METHODS AND SYSTEMS FOR VALIDATING AN INTERACTION

Abstract

Methods and systems for validating an interaction between a user and a service provider system are disclosed. Electronically-stored credential data for the user are retrieved (100), and a communication link (252, 223, 207) is established (102) between a user device and a service provider system. Via the communication link the retrieved user credential data is transferred (104) from the user device to the provider system, and the transferred user credential data is used (106) to validate that the user can access a service provided by the service provider system. The validation of the interaction, following receipt of the user credential data, may include processing the interaction.

Claims

1. A method of validating an interaction between a user and a service provider system, comprising: retrieving electronically-stored credential data for the user; establishing a communication link between a user device and a service provider system; transferring via the communication link the retrieved user credential data from the user device to the service provider system; and using the transferred user credential data to validate that the user can access a service provided by the service provider system.

2. The method according to claim 1, wherein the step of using the transferred user credential data comprises: following receipt of the user credential data, processing an interaction at a service provider processor.

3. The method according to claim 1, wherein the step of using the transferred user credential data comprises comparing the user credential data with service provider credential data.

4. The method according to claim 3, wherein the service provider credential data comprises data corresponding to a list of users for which the service cannot be provided.

5. The method according to claim 1, comprising filtering the retrieved user credential data before using the credential data to validate user access to the service.

6. The method according to claim 1, wherein the step of retrieving comprises retrieving the user credential data from a store on the user device.

7. The method according to claim 1, wherein the step of retrieving comprises: connecting a communication interface of the user device to a communications network; contacting via the communications network a credential provider; and retrieving, from storage managed by the credential provider, the user credential information.

8. The method according to claim 1, wherein the step of using comprises: following receipt of the user credential data, transferring validation data from the service provider system to the user device via the communication link.

9. A system for validating an interaction between a user and a service provider system, comprising: a user device; a service provider system, having a provider communication interface and at least one processor; and an electronic store retrievably storing credential data for the user, wherein the provider communication interface is operable to transfer user credential data, retrieved from the electronic store, from the user device to the service provider system, and wherein the processor of the service provider system is configured to use the transferred user credential data to validate that the user can access a service provided by the service provider system.

10. A service provider system for validating an interaction between a user and a service provider system, comprising: a service provider communication interface, operable to communicate with a communication interface of a user device; and at least one processor, wherein the provider communication interface is operable to transfer user credential data, retrieved from an electronic store by the user device, from the user device to the service provider system, and wherein the processor of the service provider system is configured to use the transferred user credential data to validate that the user can access a service provided by the service provider system.

11. The system according to claim 9, wherein the user device is embedded in a user item.

12. The system according to claim 9, wherein the user device is incorporated in a portable user device.

13. The method according to claim 2, wherein the step of using the transferred user credential data comprises comparing the user credential data with service provider credential data.

14. The method according to claim 13, wherein the service provider credential data comprises data corresponding to a list of users for which the service cannot be provided.

15. The system according to claim 10, wherein the system is adapted for retrieval of the user credential data from a store on the user device.

16. The system according to claim 10, wherein the system is adapted for retrieval of the user credential data by connecting a communication interface of the user device to a communications network, contacting via the communications network a credential provider, and retrieving, from storage managed by the credential provider, the user credential information.

17. The method of claim 1, wherein the validation an interaction between a user and a service provider system is comprised within a Know Your Customer procedure for determining an identity of the user for performance of a service by the service provider system.

18. The method of claim 17, wherein performance of the service comprises provision of a prepaid payment card.

19. The system according to claim 10, wherein the service provider communication interface and the communication interface of the user device are adapted to communicate using NFC protocols.

20. The system according to claim 19, wherein the user device is a passport.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

[0035] The disclosure will now be described by way of example with reference to the accompanying drawings, in which:

[0036] FIG. 1 is a diagram illustrating steps of a method according to an embodiment of the disclosure;

[0037] FIGS. 2a and 2b are diagrams illustrating the components, structure and functionality of a user device and a provider system respectively, according to an embodiment of the disclosure; and

[0038] FIG. 3 is a diagram illustrating features of methods of embodiments of the disclosure.

DETAILED DESCRIPTION OF EMBODIMENTS

[0039] Embodiments of the disclosure facilitate validation or authorisation of user-provider interactions, particularly where such validation or authorisation would otherwise be time-consuming or cumbersome, lacking in security, and/or inapplicable to certain types of interaction.

[0040] FIG. 1 is a diagram illustrating steps of a method according to an embodiment of the disclosure. First, electronically stored credential data or information for the user is retrieved (100). The data or information may be stored locally, for example on a user device, or on a networked storage facility accessible by the user device. The credential information for the user will be some sort of document or set of data which attests to some establishable fact about the user, for example a name and address, a qualification, or an authority (issued by a third party to the user) for a given action. The document or data may be (from) a passport, transaction or bank account details, a sample or copy of a utility bill, a driving license, a degree or certification, a security clearance (level), or the like.

[0041] Retrieval of the credentials will typically involve loading or downloading the data or information from the store, which may be any known kind of digital storage. The user device in embodiments of the disclosure will have a local storage means on which the credentials may be stored. If they are stored elsewhere, and accessed by the device, the device will nevertheless provide storage capability, for storing the information if only temporarily before transfer.

[0042] Second, a communication link is established between the user device and the interaction or service provider system. This may be achieved by any known local communication protocol, such as wireless or bluetooth, or by NFC. In the latter case, the communication will in the usual manner be carried out by the communication device of the provider system reading the NFC chip of the user device. The communication may also be by wired connection. The communication will usually be local, as the user will be in the vicinity of the provider system which requires the credentials in order to carry out the transaction.

[0043] Such interactions or transactions may include, for example, obtaining a transaction card, such as a pre-paid foreign currency card. On applying for such a card, KYC procedures are usually requiredembodiments of the disclosure can electronically transfer stored KYC compliant information on the user device to the provider, to allow authorisation of the interaction (which would be withheld, should no KYC information be available). Another example of such interactions may be executing a contract for a telecommunications device; the telecommunications service provider may require user credentials. For car hire, or for purchasing travel insurance at an airport, the user can provide credentials to allow the transaction. Any token for cash replacement can potentially be obtained using authorisation by credentials in this way.

[0044] Once the communication link has been established, the user credential information can be transferred (104) from the user device to the provider system, via the communication link. The credential information or data will be loaded from storage, transmitted by the user device (or read by the provider system) and received by the communication interface of the provider system. The credential information can then be used for validation or authorisation of the interaction (106).

[0045] FIG. 2a is a diagram illustrating the components, structure and functionality of a user device according to an embodiment of the disclosure, employed as the means of transferring the credentials to the provider system. The user device 200 may be a mobile handset, though it should be noted that any other portable computing apparatus such as a smart watch, laptop, notebook or tablet computer can be used as computing apparatus in embodiments of the disclosure.

[0046] The device comprises a processor 201 and a memory 202, such that the memory stores and the processor will subsequently run applications (shown generally as residing in an application space 203) such as a data filtering application 203a. The device has a user interface comprising a display 204 and a touchscreen 205 (or other input device) and associated drivers to allow a user to enter data into and view information from the applications 203. The device also has a communications capability, such as a SIM 206 and wireless communication element 207 together providing the ability to connect to a cellular communications network; in addition or alternatively the device may include wi-fi or wired network access. For communication with the provider system, either this wi-fi or wired access is used, or the device will comprise an NFC chip (252) or the like for near-field communication. The memory 202 can be used for storing the credential data, or alternatively a dedicated storage means can be used.

[0047] It should be noted that in alternative embodiments, these features may be embodied in minimal components, i.e. storage and means for communication with the provider system, such as a readable (NFC) chip alone. Such a chip may be housed in a user item, such as a passport, or a wearable garment, or in a transaction card. In one embodiment, a passport containing an NFC chip, as previously considered, can be used as the user devicethe chip stores the passport information, the passport information is commonly sufficient for KYC procedures, and the chip can be read by a suitably equipped NFC provider system.

[0048] FIG. 2b is a diagram illustrating the components, structure and functionality of a provider system (250) according to an embodiment of the disclosure, which processes credentials for authorising the interaction.

[0049] The provider system comprises a processing environment 220 with processor 221 and memory 222, with associated communications functionality 223. The communications functionality may include networking capability allowing communication with a transaction network infrastructure. Alternatively or in addition, a telecommunications capability allows communication over a local communications protocol with the user device (200). This communication may be secured, and/or the information may be encrypted before transmission or reading. The communications capability is also in embodiments capable of transmitting information or data back to the user device, in response to receipt of data, and for instance processing of that data regarding authorisation.

[0050] The processor 221 is a representation of processing capability and may in practice be provided by several processors. A database 210 is provided, storing for example credential data against which the transferred user credentials may be compared.

[0051] The authorisation module 209 is shown as an element within the processing environment 220, with associated authorisation data or programming instructions 229 stored in the memory 222. Elements shown within the processing environment 220 use the processor 221 and the memory 222 to deliver functionality; for example, these elements can provide steps of embodiments of the disclosure such as using the credentials to authorise the interaction.

[0052] The computing devices noted above in FIGS. 2a and 2b may include one or more of logic arrays, memories, analogue circuits, digital circuits, software, firmware and processors. The hardware and firmware components of the computing devices may include various specialized units, circuits, software and interfaces for providing the functionality and features described herein. The processor(s) may be or include one or more microprocessors, application specific integrated circuits (ASICs), programmable logic devices (PLDs) and programmable logic arrays (PLAs).

[0053] FIG. 3 is a diagram illustrating features of methods of embodiments of the disclosure; certain features of FIG. 1 re-appear in condensed form.

[0054] As in FIG. 1, credentials are retrieved; the credentials are either retrieved from the local storage (302) or are retrieved from a network (304) with which the user device can communicate. For example a telecommunications company providing the user device or contracted to provide services for it, may have credential information for the user already stored; this can be retrieved for authorisation of an interaction. As before, a communication link is established (102); in this embodiment, the user credential information may be filtered (306) before being transferred, or indeed before being stored before transmission. The filtration may also take place on the provider system, though this may be less agreeable to users. The filtering step can remove sensitive parts of a credential document or source. For example, this may be achieved by use of a template for certain documents, where the items to be obscured will always be in the same place, for example on a passport.

[0055] As before, after the credentials are transferred (104), they are used for authorisation (106). Part of this authorisation step may be to compare (310) the credentials received with provider credential information. For example, the provider may have records of, or access to, credit rating information; the user credentials provided can be used to search this credit rating information to determine whether the user is a credit risk. The credit rating information, or other credential data needed, alternatively may be accessible by the provider system over a network, by communication with the relevant authority.

[0056] The provider credentials may also contain information on individuals who will not be permitted to complete an interaction; for example a list of banned users. The transferred user credentials can be compared with such a list.

[0057] Once the interaction is authorised, a further step of communicating back (308) to the user device can be undertaken. For example, on satisfactory completion of an authorisation step, such as obtaining passport details for the user, the provider may transfer data back to the user device to complete the transaction. For example, the provider may transmit a terms and conditions document to the user, for their approval by the appropriate means of interaction with their device.

[0058] The provider system may be embodied in a terminal, such as a modified POS terminal, for counter interactions. The system may be housed in a kiosk with which the user interacts. Interactions such as those described herein are also possible at a dedicated machine, or even a user's own home machine, if that machine incorporates or is in communication with a suitable system for communicating with the user's device, such as an NFC chip reader.

[0059] Features of embodiments of the disclosure may be embodied in use of a computer program application or app on the user device. Here the customer can enter, and if they desire store their credential information, or download it from the relevant source. This may be their passport or equivalent (e.g. national ID card) details required for KYC. The mobile device can then interact via for example the mobile device's NFC chip with an NFC enabled terminal (or via bluetooth) at the retail location. In this way and as described above the device can not only upload the required KYC details to the database but also push to the customer the terms, conditions and charges associated with the interaction required (for example, obtaining a pre-paid FX card) to the customer via the NFC or bluetooth channel, allowing them to accept the terms and charges via the app.

[0060] In another embodiment, use of the above app can perform the reach back function to obtain through the customer's mobile network operator (MNO) billing data or other credential data, thereby providing a degree of verified KYC data and increasing the degree of trust within the data.

[0061] It will be appreciated by those skilled in the art that the disclosure has been described by way of example only, and that a variety of alternative approaches may be adopted without departing from the scope of the disclosure, as defined by the appended claims.