EP3347866A1 - Proxy-vorrichtung zur darstellung mehrerer berechtigungsnachweise - Google Patents
Proxy-vorrichtung zur darstellung mehrerer berechtigungsnachweiseInfo
- Publication number
- EP3347866A1 EP3347866A1 EP16801549.3A EP16801549A EP3347866A1 EP 3347866 A1 EP3347866 A1 EP 3347866A1 EP 16801549 A EP16801549 A EP 16801549A EP 3347866 A1 EP3347866 A1 EP 3347866A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- payment
- account
- proxy device
- user
- credential
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 230000006870 function Effects 0.000 claims abstract description 29
- 238000012545 processing Methods 0.000 claims description 4
- 230000001419 dependent effect Effects 0.000 claims 2
- 238000000034 method Methods 0.000 abstract description 62
- 238000013475 authorization Methods 0.000 description 38
- 238000010586 diagram Methods 0.000 description 24
- 230000008569 process Effects 0.000 description 21
- 230000004044 response Effects 0.000 description 19
- 238000004891 communication Methods 0.000 description 13
- 230000000694 effects Effects 0.000 description 9
- 238000012546 transfer Methods 0.000 description 7
- 238000012795 verification Methods 0.000 description 6
- 238000013507 mapping Methods 0.000 description 5
- 239000000758 substrate Substances 0.000 description 5
- 230000009471 action Effects 0.000 description 4
- 238000011144 upstream manufacturing Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000036541 health Effects 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 3
- 230000001413 cellular effect Effects 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000011012 sanitization Methods 0.000 description 2
- 238000013519 translation Methods 0.000 description 2
- VIEYMVWPECAOCY-UHFFFAOYSA-N 7-amino-4-(chloromethyl)chromen-2-one Chemical compound ClCC1=CC(=O)OC2=CC(N)=CC=C21 VIEYMVWPECAOCY-UHFFFAOYSA-N 0.000 description 1
- 239000000090 biomarker Substances 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000002565 electrocardiography Methods 0.000 description 1
- 230000001815 facial effect Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 235000012054 meals Nutrition 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000005180 public health Effects 0.000 description 1
- 230000033764 rhythmic process Effects 0.000 description 1
- 239000013589 supplement Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4016—Transaction verification involving fraud or risk level assessment in transaction processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/20—Point-of-sale [POS] network systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/067—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
- G06K19/07—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
- G06K19/077—Constructional details, e.g. mounting of circuits in the carrier
- G06K19/0772—Physical layout of the record carrier
- G06K19/07722—Physical layout of the record carrier the record carrier being multilayered, e.g. laminated sheets
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/02—Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/10—Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
- G06Q20/102—Bill distribution or payments
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/20—Point-of-sale [POS] network systems
- G06Q20/202—Interconnection or interaction of plural electronic cash registers [ECR] or to host computer, e.g. network details, transfer of information from host to ECR or from ECR to ECR
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/20—Point-of-sale [POS] network systems
- G06Q20/204—Point-of-sale [POS] network systems comprising interface for record bearing medium or carrier for electronic funds transfer or payment credit
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
- G06Q20/3224—Transactions dependent on location of M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/327—Short range or proximity payments by means of M-devices
- G06Q20/3278—RFID or NFC payments by means of M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/352—Contactless payments by cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/36—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
- G06Q20/363—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes with the personal data of a user
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3821—Electronic credentials
- G06Q20/38215—Use of certificates or encrypted proofs of transaction rights
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/385—Payment protocols; Details thereof using an alias or single-use codes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/405—Establishing or using transaction specific rules
Definitions
- the present disclosure generally relates to financial services, and more particularly relates to payment devices and systems for settling financial transactions.
- Plastic payment cards such as credit cards, were introduced in the United States in the late 1940s as a way for a bank's most trusted customers to pay for meals and travel without carrying large amounts of cash. Since then, billions of payment cards have been issued by tens of thousands of banks.
- EMVCo card issuing networks
- Computing processes are performed securely and confidentially inside the embedded microchip at the time of each transaction and the result is passed along with the payment account data through the existing payment network to the card issuing bank where it is verified using the same information stored in the card.
- the stored information is never disclosed by the issuing institution and cannot be extracted from the microchip by any practical means.
- the microchip-embedded card thus provides a onetime code for each card transaction performed at a physical point of sale. If all merchants honor this new mechanism, the risk that a counterfeit card could be produced by misappropriation of account data is largely eliminated.
- NFC near field communication
- Cards that are enabled with NFC components allow a user to tap or pass the card near an NFC reader to within about 10 cm.
- the microchip-embedded cards also known as EMV cards or smart cards
- NFC-enabled cards must also work in environments that have not yet embraced the new standards.
- Many merchants have yet to adopt the EMV-enabled terminals that can activate the microchip cards and read the cryptographic code or the NFC readers that can read the wireless communication signals.
- the issuing institutions include a conventional magnetic stripe on the back of the card.
- issuing institutions include the payment account number either printed on the card and/or embossed into the plastic. Therefore, not only can the microchip and NFC components be used in making financial transactions, but also the magnetic stripe can be used in a financial transaction using a POS swiping process or the account numbers can be used in telephone or Internet transaction.
- the method by which the card communicates the account information to the merchant terminal is known as the mode.
- the microchip card can be utilized in at least four different modes of financial transactions, including, for example, magnetic stripe swiping mode, various modes using the EMV chip, NFC mode, and manual card number entry.
- the microchip may also enable additional modes, which is one reason why there may be more than four different modes of financial transactions.
- a thief who encounters one of these new EMV or NFC payment cards and has physical control of the card even for a few brief moments can easily steal the sensitive payment account data without considering the embedded chip or NFC components. This can be done by reading the payment data from the magnetic stripe, in order to prepare a counterfeit card. The thief can also steal the data by taking a picture of the card and capturing the card numbers for fraudulent electronic commerce. It should be noted that both the magnetic stripe data and the printed data are not protected by digital security means like cryptography. The compromised data may then be used at less secure retail merchants, who have not yet adopted the EMV system, or the thief may go online to perform electronic commerce transactions.
- the present invention introduces several innovative elements for payment cards and financial networks and the authorization and settlement of financial transactions.
- a payment device may take such forms as, for example, a portable proxy device, a plastic payment card, a virtual card, a wearable commerce device, one or more components embedded in a mobile device, an application running on mobile devices or computers, and other payment credential forms.
- a portable proxy device comprises a memory configured to store a plurality of credentials. Each of the plurality of credentials pertains to one of a financial credential, an identification credential, or contractual credential.
- the portable proxy device also includes at least one interface, wherein each of the at least one interface is configured to communicate one of the plurality of
- a system comprises a point-of-sale (POS) device configured to obtain at least one credential from a mobile proxy device, each of the at least one credential pertaining to one of a financial credential, an identification credential, or contractual credential.
- POS point-of-sale
- the system also includes a payment processor configured to receive the at least one credential obtained from the mobile proxy device and perform at least one of a financial function, identification function, or contractual function.
- FIG. 1 is a block diagram illustrating a payment system according to various implementations of the present disclosure.
- FIGS. 2A and 2B are diagrams illustrating a front view and back view, respectively, of a first payment device according to various implementations of the present disclosure.
- FIGS. 3A and 3B are diagrams illustrating a front view and back view, respectively, of a second payment device according to various implementations of the present disclosure.
- FIG. 4 is a block diagram illustrating the account correlating device shown in FIG. 1 according to various implementations of the present disclosure.
- FIG. 5 is a block diagram illustrating the user account module shown in FIG. 4 according to various implementations of the present disclosure.
- FIG. 6 is a diagram illustrating a proxy device that represents a plurality of cards according to various implementations of the present disclosure.
- FIG. 7 is a diagram illustrating a mobile proxy device that represents a plurality of devices according to various implementations of the present disclosure.
- FIG. 8 is a flow diagram illustrating the general utility of the proxy devices of FIGS. 6 and 7 allowing selectable credentials according to various implementations of the present disclosure.
- FIG. 9 is a flow diagram illustrating the general utility of the proxy devices of FIGS. 6 and 7 in a default mode according to various implementations of the present disclosure.
- FIG. 10 is a flow diagram illustrating a detailed method of operation of the payment system 10 of FIG. 1 according to various implementations of the present disclosure
- FIG. 1 1 is a flow diagram illustrating another detailed method of operation of the payment system 10 of FIG. 1 according to various implementations of the present disclosure.
- FIG. 12 is a flow diagram illustrating a method of transmitting financial information of a financial transaction according to various implementations of the present disclosure.
- FIG. 13 is a flow diagram illustrating a method of operation of a tokenization process for user registration according to various implementations of the present disclosure.
- FIG. 14 is a flow diagram illustrating a method of operation of a tokenization process for enrollment according to various
- FIG. 15 is a diagram illustrating a transaction flow architecture according to various implementations of the present disclosure.
- FIGS. 16-20 are flow diagrams illustrating an overview of transaction flow processes according to various implementations of the present disclosure.
- the present invention is directed to payment devices, such as, for example, plastic payment cards, virtual cards, wearable commerce devices, components embedded in mobile devices, applications running on mobile devices or computers, and other payment credentials.
- the present invention is also directed to systems and methods for conducting financial transactions using the payment devices.
- the present invention may include a commercially viable computing service, mobile application, and web site and may be implemented in conjunction with an issuing institution using payment cards or other payment devices as described herein.
- the present invention introduces several novel elements that can be employed by existing device and valid credential issuing institutions to combat various forms of fraud.
- valid credential is used in this document to represent a valid funding instrument, which may be, but is not limited to, a credit card, charge card, direct deposit account, savings account, checking account, loyalty card, gift card, or other cards or devices.
- the present invention includes multimodal payment devices, which can be used in various modes for different types of financial transactions.
- payments devices described herein may include multiple modes for completing a transaction. Some modes may include those involving a microchip embedded in the device, those involving near field communication (NFC) components, those involving the magnetic stripe, those involving entering the device number and card verification value (CVV) in an online transaction, and/or other modes.
- NFC near field communication
- CVV device verification value
- the present invention includes novel fraud-reducing features, a mobile phone application, and a companion web site to control the novel fraud-reducing features.
- a computing service can be used in the authorization and settlement networks serving both online and retail merchants.
- PAN primary account number
- an account correlating device can be interposed between the merchant and the issuing bank to supplement the security of transactions, or called by the issuing bank as part of processing the payment.
- the payment device systems described herein substitute user PAN details securely, in the network, prior to transaction
- the present invention uses several distinct, anonymous, and unpredictable sets of substitute account details for each payment device and/or for each mode of each payment device.
- one set of substitute account details may be associated with one or more modes of the EMV chip, another set may be associated with another mode of the EMV chip, another set of substitute account details may be associated with the NFC
- the payment devices described in the present disclosure may be implemented as credit cards, debit cards, virtual cards, wearable devices, Internet of things (loT) devices, components and/or application embedded in mobile devices, and/or other financial credentials.
- the payment devices described in the present disclosure may apply to non-payment devices that are used in other environments besides commerce.
- non-payment devices e.g., loyalty cards, mobile devices, and other non-financial credentials
- non-payment devices may apply to other functions for standing in as a proxy credential to electronically authenticate identification, such as for health insurance purposes, driver's license purposes, etc. , to gain access to a secure location, to provide a photographic
- the valid credentials that may be associated with substitute account details may be payment and/or non-payment credentials, such as loyalty credentials, health insurance credentials, and other financial or non- financial credentials.
- FIG. 1 is a block diagram illustrating an embodiment of a payment system 10 in which an issuing institution 28 issues a payment device, such as a credit card or debit card, to a user.
- a payment device such as a credit card or debit card
- the user may use another type of proxy credential other than a payment card, such as a mobile device.
- the payment system 10 includes a public network 12, one or more user devices 14, one or more merchant terminals 16, one or more wireless communication antennas 18, one or more mobile devices 20, and an account correlating device 24.
- the term "merchant terminal” is used to describe a physical terminal, website, or other devices for providing functionality by a merchant at which a payment is originated.
- Merchant terminals can be embedded in POS equipment and can be “virtual” as in ecommerce website processing. Also, merchant terminals can be background devices where no device, card, customer, merchant, or goods are involved, such as when recurring payments are initiated for services.
- the "merchant terminal” may represent POS devices, merchant online systems, and other mechanisms owned/controlled by the merchant to conduct various modes of purchase.
- the merchant terminals may include any merchant systems used in different payment modes using one or more types of technologies (e.g. , EMV chip, magnetic stripe, NFC, e-commerce, etc.).
- the network 12 may include a wide area network, the Internet, private networks, and/or other publicly accessible networks. Also, the network 12 may include local area networks associated with various merchants. The network 12 may also be in communication with one or more cellular networks connected to the antennas 18.
- the user devices 14, merchant terminals 16, and antennas 18 may be connected by one or more wired or wireless connections to the network 12 to enable electronic communication among the various components.
- the wireless communication antennas 18 may include one or more cellular towers, orbiting satellites, or other wireless communication hubs for communication with the mobile devices 20.
- the account correlating device 24 could be a server, a web server, software running on a server, a hardware appliance, or any suitable intermediary computing device for providing various
- the account correlating device 24 is also connected to a network 26, which is also connected via wired or wireless connections to one or more issuing institutions 28 and one or more databases 30.
- the network 26 may be a private network, local area network, a virtual private network (VPN), or a public network with a high level of encryption.
- the account correlating device 24 may be configured to store information in the database 30 that directs one or several substitute accounts to an authentic account owned by a user or customer of the issuing institution 28.
- the user to whom a payment device has been issued may use the payment device as payment for merchandise or services.
- the payment device can be presented to a merchant at one of the merchant terminals 16. It should be noted that several merchant terminals 16 may be associated with the same merchant for obtaining account information through various modes. In fact, multiple merchant terminals 16 may be associated with a single device used by a merchant for obtaining information at a single POS device. Accordingly, the POS device may obtain information from the payment device by a first mode utilizing a microchip embedded in the device or by additional modes, which may involve the use of the NFC components or magnetic stripe on the device. In other transactions, such as online or telephone transactions, the device number printed and/or embossed on the device may be entered electronically or by an order-taking representative of the merchant.
- the payment system 10 may instead be configured as a system for performing non-payment actions.
- the non-payment system may process other types of credentials for entities other than issuing institutions.
- the account correlating device 24 uses the database 30 to associate arbitrary substitute account data values to details of a user's valid credential details.
- the arbitrary substitute account data values and valid credential details may be provided by the user at the time of enrolling in a service provided by the account correlating device 24.
- the user may change the valid credential details that are associated to the substitute account at any time using a mobile application on one of the mobile devices 20 or via a web service provided by the account correlating device 24 using a user device 14, which may be a conventional computer or web browser.
- the account correlating device 24 enables multiple valid credentials to be
- the valid credentials may be financial or non-financial credentials.
- the account correlating device 24 enables valid credentials from the issuing institution 28 to be associated with the multiple substitute accounts.
- the account correlating device 24 enables valid credentials from both issuing institution 28 as well as other financial or non-issuing institutions to be associated with the multiple substitute accounts.
- the account correlating device 24 is deployed into the payment system 10 such that all transactions presented by a merchant via one of the merchant terminals 16 for authorization against one of the multiple substitute accounts represented on each device are received by the account correlating device 24.
- the account correlating device 24 associates the multiple substitute accounts with one or more of the user's valid credentials using a customizable rules engine, which is sensitive to one or more facts including, but not limited to, the current transaction data.
- the current transaction data may include, for example, but is not limited to, merchant category code, merchant ID, amount of transaction, substitute account number, service code, device security code, etc.
- the account correlating device 24 may also have access by way of the database 30 to data including, but not limited to, prior
- the geographic location may be determined, for example, by the Global Positioning System (GPS), proximity to radio signals such as Wi-FiTM, BluetoothTM, Bluetooth Low Energy beacons, ZigbeeTM, Z-waveTM, or any combination thereof.
- GPS Global Positioning System
- radio signals such as Wi-FiTM, BluetoothTM, Bluetooth Low Energy beacons, ZigbeeTM, Z-waveTM, or any combination thereof
- the substitute accounts which can be associated with a valid credential, have themselves, unless otherwise associated, no balance or established credit and cannot be used to settle any transactions.
- the payment system 10 may be used to provide security for the use of a payment device.
- the payment system 10 may include a first merchant terminal 16 connected to a public network 12, wherein the first merchant terminal 16 is configured to obtain details of a first substitute account from a first set of information associated with a payment device owned by a user.
- the payment system 10 may include a second merchant terminal 16 connected to the public network 12, wherein the second merchant terminal 16 is configured to obtai n details of a second substitute account from a second set of information associated with the payment device.
- the payment system 10 also includes an account correlating device 24 connected to the public network 12.
- the account correlating device 24 is configured to receive the details of the first and second substitute accounts from the first and second merchant terminals 16, respectively.
- the account correlating device 24 is further configured to associate the first and second substitute accounts to valid credentials belonging to the user.
- the account correlating device 24 also manages financial transactions between an issuing institution 28, from which the user retains the valid credential, and the first and second merchant terminals 16.
- the first set of information is preferably different from the second set of information.
- the payment system 10 may also include a third merchant terminal 16 connected to the public network 12, wherein the third merchant terminal 16 may be configured to obtain details of a third substitute account from a third and preferably different set of
- the first set of information is obtained from a microchip on the payment device
- the second set of information is obtained from NFC components embedded in the payment device
- the third set of information is obtained from a magnetic stripe on the payments device
- the fourth set of information is obtained from card numbers printed and/or embossed on the payment device.
- the first, second, third, fourth and other sets of information may be generated by the issuing institution. Some of these sets of information may be manually entered into a merchant terminal.
- An alternative embodiment includes the payment system 10 in which the payment device is devoid of a printed and/or embossed account number. Also, the payment device may be devoid of a magnetic stripe, or one of the other modes. In this case, the user may use the payment device at a merchant terminal using only the microchip and/or NFC components, or the modes remaining on the device.
- a different set of account details may be communicated to the user for conducting an online or telephone transaction.
- the different set of details may be mailed, emailed, or texted to the user via a computer (e.g. , user device 14) and/or via a mobile device 20.
- the mobile device 20 associated with the user may be incorporated in the payment system 10.
- One of the merchant terminals 16 may be an online merchant device configured to conduct an online transaction, and the mobile device 20 may be configured to store, retrieve one generated from the account correlating device 24 or calculate a dynamic card verification value (d-CVV), which is transmitted to, or manually entered into, the online merchant device.
- d-CVV dynamic card verification value
- one or more of the merchant terminals 16 may be embedded within point-of-sale (POS) devices.
- the user device 14 associated with the user is configured to enable the user to manage the substitute accounts and the valid credentials via the account correlating device 24.
- the account correlating device 24 is configured to enable the user to enter enrollment information, monitor the activities of the substitute accounts, enable and disable one or more modes of conducting transactions with the payment device, report if the payment device has been lost or stolen, and provision information related to the various valid
- the account correlating device 24 may provide a website including one or more webpages enabling the user to navigate the website potentially using the user device 14.
- FIGS. 2A and 2B illustrate a first type of payment device 36 according to various embodiments of the present invention.
- FIG. 2A shows a front side 38 of the payment device 36 and
- FIG. 2B shows a back side 40 of the payment device 36.
- the payment device 36 may include a name 42 of the issuing institution 28, a microchip 44, a device number 46, a customer name 48, and an expiration date 50 on the front side 38 of the payment device 36.
- the device number 46 may be embossed on the payment device 36.
- the back side 40 of the payment device 36 may include a magnetic stripe 52, a signature box 54, and a card verification value (CVV) 56.
- the payment device 36 may further include NFC components, which may be embedded under the surface of the payment device 36, for enabling touchless transactions.
- the payment device 36 may be a plastic EMV microchip card that is issued by an issuing bank according to the issuing rules for one of several global branded payment networks.
- the payment device 36 includes provisioning and personalization such that it may be used at any EMV-enabled merchant POS.
- the account details included in the microchip 44 are not those of the primary account number, but rather are arbitrary values generated by the issuing institution.
- the account details may be referred to herein as "substitute account details.”
- the substitute account details are used as a stand-in for a valid credential but do not identify any particular user. They refer instead to a substitute account generated by the issuing institution but not associated with any particular valid credential.
- the microchip 44 and magnetic stripe 52 contain distinct payment account numbers, expiration dates, and other token account details for two different substitute accounts. Simply, the microchip 44 and magnetic stripe 52 appear to represent completely distinct payment accounts.
- a transaction performed with the microchip 44 at an EMV-enabled merchant will contain different account details than a transaction performed at a merchant using the magnetic stripe 52 on the same device 36.
- an NFC transaction may utilize payment account details that differ from the both the EMV- enabled mode and the magnetic stripe mode.
- the issuing institution 28 provides the customer with substitute account details for use in electronic commerce and telephone commerce transactions such that the details are distinct from either the substitute account details for the microchip 44 or the magnetic stripe 52. It will be appreciated that facsimile, electronic mail, and other forms of electronic and telephone communication may also be used. It will also be appreciated that the substitute account details may be recorded on a mail order form for transactions conducted through the mail.
- the electronic commerce substitute account details may not be printed or embossed on the payment device 36 but provided separately to the user, or may be printed or embossed on the payment device, depending upon the embodiment.
- FIGS. 3A and 3B illustrate a second type of payment device 60 according to various embodiments of the present invention.
- FIG. 3A shows a front side 62 of the payment device 60 and FIG.
- the payment device 60 may include a name 66 of the issuing institution and a microchip 68 on the front side 62 of the payment device 60. It should be noted that the payment device 60 is devoid of a device number and the user's name that may normally appear on a conventional payment device.
- the back side 64 of the payment device 60 may be blank or may simply include a name and address of the issuing institution. The back side 64 is therefore devoid of a conventional magnetic stripe and CVV number.
- the payment device 60 has no pre-printed account number, embossed account data, expiration data, user name, or other account data. By making the device anonymous and without including a human-readable account number, the trivial theft of account data from the face and back of the device can be prevented.
- VisaTM and MasterCardTM include rules for cards and other devices issued under their franchise agreements that require the user's name and account number to be displayed on the device.
- the embodiment of FIG. 3 does not follow these present day rules. Nevertheless, the payment device 60 as described in the present disclosure can be carried in public without the risk of being lost or stolen, since the user name and account number cannot be retrieved visually. For online, mail order, telephone, and similar transactions, a separate device or electronic file can be safely stored at the user's home.
- the payment devices 36, 60 may be formed from a plastic substrate ("card").
- a first component e.g. , the microchip 44
- the first component may be configured to provide details of a first substitute account associated with a user's valid credentials.
- the payment card 36 of Fig 2 may also include additional components incorporated into the plastic substrate.
- the additional components are configured to provide details of additional substitute accounts associated with the user's valid credentials.
- the first substitute account includes details that are distinct from the details of the second substitute account and are distinct from all additional substitute accounts. At least one of the first, second or additional substitute accounts is provided to a merchant (e.g. using a merchant terminal 16) for conducting a financial transaction with the merchant
- the merchant is configured to communicate the details of at least one of the substitute accounts to the account correlating device 24 via the network 12.
- the account correlating device 24 is configured to associate at least one of the substitute accounts to one of the user's valid credentials, and wherein the account correlating device 24 is further configured to manage financial transactions between the issuing institution 28 associated with the user's primary financial account and the merchant terminal 16 associated with the merchant.
- the payment device 36 of FIG. 2 may further include an additional component (e.g., device number 46) incorporated in the plastic substrate.
- the device number can be printed and/or embossed on the plastic substrate.
- the payment device e.g., payment card 60
- the payment device may be devoid of at least one of a printed or embossed account number, a magnetic stripe, and or other modes.
- the details of the first, second and additional substitute accounts may be read from the first, second, and additional components by a point-of-sale (POS) device, such as the merchant terminal 16.
- POS point-of-sale
- some implementations may include use of the mobile device 20, which is associated with the user.
- FIG. 4 is a block diagram showing an embodiment of the account correlating device 24 shown in FIG. 1 .
- the account correlating device 24 includes a security module 74, one or more web pages 76, a user account module 78, one or more network interfaces 80, and a transaction authentication module 82.
- the one or more network interfaces 80 are configured to enable communication on the first public network 12 and also to enable communication on the network 26.
- the user account module 78 allows a user, or customer, to perform a number of different actions related to the financial account and how the payment device 36, 60 can be used.
- the user account module 78 is described in more detail below with respect to FIG. 5.
- the security module 74 may include a random number generator for generating a temporary dynamic card verification value (d-CVV).
- the d-CVV may be communicated to the mobile device.
- the security module 74 may include an encryption engine for encrypting data transmitted over the public network 12.
- the account correlating device 24 may be configured as a web server that allows one or more users to access information from the web pages 76 and to establish a secure connection to enable the transfer of sensitive data, such as user information, device numbers, etc.
- the transaction authentication module 82 is configured to authenticate a financial transaction using the payment device 36, 60.
- the token account details are protected by encryption using a cryptographic key, which can be provided by the security module 74.
- the cryptographic key is derived from a user created password.
- the cryptographic key may instead depend on other data, including, but not limited to, the identity of the mobile device 20, the user's identity number known to the security module 74 of the account correlating device 24, the country in which the user registered for the computing service, a master key controlled by biometric authentication of the user, such as fingerprint, iris scan, facial or voice recognition, or biorhythmic pattern matching one or more body rhythms including, but not limited to, pulse rate, epidermal conductivity, iris size, blink rate,
- encephalography encephalography, electrocardiography, or other factors that are independently or in combination considered as biomarkers for individuality.
- Normal plastic cards may have a single three- or four-digit CVV imprinted on either the back or front of the card.
- Electronic commerce sites now routinely ask for this value to ensure the user has the card in their possession. But since the CVV is a short number printed on the card, it can easily be stolen together with the account data. Therefore, use of a dynamic CVV (d-CVV), which may be generated by the security module 74 at the time of the transaction, and good for only one transaction, prevents this form of theft.
- d-CVV dynamic CVV
- the d-CVV may apply to multiple transactions associated with a specific merchant or may be used multiple times according to other criteria, such as a range of days, certain days of the week, area code of merchant, category of purchase, etc.
- a mobile application running on a mobile device 20 associated with the user may be configured to retrieve the d-CVV on demand.
- a mobile application running on a mobile device 20 associated with the user may configured to generate the d-CVV on demand.
- a web site provided by the account correlating device 24 may be used when the mobile device 20 is unavailable. Therefore, in this case, the account correlating device 24 may generate the d-CVV.
- the payment system 10 may alternatively be applied to non-payment uses.
- the payment system 10 may be used for replacing some form of identifier with a token or substitute identifier.
- identifiers might include social security numbers (in the U.S.), public health identification numbers, loyalty programs, other forms of account numbers where a risk of disclosure, identity theft, or other fraud might be possible using the genuine number.
- the account correlating device 24 may also find application to provide limited transaction access to protected record sets such as medical records requests, laboratory results, credit inquiries,
- the payment system 10 may also be used in some transactions for non-payment uses which could include driving licenses, border control documents, building and resource access cards, and gift cards.
- the payment device 36, 60 may use one or more of the modes for non-payment uses while still using one or more of the modes for payment transactions using separate substitute account details for different modes.
- the account correlating device 24 may include at least one network interface 80 configured to communicate with a plurality of merchant terminals 16 via the first public network 12 and to communication with the issuing institution 28 via the network 26
- the issuing institution 28 may be a bank that issues the payment device 36, 60 to the user.
- the account correlating device 24 may also include the transaction authentication module 82 configured to authenticate a first financial transaction for a first merchant terminal of the plurality of merchant terminals 16 based on a first set of details obtained by the first merchant terminal of a first substitute account associated with a payment device 36, 60 owned by a user.
- the transaction authentication module 82 may be further configured to authenticate a second financial transaction for a second merchant terminal of the plurality of merchant terminals 16 based on a second, different set of details obtained by the second merchant terminal of a second substitute account associated with the payment device 36, 60 owned by the user.
- the transaction authentication module 82 may be further configured to determine if the substitute accounts correspond to valid credential of the user. The transaction authentication module 82 may be further configured to determine if the received substitute account details correspond to the expected substitute account details for the mode of payment device that was used. The transaction authentication module 82 is further configured to manage financial transactions between the issuing institution 28 and the first and second merchant terminals 16. The transaction authentication module 82 is further configured to authenticate additional financial transactions for additional merchant terminals of the plurality of merchant terminals 16 based on additional set of details obtained by the additional merchant terminals of additional substitute accounts associated with the primary account of the payment device 36, 60 owned by the user.
- the first set of details may be obtained from a microchip 44 on the payment device 36, 60
- the second set of details may be obtained from a magnetic stripe 52 on the payment device 36
- a third set of details may be obtained from account numbers 46 printed and/or embossed on the payment device 36.
- the network interface 80 may be further configured to
- the network interface 80 may be further configured to receive instructions from the remote device 14, 20 to enable the user to manage a primary account associated with the payment device 36, 60, wherein managing the primary account includes at least one of entering enrollment
- FIG. 5 is a block diagram showing an embodiment of the user account module 78 shown in FIG. 4.
- the user account module 78 includes an enrollment module 86, a provisioning module 88, an enabling module 90, a reporting module 92, and a monitoring module 94.
- a user may access the user account module 78 using a mobile application running on the user's mobile device 20 or by accessing a web site provided by the account correlating device 24 using the user's user device 14.
- the user account module 78 enables the user to establish and manage rules which the account correlating device 24 implements on the user's behalf. Such rules may be sensitive to one or more facts known to the user, including, but not limited to, payment value, merchant ID, local time and date encoded in a transaction message, the distance of registered location of the merchant from the geographic location of the user's mobile device at the time of the transaction, the local currency of the transaction, the country in which the transaction is originated, the country in which the merchant is established, whether the transaction is presented as a magnetic stripe transaction, as an EMV transaction, or as an electronic commerce, telephone, or mail order transaction, and the method of user verification such as one or more of, but not limited to, entry of a personal identification number (PIN) code into the merchant POS terminal, signing a receipt, entering a passcode into a mobile device, and fingerprint or other biometric identification method.
- PIN personal identification number
- the enrollment module 86 may be configured to enable a user (who, among others, may be the cardholder, valid credential holder, or an appropriately approved individual of the issuing institution) to enroll additional substitute accounts and additional valid credentials.
- the enabling module 90 may be used to allow the user to enable or disable certain modes or types of transactions depending on the various uses that the user may anticipate based on various criteria, or to enable or disable specific transactions themselves, prior to their authentication.
- the enabling module 90 may be used to allow the user to nominate which valid credential a payment will be charged against in a variety of scenarios or criteria.
- the reporting module 92 allows the user to report if the payment device 36, 60 has been lost or stolen.
- One embodiment of the reporting module 92 may enable the account correlating device 24 to report manually or automatically relevant information to the user or issuing institution 28, including reporting potentially fraudulent activity across the substitute account details and/or payment device.
- the monitoring module 94 allows the user to view previous
- the provisioning module 88 may allow the user to separately distinguish the multiple different sets of substitute account details.
- the provisioning module 88 allows the provisioning of each of these modes and further elements and/or modes using separate data elements.
- the provisioning module 88 is configured to separately identify these multiple distinct sets of substitute account data, which may be stored in a common provisioning data file conveyed during card or device provisioning steps.
- a user may become subject to unauthorized use of their payment device 36, 60 if it is lost or stolen.
- a thief may be able to use the NFC features for purchases under to certain spending threshold (e.g. , $100)
- the thief will normally not be able to use the EMV features of the device without the user's PIN code, which can be entered during the provisioning process using the provisioning module 88.
- the stolen device cannot be used for electronic or telephone commerce due to the distinct account details for this separate transaction mode.
- the provisioning module 88 may further include receiving identifying information of the user that is not printed on the payment device 36, 60. According to some embodiments, the provisioning module 88 may set up the user's usage rules by requiring the presence of the user's mobile device 20 in conjunction with the transaction using the payment device 36, 60. Also, the mobile application of the mobile device 20 may be used to instantly block transactions from a stolen device that is reported stolen by the reporting module 92.
- the user account module 78 might configure its rules to prevent magnetic stripe transactions unless they are unlocked each time by the user using the mobile application on the mobile device 20. This latter method would effectively prevent the use of counterfeit magnetic stripe devices.
- the user account module 78 might also configure its rules to prevent transactions from any and all different modes, or to prevent
- a mobile application is available on the user's primary mobile device 20.
- the mobile application may be used by the user to enroll a substitute account or valid credential into the account correlating device 24, control the provisions or associations of the valid credentials with the one or more substitute account details provisioned to the payment device.
- the mobile application also allows the user to enable or disable the authorization of transactions presented with any of the substitute accounts provisioned to the plastic payment device, report the payment device as lost or stolen, and as an additional authentication factor for sensitive or high-value or high-risk transactions.
- the mobile device 20 may also store substitute account details, which may be associated with "card present" transactions and "card not present” transactions, in memory. These substitute account details may be stored in the memory and can be recalled by the user by entering a password and/or another authentication factor into the mobile device 20. As a means for interacting with electronic commerce sites, the mobile application securely holds the electronic commerce substitute account details and displays them for the user upon proper authentication with password, biometrics, and/or other factors. In another embodiment, the substitute account details are transmitted by account correlating device 24 and are received by the mobile device 20, which can then be recalled by the user by entering a password and/or another authentication factor into the mobile device 20.
- FIG. 6 shows is an example of a proxy device 100 that is configured to represent a plurality of valid credentials 102a, 102b, 102n.
- the details of each of the valid credentials 102a, 102b, ... , 102n are combined into the single proxy device 100, which can then be used in place of any of the valid credentials 102a, 102b, ... , 102n.
- the valid credentials 102 may be credit cards, debit cards, loyalty cards, membership cards, identification cards, health insurance cards, gift cards, and other cards that include account information, identity information, and other types of data.
- the user who is issued the single proxy device 100 can select any one of the sets of valid credentials for normal use as if the actual valid credential 102 were present.
- the proxy device 100 may include one or more microchips, one or more contactless circuits (e.g., NFC circuits), a magnetic stripe, printed and/or embossed substitute account numbers, and/or a CVV number.
- the proxy device 100 may also include printed information that identifies the user, such as the user's name and contact information.
- FIG. 7 shows an example of a mobile proxy device 104, which may be configured to represent any number of valid credentials 102a, 102b, 102n, as described above.
- the mobile proxy device 104 may be constructed as a mobile phone, smart phone, tablet, wearable mobile device, or another suitable processor-based mobile device.
- the mobile proxy device 104 may be constructed as a mobile phone, smart phone, tablet, wearable mobile device, or another suitable processor-based mobile device.
- the mobile proxy device 104 may include software and/or firmware that is downloaded to an existing mobile phone, smart phone, tablet, wearable mobile device, etc. During use, the mobile proxy device 104 may be tapped on a NFC-enabled reader or used in another manner according to other methods as described in the present disclosure.
- FIG. 8 is a flow diagram illustrating an embodiment of a method 1 10 for enabling a transaction that exceeds a predetermined threshold value.
- the threshold value may be established by the user or by the issuing institution based on preferences or
- the threshold value may be set to $100. Therefore, any pending financial transaction that exceeds $100 will execute the method of FIG. 8.
- a reading step (1 ) is conducted between the proxy device (e.g., proxy card 100 or mobile proxy device 104) and a reader 1 12 associated with a merchant.
- the reader 1 12 may be one embodiment of the merchant terminals 16 shown in FIG. 1 .
- the reading step (1 ) involves handing the proxy device 100, 104 to a cashier or the customer using the proxy device 100, 104 himself or herself.
- the proxy device 100, 104 is swiped through a magnetic stripe sensor of the reader 1 12, tapped on a NFC sensor of the reader 1 1 2, inserted into a chip slot of the reader 1 12, or otherwise manipulated to enable the reader 1 12 to read the financial information stored in the proxy device 100, 104.
- step (2) a bank identification number (BIN) number
- a payment processor 1 14, which may be a third party representative for handling various credit and debit transactions for an acquiring bank associated with the merchant.
- the payment processor 1 14, for example, may be a suitable processor for handling the single card or proxy device.
- an authorization process is conducted, which includes the payment processor 1 14 flagging the user payment for authorization by an authorization module 1 16, such as padlocTM or another authorization module.
- the transaction details are sent to the authorization module 1 16, which may include an application that has been downloaded on the user's mobile device 20.
- the mobile device 20 may be the same device as the mobile proxy device 104 for both initiating a transaction (step (1 )) and receiving authorization (step (3)).
- Step (4) of the method 1 10 includes communicating to the user to receive a selection of one of the plurality of valid credentials 102 that are represented by the single proxy device 100, 104.
- the authorization module 1 16 receives the user's selection along with any PIN number or other security codes needed to complete the transaction.
- the authorization module 1 16 includes securely retrieving the details of the selected credential from a credential selection database 1 18.
- step (6) the authorization module 1 16 sends payment information with the BIN number to the issuing institution of the selected card.
- the payment processor 1 14 receives the payment information and BIN number information and transmits the information to the appropriate issuing institution to process the payment (step (7)).
- FIG. 9 is a flow diagram illustrating another embodiment of a method 120 for enabling a transaction that is below the predetermined threshold value mentioned with respect to FIG. 8.
- the threshold value is set to $100
- any pending financial transaction that is below $100 will execute the method of FIG. 9.
- the user may pre-select a valid credential to be used when the transaction is below the threshold. In this way, a smaller transaction can be simplified without some additional steps described with respect to FIG. 8.
- Step (3) involves, however, involves sending user payment preferences identified and the selected valid credential is retrieved from the credential selection 1 18.
- Step (4) includes sending payment information with the BIN number for the issuing institution of the pre-selected valid credential, which is sent to the payment processor 1 14.
- Step (5) includes processing the payment as usual.
- FIG. 10 illustrates an embodiment of a method 130 according to the operations of the present invention.
- a user uses the proxy card 100 (or mobile proxy device 104) to conduct a transaction at a point-of- sale (POS) device 132.
- the POS device 132 transmits an encrypted financial message that is compliant with at least one financial transaction standards, including, for example, ISO 8583, ISO 20022, and AS 2805.
- the encrypted message is received by a merchant acquirer 134, which may be configured to decrypt the message and re- encrypt the message for a payment switch 136, which may be configured to process encrypted and/or tokenized financial transaction messages.
- Encrypted financial transaction messages may be stored in an encrypted database 138.
- the payment switch 136 is configured to forward the original encrypted message from the merchant acquirer 134 to a transaction vault of a transaction server 142 for tokenization.
- the transaction vault of the transaction server 142 decrypts the original message and transmits the tokenized message back to the payment switch 136.
- a transaction rules engine 140 may be configured to exchange proxy tokens for target credential tokens. Also, the transaction rules engine 140 may be configured to edit rules as needed.
- the payment switch 136 then provides the token of the selected valid credential and requested transaction edits to a transaction guardian 146 of the transaction server 142.
- the transaction guardian 146 and transaction deny rules are used to validate rules to allow, deny or otherwise act upon a presented transaction. If the transaction is allowed, the transaction guardian 146 passes the original message to the target token according to edit rules.
- the transaction vault of the transaction server 142 returns an encrypted and edited transaction message to the payment switch 136. Then, the payment switch 136 encrypts the message and sends the encrypted message to the merchant acquirer 134.
- FIG. 1 1 is a flow diagram of an embodiment of a method 160 for securely storing valid credentials and enabling their access via a proxy device.
- the method 160 includes using the proxy device (proxy card 100 or mobile proxy device 104) to load valid credential details to a data store 162 of the account correlating device 24.
- the valid credential details may be obtained using a magnetic swipe reading process or any other process to obtain the substitute account details from the other modes of the payment device.
- Substitute account details associated with the mode that has been used is sent to a credential management device 164.
- the credential management device 164 is configured to send the encrypted swipe data to a credential device 180 of a credential transfer device 174 of an issuing institution 172.
- a payment switch 166 exchanges inbound data 168 with a tokenize device 176 of the credential transfer device 174 and exchanges outbound data 170 with a decryption device 178 of the credential transfer device 174.
- the credential transfer device 174 also exchanges encrypted credential data with a data store 186, which stores data in encrypted form.
- the credential transfer device 174 also exchanges decrypted credentials, decrypted by the decryption device 178, with a credential data store 182.
- Keys from a key cache 184 are provided to the credential transfer device 174.
- the keys may include pod specific credential data storage keys, derived tokenization keys, and swiper keys.
- the HSM 188 provides a swiper key, CMAC per pod, pod specific storage key, and derived tokenization key to the key cache 184.
- FIG. 12 is a method 196 of transmitting financial information of a financial transaction.
- An acquirer 198 sends a ISO 8583 message or other message type to the upstream channel 200.
- the upstream channel 200 sends an ISO 20022 message (canonical) to a switch 202.
- the switch 202 sends PAN and expiration information to a tokenize pod 204 of the account correlating device 24.
- the tokenize pod 204 sends the PAN and a token back to the switch 202.
- the switch 202 then sends an ISO 20022 (whitelist keys) to a map pod 206 of the account correlating device 24.
- the map pod 206 compares the mapping and sends a mapping action back to the switch 202, which then applies the mapping actions.
- the switch 202 then sends a mapped PAN token to a decipher pod 208 of the account correlating device 24.
- the decipher pod 208 then sends decrypted credential data back to the switch 202.
- the next several steps may be optional in some embodiments and may be related to log transmit functions when related to an atomic ID.
- the switch 202 sends mapped and sanitized mapped 20022 messages to the log pod 210 of the account correlating device 24.
- the log pod 210 sends back an acknowledge message to the switch 202.
- the switch 202 then sends a mapped 20022 message to a downstream channel 212.
- the downstream channel 212 then sends a mapped 8583 message other other message type to an issuer 214.
- the issuer 214 sends a response to the ISO 8583 message or other message type back to the downstream channel 212.
- the downstream channel 212 sends a response 20022 message to the switch 202, which then applies an inverse of cached mapping.
- the next several steps may also be optional and may be related to log transmit functions when related to an atomic ID.
- the switch 202 sends the mapped and sanitized mapped 20022 message to the log pod 210 and the log pod 210 responds with an acknowledge signal.
- the switch 202 then sends the 20022 message to the upstream channel 200 and the upstream channel 200 sends the 8583 message or other message type to the acquirer 198.
- FIG. 13 is a method 220 of operation of a tokenization process for user registration.
- a user 222 uses a card swiper 224, swiping attachment 226 connected to a mobile device 228, and/or a mobile device 229 to capture a valid credential. .
- the encrypted card information is sent to a web service 232, such as the account correlating device 24.
- the web service 232 includes a registration application program interface (API) 234 and a tokenizer 236.
- the registration API 234 allows the user to register one or more credentials to associate the credentials to the proxy device 100, 104.
- the tokenizer 236 assigns a token to the credentials.
- the registered credentials and tokens are stored in a database 236, such as database 30 shown in FIG. 1 .
- a swap cache 240 may be used to store the mapping of the tokens to the respective credentials.
- FIG. 14 illustrates a method 250 of operation of a tokenization process for enrollment.
- a user 252 may set up an account with a financial institution or issuing institution 254.
- the customer data is securely transmitted 256 from the issuing institution 254 to the account correlating device 258 or other web service.
- the account correlating device 258, which may correspond to the account correlating device 24 shown in FIG. 1 includes an enrollment API 260 and a tokenizer 262. Enrollment and token data is stored in the database 264 and swap cache 266.
- FIG. 16 is a diagram illustrating transaction flow.
- a user presents at the first merchant 302 of the plurality of merchants with a payment device 100.
- the first merchant 302 originates the payment transaction using the first account details from the user payment device 100 and transmits the financial transaction to the acquirer 306.
- the acquirer 306 transmits the financial transaction to the issuer processor 310.
- the acquirer 306 may optionally use the scheme 308 to transmit the financial transaction to the issuer processor 310.
- the issuer processor 310 transmits the financial transaction to the account correlating device 312 which maps the first substitute account details to the first valid credential and transmits the financial transaction to the issuer of the first valid credential 316.
- the account correlating device 312 may optionally transmit the financial transaction to the schemes 314 which in turn transmits the financial transaction to the issuer of the first valid credential 316.
- the response from the issuer 316 follows the reverse path to the merchant 302.
- a user presents at the first merchant 302 of the plurality of merchants with a payment device 104.
- the second merchant 304 originates the payment transaction using the second account details from the user payment device 104 and transmits the financial transaction to the non-partner acquirer 320.
- the non-partner acquirer 320 uses the scheme 308 to transmit the financial transaction to the issuer processor 310.
- the issuer processor 310 transmits the financial transaction to the account correlating device 312 which maps the second account details to the second valid credential and transmits the financial transaction to the issuer of the second valid credential 316.
- the SecureOne solution 312 may optionally transmit the financial transaction to the schemes 314 which in turn transmits the financial transaction to the issuer of the second valid credential 316.
- the response from the issuer 316 follows the reverse path to the merchant 304.
- the account correlating device 312 swaps credentials as the partner acquirer 306.
- the partner acquirer 306 routes the transactions to the issuer 316 and settles the transaction as usual.
- the account correlating device 312 is configured to log all transaction activity.
- the non-partner acquirer 320 routes the transaction to a partner acquirer, such as acquirer 306.
- the account correlating device 312 swaps credentials as a partner acquirer and logs the transaction activity. In this case, a second hop interchange fee may apply.
- the account correlating device 312 may be configured to swap credential data, collect transaction data, and settle
- the account correlating device 312 may also execute user rules, require a verification that the user is present for the transaction, and may involve the consumer, the issuer 316, 322, and/or other parties in the process of identifying fraud.
- FIGS. 16-20 are flow diagrams illustrating an overview of transaction flow processes.
- FIG. 16 may be a conventional method 330 for conducting a transaction.
- a cardholder 332 or user uses the proxy device 100, 104 with a merchant 334 to make a purchase.
- the merchant 334 obtains transaction information, such as first account information, and creates a request for authorization.
- the merchant 334 passes this information to an acquirer 336.
- the acquirer 336 then passes the request for authorization to the scheme or switch 338, which then transmits the request for authorization to an issuer 340.
- the issuer 340 responds to the request for authorization from the merchant 334 with an authorization response which is sent to the merchant by the reverse path.
- the method 330 of Fig 16 includes an account correlating device 352 , which may correspond to the account correlating device 24 shown in FIG. 1 .
- the account correlating device 352 may include a proxy translation device 354.
- the issuer 340 is the issuer of both the first account details and the first valid credential details.
- the transaction is conducted in the usual manner, as described with respect to FIG. 16, except that the scheme/switch 338 sends the request for authorization to the account correlating device 352.
- the account correlating device 352 places the first request for authorization on hold.
- the proxy translation device 354 analyzes consumer rules to map the first account details to the substitute valid credential.
- the account correlating device 352 creates a second request for authorisation (which may be a new financial transaction or an API call direct to the issuer) and the account correlating device 352 sends the second request for authorisation to the issuer 340.
- the issuer 340 processes the second request for authorisation and sends a response.
- the account correlating device 352 uses the second request for authorisation response to create a response to the first request for authorisation and sends the response to the merchant 334.
- the method 360 is the same as method 350 of FIG 18 except that in this embodiment, the issuer (proxy) 362 is the issuer of the first account details and the issuer (credential) 366 is the issuer of the first valid credential details.
- the transaction flow is the same as method 350 except that the account correlating device 352 sends the second request for authorisation to scheme/switch 364 which sends the second request for authorization to the issuer
- the issuer (credential) 366 processes the second request for authorisation and sends a response.
- the account correlating device 352 uses the second request for authorisation response to create a response to the first request for authorisation and sends the response to the merchant.
- the method 370 is the same as method 350 of FIG 17 except that in this embodiment a third party token vault 372 is included in the transaction flow.
- the cardholder 332 may be a device on which is stored tokenized substitute first account details.
- the merchant creates the first request for authorization containing the tokenized substitute first account details and sends the first request for authorization to the scheme/switch in the same manner as described in method 350 of FIG. 17.
- the scheme/switch 338 sends the tokenized substitute first account details to the third party token vault 372 which translates the token to detokenized substitute first account details and sends the detokenized substitute first account details to the scheme/switch.
- the scheme/switch then sends the detokenized substitute first account details to the account correlating device 352. After receiving the response the account correlating device 352 processes the response in the manner described in method 350.
- the method 380 is the same as method 370 of FIG 20 except that in this embodiment, the issuer (proxy) 362 is the issuer of the first account details and the issuer (credential) 366 is the issuer of the first valid credential details.
- the transaction flow is the same as method 370 except that the account correlating device 352 sends the second request for authorisation to scheme/switch 364 which sends the second request for authorization to the issuer
- the issuer (credential) 366 processes the second request for authorisation and sends a response.
- the account correlating device 352 uses the second request for authorisation response to create a response to the first request for authorisation and sends the response to the merchant in the manner described in method 370.
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Finance (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Security & Cryptography (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Economics (AREA)
- Development Economics (AREA)
- Computer Hardware Design (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201562283769P | 2015-09-10 | 2015-09-10 | |
PCT/IB2016/001395 WO2017042629A1 (en) | 2015-09-10 | 2016-08-24 | Proxy device for representing multiple credentials |
Publications (1)
Publication Number | Publication Date |
---|---|
EP3347866A1 true EP3347866A1 (de) | 2018-07-18 |
Family
ID=62527707
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP16801549.3A Withdrawn EP3347866A1 (de) | 2015-09-10 | 2016-08-24 | Proxy-vorrichtung zur darstellung mehrerer berechtigungsnachweise |
Country Status (2)
Country | Link |
---|---|
EP (1) | EP3347866A1 (de) |
CN (1) | CN108780547B (de) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP4379632A1 (de) * | 2022-11-30 | 2024-06-05 | Thales Dis France Sas | Verfahren zur verwaltung einer karte |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101258509A (zh) * | 2005-07-13 | 2008-09-03 | 万事达卡国际股份有限公司 | 用于集成支付和电子商品转移的设备和方法 |
WO2010022129A1 (en) * | 2008-08-20 | 2010-02-25 | Xcard Holdings Llc | Secure smart card system |
US8977569B2 (en) * | 2011-09-29 | 2015-03-10 | Raj Rao | System and method for providing smart electronic wallet and reconfigurable transaction card thereof |
CN103164738B (zh) * | 2013-02-06 | 2015-09-30 | 厦门盛华电子科技有限公司 | 一种基于移动支付多通道数字认证的手机用户识别卡 |
-
2016
- 2016-08-24 EP EP16801549.3A patent/EP3347866A1/de not_active Withdrawn
- 2016-08-24 CN CN201680064409.7A patent/CN108780547B/zh active Active
Also Published As
Publication number | Publication date |
---|---|
CN108780547A (zh) | 2018-11-09 |
CN108780547B (zh) | 2022-10-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20210073821A1 (en) | Proxy device for representing multiple credentials | |
US11880815B2 (en) | Device enrollment system and method | |
US12008088B2 (en) | Recurring token transactions | |
AU2015259162B2 (en) | Master applet for secure remote payment processing | |
JP5552555B2 (ja) | ネットワークを用いるトランザクション認証 | |
US11157895B2 (en) | Payment devices having multiple modes of conducting financial transactions | |
US20150324800A1 (en) | System and Method of Processing PIN-Based Payment Transactions via Mobile Devices | |
CA3009364A1 (en) | Authentication systems and methods using location matching | |
US20110010289A1 (en) | Method And System For Controlling Risk Using Static Payment Data And An Intelligent Payment Device | |
US11138593B1 (en) | Systems and methods for contactless smart card authentication | |
US20140365366A1 (en) | System and device for receiving authentication credentials using a secure remote verification terminal | |
US20240291812A1 (en) | Token processing system and method | |
US20020073315A1 (en) | Placing a cryptogram on the magnetic stripe of a personal transaction card | |
Almuairfi et al. | Anonymous proximity mobile payment (APMP) | |
CN108475374B (zh) | 具有多种进行金融交易的模式的支付设备 | |
Alliance | Technologies for payment fraud prevention: EMV, encryption and tokenization | |
US20220207526A1 (en) | Secure contactless credential exchange | |
CN108780547B (zh) | 用于代表多个证书的代理装置 | |
Ali et al. | A novel multiple session payment system | |
CN118076964A (zh) | 高效且受保护的数据传输系统和方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: UNKNOWN |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20180410 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
DAV | Request for validation of the european patent (deleted) | ||
DAX | Request for extension of the european patent (deleted) | ||
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
17Q | First examination report despatched |
Effective date: 20201127 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20230824 |