AU2015201432B2 - Method of performing transactions with contactless payment devices using pre-tap and two-tap operations - Google Patents

Method of performing transactions with contactless payment devices using pre-tap and two-tap operations Download PDF

Info

Publication number
AU2015201432B2
AU2015201432B2 AU2015201432A AU2015201432A AU2015201432B2 AU 2015201432 B2 AU2015201432 B2 AU 2015201432B2 AU 2015201432 A AU2015201432 A AU 2015201432A AU 2015201432 A AU2015201432 A AU 2015201432A AU 2015201432 B2 AU2015201432 B2 AU 2015201432B2
Authority
AU
Australia
Prior art keywords
payment
payment device
transaction
data
issuer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
AU2015201432A
Other versions
AU2015201432A1 (en
Inventor
Christian Aabye
Hao Ngo
David Wilson
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Visa International Service Association
Original Assignee
Visa International Service Association
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU2009292926A external-priority patent/AU2009292926B2/en
Application filed by Visa International Service Association filed Critical Visa International Service Association
Priority to AU2015201432A priority Critical patent/AU2015201432B2/en
Publication of AU2015201432A1 publication Critical patent/AU2015201432A1/en
Application granted granted Critical
Publication of AU2015201432B2 publication Critical patent/AU2015201432B2/en
Priority to AU2017219057A priority patent/AU2017219057B2/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

A system, apparatus, and method (400) for processing payment transactions that are conducted using a mobile payment device (102) that includes a contactless element, such as an integrated circuit chip. The invention enables one or more of the operations of activation of a payment application (404), transfer of transaction data, updating of account records, setting or re-setting of a payment application counter or register, or transfer or processing of a script, command, or instruction, with these functions being performed with minimal impact on a consumer. This is accomplished by introducing a pre-tap and/or two tap operation prior to, or as part of, the transaction flow. 990792D1/9821766

Description

2015201432 18 Mar 2015
Method of Performing Transactions With Contactless Payment Devices Using Pre-Tap and Two-Tap Operations
CROSS REFERENCE TO RELATED APPLICATIONS
[0001] This application claims priority from United States Provisional Patent Application No. 61/099060, entitled “Contactless Phone With Secret Data", filed September 22, 2008, the contents of which is hereby incorporated in its entirety by reference for all purposes.
BACKGROUND
[0002] Embodiments of the present invention are directed to systems, apparatuses and methods for performing payment transactions, and more specifically, to a system and associated apparatus and method for performing payment transactions using a payment device that includes a contactless element (such as an integrated circuit chip embedded in a wireless mobile device) by interacting with a device reader or point of sale terminal using a pre-tap or two-tap process, either individually or in combination. Embodiments of the invention may be used to conduct payment transactions, perform Issuer updates of data stored in a payment device, or enable the configuration of payment device functions or operations, among other possible uses, [0003] Consumer payment devices are used by millions of people worldwide to facilitate various types of commercial transactions. In a typical transaction involving the purchase of a product or service at a merchant location, the payment device is presented at a point of sale terminal (“POS terminal”) located at a merchant’s place of business. The POS terminal may be a card reader or similar device that is capable of accessing data stored on the payment device, where this data may include identification or authentication data, for example. Data read from the payment device is provided to the merchant’s transaction processing system and then to the Acquirer, which is typically a bank or other institution that manages the merchant’s account. The data provided to the Acquirer may then be provided to a 1 payment processing network that is in communication with data processors that process the transaction data to determine if the transaction should be authorized by the network, and assist in the clearance and account settlement functions for completed transactions. The authorization decision and clearance and settlement portions of the transaction may also involve communication and/or data transfer between the payment processing network and the bank or institution that issued the payment device to the consumer (known as the Issuer). 2015201432 18 Mar 2015 [0004] Although a consumer payment device may be a credit card or debit card, it may also take the form of a “smart” card or chip. A smart card is generally defined as a pocket-sized card (or other form of portable payment device) that is embedded with a microprocessor and one or more memory chips, or is embedded with one or more memory chips with non-programmable logic. The microprocessor type card typically can implement certain data processing functions, such as to add, delete, or otherwise manipulate information stored in a memory location on the card. In contrast, the memory chip type card (for example, a prepaid phone card) can typically only act as a file to hold data that is manipulated by a card reading device to perform a pre-defined operation, such as debiting a charge from a pre-established balance stored in the memory. Smart cards, unlike magnetic stripe cards (such as standard credit cards), can implement a variety of functions and contain a variety of types of information on the card. Therefore, in some applications they may not require access to a remote database for the purpose of authenticating a consumer or creating a record at the time of a transaction. A smart chip is a semiconductor device that is capable of performing most, if not all, of the functions of a smart card, but may be embedded in another device.
[0005] Smart cards or chips come in two general varieties; the contact type and the contactless type. A contact type smart card or chip is one that includes a physical element (e.g., a magnetic stripe, contact pad, etc.) that enables access to the data and functional capabilities of the card, typically via some form of terminal or card reader. In contrast, a contactless smart card or chip is a device that incorporates a means of communicating with a card reader or point of sale terminal without the need for direct physical contact. Thus, such devices may effectively be "swiped" (i.e., enabled to be read by, or otherwise exchange data with another device) by passing them close to a card reader or terminal. Contactless cards or chips typically 2 communicate with a device reader or terminal using RF (radio-frequency) technology, wherein proximity to the reader or terminal enables data transfer between the card or chip and the reader or terminal. Contactless cards have found uses in banking and other applications, where they have the advantage of not requiring removal from a user’s wallet or pocket in order to participate in a transaction. A contactless card or chip may be embedded in, or otherwise incorporated into, a mobile device such as a mobile phone or personal digital assistant (PDA). Further, because of the growing interest in such cards, standards have been developed that govern the operation and interfaces for contactless smart cards, such as the ISO 14443 standard. 2015201432 18 Mar 2015 [0006] In a typical payment transaction, data is sent from a point of sale terminal to the Issuer to authenticate a consumer and obtain authorization for the transaction.
As part of the authentication or authorization processes, the data may be accessed or processed by other elements of the transaction processing system (e.g., the merchant’s Acquirer or a payment processor that is part of a payment processing network). Note that in some cases, authorization for the transaction may be obtained without connecting to the Issuer; this may be permitted by Issuer configured risk management parameters that have been set on the consumer's payment application or payment device. If the proposed transaction is authorized, then the consumer may provide other information to the merchant as part of completing the transaction. The Issuer or data processor may also send data back to the consumer. Such data may include an update to records of the transactions for which the payment device has been used, or to a current balance of an account associated with the device.
[0007] An Issuer or payment processor may also desire to configure (or re-configure) a function, operation, or setting of a payment application that is installed on a payment device, such as a mobile device that includes a contactless element. Such an action may include resetting a counter to enable or disable a function, configuring a function or capability of the payment application or payment device, or initiating the execution of a script or application that operates on the payment application, payment device, or transaction data, for example.
[0008] An issue for any payment transaction system or process is ease of use by a consumer, as this leads to increased adoption by the consumer and usage of the 3 system, thereby generating more revenue for Merchants and the entities involved in authorizing and processing payment transactions. A consumer typically desires that a transaction be executed with a minimum amount of delay and with minimal burden being placed on the consumer. In addition, if required for a transaction, a consumer desires to be able to locate and activate a payment application on a payment device with relatively little effort in order to initiate the transaction. The concern for minimizing the burden on a consumer is at least partly the result of recognizing that a consumer typically does not want to be inconvenienced by difficulties in attempting to activate a payment application or by having to wait additional time while the transaction processing system carries out data processing or other functions. Thus, in order to satisfy the desires and expectations of consumers, most payment transaction processing systems are designed to require minimal interaction on the part of consumers. 2015201432 18 Mar 2015 [0009] For example, in the case of a transaction that uses a contactless element, a device reader or point of sale terminal is typically expected to be in communication with the contactless element for only a short period of time; for example, enough time for it to be recognized by the reader and to provide data needed to initiate or conduct a portion of the transaction. However, this means that the consumer payment device and device reader or point of sale terminal may not be in communication long enough for an Issuer or payment processor to process the transaction data and provide the processed data to the device reader for transfer to the consumer device. It may also mean that the payment device and device reader or terminal are not in communication when the Issuer or payment processor desires to perform an update to cause a command or function to be executed on the payment device, such as for resetting a counter, configuring a function of the payment application or payment device, etc.
[0010] Another issue for a payment transaction system or process in which data or a configuration command or instruction is provided by an Issuer or payment processor involves ensuring that the received data, command, or instruction is from an authorized party, and that the payment device properly associates the received information with the transaction or application to which the information applies. 4 5 2015201432 04 Apr 2017 [0011] Has been left intentionally blank.
BRIEF SUMMARY
[0012] The present disclosure provides a system, apparatus, and method for using a contactless element (such as a contactless smart chip) as part of a payment transaction. Specifically, disclosures are directed to facilitating the transfer of transaction data or transaction records to a memory that is part of the payment device. The disclosures may also be used to provide a command or instruction (sometimes referred to as a "script") to the device reader for execution by the reader, or to the payment device for execution by a payment application installed on the device. Such a command or instruction may be used to re-set or configure a function of the payment application or of the payment device. The disclosed system, apparatus and method may be implemented using a contactless smart chip and a wireless data transfer element (e.g., an element having a near field communications (NFC) capability or similar short range communications technology, etc.) embedded within a mobile wireless device. The mobile device may be a mobile phone, PDA, MP3 player or the like.
[0013] To ensure that any data, commands, or instructions received by the payment device are from an authenticated source and that the received information can be associated with the proper transaction data stored in the payment device, the disclosure may include use of a cryptogram or other form of security control or identification data. For example, in order to ensure that data provided during an Issuer update process is from an authentic Issuer and that the received data is properly associated with the correct transaction, the payment device may generate a cryptogram and provide that cryptogram to an Issuer as part of a transaction. The Issuer may generate a second cryptogram (either based on the initial cryptogram from the payment device, or by an independent process) and provide the second cryptogram to the payment device as part of any data, command, or instruction sent to the payment device as part of an Issuer update process. The payment device can then use the cryptogram received from the Issuer (along with the intial cryptogram sent to the Issuer, if necessary) to confirm the authenticity of the Issuer and to properly associate the received data with the transaction record to which it applies, where the record is stored in the payment device. The cryptogram(s) may be generated by any suitable method and may be stored in a memory in the payment device and if desired, erased after completion of a transaction. 12786535/990792D1 6 2015201432 04 Apr 2017 [0014] The disclosure permits an Issuer or payment processor to provide transaction data and/or transaction records to a payment device that includes a contactless element in a manner than minimizes the impact on a consumer. This is accomplished by introducing a two-tap operation, or a combination of a pre-tap and two-tap operation into the transaction process. The pre-tap or two-tap operation may include a consumer presenting a payment device to a device reader or point of sale terminal one or more times to activate a payment application, or to permit the transfer of data or a command to the payment device either prior to, during, or after a transaction. Some or all of the presentation(s) of the payment device that are part of implementing a pre-tap or two-tap operation may be in addition to, or include, a presentation that is typically used to initiate or perform a payment transaction (where the presentation may function to transfer identification or other authentication data to the device to the device reader or terminal).
[0015] In one arrangement the disclosure is directed to a method of conducting a payment transaction, where the method includes detecting the presence of a payment device using a near field communications technology of a device reader or terminal, receiving data identifying a payment account or consumer associated with the payment device, determining that an interaction with the payment device or a consumer is required prior to performance of the payment transaction, determining that the interaction has been performed, detecting the presentment of the payment device using the near field communications technology of the device reader or terminal, and performing the payment transaction.
[0016] In another arrangement, the disclosure is directed to a device reader of point of sale terminal, where the device reader or point of sale terminal includes a processor, a memory, and a set of instructions stored in the memory, which when executed by the processor implement a method to detect the presence of a payment device using a near field communications technology, receive data identifying a payment account or consumer associated with the payment device, in response to receiving the data, determine that an interaction with the payment device or a consumer is required prior to performance of a payment transaction, determine that the interaction has been performed, detect the presentment of the payment device using the near field communications technology of the device reader or terminal, and perform the payment transaction.
[0017] In yet another arrangement, the disclosure is directed to a method of conducting a payment transaction, where the method includes detecting the presence of a payment device 12786535/990792D1 7 2015201432 04 Apr 2017 using a near field communications technology of a device reader or terminal, and in response to detecting the presence of the payment device, activating a payment application installed on the payment device.
[0018] In yet another embodiment, the present disclosure is directed to a device reader or point of sale terminal, where the device reader or point of sale terminal includes a processor, a memory, and a set of instructions stored in the memory, which when executed by the processor implement a method to detect the presence of a payment device using a near field communications technology of a device reader or terminal, and in response to detecting the presence of the payment device, activate a payment application installed on the payment device.
[0018A] According to another aspect of the present disclosure, there is provided a method of conducting a payment transaction, comprising: detecting presentment of a payment device a first time using a near field communications technology of a device reader or terminal, thereby preparing the payment device to conduct the payment transaction; receiving data identifying a payment account or consumer associated with the payment device; determining that an interaction with the payment device or a consumer is required prior to performance of the payment transaction; determining that the interaction has been performed; detecting the presentment of the payment device a second time using the near field communications technology of the device reader or terminal; and after detecting the presentment of the payment device the second time, performing the payment transaction.
[0018B] According to another aspect of the present disclosure, there is provided a device reader or point of sale terminal, comprising: a processor; a memory; and a set of instructions stored in the memory, which when executed by the processor implement a method to detect presentment of a payment device a first time using a near field communications technology, thereby preparing the payment device to conduct a payment transaction; receive data identifying a payment account or consumer associated with the payment device; in response to receiving the data, determine that an interaction with the payment device or a consumer is required prior to performance of a payment transaction; 12786535/990792D1 7a 2015201432 04 Apr 2017 determine that the interaction has been performed; detect the presentment of the payment device a second time using the near field communications technology of the device reader or terminal; and after detecting the presentment of the payment device the second time, perform the payment transaction.
[0018C] According to another aspect of the present disclosure, there is provided a method of conducting a payment transaction, comprising: detecting presentment of a payment device a first time using a near field communications technology of a device reader or terminal, thereby preparing the payment device to conduct the payment transaction; in response to detecting the presence of the payment device the first time, activating a payment application installed on the payment device; detecting the presentment of the payment device a second time using the near field communications technology; and processing the payment transaction after detecting the presentment of the payment device the second time.
[0018D] According to an aspect of the present disclosure, there is provided a method comprising: performing, by a point of sale terminal, a payment transaction using a payment account upon detecting presentment of a payment device associated with the payment account; receiving, by the point of sale terminal, a message from an issuer of the payment account after performing the payment transaction, the message requesting an interaction with the payment device; requesting, by the point of sale terminal, that the payment device be presented one more time; and initiate, by the point of sale terminal, the performance of an action on the payment device after requesting.
[0018E] According to an aspect of the present disclosure, there is provided a point of sale terminal, comprising: a processor; a memory; and a set of instructions stored in the memory, which when executed by the processor, cause the processor to: perform a payment transaction using a payment account upon detecting presentment of a payment device, wherein the payment account is associated with the payment device; receive a message from issuer of the payment account after performing the payment transaction, the message requiring an interaction with the payment device; request that the payment device be presented one more time; and initiate the performance of an action on the payment device.
[0018F] According to an aspect of the present disclosure, there is provided a payment device, comprising: a processor; a memory storing payment account data; and a set of instructions stored in the memory, which when executed by the processor, cause the processor to: interact with a device reader a first time to perform a payment transaction using the payment account 12786535/990792D1 7b 2015201432 04 Apr 2017 data stored in the memory; interact with the device reader a second time after the payment transaction is completed; and perform an action on the payment device after interaction with the device reader the second time.
[0018G] According to an aspect of the present invention, there is provided a method comprising: performing, by a point of sale terminal, a payment transaction using a payment account upon detecting presentment of a payment device associated with the payment account; receiving, by the point of sale terminal, a message from an issuer of the payment account after performing the payment transaction, the message requesting an interaction with the payment device to perform an issuer update on the payment device; requesting, by the point of sale terminal, that the payment device be presented one more time; and performing, by the point of sale terminal, the issuer update on the payment device after requesting, wherein the issuer update transmits the data received from the issuer to the payment device.
[0018H] According to an aspect of the present invention, there is provided a point of sale terminal, comprising: a processor; a memory; and a set of instructions stored in the memory, which when executed by the processor, cause the processor to: perform a payment transaction using a payment account upon detecting presentment of a payment device, wherein the payment account is associated with the payment device; receive a message from issuer of the payment account after performing the payment transaction, the message requiring an interaction with the payment device to perform an issuer update on the payment device; request that the payment device be presented one more time; and perform the issuer update on the payment device after requesting, wherein the issuer update transmits the data received from the issuer to the payment device.
[00181] According to an aspect of the present invention, there is provided a payment device, comprising: a processor; a memory storing payment account data; and a set of instructions stored in the memory, which when executed by the processor, cause the processor to: interact with a device reader a first time to perform a payment transaction using the payment account data stored in the memory; interact with the device reader a second time after the payment transaction is completed; and perform an issuer update on the payment device after interaction with the device reader the second time, wherein the issuer update transmits the data from the issuer to the payment device. 12786535/990792D1 7c 2015201432 04 Apr 2017 [0018J] According to an aspect of the present invention, there is provided a method of conducting a payment transaction involving detection of a payment device, comprising: detecting using wireless communications technology of a device reader or terminal, a presence of the payment device having a contactless element capable of communication and data transfer using a wireless communications technology comprising a short-range data transfer technology utilizing RFID, receiving, by the device reader or terminal, data identifying a payment account or consumer associated with the payment device, determining, by the device reader or terminal, that an interaction with the payment device or a consumer is required prior to performance of the payment transaction, determining, by the device reader or terminal, that the interaction has been performed; and detecting, using the wireless communications technology comprising the short range data transfer technology utilizing RFID of the device reader or terminal, the presence of the payment device, and performing, by the device reader or terminal, the payment transaction, involving transferring consumer identity or authentication data to the device reader or terminal, using the contactless element, wherein performing the payment transaction also comprises creating an authorization request message and transmitting the authorization request message to an Issuer of the payment device; and determining that an issuer update for the payment device is required, wherein the method further comprises one of: (i) requesting that the payment device be presented to the device reader or terminal, and performing the issuer update on the payment device using the device reader or terminal, and (ii) receiving, by the payment device, in case the payment device is a mobile phone, an issuer update over the air via a cellular network from the issuer, wherein determining, by the device reader or terminal, that an interaction with the payment device or a consumer is required prior to performance of the payment transaction comprises determining, by the device reader or terminal, that the interaction with the payment device is required prior to performance of the payment transaction, and wherein the method further comprises: receiving the consumer identity or authentication data from the payment device, after the user provides the consumer identity or authentication data to the payment device.
[0018K] According to an aspect of the present invention, there is provided a device reader or terminal for use in a method of any of the preceding claims, wherein the device reader or terminal comprises: wireless communications technology means configured to detect a presence of a payment device having a contactless element capable of communication and data transfer using a wireless communications technology comprising a short-range data 12786535/990792D1 7d 2015201432 04 Apr 2017 transfer technology utilizing RFID, wherein the device reader or terminal is further configured to receive data identifying a payment account or consumer associated with the payment device, to determine that an interaction with the payment device or a consumer is required prior to performance of the payment transaction, to determine that the interaction has been performed; and to detect, using the wireless communications technology means comprising the short-range data transfer technology utilizing RFID, the presence of the payment device, and to perform the payment transaction, involving transferring consumer identity or authentication data to the device reader or terminal, using the contactless element, wherein the device reader or terminal is further configured, upon performing the payment transaction, to create an authorization request message and to transmit the authorization request message to an Issuer of the payment device, and the device reader or terminal is configured to determine that an issuer update for the payment device is required, to request that the payment device be presented to the device reader or terminal, and to perform the issuer update on the payment device using the device reader or terminal, wherein the determining, by the device reader or terminal, that an interaction with the payment device or a consumer is required prior to performance of the payment trans action comprises determining, by the device reader or terminal, that the interaction with the payment device is required prior to performance of the payment transaction, wherein the device reader or terminal is further configured to: receive the consumer identity or authentication data from the payment device, after the user provides the consumer identity or authentication data to the payment device.
[0019] Other objects and advantages of the present invention will be apparent to one of ordinary skill in the art upon review of the detailed description of the present invention and the included figures. 12786535/990792D1
BRIEF DESCRIPTION OF THE DRAWINGS 2015201432 18 Mar 2015 [0020] Fig. 1 is a block diagram illustrating a transaction processing system that may be used with some embodiments of the present invention; [0021] Fig. 2 is a functional block diagram illustrating the primary components of a system for initiating or facilitating a payment transaction using a contactless element contained within a mobile device and a pre-tap and/or two-tap operation, in accordance with some embodiments of the present invention; [0022] Fig. 3 is a functional block diagram illustrating the primary components of a mobile device, such as a mobile phone that may be used as part of the inventive system and method; [0023] Fig. 4 is a flow chart illustrating an embodiment of the inventive method or process for performing a payment transaction using a contactless element contained within a mobile device by implementing a pre-tap and/or two-tap operation; [0024] Fig. 5 is a flowchart illustrating a process for determining whether an interaction with a consumer payment device is required prior to the device being used to conduct a payment transaction, in accordance with some embodiments of the present invention; and [0025] Fig. 6 is a block diagram of an exemplary computing apparatus that may be used to implement an embodiment of the inventive method or process for performing a payment transaction with a contactless payment device using a pre-tap and/or two-tap operation. 8
DETAILED DESCRIPTION 2015201432 18 Mar 2015 [0025A] What is desired is a system, apparatus and method for enabling an Issuer or payment processor to provide a consumer payment device containing a contactless element with transaction data or to initiate an update process, without requiring that a consumer maintain communication between the payment device and a device reader or terminal for an extended period of time. It is also desired to have a system, apparatus and method for enabling the automatic launch of a payment application when a payment device is presented to a device reader or point of sale terminal, where this may include a determination of whether consumer interaction is required before a transaction can be completed. Embodiments of the invention address these problems and other problems individually and collectively.
[0026J Embodiments of the present invention are directed to a system, apparatus, and method for processing payment transactions that are conducted using a mobile payment device that includes a contactiess element, such as an integrated circuit chip. Embodiments of the invention enable one or more of the operations of activation of a payment application, transfer of transaction data, updating of account records, setting or re-setting of a payment application counter or register, or transfer or processing of a script, command, or instruction, with these functions being performed with minimal impact on a consumer. This is accomplished by introducing a pre-tap and/or two-tap operation prior to, or as part of, the transaction flow. The result is to expedite the payment transaction process for a consumer using a contactless payment device, while facilitating the ability of an Issuer or payment processor to update transaction records or enable, disable, or otherwise configure a payment application or the consumer device.
[0027] Further, to ensure that any data, commands, or instructions received by the payment device are from an authenticated source and that the received information can be associated with the proper transaction data stored in the payment device, embodiments of the present invention may include use of a cryptogram or other form of security control or identification data. For example, the payment device may generate a cryptogram and provide that cryptogram to an Issuer as part of a transaction. The Issuer may generate a second cryptogram (either based on the initial cryptogram from the payment device, or by an independent process) and 9 9309874 provide the second cryptogram to the payment device as part of any data, command, or instruction sent to the payment device during an issuer update process. The payment device can then use the cryptogram received from the Issuer (along with the initial cryptogram sent to the Issuer, if necessary) to confirm the authenticity of the Issuer and to properly associate the received data with the transaction record to which it applies, where that record is stored in the payment device. The cryptogram(s) may be generated by any suitable method and may be stored in a memory in the payment device and if desired, erased after completion of a transaction for which the cryptogram was generated. 2015201432 18 Mar 2015 9a 9309874 [0028] The present invention is typically implemented in the context of a payment transaction; therefore prior to describing one or more embodiments of the invention in greater detail, a brief discussion will be presented of the entities involved in processing and authorizing a payment transaction and their roles in the authorization process. 2015201432 18 Mar 2015 [0029] Figure 1 is a block diagram illustrating a transaction processing system that may be used with some embodiments of the present invention. Typically, an electronic payment transaction is authorized if the consumer conducting the transaction is properly authenticated (i.e., their identity and their valid use of a payment account is verified) and if the consumer has sufficient funds or credit to conduct the transaction. Conversely, if there are insufficient funds or credit in the consumer's account, or if the consumer's payment device is on a negative list (e.g., it is indicated as possibly having been stolen), then an electronic payment transaction may not be authorized. In the following description, an "Acquirer" is typically a business entity (e.g., a commercial bank) that has a business relationship with a particular merchant. An "Issuer" is typically a business entity (e.g., a bank) which issues a payment device (such as a credit or debit card) to a consumer. Some entities may perform both Issuer and Acquirer functions.
[0030] Figure 1 illustrates the primary functional elements that are typically involved in processing a payment transaction and in the authorization process for such a transaction. As shown in Figure 1, in a typical payment transaction, a consumer wishing to purchase a good or service from a merchant uses a portable consumer payment device 20 to provide payment transaction data that may be used as part of a consumer authentication or transaction authorization process. Portable consumer payment device 20 may be a debit card, credit card, smart card, mobile device containing a contactless chip, or other suitable form of device.
[0031] The portable consumer payment device is presented to a device reader or point of sale (POS) terminal 22 which is able to access data stored on or within the payment device. The account data (as well as any required consumer data) is communicated to the merchant 24 and ultimately to the merchant’s transaction/data processing system 26. As part of the authentication or authorization process performed by the merchant, merchant transaction processing system 26 may access 10 merchant database 28, which typically stores data regarding the customer/consumer (as the result of a registration process with the merchant, for example), the consumer’s payment device, and the consumer’s transaction history with the merchant. Merchant transaction processing system 26 typically communicates with Acquirer 30 (which manages the merchant’s accounts) as part of the overall authentication or authorization process. Merchant transaction processing system 26 and/or Acquirer 30 provide data to Payment Processing Network 34, which among other functions, participates in the clearance and settlement processes that are part of the overall transaction processing. Communication and data transfer between Merchant transaction processing system 26 and Payment Processing Network 34 is typically by means of an intermediary, such as Acquirer 30. As part of the consumer authentication or transaction authorization process, Payment Processing Network 34 may access account database 36, which typically contains information regarding the consumer’s account payment history, chargeback or transaction dispute history, credit worthiness, etc. Payment Processing Network 34 communicates with Issuer 38 as part of the authentication or authorization process, where Issuer 38 is the entity that issued the payment device to the consumer and manages the consumer’s account. Customer or consumer account data is typically stored in customer/consumer database 40 which may be accessed by Issuer 38 as part of the authentication, authorization or account management processes. Note that instead of, or in addition to being stored in account database 36, consumer account data may be included in, or otherwise part of customer/consumer database 40. 2015201432 18 Mar 2015 [0032] In standard operation, an authorization request message is created during a consumer purchase of a good or service at a point of sale (POS) using a portable consumer payment device. In some embodiments, the portable consumer payment device may be a wireless phone or personal digital assistant that incorporates a contactless card or chip. The contactless card or chip may communicate with the point of sale terminal using a near field communications (NFC) capability. The authorization request message is typically sent from the device reader/POS terminal 22 through the merchant’s data processing system 26 to the merchant's Acquirer 30, to a payment processing network 34, and then to an Issuer 38. An "authorization request message" can include a request for authorization to conduct an electronic payment transaction and data relevant to determining if the request should be 11 granted. For example, it may include one or more of an account holder's payment account number, currency code, sale amount, merchant transaction stamp, acceptor city, acceptor state/country, etc. An authorization request message may be protected using a secure encryption method (e.g., 128-bit SSL or equivalent) in order to prevent unauthorized access to account or transaction data. 2015201432 18 Mar 2015 [0033] After the Issuer receives the authorization request message, the Issuer determines if the transaction should be authorized and sends an authorization response message back to the payment processing network to indicate whether or not the current transaction is authorized. The payment processing system then forwards the authorization response message to the Acquirer. The Acquirer then sends the response message to the Merchant. The Merchant is thus made aware of whether the Issuer has authorized the transaction, and hence whether the transaction can be completed.
[0034] At a later time, a clearance and settlement process may be conducted by elements of the payment/transaction processing system depicted in Figure 1. A clearance process involves exchanging financial details between an Acquirer and an Issuer to facilitate posting a transaction to a consumer's account and reconciling the consumer's settlement position. Clearance and settlement can occur simultaneously or as separate processes.
[0035] Payment Processing Network 34 may include data processing subsystems, networks, and other means of implementing operations used to support and deliver authorization services, exception file services, and clearing and settlement services for payment transactions. An exemplary Payment Processing Network may include VisaNet. Payment Processing Networks such as VisaNet are able to process credit card transactions, debit card transactions, and other types of commercial transactions. VisaNet, in particular, includes a VIP system (Visa Integrated Payments system) which processes transaction authorization requests and a Base II system which performs transaction clearing and settlement services.
[0036] Payment Processing Network 34 may include a server computer. A server computer is typically a powerful computer or cluster of computers. For example, the 12 server computer can be a large mainframe, a minicomputer cluster, or a group of servers functioning as a unit. In one example, the server computer may be a database server coupled to a web server. Payment Processing Network 34 may use any suitable combination of wired or wireless networks, including the Internet, to permit communication and data transfer between network elements. Among other functions, Payment Processing Network 34 may be responsible for ensuring that a consumer is authorized to conduct a transaction (via an authentication process), confirm the identity of a party to a transaction (e.g., via receipt of a personal identification number), confirm a sufficient balance or credit line to permit a purchase, or reconcile the amount of a purchase with the consumer’s account (via entering a record of the transaction amount, date, etc.). 2015201432 18 Mar 2015 [0037] Consumer payment device 20 may take one of many suitable forms. As mentioned, the portable consumer device can be a mobile device that incorporates a contactless element such as a chip for storing payment data (e.g., a BIN number, account number, etc.) and a near field communications (NFC) data transfer element such as an antenna, a light emitting diode, a laser, etc. The portable consumer device may also include a keychain device (such as the Speedpass™ commercially available from Exxon-Mobil Corp.), etc. The device containing the contactless card or chip, or other data storage element may be a cellular (mobile) phone, personal digital assistant (PDA), pager, transponder, or the like. The portable consumer device may also incorporate the ability to perform debit functions (e.g., a debit card), credit functions (e.g., a credit card), or stored value functions (e.g., a stored value or prepaid card).
[0038] In embodiments of the invention that include a contactless element (e.g., a contactless chip and near field communications data transfer element) embedded within a wireless mobile phone or similar device, the contactless element can communicate with a Merchant’s device reader or point of sale terminal using a short range communication method, such as a near field communications (NFC) capability. Examples of such NFC technologies or similar short range communications technologies include ISO standard 14443, RFID, Bluetooth™ and Infra-red communications methods. 13 [0039] Figure 2 is a functional block diagram illustrating the primary components of a system 100 for initiating or facilitating a payment transaction using a contactless element contained within a mobile device and a pre-tap or two-tap operation, in accordance with some embodiments of the present invention. As shown in Figure 2, system 100 includes a mobile device 102 having wireless communications capabilities 122. Mobile device 102 may be a wireless mobile telephone, PDA, laptop computer, pager, etc. In a typical embodiment, mobile device 102 is a cell phone, although as noted, implementation of the present invention is not limited to this embodiment as the mobile device that functions as a payment device may take any suitable form convenient for use by a consumer. Naturally, if the mobile device is not a cell phone or similar form of wireless communications device, then the mobile device may not be capable of communication using a wireless or cellular network. In the case of a cell phone as the mobile device 102, the device includes mobile device (cell phone) circuitry 104 that enables certain of the telephony functions. Among other functions, mobile device circuitry 104 enables mobile device 102 to communicate wirelessly with cellular system (i.e., a wireless carrier) 120 via cellular network 122. 2015201432 18 Mar 2015 [0040] Mobile device 102 further includes a contactless element 106, typically implemented in the form of a semiconductor chip. Contactless element 106 may include a secure data storage element 110, although secure data storage element 110 may also be implemented as a separate element from contactless element 106. Contactless element 106 includes a near field communications (NFC) data transfer (e.g., data transmission) element 105, such as an antenna or transducer. As will be described, the near field communications capability permits a device reader or point of sale terminal to exchange data with (or perform operations on) contactless element 106 as part of, or in preparation for, a payment transaction. In some embodiments, contactless element 106 may be embedded within and integrated with the elements of mobile device 102. In such a case, data or control instructions may optionally be transmitted via cellular network 122 and be exchanged with, or applied to, contactless element 106 by means of contactless element interface 108. In that situation, contactless element interface 108 functions to permit the exchange of data and/or control instructions between mobile device circuitry 104 (and hence the cellular network) and contactless element 106. Thus, contactless element 106 may 14 include data storage capability in the form of a memory or secure data storage 110 that may be accessed via a near field communications capability or interface 108 to permit the implementation of data read, write, and erase functions, for example. 2015201432 18 Mar 2015 [0041] Secure data storage 110 may be used by mobile device 102 to store operating parameters or other data utilized in the operation of the device. Secure data storage 110 may also be used to store other data for which enhanced security is desired, for example, transaction data, personal account data, identification data, authentication data, access control data for an application or device function, etc. As mentioned, secure data storage 110 may be implemented in the form of a chip that is separate and apart from contactless element 106, or alternatively, may be a section of memory in a chip that forms part of contactless element 106. Note also that the secure data storage and/or contactless element contained within the mobile device may be a removable element or may be integrated within the mobile device. Examples of removable elements include SIM cards, flash memory cards, and other suitable devices.
[0042] Mobile device 102 may also include one or more applications 109, where applications 109 are implemented in the form of one or more of software, firmware, or hardware. Applications 109 are used to implement various functions desired by a consumer, where such functions may include, but are not limited to, eCommerce transaction operations, payment transaction operations, etc. Typically, applications 109 represent processes or operations that are dedicated to a specific function that provides added value for the consumer and which are not part of the standard operation of the device (i.e., not part of enabling the standard telephony functions, for example). As shown in the figure, applications 109 may exchange data with secure data storage 110 (via contactless element interface 108) and may also be capable of exchanging data with mobile device circuitry 104. A typical application 109 for the purposes of the present invention is a payment application that enables a consumer to make a payment for a transaction, where the transaction is wholly or partially conducted using the mobile device. In such an example, secure data storage 110 may contain authentication data, consumer identification data, transaction record data, account balance data, etc. Applications 109 are typically stored as a set of executable instructions in memory 107, which may also include data storage 113. A processor accesses memory 107 to load and unload the 15 instructions and data as needed to execute the instructions to perform the functions of the applications. 2015201432 18 Mar 2015 [0043] Contactless element 106 is capable of transferring and receiving data using data transfer element 105 which implements a near field communications capability 112, typically in accordance with a standardized protocol or data transfer mechanism (identified as ISO 14443/NFC in the figure). Near field communications capability 112 is a short-range communications capability, such as RFID, Bluetooth™, infrared, or other data transfer capability that can be used to exchange data between the mobile device 102 and a device reader or point of sale terminal 130, which is typically located at a Merchant’s place of business. Thus, in some embodiments, mobile device 102 is capable of communicating and transferring data and/or control instructions via both cellular network 122 and near field communications capability 112, although as noted, communications and data transfer by means of the cellular network is not required in order to implement some embodiments of the present invention.
[0044] System 100 further includes Acquirer 132 which is in communication with Merchant or with Merchant’s device reader or point of sale terminal 130. Acquirer 132 is in communication with Payment Processing Network 134 and as was described, may exchange data with Payment Processing Network 134 as part of the transaction authorization process. Payment Processing Network 134 is also in communication with Issuer 136. As was described, Issuer 136 may exchange data with Payment Processing Network 134 as part of an authentication, transaction authorization, or transaction reconciliation process.
[0045] System 100 may also include Mobile Gateway 138, which is capable of coupling the cellular (wireless) network or system to a second network (typically a wireline network such as the Internet) and enabling the transfer of data between the networks. Mobile Gateway 138 may perform data processing operations as needed to permit the efficient transfer of data between the two types of networks, including, but not limited to, data reformatting or other processing to take into account differences in network protocols. Mobile Gateway 138 may also perform data processing operations to enable more efficient data transfer between the networks and devices coupled to each type of network, such as for purposes of improving the 16 ability of a consumer to utilize the received data on a mobile device. As shown in the figure, in some embodiments, Mobile Gateway 138 is coupled to Payment Processing Network 134, which is coupled to Acquirer 130. Note that other embodiments are possible, such as where Mobile Gateway 138 is coupled to Issuer 136, as well as where Acquirer 130 is coupled to Issuer 136. Similarly, Issuer 136 may include the capability of functioning as Mobile Gateway 138. 2015201432 18 Mar 2015 [0046] Inventive system 100 provides an efficient way for a consumer to conduct a payment transaction using a contactless element. As will be described, by using the near field communications capability (or a similar short-range data transfer technology) and a pre-tap process, two-tap process, or a combination of the two processes, a consumer may conduct a contactless payment transaction in a way that has a minimal impact and imposes a minimal burden on the consumer.
Embodiments of the present invention facilitate use of a contactless element for payment transactions in a manner that is convenient for the consumer while maintaining the ability of an Issuer or payment processor to update or re-set payment application counters or registers, or to perform another operation on the payment device, payment application, or data stored in the device. Such data may include authentication and account management data, such as transaction records or account balances. For example, a secure data store (e.g., secure data storage 110 or a similar secure memory region that is part of the contactless element or another element of the mobile device) may contain transaction records and a running total of the balance available for a consumer’s account. In the case of the contactless element being used with a prepaid card or account, the balance would reflect the remaining amount of money available to a consumer. In the case of the contactless element being used with a credit or debit account, the balance would reflect a remaining credit limit or amount available from the debit account.
[0047] Embodiments of the present invention provide a mechanism for efficiently performing a payment transaction using a contactless element by introducing a pretap and/or two-tap operation as a prelude to (in the case of a pre-tap), as part of, or after the payment transaction. In some embodiments, a payment device may be presented to a device reader or point of sale (POS) terminal prior to initiation of a transaction, during a transaction, or subsequent to a transaction, with the device being presented in one or more of these situations. Among other uses, presenting 17 the payment device may be used to launch a payment application, enable a transaction, to provide transaction data to the device, or to re-set or configure a function or operation of the payment application or payment device. Note that in the context of the present invention, presenting the device to a device reader or POS terminal will be referred to as a “tap”, where a tap includes any action by a consumer that enables communication between the consumer’s payment device and a device reader or POS terminal using a near field or short range communications mechanism (including waving the consumer device near a device reader or terminal, placing the consumer device against a device reader or terminal, etc.). 2015201432 18 Mar 2015 [0048] As part of facilitating a payment transaction using a contactless element, a pre-tap operation may be used to activate a payment application, set or re-set a counter or register that is part of a payment application, request that a consumer interaction (or other form of interaction) be performed prior to conducing the payment transaction, or configure or re-configure a payment application or payment device function that is required in order to utilize a payment application. Note that in the context of the present invention, pre-tap refers to a process where a consumer presents their payment device to a device reader or POS terminal, and instead of initiating a payment transaction, the “tap” functions to initiate a process to prepare the payment device for the transaction (such as by activating a payment application), conduct data maintenance functions, request a consumer action, or a similar operation, in the context of the invention, a two-tap process may be used where a first tap is used to perform a payment transaction (for example by transferring consumer identity or authentication data to the device reader or POS terminal), followed by a second tap at a later time to enable data provided by an Issuer or payment processor to be transferred to the payment application or payment device (as may occur as part of an Issuer update operation). Further, a pre-tap or two-tap process may be used to enable execution of a script provided by an Issuer or payment processor, where the script causes execution of a desired function or operation by the payment application, or the application of a desired function or operation by a device reader to the payment device. In some embodiments, an initial pre-tap used in combination with a later single tap presentment of the payment device, or two presentments of the device may be used to enable a payment application or payment device to be properly configured for use in a transaction and 18 to enable the execution of a transaction (or portion thereof) after completion of the configuration operation. 2015201432 18 Mar 2015 [0049] The inventive processes or methods are desirable (and in some use cases may be necessary) when a contactless element is used for a payment transaction. This is because typical payment transaction processing for transactions using a contactless element do not rely on the element being capable of communication with a device reader or POS terminal for more than a brief period of time. This is done to minimize the impact on a consumer and to reduce any inconvenience that might create a disincentive for the consumer to engage in transactions using the device. However, certain operations or functions that might be desired by an Issuer or payment processor as part of initiating or processing a payment transaction are difficult or not realistic to implement unless a consumer presents their payment device for a longer period of time. Embodiments of the present invention provide a way to implement these operations or functions without having a negative impact on the consumer experience, and thus without creating a disincentive for a consumer to utilize the contactless payment device.
[0050] In embodiments of the present invention, the mobile payment device may be any device that includes a contactless element capable of communication and data transfer using a near field communication system. As noted, one example is a mobile wireless phone equipped with a NFC capability or other short range communications technology. Figure 3 is a functional block diagram illustrating the primary components of a portable consumer device (e.g., element 102 of Figure 2), such as a mobile phone that may be used as part of the inventive system and method. As illustrated in Figure 3, mobile device 302 may include circuitry that is used to enable certain telephony and other device functions. The functional elements responsible for enabling those functions may include a processor 304 for executing instructions that implement the functions and operations of the device. Processor 304 may access data storage 312 (or another suitable memory region or element) to retrieve instructions or data used in executing the instructions. Data input/output elements 308 may be used to enable a user to input data (via a microphone or keyboard, for example) or receive output data (via a speaker, for example). Display 306 may also be used to output data to a user. Communications element 310 may be used to enable data transfer between device 302 and a 19 wireless network (via antenna 318, for example) to assist in enabling telephony and data transfer functions. As described with reference to Figure 2, device 302 may also include contactless element interface 314 to enable data transfer between contactless element 316 and other elements of the device, where contactless element 316 may include a secure memory and a near field communications or other short range communications data transfer element. The contactless element may implement a near field communications or other short range communications capability that enables communication and data transfer between device 302 and a device reader or POS terminal that is part of a payment transaction processing system. 2015201432 18 Mar 2015 [0051] Data storage 312 may be a memory that stores data, and may be in any suitable form including a memory chip, etc. The memory may be used to store data such as user identification or authentication information, user account information, transaction data, etc. Stored financial information may include information such as bank account information, bank identification number (BIN), credit or debit card account number information, account balance information, expiration date, consumer information such as name, date of birth, etc. Note that such data may instead, or also be stored in a secure data storage element, such as secure data storage 110 of Figure 2 or a similar secure memory that is part of contactless element 316. As described, data storage 312 may also contain instructions which when executed by processor 304 implement operations or processes that are part of the operation of the device or of applications installed on the device.
[0052] Figure 4 is a flow chart illustrating an embodiment 400 of the inventive method or process for performing a payment transaction using a contactless element contained within a mobile device by implementing a pre-tap and/or two-tap operation. The process steps or stages illustrated in the figure may be implemented as an independent routine or process, or as part of a larger routine or process. Note that each process step or stage depicted may be implemented as an apparatus that includes a processor executing a set of instructions, a method, or a system, among other embodiments.
[0053] As shown in the figure, at stage 402 a consumer presents their mobile payment device to a device reader or point of sale (POS) terminal. The mobile 20 device functions as a payment device and includes a contactless element such as a contactless chip. Typically, the consumer presents their mobile device to the device reader or POS terminal as part of providing data to initiate or participate in a payment transaction. However, in accordance with embodiments of the present invention, presentment of the payment device (i.e., a “tap”) may serve other functions as well. 2015201432 18 Mar 2015 [0054] In one embodiment, presentation of the payment device may be used to activate or “launch" a payment application installed on the mobile payment device (stage 404). This may be accomplished by causing communication between the device reader or POS terminal and the payment device to trigger activation of the payment application. Such a trigger or activation may occur as the result of the device reader or POS terminal transferring data or a command to the payment device (such as by performing the equivalent of a key or softkey activation), either automatically or in response to a consumer selecting a payment application icon on a device reader or POS terminal screen, for example. Note that the activation of the payment application at this stage is optional, and may be implemented at a different stage in the process.
[0055] Further, depending upon the operation of the process depicted in Figure 4, activation of the payment application may or may not be required in order to implement one or more of the other stages of the overall process. For example, in some embodiments, the payment application may need to be activated in order for certain of the later stages to be implemented, or for consumer authentication data to be transferred to the device reader or POS terminal. Similarly, in some embodiments, the consumer authentication data may be able to be transferred without activation of the payment application, or the need for interaction with the payment device or consumer may be able to be detected in the absence of an activated payment application.
[0056] Continuing with the description of Figure 4, at stage 406 it is determined if interaction (such as a consumer input or action) is required prior to conducting or completing the payment transaction. For example, based on identifying the consumer, the consumer’s payment account, etc., it may be determined whether interaction with the consumer’s payment device or the consumer is required prior to 21 proceeding with a payment transaction. In some embodiments, this determination may be made according to the process depicted in Figure 5, or by a similar process. If interaction with the payment device is not required to proceed with a payment transaction, then the payment transaction may be performed; note that in some embodiments, the user may be asked to present the payment device in order to permit performance of the payment transaction, as the first presentment of the payment device (at stage 402) served to activate the payment application (as shown at stage 408). However, if interaction with the payment device or consumer is required before proceeding with a payment transaction, then this interaction is implemented, followed by presenting the payment device to the device reader or point of sale terminal to enable performance of the transaction (stage 408). The required interaction may involve the consumer providing certain data (such as a passcode or other authentication data, or responding to a challenge question), or the performance of an operation on the payment device. Thus, if required, the interaction is performed and the mobile device is re-presented to the device reader or point of sale terminal to perform the payment transaction. As mentioned, and as will be described with reference to Figure 5, the interaction may involve a consumer providing data (such as a password, etc.), or the payment device or payment application being configured to permit execution of a payment transaction. 2015201432 18 Mar 2015 [0057] After performance of the payment transaction, the payment transaction is processed (stage 410). After the payment transaction is processed, it is determined whether an Issuer update is desired (stage 412). An Issuer update is a process requested or required by an Issuer in which data is provided by the Issuer (such as an update or correction to transaction data, for example), or a script is provided by the Issuer for execution by the device reader, the payment application installed on the payment device, or the payment device. This may occur after the payment transaction has been substantially completed, or may occur at an earlier phase of the payment transaction, such as after a response is received to an authorization request message (in which case the update processing may be required to enable the payment transaction to be completed). If the Issuer update involves the Issuer providing data, then the data may be for the purpose of updating, synchronizing or reconciling an account record stored in the payment device. In such a case, the device reader or POS terminal may be used to transfer the data to the payment 22 device by communication using the near field communications or another short range communications capability. As an alternative, the update may be provided directly to the mobile device using a wireless network (such as cellular network 122 of Figure 2). If the Issuer update involves communication of a command or script that causes execution of an operation on or by the payment application or payment device, then the command or script may be transferred to the device reader or POS terminal and executed by the device reader or POS terminal, or may be transferred to the payment device by the device reader or over a wireless network to the payment device for execution by the payment device or payment application. The command or script may be for the purpose of setting or re-setting a counter, configuring or re-configuring a function of the payment application or payment device, or updating software on the device, for example. 2015201432 18 Mar 2015 [0058] If an Issuer update is desired using the device reader or POS terminal, then the consumer is requested (e.g., prompted) to present their payment device to the device reader or POS terminal (this is shown as one option at stage 414, with the other option being the preparation for providing an over-the-air update to the payment device). If the Issuer update is to be provided to the payment device using the device reader or POS terminal, then the update is provided to the reader/terminal (stage 416). If the Issuer update is to be provided to the payment device using an over-the-air delivery process, then the update is provided to the wireless or cellular network (via the intermediary of a mobile gateway, for example) and is delivered by that method (stage 416). In the case of delivery to the payment device by the device reader or POS terminal, after presenting the payment device to the reader/terminal, communication is established between the payment device and the reader/terminal, and the Issuer provided data or script may be sent to the payment device using the near field communications capability. The Issuer provided data, command, instruction, script, or other form of information may be accompanied by an Issuer generated cryptogram (as noted at stage 416). The Issuer generated cryptogram may be used to authenticate or otherwise identify the Issuer, and/or to provide a means for associating the received data with the appropriate transaction record that is stored in the payment device. The Issuer provided data, command, instruction, script, or other form of information is received by the payment device and may be used to update transaction data stored in the payment device or cause the execution 23 of a function or operation by the payment application or the payment device, for example (stage 418). In the case of a function or operation being executed, the function or operation may be executed by the device reader or POS terminal, by the payment application, or by the payment device. At this point, provision of the Issuer update will typically be completed and the process will end (stage 420). Note that if an Issuer update is not desired (as determined at stage 412), then control will pass to the end of the process at stage 420. 2015201432 18 Mar 2015 [0059] As noted, if interaction with the consumer’s payment device is required prior to conducting a payment transaction, then the interaction is performed prior to performing the payment transaction. A process or method for determining whether an interaction is required is depicted in Figure 5, which is a flowchart illustrating a process 500 for determining whether an interaction with a consumer payment device is required prior to the device being used to conduct a payment transaction, in accordance with some embodiments of the present invention. It is noted that Figure 5 depicts an exemplary process for determining if interaction with the payment device is required prior to initiating a payment transaction, and that other, similar processes may be used without departing form the underlying concepts of the invention. In addition, although examples will be provided of the types of interactions or consumer interactions that may be requested or required prior to performance of a payment transaction, it is to be understood that other types of interactions or operations may be requested and fall within the underlying concepts of the invention.
[0060] As shown in Figure 5, the determination of whether interaction with the consumer’s payment device is required is made by considering whether at least one of the payment application (or the payment device), the Issuer, or the device reader (or point of sale terminal) has requested or required that the payment device be presented for performing some type of interaction prior to conducting a payment transaction. The process depicted in Figure 5 operates to determine if one or more of the indicated elements (i.e., the payment application, payment device, device reader, POS terminal, Issuer, etc.) has requested or required presentation of the payment device (in which case an indicator is set indicating that presentation of the payment device is required), or if none of the indicated elements has requested or required presentation of the payment device (in which case an indicator is set 24 indicating that presentation of the payment device is not required, or no indicator is set). 2015201432 18 Mar 2015 [0061] For example, at stage 502 the exemplary process determines if the payment application or payment device has requested a consumer action prior to execution of a payment transaction. Such an action might be requested to provide consumer data such as a consumer input, permit configuration or re-configuration of an application or device function or operation; for example, enabling or disabling a function, transferring data to an Issuer or payment processor, etc. If such a consumer action (which would typically be accomplished by presenting the payment device to a device reader or POS terminal) is required, then control passes to stage 503 where an indicator or flag may be set to indicate that a consumer action is required prior to execution of a payment transaction.
[0062] Control then returns to stage 504, where it is determined if an Issuer has requested a consumer action prior to execution of a payment transaction. Note that if the payment application or payment device has not requested a consumer action, then control passes directly to stage 504. An Issuer requested consumer action might be requested to set or re-set a counter that is used to track payment transactions, to enable or disable a function of the payment device, to request an action by a merchant as part of a transaction, etc. As was described with reference to stage 502, if such a consumer action is requested, then control passes to stage 505 where an indicator or flag may be set to indicate that a consumer action is required prior to execution of a payment transaction. Control then returns to stage 506, where it is determined if the device reader or POS terminal has requested a consumer action prior to execution of a payment transaction. Note that if an Issuer has not requested a consumer action, then control passes directly to stage 506. A device reader or POS terminal requested consumer action might be requested to transfer data to the payment device, etc. As was described with reference to stages 502 and 504, if such a consumer action is requested, then control passes to stage 507 where an indicator or flag may be set to indicate that a consumer action is required prior to execution of a payment transaction. Note that if a device reader or point of sale terminal has not requested a consumer action, then control passes directly to stage 508. After completion of the determination(s) of whether a 25 consumer action has been requested, control passes to stage 508 where it is determined if the indicator has been set. 2015201432 18 Mar 2015 [0063] Note that in an alternative embodiment, if any of the elements has requested or required that a consumer action be implemented prior to execution of a payment transaction, then control can be sent directly to stage 510, where the interaction is performed or a consumer action is requested. Similarly, if control has not passed to stage 510, then control may automatically be passed to stage 408 of Figure 4, as this would indicate that no consumer interaction is required or requested.
[0064] The primary function of process 500 depicted in Figure 5 is to determine if any of the relevant elements of a transaction processing system has requested or required a consumer action prior to the initiation or conducting of a payment transaction (in which case the indicator is set to a specified value), or if instead, none of the relevant elements has requested or required a consumer action prior to conduct of a payment transaction (in which case the indicator is not set, or is set to a different value). If the indicator has been set, then the interaction is requested or performed. If the indicator has not been set (or is set to a value indicating that no consumer action is required), then control passes to stage 408 of Figure 4.
[0065] If it is determined that a consumer action (such as interaction with the consumer’s payment device or an input from the consumer) is needed prior to performing a payment transaction, then a consumer may be informed of this and requested to perform the action. Note that the consumer action may take the form of the consumer providing requested data (such as authentication or security data, or a response to a challenge) using a data input mechanism of the payment device, etc.
In some cases, the consumer may be requested or prompted to present their payment device to a device reader or POS terminal. In such a situation, the consumer presents their payment device to the reader/terminal, typically by enabling communication between the payment device and the device reader or POS terminal (e.g., by waving, swiping, tapping, or performing a similar action with the payment device). Next, an action or operation may be performed on the payment device, where the action or operation may include one or more of setting or re-setting a counter or indicator, enabling or disabling a function or operation of the payment application or payment device, performing a data processing step on data stored in 26 the device, accessing specified data stored in the device and providing that data to an Issuer, Merchant, or payment processor, etc. Note that in some cases, the presentment of the payment device in response to a request that the consumer perform an action may serve as a “tap” that causes execution or performance of a payment transaction. 2015201432 18 Mar 2015 [0066] Certain of the processes, methods, or operations described with respect to Figures 4 and 5 may be implemented in whole or in part by a data processing apparatus resident in a device reader or POS terminal (such as element 130 of Figure 2), a server communicating with the device reader or POS terminal over a communications network (such as part of the payment processing network 134 of Figure 2), or by another suitable device. The processes, methods, or operations may be implemented as a set of instructions that are executed by a processor, with the processor being an element of the data processing apparatus or server.
[0067] The following is an example of a typical use case or scenario in which embodiments of the inventive system, apparatus and methods may be used. It is noted that the use case is only exemplary, as other use cases or scenarios are possible and will be evident to those of skill in the art. In this example, a consumer wishes to use a mobile payment device to make payment for a good or service at a merchant’s location. The mobile payment device may be a mobile phone containing a contactless element, for example. The consumer presents their mobile device to a device reader at the merchant’s location, where the device reader uses a near field communications or short range communications mechanism to access data stored in the contactless element. After presentation of the device, a payment application installed on the device may be activated. It is then determined if a consumer interaction is required prior to performing a payment transaction. This determination may be based on data read from the payment device. Whether consumer interaction is required may be determined by any suitable means, such as accessing a database that stores a record of all accounts for which an update or other action is required, or by accessing a database storing an account record for the payment account associated with the payment device, where that record includes an indication that a consumer interaction is required. 27 [0068] If a consumer interaction is required, then the interaction is performed. The consumer then presents the payment device to the device reader or point of sale terminal again. If necessary, the device reader may “read” the consumer’s account data and/or the consumer’s identification data from the mobile device to enable performance of the payment transaction. 2015201432 18 Mar 2015 [0069] Note that in this scenario, the first presentment of the payment device functions as a “pre-tap” since a function must be performed (e.g., activation of the payment application, configuration of the payment device or payment application) prior to enabling a transaction to be initiated. This is followed by determining if a consumer interaction is required (such as the entry of a passcode to confirm a user’s identity). In some cases, determining that a consumer action is required may involve a re-presentment of the payment device to enable a function or operation to be executed. After execution of the required function or performance of the consumer action, the payment transaction may be performed in accordance with its usual procedures, using data that was previously or concurrently provided to authenticate the consumer and perform an authorization process. If necessary, the consumer may need to re-present their payment device to the device reader or POS terminal to cause performance of the payment transaction. After completion of the payment transaction, the consumer may be requested to re-present their mobile payment device to allow an Issuer update or similar operation to be performed. As an alternative, the Issuer update may be provided over another communications channel, such as a wireless or cellular network. The update may be used to transfer updated transaction data, set or re-set a counter, enable or disable a function of the payment device, etc. Thus, in this example, a pre-tap, followed by a “first” tap and a “second” tap are used in combination to activate a payment application, determine that a function or operation needs to be performed on the payment device or payment application (or that a consumer action is required), to execute that function or operation, to perform the transaction, and to provide an update to the transaction data. Note that the pre-tap and a tap to perform the payment transaction may be used with or without another presentment of the payment device (such as to permit an Issuer update) in implementing embodiments of the invention.
[0070] Figure 6 is a block diagram of an exemplary computing apparatus that may be used to implement an embodiment of the inventive method or process for 28 performing a payment transaction with a contactless payment device using a pre-tap and/or two-tap operation. The elements of the computing apparatus illustrated in Figure 6 may be used to implement the inventive processes, methods, or operations in whole or in part, and may be part of a server or other computing apparatus (e.g., a mobile gateway, an Issuer managed server, etc.). The subsystems shown in Figure 6 are interconnected via a system bus 600. Additional subsystems such as a printer 610, keyboard 620, fixed disk 630 (or other memory comprising computer readable media), monitor 640, which is coupled to display adapter 650, and others are shown. Peripherals and input/output (I/O) devices, which couple to I/O controller 660, can be connected to the computer system by any number of means known in the art, such as serial port 670. For example, serial port 670 or external interface 680 can be used to connect the computer apparatus to a wide area network such as the Internet, a mouse input device, or a scanner. The interconnection via system bus allows the central processor 690 to communicate with each subsystem and to control the execution of instructions from system memory 695 or the fixed disk 630, as well as the exchange of information between subsystems. The system memory 695 and/or the fixed disk 630 may embody a computer readable medium. 2015201432 18 Mar 2015 [0071] In accordance with embodiments of the present invention, there have been described a system, apparatuses, and methods for enabling use of a mobile payment device that includes a contactless element in executing a payment transaction. The contactless element is embedded within a mobile device that is capable of communication and data transfer using a near field communications capability. One or more “taps” or presentments of the mobile device to a device reader or point of sale terminal may be used to enable a consumer to launch a payment application contained in the payment device, initiate a payment transaction, configure or re-configure a function or operation of the payment device, transfer transaction records to the payment device, etc.
[0072] It should be understood that the present invention as described above can be implemented in the form of control logic using computer software in a modular or integrated manner. Based on the disclosure and teachings provided herein, a person of ordinary skill in the art will know and appreciate other ways and/or methods to implement the present invention using hardware and a combination of hardware and software 29 [0073] Any of the software components or functions described in this application, may be implemented as software code to be executed by a processor using any suitable computer language such as, for example, Java, C++ or Perl using, for example, conventional or object-oriented techniques. The software code may be stored as a series of instructions, or commands on a computer readable medium, such as a random access memory (RAM), a read only memory (ROM), a magnetic medium such as a hard-drive or a floppy disk, or an optical medium such as a CD-ROM. Any such computer readable medium may reside on or within a single computational apparatus, and may be present on or within different computational apparatuses within a system or network. 2015201432 18 Mar 2015 [0074] While certain exemplary embodiments have been described in detail and shown in the accompanying drawings, it is to be understood that such embodiments are merely illustrative of and not intended to be restrictive of the broad invention, and that this invention is not to be limited to the specific arrangements and constructions shown and described, since various other modifications may occur to those with ordinary skill in the art.
[0075] As used herein, the use of "a", "an" or "the" is intended to mean "at least one", unless specifically indicated to the contrary. 30

Claims (27)

  1. CLAIMS:
    1. A method comprising: performing, by a point of sale terminal, a payment transaction using a payment account upon detecting presentment of a payment device associated with the payment account; receiving, by the point of sale terminal, a message from an issuer of the payment account after performing the payment transaction, the message requesting an interaction with the payment device to perform an issuer update on the payment device; requesting, by the point of sale terminal, that the payment device be presented one more time; and performing, by the point of sale terminal, the issuer update on the payment device after requesting, wherein the issuer update transmits the data received from the issuer to the payment device.
  2. 2. The method of claim 1, wherein the message includes a script that, when executed, causes the action to be performed on the payment device.
  3. 3. The method of claim 1, wherein the issuer update includes performing one or more of updating a transaction record stored on the payment device, setting a value of a counter on the payment device, configuring a function of the payment device, enabling or disabling a function of the payment device, accessing data stored on the payment device or transferring data onto the payment device.
  4. 4. The method of claim 1, wherein the action includes updating authentication and account management data.
  5. 5. The method of claim 1, wherein the payment device is a mobile phone.
  6. 6. The method of claim 1, further comprising: providing, by the point of sale terminal, a cryptogram to the payment device, wherein the cryptogram is generated by the issuer and is used by the payment device to authenticate the issuer.
  7. 7. A point of sale terminal, comprising: a processor; a memory; and a set of instructions stored in the memory, which when executed by the processor, cause the processor to: perform a payment transaction using a payment account upon detecting presentment of a payment device, wherein the payment account is associated with the payment device; receive a message from issuer of the payment account after performing the payment transaction, the message requiring an interaction with the payment device to perform an issuer update on the payment device; request that the payment device be presented one more time; and perform the issuer update on the payment device after requesting, wherein the issuer update transmits the data received from the issuer to the payment device.
  8. 8. The point of sale terminal of claim 7, wherein the message includes a script that, when executed, causes the action to be performed on the payment device.
  9. 9. The point of sale terminal of claim 7, wherein the issuer update includes one or more of updating a transaction record stored on the payment device, setting a value of a counter on the payment device, configuring a function of the payment device, enabling or disabling a function of the payment device, accessing data stored on the payment device or transferring data onto the payment device.
  10. 10. The point of sale terminal of claim 7, wherein the issuer update includes updating authentication and account management data.
  11. 11. The point of sale terminal of claim 7, wherein the payment device is a mobile phone.
  12. 12. The point of sale terminal of claim 7, wherein the set of instructions, when executed by the processor, further cause the processor to: provide a cryptogram to the payment device, the cryptogram generated by the issuer and used by the payment device to authenticate the issuer.
  13. 13. A payment device, comprising: a processor; a memory storing payment account data; and a set of instructions stored in the memory, which when executed by the processor, cause the processor to: interact with a device reader a first time to perform a payment transaction using the payment account data stored in the memory; interact with the device reader a second time after the payment transaction is completed; and perform an issuer update on the payment device after interaction with the device reader the second time, wherein the issuer update transmits the data from the issuer to the payment device.
  14. 14. The payment device of claim 13, wherein the payment device is a mobile phone.
  15. 15. The payment device of claim 13, wherein the issuer update is performed by an application stored on the memory by executing a script provided in the issuer update.
  16. 16. A method of conducting a payment transaction involving detection of a payment device, comprising: detecting using wireless communications technology of a device reader or terminal, a presence of the payment device having a contactless element capable of communication and data transfer using a wireless communications technology comprising a short-range data transfer technology utilizing RFID, receiving, by the device reader or terminal, data identifying a payment account or consumer associated with the payment device, determining, by the device reader or terminal, that an interaction with the payment device or a consumer is required prior to performance of the payment transaction, determining, by the device reader or terminal, that the interaction has been performed; and detecting, using the wireless communications technology comprising the short range data transfer technology utilizing RFID of the device reader or terminal, the presence of the payment device, and performing, by the device reader or terminal, the payment transaction, involving transferring consumer identity or authentication data to the device reader or terminal, using the contactless element, wherein performing the payment transaction also comprises creating an authorization request message and transmitting the authorization request message to an Issuer of the payment device; and determining that an issuer update for the payment device is required, wherein the method further comprises one of: (i) requesting that the payment device be presented to the device reader or terminal, and performing the issuer update on the payment device using the device reader or terminal, and (ii) receiving, by the payment device, in case the payment device is a mobile phone, an issuer update over the air via a cellular network from the issuer, wherein determining, by the device reader or terminal, that an interaction with the payment device or a consumer is required prior to performance of the payment transaction comprises determining, by the device reader or terminal, that the interaction with the payment device is required prior to performance of the payment transaction, and wherein the method further comprises: receiving the consumer identity or authentication data from the payment device, after the user provides the consumer identity or authentication data to the payment device.
  17. 17. The method of claim 16, further comprising: transferring data from an issuer or payment processor to the payment device.
  18. 18. The method of claim 16 or 17, wherein after detecting the presence of the payment device, the method further comprises activating a payment application installed on the payment device.
  19. 19. The method of claim 18, wherein activation of the payment application occurs in response to data or a command being transferred to the payment device by the device reader or terminal.
  20. 20. The method of any one of claims 16-19, wherein the interaction is a consumer authentication.
  21. 21. The method of claim 20, wherein the method further comprises: encrypting the authorization request message.
  22. 22. The method of claim 20, wherein the method further comprises: receiving consumer data, preferably comprising a passcode, a password or a response to a question.
  23. 23. The method of any one of claims 16-22, wherein determining that the interaction with the payment device or the consumer is required prior to performance of the payment transaction further comprises: accessing a database containing data indicating a status of the payment device, the database maintained by one or more of a merchant, an Acquirer, an Issuer, or an element of a payment processing network.
  24. 24. The method of any one of claims 16-23, further comprising: setting a value of a counter, configuring a function of the payment device, enabling or disabling a function of the payment device, or accessing data stored in the payment device.
  25. 25. The method of aspect (ii) of claim 16, wherein the method further comprises: determining that an interaction with the payment device is required after processing transaction data for the payment transaction; requesting that the payment device be presented to the device reader or terminal; and performing another action on the payment device using the device reader or terminal.
  26. 26. The method of claim 25, wherein the action performed on the payment device is one or more of updating a transaction record stored in the device or setting a counter value.
  27. 27. A device reader or terminal for use in a method of any of the preceding claims, wherein the device reader or terminal comprises: wireless communications technology means configured to detect a presence of a payment device having a contactless element capable of communication and data transfer using a wireless communications technology comprising a short-range data transfer technology utilizing RFID, wherein the device reader or terminal is further configured to receive data identifying a payment account or consumer associated with the payment device, to determine that an interaction with the payment device or a consumer is required prior to performance of the payment transaction, to determine that the interaction has been performed; and to detect, using the wireless communications technology means comprising the short-range data transfer technology utilizing RFID, the presence of the payment device, and to perform the payment transaction, involving transferring consumer identity or authentication data to the device reader or terminal, using the contactless element, wherein the device reader or terminal is further configured, upon performing the payment transaction, to create an authorization request message and to transmit the authorization request message to an Issuer of the payment device, and the device reader or terminal is configured to determine that an issuer update for the payment device is required, to request that the payment device be presented to the device reader or terminal, and to perform the issuer update on the payment device using the device reader or terminal, wherein the determining, by the device reader or terminal, that an interaction with the payment device or a consumer is required prior to performance of the payment trans action comprises determining, by the device reader or terminal, that the interaction with the payment device is required prior to performance of the payment transaction, wherein the device reader or terminal is further configured to: receive the consumer identity or authentication data from the payment device, after the user provides the consumer identity or authentication data to the payment device.
AU2015201432A 2008-09-22 2015-03-18 Method of performing transactions with contactless payment devices using pre-tap and two-tap operations Active AU2015201432B2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
AU2015201432A AU2015201432B2 (en) 2008-09-22 2015-03-18 Method of performing transactions with contactless payment devices using pre-tap and two-tap operations
AU2017219057A AU2017219057B2 (en) 2008-09-22 2017-08-24 Method of performing transactions with contactless payment devices using pre-tap and two-tap operations

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US9906008P 2008-09-22 2008-09-22
US61/099,060 2008-09-22
AU2009292926A AU2009292926B2 (en) 2008-09-22 2009-09-22 Method of performing transactions with contactless payment devices using pre-tap and two-tap operations
PCT/US2009/057802 WO2010033972A1 (en) 2008-09-22 2009-09-22 Method of performing transactions with contactless payment devices using pre-tap and two-tap operations
AU2015201432A AU2015201432B2 (en) 2008-09-22 2015-03-18 Method of performing transactions with contactless payment devices using pre-tap and two-tap operations

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
AU2009292926A Division AU2009292926B2 (en) 2008-09-22 2009-09-22 Method of performing transactions with contactless payment devices using pre-tap and two-tap operations

Related Child Applications (1)

Application Number Title Priority Date Filing Date
AU2017219057A Division AU2017219057B2 (en) 2008-09-22 2017-08-24 Method of performing transactions with contactless payment devices using pre-tap and two-tap operations

Publications (2)

Publication Number Publication Date
AU2015201432A1 AU2015201432A1 (en) 2015-04-09
AU2015201432B2 true AU2015201432B2 (en) 2017-05-25

Family

ID=52991346

Family Applications (2)

Application Number Title Priority Date Filing Date
AU2015201432A Active AU2015201432B2 (en) 2008-09-22 2015-03-18 Method of performing transactions with contactless payment devices using pre-tap and two-tap operations
AU2017219057A Active AU2017219057B2 (en) 2008-09-22 2017-08-24 Method of performing transactions with contactless payment devices using pre-tap and two-tap operations

Family Applications After (1)

Application Number Title Priority Date Filing Date
AU2017219057A Active AU2017219057B2 (en) 2008-09-22 2017-08-24 Method of performing transactions with contactless payment devices using pre-tap and two-tap operations

Country Status (1)

Country Link
AU (2) AU2015201432B2 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9824355B2 (en) 2008-09-22 2017-11-21 Visa International Service Association Method of performing transactions with contactless payment devices using pre-tap and two-tap operations
US8977567B2 (en) 2008-09-22 2015-03-10 Visa International Service Association Recordation of electronic payment transaction information
US11386412B1 (en) 2018-04-12 2022-07-12 Wells Fargo Bank, N.A. Authentication circle management
US11481837B1 (en) 2018-04-12 2022-10-25 Wells Fargo Bank, N.A. Authentication circle management
US10943308B1 (en) 2018-05-03 2021-03-09 Wells Fargo Bank, N.A. Systems and methods for pervasive advisor for major expenditures

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080033880A1 (en) * 2006-02-01 2008-02-07 Sara Fiebiger Techniques for authorization of usage of a payment device
WO2008042302A2 (en) * 2006-09-29 2008-04-10 Narian Technologies Corp. Apparatus and method using near field communications

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080033880A1 (en) * 2006-02-01 2008-02-07 Sara Fiebiger Techniques for authorization of usage of a payment device
WO2008042302A2 (en) * 2006-09-29 2008-04-10 Narian Technologies Corp. Apparatus and method using near field communications

Also Published As

Publication number Publication date
AU2015201432A1 (en) 2015-04-09
AU2017219057A1 (en) 2017-09-14
AU2017219057B2 (en) 2018-12-20

Similar Documents

Publication Publication Date Title
US20220101298A1 (en) Method of performing transactions with contactless payment devices using pre-tap and two-tap operations
AU2009292926B2 (en) Method of performing transactions with contactless payment devices using pre-tap and two-tap operations
CA2738038C (en) Apparatus and method for preventing unauthorized access to payment application installed in contactless payment device
US9672508B2 (en) Over the air update of payment transaction data stored in secure memory
AU2017219057B2 (en) Method of performing transactions with contactless payment devices using pre-tap and two-tap operations
AU2016253607B2 (en) Apparatus and method for preventing unauthorized access to application installed in a device
AU2015202512B2 (en) Apparatus and method for preventing unauthorized access to application installed in mobile device

Legal Events

Date Code Title Description
FGA Letters patent sealed or granted (standard patent)