generated pattern to receive the user authentication data.
The pattern of the virtual keypad changes in a random manner at each instance of displaying the
virtual keypad. This improves security of transaction. Upon receiving the user authentication
data, the mobile device sends the data to the FTC. The FTC then transmits the data to issuing
bank for validation and subsequent completion of the transaction.
In yet another solution, mobile number is used as identity for conducting transactions. A
set of configurable rules defined by the user lets the user choose appropriate method of payment
at the point of sale. These preselected rules can be either classified according to balance i.e., use
of account with minimum balance or use the account with maximum balance; or it can be
3
classified according to the type of purchase. When the user enters the card to ATM/POS system,
the user provides mobile number and PIN at the ATM/POS system. Upon receiving the mobile
number and PIN, an alert screen is displayed on the mobile device. The alert screen displays
transaction information along with one block as validation area where user needs to provide
authentication information. Upon validating the authentication information, a payment method
that satisfies the preselect rules is selected and transaction is completed.
However, the above solutions require the customer to remember one or two security pins
for a single card. In addition, the solution requires the customer to remember all the threshold
condition preset for multiple cards. Further, if the transaction fails using the single card due to
low balance, the entire process is repeated for another card. Thus, such process is complicated
resulting in poor user-experience.
Thus, there exists a need to provide a better technique for conducting secure financial
transaction.
SUMMARY OF THE INVENTION:
In accordance with the purposes of the invention, the present invention as embodied and
broadly described herein, provides for secure access of multiple financial cards during a single
card based financial transaction.
Accordingly, in one embodiment, a user creates an account with a system and associates
plurality of electronic payment cards issued to the user by plurality of issuers and a mobile
device. The account is stored in a storage unit. Further, the user can set first set of electronic
payment cards in an unlocked state and a remaining set of electronic payment cards is in a locked
state. In the unlocked state of an electronic payment card, use of the electronic payment card is
allowed. In the locked state of an electronic payment card, use of the electronic payment card is
prevented.
During a transaction, the system receives a first key element and transaction details in
respect of the transaction from a point of transaction (POT) terminal. The transaction is initiated
using a first electronic payment card. The first key element is either a random sequence of
alphanumeric string of variable length or a biometric identification. Examples of the biometric
4
identification include, but not limited to, finger print, voice recognition, facial recognition, and
retinal scan.
The system then fetches an account associated with the first electronic payment card from
the storage unit. Based on the account, the system activates a virtual keypad on the mobile device
to receive a second key element from the user. The second key element is either a random
sequence of alphanumeric string of variable length or a biometric identification. Examples of the
biometric identification include, but not limited to, finger print, voice recognition, facial
recognition, and retinal scan. The mobile device then transmits the second key element to the
system.
Upon receiving the second key element, the system compares the first key element with
the second key element. When the first key element matches with the second key element, the
system enables and displays the first set of electronic payment cards for selection on the mobile
device. Upon receiving a selection of second payment card, the system transmits the transaction
details to an issuer of the second electronic payment card to process the transaction.
The advantages of the invention include, but not limited to, allowing secure access to
multiple cards from a single card. Further, security is completely ensured as the key elements are
either random sequence of alphanumeric string of variable length or a biometric identification
and user need not to remember any kind of passwords. Thus, the user can provide a different first
key element for each transaction, thereby eliminating the chances of cloning and stealing data. In
addition, the requirement of memorizing several PINs is eliminated.
Furthermore, the user can preset first set of electronic payment cards in an unlocked state
and a remaining set of electronic payment cards in a locked state. This reduces the chances of
failed transaction due to low balance since the user can select a second card that is different from
the first card. Additionally, an easy solution is provided for safeguarding the cards while
travelling and in various other scenarios as the user need not carry multiple cards. The user can
carry only one card and perform transaction using any other card.
These and other aspects as well as advantages will be more clearly understood from the
following detailed description taken in conjunction with the accompanying drawings and claims.
5
BRIEF DESCRIPTION OF THE ACCOMANYING DRWAINGS
To clarify advantages and aspects of the invention, a more particular description of the
invention will be rendered by reference to specific embodiments thereof, which is illustrated in
the appended drawings. It is appreciated that these drawings depict only typical embodiments of
the invention and are therefore not to be considered limiting of its scope. The invention will be
described and explained with additional specificity and detail with the accompanying drawings,
which are listed below for quick reference.
Figures 1a, 1b, & 1c illustrate an exemplary method for secure access of multiple
financial cards during a single card based financial transaction, in accordance with an
embodiment of present invention.
Figure 2 illustrates an exemplary system for enabling secure access of multiple financial
cards during a single card based financial transaction, in accordance with an embodiment of
present invention.
Figure 3 illustrates an exemplary network environment that implement the system, a
POT (Point of Transaction) terminal, and a banking system for enabling secure access of
multiple financial cards during a single card based financial transaction, in accordance with an
embodiment of present invention.
Figures 4a, 4b, & 4c schematically illustrate operation of the system for enabling secure
access of multiple financial cards during a single card based financial transaction, in accordance
with an embodiment of present invention.
Further, those of ordinary skill in the art will appreciate that elements in the drawings are
illustrated for simplicity and may not have been necessarily drawn to scale. For example, the
dimensions of some of the elements in the drawings may be exaggerated relative to other
elements to help to improve understanding of aspects of the invention. Furthermore, the one or
more elements may have been represented in the drawings by conventional symbols, and the
drawings may show only those specific details that are pertinent to understanding the
embodiments of the invention so as not to obscure the drawings with details that will be readily
apparent to those of ordinary skill in the art having benefit of the description herein.
6
DETAILED DESCRIPTION
It should be understood at the outset that although illustrative implementations of the
embodiments of the present disclosure are illustrated below, the present invention may be
implemented using any number of techniques, whether currently known or in existence. The
present disclosure should in no way be limited to the illustrative implementations, drawings, and
techniques illustrated below, including the exemplary design and implementation illustrated and
described herein, but may be modified within the scope of the appended claims along with their
full scope of equivalents.
The term “some” as used herein is defined as “none, or one, or more than one, or all.”
Accordingly, the terms “none,” “one,” “more than one,” “more than one, but not all” or “all”
would all fall under the definition of “some.” The term “some embodiments” may refer to no
embodiments or to one embodiment or to several embodiments or to all embodiments.
Accordingly, the term “some embodiments” is defined as meaning “no embodiment, or one
embodiment, or more than one embodiment, or all embodiments.”
The terminology and structure employed herein is for describing, teaching and
illuminating some embodiments and their specific features and elements and does not limit,
restrict or reduce the spirit and scope of the claims or their equivalents.
More specifically, any terms used herein such as but not limited to “includes,”
“comprises,” “has,” “consists,” and grammatical variants thereof do NOT specify an exact
limitation or restriction and certainly do NOT exclude the possible addition of one or more
features or elements, unless otherwise stated, and furthermore must NOT be taken to exclude the
possible removal of one or more of the listed features and elements, unless otherwise stated with
the limiting language “MUST comprise” or “NEEDS TO include.”
Whether or not a certain feature or element was limited to being used only once, either
way it may still be referred to as “one or more features” or “one or more elements” or “at least
one feature” or “at least one element.” Furthermore, the use of the terms “one or more” or “at
least one” feature or element do NOT preclude there being none of that feature or element,
unless otherwise specified by limiting language such as “there NEEDS to be one or more . . . ” or
“one or more element is REQUIRED.”
7
Unless otherwise defined, all terms, and especially any technical and/or scientific terms,
used herein may be taken to have the same meaning as commonly understood by one having an
ordinary skill in the art.
Reference is made herein to some “embodiments.” It should be understood that an
embodiment is an example of a possible implementation of any features and/or elements
presented in the attached claims. Some embodiments have been described for the purpose of
illuminating one or more of the potential ways in which the specific features and/or elements of
the attached claims fulfil the requirements of uniqueness, utility and non-obviousness.
Use of the phrases and/or terms such as but not limited to “a first embodiment,” “a
further embodiment,” “an alternate embodiment,” “one embodiment,” “an embodiment,”
“multiple embodiments,” “some embodiments,” “other embodiments,” “further embodiment”,
“furthermore embodiment”, “additional embodiment” or variants thereof do NOT necessarily
refer to the same embodiments. Unless otherwise specified, one or more particular features
and/or elements described in connection with one or more embodiments may be found in one
embodiment, or may be found in more than one embodiment, or may be found in all
embodiments, or may be found in no embodiments. Although one or more features and/or
elements may be described herein in the context of only a single embodiment, or alternatively in
the context of more than one embodiment, or further alternatively in the context of all
embodiments, the features and/or elements may instead be provided separately or in any
appropriate combination or not at all. Conversely, any features and/or elements described in the
context of separate embodiments may alternatively be realized as existing together in the context
of a single embodiment.
Any particular and all details set forth herein are used in the context of some
embodiments and therefore should NOT be necessarily taken as limiting factors to the attached
claims. The attached claims and their legal equivalents can be realized in the context of
embodiments other than the ones used as illustrative examples in the description below.
Figure 1 illustrates an exemplary method 100 for allowing multiple card usage and
security of the cards in accordance with an embodiment of present invention. In said
embodiment, referring to Figure 1a, the method 100 comprises: receiving 101 from point of
transaction (POT) terminal, a first key element(FKE) and transaction details in respect of a
8
transaction initiated using first electronic payment card; fetching 102, from a storage unit, an
account associated with the first electronic payment card, the account being associated with a
plurality of electronic payment cards issued to a user of the account by plurality of issuers and
the plurality of electronic payment cards including the first electronic payment card; activating
103 a virtual keypad on a mobile device associated with the account; receiving 104 a second key
element from the mobile device, the second key element(SKE) being provided by the user via the
virtual keypad; and enabling and displaying 105, on the mobile device, a first set of electronic
payment cards from the plurality of electronic payment cards for selection on the mobile device
when the first key element matches with the second key element.
Referring to Figure 1b, the method 100 further comprises: receiving 106 from the mobile
device, a selection of a second electronic payment card from amongst the plurality of electronic
payment cards; and transmitting 107 the transaction details to an issuer of the second electronic
payment card to process the transaction.
Referring to Figure 1c, the method 100 further comprises: preventing 108 display of the
first set of electronic payment cards for selection on the mobile device upon determining one of:
a non-reception of the second key element from the mobile device prior to expiry of a
predetermined time period from the reception of the first key element; and the first key element
does not match with the second key element;and transmitting 109 a response message to the
mobile device indicative of the determination.
Further, the first key element is one of a random sequence of alphanumeric string of
variable length and a biometric identification. Likewise, the second key element is one of a
random sequence of alphanumeric string of variable length and a biometric identification.
Examples of the biometric identification include, but not limited to, finger print, voice
recognition, facial recognition, and retinal scan.
Further, the first set of electronic payment cards are in the unlocked state and remaining
set of electronic payment cards are in a locked state. In the unlocked state, use of electronic
payment card is allowed and in locked state, use of the electronic payment card is prevented.
Further, the electronic payment card is one of: a credit card, a debit card, an automated
teller machine (ATM) card, a fleet card, stored-value card, prepaid card, and a gift card.
Additionally, the electronic payment card can be either a contact card or a contactless card.
9
Figure 2 illustrates an exemplary system 200 for enabling secure access of multiple
financial cards during a single card based financial transaction, in accordance with an
embodiment of present invention. As would be understood, the system 200 is capable of
implementing the methods as described with reference to preceding Figures 1a, 1b and 1c.
In said embodiment, the system 200 comprises: a first input receiving unit 201 to receive
first key element and transaction details in respect of a transaction initiated using a first
electronic payment card from a point of transaction (POT) terminal 202. The POT terminal can
be ATM device, point of sale (POS) device, and a computing device.
Further, the system 200 includes a fetching unit 203 to fetch an account associated with
the first electronic payment card from a storage unit 204. The account is associated with a mobile
device 205 and plurality of electronic payment cards issued to a user of the account by plurality
of issuers. The plurality of electronic payment cards includes the first electronic payment card. In
one implementation, the storage unit 204 is external to the system 200, as shown in the figure. In
another implementation, the storage unit 204 is internal to the system 200.
Further, the system 200 comprises a keypad activation unit 206 to activate a virtual
keypad on the mobile device 205 for receiving a second key element.
Further, the system 200 comprises a second input receiving unit 207 to receive the second
key element from the mobile device 205 for validation. Further, the system 200 comprises a
control unit 208. Upon receiving the second key element from the mobile device 205, the control
unit 208 enables a first set of electronic payment cards from the plurality of electronic payment
cards for selection when the first key element matches with the second key element. The control
unit 208 then displays the first set of electronic payment cards on the mobile device 205. Further,
the control unit 208 arranges the virtual keypad in a random pattern for each transaction initiated
using the plurality of electronic payment cards.
Further, upon display of the first set of electronic payment cards, the user may select a
second electronic payment card for completing the transaction. Accordingly, the second input
receiving unit 207 receives the selection of the second electronic payment card from the mobile
device 205. Upon receiving the selection of the second electronic payment card, the control unit
208 transmits the transaction details to an issuer of the second electronic payment card to process
the transaction.
10
On the contrary, the control unit 208 prevents the display of the first set of electronic
payment cards for selection on the mobile device 205 when a failure is determined. The failure
can be one of a non-reception of the second key element from the mobile device prior to expiry
of a predetermined time period from the reception of the first key element; and the first key
element does not match with the second key element. Further, the control unit 208 generates and
transmits a message indicative of the determined failure.
The system 200 further includes a processor 209 to perform necessary functions of the
system 200. The processor 209 may be one or more general processors, digital signal processors,
application specific integrated circuits, field programmable gate arrays, servers, networks, digital
circuits, analog circuits, combinations thereof, or other now known or later developed devices for
analysing and processing data. In one implementation, the control unit 208, the fetching unit 203,
and the keypad activation unit 206 are external to the processor 209, as illustrated in the figure.
In another implementation, the control unit 208, the fetching unit 203, and the keypad activation
unit 206 are integral to the processor 209. In another implementation, the control unit 208, the
fetching unit 203, and the keypad activation unit 206 can be one single unit. In one another
implementation, the control unit 208, the fetching unit 203, and the keypad activation unit 206
can de different units, as illustrated in figure. In one another implementation, the control unit
208, the fetching unit 203, and the keypad activation unit 206 are implemented as specific
hardware elements. In one another implementation, the control unit 208, the fetching unit 203,
and the keypad activation unit 206 are implemented as combination of hardware and software
elements. In yet another implementation, the control unit 208, the fetching unit 203, and the
keypad activation unit 206 are implemented as software elements such as a mobile application.
The system 200 further includes a memory 210 for storing the outputs of each of the
previously mentioned units. The memory 210 may be a main memory, a static memory, or a
dynamic memory.
Although specific hardware components have been depicted in reference to the system
200, it is to be understood that the system 200 and the various components may include other
hardware components and/or software components as known in the art for performing necessary
functions.
11
Figure 3 schematically illustrates a network environment 300 includes one or more
computing devices 301-1, 301-2, 301-N, (hereinafter referred to as computing device 301
indicating one computing device and computing devices 301 indicating a plurality of computing
devices). Examples of commuting device 301 include the desktop, notebook, tablet, smart phone,
and laptop. The system 200 is coupled to the computing devices 301 over a network 302.
Examples of the network 302 include wireless network, wired network, and cloud based
network.
Accordingly, a user 303 accesses the system 200 through the computing device 301 over
the network 302 and creates an account 304. The creation of an account is similar to methods
known in the art. In an example, the user 303 accesses a web-based application or a mobilebased
application on the computing device 301 and creates the account 304. In addition, the
account 304 is associated with the mobile device 205 of the user 303. Thus, the account 304
includes details of the user 303 such as name, address, and mobile subscriber identification
number (MSISDN) of the associated mobile device 205. The system 200 stores the details of the
account 304 and the associated details of the user 303 in the storage unit 204.
Upon issuance of the one or more cards, the user 303 associates the one or more cards
305-1, 305-2, 305-3, … 305-N (hereinafter referred to as associated card 305 indicating one card
and associated cards 305 indicating a plurality of cards) with the account 304 at the system 200
through the computing device 301. The electronic payment card is one of: a credit card, a debit
card, an automated teller machine (ATM) card, a fleet card, stored-value card, prepaid card, and
a gift card. The electronic payment card can be contact card or contactless card. It would be
understood that the associated cards 305 might be issued by one issuer or by multiple issuers. In
an example, the user 303 accesses the account 304 using web-based application or mobile-based
application provided by the issuer. The association of the one or more cards includes providing
details of the associated card 305 and the corresponding issuer issuing the associated card 305.
The details of the associated card 305 includes, but not limited to, card number, payment
technology, expiry date, name of the user as provided on the card, and other authentication
details as required. Thereafter the association is performed as known in the art. For the sake of
brevity only four cards are illustrated in the figure.
12
Further, the server 200 stores the details of the associated cards 305 in the storage unit
204 such that the account 304 is mapped with each of the associated cards 305. In an example, a
flag is set indicative of the association of the card with the account 304. The association details
are indicative that during a transaction the server 200 after performing authentication of the
associated cards 305, the server 200 will directly send request to the corresponding issuer system
306 to process transaction. In addition, the user 303 specifies cash limit value/credit limit value
for the associated cards 305. The server 200 then stores the specified cash limit value/credit limit
value for each of the associated cards 305 in the storage unit 204.
Further, the user 303 specifies whether each of the associated cards 305 is in locked
stated or unlocked state. In locked state, the use of the associated card is prevented. In unlocked
state, the use of the associated card is allowed. In an example, a flag is set indicative of the state
of each of the associated card 305 and stored in the storage unit 204. Further, the network
environment 300 includes a plurality of issuer systems 306-1, 306-2, …306-N, (hereinafter
referred to as issuer system 306 indicating one issuer system and issuer systems 306 indicating a
plurality of issuer systems) corresponding to plurality of issuers such as banks and merchants.
The issuers, among various other services, issues one or more cards to the user 303 for
conducting financial transactions such as purchase transactions and banking transactions.
Examples of the issuer systems 306 include systems employed by banks and merchants. In
addition, the user 303 specifies cash limit value and credit limit value for the issued cards. The
issuer systems 306 are coupled with the system 200 over the network 302.
Furthermore, the network environment 300 includes a plurality of point of transaction
(POT) terminals 307, (hereinafter referred to as POT terminal 307 indicating one POT terminal
and POT terminals 307 indicating a plurality of POT terminals). For the sake of brevity, only one
POT terminal 307 is illustrated. The POT terminal 307 enables the user 303 to perform financial
transactions using the one or more cards. Examples of the POT terminal 307 include point of sale
(POS) systems, automated teller machines (ATMs), and web-based applications and mobilebased
applications where a user engages in a financial transaction such as banking applications
and shopping applications. The POT terminals 307 are coupled with system 200 and the issuer
systems 306 over the network 302.
13
Furthermore, the network environment 300 includes a plurality of payment processing
unit 308 (hereinafter referred to as payment processing unit 308 indicating one payment
processing unit and payment processing units 308 indicating a plurality of payment processing
units). For the sake of brevity, only one payment processing unit 308 is illustrated. As would be
understood, the payment processing unit 308 is a banking unit to the corresponding POT
terminal when POT terminal is an ATM. When a card inserted in an ATM that does not belong
to the corresponding issuer, then payment will be done through the payment processing unit after
validation from the issuer banks. Thus, the issuer system 306 and the payment processing unit
308, serve as a single unit known as banking system 309. Likewise, for the sake of brevity, the
storage unit 204 and the system 200 are considered as a single unit named backend system 310.
Figure 4 illustrates the operations performed by system 200 for enabling secure access of
the cards 305 associated with the account 304 during a single card 305 based financial
transaction.
Referring to Figures 2, 3 & 4a, at step 401, the POT terminal 307 transmits a first key
element (FKE) and transaction details to the backend system 310. The first key element is one of
a random sequence of alphanumeric string of variable length and a biometric identification.
Examples of the biometric identification include, but not limited to, finger print, voice
recognition, facial recognition, and retinal scan. As would be understood, the POT terminal 307
would be integrated with or communicatively coupled with sensors/devices capable of receiving
the biometric identification. Examples of the transaction include banking transaction at ATM,
purchase transaction at POS system, e-commerce purchase on web-based application or mobilebased
application, and banking transaction on web-based application or mobile-based application
using an electronic payment card. The card can be used for either contactless transaction or
contact based transaction. The transaction details includes authentication credentials of the POT
terminal 307, transaction information, and card identifier data indicating details about the first
electronic payment card, and location information in respect of the transaction. In an example,
the transmission of the transaction details and FKE can be performed using an encrypted
message frame.
At step 402, the backend system 310 determines whether the electronic payment card is
associated with the account 304. In addition, the backend system 310 determines whether the
14
electronic payment card is in locked state or in unlocked state. As described earlier, the use of
the electronic payment card is prevented if in locked state and is allowed if in unlocked state. In
an example, referring to Figure 3, the flag indicative of the state of electronic payment cards 305-
1 and 305-4 is set to unlocked state and the flag indicative of the state of electronic payment
cards 305-2 and 305-3 is set to locked state. Accordingly, the backend system 310 checks the
flag indicative of the association of the card with the account 304. Upon determining that the
card is associated with the account 304, the backend system 310 checks the flag indicative of the
state of the card.
If at step 402, the backend system 310 determines the electronic payment card is not
associated with the account 304, then at step 403 the backend system 310 generates an
unsuccessful transaction message and transmits the unsuccessful transaction message to the POT
terminal 307. Upon receiving the message, the POT terminal 307 may display an appropriate
message on a display unit (not shown in the figure) of the POT terminal 307. In the above
example, referring to Figure 3, if the electronic payment card is none of the electronic payment
cards 305, then process flows to step 403. Since the electronic payment card is not associated
with the account 304, the backend system 310 will not be able to determine MSISDN of the
associated mobile device 205 and therefore will not send a failure message to the mobile device
205.
Likewise, if at step 402, the backend system 310 determines the electronic payment card
is associated with the account 304 but is in locked state, then at step 403 the backend system 310
generates an unsuccessful transaction message and transmits the unsuccessful transaction
message to the POT terminal 307. Upon receiving the message, the POT terminal 307 may
display an appropriate message on a display unit (not shown in the figure) of the POT terminal
307. In the above example, referring to Figure 3, if the electronic payment card is one of the
electronic payment cards 305-2 and 305-3, then process flow to step 403.
At step 404, the backend system 310 generates a failure message and transmits the failure
message to the mobile device 205 associated with the account 304. The failure message indicates
transaction details and details about the electronic payment card being in locked state.
On the contrary, if the electronic payment card is associated with the account 304 and is
in unlocked state, then the processes flow to step 405. In the above example, referring to Figure
15
3, if the electronic payment card is one of the electronic payment cards 305-1 and 305-4, then
process flows to step 405. Thus, any of the electronic payment cards 305 that is in unlocked state
can be the first electronic payment card used for initiating the transaction.
At step 405, the backend system 310 activates virtual keypad (VKP) on the mobile device
205 corresponding to the account 304. Accordingly, the backend system 310 transmits an
instruction to open the virtual keypad along with the transaction details to the mobile device 205.
Further, upon transmitting the instructions, the backend system 310 activates a timer for a
predetermined time period. The predetermined time period is considered from the instance the
FKE is received from the POT terminal 307. In an example, the predetermined time period is few
seconds.
Upon receiving the instructions from the backend system 310, the mobile device 205
displays the virtual keypad. The virtual keypad is arranged in a random pattern for each
transaction initiated using electronic payment cards 305. In addition, the transaction details are
also displayed on the mobile device 205. In one example, the transaction details can be displayed
as a floating message over the VKP.
Once the virtual keypad is displayed on the mobile device 205, the user can provide a
second key element (SKE) via the VKP. The second key element is one of a random sequence of
alphanumeric string of variable length and a biometric identification. Examples of the biometric
identification include, but not limited to, finger print, voice recognition, facial recognition, and
retinal scan. As would be understood, the mobile device 205 would be integrated with or
communicatively coupled with sensors/devices capable of receiving the biometric identification.
Accordingly, at step 406, the mobile device 205 may transmit the SKE to the backend
system 310. In an example, the transmission of the SKE can be performed using an encrypted
message frame.
Further, the backend system 310 determines an expiry of the predetermined time period
based on the timer. Accordingly, at step 407, the backend system 310 determines a reception of
the SKE from the mobile device 205.
If at step 407, the SKE is not received from the mobile device 205 prior to expiry of the
predetermined time or the SKE is received after the expiry of the predetermined time, then the
16
backend system 310 determines non-reception of the SKE. Accordingly, referring to Figures 2,
3, and 4b, at step 408, the backend system 310 generates an unsuccessful transaction message
and transmits the unsuccessful transaction message to the POT terminal 307. Upon receiving the
message, the POT terminal 307 may display an appropriate message on a display unit (not shown
in the figure) of the POT terminal 307.
At step 409, the backend system 310 generates a failure message and transmits the failure
message to the mobile device 205. The failure message indicates transaction details and details
about non-reception of the SKE in respect of the transaction.
On the contrary, if at step 407, the backend system 310 receives the SKE prior to expiry
of the predetermined time, then the process flows to step 410.
At step 410, the backend system 310 performs validation of the second key element
against the first key element. Accordingly, the backend system 310 compares the first key
element received from the POT terminal at step 401 with the second key element received from
mobile device 205 at step 406.
If at step 410, the backend system 310 determines that the first key element does not
match with the second key element, then at step 411, the backend system 310 generates an
unsuccessful transaction message and transmits the unsuccessful transaction message to the POT
terminal 307. Upon receiving the message, the POT terminal 307 may display an appropriate
message on a display unit (not shown in the figure) of the POT terminal 307.
At step 412, the backend system 310 generates a failure message and transmits the failure
message to the mobile device 205. The failure message indicates transaction details and details
about non-reception of the SKE in respect of the transaction.
On the contrary, if at step 410, the backend system 310 determines that the first key
element matches with the second key element, then the process flows to step 413.
At step 413, the backend system 310 enables the selection of first set of cards from the
associated cards 305 that are in unlocked state. In above example, referring to Figure 3, the flag
indicative of the state of electronic payment cards 305-1 and 305-4 is set to unlocked state.
Accordingly, the backend system 310 checks the flag indicative of the state of each of associated
cards 305 and enables the selection of electronic payment cards 305-1 and 305-4 as the first set
17
of cards on the mobile device 205. Further, the first set of cards can include the first electronic
payment card that has been used for initiating the transaction. In the above example, the user can
use either of the electronic payment cards 305-1 and 305-4 for initiating the transaction. As such,
the backend system 310 can display both electronic payment cards 305-1 and 305-4 on the
mobile device 205. In addition, the backend system 310 may also provide the specified cash
limit/card limit value corresponding to each of the first set of cards, as stored in the storage unit
204. Accordingly, the backend system 310 transmits an instruction to display the first set of
cards to the mobile device 205 along with their specified cash limit/card limit value. This reduces
the chances of failed transaction due to low balance since the user can select a second card that is
different from the first card and having required balance for completing the transaction.
Further, upon transmitting the instructions, the backend system 310 activates a timer for a
predetermined time period. The predetermined time period is considered from the instance the
instructions are sent to the mobile device 205. In an example, the predetermined time period is a
few seconds.
Upon receiving the instructions from backend system 310, the mobile device 205
displays the first set of cards along with their specified cash limit/card limit value via a userinterface.
Once the first set of cards is displayed, the user can select a card for transaction. This
eliminates the need to carry all the cards every time. Additionally, an easy solution is provided
for safeguarding the cards while travelling and in various other scenarios as the user need not
carry multiple cards. The user can carry only one card and perform transaction using any other
card. Further, this enables the user to carry a card with minimum balance.
In the above example, the details of the electronic payment cards 305-1 and 305-4 along
with their specified cash limit/card limit value can be displayed via a user-interface. The details
of the electronic payment cards 305-1 and 305-4 may include, but not limited to, card number,
payment technology, issuing bank, and expiry date.
Accordingly, at step 414, the mobile device 205 may transmit a selection of the second
electronic payment card to the backend system 310 for processing the transaction. In above
example, referring to Figure 3, user may select the electronic payment card 305-1 and the mobile
device 205 can transmit an identifier such as card number of the selected electronic payment card
305-1 to the backend system 310. However, the mobile device 205 does not retransmit the details
18
of the selected second electronic payment card to the backend system 310. The mobile device
205 only transmits the identifier of the second electronic payment card to the backend system
310. This improves the security of the card details and prevents unauthorized access of the card
details during transmission by way of hacking or any other malicious activity. In an example, the
transmission of the identifier can be performed using an encrypted message frame.
Further, the user may select the same card used for initiating the transaction or a different
card. Thus, in one case, the second electronic payment card is same as the first electronic
payment card. In the above example, the first electronic payment card used for transaction can be
electronic payment card 305-1 and the second electronic payment card selected for processing
the transaction can be electronic payment card 305-1. In another case, the second electronic
payment card is different from the first electronic payment card. In the above example, the first
electronic payment card used for transaction can be electronic payment card 305-1 and the
second electronic payment card selected for processing the transaction can be electronic payment
card 305-4.
Further, the backend system 310 determines an expiry of the predetermined time period
based on the timer. Accordingly, referring to Figures 2, 3, and 4c, at step 415, the backend
system 310 determines a reception of the selection of the electronic payment card from the
mobile device 205.
If at step 415, the selection is not received from the mobile device 205 prior to expiry of
the predetermined time or the selection is received after the expiry of the predetermined time,
then the backend system 310 determines non-reception of the selection. Accordingly, at step 416,
the backend system 310 generates an unsuccessful transaction message and transmits the
unsuccessful transaction message to the POT terminal 307. Upon receiving the message, the
POT terminal 307 may display an appropriate message on a display unit (not shown in the
figure) of the POT terminal 307.
At step 417, the backend system 310 generates a failure message and transmits the failure
message to the mobile device 205. The failure message indicates transaction details and details
about non-reception of the selection of any card in respect of the transaction.
19
On the contrary, if at step 415, the backend system 310 receives the selection of the card,
i.e., the identifier of the second electronic payment card prior to expiry of the predetermined
time, then the process flows to step 418.
At step 418, the backend system 310 transmits the transaction details received at step 407
to the banking system 309 corresponding to the selected electronic payment card for further
processing. Since the storage unit 204 stores the association details, the backend system 310
obtains the details of the second electronic payment card and determines the issuer issuing the
second electronic payment card. Upon determining, the backend system 310 directly sends
request to the corresponding issuer system 306 associated with the issuer to process the
transaction. The request includes the transaction details and details of the second electronic
payment card. In the above example, referring to Figure 3, if the second electronic payment card
selected for transaction is electronic payment card 305-1, then the backend system 310 transmits
the transaction details and the details of the electronic payment card 305-1 to the issuing system
306 associated with the issuer issuing the electronic payment card 305-1. If the second electronic
payment card selected for transaction is electronic payment card 305-4, then the backend system
310 transmits the transaction details and the details of the electronic payment card 305-4 to the
issuing system 306 associated with the issuer issuing the electronic payment card 305-4.
At step 419, the banking system 309 performs the validation and processes the
transaction, as known in the art. In an example, validation can be done by sending One Time
Password (OTP) to the mobile device 205 for further verification and checking balance. In
another example, validation can be done by checking balance.
At steps 420 and 421, the banking system 309 transmit messages to the POT terminal 307
and the mobile device 205 regarding the transaction, as known in the art. In one example, upon
positive validation, the banking system 309 completes the transaction and sends corresponding
transaction successful messages to the mobile device 205 and the POT terminal 307. In another
example, upon negative validation, the banking system rejects the transaction and sends
corresponding transaction unsuccessful messages to the mobile device 205 and the POT terminal
307.
Thus the present invention allows secure access to multiple associated cards 305 on the
mobile device 205 using a single associated card 305. Therefore, an easy solution is provided for
20
safeguarding the cards while travelling as the user need not carry multiple cards. The user can
carry only one card and perform transaction using any other card. Further, the security of
authentication details such as PIN is completely ensured as the key elements are either random
sequence of alphanumeric string of variable length or a biometric identification and user need not
to remember any kind of passwords. Thus, the user can provide a different first key element for
each transaction, thereby eliminating the chances of cloning and stealing data. In addition, the
requirement of memorizing several PINs is eliminated.
Additionally, an easy solution is provided for safeguarding the cards in various other
scenarios. Example of such scenario includes, but not limited to, delegating access to any of the
associated cards 305 to a second user. In such scenarios, complete control over any transaction
initiated using that delegated associated card 305 is still with the user of the mobile device 205,
as described above.
Although, the above steps have been written from the perspective of a single user, it
would be understood that multiple users can follow the same steps for enhancing the security of
card based financial transactions.
The drawings and the forgoing description give examples of embodiments. Those skilled
in the art will appreciate that one or more of the described elements may well be combined into a
single functional element. Alternatively, certain elements may be split into multiple functional
elements. Elements from one embodiment may be added to another embodiment. For example,
orders of processes described herein may be changed and are not limited to the manner described
herein. Moreover, the actions of any flow diagram need not be implemented in the order shown;
nor do all of the acts necessarily need to be performed. In addition, those acts that are not
dependent on other acts may be performed in parallel with the other acts. The scope of
embodiments is by no means limited by these specific examples. Numerous variations, whether
explicitly given in the specification or not, such as differences in structure, dimension, and use of
material, are possible. The scope of embodiments is at least as broad as given by the following
claims.
While certain present preferred embodiments of the invention have been illustrated and
described herein, it is to be understood that the invention is not limited thereto. Clearly, the
21
invention may be otherwise variously embodied, and practiced within the scope of the following
claims.
22

We Claim:
1. A method comprising:
- receiving, from a point of transaction (POT) terminal, a first key element and
transaction details in respect of a transaction initiated using a first electronic
payment card;
- fetching, from a storage unit, an account associated with the first electronic
payment card, the account being associated with a plurality of electronic payment
cards issued to a user of the account by plurality of issuers and the plurality of
electronic payment cards including the first electronic payment card;
- activating a virtual keypad on a mobile device associated with the account;
- receiving a second key element from the mobile device, the second key element
being provided by the user via the virtual keypad; and
- enabling and displaying, on the mobile device, a first set of electronic payment
cards from the plurality of electronic payment cards for selection on the mobile
device when the first key element matches with the second key element.
2. The method as claimed in claim 1, wherein the electronic payment card is one of: a credit
card, a debit card, an automated teller machine (ATM) card, a fleet card, stored-value
card, prepaid card, and a gift card.
3. The method as claimed in claim 1, wherein the first key element is one of a random
sequence of alphanumeric string of variable length and a biometric identification.
4. The method as claimed in claim 1, wherein the second key element is one of a random
sequence of alphanumeric string of variable length and a biometric identification.
5. The method as claimed in claim 1, wherein the virtual keypad is arranged in a random
pattern for each transaction initiated using one of the plurality of electronic payment
cards.
23
6. The method as claimed in claim 1, wherein the first set of electronic payment cards are in
an unlocked state and a remaining set of electronic payment cards is in a locked state.
7. The method as claimed in claim 6, wherein in the unlocked state of an electronic payment
card, use of the electronic payment card is allowed.
8. The method as claimed in claim 6, wherein in the locked state of an electronic payment
card, use of the electronic payment card is prevented.
9. The method as claimed in claim 1, further comprises:
- receiving, from the mobile device, a selection of a second electronic payment card
from amongst the first set of electronic payment cards; and
- transmitting the transaction details to an issuer of the second electronic payment
card to process the transaction.
10. The method as claimed in claim 1, further comprises:
- preventing the display of the first set of electronic payment cards for selection on
the mobile device upon determining one of:
- a non-reception of the second key element from the mobile device prior to
expiry of a predetermined time period from the reception of the first key
element; and
- the first key element does not match with the second key element; and
- transmitting a response message to the mobile device indicative of the
determination.
11. A system comprising:
- a first input receiving unit to receive a first key element and transaction details in
respect of a transaction initiated using a first electronic payment card from a point
of transaction (POT) terminal;
- a fetching unit to fetch an account associated with the first electronic payment
card from a storage unit, the account being associated with a mobile device and
24
plurality of electronic payment cards issued to a user of the account by plurality of
issuers and the plurality of electronic payment cards including the first electronic
payment card;
- a keypad activation unit to activate a virtual keypad on the mobile device
associated with the account;
- a second input receiving unit to receive a second key element from the mobile
device, the second key element being provided by the user via the virtual keypad;
and
- a control unit to:
- enable a first set of electronic payment cards from the plurality of electronic
payment cards for selection on the mobile device when the first key element
matches with the second key element; and
- display the plurality of electronic payment cards on the mobile device.
12. The system as claimed in claim 11, wherein the electronic payment card is one of: a
credit card, a debit card, an automated teller machine (ATM) card, a fleet card, storedvalue
card, prepaid card, and a gift card.
13. The system as claimed in claim 11, wherein the first key element is one of a random
sequence of alphanumeric string of variable length and a biometric identification.
14. The system as claimed in claim 11, wherein the second key element is one of a random
sequence of alphanumeric string of variable length and a biometric identification.
15. The system as claimed in claim 11, wherein the control unit arranges the virtual keypad
in a random pattern for each transaction initiated using the plurality of electronic payment
cards.
16. The method as claimed in claim 11, wherein the first set of electronic payment cards are
in an unlocked state and a remaining set of electronic payment cards is in a locked state.
25
17. The method as claimed in claim 16, wherein in the unlocked state of an electronic
payment card, use of the electronic payment card is allowed.
18. The method as claimed in claim 16, wherein in the locked state of an electronic payment
card, use of the electronic payment card is prevented.
19. The system as claimed in claim 11, wherein:
- the second input receiving unit further receives a selection of a second electronic
payment card from amongst the first set of electronic payment cards from the
mobile device; and
- the control unit transmits the transaction details to an issuer of the second
electronic payment card to process the transaction.
20. The system as claimed in claim 11, wherein the control unit:
- prevents the display of the first set of electronic payment cards for selection on the
mobile device upon determining one of:
- a non-reception of the second key element from the mobile device prior to
expiry of a predetermined time period from the reception of the first key
element; and
- the first key element does not match with the second key element; and
- transmits a response message to the mobile device indicative of the determination.