AU2004100516A4 - Purchasing goods or services on the Internet - Google Patents
Purchasing goods or services on the Internet Download PDFInfo
- Publication number
- AU2004100516A4 AU2004100516A4 AU2004100516A AU2004100516A AU2004100516A4 AU 2004100516 A4 AU2004100516 A4 AU 2004100516A4 AU 2004100516 A AU2004100516 A AU 2004100516A AU 2004100516 A AU2004100516 A AU 2004100516A AU 2004100516 A4 AU2004100516 A4 AU 2004100516A4
- Authority
- AU
- Australia
- Prior art keywords
- mobile phone
- account
- customer
- phone number
- internet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Description
AUSTRALIA
Patents Act 1990 B33HIVE PTY LIMITED INNOVATION PATENT SPECIFICATION Invention Title: Purchasing goods or services on the Internet The invention is described in the following statement: Title PURCHASING GOODS OR SERVICES ON THE INTERNET Technical Field The invention concerns processing payments for purchases of goods or services offered for sale on the Internet. In particular, the invention concerns a payment system, a method of processing payments and a method of debiting an account for Internet purchases.
Background Art With the proliferation of access to the Internet a new commercial forum is emerging. The commodities may be real goods and services delivered in due course, or virtual, delivered immediately over the Internet.
Traditional payment systems associate a unique physical component, such as a debit card, with an account held at a financial institution. To make a transaction, the customer must have the card and provide the password or PIN (Personal Identification Number). The possession of the unique object helps to verify the identity of the customer. The object alone cannot authorise a transaction, it must be used in conjunction with a password or PIN.
The difficulty with transferring this methodology to the Internet is establishing that the customer is in possession of the unique object. With online credit card transactions, the possession of simply the credit card number is taken as authority to debit the account.
As a more secure alternative, financial institutions provide online transfer facilities, however before the merchant can proceed with the sale they must first establish that the funds have been cleared to their account. This may take days.
Additionally, the customer has to manually provide the merchant's account details to their financial institution in order to perform the transaction.
Summary of the Invention In a first aspect the invention is a method for processing a payment for a purchase of a good or service offered for sale on the Internet, the method comprising the steps of: storing authorization data in a datastore, where the authorisation data can authorise debits to be made to an account held with a financial institution and comprises a mobile phone number and a password; receiving via the Internet authorisation data from a customer intending to make a purchase of a good or service offered for sale on the Internet; checking that the received authorisation data is the same as the stored authorisation data; if the authorisation data is the same, sending to the customer a confirmation code and receiving from the customer the confirmation code, wherein the confirmation code is either sent to or received from the mobile phone number; checking that the sent confirmation code is the same as the received confirmation code; and if the confirmation codes are the same, effecting the debit of the account.
Effecting the debit may comprise sending to the financial institution the mobile phone number, or an identifier associated with the mobile phone number, and the amount to be debited. The mobile phone number represents a identifier for the account held with a financial institution and any equivalent identifier can be substituted for this purpose. The account to be debited is then identified by the financial institution based on the associated mobile phone number.
The authorisation data may be entered into the datastore from information provided by the financial institution.
The method may further comprise the step of receiving from the merchant an indication that a customer wishes to purchase a good or service they offer for sale on the Internet. The method may further comprise sending to the merchant confirmation that the account has been debited successfully.
The confirmation code may be a randomly generated number. The confirmation code may be either sent to or received from the mobile phone number using the SMS (Short Message Service) protocol or any another secure wireless data transmission protocol.
The method may be performed by the financial institution or by a separate entity.
In a second aspect the invention is a payment system for a purchase of a good or service offered for sale on the Internet, comprising: a datastore to store authorisation data of an account held with a financial institution, where the authorisation data can authorise debits to be made to the account and comprises a mobile phone number and a password; a computer to receive authorisation data from a customer that intends to purchase a good or service offered for sale on the Internet, and to check that the received authorisation data is the same as the stored authorisation data; and if so, the computer operates to send a confirmation code to the customer and to receive the confirmation code from the customer, wherein the confirmation code is either sent to or received from the mobile phone number; and to check that the received confirmation code is the same as the sent confirmation code; and if so, the computer operates to effect the debit of the account.
In a third aspect the invention is a method of debiting an account held with a financial institution as payment for a purchase of a good or service offered for sale on the Internet, the method comprising the steps of: storing a mobile phone number, or an identifier associated with the mobile phone number, in a datastore and associating it with the account; receiving from a payment gateway the mobile phone number or identifier that is associated with the account and the amount the account is authorised to be debited; debiting the account associated with the received mobile phone number or identifier; and if the debit is successful, sending an indication to the payment gateway that the debit of the account associated with the mobile phone number or identifier has been successful.
The payment gateway may be operated by the merchant, the financial institution or may be a separate entity.
The invention incorporates the concept of associating a unique physical object (the mobile phone) with a financial institution account in order to increase the security when using such an account to purchase goods or services on the Internet. To establish identity, the invention tests that the customer is in possession of the mobile phone and requires the customer supply a predetermined password. The mobile phone is connected to a secure, digital wireless telecommunications network capable of securely conveying text messages. The customer's mobile phone is uniquely identified across the network by its mobile phone number. The use of the mobile phone allows the identity of the customer to be verified while the customer is within the coverage of the secure wireless network and has access to the Internet.
Further, as neither the gateway or merchant receives the customer's account details, the customer is able to keep these private when shopping on the Internet, unlike credit card numbers or direct debit authorization details.
In one example of the invention, it can provide immediate transaction processing, with immediate funds clearance and confirmation.
In a further example anyone with a financial institution account and access to a secure wireless network with text messaging capabilities, such as a GSM network can access this payment system. Accessibility is not limited, like credit cards, to over 18 year olds with adequate income and credit profiles, as the account can be a cheque or savings account. Furthermore, access to GSM networks is far easier that acquiring a credit card in that a customer can purchase a prepaid account.
Brief Description of the Drawings An example of the invention will now be described with reference to the accompanying drawings, in which: Fig. 1 is schematic diagram representing the relationships between the payment gateway and its users; Fig. 2 is a flowchart illustrating the typical customer's experience in using the payment gateway; Fig. 3 is a screen shot of the Purchase Authorisation Page; Fig. 4 is a screen shot of the Purchase Confirmation Page; Fig. 5 is a screen shot of the Purchase Result Page; Fig. 6 is a sequence diagram of a customer's experience in using the payment gateway; Fig. 7 is a screen shot of the Registration Page; Fig. 8 is a screen shot of the Registration Confirmation Page; Fig. 9 is a screen shot of the Registration Results Page; and Fig. 10 is a sequence diagram of the registration process.
Best Modes of the Invention Fig. 1 represents the relationships between merchants 12, customers 14 and financial institutions 16 that each interact with the payment gateway 18 of the invention to enable goods or services to be purchased on the Internet. Customers 14 purchase goods or services that are offered for sale on the Internet by merchants 12 and are paid for by debiting an account held with the financial institution 16.
The gateway 18 is a computer system having Internet and SMS communication ports, and a datastore such as a database. There may be many financial institutions 16 having computer systems, each system having datastores and connected to the Internet.
Further, there may be many merchants 12 each with their own computer system which are also connected to the Internet. The merchant 12 provides a catalogue of their goods or services in an interactive document accessible via the Internet, otherwise known as the merchant's website. Interacting with these webpages are many customers 14. The customers 14 interact with both the merchants 12 and the gateway 18 using computer systems connected to the Internet.
A flowchart of the typical method of using the payment gateway 18 to make a purchase on the Internet is shown on Fig. 2. To make a purchase at a merchant's website, a customer 14 selects 20 the goods or service of their choice. The customer 14 then elects to pay using the gateway 18 and communicates this to the merchant 12 using the Internet. Upon receiving this instruction, the merchant 12 again uses the Internet to supply 22 the details of the transaction to the gateway 18 and establishes a secure Internet communication channel between the customer 14 and the gateway 18.
Using this channel, the customer 14 is prompted to and enters 24 their authorisation data that can authorise a debit to be made to an account held with a financial institution 16. The authorisation data is a mobile phone number and a password. If the supplied password matches the password stored with the mobile phone number in the gateway's database, the gateway 18 sends 26 a text message, over the secure wireless network, to the supplied mobile phone number. The text message contains a unique random confirmation code generated by the gateway 18. The customer 14 receives this text message and enters the confirmation code to be sent 28 back to the gateway 18 via the secure Internet communication channel. The gateway 18 can then confirm the customer's possession of the phone by matching the returned confirmation code to the confirmation code that was sent to the mobile phone number.
Assuming that the codes match, the gateway 18 submits 30 the transaction to the customer's financial institution 16 for processing. The gateway 18 sends to the financial institution 16 the mobile phone number and the amount. Instead of the mobile phone number the gateway 18 may submit an alternate number that is associated with that mobile phone number. The financial institution 16 debits the account that is associated with the mobile phone number supplied. The association between the account and the mobile phone number is set up during a registration process (described below). The financial institution then informs the gateway 18 that the debit has been performed successfully. The gateway 18 also informs 38 the merchant 12 that the debit has been successful. The merchant then delivers 40 the good or service to the customer. The proceeds are credited according to the settlement procedure below.
Before a customer 14 can use the gateway 18 to facilitate purchases, they must first undertake a registration process 36. In the registration process the customer 14 associates their mobile phone number with their account. The financial institution 16 may opt to associate a number that is associated with the mobile phone number rather than the mobile phone number itself. This is done within the security context of their financial institution 16. Additionally the customer 14 also nominates a password. The customer's financial institution 16 provides a secure interface where the customer 12 can nominate their mobile phone number and password to be associated with an account. The understanding between the financial institution 16 and the customer 14 being that possession of the mobile phone and provision of the password is adequate authority to debit the account and that the gateway 18 is authorized to execute the transaction. The status of the gateway 18 is as a trusted partner of the customer's financial institution 16. This means that the financial institution 16 uses the gateway 18 to verify the customer's authority.
The financial institution 16 then uses the gateway 18 to confirm that the customer 14 is in possession of the nominated mobile phone. The financial institution 16 also instigates a secure Internet communication channel between the customer 14 and the gateway 18. The gateway 18 generates a unique registration code and sends it to the mobile phone as a text message over the secure wireless network. The customer 14 then returns this registration code to the gateway by typing it into the secure Internet communication channel. The gateway 18 compares the received registration code to the confirmation code sent and if they match, confirms with the institution that the phone is in the possession of the customer 14. The secure Internet communication channel between the customer 14 and the gateway 18 is then closed. The financial institution 16 then informs the customer 14 that their registration has been successful and that they can now use the gateway 18 for making Internet payments with participating merchants 12. The financial institution 16 also provides the gateway 18 with all registered mobile phone numbers and passwords, but not the account information.
Before a merchant 12 can use the invention, they must register certain details with the gateway 18. The merchant 12 supplies to the gateway 18 their financial institution account to which the proceeds of sales are deposited. The merchant 12 is assigned a unique identifier by the gateway 18 so that proceeds of transactions are attributed to the merchant 12 by the gateway 18.
For a customer 14 to be able to use this invention, they must hold an account with a participating financial institution 16. To participate, the financial institution 16 must provide a secure context where a customer 14 can nominate a mobile phone number and password that is then associated with the customer's account (or an alternate number associated with the mobile phone number). The financial institution 16 must also have in place infrastructure to perform the interactions with the gateway 18 as described above. Additionally the gateway 18 may specify a financial institute account to which commissions payable to the gateway 18 operator are paid. The gateway 18 may have an account with each financial institution or may keep a single account into which all the customer's financial institutions pay the commission.
As the operator of the gateway 18 may be a separate business entity from both the merchants 12 and the financial institutions 16, the invention extends to the operator's business model. The gateway can operate in several different ways.
The first way in which this can be done is by taking a commission out of the transaction amount. The transaction amount is debited from the customer's account and credited to the gateway's account. Settlement between the gateway 18 and the merchants 16 then occurs on an aggregated basis at regular intervals, any commission being calculated and deducted at this point. The settlement transaction is conducted by the gateway 18 with the financial institutions 16 using a standard automated transaction procedure.
Alternatively, the gateway 18 could pass on the merchant's bank details to the financial institution 16 for the transfer to occur directly from the customer's account into the merchant's account. The gateway 18 could take a commission out of the transaction which again would be transferred into the gateway's account on an aggregated basis from each merchant 12.
Alternatively, the text message containing the confirmation code that is sent to the customer 12 by the gateway 18 can be charged at a premium rate through the telecommunications company providing the wireless network. The gateway 18 operator then recovers the proceeds of the revenue collected from the telecommunications company. The operator transfers the full amount of the transaction from the customer's account to the merchant's account. With this method the customer 14 is informed of the size of the surcharge prior to them authorizing the transaction.
The following is a detailed example of the invention. In this example, the secure wireless mobile phone communications network is made up of several GSM networks, provided by independent telecommunications companies. The customer's mobile phone number is unique across all GSM networks.
At the merchant's website, the customer is offered the option to pay using the gateway. When the customer makes this election, the merchant passes the following information to the gateway using a secure communication request, such as an https post request: Merchant ID A unique identifier for the merchant Transaction The value of the transaction Amount Product Code A reference for the product being purchased Transaction ID A unique random reference for the transaction, generated by the merchant.
The merchant then redirects the customer's browser to the gateway's Purchase Authorization Page shown in Fig. 3. This page is served by the gateway using an https post.
The customer provides their mobile phone number and password and clicks 'Authorize Payment'. The following information is then sent to the gateway using an https post: MSISN Customer's mobile phone number Password Customer's password or PIN The gateway verifies the password. If the password does not match that stored in the gateway's database as being registered with that mobile phone number, then the customer's browser is redirected back to the Purchase Authorization Page with the additional message that the mobile phone number and the password did not match. If the password does match then the gateway generates a unique confirmation code and sends this confirmation code to the mobile phone using the GSM network to which the mobile phone is registered, using the GSM network's Short Message Service (SMS).
The gateway then redirects the customer's browser to the Purchase Confirmation Page as shown in Fig. 4 in response to the https post. This page is also served by the gateway.
On receipt of the confirmation code by SMS, the customer types the confirmation code into the field provided in the interface and clicks The confirmation code is then returned to the gateway using an https post: Code The confirmation code The gateway verifies that the confirmation code matches the confirmation code sent out. If the confirmation codes do not match then the gateway redirects the customer's browser back to the Confirmation Page with the additional message that the code the customer provided did not match that sent to the mobile phone.
If the code is correct then the gateway sends the following information to the customer's financial institution: Transaction The amount to be debit from the customer Amount MSISDN The customer's mobile phone number The customer's financial institution retrieves the customer's account number associated with the mobile number from its database. The transaction amount is then debited from the customer's account and the gateway holding account is credited.
The financial institution response to the gateway's https request indicates the success of this transaction: Result Whether or not the transaction was made Reason If the transaction failed, the reason why Insufficient funds Error Etc.
The gateway then assimilates this result into its response to the customer's https post request from the Confirmation Page, redirecting the customer to the Purchase Result Page as shown in Fig. 5 which is served by the gateway.
The message displayed by the Purchase Result Page depends on the result of the transaction. If the transaction failed then the reason is also supplied.
When the customer clicks on the 'ok' button, the customer's browser is redirected back to the merchant's website using an https post request. The following information is passed to the merchant with this https post: Transaction ID The unique identifier for the transaction, encrypted Result Encrypted If the merchant is able to decrypt the information, the merchant matches the Transaction ID to the transaction and depending on the result, delivers the appropriate good or service to the customer. In the case where the merchant is providing Internet content, such as a ring tone or newspaper article, the response is the content.
A sequence diagram for a customer's purchase is shown in Fig. 6.
The following is a detailed description of an example of the registration processes of the invention. The customer uses the Internet to register to use the gateway for Internet payments. When a customer elects to register to use the gateway, they are presented with a list of participating financial institutions. The customer selects an institution from the list with whom they hold a financial account. The customer is then redirected to the financial institution's Internet banking website. This website is part of the institution's secure Internet environment within which the customer performs their usual financial transactions. The financial institution will seek to identify the customer's account by asking the customer to enter their usual login name and password. The form of this environment is financial institute dependant.
Once the customer's account has been identified, the customer is presented with an interface where they provide the necessary information to register to use the gateway for Internet payments, such as the Registration Page shown in Fig. 7. This page is served by the Financial Institution. When the customer clicks the 'ok' button the Registration Confirmation Page is presented, shown in Fig. 8. This page is served by the Financial Institution.
The financial institution generates a unique random registration confirmation code and sends this, with the mobile phone number to the gateway via a secure request, such as an https request: MSISDN The mobile phone number nominated by the customer Code The unique registration confirmation code generated by the institution PIN The password supplied by the customer The gateway sends the registration confirmation code to the mobile phone number by SMS in the following message: Internet payment gateway Registration Your registration confirmation code is 32387429 When the customer clicks the 'ok' button of the Registration Confirmation Page, the financial institute compares the entered code with that generated. If the codes match the customer is taken to the Registration Result Page as shown in Fig. 8. This page is served by the Financial Institution. Otherwise the customer is taken back to the Registration Confirmation Page with a message explaining that the codes did not match and to try again.
A sequence diagram for the registration process is shown in Fig. When a transaction is successfully processed, the proceeds are credited to a holding account held by the operator of the gateway. On periodic basis, each merchant's transactions are tallied, a commission deducted, depending on the choice of implementations and the remainder deposited into the merchant's prearranged financial institution account.
It will be appreciated by persons skilled in the art that numerous variations and/or modifications may be made to the invention as shown in the specific embodiments without departing from the spirit or scope of the invention as broadly described. For example, the payment gateway may be part of either the merchant's or the financial institution's computer system.
The registration process, including sending the SMS containing the registration confirmation code may be performed by the financial institution.
The confirmation code or the registration confirmation code may be sent to the customer via the Internet, and sent back by the customer via SMS originating from the mobile phone number associated with an account.
The bank may store an identifier associated with the mobile phone number with the bank account rather than the mobile phone number. In that case the gateway may send to the financial institution the associated identifier rather than the actual mobile number. Multiple mobile phones may share the same associated identifier to enable many mobile phones to debit one bank account. An associated identifier is unique to one bank account.
The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive.
Claims (4)
1. A method for processing a payment for a purchase of a good or service offered for sale on the Internet, the method comprising the steps of: storing authorisation data in a datastore, where the authorisation data can authorise debits to be made to an account held with a financial institution and comprises a mobile phone number and a password; receiving via the Internet authorisation data from a customer intending to make a purchase of a good or service offered for sale on the Internet; checking that the received authorisation data is the same as the stored authorisation data; if the authorisation data is the same, sending to the customer a confirmation code and receiving from the customer the confirmation code, wherein the confirmation code is either sent to or received from the mobile phone number; checking that the sent confirmation code is the same as the received confirmation code; and if the confirmation codes are the same, effecting the debit of the account.
2. A method for processing a payment for a purchase of a good or service offered for sale on the Internet according to claim 1, wherein effecting the debit of the account comprises sending to the financial institution the mobile phone number, or an identifier associated with the mobile phone number, and the amount to be debited.
3. A payment system for a purchase of a good or service offered for sale on the Internet, comprising: a datastore to store authorisation data of an account held with a financial institution, where the authorisation data can authorise debits to be made to the account and comprises a mobile phone number and a password; a computer to receive authorisation data from a customer that intends to purchase a good or service offered for sale on the Internet, and to check that the received authorisation data is the same as the stored authorisation data; and if so, the computer operates to send a confirmation code to the customer and to receive the confirmation code from the customer, wherein the confirmation code is either sent to or received from the mobile phone number; and to check that the received confirmation code is the same as the sent confirmation code; and if so, the computer operates to effect the debit of the account.
4. A payment system for a purchase of a good or service offered for sale on the Internet according to claim 3, wherein the computer operates to effect the debit of the account by sending to the financial institution the mobile phone number, or an identifier associated with the mobile phone number, and the amount to be debited. A method of debiting an account held with a financial institution as payment for a purchase of a good or service offered for sale on the Internet, the method comprising the steps of: storing a mobile phone number, or an identifier associated with the mobile phone number, in a datastore and associating it with the account; receiving from a payment gateway the mobile phone number or identifier that is associated with the account and the amount the account is authorised to be debited; debiting the account associated with the received mobile phone number or identifier; and if the debit is successful, sending an indication to the payment gateway that the debit of the account associated with the mobile phone number or identifier has been successful. Dated this twenty ninth day of June 2004 B33HIVE PTY LIMITED Patent Attorneys for the Applicant: F B RICE CO
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AU2004100516A AU2004100516A4 (en) | 2004-06-29 | 2004-06-29 | Purchasing goods or services on the Internet |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AU2004100516A AU2004100516A4 (en) | 2004-06-29 | 2004-06-29 | Purchasing goods or services on the Internet |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| AU2004100516A4 true AU2004100516A4 (en) | 2004-08-19 |
Family
ID=34318392
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| AU2004100516A Ceased AU2004100516A4 (en) | 2004-06-29 | 2004-06-29 | Purchasing goods or services on the Internet |
Country Status (1)
| Country | Link |
|---|---|
| AU (1) | AU2004100516A4 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006122364A1 (en) * | 2005-05-18 | 2006-11-23 | Mobileglobal Pty Ltd | Transaction device, system and method |
-
2004
- 2004-06-29 AU AU2004100516A patent/AU2004100516A4/en not_active Ceased
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006122364A1 (en) * | 2005-05-18 | 2006-11-23 | Mobileglobal Pty Ltd | Transaction device, system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9256868B2 (en) | Switching functions for mobile payments system | |
| KR101413773B1 (en) | Fraud-free payment for internet purchase | |
| AU2006100814B4 (en) | Transaction System | |
| US7280981B2 (en) | Method and system for facilitating payment transactions using access devices | |
| JP5667228B2 (en) | Transaction conversion system | |
| US7835960B2 (en) | System for facilitating a transaction | |
| US7757945B2 (en) | Method for electronic payment | |
| US8606640B2 (en) | System and method for paying a merchant by a registered user using a cellular telephone account | |
| US6088683A (en) | Secure purchase transaction method using telephone number | |
| US8200260B2 (en) | Systems and methods for processing purchase transactions between mobile phones | |
| US20050177437A1 (en) | E-commerce system | |
| US20050154649A1 (en) | System and method for telephone-based authenticated authorization of transactions | |
| SK11652000A3 (en) | System and process for remote payments and transactions in real time by mobile telephone | |
| WO2012012545A1 (en) | System and methods for transferring money | |
| WO2001035570A1 (en) | Payment method and system for online commerce | |
| KR20010090032A (en) | Online direct settlement systems and the methods thereof | |
| AU2004100516A4 (en) | Purchasing goods or services on the Internet | |
| KR20060124375A (en) | Transaction system and method of authenticating users using thereof | |
| NZ505512A (en) | Ordering and delivery of goods using web (internet) |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| FGI | Letters patent sealed or granted (innovation patent) | ||
| MK22 | Patent ceased section 143a(d), or expired - non payment of renewal fee or expiry |