WO1999028872A1 - Method and apparatus for money transfers - Google Patents

Method and apparatus for money transfers

Info

Publication number
WO1999028872A1
WO1999028872A1 PCT/GB1998/003537 GB9803537W WO9928872A1 WO 1999028872 A1 WO1999028872 A1 WO 1999028872A1 GB 9803537 W GB9803537 W GB 9803537W WO 9928872 A1 WO9928872 A1 WO 9928872A1
Authority
WO
WIPO (PCT)
Prior art keywords
code
identifier code
transferor
transfer
money transfer
Prior art date
Application number
PCT/GB1998/003537
Other languages
French (fr)
Other versions
WO1999028872A8 (en
WO1999028872A2 (en
Inventor
Henry Wodehouse
Stuart Mcdonald
Jon Francis
Original Assignee
Global Money Transfer Holdings Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from GB9725430A external-priority patent/GB2331822B/en
Application filed by Global Money Transfer Holdings Limited filed Critical Global Money Transfer Holdings Limited
Priority to AU12515/99A priority Critical patent/AU742367B2/en
Priority to EP98955790A priority patent/EP1036381A1/en
Publication of WO1999028872A1 publication Critical patent/WO1999028872A1/en
Publication of WO1999028872A2 publication Critical patent/WO1999028872A2/en
Publication of WO1999028872A8 publication Critical patent/WO1999028872A8/en

Links

Definitions

  • This invention relates to method and apparatus for facilitating money transfer.
  • the invention is particularly .suitable for inter-country money transfers, but it is not limited exclusively to this.
  • Money transfer .services are offered by a number of organi,sations, for example banks, the Moneygram organisation, and the Western Union organi.sation.
  • a transferee wi.shing to transfer money is able to visit a local authorised agent and arrange for money to be made available for collection by a transferee at another authorised agent or bank, for example, in a different country.
  • the present invention has been devised bearing the above problems in mind.
  • a first aspect of the invention is to provide the transferor with a secret identifier code (referred to in preferred embodiments as a party identification code or PIC) which is supplied to the transferor independently of the information exchanged with the transferor when the transferor is making a transfer request (for example, in the preferred embodiment, the PIC is sent to the transferor by post).
  • the identifier code (or at least information related thereto) can be transmitted as part of the money transfer instructions through the money handling authorities.
  • the transferor is required to transmit the .secret identifier code to the transferee, and the transferee is, in turn, required to present the identifier code as one of the conditions to be met before the money can be collected by the transferee. Possession of the correct identifier by the transferee represents proof that the transferee lias been authorired to receive funds by the transferor.
  • money handling authority refers to any authority empowered to handle money and, where appropriate, refers to any authority empowered to provide funds to a transferee.
  • the term may include, but is not limited to, banks, internet banks, post offices, etc.
  • Such a techni-que can avoid the need for the transferee to possess official proof of identification, and can also improve security.
  • the local handling agents at the point of .sale to the transferor will not have access to sufficient information to receive the funds fraudulently.
  • the identifier code (PIC) is allocated for at least one of the parties to the transfer (i.e. the transferor and/or the transferee).
  • the identifier code (PIC) for the transferor, and the .same code is re-ured for .subrequent transfers from the transferor to any transferee. This avoids the need for new identifier codes to be issued to the transferor for each transaction.
  • a .second closely related aspect of the invention is to generate an identifier code (referred in preferred embodiments as a unique transaction code or UTC), and to provide the transferor with the code (to be forwarded by the transferor to the transferee), but provide the money handling authority instructed to handle the transfer with .second code (referred in the preferred embodiments as a transaction verification code or TVC) related verifiably to the identifier code.
  • UTC unique transaction code
  • TVC transaction verification code
  • this aspect of the invention further comprises testing, at least selectively or on demand, the full identifier code information returned for each completed transfer against the originally allocated identifier code to verify that the correct transferee has collected the funds.
  • the technique can then ensure tliat neither the handling agents at the point of .sale, nor the handling agents at the point of collection, possess all of the necessary information properly to complete a transfer. Only the transferor and the transferee possess the necessary codes (i.e. the PIC identifier code of the first .aspect, and the UTC identifier code of the .second aispect) needed to complete the transfer.
  • the invention provides a method of generating a first identifier code (UTC in the preferred embodiments) and a .second code (TVC in the preferred embodiments) related thereto, the method comprising: generating the first code such that at least one character thereof represents a function of one or more other characters of the first code; generating a second code comprising at least one, but not all, of the characters of the first code, and comprising information indicative of the position in said first code of said at least one character and/or of .said one or more other cliaracters.
  • the characters of the first code . are numeric.
  • the function is a checksum (or sum) function.
  • the second code comprises one or more ⁇ bl.ank" characters representing missing character or digit positions of the first code.
  • the function is bared on characters in one or more predetermined positions in the first code, and ⁇ d information represents the position in said first code of the result of the function.
  • the function is numeric sum function of the first four digits in the first code, and the information identifies where the re.sult is to be found in the last four digits of the first code; a first character (“F") denotes that the result is in the first one or two digits of the last four; a second character (“M”) denotes that the result is in the middle one or two digits of the last four; and a third character (“L”) denotes that the remit is in the last one or two digits of the last four. It will be appreciated that other indexing systems could be used, for example, depending on the number of character positions available for the remit.
  • die invention provides a method of testing information provided by a transferee for collection of funds, the method comprising: receiving transfer instructions including a first party identifier code allocated to at least one of the parties to the transfer, and a recond transaction verification code related to a transaction identifier code allocated to the transaction;
  • the method further comprises returning the tran ⁇ ction identification code to the issuing authority as evidence that the transferee is authorised to receive the funds.
  • the transaction verification code contains some, but not all of the characters of the transaction identification code, and the method comprises comparing each known character in the transaction verification code for equivalency with a corresponding character of the transaction identifier code.
  • the transaction verification code includes information associated with the remit of a function based on one or more characters of the transaction identification code, and the method comprises testing whether the transaction identification code presented by the transferee matches the function.
  • the invention provides a money transfer system comprising: at least one remote input unit operable to generate a money transfer request in accordance with information from a transferor; and processing means for communicating with each remote unit for receiving and processing money transfer requests received therefrom, the processing means comprising: means for providing a first identifier code associated with the tranraction and/or with the identity of one or more parties to the transfer; means for outputting first information including the first identifier code, to be communicated directly or indirectly to the transferor independently of the communication with the terminal; and means for outputting recond information to be supplied directiy or indirectly to a money handling authority as instructions to effect the transfer for collection, the second information including at least a portion of the first identifier code or information related thereto to enable the authority of the transferee to be verified.
  • the system includes a plurality of terminals.
  • the processing means also referred to herein as the rerver, is able to communicate with each terminal at various times during a working day, to control the terminals directly, or to upload transfer requests (and any other information) logged by the terminals while off-line (if off-line operation is supported).
  • the invention provides a money transfer system comprising: at least one remote input unit operable to generate a money transfer request in accordance with information from a transferor; and processing means for communicating with each remote unit for receiving and processing money transfer requests received therefrom, wherein: the terminal and/or the processing means is operable to output for communication directly or indirectly to the transferor, an identifier code allocated to the money transfer; .and the processing means is operable to output money transfer instructions to be supplied directly or indirectly to a money handling authority as instructions to effect the transfer for collection, the instructions including only a first portion of the identifier code, whereby the money handling authority can verify a portion of the identifier code presented by the transferee.
  • the terminal is operable to output the code to the transferor directly.
  • the terminal is operable to communicate the identifier code to or from the processing means.
  • the system comprises means for receiving a full identifier code returned by the money handling authority as evidence of completion of the transfer, and means for comparing the returned identifier code with the originally allocated code for the transaction.
  • the system comprises database means for storing the identifier code allocated to each transaction.
  • Fig. 1 is a schematic block diagram illustrating the principles used in the embodiment
  • Fig. 2 is a schematic diagram illustrating the information used in Fig. 1;
  • Fig. 3 is a schematic diagram illustrating generation of a UTC and a TVC;
  • Fig. 4 is a schematic block diagram of a remote input unit
  • Fig. 5 is a schematic block diagram of the central rerver
  • Fig. 6 is a flow -diagram illustrating operation of the central server
  • Fig. 7 is a flow diagram illustrating operation of the .second embodiment of terminal
  • Fig. 8 is a flow diagram illustrating information exchange between the terminal and the central rerver during a polling operation.
  • Fig. 9 is a flow diagram illustrating operation of the rerver for handling information from the recond embodiment of terminal.
  • the system consists of a plurality of remote terminals 10 located, for example, in shops and/or banks within a local community.
  • the terminals 10 communicate with a central processor, also referred to hereinafter as the server 12.
  • the terminals 10 may, for example, be coupled to the server 12 by conventional telephone modems which call up the rerver 12 to be controlled by the rerver 12.
  • all operations and calculations are performed by the rerver 12, and the terminal 10 acts as a dumb slave unit, i.e. as a remote input and display device.
  • the rerver 12 may call-back the terminal 10 at a pre-designated telephone number to ensure that third parties cannot break into the rerver operation.
  • a new customer desires to perform a transfer, or desires to be "logged" as a customer for future transfers, this can be done at any terminal 10, which calls the rerver 12 to perform the process under to server's control.
  • the customer's details including his name and address are inputted through the terminal 10 and recorded by the rerver 12 in a customer database 12.
  • the local agent gives the customer a swipe card (not shown) which may be coded in any suitable manner, for example, optically, magnetically, or carry an electronic circuit.
  • the swipe card has a conventional magnetic strip on which is a pre-recorded code uniquely identifying the card.
  • the code also doubles as a unique identification code for the customer (and is referred to later as the CIC, for customer- or card- identification code).
  • the customer or the local agent is required to insert the card into the terminal so that the pre-recorded code can be read by the terminal's card reader (not shown) and communicated to the rerver 12 to be recorded in the customer database.
  • the server 12 allocates a party identification code (PIC) for the new customer.
  • PIC is needed later by a transferee to verify that he has been authorised by the transferor to receive the funds.
  • the PIC is generated using a random or preudo random generator, and consists of a numeric code, for example, a four digit code, but an alphanumeric or purely alphabetic code could be ured instead.
  • the PIC is printed using a recure postal printer 16, .and is posted directly to the customer 14.
  • a significant feature is that the PIC is not communicated through the termin 10, and r ⁇ the local agent has no means of accessing a person's PIC to fraudulently intercept transfers.
  • the customer (transferor) 14 presents his swipe card to be inserted into the terminal's card reader. This initiates communication between the terminal 10 and the rerver 12 so that the transfer details can be inputted to the rerver 12.
  • the transfer details include the name and address of the transferee, the amount to be transferred, and the name and address of the bank or other money handling authority at which the transferee will collect the transferred funds. The latter information can be selected from a list or menu of allowable collection authorities for any particular country or town.
  • the rerver 12 calculates the amount required to be paid by the transferor, which the transferor pays to the local agent.
  • the server 12 then allocates a transaction identification code for the transfer, in the form of a unique transaction code (UTC).
  • UTC unique transaction code
  • the UTC is bared on a pseudo-random code, which is tested to enmre that it uniquely identifies the transfer (at least for the period in which the transfer is valid; the .same code is available for re-use after that period).
  • the code is numeric, but in alternative embodiments could be alphanumeric, or purely alphabetic.
  • the rerver 12 communicates the UTC to the terminal 10, and a hard copy of the transfer details, including the UTC, is printed out by the terminal 10 to be given to the transferor as a receipt.
  • the rerver 12 communicates a transfer request 22 directly or indirectly (for example through a remote terminal) to a computer 24 of a domestic bank (assuming that the transfer system is being run by an independent organisation using the bank as an intermediary).
  • the transfer request 22 includes the transfer details supplied by the transferor, and also includes the PIC and a transaction verification code (TVC).
  • the TVC is related to the UTC to enable verification of the correct UTC when presented by the transferee, but the TVC does not itself contain .sufficient information to enable the original UTC to be deduced if it is not known.
  • the bank computer 22 processes the transfer request and communicates the transfer information 26, by conventional bank transfer services, for example by telex, or by SWIFT, to the foreign bank 28 nominated by the original instructions from the transferor 14.
  • the transfer information 26 .supplied to the foreign bank includes the PIC .and the truncated TVC.
  • the transferee 18 visits the foreign bank 28 and presents the PIC and full UTC.
  • the PIC provides evidence that the person has been authorised by the transferor to receive funds
  • the full UTC provides the necessary authori.sation to complete the transaction.
  • the staff at the foreign bank 28 are able to compare transferee's UTC with the TVC with which they have been ⁇ supplied to verify that the full UTC matches the TVC.
  • the foreign bank 28 then returns the full UTC to the domestic home bank 24 as evidence that the transfer has been properly completed, and that the correct recipient has been paid.
  • One technique is to truncate, or blank, one or more digits or characters from the UTC, leaving a code which partly matches the full UTC.
  • the recurity can be improved by varying the number and/or the positions of the blanked characters, so tliat a person will not be able to predict which of the characters of the code are already known in the TVC.
  • Another technique for generating a TVC is generate one or more checksum digits or characters. There can either be included in the UTC, or they can be included only in the TVC.
  • the security can be improved by varying the number and/or the positions of the characters or digits on which the checksum is bared, so that a person will not be able to predict which characters represent, or contribute to, the checksum.
  • the TVC is generated by a combination of the above two techniques. Referring to Fig 3, the UTC can consist of a 7, 8, 9 or 10 digit code, for example the code illustrated in Fig. 3a.
  • Fig. 3b illustrates a first TVC which may be generated from the UTC.
  • the TVC includes some of the original digits, the missing digits being replaced by "blank” characters.
  • the TVC also includes a prefix code "F", "M” or "L” to in-dicate whether the .sum is to be found in the First, Middle or Last digits of the last four digits. In the present example, the .sum is in the middle digits C of the last four, and this is denoted in the TVC by prefix "M". It will be appreciated that the prefix code is only included in the TVC, and not in the UTC.
  • Fig. 3c illustrates a recond TVC which may be generated for the .same UTC.
  • the prefix code is, of course, the .same as that for Fig. 3b, but this example illustrates that a person cannot predict which digits are known in the TVC, since this can vary.
  • the remote unit 10 comprises a main processor 30 to which are connected a display rereen 32, a keyboard 34, a swipe card reader 38, a receipt printer 40, a customer/transaction logger 41, and a telephone communications modem 44 coupled through an encryption/decryption unit 46 for communicating with the rerver 12.
  • the di- ⁇ lay rereen may, for example, be a video display unit, or it may be an alphanumeric di lay, for example, an LCD di>splay.
  • the di,splay is ured to prerent messages and prompts to the customer (transferor) and/or the local agent supervising the remote terminal 10, in response to instructions from the rerver 12.
  • the details of the tran.saction and, if the customer is a new customer, the customer's details, are entered using the keyboard 34.
  • the logger 41 provides a summary of information inputted through the terminal 10 during a working day, iso that end-of-day information can be generated and checked by the rerver 12.
  • the logger 41 and the encryption/decryption unit 46 are illustrated above as discrete units for ease of description. However, it will be appreciated that these units may be embodied by .software ranning on the main processor 30.
  • the server 12 consists generally of a central processor unit 90 to which are connected a customer database 92, a transaction database 94, a reference database 96, a PIC generator 98, a UTC/TVC generator 100, a secure postal printer 102, an output system 104 (for passing transfer instructions to a bank computer), an input cache 106, and a telephone modem 108 connected through an encryption/decryption unit 110 (which is similar to the encryption/decryption unit 46 dereribed above for the remote terminal 10).
  • a central processor unit 90 to which are connected a customer database 92, a transaction database 94, a reference database 96, a PIC generator 98, a UTC/TVC generator 100, a secure postal printer 102, an output system 104 (for passing transfer instructions to a bank computer), an input cache 106, and a telephone modem 108 connected through an encryption/decryption unit 110 (which is similar to the encryption/decryption unit 46 dereribed above for the remote terminal 10
  • the customer database 92 is a master database of all customers (transferors) who have ured the system at any time. For each customer, the database also includes full name and address information, at least limited transaction history, and the customer's PIC and CIC.
  • the transaction database 94 is a master database of the transactions. This includes all pending transactions, and possibly at least a limited history of completed transactions. The information in the transaction database 94 may be archived from time to time to make more memory available for new transactions.
  • the reference databare 96 is a master database of the current reference information required for the transactions, including, for example, the countries to which transfers can be sent, available recipient bank details for each country, currency exchange rates and commission rates.
  • the recure postal printer 102 is of a known type which is able to produce sealed envelopes containing a printed sheet, it being possible to read the .sheet only by breaking open the reded envelope. Such printers are ured in applications where it is desired to print information recurely to rend to a recipient, while ensuring that local staff are unable to read the contents of the envelope.
  • Fig. 6 illustrates the operation of the rerver 12 once communication has been established between a terminal 10 and the rerver 12.
  • Step 122 determines whether the information from the terminal 10 corresponds to a new or existing customer. This is apparent if the information contains an existing customer identification code CIC. Assuming as a first care that the information does correspond to a new customer, then the process proceeds to step 123 at which the rerver 12 controls the terminal to prompt for, and return, inputted customer information, including the customer's full name and address. At step 124 a new customer entry is created in the customer database 92.
  • step 124 the process proceeds to step 125 at which the rerver 12 controls the terminal to prompt for a new swipe card to be introduced into the terminal's card reader 38.
  • the swipe card carries a pre-recorded CIC, which is read by the terminal 10 and returned to the rerver 12.
  • the read CIC is recorded in the customer database. This completes the introduction of a new customer at the terminal 10. The customer can then use the swipe card to initiate a transfer.
  • a PIC is generated for the new customer by the PIC generator 98.
  • the PIC is used later by the recipient to identify himself at his local bank to collect the transferred funds.
  • a separate PIC is generated for each customer.
  • the PIC is produced as a random or pseudorandom 4-digit number, so that it is impossible to derive any relationship between the PIC and the customer's details (which might otherwise enable PIC's to be predicted by fraudulent parties).
  • the PIC could be the remit of a checksum or hashing function carried out on the customer's name or address, so that it is possible to verify whether given PIC matches given party's name.
  • the PIC is recorded in the customer database.
  • the PIC is also printed in a sealed envelope by the recure printer 102, and the envelope is addressed and posted to the customer at his home address identified in the customer information received from the remote terminal 10 (and now stored in the customer database 92 of the rerver 12).
  • steps 127 and 128 can be carried out either immediately after cornmunication with the terminal 10, or at .some subsequent time when the rerver 12 may be less busy.
  • step 122 If at step 122 the received information contains an existing CIC (and therefore corresponds to .an existing customer, the process proceeds to .step 130 at which the customer's PIC is retrieved from the customer database.
  • step 132 the transfer is analysed to assess whether it is a mspicious transfer which should be stopped for legal reasons. Suspicious transfers may, for example, be detected as any of the following:
  • step 132 The purpose of step 132 is to provide at least a degree of protection to prevent large reale money laundering or illegal funds transfer from one country to another. If a suspicious transfer is detected, then the transfer process can be aborted, or the rerver 12 can prompt the terminal 10 that proof of identification is required before the transfer can proceed. Details of the proof of identification (e.g. a passport number) can be entered at the terminal 10 for communication back to the rerver 12.
  • proof of identification e.g. a passport number
  • a check is performed on whether the customer's payment has yet cleared. If cash is used to pay for the transfer, then this step can be omitted. However, if payment has been made by cheque, then no transfer should be authorised until the cheque has been cleared by the customer's bank. If the payment has not yet cleared, then the data is re-stored (for example, in the input cache 106 or in a separate pending store) to be re-processed during the next day's processing.
  • the UTC and the TVC for the transfer are provided. These could either be generated "live", for example, by .suitable algorithms, or the UTC and the
  • TVC could be obtained from a .supply of pre-generated codes. Such codes could be pre-generated when the rerver 12 is not busy, for example, overnight, and stored in suitable memory.
  • the UTC is communicated from the rerver 12 to the terminal 10 to be printed by the terminal's printer 40. This provides the customer (transferor) with the UTC to rend to the transferee.
  • the transfer details are ismed as a transfer instruction to the intermediary bank.
  • the transfer instructions include the transfer details originally inputted by the customer, the PIC, and the TVC (including the prefix code "F", "M” or "L").
  • the transaction details are stored in the transaction database 94 as a pending transaction, which completes the initial tran ⁇ ction processing.
  • additional processing can be provided when the foreign bank returns the full UTC as evidence that the transaction has been completed.
  • the returned UTC can be compared to the UTC recorded in the transaction database to verify that the tran.saction has been completed correctly. Alternatively, this verification step might only be necessary if a transferor complains of non-delivery of funds to the transferee, or of collection by an unauthorised person.
  • the encryption/decryption unit 110 the input cache 106, the PIC generator 98, the UTC generator 100, the TVC generator 101, and the databases 92, 94 and 96 are illustrated as separate “items" from the rerver processor 90. This is merely to aid description of the invention. It will be appreciated that these functional parts may be implemented by software applications running on the processor.
  • a customer may also be possible for a customer to place a telephone order to a telephone receptionist, who would then enter the transfer details using a dedicated terminal, or directly on to the rerver 12.
  • the UTC could be ismed to the telephone transferor either by telephone, or by means of the secure postal printer 102. In the latter care, it is preferred that the UTC be printed and posted separately from any communication of a new PIC, to reduce the chances of these items of information being intercepted together.
  • the above embodiment employs "online" operation of the terminals 10 under the direct control of the rerver 12. All of the information processing is carried out by the server 12. This can enable relatively inexpensive and straightforward terminals to be ured, and it can also enable updated information to be available immediately simply by changing the information and/or the programs on the rerver.
  • the terminal 10 is similar to that previously described, but includes the following units (.shown in phantom): a UTC/TVC generator 48; a reference -database 36; and a customer/transaction database 42.
  • the reference database 36 provides reference information for the remote terminal, ch as details of the individual countries to which transfers can be rent, and the individual banks in each country, the exchange and commission rates for each country, and the likely transfer delay for each country (if a calculation of the expected arrival date of the funds is to be provided).
  • the reference database may also include details of public holidays in each country, and the allowable methods of payment by the customer (for example, cash, cheque, credit card, e-cash, stagex, etc.) and the clearance delay for each type of payment (if the calculation of the expected arrival date of the funds is to be provided).
  • the information in the reference database can be updated periodically by the rerver 12, for example, at the start of a day, or during routine polling of the terminal 10 by the rerver, as described further below.
  • the customer/transaction database 46 is ured to store details of transfer requests, and details of any new customers, until the information can be uploaded to the rerver 12 for action.
  • the customer's details have to be entered into the terminal using the keyboard (step 50).
  • the customer details include the customer's name and address (or other contact details), so that the recure PIC can be rent later to the customer by the server 12.
  • the customer details are then stored in the customer/transaction database 42 (step 52). Thereafter, the customer is ismed with a swipe card (step 54) which carries a unique customer identification code (CIC), as explained previously.
  • CIC unique customer identification code
  • the customer enters details of the desired transfer.
  • details include the name and address of the recipient (transferee), the amount to be transferred (in the local currency of the customer), the method of payment by the customer, and the destination country, name and address of the bank or other money handling agent at which the recipient will collect the transferred funds.
  • the processor 30 calculates and displays the value of the funds in the recipient's currency, and the amount of commission charged, bared on the information stored in the reference database 36. If desired, the processor may also calculate an estimated date of arrival of the transferred funds at the destination bank, using information in the reference database, and the following formula:
  • Arrival d - ate today's date + funds clearance delay + transfer delay + calendar (holiday) delay
  • the UTC and TVC for the transfer are provided/generated by the UTC/TVC generator 48.
  • the UTC and TVC can either being generated "live", or a pre-generated UTC .and TVC can be retrieved.
  • Such UTC's and TVC's may either be generated by local generators within the teimiiral, or they may be downloaded from the rerver 12 as part of the update information for the reference database.
  • the transfer details including the allocated UTC are stored in the customer/tran ⁇ ction database 42 to await uploading to the rerver 12 for processing.
  • the transfer details including the UTC are also printed out (step 64) by the terminal's receipt printer 40 to provide a receipt for the customer.
  • step 66 An existing customer simply inserts his or her swipe card into the terminal's card reader 38 (step 66), at which .stage the customer number is read from the card. This provides sufficient information for the server 12 to access the customer's details which are stored in the rerver 12. After step 66, the process proceeds directly to step 56 for the customer (or agent) to enter the details of the transfer, as described above.
  • the terminal 10 is polled by the rerver 12 by telephone, to upload money-transfer information and new customer information to the rerver 12, and to receive new reference information from the rerver 12.
  • step 70 when a telephone call is received from the server 12 (step 70) the process proceeds to step 172 at which the terminal 10 verifies that the call is from the proper rerver 12, for example, by means of a recret password. The terminal also returns a secret password, so that the server 12 can verify that it is communicating with the proper terminal 10. It will be appreciated that all information sent and received through the telephone line is communicated in encrypted form, so that the information cannot easily be intercepted. At the terminal end, the information is encrypted/decrypted by the encryption/decryption unit 46 connected between the processor 30 and the modem 44.
  • any new reference information (step 74) for the reference databare 36.
  • Such new information may be in the form of a replacement "reference” file to overwrite the entire existing contents of the reference databare 36, or it may be in the form of update "packets" to replace only certain information in the reference database.
  • the new information (if any) is then written into the databare.
  • the terminal transmits the new contents of the customer/traiisaction database 42 to the server 12.
  • This new information includes details of any new customers (including the customer identification number for each new customer), and details of transfer requests entered by the customers.
  • Step 80 determines whether the terminal has closed at the end of the day and, if ⁇ so, the process proceeds to step 82 at which end-of-day (EOD) information is transmitted to the server 12.
  • EOD end-of-day
  • the EOD information includes totals representing the day's transactions and new customers, to provide a cross-check that all of the terminal's information has been validly received by the rerver 12. This is .subsequently crosschecked by the server 12. If the terminal has not yet closed at the end of the day, then the process branches past step 82, to step 84 at which the communication is terminated.
  • the rerver 12 will normally poll each terminal 10 at several different times during the day. During each communication session, the terminal transmits only the new information contained in the customer/tran4saction database 42 (i.e.
  • the information remains in the customer/transaction database 42 until after the rerver 12 verifies, for example, by means of the EOD information, that all of the information has been uploaded correctly to the rerver 12.
  • the customer/tran.saction database 42 could be cleared after each communication session with the rerver 12, if desired.
  • the reference database 36, the customer/tran4saction database 42, the encryption/decryption unit 46 and the UTC/TVC generator 48 have been illustrated as distinct "items" from the processor unit 30.
  • This presentation is merely schematic to aid description of the invention. It will be appreciated that ch items may be implemented as application software run by the processor unit.
  • the reference information and the customer/transaction information may be stored as files on conventional mass storage, for example, a semiconductor mass memory or a magnetic disc.
  • the rerver 12 polls each remote terminal 10 to download updated reference information to the terminal 10, and to upload new transfer-request information and new-customer information from the terminal.
  • the communication procedure is complementary to that dereribed above with reference to Fig. 8, and .so is not expanded further here.
  • the uploaded information is stored temporarily in the input cache 106 until it can be processed by the processing unit 90.
  • Fig. 10 illustrates the manner in which each "packet" of information from the input cache 106 is processed.
  • the .same reference numerals as those in Fig. 6 are used to denote an equivalent operation step.
  • the information is firstly read from the cache 106 at step 120 and, as before, step 122 determines whether the information corresponds to a new customer. Assuming as a first case that the information does correspond to a new customer, then the process proceeds to step 124 at which a new customer entry is created in the customer database 92, containing the CIC read from the input cache. From step 124, the process proceeds to step 127 at which a PIC is generated for the customer.
  • the PIC is printed in a sealed envelope by the secure printer 102.
  • the envelope is addressed and posted to the customer at his home address identified in the customer information received from the remote terminal 10 (and now stored in the customer databare 92 of the rerver 12).
  • the PIC is also stored in the customer
  • Step 132 represents the first step for processing the transfer after the customer and recipient details have been stored.
  • the transfer is analysed to assess whether it is a mspicious transfer which .should be stopped for legal reasons, as explained in more detail hereinbefore.
  • step 134 a check is performed on whether the customer's payment has yet cleared. Assuming that the payment has cleared, the process proceeds to step 136 at which the transfer details are ismed as a transfer instruction to the intermediary bank.
  • the transfer instructions include the transfer details originally inputted by the customer, the PIC, and the TVC received from he terminal 10.
  • the transaction details are stored in the transaction databare 94 as a pending transaction, which completes the initial transaction processing. If at step 122, the information corresponds to an existing customer, the process proceeds to through step 142 at which the existing PIC for the customer is read from the customer databare for re-use. The process then proceeds through step 132 for processing of the transfer details, as described above.
  • the UTC and TVC are allocated to the transaction at the point of .sale terminal 10, to provide offline operation of the terminal 10.
  • the TVC is allocated at the terminal, this could instead be allocated by the rerver 12, to reduce the risk that the TVC might be available by tapping into the terminal remehow.
  • the PIC is associated only with the transferor.
  • the PIC could be associated instead with each transferor/transferee pair.
  • the transferor would have different PIC's for his different transferees. This could provide additional recurity if needed, but might require the transferor to remember possibly a large number of PIC's.
  • the customer databare would also need to store all of the PIC's for each transferor, and be able to identify mbrequent transactions between the .same transferor .and transferee, in order to use the correct PIC.
  • swipe card is pre-programmed with its CIC, and this is the only information required to be read by the terminal.
  • the te ⁇ ninal might be equipped with a card reader/writer for writing information to the card as well as reading it from the card. This could enable "favourite recipient" data to be stored on the swipe card in order to simplify the operation for the transferor.
  • the invention can enable funds to be transferred in a logical and recure, manner, which allows a recipient to receive the funds without having to have official proof of identity (mch as a passport). Only the transferor and the intended transferee have access to mfficient information to complete the transfer, and it is the transferor's responsibility to ensure that the information is sent in a secure manner to the transferee. Neither the local handling agent for the transferor, nor the local handling agent for the transferee, have direct access to mfficient information to complete a valid transfer.

Abstract

A money transfer system comprises remote terminals (10) for receiving transfer request information from a transferor (14). If the transferor is a new customer, a central server (12) generates a new party identifier code (PIC) using a secure postal printer (16), to send the PIC to the transferor independently of the communication with the terminal (10). The PIC will be re-used for subsequent transfers from the transferor. For each transaction, the server (12) allocates a unique transaction code (UTC) which is outputted to the transferor at the terminal (10). The server also generates money transfer instructions (22) communicated to the remote money handling authorities (28). The instructions include the existing or newly allocated PIC, verification code (TVC) related to the UTC, but insufficient to enable the UTC to be deduced therefrom. It is the transferor's responsibility to communicate the UTC and the PIC to the transferee (18), preferably by separate routes for security. If the parties have taken place in a previous transfer, then the transferee will already know the PIC from the previous transfer. The transferee can pick up the money from the bank upon presentation of the correct PIC and PIN matching the information in the money transfer instructions.

Description

METHOD AND APPARATUS FOR MONEY TRANSFERS
This invention relates to method and apparatus for facilitating money transfer. The invention is particularly .suitable for inter-country money transfers, but it is not limited exclusively to this.
Money transfer .services are offered by a number of organi,sations, for example banks, the Moneygram organisation, and the Western Union organi.sation. A transferee wi.shing to transfer money is able to visit a local authorised agent and arrange for money to be made available for collection by a transferee at another authorised agent or bank, for example, in a different country.
In developing the present invention, it has been appreciated that conventional techniques suffer from certain problems:
(i) Identification of the transferee. Normally, a transferee will be required to present proof of identification, for example, a pasφort or driving licence, before being permitted to collect the funds. However, there .are a large number of countries in which π ny people do not holds passports or other officially recognisable proof of identification. In .such cares, money transfer may be limited to postal transfers. Western Union offers a code-word facility by which a transferor can provide a code word with the initial transfer instructions. The transferee is required to present a matching code word instead of presenting proof of identification.
(ϋ) Security. Particularly when a code word is used, there is a risk of the transferee, or other parties involved in the money transfer process, committing fraud. It will be appreciated that, especially in certain countries, fraud and corruption may be commonplace, and difficult to control from outside the country. In general, the transferee, and the bank staff in the country of the transferor and the transferee, all have access to the code word .and .sufficient other information to collect the funds and to complete the transaction (since no proof of identity is required). Such fraud is very difficult to detect and to prevent, (iii) Accuracy of information. Often, information is pas∞d orally within a transfer organisation by telephone. This can lead to inaccuracies in the information, particularly when unfamiliar pronunciation is involved, or if two people .are not fully conver.sant in the .same language. For example, if a the name of the transferee is misspelt, then it may be impossible for the correct transferee to collect the funds even on prerentation of proper identification. Such a common error can only be corrected by the transferor complaining to the transfer organisation, when he is notified of the non-delivery by the transferee; the full transfer details have to be taken again from the transferor to attempt a further transfer.
The present invention has been devised bearing the above problems in mind.
Broadly speaking, a first aspect of the invention is to provide the transferor with a secret identifier code (referred to in preferred embodiments as a party identification code or PIC) which is supplied to the transferor independently of the information exchanged with the transferor when the transferor is making a transfer request (for example, in the preferred embodiment, the PIC is sent to the transferor by post). The identifier code (or at least information related thereto) can be transmitted as part of the money transfer instructions through the money handling authorities. The transferor is required to transmit the .secret identifier code to the transferee, and the transferee is, in turn, required to present the identifier code as one of the conditions to be met before the money can be collected by the transferee. Possession of the correct identifier by the transferee represents proof that the transferee lias been authorired to receive funds by the transferor.
As used herein the term "money handling authority" refers to any authority empowered to handle money and, where appropriate, refers to any authority empowered to provide funds to a transferee. The term may include, but is not limited to, banks, internet banks, post offices, etc. Such a techni-que can avoid the need for the transferee to possess official proof of identification, and can also improve security. In particular, the local handling agents at the point of .sale to the transferor will not have access to sufficient information to receive the funds fraudulently. Preferably, the identifier code (PIC) is allocated for at least one of the parties to the transfer (i.e. the transferor and/or the transferee). In the preferred embodiment, the identifier code (PIC) for the transferor, and the .same code is re-ured for .subrequent transfers from the transferor to any transferee. This avoids the need for new identifier codes to be issued to the transferor for each transaction.
Broadly .speaking, a .second closely related aspect of the invention is to generate an identifier code (referred in preferred embodiments as a unique transaction code or UTC), and to provide the transferor with the code (to be forwarded by the transferor to the transferee), but provide the money handling authority instructed to handle the transfer with .second code (referred in the preferred embodiments as a transaction verification code or TVC) related verifiably to the identifier code. The .second code is sufficient to enable the money handling authority to verify tliat the transferee is authorired to receive the funds upon presentation of the complete code by the transferee. Upon collection of the funds, the money handling authority can return the complete identifier code through the banking system, as evidence that the funds have been collected by the authorised transferee.
Such a technique can provide security against a fraudulent "collection" of the transfer by the money handling authorities instructed to handle the transfer, since the money handling staff will not have access to the complete identifier code to complete validly the tran^ction by returning the full code as evidence of completion. If the funds are collected fraudulently by a person who has knowledge only of the .second code (i.e. the TVC), and has therefore had to add a guesred code to the known code, this will be readily noticeable when the incorrect code is received back from the money handling authority. Preferably, this aspect of the invention further comprises testing, at least selectively or on demand, the full identifier code information returned for each completed transfer against the originally allocated identifier code to verify that the correct transferee has collected the funds. Although the above aspects can be uised independently, particular advantages can be achieved by using the two aspects in combination. In particular, the technique can then ensure tliat neither the handling agents at the point of .sale, nor the handling agents at the point of collection, possess all of the necessary information properly to complete a transfer. Only the transferor and the transferee possess the necessary codes (i.e. the PIC identifier code of the first .aspect, and the UTC identifier code of the .second aispect) needed to complete the transfer.
In a closely related aφect, the invention provides a method of generating a first identifier code (UTC in the preferred embodiments) and a .second code (TVC in the preferred embodiments) related thereto, the method comprising: generating the first code such that at least one character thereof represents a function of one or more other characters of the first code; generating a second code comprising at least one, but not all, of the characters of the first code, and comprising information indicative of the position in said first code of said at least one character and/or of .said one or more other cliaracters.
Preferably, the characters of the first code .are numeric.
Preferably, the function is a checksum (or sum) function.
Preferably, the second code comprises one or more αbl.ank" characters representing missing character or digit positions of the first code. Preferably, the function is bared on characters in one or more predetermined positions in the first code, and ^d information represents the position in said first code of the result of the function.
In the preferred embodiment, the function is numeric sum function of the first four digits in the first code, and the information identifies where the re.sult is to be found in the last four digits of the first code; a first character ("F") denotes that the result is in the first one or two digits of the last four; a second character ("M") denotes that the result is in the middle one or two digits of the last four; and a third character ("L") denotes that the remit is in the last one or two digits of the last four. It will be appreciated that other indexing systems could be used, for example, depending on the number of character positions available for the remit.
In a closely related aφect, die invention provides a method of testing information provided by a transferee for collection of funds, the method comprising: receiving transfer instructions including a first party identifier code allocated to at least one of the parties to the transfer, and a recond transaction verification code related to a transaction identifier code allocated to the transaction;
(a) comparing the first party identifier code from the transfer instructions with a party identifier code provide by the transferee; and (b) comparing the recond transaction verification code with a tranωction identification code provided by the transferee.
Preferably, the method further comprises returning the tranωction identification code to the issuing authority as evidence that the transferee is authorised to receive the funds. Preferably, the transaction verification code contains some, but not all of the characters of the transaction identification code, and the method comprises comparing each known character in the transaction verification code for equivalency with a corresponding character of the transaction identifier code.
Preferably, the transaction verification code includes information associated with the remit of a function based on one or more characters of the transaction identification code, and the method comprises testing whether the transaction identification code presented by the transferee matches the function.
In a clorely related aspect, the invention provides a money transfer system comprising: at least one remote input unit operable to generate a money transfer request in accordance with information from a transferor; and processing means for communicating with each remote unit for receiving and processing money transfer requests received therefrom, the processing means comprising: means for providing a first identifier code associated with the tranraction and/or with the identity of one or more parties to the transfer; means for outputting first information including the first identifier code, to be communicated directly or indirectly to the transferor independently of the communication with the terminal; and means for outputting recond information to be supplied directiy or indirectly to a money handling authority as instructions to effect the transfer for collection, the second information including at least a portion of the first identifier code or information related thereto to enable the authority of the transferee to be verified. Preferably, the system includes a plurality of terminals. Preferably, the processing means (also referred to herein as the rerver), is able to communicate with each terminal at various times during a working day, to control the terminals directly, or to upload transfer requests (and any other information) logged by the terminals while off-line (if off-line operation is supported). In a further closely related aφect, the invention provides a money transfer system comprising: at least one remote input unit operable to generate a money transfer request in accordance with information from a transferor; and processing means for communicating with each remote unit for receiving and processing money transfer requests received therefrom, wherein: the terminal and/or the processing means is operable to output for communication directly or indirectly to the transferor, an identifier code allocated to the money transfer; .and the processing means is operable to output money transfer instructions to be supplied directly or indirectly to a money handling authority as instructions to effect the transfer for collection, the instructions including only a first portion of the identifier code, whereby the money handling authority can verify a portion of the identifier code presented by the transferee. Preferably, the terminal is operable to output the code to the transferor directly.
Preferably, the terminal is operable to communicate the identifier code to or from the processing means.
Preferably, the system comprises means for receiving a full identifier code returned by the money handling authority as evidence of completion of the transfer, and means for comparing the returned identifier code with the originally allocated code for the transaction.
Preferably, the system comprises database means for storing the identifier code allocated to each transaction. An embodiment of the invention is now described, by way of example only, with reference to the accompanying drawings, in which:
Fig. 1 is a schematic block diagram illustrating the principles used in the embodiment;
Fig. 2 is a schematic diagram illustrating the information used in Fig. 1; Fig. 3 is a schematic diagram illustrating generation of a UTC and a TVC;
Fig. 4 is a schematic block diagram of a remote input unit;
Fig. 5 is a schematic block diagram of the central rerver;
Fig. 6 is a flow -diagram illustrating operation of the central server;
Fig. 7 is a flow diagram illustrating operation of the .second embodiment of terminal;
Fig. 8 is a flow diagram illustrating information exchange between the terminal and the central rerver during a polling operation; and
Fig. 9 is a flow diagram illustrating operation of the rerver for handling information from the recond embodiment of terminal.
The principles used in this embodiment are first described briefly with reference to Figs. 1 and 2. The system consists of a plurality of remote terminals 10 located, for example, in shops and/or banks within a local community. The terminals 10 communicate with a central processor, also referred to hereinafter as the server 12. The terminals 10 may, for example, be coupled to the server 12 by conventional telephone modems which call up the rerver 12 to be controlled by the rerver 12. In this embodiment, all operations and calculations are performed by the rerver 12, and the terminal 10 acts as a dumb slave unit, i.e. as a remote input and display device. To improve security, the rerver 12 may call-back the terminal 10 at a pre-designated telephone number to ensure that third parties cannot break into the rerver operation.
When a new customer desires to perform a transfer, or desires to be "logged" as a customer for future transfers, this can be done at any terminal 10, which calls the rerver 12 to perform the process under to server's control. The customer's details including his name and address are inputted through the terminal 10 and recorded by the rerver 12 in a customer database 12. The local agent gives the customer a swipe card (not shown) which may be coded in any suitable manner, for example, optically, magnetically, or carry an electronic circuit. In this embodiment, the swipe card has a conventional magnetic strip on which is a pre-recorded code uniquely identifying the card. The code also doubles as a unique identification code for the customer (and is referred to later as the CIC, for customer- or card- identification code). To validate the card, the customer or the local agent is required to insert the card into the terminal so that the pre-recorded code can be read by the terminal's card reader (not shown) and communicated to the rerver 12 to be recorded in the customer database. Either immediately, or at some time later, the server 12 allocates a party identification code (PIC) for the new customer. The PIC is needed later by a transferee to verify that he has been authorised by the transferor to receive the funds. In this embodiment, the PIC is generated using a random or preudo random generator, and consists of a numeric code, for example, a four digit code, but an alphanumeric or purely alphabetic code could be ured instead. The PIC is printed using a recure postal printer 16, .and is posted directly to the customer 14. A significant feature is that the PIC is not communicated through the termin 10, and rø the local agent has no means of accessing a person's PIC to fraudulently intercept transfers. To perform a transfer, the customer (transferor) 14 presents his swipe card to be inserted into the terminal's card reader. This initiates communication between the terminal 10 and the rerver 12 so that the transfer details can be inputted to the rerver 12. The transfer details include the name and address of the transferee, the amount to be transferred, and the name and address of the bank or other money handling authority at which the transferee will collect the transferred funds. The latter information can be selected from a list or menu of allowable collection authorities for any particular country or town.
The rerver 12 calculates the amount required to be paid by the transferor, which the transferor pays to the local agent. The server 12 then allocates a transaction identification code for the transfer, in the form of a unique transaction code (UTC). In this embodiment, the UTC is bared on a pseudo-random code, which is tested to enmre that it uniquely identifies the transfer (at least for the period in which the transfer is valid; the .same code is available for re-use after that period). The code is numeric, but in alternative embodiments could be alphanumeric, or purely alphabetic. The rerver 12 communicates the UTC to the terminal 10, and a hard copy of the transfer details, including the UTC, is printed out by the terminal 10 to be given to the transferor as a receipt.
It is the transferor's responsibility to send the PIC and the UTC to the transferee 18 and to ensure that only the intended transferee receives this information. Normally this would be done by rending the PIC and the UTC by .separate routes (depicted as 20a and 20b in Fig. 1), for example, by separate letters, or by communicating one by letter and the other by telephone or telex. The UTC and the PIC together provide the transferee with all of the information needed to validate the transaction, and collect the transferred funds.
To effect the transfer, the rerver 12 communicates a transfer request 22 directly or indirectly (for example through a remote terminal) to a computer 24 of a domestic bank (assuming that the transfer system is being run by an independent organisation using the bank as an intermediary). The transfer request 22 includes the transfer details supplied by the transferor, and also includes the PIC and a transaction verification code (TVC). The TVC is related to the UTC to enable verification of the correct UTC when presented by the transferee, but the TVC does not itself contain .sufficient information to enable the original UTC to be deduced if it is not known. The bank computer 22 processes the transfer request and communicates the transfer information 26, by conventional bank transfer services, for example by telex, or by SWIFT, to the foreign bank 28 nominated by the original instructions from the transferor 14. The transfer information 26 .supplied to the foreign bank includes the PIC .and the truncated TVC.
In order to collect the transferred funds, the transferee 18 visits the foreign bank 28 and presents the PIC and full UTC. The PIC provides evidence that the person has been authorised by the transferor to receive funds, and the full UTC provides the necessary authori.sation to complete the transaction. The staff at the foreign bank 28 are able to compare transferee's UTC with the TVC with which they have been ■supplied to verify that the full UTC matches the TVC. The foreign bank 28 then returns the full UTC to the domestic home bank 24 as evidence that the transfer has been properly completed, and that the correct recipient has been paid.
Such a system offers important advantages over conventional techniques: (a) The transferee does not require any form of personal identification, such as a passport, or a driving licence. (b) The only parties in posression of all of the necessary information validly to complete a transaction are the transferor, and the transferee. The agents at the point of .sale (10) do not have access to the PIC, since this is allocated directiy by the rerver 12, and is communicated to the transferor by post. The staff at the domestic home bank 24 and at the foreign bank 28 have access to the PIC, but do not have access to the full UTC. This will obstruct any fraudulent activity by the handling authorities or agents, (c) It is the responsibility of the transferor to transmit the PIC and the full UTC to the transferee in a recure manner. If this information is intercepted and the funds are collected fraudulently by a third party, then neither the money handling authorities, nor the money transfer organi.sation, has to accept liability. For subsequent transfers from the .same transferor 14, the original PIC is reused. The server 12 maintains a database of transferors and the PIC .allocated to each. New PIC's are only allocated, printed and posted for new transferors, or if a transferor believes his PIC to have been compromised. In general, a transferor will only have to notify his PIC to a transferee once.
Once the transferee knows the PIC, all he needs to receive funds is the new UTC associated with each individual transaction. This further reduces the chances of information being intercepted between the transferor 14 and the transferee 18.
There are numerous techniques for generating a TVC which relates verifiably to the UTC but does not prejudice the recurity of the UTC. For example, one technique is to truncate, or blank, one or more digits or characters from the UTC, leaving a code which partly matches the full UTC. The recurity can be improved by varying the number and/or the positions of the blanked characters, so tliat a person will not be able to predict which of the characters of the code are already known in the TVC. Another technique for generating a TVC is generate one or more checksum digits or characters. There can either be included in the UTC, or they can be included only in the TVC. The security can be improved by varying the number and/or the positions of the characters or digits on which the checksum is bared, so that a person will not be able to predict which characters represent, or contribute to, the checksum. In a particularly preferred embodiment, the TVC is generated by a combination of the above two techniques. Referring to Fig 3, the UTC can consist of a 7, 8, 9 or 10 digit code, for example the code illustrated in Fig. 3a. This is based on a pseudorandom number, but tailored .such that the .sum of the first four digits A is represented somewhere in the last four digits, namely in the first one or two digits B of the last four, or the middle one or two digits C of the last four, or the last digit or digits D. In the illustrated code, the sum (i.e. 8+4+5+9=26) is represented in the middle two digits C of the last four.
Fig. 3b illustrates a first TVC which may be generated from the UTC. The TVC includes some of the original digits, the missing digits being replaced by "blank" characters. The TVC also includes a prefix code "F", "M" or "L" to in-dicate whether the .sum is to be found in the First, Middle or Last digits of the last four digits. In the present example, the .sum is in the middle digits C of the last four, and this is denoted in the TVC by prefix "M". It will be appreciated that the prefix code is only included in the TVC, and not in the UTC.
When the UTC is presented for verification, the local bank can check firstly whether the digits in the UTC agree with the digits already known in the TVC, .and secondly, whether the appropriate checksum digits denoted by the TVC's prefix correspond to the .sum of the first four digits. Fig. 3c illustrates a recond TVC which may be generated for the .same UTC.
The prefix code is, of course, the .same as that for Fig. 3b, but this example illustrates that a person cannot predict which digits are known in the TVC, since this can vary.
The above scheme represents a balance between security and ease of verification at a remote bank. Other schemes may be ured which require computer verification, but this could restrict the banks at which the transferee is able to collect the funds.
Referring to Fig. 4, the remote unit 10 comprises a main processor 30 to which are connected a display rereen 32, a keyboard 34, a swipe card reader 38, a receipt printer 40, a customer/transaction logger 41, and a telephone communications modem 44 coupled through an encryption/decryption unit 46 for communicating with the rerver 12. The di-φlay rereen may, for example, be a video display unit, or it may be an alphanumeric di lay, for example, an LCD di>splay. The di,splay is ured to prerent messages and prompts to the customer (transferor) and/or the local agent supervising the remote terminal 10, in response to instructions from the rerver 12. The details of the tran.saction and, if the customer is a new customer, the customer's details, are entered using the keyboard 34.
The logger 41 provides a summary of information inputted through the terminal 10 during a working day, iso that end-of-day information can be generated and checked by the rerver 12. The logger 41 and the encryption/decryption unit 46 are illustrated above as discrete units for ease of description. However, it will be appreciated that these units may be embodied by .software ranning on the main processor 30.
Referring to Fig. 5, the server 12 consists generally of a central processor unit 90 to which are connected a customer database 92, a transaction database 94, a reference database 96, a PIC generator 98, a UTC/TVC generator 100, a secure postal printer 102, an output system 104 (for passing transfer instructions to a bank computer), an input cache 106, and a telephone modem 108 connected through an encryption/decryption unit 110 (which is similar to the encryption/decryption unit 46 dereribed above for the remote terminal 10).
The customer database 92 is a master database of all customers (transferors) who have ured the system at any time. For each customer, the database also includes full name and address information, at least limited transaction history, and the customer's PIC and CIC. The transaction database 94 is a master database of the transactions. This includes all pending transactions, and possibly at least a limited history of completed transactions. The information in the transaction database 94 may be archived from time to time to make more memory available for new transactions. The reference databare 96 is a master database of the current reference information required for the transactions, including, for example, the countries to which transfers can be sent, available recipient bank details for each country, currency exchange rates and commission rates.
The recure postal printer 102 is of a known type which is able to produce sealed envelopes containing a printed sheet, it being possible to read the .sheet only by breaking open the reded envelope. Such printers are ured in applications where it is desired to print information recurely to rend to a recipient, while ensuring that local staff are unable to read the contents of the envelope.
Fig. 6 illustrates the operation of the rerver 12 once communication has been established between a terminal 10 and the rerver 12. Step 122 determines whether the information from the terminal 10 corresponds to a new or existing customer. This is apparent if the information contains an existing customer identification code CIC. Assuming as a first care that the information does correspond to a new customer, then the process proceeds to step 123 at which the rerver 12 controls the terminal to prompt for, and return, inputted customer information, including the customer's full name and address. At step 124 a new customer entry is created in the customer database 92.
From step 124, the process proceeds to step 125 at which the rerver 12 controls the terminal to prompt for a new swipe card to be introduced into the terminal's card reader 38. As explained hereinbefore, the swipe card carries a pre-recorded CIC, which is read by the terminal 10 and returned to the rerver 12. At step 126, the read CIC is recorded in the customer database. This completes the introduction of a new customer at the terminal 10. The customer can then use the swipe card to initiate a transfer.
At step 127, a PIC is generated for the new customer by the PIC generator 98. As explained previously, the PIC is used later by the recipient to identify himself at his local bank to collect the transferred funds. A separate PIC is generated for each customer. In the prerent embodiment, the PIC is produced as a random or pseudorandom 4-digit number, so that it is impossible to derive any relationship between the PIC and the customer's details (which might otherwise enable PIC's to be predicted by fraudulent parties). However, in other embodiments, the PIC could be the remit of a checksum or hashing function carried out on the customer's name or address, so that it is possible to verify whether given PIC matches given party's name. Alternatively, it is possible to generate a preudo random PIC using an encryption algorithm which is virtually impossible to reverse or to predict, but which retains a verifiable relationship with the parties names. However, in the prerent embodiment, it is assumed that it may be difficult to arrange for verification of the PIC by the recipient's bank, and so it is preferred to utilire a completely random PIC.
At step 128, the PIC is recorded in the customer database. The PIC is also printed in a sealed envelope by the recure printer 102, and the envelope is addressed and posted to the customer at his home address identified in the customer information received from the remote terminal 10 (and now stored in the customer database 92 of the rerver 12).
It will be appreciated that steps 127 and 128 can be carried out either immediately after cornmunication with the terminal 10, or at .some subsequent time when the rerver 12 may be less busy.
If at step 122 the received information contains an existing CIC (and therefore corresponds to .an existing customer, the process proceeds to .step 130 at which the customer's PIC is retrieved from the customer database. At step 132, the transfer is analysed to assess whether it is a mspicious transfer which should be stopped for legal reasons. Suspicious transfers may, for example, be detected as any of the following:
(i) transfers greater than a certain allowable amount (which may vary depending on the destination country);
(ii) repeated transfers which accumulate to a .sum greater than an allowable amount over a predetermined period (the amount may vary depending on the destination country);
(iii) repeated transfers the frequency of which exceeds an allowable figure (which may very depending on the destination country).
The purpose of step 132 is to provide at least a degree of protection to prevent large reale money laundering or illegal funds transfer from one country to another. If a suspicious transfer is detected, then the transfer process can be aborted, or the rerver 12 can prompt the terminal 10 that proof of identification is required before the transfer can proceed. Details of the proof of identification (e.g. a passport number) can be entered at the terminal 10 for communication back to the rerver 12.
At step 134, a check is performed on whether the customer's payment has yet cleared. If cash is used to pay for the transfer, then this step can be omitted. However, if payment has been made by cheque, then no transfer should be authorised until the cheque has been cleared by the customer's bank. If the payment has not yet cleared, then the data is re-stored (for example, in the input cache 106 or in a separate pending store) to be re-processed during the next day's processing. At step 135, the UTC and the TVC for the transfer are provided. These could either be generated "live", for example, by .suitable algorithms, or the UTC and the
TVC could be obtained from a .supply of pre-generated codes. Such codes could be pre-generated when the rerver 12 is not busy, for example, overnight, and stored in suitable memory.
At step 136, the UTC is communicated from the rerver 12 to the terminal 10 to be printed by the terminal's printer 40. This provides the customer (transferor) with the UTC to rend to the transferee.
At step 137, the transfer details are ismed as a transfer instruction to the intermediary bank. The transfer instructions include the transfer details originally inputted by the customer, the PIC, and the TVC (including the prefix code "F", "M" or "L").
At step 138, the transaction details are stored in the transaction database 94 as a pending transaction, which completes the initial tran^ction processing. Although not illustrated in the drawings, additional processing can be provided when the foreign bank returns the full UTC as evidence that the transaction has been completed. The returned UTC can be compared to the UTC recorded in the transaction database to verify that the tran.saction has been completed correctly. Alternatively, this verification step might only be necessary if a transferor complains of non-delivery of funds to the transferee, or of collection by an unauthorised person.
In Fig. 5, the encryption/decryption unit 110, the input cache 106, the PIC generator 98, the UTC generator 100, the TVC generator 101, and the databases 92, 94 and 96 are illustrated as separate "items" from the rerver processor 90. This is merely to aid description of the invention. It will be appreciated that these functional parts may be implemented by software applications running on the processor.
Although not illustrated in the drawings, it may also be possible for a customer to place a telephone order to a telephone receptionist, who would then enter the transfer details using a dedicated terminal, or directly on to the rerver 12. The UTC could be ismed to the telephone transferor either by telephone, or by means of the secure postal printer 102. In the latter care, it is preferred that the UTC be printed and posted separately from any communication of a new PIC, to reduce the chances of these items of information being intercepted together.
The above embodiment employs "online" operation of the terminals 10 under the direct control of the rerver 12. All of the information processing is carried out by the server 12. This can enable relatively inexpensive and straightforward terminals to be ured, and it can also enable updated information to be available immediately simply by changing the information and/or the programs on the rerver.
In an alternative embodiment, it may be desirable to provide at least some of the terminals with a degree of autonomy, for offline operation. Referring to Fig. 4, the terminal 10 is similar to that previously described, but includes the following units (.shown in phantom): a UTC/TVC generator 48; a reference -database 36; and a customer/transaction database 42. The reference database 36 provides reference information for the remote terminal, ch as details of the individual countries to which transfers can be rent, and the individual banks in each country, the exchange and commission rates for each country, and the likely transfer delay for each country (if a calculation of the expected arrival date of the funds is to be provided). The reference database may also include details of public holidays in each country, and the allowable methods of payment by the customer (for example, cash, cheque, credit card, e-cash, mondex, etc.) and the clearance delay for each type of payment (if the calculation of the expected arrival date of the funds is to be provided). The information in the reference database can be updated periodically by the rerver 12, for example, at the start of a day, or during routine polling of the terminal 10 by the rerver, as described further below. The customer/transaction database 46 is ured to store details of transfer requests, and details of any new customers, until the information can be uploaded to the rerver 12 for action.
Referring to Fig. 7, before a new customer can ure the transfer system, the customer's details have to be entered into the terminal using the keyboard (step 50). The customer details include the customer's name and address (or other contact details), so that the recure PIC can be rent later to the customer by the server 12. The customer details are then stored in the customer/transaction database 42 (step 52). Thereafter, the customer is ismed with a swipe card (step 54) which carries a unique customer identification code (CIC), as explained previously.
At step 56, the customer (or the local agent) enters details of the desired transfer. Such details include the name and address of the recipient (transferee), the amount to be transferred (in the local currency of the customer), the method of payment by the customer, and the destination country, name and address of the bank or other money handling agent at which the recipient will collect the transferred funds.
At step 58, the processor 30 calculates and displays the value of the funds in the recipient's currency, and the amount of commission charged, bared on the information stored in the reference database 36. If desired, the processor may also calculate an estimated date of arrival of the transferred funds at the destination bank, using information in the reference database, and the following formula:
Arrival d - ate = today's date + funds clearance delay + transfer delay + calendar (holiday) delay
If the customer agrees to the tranωction and makes payment to the agent, then this is confirmed at step 60. (If the customer declines to proceed, then the process can be aborted at this step.) Thereafter, at step 61 the UTC and TVC for the transfer are provided/generated by the UTC/TVC generator 48. The UTC and TVC can either being generated "live", or a pre-generated UTC .and TVC can be retrieved. Such UTC's and TVC's may either be generated by local generators within the teimiiral, or they may be downloaded from the rerver 12 as part of the update information for the reference database.
At step 62, the transfer details including the allocated UTC are stored in the customer/tran^ction database 42 to await uploading to the rerver 12 for processing. The transfer details including the UTC are also printed out (step 64) by the terminal's receipt printer 40 to provide a receipt for the customer.
The above method steps apply to a new customer. An existing customer simply inserts his or her swipe card into the terminal's card reader 38 (step 66), at which .stage the customer number is read from the card. This provides sufficient information for the server 12 to access the customer's details which are stored in the rerver 12. After step 66, the process proceeds directly to step 56 for the customer (or agent) to enter the details of the transfer, as described above.
At various inte.rv.als during the day, the terminal 10 is polled by the rerver 12 by telephone, to upload money-transfer information and new customer information to the rerver 12, and to receive new reference information from the rerver 12. Referring to
Fig. 8, when a telephone call is received from the server 12 (step 70) the process proceeds to step 172 at which the terminal 10 verifies that the call is from the proper rerver 12, for example, by means of a recret password. The terminal also returns a secret password, so that the server 12 can verify that it is communicating with the proper terminal 10. It will be appreciated that all information sent and received through the telephone line is communicated in encrypted form, so that the information cannot easily be intercepted. At the terminal end, the information is encrypted/decrypted by the encryption/decryption unit 46 connected between the processor 30 and the modem 44.
Following step 72, the terminal waits to receive .any new reference information (step 74) for the reference databare 36. Such new information may be in the form of a replacement "reference" file to overwrite the entire existing contents of the reference databare 36, or it may be in the form of update "packets" to replace only certain information in the reference database. The new information (if any) is then written into the databare.
At step 78, the terminal transmits the new contents of the customer/traiisaction database 42 to the server 12. This new information includes details of any new customers (including the customer identification number for each new customer), and details of transfer requests entered by the customers.
Step 80 determines whether the terminal has closed at the end of the day and, if ■so, the process proceeds to step 82 at which end-of-day (EOD) information is transmitted to the server 12. The EOD information includes totals representing the day's transactions and new customers, to provide a cross-check that all of the terminal's information has been validly received by the rerver 12. This is .subsequently crosschecked by the server 12. If the terminal has not yet closed at the end of the day, then the process branches past step 82, to step 84 at which the communication is terminated. The rerver 12 will normally poll each terminal 10 at several different times during the day. During each communication session, the terminal transmits only the new information contained in the customer/tran4saction database 42 (i.e. the information not previously communicated to the server). In this embodiment, the information remains in the customer/transaction database 42 until after the rerver 12 verifies, for example, by means of the EOD information, that all of the information has been uploaded correctly to the rerver 12. Such a technique enables all of the information to be uploaded to the rerver again if necessary, for example, should any discrepancies arise from the EOD information. However, in other embodiments, the customer/tran.saction database 42 could be cleared after each communication session with the rerver 12, if desired.
In Fig. 4, the reference database 36, the customer/tran4saction database 42, the encryption/decryption unit 46 and the UTC/TVC generator 48 have been illustrated as distinct "items" from the processor unit 30. This presentation is merely schematic to aid description of the invention. It will be appreciated that ch items may be implemented as application software run by the processor unit. The reference information and the customer/transaction information may be stored as files on conventional mass storage, for example, a semiconductor mass memory or a magnetic disc. In use, the rerver 12 polls each remote terminal 10 to download updated reference information to the terminal 10, and to upload new transfer-request information and new-customer information from the terminal. The communication procedure is complementary to that dereribed above with reference to Fig. 8, and .so is not expanded further here. The uploaded information is stored temporarily in the input cache 106 until it can be processed by the processing unit 90.
Fig. 10 illustrates the manner in which each "packet" of information from the input cache 106 is processed. Where appropriate the .same reference numerals as those in Fig. 6 are used to denote an equivalent operation step. The information is firstly read from the cache 106 at step 120 and, as before, step 122 determines whether the information corresponds to a new customer. Assuming as a first case that the information does correspond to a new customer, then the process proceeds to step 124 at which a new customer entry is created in the customer database 92, containing the CIC read from the input cache. From step 124, the process proceeds to step 127 at which a PIC is generated for the customer.
At step 128, the PIC is printed in a sealed envelope by the secure printer 102,
.and the envelope is addressed and posted to the customer at his home address identified in the customer information received from the remote terminal 10 (and now stored in the customer databare 92 of the rerver 12). The PIC is also stored in the customer
■database 92.
Step 132 represents the first step for processing the transfer after the customer and recipient details have been stored. At step 132, the transfer is analysed to assess whether it is a mspicious transfer which .should be stopped for legal reasons, as explained in more detail hereinbefore.
At step 134, a check is performed on whether the customer's payment has yet cleared. Assuming that the payment has cleared, the process proceeds to step 136 at which the transfer details are ismed as a transfer instruction to the intermediary bank. The transfer instructions include the transfer details originally inputted by the customer, the PIC, and the TVC received from he terminal 10.
At step 138, the transaction details are stored in the transaction databare 94 as a pending transaction, which completes the initial transaction processing. If at step 122, the information corresponds to an existing customer, the process proceeds to through step 142 at which the existing PIC for the customer is read from the customer databare for re-use. The process then proceeds through step 132 for processing of the transfer details, as described above.
In the above embodiment, the UTC and TVC are allocated to the transaction at the point of .sale terminal 10, to provide offline operation of the terminal 10. Although in the illustrated embodiment, the TVC is allocated at the terminal, this could instead be allocated by the rerver 12, to reduce the risk that the TVC might be available by tapping into the terminal remehow.
In the above embodiments, the PIC is associated only with the transferor. In an alternative form, the PIC could be associated instead with each transferor/transferee pair. Thus instead of a transferor having a single PIC, the transferor would have different PIC's for his different transferees. This could provide additional recurity if needed, but might require the transferor to remember possibly a large number of PIC's. The customer databare would also need to store all of the PIC's for each transferor, and be able to identify mbrequent transactions between the .same transferor .and transferee, in order to use the correct PIC.
In the above embodiments, swipe card is pre-programmed with its CIC, and this is the only information required to be read by the terminal. In other embodiments, the teπninal might be equipped with a card reader/writer for writing information to the card as well as reading it from the card. This could enable "favourite recipient" data to be stored on the swipe card in order to simplify the operation for the transferor.
It will be appreciated that the invention, particularly as illustrated in the preferred embodiments, can enable funds to be transferred in a logical and recure, manner, which allows a recipient to receive the funds without having to have official proof of identity (mch as a passport). Only the transferor and the intended transferee have access to mfficient information to complete the transfer, and it is the transferor's responsibility to ensure that the information is sent in a secure manner to the transferee. Neither the local handling agent for the transferor, nor the local handling agent for the transferee, have direct access to mfficient information to complete a valid transfer.
While features believed to be of importance have been identified in the foregoing description, and in the appended claims, the applicant claims protection for any novel idea, feature or combination of features described herein and/or illustrated in the drawings irrespective of whether emphasis has been placed thereon.

Claims

1. A method of handling money transfer requests in a system which includes at least one input device for receiving information directiy or indirectly from a transferor, and processing means for communicating with the input device for processing money transfer requests therefrom, the method comprising: receiving at the processing means a money transfer request from the input device; providing within the processing means a first identifier code for the transfer and/or for at least one of the parties to the transfer; rending the first identifier code directly or indirectly to the transferor if the first identifier code is a new code, the sending operation to the transferor being an independent operation from the communication with the input device; outputting money transfer instructions including at least a portion of the first identifier code or information related thereto; and communicating the money transfer instructions to a money handling authority as instructions to effect the money transfer, whereby the authority of the transferee party to receive the funds can be verified upon presentation of the first identifier code by the transferee party.
2. A method of operation in processing means for processing money transfer requests, the method comprising: receiving at the processing means information representing a money transfer request; providing within the processing means a first identifier code associated with the transfer and/or with at least one or the parties to the transfer; rending the first identifier code directiy or indirectly to the transferor if the first identifier code is a new code; outputting money transfer instructions including at least a portion of the firs. t identifier code or information related thereto; and communicating the money transfer instructions to a money handling authority as instructions to effect the money transfer, whereby the authority of the transferee party to receive the funds can be verified upon prerentation of the first identifier code by the transferee party.
3. A method of communicating information with a transferor for a money transfer operation to transfer money to a transferee, the method comprising: (a) receiving transfer instruction information directiy or indirectly from the transferor;
(b) providing a first identifier code associated with the transfer and/or with at least one of the parties to the transfer, the code being required by the transferee to complete the money transfer operation; (c) outputting or selectively outputting the first identifier code for communication to the transferor; wherein in step (c) the first identifier code is outputted for confidential communication to the transferor independently of the communication in step (a).
4. A method according to claim 3, wherein step (c) comprises selectively outputting the first identifier code if the code is newly allocated.
5. A method according to claim 1, 2, 3 or 4, wherein the step of providing the first identifier code comprises selectively allocating a new identifier code, or re-using a previously allocated identifier code.
6. A method according to claim 5, wherein the party identifier code is associated with the transferor.
7. A method according to claim 6, wherein the processing means comprises a databare of transferors, the databare containing for each transferor the or a party identification code associated therewith.
8. A method according to any preceding claim, wherein the step of allocating a new first identifier code comprises generating a random or preudo random code.
9. A method according to any preceding claim, further comprising generating a recond identifier code associated with the transaction, and outputting the second identifier code to the transferor, and wherein the step of generating the money transfer instructions at the processing means comprises including a verification code related to the recond identifier code to enable the correct recond identification code to be verified when presented by the transferee.
10. A method according to claim 9, wherein the recond identifier code is outputted to the transferor at the or a remote terminal.
11. A method of handling money transfer requests in a system which includes processing means for processing money transfer requests, the method comprising: generating an identifier code associated with a transfer request; outputting the identifier code for communication to the transferor; outputting from the processing means money transfer instructions including a verification code related verifiably to the identifier code; communicating the money transfer instructions to a money handling authority as instructions to effect the money transfer, whereby the authority of the transferee party to receive the funds can be verified at least partly upon prerentation of the original identifier code matching the incomplete code in the money transfer instructions.
12. A method according to claim 11, wherein the identifier code is bared on a random or preudo random code.
13. A method according to claim 11 or 12, wherein the money transfer request is generated at a terminal remote from the processing means, and the identifier code is outputted at the terminal for the transferor.
14. A method of operation in a processing means for processing money transfer requests, the method comprising: receiving at the processing means information representing a money transfer request; providing an identifier code; providing a verification code related verifiably to the identifier code, the verification code being insufficient to enable the identifier code to be deduced unambiguously therefrom; and outputting from the processing means money transfer instructions including the transaction verification code, for communication to a money handling authority as instructions to effect the money transfer, whereby the authority of the transferee party to receive funds can be verified at least partly upon prerentation of the original identifier code matching the verification code in the money transfer instructions.
15. A method according to claim 11, 12, 13, 14 or 15, wherein the identifier code is generated mch that at least one character thereof represents a function of one or more other characters of the identifier code, and the step of providing the verification code comprises generating a code comprising at least one, but not all, of the characters of the identifier code and including information indicative of the position in said identifier code of said at least one character and/or of s . aid one or more other characters.
16. A method according to claim 15, wherein the characters in the identifier code are numeric.
17. A method according to claim 15 or 16, wherein the function is a sum function.
18. A method according to claim 15, 16 or 17, wherein the verification code comprires one or more blank characters representing missing character or digit positions of the identifier code.
19. A method according to claim 15, 16 or 17, wherein the function is based on characters in one or more predetermined positions in the identifier code, and .said information represents the position in said identification code of the remit of the function.
20. A method according to any preceding claim, further comprising storing the or each identifier code at the processing means.
21. A money transfer system comprising: at least one input unit operable to generate a money transfer request in accor-dance with information from a transferor; and processing means for communicating with the or each input unit for receiving and processing money transfer requests therefrom, the processing means comprising: means for providing a fist identifier code for the tran.saction and/or for the one or more parties to the transfer; means operable to output first information including the first identifier code, to be communicated directly or indirectly to the transferor independently of the communication operation with the input unit; and means for outputting money transfer instructions including at least a portion of the first identifier code or information related thereto, for communication to a money handling authority as instructions to effect the money transfer, whereby the authority of a transferee party to receive the funds can be verified at least partly by prerentation of the first identifier code by the transferee party.
22. A system according to claim 21, comprising at least one remote input unit.
23. A processing system for use in a money transfer system for processing money transfer requests, the processing system comprising: means for receiving information representing a money transfer requeΛ; means for providing a fist identifier code associated with the tran>saction and/or with one or more parties to the transfer; means operable to output first information including the first identifier code, to be communicated directiy or indirectly to the transferor; means for outputting money transfer instructions including at least a portion of the first identifier code or information related thereto, for communication to a money handling authority as instructions to effect the money transfer, whereby the authority of a transferee party to receive the funds can be verified at least partly by presentation of the first identifier code by the transferee party.
24. A system for communicating information with a transferor for a money transfer operation to transfer money to a transferee, the system comprising: means for receiving transfer instruction information directly or indirectly from the transferor; means for providing a first identifier code associated with the transfer and/or with at least one of the parties to the transfer, the code being required by the transferee to complete the money transfer operation; and means for outputting the first identifier code for confidential communication to the transferor.
25. A system according to claim 24, wherein the means for outputting information for the transferor comprires means for relectively outputting the first identifier code if the code is newly allocated.
26. A system according to claim 21, 22, 23, 24 or 25, wherein the means for providing the first identifier code comprises means for relectively allocating a new identifier code, or re-using a previously allocated identifier code.
27. A system according to claim 26, wherein the first identifier code comprises a party identification code associated with the transferor.
28. A system according to claim 27, wherein the processing means comprises a database of transferors, the databare containing for each transferor the or a party identification code allocated thereto.
29. A system according to any of claims 21 to 28, wherein the means for allocating a new first identifier code comprires means for generating a code based on a random or preudo random code.
30. A system according to any of claims 21 to 31, further comprising means for generating a recond identifier code .associated with the tran∞ction, and outputting the recond identifier code to the transferor, and wherein the means for generating the money transfer instructions at the processing means comprises means for including a verification code related to the recond identifier code to enable the correct identifier code to be verified when presented by a transferee.
31. A system according to claim 32, wherein the recond identifier code is outputted to the transferor at the or a remote terminal.
32. A system for handling money transfer requests, comprising: at least one input device for receiving transfer request information directly or indirectly from a transferor, means for allocating an identifier code associated with the transfer request; means for outputting the identifier code for the transferor, the code being required by a transferee to complete a valid money transfer; and means for providing a verification code related to the identifier code, the verification code being insufficient to enable the identifier code to be deduced therefrom unambiguously, means for outputting money transfer instructions including the verification code for communication to a money handling authority, as instructions to effect the money transfer, whereby the authority of a transferee party to receive the funds can be verified at least partly upon prerentation of the original identifier code matching the verification code in the money transfer instructions.
33. A system according to claim 32, wherein the identifier code is generated as, or is based on, a random or preudo random code.
34. A system according to claim 32 or 33, wherein the input device is a remote terminal.
35. A processing system for processing money transfer requests, the system comprising: means for receiving information representing a money transfer request; means for allocating a transaction identifier code for communication directiy or indirectly to a transferor; means for providing a verification code related to the transaction identifier code, the verification code being insufficient to enable the identifier code to be deduced unambiguously therefrom; means for outputting money transfer instructions including the verification code, for communication to a money handling authority as instructions to effect the money transfer, whereby the authority of the transferee party to receive funds can be verified at least partly upon prerentation of the original identifier code matching the incomplete code in the money transfer instructions.
36. A terminal for receiving money transfer requests, and for communicating transfer request information to a central processor, the terminal comprising: input means for receiving information regarding the transfer and the parties to the transfer; means operable to allocate and/or to receive a tran>saction identifier code; means for outputting the transaction identifier code for communication to the transferor; means for storing information relating to the requested money transfer, said information including the allocated identifier code; and means for communicating with a said central processor.
37. A terminal according to claim 36, wherein the input device comprises a card reader for reading information on a card presented thereto.
38. A terminal according to claim 37, wherein the card reader comprises a magnetic card reader.
39. A method of Irøndling a money transfer request, comprising: receiving transfer request information directly or indirectly from a transferor; allocating a transaction identification code for the transfer request; providing a party identifier code associated with one or more parties to the tran^ction; communicating at least the tran ction identifier code to the transferor, to be forwarded by the transferor to the transferee; communicating money transfer instructions to a money handling authority to effect the transfer, the money transfer instructions including information relating to the transaction identifier code and information relating to the party identifier code, but at least one of the codes being incomplete mch that the money transfer instructions do not contain mfficient information to complete a valid transfer; whereby the authority of a transferee to receive the funds can be verified by the money handling authority upon prerentation by the transferee of the original tran.saction identifier code and the original party identification code, which match the information in the money transfer instructions.
40. A method according to claim 39, wherein the step of communicating information to the transferor comprires relectively communicating the party identifier code.
41. A method according to claim 40, wherein the >step of communicating information to the transferor comprires communicating the party identifier code if the party identifier code is newly allocated.
42. A method according to claim 40 or 41, wherein the step of communicating information to the transferor comprires not communicating the party identifier code if a party identification code has previously been allocated for an earlier transaction between the .same parties, and is to be re-used for the current transaction.
43. A method according to any of claims 47 to 49, wherein the p.arty identification code, if communicated to the transferor, is communicated independently of the tran.saction identifier code.
44. A method of testing information provided by a transferee for collection of funds, the method comprising: receiving transfer instructions including a first party identifier code allocated to at least one of the parties to the transfer, and a recond transaction verification code related to a transaction identifier code allocated to the transaction;
(a) comparing the first party identifier code from the transfer instructions with a party identifier code provided by the transferee; and
(b) comparing the recond transaction verification code with a transaction identification code provided by the transferee.
45. A method according to claim 44, further comprising returning the transaction identification code to the isming authority as evidence that the transferee is authorised to receive the funds.
46. A method according to claim 44 or 45, wherein the transaction verification code contains some, but not all of the characters of the transaction identification code, and the method comprires comparing each known character in the transaction verification code for equivalency with a corresponding character of the transaction identifier code.
47. A method according to claim 44, 45 or 46, wherein the tran.saction verification code includes information associated with the remit of a function bared on one or more characters of the tran^ction identification code, and the method comprires testing whether the transaction identification code presented by the transferee matches the function.
48. A method or apparatus for handling money transfer requests, being .substantially as hereinbefore described with reference to any of the accompanying drawings.
PCT/GB1998/003537 1997-12-01 1998-11-26 Method and apparatus for money transfers WO1999028872A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
AU12515/99A AU742367B2 (en) 1997-12-01 1998-11-26 Method and apparatus for money transfers
EP98955790A EP1036381A1 (en) 1997-12-01 1998-11-26 Method and apparatus for money transfers

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB9725430A GB2331822B (en) 1997-12-01 1997-12-01 Method and apparatus for money transfers
GB9725430.4 1997-12-01

Publications (3)

Publication Number Publication Date
WO1999028872A1 true WO1999028872A1 (en) 1999-06-10
WO1999028872A2 WO1999028872A2 (en) 1999-06-10
WO1999028872A8 WO1999028872A8 (en) 1999-07-29

Family

ID=10822956

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB1998/003537 WO1999028872A2 (en) 1997-12-01 1998-11-26 Method and apparatus for money transfers

Country Status (5)

Country Link
EP (1) EP1036381A1 (en)
AU (1) AU742367B2 (en)
GB (2) GB2363664B (en)
HK (1) HK1042390B (en)
WO (1) WO1999028872A2 (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7266533B2 (en) 2000-12-15 2007-09-04 The Western Union Company Electronic gift greeting
US7716128B2 (en) 2001-03-31 2010-05-11 The Western Union Company Electronic indentifier payment systems and methods
US7783571B2 (en) 2007-05-31 2010-08-24 First Data Corporation ATM system for receiving cash deposits from non-networked clients
US7930216B2 (en) 2000-07-11 2011-04-19 The Western Union Company Method for making an online payment through a payment enabler system
US7933835B2 (en) 2007-01-17 2011-04-26 The Western Union Company Secure money transfer systems and methods using biometric keys associated therewith
US7937292B2 (en) 2000-07-11 2011-05-03 The Western Union Company Wide area network person-to-person payment
US8244632B2 (en) 2001-10-26 2012-08-14 First Data Corporation Automated transfer with stored value
US8374962B2 (en) 2001-10-26 2013-02-12 First Data Corporation Stored value payouts
US8504473B2 (en) 2007-03-28 2013-08-06 The Western Union Company Money transfer system and messaging system
US8515874B2 (en) 2001-03-31 2013-08-20 The Western Union Company Airline ticket payment and reservation system and methods
US8818904B2 (en) 2007-01-17 2014-08-26 The Western Union Company Generation systems and methods for transaction identifiers having biometric keys associated therewith
US9129464B2 (en) 2001-03-31 2015-09-08 The Western Union Company Staged transactions systems and methods

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000072109A2 (en) * 1999-05-25 2000-11-30 Safepay Australia Pty Limited System for handling network transactions
AU734404B3 (en) * 1999-05-25 2001-06-14 Safepay Australia Pty Limited System for handling network transactions
EP1077436A3 (en) 1999-08-19 2005-06-22 Citicorp Development Center, Inc. System and method for performing an on-line transaction using a single-use payment instrument
US6488203B1 (en) * 1999-10-26 2002-12-03 First Data Corporation Method and system for performing money transfer transactions
US9853759B1 (en) 2001-03-31 2017-12-26 First Data Corporation Staged transaction system for mobile commerce
CN101067856A (en) * 2007-06-28 2007-11-07 向亚峰 Method and system for realizing network payment

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4321672A (en) * 1979-11-26 1982-03-23 Braun Edward L Financial data processing system
US5319710A (en) * 1986-08-22 1994-06-07 Tandem Computers Incorporated Method and means for combining and managing personal verification and message authentication encrytions for network transmission
US5196840A (en) * 1990-11-05 1993-03-23 International Business Machines Corporation Secure communications system for remotely located computers
GB2261538B (en) * 1991-11-13 1995-05-24 Bank Of England Transaction authentication system
US5650604A (en) * 1995-02-22 1997-07-22 Electronic Data Systems Corporation System and method for electronic transfer of funds using an automated teller machine to dispense the transferred funds
US6085320A (en) * 1996-05-15 2000-07-04 Rsa Security Inc. Client/server protocol for proving authenticity

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7941346B2 (en) 2000-07-11 2011-05-10 The Western Union Company Wide area network person-to-person payment
US7941342B2 (en) 2000-07-11 2011-05-10 The Western Union Company Wide area network person-to-person payment
US7930216B2 (en) 2000-07-11 2011-04-19 The Western Union Company Method for making an online payment through a payment enabler system
US8024229B2 (en) 2000-07-11 2011-09-20 The Western Union Company Wide area network person-to-person payment
US7937292B2 (en) 2000-07-11 2011-05-03 The Western Union Company Wide area network person-to-person payment
US7266533B2 (en) 2000-12-15 2007-09-04 The Western Union Company Electronic gift greeting
US7908179B2 (en) 2000-12-15 2011-03-15 The Western Union Company Electronic gift linking
US8515874B2 (en) 2001-03-31 2013-08-20 The Western Union Company Airline ticket payment and reservation system and methods
US9129464B2 (en) 2001-03-31 2015-09-08 The Western Union Company Staged transactions systems and methods
US7716128B2 (en) 2001-03-31 2010-05-11 The Western Union Company Electronic indentifier payment systems and methods
US8706640B2 (en) 2001-03-31 2014-04-22 The Western Union Company Systems and methods for enrolling consumers in goods and services
US8374962B2 (en) 2001-10-26 2013-02-12 First Data Corporation Stored value payouts
US8244632B2 (en) 2001-10-26 2012-08-14 First Data Corporation Automated transfer with stored value
US8818904B2 (en) 2007-01-17 2014-08-26 The Western Union Company Generation systems and methods for transaction identifiers having biometric keys associated therewith
US9123044B2 (en) 2007-01-17 2015-09-01 The Western Union Company Generation systems and methods for transaction identifiers having biometric keys associated therewith
US7933835B2 (en) 2007-01-17 2011-04-26 The Western Union Company Secure money transfer systems and methods using biometric keys associated therewith
US8504473B2 (en) 2007-03-28 2013-08-06 The Western Union Company Money transfer system and messaging system
US8762267B2 (en) 2007-03-28 2014-06-24 The Western Union Company Money transfer system and messaging system
US7783571B2 (en) 2007-05-31 2010-08-24 First Data Corporation ATM system for receiving cash deposits from non-networked clients

Similar Documents

Publication Publication Date Title
AU742367B2 (en) Method and apparatus for money transfers
US6282523B1 (en) Method and apparatus for processing checks to reserve funds
WO1999028872A1 (en) Method and apparatus for money transfers
US5365046A (en) Preventing unauthorized use of a credit card
AU2002357839B2 (en) Method for receiving electronically transferred funds using an automated teller machine
US5341428A (en) Multiple cross-check document verification system
US7356505B2 (en) System and method for transferring funds
US4630201A (en) On-line and off-line transaction security system using a code generated from a transaction parameter and a random number
US7505944B2 (en) Method and system of payment by electronic cheque
US7010701B1 (en) Network arrangement for smart card applications
NO318559B1 (en) Electronic Transfer of Capital System and Procedure Using an Automated Cashier to Deliver Transferred Capital
HU225076B1 (en) Method and system of transferring currency
EP0960499A1 (en) Method and system for transferring funds
NZ535428A (en) System and method for secure credit and debit card transactions using dynamic random CVV2 code to mobile communications device
JPH11509015A (en) Secure identification system and method
WO2000002150A1 (en) Transaction authorisation method
EP1356436A1 (en) Method for preventing forgery of every kinds of lottery-ticket, exchange-ticket, certificate published by communication network and id-card, credit-card, medical insurance card with authentication code
EA002887B1 (en) Method for carrying out transactions and device for realising the same
US6954740B2 (en) Action verification system using central verification authority
US20200349531A1 (en) Method and system for transferring funds from an account to an individual
WO2020076176A1 (en) Method for automatically transmitting and storing financial and commercial receipts in electronic format
EP0420466B1 (en) Credit supply system
KR101173109B1 (en) Withdrawal System for small some of money using mobile phone and method for operating in ATM
US20040059675A1 (en) System and method for replacing identification data on a portable transaction device