WO2000077701A1

WO2000077701A1 - Method and apparatus for facilitating anonymous transactions

Info

Publication number: WO2000077701A1
Application number: PCT/US2000/015786
Authority: WO
Inventors: Tara Chand Singhal
Original assignee: Tara Chand Singhal
Priority date: 1999-06-12
Filing date: 2000-06-08
Publication date: 2000-12-21
Also published as: AU5869600A; EP1208503A1

Abstract

A method and apparatus (10) for providing anonymous and secure transactions over the Internet is provided herein. More specifically, the present invention includes a privacy system (12) that facilitates anonymous transactions globally between a customer (20) and a merchant (22). The privacy system (12) allows the customer (20) to purchase one or more items (60) from the merchant (22) over the Internet without the merchant (22) knowing the identity, credit card information and/or location of the customer (20). In order to facilitate an anonymous transaction, the privacy system (12) pays the merchant (22) for the item(s) (60). Furthermore, the privacy system (12) provides the shipping instructions for the item(s) (60) directly to a shipper (25) and not to the merchant (22). Additionally, for example, the privacy system (12) can pay the required sales tax, issue refunds for item(s) (60) purchased, control the flow of correspondence from the merchant (22) to the customer (20), generate a customer uniform bill of sale (1200), and generate a merchant bill of sale (1300).

Description

METHOD AND APPARATUS FOR FACILITATING ANONYMOUS TRANSACTIONS

CROSS REFERENCE TO RELATED APPLICATIONS

This application claims priority on Provisional Application Serial Number

60/139,101 , entitled "Internet-Based Anonymous Personal identification Number (APIN) System," filed on June 12, 1999, by Tara Chand Singhai and Mukunda

Singhai. This application also claims priority on Provisional Application Serial

Number 60/144,737, filed 07/21/99, entitled "INTERNET BASED ON-LINE

PRIVACY GUARD SYSTEM," by Tara Chand Singhai. The contents of

Provisional Application Serial Nos. 60/139,101 and 60/144,737 are incorporated herein by reference.

FIELD OF THE INVENTION

The present invention is directed to a method and apparatus for facilitating anonymous transactions. More specifically, the present invention is directed to a method and apparatus for protecting the privacy of a customer during transactions performed on the Internet.

BACKGROUND

Internet usage is increasing rapidly throughout the world. In order to take advantage of the increased usage, many merchants have established virtual stores that can be accessed on the Internet. At these virtual stores, a customer can browse the items offered by the merchants. Subsequently, the customer can purchase one or more items from the merchants.

A typical Internet transaction involves (i) the customer browsing the virtual store of a particular merchant, (ii) the customer selecting one or more item(s) for purchase, (iii) the customer providing personnel information to the merchant, and (iv) the merchant arranging for shipment of the item(s) to the customer. The personal information provided by the customer typically includes at least the name, address and credit card information of the customer. With this information, the merchant charges the credit card of the customer and ships the item(s) to the customer.

Unfortunately, many customers and/or potential customers are concerned that the personal information provided to the merchants may not be secure. Stated another way, many customers and potential customers are concerned that their personal information may be misused by the merchant, disseminated by the merchant, and/or improperly accessed by third parties. In fact, many potential customers do not purchase item(s) over the Internet because of the concern for the misuse and/or dissemination of their personal information by the merchant.

As further evidence of customer concerns, David Pecaut, the head of Boston Consulting's E_Commerce Practice, states in Yahoo News, July 19, 1999, New York (Reuters) that "[t]rust and security continues to be a major issue out there for first-time customers and even people who have already purchased continue to be concerned about that." In another Yahoo News item on July 12, 1999, David Lawsky provides, "[f]ew commercial Web sites follow 'fair information practices' to protect the privacy of Web surfers Recently, efforts have been made to establish privacy policies that require web sites to notify surfers of the information they gather and the intended use of the information. Unfortunately, the posting and adhering to privacy policies can only go so far in preserving customer personal data. By necessity, the personal data of the customer is entered into the database of the merchant during an online transaction. If a customer buys from many different merchants, the chances of their personal information being improperly disseminated increases, not withstanding the posting of privacy policies.

Additionally, there are a large number of customers who would prefer to guard their privacy and want to minimize the number of directories and/or databases that contain their personal information. For example, there are a large number of people who pay extra fees for an unlisted telephone number to preserve their privacy and protect against unwelcome contacts.

In light of the above, it is an object of the present invention to provide an apparatus and method for protecting the privacy of a customer during an online transaction. Another object of the present invention is to provide an apparatus and method for facilitating anonymous transactions on the Internet. Still another object of the present invention is to provide an apparatus and method for minimizing the likelihood of the improper dissemination of the personal information of a customer.

SUMMARY

A method and apparatus for facilitating anonymous transactions between a customer and a merchant on the Internet is provided herein. The method includes the steps of (i) transferring to a privacy system a purchase request by the customer to purchase an item from the merchant, (ii) providing a privacy payment to the merchant to pay for the item, and (iii) making a privacy delivery of the item from the merchant to the customer. Importantly, the privacy payment and the privacy delivery are in a form that does not identify the customer to the merchant. As a result thereof, the customer can purchase the item from the merchant without the merchant knowing the identity, address, electronic mail address, credit information and/or other personal information of the customer.

The method can also include one or more of the following steps: (i) outputting a request by the privacy system for a fund institution to provide the privacy payment, (ii) providing a purchase request for the item from the privacy system to the merchant,

(iii) outputting shipping information of the customer from the privacy system to a shipper,

(iv) providing a payment for shipping from the fund institution to the shipper, (v) outputting a request by the privacy system for the fund institution to provide the payment to the shipper,

(vi) providing a payment for taxes from the fund institution to an entity, (vii) outputting a request by the privacy system for the fund institution to provide the payment to the entity, (viii) collecting a payment from the customer, (ix) inputting a purchase request by the customer to purchase an item into a customer interface,

(x) outputting electronic mail directed to the customer from a merchant interface of the merchant to the privacy system, (xi) transferring a customer uniform bill of sale from the privacy system to the customer,

(xii) transferring a merchant uniform bill of sale from the privacy system to the merchant,

(xiii) providing an anonymous customer identifier for the customer, (xiv) providing a merchant identifier for the merchant,

(xv) transferring information regarding a credit card number of the customer into a first data base of the privacy system,

(xvi) transferring information regarding a name of the customer into a second data base of the privacy system, and/or (xvii) transferring information regarding a shipping address of the customer into a third data base of the privacy system.

The apparatus can include a storage device, a program stored in the storage device, and a processor connected to the storage device. Importantly, the processor is operative with the program to receive a purchase request by the customer to purchase an item from the merchant and instruct a fund institution to pay the merchant for the item.

Additionally, the processor can be operative with the program (i) to provide shipping information of the customer directly to a shipper, (ii) to instruct a fund institution to pay the shipper for shipping the item, (iii) to instruct the fund institution to provide a payment for taxes to an entity, (iv) to collect a payment from the customer, (v) to receive electronic mail directed to the customer from a merchant interface of the merchant, (vi) to transfer a customer uniform bill of sale to the customer, (vii) to transfer a merchant uniform bill of sale to the merchant, (viii) to provide an anonymous customer identifier for the customer, (ix) to provide a merchant identifier for the merchant, (x) to receive a credit card number of the customer and store the credit card number in a first data base, (xi) to receive a name of the customer and store the name in a second data base, and/or (xii) to receive a shipping address of the customer and store the shipping address in a third data base. Importantly, the present invention facilitates anonymous transactions globally between the customer and the merchant. The present invention allows the customer to purchase one or more items from the merchant without the merchant knowing the identity, credit card information and/or location of the customer. This minimizes the likelihood of the improper dissemination of the personal information of the customer.

BRIEF DESCRIPTION OF THE DRAWINGS

The novel features of this invention, as well as the invention itself, both as to its structure and its operation, will be best understood from the accompanying drawings, taken in conjunction with the accompanying description, in which similar reference characters refer to similar parts, and in which:

Figure 1 is a block diagram that illustrates an apparatus and method having features of the present invention;

Figure 2 is a block diagram that illustrates a privacy main system having features of the present invention;

Figures 3A-3C are block diagrams that illustrate databases having features of the present invention;

Figure 4 is a block diagram that illustrates the functions of a privacy system processor having features of the present invention; Figure 5 is a block diagram that illustrates some of the functions of a privacy system having features of the present invention;

Figures 6A-6F are simplified examples of web pages that can be generated by the privacy system;

Figure 6G is a simplified block diagram of how electronic mail can be routed through the privacy system;

Figure 6H is a simplified example of another web pages that can be generated by the privacy system;

Figure 7 is simplified illustration of a customer interface having features of the present invention; Figure 8A is a simplified illustration of a fund institution having features of the present invention; Figure 8B is a simplified block diagram that illustrates some of the functions of a processor for the fund institution;

Figure 9A is a simplified illustration of a merchant interface having features of the present invention; Figure 9B is a simplified block diagram that illustrates some of the functions of the merchant interface;

Figure 9C is a simplified illustration of a web page that can be generated by the merchant interface;

Figure 10A is a simplified illustration of a shipper interface having features of the present invention;

Figure 10B is a simplified block diagram that illustrates some of the functions of the shipper interface;

Figure 10C is a simplified illustration of a package and a scanner/printer having features of the present invention; Figure 11 is a simplified flow chart that illustrates order exception processing;

Figure 12 is a simplified illustration of a customer uniform bill of sale;

Figure 13 is a simplified illustration of a merchant uniform bill of sale;

Figures 14A-14C illustrate a merchant/customer identifier having features of the present invention; and

Figure 15 is a block diagram that outlines the operation of a method and apparatus having features of the present invention.

DESCRIPTION

Introduction

Referring initially to Figure 1 , a method and apparatus 10 having features of the present invention includes a privacy system 12, at least one customer interface 14, one or more merchant interfaces 16 (two are illustrated), at least one shipper interface 18, and a government entity 19 that are preferably connected on a global computer network 24. As provided herein, the present invention facilitates anonymous transactions globally between a customer 20 and a merchant 22. As an overview, the present invention allows the customer 20 to purchase one or more items 60 (illustrated in Figure 9C) from the merchant 22 without the merchant 22 knowing the identity, credit card information and/or location of the customer 20 Stated another way, the privacy system 12 allows the customer 20 to purchase one or more items 60 from the merchant 22 without disclosing the name, physical address, electronic mail address, and credit card information of the customer 20 to the merchant 22 Further, the privacy system 12 allows the ιtem(s) 60 to be shipped to the customer 20 with a shipper 25, without the merchant 22 having access to the shipping information of the customer 20 As a result thereof, the privacy system 12 minimizes the number of people, businesses and institutions that have access to the personal information of the customer 20 This minimizes the opportunity for the personal information of the customer 20 to be improperly disseminated

Preferred and optional aspects of the method and apparatus 10 are described below The headings are provided for the convenience of the reader

Privacy System 12

The privacy system 12 can probably best be understood with initial reference to Figures 1 and 2 As illustrated in Figure 1 , the privacy system 12 can include a privacy main system 12A, a privacy network interface 12B and a fund institution 12C As an overview, the privacy main system 12A manages all operations preformed by the privacy system 12 and the fund institution 12C collects, holds and disburses funds under the direction of the privacy main system 12A Alternately, as described below, the fund institution 12C can be a separate entity from the privacy system 12 Referring to Figure 2, the privacy main system 12A includes (i) a privacy storage device 26, (n) a privacy operating system 27 stored in the privacy storage device 26, (in) a privacy system manager program 28 stored in the privacy storage device 26, (iv) a privacy processor 30 connected to the privacy storage device 26, and (v) a fund system interface 31 The privacy processor 30 can include one or more conventional CPU's

The privacy processor 30 is preferably capable of high volume processing and database searches

The privacy storage device 26 can include one or more magnetic disk drives, magnetic tape drives, optical storage units, CD-ROM drives and/or flash memory. The privacy storage device 26 also contains a plurality of databases used in the processing of transactions pursuant to the present invention. For example, referring to Figure 2, the privacy storage device 26 can include a customer database 38, a merchant database 40, and a transaction history database 36.

The customer database 38 contains relevant, personal data specifically related to the customer 20. Personal data related to the customer 20 can be divided into three categories, namely, (i) identification data 38A of each customer 20, (ii) payment data 38B of each customer 20, and (iii) shipping data 38C of each customer 20. Identification data 38A can include the name, address, phone number, facsimile number, and electronic mail address of the customer 20. Payment data 38B can include information identifying one or more credit cards or debit cards used by the customer 20. The payment data 38B can include information, such as the card number and the expiration date of each credit or debit card. Additionally, payment data 38B could include the one or more bank accounts of the customer 20. Shipping data 38C can include one or more desired shipping addresses of the customer 20 and any special shipping instructions of the customer 20.

Preferably, as illustrated in Figure 2, the customer database 38 is organized and maintained in multiple, separate sub-databases, namely (i) an identification sub-database 38SD1 containing the identification data 38A of each of the customers 20 (ii) a payment sub-database 38SD2 containing the payment data 38B of each of the customers 20, and (iii) a shipping sub-database 38SD3 containing the shipping data 38C of each of the customers 20. With this design, each sub-database 38SD1 , 38SD2, 38SD3 contains only a portion of the information about each of the customers 20.

Preferably, the data of each customer 20, in each sub-database 38SD1 , 38SD2, 38SD3 is anchored by a unique customer identifier 50. The customer identifier 50 can be any number of characters that can be used to anonymously identify each customer 20. The customer identifier 50 can be created and selected by the customer 20 and/or assigned by the privacy system 12. The customer identifier 50 allows the customer 20 to communicate with the privacy system 12 without continuously providing any data that will personally identify the customer 20 to third parties. The privacy system 12 maintains the customer identifiers 50 in the privacy storage device 26 and validates only unique customer identifiers 50 for customers 20.

With this design, the privacy system 12 can access the information of a particular customer 20 by searching for the customer identifier 50 in each sub- database 38SD. Further, by having the identification data 38A of the customer 20 in a separate sub-database 38SD from the payment data 38B and the shipping data 38C, the present design provides another level of security to the customer 20.

Alternately, the personal data of the customer 20 retained in the customer database 38 can be separated into more than three or less than three sub- databases. For example, Figure 3A illustrates that the personal data of each of the customers 20 in the customer database 38 can be maintained in six separate sub-databases. In Figure 3A, the customer database 38 includes a first identification sub-database 38SDi, a second identification sub-database 38SDiι, a third identification sub-database 38SDiii, a payment sub-database 38SDiv, a shipping sub-database 38SDv, and a personal sub-database 38SDvi.

In this embodiment, the data of each customer 20 in each sub-database 38SD is preferably anchored with the customer identifier 50. Further, in this embodiment, (i) the first identification sub-database 38SDi contains the name 38D of each of the customers 20, (ii) the second identification sub-database 38SDii contains the phone number 38E and/or the facsimile number 38F of each of the customers 20, (iii) the third identification sub-database 38SDiii contains the electronic mail address 38G of each of the customers 20, (iv) the payment database 38SDiv contains the payment data 38B of each of the customers 20, (v) the shipping sub-database 38SDv contains the shipping data 38C of each of the customers 20, and (vi) the personal sub-database 38SDvι contains the personal data 38H of each of the customers 20 including the drivers license number, the social security number, and the maiden name of the mother of each of the customers 20. Similarly, with this design, the privacy system 12 accesses the information of a particular customer 20 by searching for the customer identifier 50 in each sub-database 38SD. Further, by having portions of the data of each the customers 20 in a separate sub-databases 38SD, the present design provides another level of security to the customer 20. The sub-databases 38SD may be located in the same storage device 26 as illustrated in Figure 2A. Alternately, for example, as illustrated in Figure 3A, each sub-database 38SD can be located in a separate storage devices. With this design, the data between the sub-databases 38SD and the privacy processor 30 may travel over secure internal communication lines, external private telephone lines and/or over the Internet. Further, with this design, the complete set of data required for a credit card authorization for a particular customer 20 may be assembled for a specific transaction during the transaction by accessing the various pieces of data from the dispersed sub-databases 38SD. Referring back to Figure 2, the merchant database 40 contains merchant related information and data 40A on each of the merchants 22. Merchant data 40A can include the name, the address, the phone number, facsimile number, web page URL, pager number, electronic mail address, and/or bank accounts of each merchant 22. Preferably, each merchant 22 is provided with a unique merchant identifier

51. The merchant identifier 51 can be any number of characters that can be used to identify the merchant 22 to the privacy system 12. The merchant identifier 51 can be created and selected by the merchant 22 and/or assigned by the privacy system 12. Additionally, a unique merchant/customer identifier 52 can be created for a transaction with each merchant performed with the privacy system 12. The merchant/customer identifier 52 can be any number of characters that can be used to anonymously identify the customer 20 to the merchant 22. The merchant/customer identifier 52 can be created and selected by the privacy system 12. The merchant/customer identifier 52 allows the privacy system 12 to anonymously identify the customer 20 to merchant 22 and/or to third parties (not shown).

The privacy system 12 preferably maintains the merchant identifiers 51 and the merchant/customer identifiers 52 in the merchant database 40 of the privacy storage device 26.

Referring initially to Figure 2, the transaction history database 36 maintains data on all of the information that flows from each transaction that is performed using the privacy system 12. This data may be segregated and maintained in an active transactions sub-database 36SD1 , an archived transactions database 36SD2 and payment history sub-database 36SD3.

Referring to Figure 3B, information in the active transaction sub-database 36SD1 can include a copy of a customer uniform bill of sale 1200 (illustrated in Figure 12), and the data records 36B exchanged between (i) the privacy system 12 and (ii) the merchant 22, and the customer 22 related to the particular transaction. The data records 36B can include the item(s) 60 purchased, the purchase price, the type of payment.

Preferably, the data regarding each transaction can be anchored with (i) a unique transaction identifier 54 created for each transaction performed with the privacy system 12, (ii) the merchant identifier 51 , (iii) the date/time of the transaction 36A, and (iv) the customer identifier 50 for easy retrieval and search. The unique transaction identifier 54 can be any number of characters that can be used to anonymously identify the transaction. The transaction identifier 54 can be created and selected by the privacy system 12.

Information in the archived transaction history sub-database 36SD2 includes the same data as for active transactions sub-database 36SD1 for those transactions that are completed.

Referring to Figure 3C, information in the payment history sub-database 36SD3 can include and be divided into: (i) funds collected data 36C-1 , (ii) merchant funds data 36C-2, (iii) shipper funds data 36C-3, (iv) sales/use tax fund data 36C-4 and (v) and privacy manager funds data 36C-5.

The funds collected data 36C-1 includes information relating to the money that is collected from each of the customers 20 for each transaction. The funds collected data 36C-1 can be anchored and identified with the customer identifier 50, the merchant identifier 51 and the transaction identifier 54.

The merchant fund data 36C-2 includes information relating to the money that is payable/paid to merchant 22 for the items 60 purchased by the customer

20. The merchant fund data 36C-2 is preferably anchored and identified by the merchant identifier 51 , the transaction identifier 54 and the merchant/customer identifier 52.

The shipper fund data 36C-3 includes information relating to the money that is payable/paid to the shipper 25 for shipping the item(s) 60 to the customer 20. The shipper fund data 36C-3 is anchored and identified by a shipper identifier 55, the merchant identifier 51 , the transaction identifier 54, and merchant/customer identifier 52. The shipper identifier 55 can be any number of characters that can be used to identify the shipper 25 to the privacy system 12. The shipper identifier 55 can be created and selected by the shipper 25 and/or assigned by the privacy system 12.

The sales/use tax fund data 36C-4 includes information relating to the money that is payable/paid for sales/use tax to the government entity 19 for the purchase of the item(s) 60 by the customer 20. The sales/use tax funds data 36C-4 is preferably anchored and identified by the merchant identifier 51 , the transaction identifier 54 and the customer identifier 50.

The privacy manager funds data 36C-5 includes information relating to money that is payable/paid to the privacy system 12 for use of the privacy system 12 for the purchase of the item(s). The privacy manager funds data 36C-5 is preferably anchored and identified by the customer identifier 50, the merchant identifier 51 , and the transaction identifier 54.

Referring to Figure 4, the privacy system manager program 28 is operative with the privacy processor 30 to (i) open new accounts 400 for the customer 20, the merchant 22 and shipper 25, (ii) conduct anonymous transaction 402 by interfacing with the customer 20, the merchant 22, the shipper 25 and the fund institution 12C and (iii) route electronic mail and information items 404 from the merchant 22 and other third parties to the customer 22. The program 28 and the processor 30 interface with customer 20 via the customer interface 14, the shipper 25 via the shipper interface 18, the merchant 22 via the merchant interface 16 and the fund institution 12C. Referring to Figure 5, the privacy system manager program 28 is also operative with the privacy processor 30 to (i) generate one or more privacy web pages 500, (ii) receive and store personal information about the customer 502, (iii) receive a purchase offer from the customer to purchase one or more item(s) from the merchant 504, (iv) receive an instruction from the customer to pay the merchant 506, (v) collect a payment from the customer for the item(s) purchased 508, for shipping of the item(s) 510, for sales/use tax on the item(s) purchased 512 and for the use of the privacy system 514, (vi) provide a payment of privacy funds 100 to the merchant 516, (vii) arrange for pick-up and delivery of the item(s) by contacting the shipper and providing shipping information to the shipper 518, (VIII) provide a payment of funds to the shipper 520, (ix) provide payment of privacy funds 100 to local, state or federal government entity for use/sales tax on the purchase of the ιtem(s) 522, (x) modify and/or cancel an order for the ιtem(s) 524, (xi) issue refunds for ιtem(s) purchased 526, (xn) control the flow of correspondence from the merchant to the customer 528, (xin) generate a customer uniform bill of sale 530, (xiv) generate a merchant bill of sale 532, and (xv) scramble information that is transmitted between the privacy system and the customer, the merchant, and the shipper 534

As discussed above, the privacy system 12 maintains the transaction status for each transaction within the transaction history database 36 This database 36 maintains records of each step of the transaction from order entry by the customer 20 to the actual delivery to the customer 20 The transaction steps can include (i) order entry by the customer, (n) order confirmation by the customer, (in) collection of funds from the customer, (iv) forwarding the order to the merchant, (v) receiving merchant order confirmation, (vi) receiving order pick-up date from the merchant, (vn) receiving actual pick-up date from the shipper, (vm) receiving estimated delivery date/time from the shipper, (ix) receiving actual delivery date/time from the shipper The status of the transaction is accessible to the customer 20 via the customer interface 14 from the privacy system 12 by contacting the privacy system 12 Figure 6H shows a transaction status web page that can be used by the customer Alternatively, the privacy system 12 may contact the customer via telephone, e-mail or mail to the customer with information regarding the status of the transaction

The privacy network interface 12B allows the privacy system 12 to communicate with the customer 20 via the customer interface 14, the merchant 22 via the merchant interface 16, the shipper 25 via the shipper interface 18, and the government entity 19 via the government network interface 19A Conventional internal or external modems may serve as the privacy network interface 12B In a preferred embodiment, the privacy network interface 12B is connected to the merchant interface 16, the customer interface 14 and the shipper interface 18 with the Internet

Alternately, the privacy network interface 12B can be connected by other electronic, voice and/or traditional communication systems that allow the privacy system 12 to interact with the merchant interface 16, the customer interface 14, the shipper interface 18 and the government entity 19. For example, the privacy system 12 can be connected to the merchant interface 16, the customer interface 14 and the shipper interface 18 via one or more phone lines. In this design, the privacy network interface 12B can include an input device, such as a keyboard, mouse or voice recognition software that allows the information from the merchant interface 16, the customer interface 14 and/or the shipper interface 18 to be entered to the privacy system 12.

The fund interface 31 allows the privacy system manager program 28 to interact with the fund institution 12C. Stated another way, fund interface 31 (i) allows the privacy system manager program 28 to request data from and forward data to the fund institution 12C and (ii) allows the fund institution 12C to request data from and forward data to the privacy main system 12A. The fund interface 31 can be connected to the fund institution 12C with a phone line 31 A or some other type of connection. In this embodiment, the fund interface 31 transmits credit card numbers and/or other payment information electronically over the Internet or phone line 31 A to the fund institution 12C where card verification and processing of the credit cards, debit cards or other forms of payment are handled.

The privacy system 12 can subtract a fee from the customer 20 when the privacy system 12 pays the shipper 25, pays the merchant 22 and/or pays the government entity 19. The amount of fee charged by the privacy system 12 can be varied. For example, the fees may be subtracted for each transaction as a percent of the transaction or a flat fee or a combination thereof. Privacy Web Pages As provided herein, the privacy system manager program 28 is operative with the privacy system processor 30 to generate one or more web pages on the world wide web. The web pages allow each customer 20 to provide information through the customer interface 14 to the privacy system 12. Alternately, instead of the world wide web, the customer 20 can provide some or all of the information to the privacy system 12 via electronic mail, voice mail, facsimile, or postal mail transmissions.

Figure 6A illustrates an initial privacy web page 600 having features of the present invention. The initial privacy web page 600 can be displayed on the customer interface 14 when the customer 20 first registers with the privacy system 12 or immediately prior to making the first purchase from a merchant 22 with the privacy system 12. The initial privacy web page 600 includes areas for (i) new account set up 602, (ii) account updates 604, (iii) begin a new transaction 606 with the privacy system 12, (iv) mail blocker options 608, (v) modify an existing order 610 and (vi) transaction status page 612. At this stage, the customer 20, via the customer interface 14 selects one of these choices from the initial privacy web page 600.

Figure 6B illustrates a new account setup page 602 that is displayed on the customer interface 14 when the customer 20 chooses the new account setup. First, the customer 20 fills in the customer identifier 50 and clicks the SEND button 614. Next, a number of fields or blanks 616 appear on the setup page 602. The fields or blanks 616 are to be filled out by the customer 20. These fields 616 include the information required to fill the customer database 38 of the privacy system 12. For example, the fields 616 can include the name 618, address 620, phone number 622, facsimile number 624, electronic mail address 626, shipping information 632, identification data 634 and payment methods 628, 630 in one or more forms such as credit card information and/or bank account information.

After the customer 20 fills in the blanks 616, the customer 20 transmits the information to the privacy system 12. The customer 20 does this by clicking on a SAVE button 636 located on the setup page 602. This information is subsequently transferred to the customer database 38 in the privacy system 12. The information is preferably transferred using secure means. These secure means may include use of existing encryption means and or any other means of securing the data during transmission.

Figure 6C illustrates an account update page 604 that is displayed on the customer interface 14 when the customer 20 chooses to update their account. In particular, the account update page 604 includes a number of fields including information that was previously provided by the customer 20. At this time, the customer 20 enters their customer identifier 50 and clicks SEND button 640. In response the privacy system 12 enables the selection of the type of data 642 that could be modified. The customer 20 makes a selection and simply modifies the information in the fields 644 on the account update page 604. After the account update page 604 is updated, the customer 20 transmits the information to the privacy system 12. The customer 20 does this by clicking on a SAVE button 646 located on the setup page. This information is subsequently transferred to the customer database 38. The information is preferably transferred using secure means. These secure means may include use of existing encryption means and or any other means of securing the data during transmission.

Figure 6D illustrates a new transaction page 606 that is displayed on the customer interface 14 when the customer 20 chooses to begin a new transaction. In particular, the transaction page 606 includes a number of fields 652 including information regarding the upcoming transaction. At this time, the customer 20 enters their customer identifier 50 and then clicks SEND button 650. The privacy system 12 enables the display of form fields 652, which customer 50 simply fills in. These fields 652 can include the merchant identifier 51 , an item identifier 654, an amount 656, shipping cost 658, sales tax 660 and total payment 662, and a type of payment 664. The customer 20 can enter the information with the customer interface 14. The customer 20 transfers the information from the transaction page 606 to the privacy system 12 by clicking on the SAVE button 668. Preferably, however, information regarding the merchant identifier 51 , the item identifier 654, the amount 656, the shipping cost 658, the sales tax 660 and the total payment 662 are transferred directly from the merchant interface 16 to the transaction page 606. This can be accomplished if the privacy system 12 is accessed by way of a web page generated by the merchant interface 16. Figure 6E illustrates a modify existing transaction page 610 that is displayed on the customer interface 14 when the customer 20 chooses to modify an existing transaction from the initial web page 600. The customer 20 enters their customer identifier 50 and clicks the SEND button 670. The privacy system 12, in response displays a list of transactions 672. Preferably, each of the transactions 674 are identified by the date, the transaction identifier 54 and merchant identifier 51. The customer 20 is given an option to select 675 a particular transaction 674. Next, the customer 20 can elect to cancel 676 the transaction 674 or modify 678 the transaction 674.

Figure 6F illustrates the mail blocker option page 608 that is displayed on the customer interface 14 when the customer chooses the mail blocker option from the initial web page 600. First, the customer 20 enters their customer identifier 50 and clicks the send button 680. Next, a list of options 684 to select 682 is provided to the customer 20. The options 684 to the customer 20 can include modify existing e-mail traffic to the customer by selecting and customizing the sources and the quantity of e-mail the customer wishes to receive to the customer interface via the Internet Service Provider (ISP) of the customer.

Referring to Figure 6G, the privacy system 12 preferably includes a mail interface 686 that allows the merchant 22 to send correspondence to the customer 20 and allows the privacy system 12 to screen any mail that is sent to the customer 20. With this design, all communications, including electronic mail directed towards the customer 20 from the merchant 22 is routed through the mail interface 686 in privacy system 12 and subsequently forwarded to the customer interface 14. With the mail interface 686, the customer 20 can customize the program with the mail blocker options 608. Referring back to Figure 6F, the mail blocker options page 608 allows the customer 20 to create a custom list of sources and/or subjects from which the customer 20 is willing to receive the mail or not willing to receive the mail from the merchant 22. The customer 20 enters their customer identifier 50 and clicks SEND button 680. The privacy system 12 generates the options page 608 that enables the customer 20 to select 682 one of the many mail block options 684 to help the customer 20 set up the mail blocker. Some of these options 684 are listed in Figure 6F. The customer 20 may decline all mail from a list of sources, accept all mail from a list of sources, and many precise combinations there from that are intended to eliminate nuisance or junk mail.

Referring back to Figure 6G, the mail interface 686 enables the customer 20 to exercise control on the contacts from the merchants 22 and other parties. The mail addressed to customer 20 is directed to the privacy system 12 addressed as a merchant/customer identifier 52 at the privacy system 12. Depending upon the instructions of the customer 20, the mail blocker interface 686 is operative within the privacy system 12 to block and/or rout some or all of the mail to customer interface 14. With this design, the merchant 22 can send correspondence to the customer 20 without knowing the physical and/or electronic address of the customer 20. However, the customer 20 can choose to have the correspondence block by the privacy system 12.

Figure 6H illustrates a transaction status page 612 that is displayed on the customer interface 14 when the customer 20 chooses to review the status of an existing transaction from the initial web page 600. Initially, the customer 20 enters their customer identifier 50 and hits SEND 690. Next, the privacy system 12 generates a list of transactions 692 containing one or more transactions 694. Upon the selection of a transaction 694, the status 696 of the selected transaction is displayed. The transaction status 696 may include information regarding different stages of the transaction. Customer Interface 14

With reference to Figures 1 and 7, the customer interface 14 allows the customer 20 to contact and interact with the merchant interface 16 and the privacy system 12. The customer interface 14 preferably includes a computer system 700 having (i) an input device 702, such as a keyboard, mouse or voice recognition software, (ii) a customer display device 704, such as a video monitor, (iii) a processing device 706 such as a central processing unit, (iv) a data storage device 708, and (iv) the customer network interface 14A such as a modem. Alternately, the customer interface 14 can be some other electronic or voice communication system 720 that allows the customer 20 to interact with the merchant interface 16 and the privacy system 12. For example, the customer interface 14 can include a phone, a facsimile machine, or postal mail.

The customer 20 may be an individual, a corporation, a partnership, the government, or any other entity. The customer 20 also has a shipping address 20A where the customer 20 wants to receive the item(s) 60. The customer interface 16 is preferably connected to the privacy system 12 via the Internet connection.

Fund Institution 12C

The system manager program 28, privacy processor 30, the fund interface 31 and the fund institution 12C support the transfer and exchange of payments from the customer 20 to the privacy system 12 and the payments of privacy funds 100 to the merchant 22, the shipper 25 and the governmental entity 19. As illustrated in Figures 1 and 2, the fund interface 31 allows the system manager program 28 and the main system 12A to interact with the fund institution 12C to support the transfer and exchange of payments from the customer 20 to the privacy system 12 and the payments of privacy funds 100 to the merchant 22, the shipper 25 and the governmental entity 19.

The fund institution 12C can be an integral part of the privacy system 12 and/or a separate and independent entity. Referring to Figure 8A, the fund institution 12C preferably includes a computer system having (i) an input device (not shown), such as a keyboard, mouse or voice recognition software, (ii) a display device (not shown), such as a video monitor, (iii) a processing device 802 such as a central processing unit, (iv) a data storage device 804, (iv) a fund program 806, (v) a fund database 808, (vi) a global network interface 810, (vii) an operating system 812, (viii) an electronic fund transfer network interface 814, (ix) a privacy manager interface 816, and a credit card authorization interface 818.

The network interface 810 can include a modem or other electronic or voice communication systems that allow the fund institution 12C to interact with the merchant interface16, the shipper interface 18 and the government entity 19. The privacy manager interface 816 allows the fund institution 12C to communicate with the privacy system manager program 28 and the privacy main system 12A. The privacy manager interface 816 of the fund institution 12C can be connected to the fund system interface 31 with a telephone line 31 A (illustrated in Figure 1) or an Internet connection.

Referring to Figure 8B, the fund program 806 is operative within the processing device 802 to process the payment from the customer 20 and to generate the funds that are transferred to the merchant 22, the shipper 25 and the government entity 19. The program 806 interfaces with the privacy main system 12A, the bank or financial institution of the customer 20, the shipper 25, the merchant 22, and the government entity 19 in order to receive funds from the customer 20, and disburse funds to the merchant 22, the shipper 25, the government entity 19 and the privacy main system 12A. Typically, the fund institution 12C receives the relevant information regarding the payment type (e.g. one or more of the credit cards) of the customer 20 from the privacy main system 12A and processes the payment from the payment type. Subsequently, the fund institution 12C generates the funds that are paid to the merchant 22 for the items, the shipper 25 for shipping the items, the government entity 19 for sales/use tax on the items and the privacy main system 12A for use of the privacy system 12 for the purchase.

The privacy main system 12A forwards the required information of the customer 20 to the fund institution 12C so that the fund institution 12C can receive payment from the customer 20. The fund institution 12C receives the information from the privacy main system 12A, contacts the customer bank or financial institution 850 and processes the payment from the customer 20. A payment funds reference number is assigned to the transaction by the fund institution 12C. The funds paid to the merchant 22 for the items is considered merchant funds 830, the funds paid to the shipper 25 for shipping the items is considered shipper funds 822, the funds paid to the government entity 19 for sale/use tax on the items is considered sales tax funds 832, and the funds forwarded to the privacy main system 12C for use of the privacy system 12 is considered privacy system funds 836. The storage device 804 maintains in the funds database 808 the amount of merchant funds 830 paid to the merchant 22, the amount of shipper funds 832 paid to the shipper 25, the amount of sales tax funds 834 paid to the government entity 19 and the amount of privacy systems funds 836 paid to the privacy main system 12C. The fund institution 12C receives the funds from the customer 20 by processing one or more credit cards, debit cards, bank accounts, purchase orders of the customer 20 with information received by the privacy main system 12A. Subsequently, the fund institution disperses the merchant funds 830 to the merchant 22 for the items purchase, disperses the shipper funds 832 to the shipper 25 for shipping the items, and disperses the sale tax funds 834 to the government entity 19 for sale/use tax on the items.

Preferably, the merchant funds 830, the shipper funds 832, and the sales tax funds 834 are paid with privacy funds 100. The privacy funds 100 are provided to the merchant 22, the shipper 25 and the government entity 19 by the privacy system 12 via the fund institution 12C. The type of privacy fund 100 utilized by the fund institution 12C can be varied. For example, the type of privacy fund 100 may be a credit card, a cashier's check, a company check, an electronic fund transfer, a digital money transfer, and/or a letter of credit provided by the fund institution 12C and/or some other institution. Uniquely, the type of privacy fund 100 provided by the privacy system 12 does not identify the customer 20. More specifically, the privacy funds 100 do not include and/or disclose the name, physical address, electronic mail address, and credit card information of the customer 20. Instead, the fund institution 12C preferably forwards the privacy funds 100 along with the merchant/customer identifier 52, the transaction identifier 54, the customer identifier 50, the shipper identifier 55 and/or some other anonymous identifier. The anonymous identifiers allow the merchant 22 to credit and/or keep track of payment for the item(s) 60 without receiving the name, physical address, electronic mail address, and credit card information of the customer 20. Somewhat similarly, the anonymous identifiers allow the shipper 25 and the government entity 19 to receive the appropriate payment without receiving some or all of the personal information of the customer 20.

The fund institution 12C receives payment from the customer 20 via any number of ways including charge card, debit card, physical check, EFT or a purchase order if the customer is an established business entity. The fund institution 12C upon notification from the privacy main system 12A disburses the privacy funds 100 to the merchant 22, to the shipper 25, to the customer 20 on returned items and to the government entity 19 for use/sales tax if levied and collected. During different stages of the transaction, the fund institution 12C holds funds that are identified to the customer 20 by the customer identifier 50, to the merchant 22 by the merchant identifier 51 and to the shipper 25 by the shipper identifier 55 and to the government entity 19.

The allocation, distribution and/ or re-allocation of the funds at different stages of the transaction is managed by the privacy main system 12A.

The fund institution 12C may be an individual, a corporation, a partnership, an escrow company, or a bank. The fund institution 12C may be a separate, independent entity or may be an integral part of the privacy system 12. Merchant Interface 16 Referring initially to Figure 1 , the merchant interface 16 allows the merchant 22 to contact and interact with the privacy system 12. Referring to Figure 9A, the merchant interface 16 preferably includes (i) an input device (not shown), such as a keyboard, mouse or voice recognition software, (ii) a merchant display device (not shown), such as a video monitor, (iii) a processing device 900 such as a central processing unit, (iv) a data storage device 902, (iv) a network interface 904, (v) an operating system 906, (vi) a merchant web application program 908, (vii) a privacy system merchant program 910, (viii) merchant web page data 912, (ix) merchant inventory data 914, (x) privacy system order data 916, (xi) a printer interface 918 and (xii) a printer 920. The network interface 904 can be a modem or some other electronic or voice communication system that allows the merchant 22 to interact with the privacy system 12. The network interface 904 preferably connects the merchant 22 to the global network. Figure 9B illustrates some of the functions of the merchant interface 16. In particular, the merchant interface 16 (i) receives orders for items from the privacy system 930, (ii) processes orders 932 by packaging the items 934, printing and affixing anonymous labels to the packages 936 and tracking the placement in the items in a shipper pick-up area of the merchant location 938. The merchant interface 16 also interfaces with the privacy system 940 by posting status 942, supplying inventory specific data 944 and to collecting privacy funds from the privacy system 946. The merchant interface 16 interfaces with privacy main system 12A. Further, the merchant interface 16 may also interface with fund institution 12C via an EFT or some other communication system. The merchant 22 places the items in a pickup area 948 when the items are ready for shipping.

Preferably, the merchant interface 16 generates one or more merchant web pages 950 that can be accessed by the customer 20. The merchant web pages 950 allow the merchant 22 to provide a virtual store that can be accessed by the customer 20. Figure 9C illustrates a representative example of a merchant web page 950 that is displayed on the customer interface 14. The customer 20 may browse the merchant web page 950 and select one or more item(s) 60 to purchase. The merchant web page 950 illustrated in Figure 9C includes a first item and a second item. Each item 60 preferably includes a picture 952 of the item, a description 954 of the item 60, and a price 956 for the item 60. Preferably, the merchant web page 950 provides the customer 20 with at least two options for purchasing the item(s) 60. The first option is to buy the item(s) 60 in a traditional, normal process 960. The second option is to buy the item(s) 60 using the privacy system 962. When the customer 20 makes a purchase decision and is ready to pay for the item(s) 60, the customer 20 can select the option to buy with the privacy system 962. When that happens, the transaction page 606, illustrated in Figure 6D appears on the customer interface 14.

Referring back to Figure 9A the printer interface 918 is preferably operational with the printer 920 to print anonymous shipping labels 960. The anonymous shipping labels 960 are affixed to the box(s)/ packages that contain the item(s) ordered by the customer 20. The anonymous shipping label 960 contains information that anonymously identifies the customer 20. Stated another way, the shipping label 960 preferably does not include personal information about the customer, such as the customer name and/or address. Instead, the shipping label 960 includes the merchant/customer identifier 52, the transaction identifier 54 and/or some other anonymous identifier. With this information, the shipper 25 can contact the privacy system 12 to retrieve the shipping address of the customer 20. During a transaction using the privacy system 12, the merchant interface

16 receives an order for an item from the privacy system 12 and saves the order in the storage device 902. Next, the merchant 22 reviews/displays the order, processes the order, prints the anonymous shipping label 960, and places the item in the pick-up area 948. Subsequently, the merchant 22 relays the order status to privacy system 942.

The merchant 22 receives payment for the item(s) 60 from the privacy system 12 in privacy funds 100. The merchant 22 can track the payment of the privacy funds 100 for the item(s) with the anonymous identifier that is provided with the privacy funds 100. The merchant 22 can match bank statement with a privacy payment identifier and can archive the order. The merchant 22 may contact the customer via electronic mail regarding future sales, through the privacy system 12, using the merchant/customer identifier 52.

The merchant 22 may be an individual, a corporation, a partnership, the government, or any other entity. The merchant 22 also has a merchant address 22A where the item(s) 60 are located. The merchant address 22A may be the same or a different location than the pick-up area 948. The merchant interface 16 is preferably connected to the privacy system 12 and the customer interface 14 with an Internet connection. Alternately, the merchant interface 16 can be some other electronic or voice communication system that allows the merchant 22 to interact with the privacy system 12.

Additionally, as provided herein, the privacy system 12 can be used to increase the efficiency of the merchant 22. More specifically, during the fulfilling of an order, the merchant 22 must stock an inventory, advertise the item(s), take orders for the item(s), receive payment for the item(s), process the payment for the ιtem(s), pay a fee to the credit card agency, issue refunds, contact the shipper, arrange pick-up and pay the shipper The merchant 22 also performs the task of determining correct tax rate based upon the residence of the customer's, collecting use/sales tax and remitting the use/sales to the governmental entity 19 A number of these duties can be centralized with the privacy system 12 and can be eliminated from the responsibility of the merchant 22 For example, as provided herein, the privacy system 12 receives payment for the ιtem(s) 60, processes the payment for the ιtem(s) 60, pays a fee to the credit card agency, issues refunds, contacts the shipper 25, arranges for pick-up by the shipper 25 and pays the shipper 25, and pays the government entity 19

When the merchant 22 has completed the order and made it ready for pickup, the merchant 22 addresses each package in the order placing the label 960 that identifies the order by the merchant/customer identifier 52 Next, the merchant 22 places the item 60 in the outgoing area of his pick-up area 948 The merchant 22 does not need to contact the shipper 25 Instead, the merchant 22 notifies the privacy system 12 that the order is ready for pick-up

The merchant 22 may also identify to the privacy system 12, physical size and weight of each package in the order along with any applicable shipping information such as perishable and fragile nature of the package The merchant 22 can also enter ready for pick-up date/time (AM or PM), in the privacy system 12, in advance of the actual date of pick-up, specifying a future date/time of pickup The time could be AM or PM or a specific 2 hour or a 4 hour time window on a 24 hour or a 12 hour day Sales Tax The function of sales tax, more accurately called use tax, because it is levied on the customer 20 and typically collected by the merchant 22, may be centralized by the privacy system 12 and thus handled in a more efficient manner Each county, state or city government entity 19 may have a different use/sales tax On the Internet transactions, the collection of sales tax by merchant 22 is currently under dispute The merchant 22 now has to track and calculate use/sales tax In contrast, with the present invention, the privacy system 12 maintains the location of the customer 20 and computes the required use/sales tax as a function of the location of the customer 20 The purchase order payment computation has a separate tax field, by which to compute and track sales tax funds as part of the funds.

The privacy system 12 thus may provide an automated use/sales tax calculation, collection and remittance to the government entity 19 without the merchant 22 having to handle this task.

Shipper Interface 18

Referring initially to Figure 1 , the shipper interface 18 allows the shipper 25 to interact with the merchant 22 and the privacy system 12. As an overview, the privacy system 12 aggregates the order pick-up data/messages from many merchants 22 and sorts them by the shipper identifier 55, geographic region, and day/time of pick-up and any other attributes that facilitate the shipper tasks. The Privacy system 12 then, via the shipper interface 18, forwards to each shipper 25 the aggregated pick-up data. Preferably, the shipper 25, using this data, plans the pick-up and truck routing without any contact with the merchant 22. Alternatively, the shipper 25 can be authorized to contact the privacy system 12 and retrieve the data by identifying himself to the privacy system 12 by the shipper identifier 55.

Referring initially to Figure 1 , the shipper interface 18 allows the shipper 25 to contact and interact with the privacy system 12. Referring to Figure 10A, the shipper interface 18 preferably includes (i) an input device (not shown), such as a keyboard, mouse or voice recognition software, (ii) a display device (not shown), such as a video monitor, (iii) a processing device 1002 such as a central processing unit, (iv) a data storage device 1004, (iv) a network interface 1006, (v) an operating system 1008, (vi) a shipper application program 1010, (vii) a privacy system shipper program 1012, (viii) system shipper data 1014, (ix) a printer interface 1016 and (xii) a printer 1018.

The network interface 1006 can be a modem or some other electronic or voice communication system that allows the shipper 25 to interact with the privacy system 12. The network interface 1006 preferably connects the shipper 25 to the global network. Alternately, the network interface 1006 can be some other electronic, voice or traditional communication system that allows the shipper 25 to interact with the privacy system 12 and the merchant 22.

Figure 10B illustrates some of the functions of the shipper interface 18. In particular, the shipper interface 18 (i) receives shipper data files from the privacy system 1020, (ii) processes shipper data files 1022 by tracking package pick-up data 1024, printing affixing privacy system labels 1026 and/or destination code delivery tracking labels 1028, (iii) interface with privacy main system 1030 to provide pick-up status 1032, delivery status 1034 and accounting and collecting privacy funds 1036 for the cost of shipping. The system shipper data 1014 maintained by the shipper 25 can include the shipper identifier 55, the pick-up date, the time slot, the merchant identifier 51 and location, the customer identifier 50, the destination code, and number and size and weight of packages.

Referring back to Figure 10A, the printer Interface 1016 and the printer 1018 allow the shipper 25 to print shipping labels 1040. The shipper 25 is provided access to the privacy system 12 via the shipper interface 18 for the tasks it needs to perform in the act of shipping the items 60 ordered by the customer 20. The shipper 25 can contact the privacy system 12 and use the merchant/customer identifier 52 from the anonymous shipping label 960 printed by the merchant 22. The privacy system 12 provides to the shipper 25 the information required for shipping the items 60 to the customer 20. With the information provided by the privacy system 12, the shipper interface 18 can create the shipping label 1040 that includes the merchant information 1050 and the customer information 1052. The merchant information 1050 can include the name, address, and any special pickup information. The customer information 1052 can include the name, shipping address and any special shipping instructions of the customer 20. Alternatively and/or in addition, a portion of the shipping labels 1040 can be printed in advance from the aggregated pick-up data provided to the shipper 25.

Importantly, the merchant 22 is not provided with the specific information required for shipping the items 60 to the customer 20. Instead, the privacy system 12 provides this information directly to the shipper 25.

Alternately, referring to Figure 10C, the shipper 25 can use a hand-held web-enabled scanner/printer 1060 to obtain the customer information 1052. In this design, the scanner/printer 1060 scans the anonymous shipping label 960 placed on the package 1090 that contains the items (not shown in Figure 10C). Upon scanning the label 960, a display 1092 on the scanner/printer 1060 displays the merchant information 1050 and the customer information 1052. With this design, the shipper 25 is not required to print a shipping label. This further protects the privacy of the customer 20. Typically, each transaction has shipping cost as a separate field. The shipper 25 is preferably paid directly by the fund institution 12C with privacy funds

100. The fund institution 12C can reference the payment of the privacy funds to the merchant/customer identifier 52 or some other anonymous identifier so that the shipper 25 can account for the payment of the shipping of the item(s).

This method of shipping from the merchant 22 to the customer 20 provided herein not only maintains customer privacy but it also reduces the shipper's overhead costs. In particular, with the present invention, the merchant 22 does not contact the shipper 25 for pick-up times and the shipper 25 does not have to maintain an account receivable function for each merchant.

In summary, the shipper interface 18 receives shipping information directly from the privacy system 12 and uses it to schedule a pickup of the package 1090 of item(s) from the merchant 22. Additionally, the shipper interface 18 retrieves information to create a shipping label 1040 from the privacy system 12. The shipping label 1040 is either physically affixed to the package 1090 and/or the shipper 25 maintains the shipping address of the customer 20 in a shipping database, along with a parcel tracking number and the customer identifier 50.

The shipper interface 18 preferably creates and sends to the privacy system 12 a delivery notification record when the shipper 25 is ready to deliver the item(s). The delivery notification record can be sent with the shipper interface 18 directly interacting with the privacy main system 12A. Alternately, the shipper interface 18 can send electronic mail, voice mail, a facsimile, U.S. mail or some other notification means to the privacy system 12 regarding the status of shipping. The privacy system 12 can forward this information to the customer 20. The shipper 25 may be an individual, a corporation, a partnership, the government or any other entity. The shipper 25 can also be an integral part of the privacy system 12.

Exception Transaction Option

The privacy system 12 preferably enables the customer 20, the merchant 22, and/or the fund institution 12C to change or cancel any transaction.

The merchant 22 may want to cancel or modify the transaction if the item(s) 60 are out of stock, back ordered, and/or an alternate item is available. The customer 20 may want to cancel or modify the transaction if shipment of the item(s) 60 is delayed. The fund institution 12C may want to cancel or modify the transaction if insufficient credit of the customer 20 is available, and/or the credit card of the customer is expired or over the limit.

The privacy system 12 processes any request to alter or cancel a transaction. For example, if the merchant 22 is out of a particular item, the information is forwarded to the customer 20 and a response in terms of cancel order or change order is processed. If the customer 20 cancels the order, the merchant 22 is sent cancellation notice, the privacy system 12 receives notice to cancel the credit card transaction and the customer 20 is sent a confirmation that the order is cancelled. If the fund institution 12C determines that the credit card of the customer 20 is not approved, the customer 20 is forwarded an advisory notice and the customer 20 is requested to provide an alternate form of card payment.

The customer 20 can change or cancel a transaction by accessing the modify existing transaction exception web page (illustrated in Figure 6E) of the privacy system 12. After the customer 20 enters the customer identifier 50, the transactions of the customer 20 are retrieved from the transaction history database 36 and are displayed on the customer interface 14. From here, the customer 20 can select a transaction and change or cancel the transaction.

Alternately, for example, the transaction can be changed or cancelled by the customer 20 or the merchant 22 with an electronic mail sent to the privacy system 12. Preferably, the electronic mail information is sufficient to identify who wants to cancel or modify the transaction and why the transaction should be cancelled or modified.

Figure 11 illustrates a flow chart of how Order Exception Processing 1 102 is handled. First, the privacy system 12 determines the source of the exception 1104. If it is the merchant 22, the privacy system 12 determines the reason for the exception 1106. Next, the privacy system 12 contacts the customer 20 allows the customer 20 to decide how to proceed 1108.

If the customer 20 is the source of the exception, the privacy system 12 again determines the reason for the exception 1110. Next, in step 1112, the privacy system 12 contacts the merchant 22 and the fund institution 25, as necessary, in view of the actions by the customer 20.

If the fund institution 12C is the source of the exception, the privacy system 12 again determines the reason for the exception 1114. Next, in step 1116, the privacy system 12 contacts the customer 20 to determine if alternate forms of payment are available.

Customer Uniform Bill Of sale

Preferably, referring to Figure 12, the privacy system 12 generates a customer uniform bill of sale 1200 that is transferred to the customer 20 via the customer interface 14. The customer uniform bill of sale 1200 is preferably displayed upon the display 704 of the customer interface 14. The customer uniform bill of sale 1200 is the same for each merchant 22. Typically, each merchant 22 has a different way or form of showing and/or recording a transaction. The privacy system 12 generates a standard customer uniform bill of sale 1200 irregardless of the merchant 22. The customer uniform bill of sale 1200 is preferably transferred from the privacy system 12 to the customer interface 14 over the Internet.

As provided herein, the customer uniform bill of sale 1200 can include fields or areas for (i) sale terms and conditions 1202, (ii) merchant identifier 1204, (iii) transaction identifier 1206, (iv) date/time 1208, (v) item identification 1210, (vi) item description 1212, (vii) price/item 1214, (viii) quantity 1216, (ix) weight 1218, (x) product total 1220, (xi) cancel item 1222, (xii) product status 1224, (xiii) sales tax 1226, (xiv) method of shipping 1228, (xv) shipping cost 1230, (xvi) total cost of order 1232, (xvii) customer id 1234 and/or (xviii) payment type 1236.

The customer 20 enters the customer identifier 50, and the payment type (payment type identifies the sequence number of customer's pre-stored payment types of credit card, debit card or bank account) for this transaction into the customer bill of sale 1200. Additionally, the customer uniform bill of sale 1200 includes action buttons of SUBMIT 1250, CLEAR 1252, HOLD 1254, REPROCESS 1256, and REFUND 1258 buttons. These action buttons allow the customer 20 to bring up the customer uniform bill of sale 1200 at any time, from the time of submitting the transaction, to after the transaction is submitted and the item is purchased to seek a refund and make changes. The HOLD 1254 button permits a customer 20 to enter the transaction in the privacy system 12 and allows it not to be submitted to the merchant 22. This allows the customer 20 time to compare, process, and/or make further decisions.

The weight and availability information on the customer uniform bill of sale 1200 are retrieved from the merchant interface 16 by the privacy system 12. The field for cancel items 1222 allows the customer 20 to cancel an item 60 from the customer uniform bill of sale1200, if the customer 20 decides not to buy this particular item 60. This cancel item feature may be used before the transaction is submitted by engaging the SUBMIT button 1250. The customer uniform bill of sale 1200 may also be retrieved from the privacy system 12 by the customer interface 14 after the transaction is submitted and before the merchant 22 has acted on the transaction. The customer uniform bill of sale 1200 may also be used after the item 60 is shipped by the merchant 22 and is returned by the customer by using a REFUND button 1258. Merchant Uniform Bill Of sale

Preferably, referring to Figure 13, the privacy system 12 can also generate a merchant bill of sale 1300 that is transferred to the merchant 22 via the merchant interface 16. The merchant uniform bill of sale 1300 is the same for each merchant 22. The merchant uniform bill of sale 1300 is preferably transferred from the privacy system 12 to the merchant interface 16 over the Internet.

As provided herein, the merchant uniform bill of sale 1300 can include fields or areas for (i) sale terms and conditions 1302, (ii) a merchant identifier 1304, (iii) transaction identifier 1306, (iv) date/time 1308, (v) item identification 1310, (vi) item description 1312, (vii) price/item 1314, (viii) quantity 1316, (ix) weight 1318, (x) product total 1320, (xi) product status 1322, (xii) sales tax 1324, (xiii) method of shipping 1326, (xiv) shipping cost 1326, (xv) total cost of order 1328, (xvi) merchant/ customer id 1330 and/or (xvii) payment reference 1332.

Many of these fields in the merchant uniform bill of sale 1300 are the same as in customer uniform bill of sale 1200 and are thus transferred from the customer uniform bill of sale 1200 to the merchant uniform bill of sale 1300 by the privacy system 12.

The merchant bill of sale 1300 is presented to the merchant 22 as an order. The merchant/customer identifier 52 is a merchant unique identification and is explained below. The merchant bill of sale 1300 also includes the privacy funds 100 to be paid to the merchant 22. The merchant bill of sale 1300 includes an area 1334 that allows the merchant 22 to Select and Enter order fulfillment status. This area includes select buttons of ORDER RECEIVED 1336, ORDER PROCESSED 1338. This area 1334 also includes fields for PICKUP DATE 1340 and SHIPPER identifier 1342. The merchant 22 must fill in the areas for pickup date 1340 and shipper identifier 1342.

Merchant/Customer Identifier 52

Figures 14A-14C illustrate an optional merchant/customer identifier 52 that can be created to further shield the identity of the customer 20 from the merchant 22.

In the privacy system 12, there are many merchants 22 and each merchant 22 has many customers 20. It is preferable to not identify the customer 20 to the merchant 22, the shipper 25 and other parties that may interface with the privacy system 12 with the same customer identifier 50 that the customer 20 uses with the privacy system 12. Therefore, preferably, the privacy system 12 creates a unique merchant/customer identifier 52 by which the customer 20 is identified to the merchant 22 and the others. The merchant/customer identifier 52 is unique for each customer 20 of each of the merchants 22. Figure 14A illustrates a table 1400 mapping the merchant identifier 51 to the merchant/customer identifier 52. The merchant/customer identifier 52 is different from the customer identifier 50 described above.

To create a unique merchant/customer identifier 52 from the customer identifier 50 for the merchant identifier 51 , the privacy system 12 uses a scramble code formula. The steps of the process as illustrated in Figures 14B and 14C that allow the customer identifier 50, the merchant identifier 51 to be embedded in the merchant/customer identifier 52 in a scrambled form.

When the pπvacy system 12 is contacted by the shipper 25 using the merchant/customer identifier 52, the privacy system unscrambles the merchant/customer identifier 52 to find the merchant identifier 51 and the customer identifier 50

Figure 14B illustrates a scramble code table 1440 with the scramble code numbers 1442 and the scramble code 1444 or the formula for each scramble code number 1442. These scramble codes 1444 or formulas are used to scramble the customer identifier 50 to arrive at a merchant/customer identifier 52 as illustrated in Figure 14C. There are millions of scramble code formulas 1444 that may be used. To help in creating a large number of scramble code formulas 1444, a structure within the scramble code numbers 1442 may be created. This structure consists of the first letter of scramble code numbers 1442 being a letter that may designate a month or some other repeatable representation. The second letter of scramble code numbers 1442 may represent some other repeatable representation such as a week or day and the rest of the scramble code numbers 1442 is a sequence representation. This structure of scramble code numbers 1442 allows a small number of scramble code formulas 1444 to be repeated with minor variations and thus create a large number of different scramble code formulas.

Figure 14C illustrates a flow chart 1450 of how the merchant/customer identifier 52 is derived from the customer identifier 50 by using the scramble code formula 1442. At step 1452, the customer identifier 50 is read. The scramble code that would be used for this merchant 22 is determined in a two-step process. In the first step 1454, the first two digits of the scramble code number 1442 are determined by the calendar when this merchant/customer identifier 52 is created. In the second step 1456, a four digit bounded random number generator is run to determine the remainder of the digits of the scramble code numbers 1442. In step 1460, the complete scramble code numbers 1442 is determined by combining the results of the two steps. This scramble code number 1442 is then used to read a scramble code formula from the scramble code table to use for scrambling 1458. Next, the customer identifier 50 is scrambled 1462. The scramble code number 1442 used is then appended to the scrambled customer identifier 50 to arrive at the merchant/customer identifier 1464. This merchant/customer identifier 52 is used to uniquely identify the customer 20 to the merchant 22 and is saved in a table as part of the Merchant database 1466. The merchant/customer identifier 52 is then comprised of a scrambled customer identifier element and a SCODE element.

The merchant identifier 51 may be any identification system currently used such as a tax identification number. Referring back to Figure 14A, the merchant identifier 51 may also be a structured identification made of different structure elements such as the state 1402 where the merchant 22 is located, the merchant class 1404, identifying the merchant by the type of business, and/or a merchant number 1406 within that state and class.

OPERATION The operation of the apparatus 10 and privacy system 12 can be further understood with reference to Figure 15. Importantly, the order of some or all of the steps can be varied. Further, not all of the steps outlined below are necessary to perform an anonymous transaction pursuant to the present invention. At step 1500, the customer 20 contacts the privacy system 12 with the customer interface 14. At step 1502, the customer 20 provides personal information to the pπvacy system 12. At step 1504, the customer 20 is assigned a unique customer identifier 50. The customer identifier 50 can be selected by the customer 20 or the privacy system 12 based upon input from the customer 20. At step 1506, the privacy system 12 stores the personal information about the customer 20 in the privacy storage device 26. This information includes the identification information of the customer 20, the payment data of the customer 20 and the shipping data of the customer 20. The customer identifier 50 is also stored in the storage device 26. At step 1508, the customer 20 contacts the merchant interface 16 and reviews one or more items 60 offered for sale by the merchant 22. Preferably, the merchant interface 16 includes a picture and description of each item 60. At step 1510, the customer 20 decides upon one or more item(s) 60 for purchase from the merchant 22. At step 1512, the customer 20 contacts the privacy system 12. The customer 20 can contact the privacy system 12 by way of the merchant interface 16. Alternately, the customer 20 can contact the privacy system 12 independently of the merchant interface 16.

At step 1514, the privacy system 12 receives information regarding a pending transaction between the customer 20 and the merchant 22. At this time, the privacy system 12 receives the customer identifier 50, the merchant identifier 51 , and information regarding the item(s) 60 to be purchased. The customer 20 can input the information. Alternately, some of the information can be provided by or obtained from the merchant interface 16.

At step 1516, the privacy system 12 sends an order list to the merchant interface 16. At step 1518, the privacy system 12 receives item weight, price and stock status from the merchant interface 16. At step 1520, the privacy system 12 prepares a customer uniform bill of sale 1200. At step 1522, the privacy system 12 sends the customer uniform bill of sale 1200 to the customer 20 via the customer interface 14. At step 1524, the customer 20 reviews the customer uniform bill of sale 1200 and makes changes, if necessary. At step 1526, the customer 20 initiates a purchase transaction by indicating to the privacy system 12 the desired method of payment for this transaction. At step 1528, the privacy system 12 receives the customer order in the form of the customer uniform bill of sale 1300, and initiates a transaction history file and posts the order.

At step 1530, the privacy system 12 sends information to the fund institution 12C to process the payment of the customer 20. The transaction record sent to the fund institution 12C can include the customer identifier 50, the customer name, the payment type, the merchant identifier 51 , and the amount. At step 1532, the fund institution 12C determines if the customer 20 has sufficient credit available to cover the price of the item(s) 60. If sufficient funds are not available to cover the price of the item(s) 60, then alternate credit card information is requested.

At step 1534, the privacy system 12 reviews the databases to determine if a merchant/customer identifier 52 already exists for the merchant 22. If the merchant/customer identifier 52 exists, the privacy system 12 retrieves the merchant/customer identifier 52 from the merchant data 40. If the merchant/customer identifier 52 does not exist, the privacy system 12 creates a unique merchant/customer identifier 52 as described above. At step 1536, the privacy system 12 generates a merchant bill of sale

1300. At step 1538, the privacy system 12 sends the merchant bill of sale 1300 to the merchant interface 16. Importantly, the privacy funds 100 can be provided in the merchant bill of sale 1300.

At step 1540, the merchant interface 16 processes the merchant bill of sale 1300. At step 1542, the merchant 22 picks a shipper 25 to deliver the item(s) 60. At step 1544, the merchant 22 provides the date of order pick-up and an assigned shipper identifier 55 to the privacy system 12. At step 1546, the privacy system 12 unscrambles the merchant/customer identifier 52 to find the true customer identifier 50 and posts the order fulfillment status in the transaction history database. At step 1548, the merchant packages item(s) 60 and imprints or places machine readable merchant/customer identifier 52 on the anonymous shipping label 960.

At step 1550, the privacy system 12 aggregates shipping from all the transactions into a shipper identifier file. The shipper file has a shipper identifier field, a pick-up date with a time slot field, a Merchant identifier and a merchant location field, and a number of packages tied to the merchant/customer identifier 52. At step 1552, the privacy system 12 sends the shipper file data for each shipper 25 to the shipper interface 18. At step 1554, the shipper interface 18 receives the shipper file and plans pick-up routes to move item(s) 60 to a shipper sorting office. At step 1556, the shipper sorting office scans the shipping label 960 on the package and sends the merchant/customer identifier 52 to the privacy system 12. At step 1558, the privacy system 12 unscrambles the merchant/customer identifier 52 to identify the customer identifier 50. At step 1560, the privacy system 12 sends shipping instructions of the customer 20 to the shipper interface 18. The shipper interface 18 prints address labels and affixes them to the package or delivers without affixing the shipping labels 1040 to the packages, preferring it to maintain as a data file. At step 1562, the shipper interface 18 preferably creates and sends to the privacy system 12 a delivery notification record when the shipper 25 is ready to deliver the items 60. The delivery notification record includes the merchant/customer identifier 52, the list of item(s), and the delivery date.

At step 1564, the privacy system 12 creates and sends a customer status record and a shipper sent record. The customer status record includes the merchant identifier, the customer identifier, merchant order number, the item identifier, the transaction identification, the amount, the shipper identifier, and the shipping date. The shipper sent record includes the merchant identifier, item identifier, list, shipper identifier, ship date, and parcel tracking number.

At step 1566, the fund institution 12C collects the payment from the customer 20. At step 1568, the fund institution 12C sends a payment of privacy funds 100 with the anonymous identifier (i) to the merchant 22 for the item(s) 60 purchased, (ii) to the shipper 25 for shipping the item(s) 60 and (iii) to the government entity 19 for the taxes on the purchase on the items 60. At step 1570, the fund institution 12C sends a payment to the privacy main system 12A for the use of the privacy system 12.

In summary, the privacy system 12 allows the customer 20 to purchase one or more item(s) 60 from the merchant 22 without disclosing the name, address, and credit card information of the customer 20 to the merchant 22. Further, the pπvacy system 12 allows the item(s) 60 to be shipped to the customer 20 with a shipper 25, without the merchant 22 having access to the shipping information of the customer 20. Basically, the privacy system 12 minimizes the number of people, businesses and institutions that have access to the personal information of the customer 20. This minimizes the opportunity for the personal information of the customer 20 to be improperly disseminated.

While the particular apparatus 10 and method as illustrated herein and disclosed in detail is fully capable of obtaining the objects and providing the advantages herein before stated, it is to be understood that it is merely illustrative of the presently preferred embodiments of the invention and that no limitations are intended to the details of construction or design herein shown other than as described in the appended claims.

Claims

What is claimed is:

1. A method for using a computer to facilitate a transaction between a customer and a merchant, the method comprising the steps of: transferring to a privacy system a purchase request by the customer to purchase an item from the merchant; and providing a privacy payment to the merchant to pay for the item, the privacy payment being in a form that does not identify the customer to the merchant.

2. The method of claim 1 wherein the step of providing a privacy payment includes the step of transferring the privacy payment from a fund institution to the merchant.

3. The method of claim 2 wherein the step of providing a privacy payment includes the step of providing a letter of credit from the fund institution to the merchant.

4. The method of claim 2 including the step of outputting a request by the privacy system for the fund institution to provide the privacy payment to the merchant.

5. The method of claim 1 including the step of providing a purchase request for the item from the privacy system to merchant.

6. The method of claim 1 including the step of outputting shipping information of the customer from the privacy system to a shipper.

7. The method claim 6 including the step of providing a payment for shipping from the fund institution to the shipper.

8. The method of claim 7 including the step of outputting a request by the privacy system for the fund institution to provide the payment to the shipper.

9. The method claim 1 including the step of providing a payment for taxes from a fund institution to an entity.

10. The method of claim 9 including the step of outputting a request by the privacy system for the fund institution to provide the payment to the entity.

11. The method of claim 1 including the step of collecting a payment from the customer.

12. The method of claim 11 wherein the step of collecting a payment occurs before the step of providing a privacy payment.

13. The method of claim 1 including the step of inputting a purchase request by the customer to purchase an item into a customer interface.

14. The method of claim 13 wherein the step of transferring to a privacy system a purchase request includes the step of transferring the purchase request from the customer interface to the privacy system.

15. The method of claim 1 including the step of outputting electronic mail directed to the customer from a merchant interface of the merchant to the privacy system.

16. The method of claim 1 including the step of transferring a customer uniform bill of sale from the privacy system to the customer.

17. The method of claim 1 including the step of transferring a merchant uniform bill of sale from the privacy system to the merchant.

18 The method of claim 1 including the step of providing an anonymous customer identifier for the customer

19 The method of claim 1 including the step of providing a merchant identifier for the merchant

20 The method of claim 1 including the steps of transferring data A relating to the customer into a first database of the privacy system and transferring data B relating to the customer into a second database of the privacy system

21 The method of claim 20 wherein the step of transferring data A includes the step of transferring a customer name of the customer into the first database and the step of transferring data B includes the step of transferring a credit card number of the customer into the second database

22 The method of claim 20 wherein the step of transferring data A includes the step of transferring a customer name of the customer into the first database and the step of transferring data B includes the step of transferring a customer address of the customer into the second database

23 The method of claim 20 wherein the step of transferring data A includes the step of transferring a customer identifier of the customer into the first database and the step of transferring data B includes the step of transferring an electronic mail address of the customer into the second database

24 The method of claim 20 wherein the step of transferring data A includes the step of transferring a customer name of the customer into the first database and the step of transferring data B includes the step of transferring a telephone number of the customer into the second database

25. The method of claim 20 wherein the step of transferring data A includes the step of transferring a customer identifier of the customer into the first database and the step of transferring data B includes the step of transferring customer personal information into the second database.

26. The method of claim 20 including the step of transferring data C relating to the customer into a third database of the privacy system.

27. The method of claim 20 including the steps of accessing data A from the first database, accessing data B from the second database and transferring data A and data B to a third database.

28. An apparatus for facilitating a transaction between a customer and a merchant, the apparatus comprising: a storage device; a program stored in the storage device; and a processor connected to the storage device, the processor being operative with the program to receive a purchase request by the customer to purchase an item from the merchant and instruct a fund institution to pay the merchant for the item.

29. The apparatus of claim 28 wherein the payment is a privacy payment, the privacy payment being in a form that does not identify the customer to the merchant.

30. The apparatus of claim 28 wherein the processor is operative with the program to provide shipping information of the customer directly to a shipper.

31. The apparatus of claim 30 wherein the processor is operative with the program to instruct the fund institution to pay the shipper for shipping the item.

32. The apparatus of claim 28 wherein the processor is operative with the program to instruct the fund institution to provide a payment for taxes from the fund institution to an entity.

33. The apparatus of claim 32 wherein the processor is operative with the program to collect a payment from the customer.

34. The apparatus of claim 28 wherein the processor is operative with the program to receive electronic mail directed to the customer from a merchant interface of the merchant.

35. The apparatus of claim 28 wherein the processor is operative with the program to transfer a customer uniform bill of sale to the customer.

36. The apparatus of claim 28 wherein the processor is operative with the program to generate a merchant uniform bill of sale.

37. The apparatus of claim 36 wherein the processor is operative with the program to transfer the merchant uniform bill of sale to the merchant.

38. The apparatus of claim 28 wherein the processor is operative with the program to provide an anonymous customer identifier for the customer.

39. The apparatus of claim 28 wherein the processor is operative with the program to provide a merchant identifier for the merchant.

40. The apparatus of claim 28 wherein the processor is operative with the program to receive a credit card number of the customer and store the credit card number in a first database.

41. The apparatus of claim 40 wherein the processor is operative with the program to receive a name of the customer and store the name in a second database.

42. The apparatus of claim 41 wherein the processor is operative with the program to receive a shipping address of the customer and store the shipping address in a third data base.

43. The apparatus of claim 28 wherein the processor is operative with the program to transfer data A relating to the customer into a first database of the privacy system and to transfer data B relating to the customer into a second database of the privacy system.

44. The apparatus of claim 43 wherein data A includes a customer name of the customer and data B includes a credit card number of the customer.

45. The apparatus of claim 43 wherein data A includes a customer name of the customer and data B includes a customer address of the customer.

46. The apparatus of claim 43 wherein data A includes a customer identifier of the customer and data B includes an electronic mail address of the customer.

47. The apparatus of claim 43 wherein data A includes a customer name of the customer and data B includes a telephone number of the customer.

48. The apparatus of claim 43 wherein data A includes a customer identifier of the customer and data B includes customer personal information of the customer.

49. The apparatus of claim 43 wherein the processor is operative with the program to transfer data C relating to the customer into a third database of the privacy system.

50. The apparatus of claim 43 wherein the processor is operative with the program to access data A from the first database, access data B from the second database and transfer data A and data B to a third database.

51. A method for using a computer to facilitate a transaction between a customer and a merchant, the method comprising the steps of: transferring to a privacy system a purchase request by the customer to purchase an item from the merchant; and outputting shipping information of the customer from the privacy system to a shipper without providing the shipping information to the merchant.

52. The method of claim 51 including the step of providing a privacy payment to the merchant to pay for the item, the privacy payment being in a form that does not identify the customer to the merchant.

53. The method of claim 52 wherein the step of providing a privacy payment includes the step of transferring the privacy payment from a fund institution to the merchant.

54. The method of claim 53 wherein the step of providing a privacy payment includes the step of providing a letter of credit from the fund institution to the merchant.

55. The method of claim 53 including the step of outputting a request by the privacy system for the fund institution to provide the privacy payment to the merchant.

56. The method of claim 52 including the step of providing a purchase request for the item from the privacy system to merchant.

57. The method claim 51 including the step of providing a payment for shipping from a fund institution to the shipper.

58. The method of claim 57 including the step of outputting a request by the privacy system for the fund institution to provide the payment to the shipper.

59. The method claim 51 including the step of providing a payment for taxes from a fund institution to an entity.

60. The method of claim 59 including the step of outputting a request by the privacy system for the fund institution to provide the payment to the entity.

61. The method of claim 51 including the step of collecting a payment from the customer.

62. The method of claim 61 wherein the step of collecting a payment occurs before the step of outputting shipping information.

63. The method of claim 51 including the step of inputting a purchase request by the customer to purchase an item into a customer interface.

64. The method of claim 63 wherein the step of transferring to a privacy system a purchase request includes the step of transferring the purchase request from the customer interface to the privacy system.

65. The method of claim 51 including the step of outputting electronic mail directed to the customer from a merchant interface of the merchant to the privacy system.

66. An apparatus for facilitating a transaction between a customer and a merchant, the apparatus comprising: a storage device; a program stored in the storage device; and a processor connected to the storage device, the processor being operative with the program to provide shipping information of the customer directly to a shipper.

67. The apparatus of claim 66 wherein the processor is operative with the processor to receive a purchase request by the customer to purchase an item from the merchant and instruct a fund institution to pay the merchant for the item.

68. The apparatus of claim 67 wherein the payment is a privacy payment, the privacy payment being in a form that does not identify the customer to the merchant.

69. The apparatus of claim 66 wherein the processor is operative with the program to instruct a fund institution to pay the shipper for shipping the item.

70. The apparatus of claim 66 wherein the processor is operative with the program to instruct a fund institution to provide a payment for taxes from the fund institution to an entity.

71. The apparatus of claim 66 wherein the processor is operative with the program to collect a payment from the customer.

72. The apparatus of claim 66 wherein the processor is operative with the program to receive electronic mail directed to the customer from a merchant interface of the merchant.