JP2003532170A - Systems and methods for secure electronic trading - Google Patents

Abstract

(57) [Summary] The present invention relates to a system and a method for conducting secure electronic transactions. A central server system is disclosed that can process and correlate a proxy number or data that is replaced with personal data and financial information in a transaction where the information can be intercepted or misused by a recipient. In a preferred embodiment, the surrogate number is used by the customer to hide the actual credit card number from those who may attempt to intercept the credit card number used in online merchants and transactions.

Description

Detailed Description of the Invention

[0001]

[Related application]

This application was previously filed and hereby incorporated by reference in its entirety, US Provisional Patent Application No. 60 / 160,945, filed October 22, 1999, and also hereby fully incorporated by reference. Claimed priority to U.S. Provisional Patent Application No. 60 / 204,439 filed May 15, 2000.

[0002]

BACKGROUND OF THE INVENTION

1. FIELD OF THE INVENTION The present invention relates to systems and methods for replacing real credit card numbers and other financial account identifiers with proxy transaction numbers during electronic transactions. Further, by substituting a proxy transaction number that can be used in the same manner as a conventional credit card number, customers can conduct online transactions without exposing their real credit card number to abuse. Also, billing can be applied to financial accounts other than credit cards (ie, debit card accounts and checking accounts) and transactions can be made via wireless devices.

2. Description of the Prior Art Purchasing products from merchants who offer goods and services over the Internet is a rapidly expanding sector of the economy. Many customers
Rather than go to traditional retail establishments that are less attractively priced and have more limited product choices, browsing online merchant websites, making product choices, and purchasing electronically I find it more convenient. Taking this opportunity quickly, many traditional real-world retailers are now running online sites where their customers are well-stocked with products and services.
Moreover, many retail establishments are made exclusively for selling products online.

Traditionally, in order to purchase a product from an online retailer, a customer directs web browsing software to the address where the retailer's online “store” is located. The customer then browses the assortment of products displayed on the website and decides which product they want to purchase. The retailer's website then presents the customer with an order form asking for the customer's name, address, payment information, and so on. The customer completes the order form, including the credit card number, and submits the form to the retailer's website for processing. The retailer's website submits the credit card number provided by the client for approval and, with credit card approval, ships the product or service offered to the customer to the address specified on the order form. .

Many security risks result from conventional methods of making purchases over public networks such as the Internet. First, transmitting the credit card number over the Internet allows anyone with access to the network to intercept or steal the credit card number. A person who intercepts credit card numbers typically uses them to make a series of rapid fraudulent charges against a credit card account. This results in losses for online merchants who pay "damage" and "administration" for disputed purchases. In addition, customers whose credit card information has been stolen will be liable for fraudulent billing (typically up to $ 50) applied to their account. Thus, the potential for interception has led many customers to refrain from conducting online transactions to protect their credit card numbers. For this reason, online retailers lose potential customers.

Other customers say that online merchant websites are hackers who steal credit card data from their websites and abuse it, even if their credit card number is not intercepted on their way to the online merchant. I'm concerned that it might be vulnerable to intrusion. A security breach of this nature can cause immense damage to an online retailer's reputation, resulting in a dramatic reduction in the number of consumers who want to make a purchase from that retailer's website. There is a nature.

[0007] Many retailers require an approved form of payment prior to shipping a product to a customer, so those who prefer to purchase with debit cards and checks are:
You cannot make a purchase from an online retailer. The lack of online retailers that accept forms of payment other than credit cards means that Europe and the world where purchases are typically made using debit cards, checks and cash, as opposed to the United States, where many consumers rely on credit cards. In other areas of the world, it becomes a problem for potential buyers. Apart from the inconvenience this presents to potential customers, online merchants lose sales if they cannot process the transaction for those who do not have a credit card or who could otherwise purchase.

US Pat. No. 5,883,810 to Franklin et al.
In the issue, systems and methods are described that seek to provide credit card security by replacing a customer's credit account number with a proxy transaction number when conducting electronic transactions. The '810 patent first requires the customer to obtain a new credit card in the form of an e-commerce card. Electronic commerce cards exist only in digital form and are unusable in traditional real-world retail facilities; as noted, customers do not receive actual credit card numbers. Once a customer has applied for and is authorized for an e-commerce card, purchases can be made from online retailers. The'810 patent discloses that a purchaser sends a request for a proxy number to a central server to pay for goods and services using an electronic commerce card. The central server then generates the transaction number,
Associate it with the customer's real credit card number. The proxy number is then sent to the customer, who forwards it to the merchant. The merchant uses the proxy number to obtain credit card authorization and submits the bill to the customer's card issuing bank, as if the proxy number were a real credit card number.

The '810 patent discloses a method of conducting an online transaction that avoids sending the customer's actual credit card number over the Internet, but of the customers who want to use the credit card they want in their online transaction. It does not provide an adequate solution to the issues associated with securing credit card numbers for existing customers. For many customers, it is undesirable to apply for and earn additional credit cards. In addition, there are annual membership fees that many credit card issuers charge for those who mainly use credit cards for day-to-day activities in traditional retail facilities and who only purchase products from online retailers in special cases. In order to earn a credit card, which is only useful for the limited purpose of conducting online transactions, is particularly burdensome.

The '810 patent only addresses replacement of credit card account numbers in the traditional 16 digit format with proxy transaction numbers. Many debit cards cost 19
Having a digit account number, the number of digits in a checking account can vary depending on the institution that created the account. Therefore, the '810 patent does not describe a system and method that can address the needs of those who wish to make online purchases using debit or checking account numbers.

International Patent Publication WO 99/49424 to Flitcroft et al. Describes a credit card system for generating limited use credit card numbers to reduce interception of credit card numbers and their potential for abuse. To do. The system and method in WO 99/49424 includes a central server that generates limited-use transaction numbers and delivers them to customers for use in online transactions. How a person without a credit card can purchase a limited-use transaction number for use in an online transaction, or be billed for a billing claim that occurs with the limited-use transaction number It is also described. In order to reduce central server processing requirements, WO 99/49424 discloses that it is preferable to generate limited-use numbers in large batches and transfer them to the customer for later use.

Alternatively, a person without a credit card may purchase a disposable credit card with a credit cap equal to the purchase price of the disposable card. Disposable credit cards may provide security by having a credit cap equal to the purchase price of the disposable card. However, this method offers less security than traditional credit cards, which typically limit the risk to the customer to the first $ 50 of fraudulent purchases. Buyers of single-use credit cards would risk losing all unused balance on their single-use cards if their credit card numbers were stolen and misused.

Thus, for customers who wish to conduct online transactions with pre-existing credit cards, debit cards, or other financial accounts, generate a transaction number that can be used as a surrogate for the actual credit card number. It is desirable to have a system and method capable of Such a system can generate a proxy transaction number while minimizing the load on the central server, avoiding the transmission of the customer's actual credit card number and seamlessly integrating into the current credit card system infrastructure, It should be possible to process authorization requests and payments in a manner that avoids any participation on the part of the merchant.

[0014]

[Outline of the Invention]

The present invention is directed to systems and methods for generating and replacing transaction numbers in place of actual customer account numbers. The proxy number is generated in a client user interface located on the customer's computer and sent to a central server for activation and cross-reference with the customer's financial account. Upon activation and cross-reference of the proxy number, a notification is sent by the central server to the client user interface that the proxy number is available and reserved for customer use.

In order to create a transaction number that the customer will eventually send to the merchant instead of the actual credit card number, the client user interface must create a number that is in the same format as a real credit card.
To do this, the client user interface must create a BIN, a bank identification number, and a 16 digit number that includes a checksum. The BIN is usually the first two to seven digits of the credit card number. The checksum digit is always the last digit of the credit card number. Therefore, if the final transaction number should be recognized instead of the credit card number, the proxy number generated by the client user interface will have about 5-12 digits to leave room for BIN and checksum. Should be. Of course, the system can be used to prepare transaction numbers that can be used on behalf of numbers other than credit cards, and can also be used to provide personal data and non-numeric sequence proxy data. . Those skilled in the art will readily recognize programming changes required by the desire to provide information and number surrogates other than credit card data. However, for the purpose of illustrating the invention, this specification describes, as a current example, the generation of a transaction number to be used in place of a conventional credit card number via the Internet, while other uses of the invention are described. A comprehensive summary of the above methods is provided at the end of the written specification.

Once the transaction number is generated by the client, it is forwarded to the merchant to complete the online purchase of goods and services. Merchant is unaware that the credit card number received is a proxy for the actual credit card number, and VISA ^TM (R) and Mastercard ^TM (R)
A) transaction numbers through existing credit card association network routing systems, such as those operated by a.

Current credit card association network routing systems receive authorization requests from merchants and evaluate BINs. (Specifically, the card association network uses a packet switching routing in which the credit card number of the individual as a whole is invisible, and only the BIN portion of the entire card number is read.) Based on the BIN, the credit card association network router The authorization request is forwarded to the card issuers corresponding to the BINs (each issuer has at least one, usually more, unique BIN number associated with it). The present invention contemplates the use of a central server with its own unique BIN so that the credit card association network router forwards only proxy transaction numbers to the central server. The non-proxy transaction number, ie the actual credit card number, is transferred directly to the issuing bank or institution.

Upon receipt of the transaction number, the central server of the present invention determines the actual customer account from the cross-reference database and, together with the transaction routing number (also synonymous, network identification number, search reference number and transaction ID). Transfer the real account number to the issuing bank's authorization server. The issuing bank's authorization server generates an authorization response based on the customer's actual credit card number and returns the response to the central server. Then, the central server replaces the real credit card account number with the proxy number and transmits an authorization response back to the network address specified by the credit card association network router. By cross-referencing the transaction number received for approval with the transaction ID number, the central server ensures that the correct proxy transaction number is for the merchant requesting approval when the customer has multiple active transaction numbers. To be returned.

After the online purchase is completed, the merchant transfers the transaction number for payment. During the clearing phase, the billing applied to the transaction number is cross-referenced and replaced with the actual customer account number, allowing the issuing bank to properly generate and send a statement to the cardholder.

The central server does not impose any restrictions on the format for the actual credit card number or financial account number, so the customer may have a debit card account (typically containing 19 digits) or a checking account. It can be used to make purchases from online merchants that only accept credit cards as a valid form of payment. Further, customers using wireless devices such as PDAs and cell phones can purchase products from online retailers by generating a proxy number that associates the resulting billing request with their mobile or PDA online account.

Unlike prior art methods, this system is based on U.S.P. S. There is no limitation to the single use transaction number as taught by Franklin et al. In 5,883,810, or the limited use number taught in WO / 99494924.
This system enables the generation of transaction numbers that must be used according to the rules applied by the central server and customers. This allows the customer to obtain a proxy transaction number to be used for long term subscription contracts. The benefit to the customer is that they do not have to transfer their actual credit card number to the subscription service, and the customer may impose a limit on the number of billing and shipping cycles while the billing may be applied. It means that you can. In addition, subscriptions,
Or if another online service used by the buyer is compromised by a hacker and the credit card number stored on the system is stolen, the proxy transaction number could be misused to bring liability to the issuer or customer. No, because most, if not all, transaction numbers are restricted to use by a single vendor for a certain amount of money or for any other criteria contemplated by the customer or system administrator. Because it is done. Attempts to use transaction numbers that are not within the criteria specified during transaction number generation are not authorized by the central server.

In another embodiment of the invention, the transaction number is generated for use by a customer who does not own any credit card accounts. These customers have debit card accounts that require the use of pin numbers to authorize purchases. Many merchants, especially those that operate online, are not equipped to handle transactions involving debit cards.

To provide the proxy number instead of the debit card account number, the central server must associate the transaction number with the debit card account number and the debit card account pin number. When the merchant sends a request to approve the purchase based on the transaction number that is on behalf of the debit card account, the central server will use the (Generate transaction number within the client user interface, valid proxy number Debit card account number and pin (represented by the central server when cross-referenced with the actual financial account when secured and used)
Cross-reference with the number and transfer the actual customer data to the issuer approval system. If the customer has sufficient funds to cover the amount of the purchase, the bank authorization server will send a positive answer to the central server of the invention. The central server then forwards the reply to the network address where the approval request was received.

Online merchants who are not equipped to process debit card transactions provide a proxy transaction number for the debit card account number, as gold does not have a debit card financial account that can be immediately transferred from a customer account. The issuer creates a temporary debit account to which the funds are entrusted when the electronic transaction is performed using the transaction number. When a clearance file is received by the issuing bank or institution during so-called "settlement", funds are transferred from the temporary debit account to the merchant's credit account.

In another embodiment of the present invention, a transaction number is generated to allow wireless device users to purchase goods and services from online merchants. For this type of transaction, the central server uses a single master credit account number associated with all generated transaction numbers. In addition, the central server also
The transaction number is used to cross-reference the wireless account number and transaction number of the customer who purchased the product or service.

By associating the transaction number with the customer's wireless account number, the wireless service provider can provide each individual customer with a detailed billing statement.

[0027]

[Detailed description]

The present invention is directed to an electronic trading system in which a proxy number is generated and formatted as a transaction number, which is transmitted to a merchant during electronic transactions and processed as a credit card number. By supplying the transaction number only to the merchant via a public network such as the Internet, the customer's actual credit card account or other financial account number may lead to misuse or unauthorized fraudulent billing of the customer's account. Not exposed to certain eavesdropping. To maximize the efficiency and general acceptance of the disclosed electronic trading system, in all examples, the merchant
It is preferable not to be aware that it processes the transaction number rather than the real credit card number. In this aspect, participation on the part of the merchant, that is,
No specialized software or hardware is required to be installed, so the only requirement for successful electronic transactions with transaction numbers according to the present invention is that the customer can use a credit card in an online transaction. It only has the desire to protect it from exposure to the eyes of its use.

In order for a customer to use the electronic trading system of the present invention, a user account must first be established on the central server. Referring to FIG. 1, a customer connects to the Internet 10 using a client computer 20. Using a web browser installed on the client computer 20, the customer contacts a website operated in connection with the central server 50 via the Internet or other public network 10. A customer using the client computer 20 is currently
A website operating in connection with the central server 50 is entered with a registration code by the customer who operates the client computer 20 to confirm that it has a financial account established with the issuing bank or institution associated with the central server 50. Need to be done. The registration code can be sent to the customer in many ways by the issuing bank or institution: The registration code can be included in the monthly statement, sent by mail, or essentially ensures that the customer registers It may be provided in any other way of receiving the code. In the customer database 54, as shown in FIG. 2, the registration code is
Pre-referenced to the customer's actual financial account established at the issuing bank or institution.

For security reasons, the issuing bank or institution will deactivate the registration number after a short period of time so that unauthorized persons may not use the registration code to establish an electronic trading system on the central server. May be. Further, the website operating in conjunction with the central server 50 may require the customer operating the client computer 20 to enter personal information submitted to the issuing bank or institution when the financial account was created. Good. Such information includes maternal maiden name, birth date, social security number,
Alternatively, it may include other information normally collected by financial institutions to confirm the identity of the customer.

When the website operating in conjunction with the central server 50 confirms that the customer operating the client computer 20 has correctly entered a valid registration code and has answered a question confirming the customer's identity, the software module Are downloaded from the central server 50 to the client computer 20 via the Internet. The software module, as shown in FIG.
8 and a client user interface 26. A data file (not shown), which may be encrypted, including authorization and confirmation information, may be sent to the client computer 20. Alternatively, transaction number generator 28 and client user interface 26 can be combined into a single software download and operate as a single software program on client computer 20. To simplify the customer experience when using the client computer 20, the client user interface 26 and proxy number generator 28 are applets, ie computer programs running within another program, running within the web browser 24. It can be seamlessly integrated.

Once the client user interface 26 and proxy number generator 28 are installed on the client computer 22, the customer uses the web browser 24 to reach the merchant's computer 32 via the Internet. Referring again to FIG. 1, the customer operating the client computer 20 now "eavesdrops" on the communication between the merchant and the customer on the Internet, intercepting credit card account information and making an unauthorized purchase. In addition, using the electronic trading system 100 to purchase goods and services from a merchant's website running on the merchant computer 30 via the Internet 10 without exposing a real credit card number or other financial account number. it can.

Referring to FIG. 2, a customer points a web browser 24 on a client computer 22 to a website operated on a merchant computer 32 that displays the goods or services the customer wants to purchase. To complete the transaction between the customer and the merchant, the website operated on the merchant's computer 32 submits the purchase order form to the customer via the web browser 24 on the client computer 22. The purchase order form requires personal information about the customer, such as name, shipping address, phone number and payment information. In the preferred embodiment, the client user interface 26 is a merchant computer 3
2 automatically recognizes the order form submitted to the customer and activates the proxy number generator 28 to start the generation of the proxy number. Alternatively, if the client user interface 26 does not recognize the order form submitted by the merchant computer 32, the customer may manually activate the client user interface 26 to begin the process of generating a proxy number. it can. In either case, when the client user interface 26 becomes active,
The customer operating the client computer 22 is authorized to conduct electronic transactions using the customer's credit card account or other financial account associated with a user account stored in a customer database 54 on the central server 52. To confirm, the customer is prompted to enter authorization data such as user identification number and password.

The client user interface 26 is the client computer 22.
Assuming that we have received the appropriate approval from the customer using, the customer will be asked to enter details regarding the nature of the transaction they wish to make. Such details may include the amount of the purchase, the identity of the merchant for which the purchase should be made, whether the purchase is repetitive in nature (such as a magazine subscription), and so on. In one embodiment of the invention, this data is stored in cache memory 25 of client computer 22,
Form a set of transaction number usage restrictions. Client user interface 26
Next, activates a proxy number generator 28 that generates a proxy number for electronic transactions.

The client user interface 26 transfers the transaction number usage restrictions and the proxy number to the central server 52. The central server 52 forwards the proxy number to the proxy number verifier and activator 57 to ensure that the proposed proxy number is not already in use. If the surrogate number is not already in use, the surrogate number verifier and activator 57 sends a response to the client user interface 26 indicating that the surrogate number has been verified and activated for use in electronic transactions. . The proxy number verifier and activator 57 records the proxy number in the proxy number database 58 as a proxy number transaction cross-reference. The proxy number transaction cross-reference record contains a proxy number and the actual customer financial account number. Further, the transaction number usage restrictions sent from the client user interface 26 to the central server 52 are stored in the transaction number usage restriction database 53 which has cross-reference records for the proxy numbers to which they correspond.

Upon receiving confirmation that the proxy number generated by the proxy number generator 28 is usable by the customer in electronic transactions, the client user interface 26 adds a bank identification number (“BIN”) to the beginning of the proxy number. Then, a "checksum" is generated and added to the end of the proxy number to complete the generation of the transaction number. Those skilled in the art will recognize that the generation and use of checksum digits in credit card numbers is well known.

At this point, the transaction number has been created. Transaction numbers differ from surrogate numbers by including a BIN and a checksum, which typically includes 16 digits (when they should be used as a surrogate for a credit card), and merchants use the traditional The format is indistinguishable from credit card numbers.

Those skilled in the art will readily recognize that only minor programming changes are required to generate a transaction number that mimics the numerical format of other types of numbers such as social security numbers, telephone numbers, etc. Will. Similarly, anonymous data can be entered for those who wish to maintain privacy in electronic communications while retaining the ability of an authorized person or entity to obtain a cross-referenced record containing that person's genuine data. It is also possible to imitate a character string in the same manner as a credit card number.

The transaction number is automatically inserted by the client user interface 26 into the purchase order form depending on whether the purchase order form submitted from the merchant computer 32 to the web browser 24 is recognized by the client user interface 26. Or manually transferred by the customer to the appropriate field on the order form. The customer then submits the form to the merchant computer 32 for further processing.

In another embodiment of the invention, a server-based wallet (server-b) is provided for filling out a user's purchase attention form when requested by the merchant.
ased wallet) may be used. As mentioned above, certain websites are recognized by the client user interface 26 and some information is automatically entered when these websites are used by the customer making the purchase. To further enhance the user's experience, the server may recognize the website the customer wishes to make a purchase on and intercept the purchase attention form before it reaches the user's web browser 24. The server-based wallet of the present invention completes the user's purchase order form and returns it directly to the merchant along with the transaction number.

Upon receipt of the authorization process transaction number, merchant computer 32 attempts to process the transaction number in the same manner as it handles conventional credit card numbers. The merchant computer 32 forwards the transaction number to the credit card association network (typically
(Via the "acquirer", a bank or institution used by merchants to process credit card transactions). Credit card association network,
That is, a routing system for credit card transactions operated by major credit card companies such as MasterCard (R) and Visa (R) is added to the proxy number by the client user interface 26.
Evaluate N number. Based on the BIN number, the credit card association forwards the authorization request to the appropriate server. In the preferred embodiment of the present invention, the transaction number comprises a BIN number so that at any point in the process it is not necessary to distinguish the transaction number representing the actual credit number from the real credit card account number. Based on the credit card BIN number included in the authorization request by the merchant computer 32, the credit card association network 42 forwards to the central server 52 any transaction number received for authorization processing. Further, along with each authorization request transferred from the credit card association network 42 to the central server 52, a search reference number, namely a transaction ID or network identification number, is included to identify the originator of the authorization request. In the current example discussed herein, the search reference number corresponds to the merchant computer 32.

Upon receiving the authorization request, the central server 52 removes the BIN number and checksum from the transaction number received in the authorization request and reduces the transaction number to the original proxy number. The central server then compares the transaction number with the records stored in the transaction number database 58 and uses the transaction number to determine the actual financial account number for the customer. In addition, the central server 52 compares the proxy number with the cross-referenced records stored in the proxy number usage restriction database 53 to determine what transaction number usage restrictions are specified in the transaction number request originated by the customer. To decide If the data received by the central server 52 as part of the authorization request from the merchant computer 32 does not match the restrictions stored in the transaction number usage restriction database 53 for the transaction number that is the subject of the approval request, the central server. Generates a rejection response and sends it to the merchant computer 3
Transfer to 2. This indicates to the merchant that the issuing bank or institution does not undertake the billing for the requested credit transaction. In most situations, when a credit card transaction is denied or rejected by the issuing bank or institution, the merchant refuses to deliver the goods or services to the customer.

In an alternative embodiment, some, even if the central server still determines that the transaction number submitted for approval is not used within the guidelines specified by the transaction number usage restrictions. The issuing bank or institution may need to transmit an approval request to its traditional approval process. This is done before the central server 52 sends the authorization response to the merchant computer 32 for accounting purposes or other reasons that the issuer determines is necessary to service its customers. , Or if the issuer determines that it must issue a rejection of approval from its traditional approval system.

Reasons why central server 52 may send a rejection response to merchant computer 32 include factors such as the merchant computer requesting the authorization response is not the merchant specified by the customer when the transaction number request was generated. obtain. Also, the purchase amount specified in the approval request may exceed that specified by the customer when the transaction number request was made. For example, if the proxy transaction number was intercepted by someone other than the customer who attempted to purchase goods and services from a merchant other than the one specified by the customer, the attempt was made to trade the invention. It can be prevented in advance by the defense measures imposed by number usage restrictions.

Central server 52 when the data received in the authorization request from merchant computer 32 meets the requirements imposed by the transaction number usage restrictions.
Replaces the transaction number with the actual financial account information for the customer and forwards the authorization request to the issuing bank or institution computer 62, where it is the authorization processor 6.
5 is processed. Further, in connection with sending the approval request to issuer computer 62, central server 52 stores in its cache memory 55 a temporary cross-reference record for the transaction number and the search reference number of the approval request.

When the approval processor 65 in the issuer's computer 62 generates an approval response,
The authorization response is sent to the central computer 52, where the search reference number is also cross referenced with the correct transaction number and replaced with the actual customer financial account number in the authorization response. The central server 52 then forwards the authorization response to the network or electronic address specified in the search reference number specified in the authorization request, which is received by the merchant computer 32. By cross-referencing the proxy transaction number in the approval request with the search reference number of the merchant computer that generated the approval request, the central server 52 may determine if the customer has multiple transaction numbers active at any given time. Make sure the correct transaction number is associated with the correct authorization response.

In situations where the actual financial account information stored in the financial account database 59 is associated with a debit card or other financial account other than the actual credit card that the customer holds at the issuing bank or institution. As soon as you complete a transaction, you need to transfer funds from your customer's financial account. In this embodiment of the invention, an electronic trading system allows a customer with a debit card or checking account to conduct a transaction with an online merchant that only accepts credit cards as an otherwise acceptable form of payment. . Such online merchants typically do not have debit accounts that can immediately receive funds transferred from their customers' checking or debit card accounts. To overcome this problem, the present invention contemplates the use of a temporary debit account in which funds from a customer's checking or debit account are transferred immediately upon completion of an electronic transaction. The function of the temporary debit account is only to store the funds until the merchant's acquiring bank or institution requests that the funds be transferred during the settlement or clearance process.

At the end of each business day, in one embodiment of the invention, funds are transferred to a temporary credit account from which they are paid to the merchant during the payment process. The function of the temporary credit account is to act as an intermediate account between the temporary debit account and the merchant's actual credit account. This is because it is not possible to transfer funds directly between a debit account and a credit account.

When the merchant computer 32 receives a positive approval response, or authorization, from the central server 52, the merchant computer 32 releases the item or service and ships it to the customer.

Payment Process The payment process is the stage of an electronic trading system where funds are distributed by the issuing bank or institution to the merchant via the acquirer of the merchant who handles the credit card transactions processed by the merchant, ie the bank or institution. is there. In the present example, the acquiring bank associated with merchant computer 32 prepares a "clearance file" containing an entry for each credit card transaction processed by the merchant computer for each issuing bank or institution. Since each transaction number used in accordance with the present invention includes a unique BIN number on the central server that validates and activates it, a separate clearance file can be created detailing only transactions made using the transaction number. . As a result of the central server 52 being identified by the card association network by its unique BIN, the acquisition bank associated with the merchant computer 32 forwards the clearance file to the central server 52 via the card association network, ie all utility servers. For central purposes, the central server is considered by the card association network as an independent issuer.

The central server 52 sends the clearance file and removes the BIN and checksum digits from each transaction number. The rest of the transaction number, the proxy number, is
Cross references are made to the records stored in the proxy number database 58 and the financial account database 59. A new clearance file is created in which the customer's financial account number is replaced with the proxy number and contains the rest of the transaction information from the clearance file. In the preferred embodiment of the present invention, a flag or identifier is provided in each record in the clearance file to identify to the issuing computer that each of the listed transactions was made using a transaction number. This can assist the customer service department of the issuing bank or institution in quickly identifying situations where the inquiry identified by the transaction number is received. The clearance file is then transferred to the issuer's payment processor 63 and processed according to the conventional practice of the issuing bank or institution. To further assist the customer service system, the clearance file may include, as a flag, a search reference number associated with the transaction as a cross-reference identifier. The search reference number is unique to each credit card transaction processed by the online merchant, so
This method of cross-reference avoids any ambiguity that may occur when the transaction number is cross-referenced to the customer's actual financial account number, if the customer has multiple transaction numbers active at a given time. .

This ambiguity is mainly due to the fact that when multiple transaction numbers exist and are associated with a single financial account number, the cross-reference attempts to determine the transaction number from the customer's actual financial account number. Can happen. U.S. Pat. No. 5,883,810 provides a transaction number with an actual financial account number without resolving how the transaction number can be determined from the financial account number when multiple transaction numbers are active. It is disclosed to directly cross-reference with.

Coordination Phase After the transaction is completed between the customer and the online merchant, either one of the parties may dispute or disagree on any aspect of the transaction. In the case of a merchant who wants to partially or completely cancel the transaction, i.e.
If, for example, the goods or services are not available for shipping and the money has to be refunded to the customer, it is called reversal. According to the present invention, if the merchant wishes to cancel the transaction in whole or in part, they will send the transaction reference along with the search reference number contained in the original authorization request to the central server 52 via the card association network. May send. The central server may have invalidated or reissued the transaction number for reuse if a significant amount of time has passed. However, in the preferred embodiment of the invention, the transaction number is
Not issued for reuse for at least 6 months after its original revocation (
Unless the transaction number usage restrictions specified by the customer at the time the transaction number is requested specify that the transaction number should be used more than once, as in recurring magazine subscriptions, invalidation is , After the first approval of the transaction number).

In order to ensure that the customer always receives the refund provided by the merchant, the preferred embodiment of the present invention allows for cancellation approval in all cases. If the transaction number included in the cancellation request has been previously deactivated, it can be reactivated to allow further transactions to occur with that transaction number. For example, in the situation where a customer orders a particular product or service from a merchant and that merchant obtains approval for a single-use restricted transaction number, the transaction number is deactivated and another approval request is issued. If it is received using the transaction number, it cannot be approved. However, if the product or service requested by the customer is not available, the merchant will often cancel the original order and make a second transaction using the original transaction number (as a substitute for the product selected by the customer). Try to approve. Under this system and method, if the merchant cancels the original transaction, the original transaction number will be reactivated and approved for another transaction. This aspect of the invention is directed to Franklin et al., US Pat. No. 5,88, which does not contemplate or disclose any method for addressing charge back or cancellation situations.
Compared to prior art methods such as those taught in US Pat. No. 3,810, the systems and methods taught herein are far less transparent to online merchants.

Another situation that can occur, deposit cancellation, is when the cardholder has a disputed billing claim for a particular transaction number. This can happen if the customer receives a defective item, does not receive the requested item, or finds that an unauthorized billing request has been applied to their account. Using the original search reference number received with the approval request from the online merchant,
The system allows the use of the original clearance file to locate the proxy number used for controversial transactions. The transaction number has the 16-digit transaction number used by the merchant renumbered with the BIN of the central server 52 before the first digit of the proxy number and a checksum after the last digit of the proxy number. It is regenerated by creating it. The remainder of the deposit withdrawal process is processed according to the existing procedures of each issuing bank or institution.

Wireless Transactions FIG. 3 represents a wireless device 70 connected to a wireless service provider 80. The wireless service provider 80 allows a user of the wireless device 70 to connect to the Internet or other public network 12 and browse an assortment of online merchant products through a server that may be operated by the merchant computer 34. Once the user of the wireless device 70 decides to purchase the product offered at the merchant's website on the merchant computer 34, the electronic trading system of the present invention is contemplated for use in conventional credit card transactions. It can be used with only slight variations on the examples.

To enable wireless communication, wireless service provider 80 establishes a user account on central server 90 with a master credit account. All billing claims that apply to transaction numbers used for transactions made through the wireless device apply to the wireless service provider 80 credit account. In this example of the system and method, when a user of wireless device 70 selects a product or service to purchase via a website running on merchant computer 34,
The user of the wireless device 70 indicates via electronic means that he wants to purchase a particular product. When a website running on the merchant computer 34 forwards the purchase order form to the user of the wireless device 70 via the wireless service provider 80,
The form is intercepted by the wireless service provider, in one embodiment of the invention relevant information for the customer is provided by the wireless service provider, and in another embodiment the form is forwarded to the central server 90 for completion. . Wireless device 70
For each wireless transaction initiated by a customer using a wireless service provider, a transaction number is generated by the central server 90 and associated with a wireless account number, such as the customer's telephone number or other identifier, and generated by the central server. It is required to be used to cross-reference the transaction number with the customer ordering the goods or services. In an alternative embodiment of the invention, a proxy number is generated by the wireless service provider and sent to the central server 90 and cross referenced to the account number of the user of the wireless device 70. In this example, the central server validates and activates the proxy number in the same manner as discussed in connection with conventional credit card transactions. Once confirmed and activated, the central server 90 assigns the proxy number to the wireless device 70.
Cross-reference with the user's account number in response to the wireless service provider 80 to indicate that the proposed proxy number has been activated for use. The wireless service provider 80 then generates the transaction number by prepending the BIN to the proxy number before the first digit of the proxy number and adding a checksum digit after the last digit of the proxy number. The wireless service provider 80 then forwards the transaction number to the merchant computer 34 via the Internet 12 or other public network for further processing.

To authorize a transaction using the transaction number submitted by the wireless service provider 80, the merchant computer 34 prepares an authorization request and forwards it to the card association network 44, which in turn sends the transaction number. Route the request to the central server 90 based on the BIN contained in In the case of wireless device transactions,
During the authorization process, a unique BIN may be used for each wireless service provider to avoid the need for cross-reference between transaction number and actual customer account number. Therefore, each time the central server 90 receives an authorization request from the credit card association network 44, the account number of the wireless service provider 80 is replaced with the transaction number in the authorization request, and the authorization request is sent to the issuing bank or institution computer. It is forwarded and processed by its traditional approval process. further,
The central server 90 cross-references the transaction number received in the approval request with the search reference number included in the approval request so that the central server 90 properly receives the approval response when received from the issuer computer 62. Can be routed.

When the central server 90 receives the approval response from the issuer computer 62, the wireless service provider 80 account number is replaced with the transaction number included with the approval request. To obtain the original transaction number, the central server cross-references the search reference number contained in the authorization response from issuer computer 62 to obtain the correct transaction number. Next, the approval response is sent by the central server to the card association network 4
4 to the merchant's computer 34 containing the correct transaction number.

The rest of the wireless method functions in substantially the same manner as previously described. However, it may be appropriate for wireless service provider 80 to properly reflect the billing provided by the user of wireless device 70 and apply the billing to the monthly statement sent by wireless service provider 80 to the user of wireless device 70. To enable
Further steps are required in the payment process.

A further step is to create a unique clearance file by the central computer 90 that is unique to the wireless service provider 80. Central server 9
0 is a BIN associated with the central server 90 from the credit card association network 44
When the clearance file is received, the transaction number in the clearance file received from the card association network is cross-referenced, and the account number of the user of the wireless device 70 from which the request for each transaction number is activated is replaced to uniquely Clearance file is generated. The unique clearance file is then transferred to the wireless service provider 80 and the information stored therein is used to apply the bill to the user's account of the wireless device 70.

Transactions Between Individuals In many cases, people conduct credit card transactions between individuals in their daily commercial transactions. In another embodiment of the invention, an inter-personal server is established that allows individuals to use transaction numbers to send money to each other for things such as purchases made at online auctions.

When one person wants to transfer money directly to another person, one way to transfer funds between them is a transaction with usage restrictions that specify the amount that the first person wants to give to the second person. This can happen if you request a number. As an example, assume that the amount is $ 1000. The first person establishes a $ 1000 transaction number usage limit for the requested transaction number. The interpersonal server then generates a transaction number (or, alternatively, a proxy number is generated by the client's client user interface for activation, activation, and cross-reference with the customer's credit or financial account number. To the server and the transaction number is generated within the customer's client user interface software).

The first person then transfers the transaction number to the second person, either as a payment for the goods or services or simply as a gift. The second person can use the transaction number as a prepaid credit card until the credit limit is reached and the transaction number is no longer approved by the personal server. However, unlike traditional payment processes or gift certificates, the present invention allows the first person's credit card to receive a second credit card until the second person actually uses the transaction number to obtain the goods or services. It is contemplated that no charge will be made for the amount remitted to the person. The benefit of this invention is also that the transaction number does not require a physical plastic credit card, as the second person will receive the transaction number indistinguishable from the traditional credit card number (such as for telephone orders). It can be used for any type of transaction.

Another embodiment of the invention, which also includes a first person who has a merchant credit account, sends money to a second person by the first person issuing a cancellation to the credit card of the second person. To enable that. This is done by the second person requesting the generation of a transaction number by the disclosed means and sending it to the first person. First
The person will issue the cancellation as described above. As a result of the cancellation, the second person's credit card will be used to fund the current balance of the credit account, or may be used to obtain cash. Receive from 1 person.

Finally, the system and method allows a parent or other primary credit account holder to give its children, or a company, its employees, a credit card account on behalf of a single master account. It can be so. In this example, multiple user IDs and passwords are provided to the user, allowing the user to generate a transaction number request associated with the same credit account, each linked to a separate user account. Each user may have a transaction number usage limit that is automatically applied to each of its transaction number requests specified by the master account holder when the individual user account was created. In this manner, the parent may specify a maximum total spend for children, or the employer may give the employee a credit card that can only be used for purchases from designated merchants. Currently, such systems may face situations where an employer may award actual credit cards to its employees and the employees may use them irresponsibly or for personal use. Is far superior to the method.

While online electronic transactions have been described through examples and descriptions of this invention, one of ordinary skill in the art will appreciate that online transactions and any other credit that occurs without the need for a physical credit card to be present, such as by phone. We will readily recognize the similarities with card-based transactions. The system is applicable to such situations and only requires the customer to use their personal computer to obtain a transaction number. If a person wants to use a transaction number offline, he or she need only supply the transaction number to the offline merchant. The rest of the credit card processing system functions as described above.

Although the present invention has been described in connection with particular features, structures and process elements,
It is to be understood that the appended claims define the disclosed invention without limiting it to the specific features, steps or structures described.

[Brief description of drawings]

FIG. 1 is a diagram showing an electronic transaction system.

FIG. 2 is a diagram showing a central server, a client computer and an issuer computer, and their relationships with a credit card association network and a merchant computer in an electronic trading system.

FIG. 3 is a diagram of an electronic trading system for a wireless device.

─────────────────────────────────────────────────── ─── Continued front page    (81) Designated countries EP (AT, BE, CH, CY, DE, DK, ES, FI, FR, GB, GR, IE, I T, LU, MC, NL, PT, SE), OA (BF, BJ , CF, CG, CI, CM, GA, GN, GW, ML, MR, NE, SN, TD, TG), AP (GH, GM, K E, LS, MW, MZ, SD, SL, SZ, TZ, UG , ZW), EA (AM, AZ, BY, KG, KZ, MD, RU, TJ, TM), AE, AG, AL, AM, AT, AU, AZ, BA, BB, BG, BR, BY, BZ, C A, CH, CN, CR, CU, CZ, DE, DK, DM , DZ, EE, ES, FI, GB, GD, GE, GH, GM, HR, HU, ID, IL, IN, IS, JP, K E, KG, KP, KR, KZ, LC, LK, LR, LS , LT, LU, LV, MA, MD, MG, MK, MN, MW, MX, MZ, NO, NZ, PL, PT, RO, R U, SD, SE, SG, SI, SK, SL, TJ, TM , TR, TT, TZ, UA, UG, US, UZ, VN, YU, ZA, ZW (72) Inventor Golan, Rior             Israel, Herzilia, Muskit             Street, 5 (72) Inventor Inosh, Ben             Israel, 96955 Jerusalem, Hahei             Le, 1

Claims (21)

[Claims] 1. Generating a proxy number in a client user interface software to be used in place of a credit card number in a transaction, associating the proxy number with a financial account number, a BIN, a proxy number and a checksum digit. A method for conducting a credit card transaction comprising the steps of: generating a transaction number including: and transmitting the transaction number to a merchant instead of the actual credit card number. 2. The method of claim 1, wherein the transaction number is in the same format as a traditional credit card number. 3. The method of claim 1, wherein the transaction number has 16 digits. 4. The method of claim 1, wherein the customer financial account is a credit card. 5. The method of claim 1, wherein the customer financial account is a debit card. 6. The method of claim 5, wherein the debit card has digits greater than 16 digits. 7. The method of claim 1, wherein the financial account is a master credit card account. 8. The method of claim 7, further comprising associating the master financial account with an individual customer account. 9. The method of claim 8, wherein the individual customer account is a wireless customer account number. 10. A step of receiving at a central server an authorization request for a transaction number from a card association network, said authorization request including a search reference number, and further associating said transaction number with said search reference number. Authorizing a proxy transaction number used in an electronic transaction, including: generating an authorization response in response to the authorization request; transmitting the authorization response to an address identified by the search reference number. Way to do. 11. A method of conducting electronic transactions from a wireless device, comprising: generating a proxy number; and generating a transaction number including the proxy number, wherein the transaction number is 1
A method having 6 digits, further comprising associating the transaction number with a customer account number of the wireless device, and transmitting the transaction number to a merchant instead of a credit card number. 12. Generating a proxy transaction number having 5 to 10 digits, and adding a bank identification number having 4 to 10 digits to the proxy number before the first digit of the proxy number. And adding a checksum digit after the last digit of the agency transaction number. 13. A step of generating a proxy transaction number having 5 to 10 digits, a step of creating a record having first and second data fields in a cross-reference database, and the proxy transaction number being the first transaction number. And inserting the actual financial account number of the customer into the second data field, the first data field and the second data field having an unequal number of A method of cross-referencing a proxy transaction number with a customer financial account that has digits and is associated for cross-referencing. 14. A transaction number usage record comprising: a step of generating a transaction number; at least one field for storing the proxy transaction number; and at least one data field for storing a transaction number usage restriction. A method for controlling the use of a proxy transaction number, including the steps of creating in a restriction database. 15. The method of claim 14, wherein the transaction number usage constraint is a single use. 16. The method of claim 14, wherein the transaction number usage constraint is a specific merchant identifier. 17. The transaction number use restriction is a maximum purchase amount.
The method according to 4. 18. A step of receiving a request for approving a transaction number at a central server; retrieving a record containing at least one transaction number usage restriction referencing the transaction number from a transaction number usage restriction database A method of authorizing a proxy transaction number, comprising: comparing the transaction number usage constraint with the authorization request; and determining whether the authorization request is within the constraints included in the transaction number usage constraint. 19. The method of claim 18, further comprising sending a negative approval response to the merchant if the approval request does not match the transaction number usage constraint. 20. If the authorization request matches the transaction number usage restrictions,
Further comprising forwarding the approval request to the issuer's approval system,
The method according to claim 19. 21. Generating a transaction number having the same format as a conventional credit card number, associating the transaction number with a customer debit account number and debit account PIN number, and in connection with the purchase of goods and services. Submitting the transaction number to the merchant, receiving an authorization request for the agency transaction number from the merchant, and specifying the amount of funds available in the customer debit card account in the authorization request. A step of determining whether the purchase amount exceeds the purchase amount, and if the funds available in the customer debit card account exceed the purchase amount specified in the approval request, from the customer debit card account to a temporary debit account, In the approval request Transferring an amount equal to the purchase amount specified by the method of substituting a transaction number to be used instead of the debit card number.