as) United States
`a2) Patent Application Publication|co) Pub. No.: US 2012/0143754 Al
` Patel (43) Pub. Date: Jun. 7, 2012
`
`
`
`US 20120143754A1
`
`(54) ENHANCED CREDIT CARD SECURITY
`APPARATUS AND METHOD
`
`(76)
`
`Inventor:
`
`NarendraPatel, San Antonio, TX
`(US)
`
`(21) Appl. No.:
`
`13/311,262
`
`(22)
`
`:
`Filed:
`
`5,
`Dec. 5. 2011
`
`Related U.S. Application Data
`
`(60) Provisional application No. 61/419,480,filed on Dec.
`3, 2010.
`
`Publication Classification
`
`(51)
`
`Int. Cl.
`(2012.01)
`G06Q 20/34
`(2012.01)
`G06Q 20/40
`(52) US. CD. ccc cescnseececnesenenscessenssaneceees 705/41
`(57)
`ABSTRACT
`Acredit card, debit card, or other similarfinancial instrument
`is disclosed with the temporary assignment of a dynamic
`CVVfor increased card security. The dynamic CVVis read,
`changed, and rewritten to the card with each transaction. To
`facilitate online purchases, a static CVV may also be pro-
`vided for manual entry. Alternatively, the static CVV may be
`a reminder enabling a user to remember an unmarkedstatic
`CVV, such asreadingthe digits in an orderselected by a user,
`muchlike a PIN number.
`
`12
`
`
`
`PROCESSOR
`
`18
`
`a
`
`NODE/
`CLIENT
`412
`
`NODE/
`CLIENT
`t2
`
`NODE/
`CLIENT}
`
`STORAGE
`DEVICE
`(READ/WRITE)
`
`18
`
`1
`
`SAMSUNG 1014
`
`SAMSUNG 1014
`
`1
`
`

`

`Patent Application Publication
`
`Jun. 7,2012 Sheet 1 of 5
`
`US 2012/0143754 Al
`
`a
`
`NODE/
`CLIENT
`12
`
`NODE/
`CLIENT
`12
`
`18
`
`STORAGE
`DEVICE
`(READ/WRITE)
`
`2
`
`

`

`Patent Application Publication
`
`Jun. 7,2012 Sheet 2 of 5
`
`US 2012/0143754 Al
`
`Financial
`Institution
`
`150
`
`130
`
`Transaction
`Device
`
`FIG. 2
`
`3
`
`

`

`Patent Application Publication
`
`Jun. 7,2012 Sheet 3 of 5
`
`US 2012/0143754 Al
`
`John R. Doe
`<5
`> EXP: 04/12
`
`
`onn Ba4370e <r
`
`MemberSince: 05/01/2006
`
`Alexandria, VA 22314
`
`Gen Credit Union
`600 Dulany St.
`
`lo te Fi. Dow
`
`(C) 2008 Gen Credit Union
`
`if found, please return to:
`
`FIG, 3
`
`4
`
`

`

`Patent Application Publication
`
`
`
`US 2012/0143754 Al
`
`Jun. 7, 2012 Sheet 4 of 5
`
`vyOld
`
`5
`
`

`

`Patent Application Publication
`
`Jun. 7,2012 Sheet 5 of 5
`
`US 2012/0143754 Al
`
`Network
`Interface
`460
`
`Processor
`410
`
`430
`
`Magstrip
`interface
`Ado
`
`<Storage
`
`FIG. 5
`
`6
`
`

`

`US 2012/0143754 Al
`
`Jun. 7, 2012
`
`ENHANCED CREDIT CARD SECURITY
`APPARATUS AND METHOD
`
`RELATED APPLICATIONS
`
`[0001] This application claims the benefit of co-pending
`USS. Provisional Patent Application Ser. No. 61/419,480,
`filed on Dec. 3, 2010 for ENHANCED CREDIT CARD
`SECURITY.
`
`BACKGROUND
`
`1. The Field of the Invention
`[0002]
`[0003] This invention relates to financial transactions and,
`moreparticularly, to novel systems and methodsfor security
`codesfor transactional cards, such as credit cards, ATM cards,
`gift cards, debit cards, andthelike.
`[0004]
`2. The BackgroundArt
`[0005]
`It is increasingly common for people to transact
`business using transactional cards or financial cards, such as
`credit cards, ATM cards, gift cards, debit cards, other cards
`and the like, rather than cash or checks. Any reference to one
`of these formsis intendedto refer to any and all types herein.
`One commonsecurity measure used to prevent fraud in such
`transactionsis the use of a card verification value (CVV) or
`similar code to ensure thatthe person using a cardis the card
`holder. A CVV mayalso be referred to as a card security code,
`card verification data, card verification value code, verifica-
`tion code, card code verification, or similar term. The use of
`the term “CVV”throughout this specification is intended to
`encompass all of the foregoing.
`[0006]
`Incredit transactionsor other transactions in which
`payment is made by a credit card, a static CVV mayassigned
`to the card and printed on the card. When a user completes a
`transaction, an exemplary method of verifying the card or
`account may include receiving the card number, expiration
`date, and CVV. In particular, a CVV may be required when a
`user makes an online purchase or is otherwise required to
`manually input card data. Additional identifying data may
`also be required in certain credit transactions and other finan-
`cial transactionsto verify the user’s identity. For example, the
`user may be required to provide a name, address, zip code,
`personalized security information, response to a personal
`security question, password, or a combination thereof.
`
`BRIEF SUMMARY OF THE INVENTION
`
`In oneaspect, a credit card, debit card, charge card,
`[0007]
`or other similar financial instrument is disclosed with the
`assignment of a dynamic CVV for increased card security.
`The dynamic CVV is rewritten to the card with each transac-
`tion. To facilitate online purchases, a static CVV mayalso be
`provided for manual entry. Hereinafter, any reference to a
`card or financial instrument includes transactional cards,
`electronic transaction cards, monetary cards, or generally
`financial cards, such as credit cards, ATM cards, gift cards,
`debit cards, and like financial instruments.
`[0008]
`Inone embodiment, a networked system of comput-
`ers between a card issuer an merchants, ora plurality of both
`may operate to communicate dynamically security informa-
`tion that can actually be changed on a financial card in user.
`[0009]
`In one embodimentof a methodofverification, the
`method may include providing a financial card comprising a
`computer readable storage medium embeddedin it. Then,
`providing a dynamic portion ofthe computer readable storage
`medium as a computer writable medium, may enable desig-
`
`nating the dynamic portion as the storage location of a
`dynamic codeto be selectively read from and written to the
`computer readable storage medium.
`[0010]
`Inuse, receiving, by an issuer computer correspond-
`ing to an issuerofthe financial card, transaction information
`from a first transaction in which the information from the
`financial card is presented as a form of payment may be
`followed by receiving, by the issuer computer, a first value of
`the dynamic code stored in the dynamic portion. Thereby
`verifying, by the issuer computer, the authenticity of the first
`transaction based at least in part on the receiving the first
`value, the codes are obsolete.
`[0011] Therefore, such use and verification is followed by
`deleting, by the issuer computer, the first value after the
`verifying. The issuer computer then writes or causes an inter-
`mediate transaction device to write a second value of the
`
`dynamic code to the dynamic portion.
`[0012]
`In some embodiments,
`the method includes the
`financial card being selected from a credit card, a debit card,
`a gift card, and a purchase order. Likewise, the method con-
`templates receiving, by the issuer computer, data representing
`presentation of the financial card to a second merchant in a
`second transaction subsequentto thefirst transaction. There-
`after, the computer can verify and authorize completion ofthe
`secondtransaction.
`
`[0013] The method mayinvolvereceiving, by the financial
`card, during a second transaction, a third value for the
`dynamic code replacing the second value. The method may
`includethefirst transaction being completed bythe financial
`card with a first merchant and a second transaction completed
`by the financial card with a second merchant.
`[0014] Typically, the financial institution is independent
`from thefirst and second merchants, and the computer read-
`able storage medium is non-volatile memory selected from
`magnetic media, optical media,flash media, and anothersolid
`state medium.
`
`Some embodiments of a system and method may
`[0015]
`include receiving by the issuer computer, values of the
`dynamic code from a plurality of transactions corresponding
`to an authorized userofthe financial card. Changing, by the
`issuer computer, the values of the dynamic code in accor-
`dance with a security scheme expiring the values based on
`instructions from the issuer computer may be followed by
`receiving an expired value of the dynamic code, representing
`a an unauthorized transaction by an unauthorized user. Thus
`the system fails any request for verification of the unautho-
`rized transaction, based on the expired value.
`[0016] One method may include providing a credit trans-
`action system comprising the financial card, a transaction
`device in or connected to a computer. A first computer asso-
`ciated with a financial institution operating as an issuer ofthe
`financial card may be programmedto verify the authenticity
`of transactions based on the transaction device reading the
`dynamic code and reportingto thefirst computer based on the
`dynamic code.
`[0017]
`It may be further programmedto sendto the trans-
`action device values to assign to the dynamic code, where the
`transaction device is configured to read and writeto the finan-
`cial card the dynamic code.
`[0018] The credit transaction system may include a second
`computer corresponding to a merchant and operably con-
`nected to communicate with the first computer. With the
`second computer programmedto read from the financial card
`and provide to the second computera first value correspond-
`
`7
`
`

`

`US 2012/0143754 Al
`
`Jun. 7, 2012
`
`ing to the dynamic code, the first value may be read by the
`second computerfrom the financial card during a transaction.
`The second computer may be further programmedto receive
`from the first computer a second value corresponding to the
`dynamic code. Meanwhile, the second computer may be pro-
`grammedto overwrite the first value on the financial card with
`the second value during the transaction.
`[0019] A user may select a financial card comprising a
`computer
`readable storage medium embedded therein,
`wherein a dynamic portion of the computer readable storage
`medium is also a computer writable medium. The dynamic
`portion is the storage location of a dynamic codeto be selec-
`tively read from and written to the computer readable storage
`medium.
`
`Inuse, the card is presented to a merchant computer
`[0020]
`in communication with an issuer computer, the merchant
`computer corresponding to a merchant in a transaction with
`the financial card and the issuer computer corresponding to an
`issuer ofthe financial card, first transaction information cor-
`responding to a first transaction in which the information
`from the financial card is presented as a form of payment.
`Delivering, by the financial card to the issuer computer,a first
`dynamic code from the dynamic portion is followed by
`receiving verification from the issuer computerof the authen-
`ticity of the first transaction, based at least in part on the
`delivering the first dynamic code. The financial card then
`receives, from the issuer computer, a second dynamic code
`replacing the first dynamic code from the dynamic portion.
`[0021] Avcredit transaction system mayalso include a sec-
`ond computer corresponding to a merchant and operably
`connected to communicate with a first computer. The second
`computer may be programmedto read from thefinancial card
`and provide to the second computera first value correspond-
`ing to the dynamic code. Thefirst value is read by the second
`computer from the financial card during a transaction,or read
`by a transaction device and passed on to the second computer.
`[0022] The second computer may be programmed to
`receive from the first computer a second value corresponding
`to the dynamic code and overwrite the first value on the
`financial card with the second value during the transaction.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`the drawingsherein, could be arranged and designed in a wide
`variety of different configurations. Thus, the following more
`detailed description of the embodiments of the system and
`methodof the present invention, as represented in the draw-
`ings, is not intended to limit the scope of the invention, as
`claimed, but is merely representative ofvarious embodiments
`ofthe invention. Theillustrated embodiments ofthe invention
`
`will be best understood by reference to the drawings, wherein
`like parts are designated by like numerals throughout.
`[0030] Referring to FIG. 1, an apparatus 10 or system 10 for
`implementing the present invention may include one or more
`nodes 12 (e.g., client 12, computer 12). Such nodes 12 may
`contain a processor 14 or CPU 14. The CPU 14 may be
`operably connected to amemory device 16. A memory device
`16 mayinclude one or more devices such as a hard drive 18 or
`other non-volatile storage device 18, a read-only memory 20
`(ROM 20), and a random access (and usually volatile)
`memory 22 (RAM 22or operational memory 22). Such com-
`ponents 14, 16, 18, 20, 22 mayexist in a single node 12 or may
`exist in multiple nodes 12 remote from one another.
`[0031]
`In selected embodiments, the apparatus 10 may
`include an input device 24 for receiving inputs from a user or
`from another device. Input devices 24 may include one or
`more physical embodiments. For example, a keyboard 26
`maybeusedforinteraction with the user, as may a mouse 28
`or stylus pad 30. A touch screen 32, a telephone 34, or simply
`a telecommunicationsline 34, may be used for communica-
`tion with other devices, with a user, or the like. Similarly, a
`scanner 36 may be used to receive graphical inputs, which
`mayor maynotbe translated to other formats. A hard drive 38
`or other memory device 38 may be used as an input device
`whether resident within the particular node 12 or some other
`node 12 connected by anetwork 40. In selected embodiments,
`a network card 42 (interface card) or port 44 may be provided
`within a node 12 to facilitate communication through such a
`network 40.
`
`Incertain embodiments, an output device 46 may be
`[0032]
`provided within a node 12,or accessible within the apparatus
`10. Output devices 46 may include one or more physical
`hardware units. For example, in general, a port 44 may be
`used to accept inputs into and send outputs from the node 12.
`Nevertheless, a monitor 48 may provide outputs to a user for
`feedback during a process, or for assisting two-way commu-
`[0023] The foregoing features of the present invention will
`nication between the processor 14 and a user. A printer 50, a
`become more fully apparent from the following description
`hard drive 52, or other device may be used for outputting
`and appended claims, taken in conjunction with the accom-
`information as output devices 46.
`panying drawings. Understandingthat these drawings depict
`only typical embodimentsofthe invention andare, therefore,
`[0033]
`Internally, a bus 54, or plurality of buses 54, may
`not to be considered limiting ofits scope, the invention will be
`operably interconnect the processor 14, memory devices 16,
`described with additional specificity and detail through use of
`input devices 24, output devices 46, network card 42, and port
`the accompanying drawings in which:
`44. The bus 54 maybe thought ofasa data carrier. As such, the
`[0024]
`FIG. 1 is schematic block diagram of a networked
`bus 54 may be embodied in numerous configurations. Wire,
`computer system for implementing the invention;
`fiber optic line, wireless electromagnetic communications by
`[0025]
`FIG. 2 is a network-level diagram of a network for
`visible light, infrared, and radio frequencies may likewise be
`use of an enhanced-security credit card;
`implemented as appropriate for the bus 54 and the network
`40.
`
`[0026] FIG.3isa front and rear view ofa credit card;
`[0027]
`FIG. 4 is a block diagram of an exemplary data
`[0034]
`In general, a network 40 to which a node 12 con-
`structure on a credit card; and
`nects may, in turn, be connected through a router 56 to another
`[0028]
`FIG. 5 isa block diagram of an exemplary transac-
`network 58. In general, nodes 12 may be on the same network
`tion device.
`40, adjoining networks (i.e., network 40 and neighboring
`network 58), or may be separated by multiple routers 56 and
`multiple networks as individual nodes 12 on an internetwork.
`The individual nodes 12 may have various communication
`capabilities. In certain embodiments, a minimum oflogical
`capability may be available in any node 12. For example, each
`
`DETAILED DESCRIPTION OF THE PREFERRED
`EMBODIMENTS
`
`It will be readily understood that the components of
`[0029]
`the present invention, as generally described andillustrated in
`
`8
`
`

`

`US 2012/0143754 Al
`
`Jun. 7, 2012
`
`node 12 may contain a processor 14 with moreorless of the
`other components described hereinabove.
`[0035] A network 40 mayinclude one or moreservers 60.
`Servers 60 may be used to manage, store, communicate,
`transfer, access, update, andthe like, any practical number of
`files, databases,or the like for other nodes 12 ona network 40.
`Typically, a server 60 may be accessed by all nodes 12 ona
`network 40. Nevertheless, other special functions, including
`communications, applications, directory services, and the
`like, may be implemented by an individual server 60 or mul-
`tiple servers 60.
`[0036]
`Ingeneral, anode 12 may need to communicate over
`a network 40 with a server 60, a router 56, or other nodes 12.
`Sunilarly, a node 12 may need to communicate over another
`neighboring network 58 in an internetwork connection with
`some remote node 12. Likewise, individual components may
`need to communicate data with one another. A communica-
`
`tion link mayexist, in general, between any pair of devices.
`[0037] Referring to FIGS. 1-5, an apparatus 10 or system
`10 of FIG. 1, may embody multiple computers 12, each with
`its own processors 14 and memory devices 16. These may be
`networked togetherto host software implementing some,any,
`or all of the functions, relationships, and events discussed
`hereinbelow. Thus, each computer 12 may includeanyorall
`of the foregoing components and connections in order to
`implement the communications, data transfers, transactions,
`and the like as described.
`
`[0038] Referring to FIGS. 1-5, a credit card 120 with
`dynamic CVV 330 for enhanced card security will now be
`described with more particular reference to the attached
`drawings. Details are set forth by way of exampleto facilitate
`discussion ofthe disclosed subject matter and render apparent
`the structures and functionsto a person of ordinary skill in the
`art, however, that the disclosed embodiments are exemplary
`and not exhaustive ofall possible embodiments.
`[0039]
`FIG. 2 illustrates an exemplary embodiment of a
`finance network.In the exemplary embodiment, the financial
`instrumentis a credit card 120, but could also be a debit card
`120, RFID device 120, or other similar identification instru-
`ments configured to allow a user 110 to access funds, with the
`important criterion that it has a storage medium 220, such as
`a portion of its magnetic strip 220 that is both readable and
`writable so that a dynamic CVV can be stored thereon.
`[0040] Within this specification, the terms“financial card”
`120 and “credit card” 120 are used as exemplary embodi-
`ments of a financial instrument 120, butthe usageis intended
`to be construed broadly to encompass any item or device
`configured to allow a user 110 to access funds.
`[0041]
`For example,a plastic card 120 with a magnetic strip
`220 is commonly used, with data electronically stored on the
`magnetic strip 220. In other embodiments, a small keychain
`fob with RFID technology may be provided and serve a
`similar function. Other configurations include an RFID chip
`220 embeddedin a “smart card,” with wireless communica-
`tion capabilities. In another contemplated embodiment, a
`plastic card 120 maybe provided with electrical padsor leads
`configured to interface with a USB orsimilar data slot. Data
`may be stored on flash or some other similar non-volatile
`storage medium.
`[0042] Those having skill in the art will appreciate that
`there are manyother structural variations possiblefora finan-
`cial card 120. The term is intended broadly to encompass any
`physical token or data structure by which user a 110 may
`access an account with a financial institution 150.
`
`In the exemplary embodiment, a user 110 has an
`[0043]
`account with a financial institution 150. The financial insti-
`
`tution 150 issues a card 120 to cardholder 110. For example,
`the financial institution 150 may be a bank, credit union,
`brokerage, or other similar service provider.
`[0044] Whenauser 110 wants to access an accountwith the
`financial institution 150, he or she may usethe card 120 with
`a transaction device 130. The transaction device 130 may be
`operated by a merchantor other entity to which the user 110
`wants to transfer money.It may be, for example, a credit card
`reader 130 or other similar device 130. Transaction device
`
`130 may use a network 140 such as the internet 130 to com-
`municate with the financial institution 150.
`
`[0045] The network 140 may be, for example, a LAN,
`WAN, Wi-Fi, an internetwork of LANs,
`the Internet, or
`another communication network providing a data link
`between the transaction device 130 and the financial institu-
`tion 150. In some embodiments, the network 140 will include
`security protocols, such as transport layer security (TLS) or
`other encryption technology.
`[0046]
`FIG. 3 illustrates an exemplary embodiment of a
`financial card 120. The exemplary financial card 120 has a
`front side 212 or face 212 and a reverse side 214 or back 214.
`On the exemplary front side 212 is useful information such as
`a financial institution name 240, a card number 270, an expi-
`ration date 260, and a user’s 110 name 250. On the reverse
`side 214 there may be additional information, such asa CVV
`230 and a signature 280 of the user 110. Those having skill in
`the art will recognize that each of these itemsis optional, and
`the arrangement may be varied without affecting the function
`of the card 120.
`
`[0047] Also on reverse side 214 is a magneticstrip 220. The
`magnetic strip 220, or its functional equivalent, is the most
`useful feature of the card. It is common for a magnetic strip
`220 to be rewritable. The magnetic strip 220 is a commonly-
`used exemplary data storage medium.In other embodiments,
`other data storage media may be used suchas optical, holo-
`graphic, or the like. For example, some credit cards are now
`equipped with RFID chips,or other electronic storage media.
`Furthermore, in some cases, devices such as RFID equipped
`key fobs or even biometric indicators may take the place of
`the card 120.
`
`FIG. 4 is a diagrammatic view of a card data struc-
`[0048]
`ture that may be encoded on the magnetic strip 220 offinan-
`cial card 210. In this exemplary embodiment, the magnetic
`strip 220 is dividedintoup to three tracks, knownrespectively
`as track 1, track 2, and track 3. In common usage, both track
`1 andtrack 2 will include the minimum information neededto
`
`process the card. The data structure of FIG. 4 discloses exem-
`plary track 1 data. Track 1 is provided as an exemplary
`embodimentofa card data structure, but those having skill in
`the art will recognize that the possibilities for card data struc-
`tures are infinite.
`
`[0049] According to this embodiment,track 1 begins witha
`start sentinel 312, which in the exemplary embodimentis a
`“%” character. Next is a one character format code 314. Next
`
`is a primary account number 316, which may be up to 19
`characters long. Next is a field separator 318, which in the
`exemplary embodimentis a “”” character. Next is the card-
`holder name 320, which may be up to 26 characters. Next is
`another field separator 322, followed by a four digit expira-
`tion date 324. Nextis a three digit service code 326. The last
`substantive filled is discretionary field 330, followed by end
`sentinel 332, which in the exemplary embodimentis a “?”
`
`9
`
`

`

`US 2012/0143754 Al
`
`Jun. 7, 2012
`
`character. Finally a one character longitudinal redundancy
`check (LRC) 334,
`is computed according to any suitable
`methods known in the computer andsoftwareart.
`[0050]
`In the exemplary embodiment, the discretionary
`field 330 is encoded with the dynamic CVV 330. For
`increased security andreliability, other fields of the card data
`structure may be write protected. Thus, the dynamic CVV
`330 contained in the discretionary field 330 is the only re-
`writable portion of the card data strip 220.
`[0051] FIG.5 is a block diagram of an exemplary embodi-
`mentofa transaction device 130. The transaction device 130
`
`may be a credit card reader 130, debit card reader 130, ATM
`130, or other computer system 130 equipped with an appro-
`priate interface for reading from and writing to a magnetic
`strip 220. The transaction device 130 is controlled by a pro-
`cessor 410. A processor 410 may be a microprocessor 410,
`microcontroller 410, or any other similar programmable logic
`device 410 configured to control the transaction device 130.
`[0052] A processor 410 may be communicatively coupled
`to other system components via bus 470. The processor 410
`may have connected thereto a memory device 420. In some
`embodiments, the memory device 420 may be connected to a
`processor 410 via the bus 470. In other embodiments, the
`processor 410 may be directly connected to the memory
`device 420 for direct memory access. Memory 420 may be
`low-latency, random-access memory (RAM)or other similar
`low-latency main memory 420.
`[0053] The processor 410 is also connected to a network
`interface 460 such as a NIC card. The network interface 460
`
`provides communication with the network 140. The proces-
`sor 410 may also be connected to a computer-readable storage
`medium 430. In some embodiments, storage 430 may be a
`nonvolatile storage medium 430. It and may be a memory
`device 430 based on technology with higher capacity but also
`higher latency than the memory 420. Storage 430 may be a
`hard disk 430, flash disk 430, or other suitable nonvolatile
`storage medium 430. In some embodiments, the functions of
`the storage 430 and the memory 420 may be combined in a
`single memory device.
`[0054] The processor 410 is also communicatively coupled
`to a magstrip interface 440. The magstrip interface 440 is
`configured to allow the processor 410 to read a magneticstrip
`220, and also to rewrite magnetic data on the magneticstrip.
`[0055] The magstrip interface 440 is provided as an exem-
`plary embodiment of a financial card interface. In other
`embodiments, other technologies may be used. For example,
`an RFID interface may be used to communicate with “smart
`cards” equipped with RFID technology. In another exemplary
`embodiment, the financial card 120 is equipped with electri-
`cal leads for providing a USB orother similar data interface.
`The card 120 maybe provided with flash or other non-volatile
`memory for storing the card data.
`[0056] Because the transaction device 130 is required to
`both read from and write to the magnetic strip 220 ofthe card
`120, prior art card readers in which a card is “swiped” may be
`cumbersome. To facilitate the write operation, the card 120
`may haveto be swiped twice. For increased simplicity, it may
`be preferable to instead use a transaction device 130 where
`the card 120is fully orpartially inserted, so that the magnetic
`strip can be both read and written as necessary. In other
`embodiments, wireless communication technology like
`RFID completely obviates the need for a physical interface
`between card 120 andtransaction device 130.
`
`Inan exemplary methodof the present disclosure, a
`[0057]
`user 110 holds the card 120, and desires to purchase goods or
`services from a merchant operating the transaction device
`130. To pay for the goodsor services, the user 110 interacts
`with the transaction device 130. For example, this may be
`doneby inserting the card 120 into a magnetic card reader 130
`or placing an RFID-equipped card near transaction device
`130.
`
`[0058] Thetransaction device 130 readsthe card data struc-
`ture 310 from the card 120, and transmits verification data,
`including the dynamic CVV 330, across the network 140 to
`the financial institution 150.
`
`Thefinancial institution 150 then authenticates the
`[0059]
`verification data, including the dynamic CVV 330, andtrans-
`mits a verification code, including a new dynamic CVV 330
`to the transaction device 130.
`
`[0060] The transaction device 130 reads the new dynamic
`CVV 330, and writes the new CVV 330 to the magneticstrip
`220. The transaction device 130 may then read the dynamic
`CVV 330 back from the magnetic strip 220 to verify that the
`updated CVV 330 has been properly written to magnetic strip
`220.
`
`Finally, the transaction device 130 may transmit a
`[0061]
`success codeto the financial institution 150 via the network
`140. The success code informs the financial institution 150
`that the card 120 has been successfully updated with the new
`dynamic CVV 230. This ensuresthat the card 120 is ready for
`its next use.
`
`[0062] The financial institution 150 may then update its
`database to expire the previous dynamic CVV 330, and enter
`the new dynamic CVV 330 as the valid dynamic CVV 330. To
`ensure that the card 120 is updated with the new dynamic
`CVV 330, a financial institution 150 may choose not to pro-
`vide a final authorization code for the transaction until the
`success codeis received.
`
`[0063] Thus, ifacard 120 is not successfully updated with
`the new CVV 330, the old CVV 330 may remain valid.
`However, the attempted transactionstill fails. This prevents a
`malicious actor from successfully completing several trans-
`actions by transmitting the old dynamic CVV 330 and then
`declining to transmit the success code. For additional secu-
`rity, but at the cost of some amount of lost convenience, a
`failure to receive the success code mayinsteadresult in flag-
`ging the account as having encountered a problem. This
`results in the system treating the card as invalid until the
`problem is resolved.
`the present device and
`[0064] Referring to FIGS. 1-4,
`method in accordance with the invention for enhanced credit
`
`security and card security. In certain embodiments, a dynamic
`CVV 230 may be usedin lieu of or in addition to the static
`CVV 330 printed on the card 120, and may help to prevent
`credit card fraud. In one exemplary embodiment,a credit card
`120 is provided with a magnetic strip 220, which can be both
`read and written by a transaction device 130. The transaction
`device 130 may be, for example, a credit card reader, auto-
`mated teller machine (ATM), or other similar device.
`[0065] The transaction device 130 is configured to read a
`data track, which may include a CVV 330 or other additional
`dedicated code, from the magnetic strip. They transaction
`device transmits someorall of the information to a financial
`institution with which the user has an account. The financial
`
`institution receives the account data, and may respond by
`authorizing the transaction. It may also provide a new CVV
`330 to the transaction device. The transaction device 130 may
`
`10
`
`10
`
`

`

`US 2012/0143754 Al
`
`Jun. 7, 2012
`
`then replace the CVV 330 on the data track with the new CVV
`330. Once the new CVV 330 has been provided, the old CVV
`330 expires andis no longer valid.
`[0066]
`Ifa malicious actor reads and stores the data from
`the magnetic strip 220, including the CVV 230 in the discre-
`tionary field 330 (the dynamic CVV 330,
`the malicious
`actor’s ability to cause harm to the user will be reduced,
`because the dynamic CVV 230 will be valid only once. If the
`authorized user 110 uses the card 120 before the malicious
`
`actor attempts to use the information, the dynamic CVV 330
`that the malicious actor reads will have expired, and the
`transaction will be rejected.
`[0067] On the other hand, if the malicious actoris able to
`usethe data before the user 110 completes another transaction
`with the card 120, the user’s attempt to use the card will be
`rejected, as the user’s own card 120 will now have an expired
`CVV 330. This will alert the user that there is a problem with
`the card 120 and motivate him orher to contact the financial
`institution 150 to resolve theissue.
`
`Thefinancial institution 150 mayalso limit its own
`[0068]
`damage by immediately closing off access to the account
`once any expired CVV 330 is presented to be used.
`[0069]
`Furthermore, even if the malicious user is using a
`properly-configured transaction device 130 that will receive
`and store a new dynamic CVV 330 with each fraudulent
`transaction, malicious activity will be severely limited,
`because each transaction will need to be sent from the unau-
`thorized device. The malicious user would also need to have
`
`an existing account with a credit card clearing house, so that
`identifying, tracking, andfinding the malicioususeris greatly
`simplified.
`[0070] Because the use of a dynamic CVV 330 may limit
`the malicious actor to a single unauthorized transaction,
`investigation of credit card fraud will be greatly simplified.
`Furthermore, financial harm to both the user 110 and the
`financial institution 150 will be limited.
`
`In some embodiments, a dynamic CVV 330 may
`[0071]
`completely replace the static CVV 230, which in thepriorart
`is printed on the card. One purposeofprinting the static CVV
`230 on the card is so that the CVV 230 can be usedto verify
`purchases where card data are entered manually.
`[0072]
`For example, if the user 110 is shopping online, he
`or she may not have a transaction device 13