1. Patent Search
  2. Details

PAYMENT CARD, AUTHENTICATION METHOD AND USE FOR A REMOTE PAYMENT

20240232853 ยท 2024-07-11

    Inventors

    Cpc classification

    International classification

    Abstract

    The payment card includes at least one authentication cryptogram on one side of the card. The authentication cryptogram being unique and belonging to the payment card, is affixed to the payment card and identifies the payment card by optical recognition. The optical recognition identifier is linked to a bank account to which the payment card is linked. The method for authenticating the payment card and the bearer of the payment card is performed for a secure operation relating to personal data of the bearer of the payment card. Finally, the invention relates to a use of the authentication method to make a remote payment using the payment card.

    Claims

    1. A payment card, comprising: a front side; a back side; an electronic chip, wherein said front side is comprised of security data which include at least one PAN number, an identity of the bearer of the payment card and an expiration date of the payment card, wherein said back side is comprised of a CVV cryptogram being comprised of three digits; and a unique authentication cryptogram belonging to the payment card, the authentication cryptogram being affixed to the payment card, wherein the authentication cryptogram forming a means of identifying the payment card by optical recognition, this identification means being linked to a bank account to which the payment card is linked.

    2. The payment card according to claim 1, wherein the authentication cryptogram is a matrix code forming a determined number of black modules arranged against a white background so as to form a unique pattern, each black module forming a character of the authentication cryptogram.

    3. The payment card, according to claim 1, wherein the PAN number is comprised of four series of four digits, the payment card comprising a PAN cryptogram replacing at least one series of four digits of the PAN number.

    4. The payment card 1, according to claim 3, wherein the PAN cryptogram (21) comprises between 16 and 100 characters.

    5. The payment card, according to claim 1, wherein the PAN cryptogram (21) is a Cardan grille.

    6. The payment card 1, according to claim 1, wherein the CVV cryptogram is replaced by a cryptogram having a number of characters greater than three.

    7. The payment card, according to claim 1, wherein the authentication cryptogram comprises a number of characters between 200 and 10,000.

    8. A method for authenticating a payment card, defined according to claim 1, and of the bearer of that payment card, with a view to performing a secure operation relating to the personal data of the bearer of the payment card, the authentication method comprising the steps of: a) authenticating the payment card by entering security data of the payment card and/or a first authentication of the bearer of the payment card, the bearer of the payment card entering their own identity and/or an identifier; b) requesting a secure operation relating to personal data of the bearer of the payment card, the request carried out with a secure digital space linked to the bank account of the payment card that is open with a banking institution, the secure digital space being stored on a remote server managed by the banking institution; c) verifying the entered security data of the payment card, this step being carried out by comparing the entered security data with reference data stored on the secure digital space; d) authenticating the payment card and the bearer of the payment card, the second authentication step being carried out by recognition of the authentication cryptogram belonging to the payment card, this step being carried out through a digital recognition module available or accessible via a digital terminal belonging to the bearer of the payment card; and e) finalizing the secure operation relating to personal data of the bearer of the payment card.

    9. The authentication method, according to claim 8, wherein the step d) is carried out by opening a secure communication channel between the secure digital space of the bank account and the digital terminal of the bearer of the payment card, the secure digital space of the bank account then calling for the opening of the digital recognition module.

    10. The authentication method, according to claim 8, further comprising: giving access to a camera, upon the opening of the recognition module, a biometric and/or code authentication transaction of the bearer of the payment card, and in the event of successful authentication of the bearer of the payment card, the recognition module gives access to a camera of the digital terminal to allow a digital capture of the authentication cryptogram of the payment card.

    11. The authentication method, according to claim 8, further comprising the step of: comparing the authentication cryptogram affixed to the payment card, with a digital reference image of the authentication cryptogram stored in the secure digital space of the bank account.

    12. The authentication method, according to claim 8, wherein, when the connection step a) is carried out on a secure online portal separate from the secure digital space, a secure communication channel is opened between the secure online portal and a secure digital space linked to the bank account of the payment card.

    13. The authentication method, according to claim 8, further comprising the step of: geolocating the digital terminal of the bearer of the payment card.

    14. The use of the authentication method, according to claim 8, comprising the step of validating a remote payment and in particular a remote payment carried out via a website, the remote payment being made through a payment card.

    Description

    BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

    [0046] Other features and advantages will become apparent in the following detailed description of two non-limiting exemplary embodiments of the invention, which is shown by the enclosed FIGS. 1 to 6.

    [0047] FIG. 1 is a schematic view of a representation of a front side of a payment card according to the invention.

    [0048] FIG. 2 is a schematic view of a representation of a back side of the payment card of FIG. 1.

    [0049] FIG. 3 is a schematic view of a representation of a digital terminal receiving a call from a banking server in order to authenticate a payment card.

    [0050] FIG. 4 is a schematic view of a representation of a step of recognition of the authentication cryptogram of the payment card of FIGS. 1 and 2.

    [0051] FIG. 5 is a schematic view of a representation of a system and a method for authenticating a payment card according to a first exemplary embodiment of the invention.

    [0052] FIG. 6 is a schematic view of a representation of a system and a method for authenticating a payment card according to a second exemplary embodiment of the invention.

    DETAILED DESCRIPTION OF THE INVENTION

    [0053] As shown in FIGS. 1 to 5, the invention relates to a payment card 1. This payment card 1 corresponds to a bank card. In fact, the payment card 1 according to the invention is connected to a bank account opened with a banking institution. The bank account and the payment card 1 are assigned to a user, also called the owner of the bank account, or bearer 100 of the payment card 1.

    [0054] The payment card 1 comprises a front side 10 and a back side 11. Conventionally, the payment card 1 also integrates an electronic chip 12. This electronic chip 12 comprises a processor and a memory configured to execute an algorithm and/or store data.

    [0055] As shown in FIG. 1, the front side 10 comprises security data 2. The security data 2 include at least one PAN number 20. The PAN number 20 is composed of several series of digits, for example four series of four digits, making sixteen digits in total. The term PAN is common in banking jargon. In this example, by reading the payment card 1 from left to right, the PAN number 20 comprises a first series 200 of digits, a second series 201 of digits, a third series of digits and a fourth series of digits 203.

    [0056] As shown in FIG. 1, it is possible to replace at least one series of four digits of the PAN number 20 with a PAN cryptogram 21. In this example, the PAN cryptogram 21 replaces the third series of digits of the PAN number 2. However, alternatively, it is possible that the PAN cryptogram 21 replaces the fourth series 203 of digits of the PAN number 2.

    [0057] According to the invention, the PAN cryptogram 21 comprises between 16 and 100 characters. Preferably, the PAN cryptogram 21 comprises between 36 and 64 characters. In the example of FIG. 1, the PAN cryptogram 21 consists of a Cardan grille. Nevertheless, it is quite possible to envisage the use of another type of PAN cryptogram 21 such as a linear barcode or a matrix barcode.

    [0058] It should be noted that this technique of encryption of the PAN number using the Cardan grille as a PAN cryptogram 21 is described in more detail in international application WO 2020/120849 filed by the applicant. Additionally, a method for digitally revealing the encrypted series of digits is described in the published patent application FR 20 05961 also filed by the applicant. As described in the introduction, the encryption of a series of digits of the PAN number 21 effectively makes it possible to combat identity theft fraud, in particular following a physical theft of the payment card.

    [0059] As shown in FIG. 1, the security data 2 also comprises the identity 22 of the bearer 100 of the payment card 1. In addition, the security data 2 comprises an expiration date 23 of the payment card 1.

    [0060] Conventionally, the security data 2, 20, 21, 22, 23 affixed to the front side 10 of the payment card 1 are inscribed by printing and/or embossing, or even by screen printing onto the surface of the payment card 1. In this example, with the exception of the PAN cryptogram 21 that is printed, the other security data 2, 20, 22, 23 are affixed by embossing.

    [0061] As shown in FIG. 2, the back side 11 has a CVV cryptogram 24. This CVV cryptogram 24 is generally three digits. Optionally, it is also possible to replace the CVV cryptogram 24 with a cryptogram having a number of characters greater than three. By way of information, a cryptogram such as a Cardan grille, linear barcode or matrix barcode can be used to substitute the CVV cryptogram 24.

    [0062] The CVV cryptogram 24 also takes advantage of the security data 2 of the payment card 1. It is referred to as security data since, during a remote payment, these security data 2 are used to authenticate the payment card 1 with the banking management institution.

    [0063] According to the invention, the payment card 1 comprises at least one authentication cryptogram 3. It is unique and belongs to the payment card 1. This authentication cryptogram 3 constitutes a means for authenticating the payment card 1 by optical recognition. It is linked to the bank account of the payment card 1.

    [0064] The authentication cryptogram 3 can be affixed on one side 10, 11 of the payment card 1. In the example of FIG. 2, the authentication cryptogram 3 is affixed on the back side 11. However, the authentication cryptogram 3 could also be available on the front side 10 of the payment card 1.

    [0065] According to the invention, the authentication cryptogram 3 comprises a number of characters between 200 and 10,000.

    [0066] In the example shown in FIGS. 2, 4 and 5, the authentication cryptogram 3 consists of a matrix code. The matrix code is also called a two-dimensional barcode. In practice, the matrix code consists of a determined number of black modules arranged against a white background so as to form a single pattern. As such, each black module constitutes one character of the authentication cryptogram 3. Each black module has determined dimensions. This type of matrix code is known as a QR Code?. The high number of characters in the authentication cryptogram 3 gives it its unique character.

    [0067] It should be noted that the authentication cryptogram 3 could be formed by another type of visual cryptogram such as a holographic cryptogram, a Cardan grille, etc. The advantage of a cryptogram of the data matrix type lies in its already-established ability to be read and recognized by a smartphone and current banking applications.

    [0068] As shown in FIGS. 5 and 6, the invention also relates to an authentication system 4 of a payment card 1 and of the bearer 100. The two-factor authentication of the bearer 100 and its payment card 1 contributes to performing a secure operation relating to personal data of the bearer 100 of the payment card 1. For example, the secure transaction may correspond to a remote payment carried out using the payment card 1 (FIG. 5). This two-factor authentication is more particularly useful for remote payment via the Internet. However, two-factor authentication can also be used to perform a digital signature, a transaction on a loyalty account, a transfer of banking funds, etc.

    [0069] In the example of FIGS. 5 and 6, the authentication system 4 comprises a digital terminal 5. The digital terminal 5 may consist of a smartphone, a digital tablet, etc. More broadly, it is possible to implement the invention with an electronic device equipped with display means such as a screen, a multimedia capture tool such as a still or video camera, a memory, and a processor in order to store and execute algorithmic applications. The electronic device may also comprise means for communications through a telecommunication network such as a mobile telephony network, a wired telephony network, the Internet etc.

    [0070] According to the invention, the digital terminal 5 incorporates a module 50 for recognition of the authentication cryptogram 3 belonging to the payment card 1. The recognition module 50 is configured for a digital capture of the authentication cryptogram 3. For these purposes, the recognition module 50 is integrated into an application system configured to take control of the camera of the digital terminal 5. By way of example, the recognition module 50 can be integrated into an application for managing the bank account linked to the payment card 1. This application for managing the bank account is of course stored and executed by the digital terminal 5. It should be noted that as of this writing, each banking institution makes a banking management application available to their clients. The recognition module 50 is therefore an algorithmic brick which can be added to an already pre-existing application or correspond to an application algorithm itself.

    [0071] The digital terminal 5 is configured to communicate remotely through a wireless communication network. To this end, the digital terminal 5 may comprise communication means such as a mobile telephony transceiver. By way of example, the transceiver may be of the GSM, 2G, 3G, 4G, 5G, 6G type. Additionally, the digital terminal 5 may comprise a near-field transceiver, such as Bluetooth, Wi-Fi or other. It should be noted that most digital terminals comprise a Wi-Fi transceiver and a Bluetooth transceiver. Furthermore, mobile telephones or smartphones further comprise a mobile telephony transceiver.

    [0072] As shown in FIGS. 5 and 6, the authentication system 4 according to the invention further comprises a secure digital space 6. The secure digital space 6 is linked to the bank account of the payment card 1. In general, the secure digital space 6 is managed by a banking institution managing said bank account of the bearer of the payment card 1. The secure digital space 6 is stored by a remote server. In a known manner, this secure digital space 6 is accessible remotely via secure protocols, such as the service call. This service call is of the same type as that which is used by electronic payment terminals (EPTs) to perform banking payments after reading a bank payment card.

    [0073] Typically, a service call can be secured by a security protocol such as APA, HTTPS, or OAuth2.

    [0074] The secure digital space 6 is also configured to open a secure communication channel using a payment validation system, of the PSP or Payment service provider type, for example. Such a PSP payment validation system corresponds to an application programming interface also called API. The API of this payment validation system is configured to open a secure communication channel between the secure digital space 6 and the holder of the bank account, in order to confirm a remote payment. In this example, the payment validation system used is configured to establish secure communication between the secure digital space 6 and the digital terminal 5 of the bearer 100 of the payment card 1 linked to said bank account.

    [0075] In the example shown in FIG. 5, the authentication system 4 may comprise a secure online portal 7. The online portal 7 is itself stored on a remote server that is separate from the banking server. In this example, the online portal 7 is configured to communicate with the remote server storing a secure digital space 6 of a bank account. When the bearer 100 wishes to perform an online payment transaction, the online portal 7 is a payment portal hosted on a website such as a merchant site.

    [0076] According to the invention, the online portal 7 is configured to perform a secure operation relating to personal data of the bearer 100 of the payment card 1. Said secure transaction may correspond, as described above, to a remote payment, a digital signature, a transaction on a loyalty account, a transfer of banking funds, etc.

    [0077] In the example of FIG. 6, the online portal 7 can be one and the same as the secure digital space 6. This possibility is more specific to a bank transfer transaction or a transaction on a loyalty card. In this configuration, the bearer 100 communicates directly with their digital terminal 5 via the secure digital space 6.

    [0078] Thus, in the context of the authentication system 4, the secure digital space 6 is configured to communicate remotely through a wireless communication network with the digital terminal 5 and/or the online portal 7.

    [0079] In all cases, the secure operation relating to personal data of the bearer 100 is carried out after two-factor authentication of the payment card 1 and of the bearer 100 of the payment card 1. In practice, the authentication system 4 involves a first conventional authentication in all online payment transactions. This first authentication corresponds, on the one hand, to an authentication of the bearer 100 by its connection to a personal digital space. This authentication of the bearer 100 comprises entering an identifier and a password or else biometric recognition. On the other hand, the first authentication also involves information regarding security data 20, 21, 22, 23, 24, 200, 201, 203 of the payment card 1. It should be noted that in the present example, the PAN number 20 comprises a PAN cryptogram 21. When the bearer 100 does not have the series of digits replaced by the PAN cryptogram 21 in its memory, the bearer 100 can reveal this series of digits via a visualization method described by the French patent application FR 20 05961 also held by the applicant. In the example of FIG. 5, the first authentication is carried out by connecting to an online portal 7. Conversely, in the example of FIG. 6, the first authentication is carried out directly from the secure digital space 6 linked to the payment card 1.

    [0080] Secondly, the authentication system 4 involves a second authentication. This second authentication takes place through a secure communication channel open between the secure digital space 6 and the digital terminal 5 of the bearer 100 of the payment card 1.

    [0081] In practice, this second authentication corresponds, on the one hand, to an authentication of the bearer 100 by entering a password or by biometric recognition via the recognition module 50. When the authentication of the bearer 100 of the payment card 1 is successful, the recognition module 50 performs a second authentication of the payment card 1. This second authentication involves reading or capturing the authentication cryptogram 3 of the payment card 1. In fact, this two-factor authentication is a condition for approving the secure transaction, because the bearer 100 is in possession of their payment card 1 during the validation of the transaction. In the absence of biometric data of the bearer 100 or authentication cryptogram 3, a hacker cannot validate the secure transaction. Furthermore, an additional security level is conferred by a payment card 1 equipped with a PAN cryptogram 21.

    [0082] The invention also relates to a method for authenticating a compliant payment card 1 of the invention and of the bearer 100 of this payment card 1. This authentication is carried out in order to carry out a secure operation relating to personal data of the bearer 100 of the payment card 1. According to the invention, this authentication method can be used to approve a remote payment, and in particular a remote payment carried out via a website. However, the method according to the invention can also be useful to perform a financial transaction, a transaction on a loyalty account, a digital signature, etc.

    [0083] As shown in FIGS. 5 and 6, the authentication method comprises a first step of authenticating the payment card 1 and the bearer 100 of the payment card 1. This first authentication step is called a). During this step a), the bearer 100 enters the security data 20, 21, 22, 23, 24, 200, 201, 203 of the payment card 1. In practice, step a) may also involve an authentication of the identity of the bearer 100 of the payment card 1. This authentication is carried out by connecting to a secure digital space. The connection involves entering an identifier accompanied by an access code and/or biometric recognition. The biometric recognition can be digital or facial. This functionality depends on the features integrated into the digital terminal 5 of the bearer 100 of the payment card 1.

    [0084] As shown in FIGS. 5 and 6, the authentication method comprises a step of requesting a secure operation relating to personal data of the bearer 100 of the payment card 1. The request step is denoted b). According to the invention, the request is made with a secure digital space 6 linked to the bank account of the payment card 1. This bank account is of course open with a banking institution. In this example, the secure digital space 6 is stored on a remote server managed by the banking institution. As described above, the secure digital space 6 is accessible remotely through current telecommunication means (Internet, mobile telephony).

    [0085] The authentication method comprises a step of verifying the entered security data 20, 21, 22, 23, 24, 200, 201, 203 of the payment card 1. This step is denoted c). The verification step c) is carried out by comparing the entered security data 20, 21, 22, 23, 24, 200, 201, 203 with reference data stored in the secure digital space 6. When this step is successful, the method according to the invention calls for a second authentication in order to validate the operation relating to personal data of the bearer 100 of the payment card 1.

    [0086] For these purposes, the authentication method comprises a second step of authenticating the payment card and the bearer of the payment card. This second authentication step is denoted d). According to the invention, the second authentication step is carried out by recognition of the authentication cryptogram 3 of the payment card 1.

    [0087] In this example, step d) is carried out through a digital recognition module 50 available or accessible to the digital terminal 5 belonging to the bearer 100 of the payment card 1. In practice, the second authentication step d) is carried out by opening a secure communication channel between the secure digital space 6 and the digital terminal 5 of the bearer 100 of the payment card 1. Such a secure communication channel can use a PSP system described above. In practice, the secure digital space 6 of the bank account calls the opening of the digital recognition module 50 on the digital terminal 5 of the bearer 100 of the payment card 1.

    [0088] As shown in FIG. 3, when the recognition module 50 is opened, the method may comprise a biometric and/or codified authentication transaction of the bearer 100 of the payment card 1. In this example, biometric authentication by recognition of a fingerprint 51 is requested. In the event of the authentication of the bearer 100 of the payment card 1, the recognition module 50 gives access to a camera of the digital terminal 5 to allow a digital capture of the authentication cryptogram 3 belonging to the payment card 1 (see FIG. 4). The recognition module 50 comprises a frame 52 in the payment card 1 must be placed through the screen of the digital terminal 5. It should be noted that the recognition module 50 asks to scan the payment card 1.

    [0089] The second authentication step comprises a transaction of comparing the authentication cryptogram 3 affixed to the payment card 1, with a digital reference image of the authentication cryptogram. This reference image is stored in the secure digital space 6 of the bank account. When the reference image corresponds to cryptogram 3 affixed on the payment card, the second authentication step is considered to be successful.

    [0090] In the event of the second authentication step failing, the secure transaction can immediately be aborted, however, the method can allow the bearer 100 of the payment card to attempt a determined number of recognition tests. For example, it is possible to offer three authentication cryptogram 3 recognition tests before the secure transaction is interrupted due to failure of the two-factor authentication of the payment card 1 and the identity of its bearer 100. In the event of a first failure, it is also possible to switch to more conventional authentication methods such as the secure 3D system described in the introduction of this document.

    [0091] However, in the event of the second authentication step d), the authentication method comprises a step of finalizing the secure operation relating to personal data of the bearer 100 of the payment card 1. The finalizing step is denoted e). In practice, the finalizing step transmits the authorizations to proceed with said secure transaction.

    [0092] Additionally, the authentication method may comprise a step of geolocation of the digital terminal 5 of the bearer 100 of the payment card 1. The location of the bearer 100 of the payment card 1 can give information regarding a fraud attempt. Indeed, if the digital terminal 5 is located in a different country from that wherein the bank account has been opened, this can generate an alert sent to the bearer 100. In practice, the recognition module 50 is configured to have access to the location data of the digital terminal 5. Alternatively, the IP address of the digital terminal 5 can make it possible to give information about the geolocation of the bearer 100 of the payment card 5.

    [0093] In brief, the purpose of this geolocation is to ensure that the entry of the security data 20, 21, 22, 23, 24, 200, 201, 203 of the payment card 1 and the recognition of the authentication cryptogram 3, in particular of the QR Code? are carried out from the same place.

    [0094] According to a first example embodiment shown in FIG. 5, when the first authentication step a) is carried out following a connection to a secure digital space of a secure online portal 7 separate from the secure digital space 6. This possibility is very common, it corresponds to a purchase made by the bearer 100 of the payment card 1 on the online portal 7 of a merchant site. According to this example, the bearer 100 enters the security data 20, 21, 22, 23, 24, 200, 201, 203 directly into the secure digital space of the online portal 7.

    [0095] The request step b) is carried out through a secure communication channel which is open between the online portal 7 and the secure digital space 6. This channel may be that already used between a payment service provider and a bank.

    [0096] In this situation, the finalizing step e) also takes place through this secure communication channel. When the online portal 7 is a payment portal of a merchant website, the finalizing step e) consists in transmitting the debit authorizations between the banking institution of the payment card 1 and a banking institution to which the payment portal is assigned. The online portal 7 may also request a digital signature that will be provided through the authentication method of the invention. In this case, the validation step e) transmits an authorization or a digital signature.

    [0097] According to a second example embodiment of the method shown in FIG. 6, the first authentication step a) is carried out following a connection to the secure digital space 6 linked to the bank account of the payment card 1. According to this example, the bearer 100 identifies themselves to the secure digital space 6. In practice, the bearer 100 authenticates themselves by entering their identity, via an identifier. This identifier is verified by means of a password and/or by biometric recognition (digital or facial recognition).

    [0098] According to this example, the request step b) is carried out within the secure digital space 6. In this situation, the finalizing step e) takes place directly from the banking institution, for example to perform an internal banking movement, that is to say, between two bank accounts opened with the same institution. These two bank accounts can belong to the same bearer 100 or to two different entities. Alternatively, when a financial transaction between two banking organizations is concerned, the finalizing step consists of transferring the authorizations to debit the bank account of the bearer 100 of the payment card 1 and to deposit into a receiving banking institution.