RU2482538C1 - Method of paying for goods and services for conventional and electronic commerce - Google Patents

Abstract

FIELD: information technology.

SUBSTANCE: method for payment using contact and non-contact bank cards and/or a mobile application installed on the payer's mobile terminal and reflecting identification parameters of the payer's bank card, characterised by that the database of the processing centre of the card issuing bank includes a controlled "consent to settle account" parameter, the presence of which requires multilevel authorisation of the mobile application through an authorisation centre via interaction with it over a mobile network, as a result of which the processing centre receives the payer's consent to pay the bill on the side of the recipient of the payment, wherein if the authorisation centre acts as an Internet acquirer and the online store system performs readdressing of the payer's mobile application to that Internet acquirer, the consent with the bill is performed based on multilevel authorisation of the payer's mobile application.

EFFECT: high level of security during payment owing to introduction of an additional parameter for consent for settling account for the bank card.

8 cl, 1 dwg

Description

1. The technical field to which the invention relates.

The invention relates to the field of payment systems based on bank plastic cards, as well as to the field of mobile communications, and in particular to methods of paying for goods and services for traditional and electronic commerce using payment system technologies based on bank plastic cards and mobile terminals, cellular networks and the Internet, and can be widely used to significantly improve security and simplify the payment process, as a universal payment technology for all types of commerce.

2 prior art

There is a known method of payment for goods and services in the framework of traditional and electronic commerce based on bank plastic cards (1, 7), which consists in the fact that the Payer, in the framework of traditional or electronic commerce, in one way or another selects a product or service, and then authorizes his bank card from the Seller - the recipient of the payment using some contact or contactless pos-terminal or, in the case of electronic commerce, from some intermediary - an Internet acquirer using secure authorization technologies (2, 3, 5). After that, the Payee independently (through the system of a servicing bank) or through an intermediary contacts the network of one of the payment systems to the bank card store of the issuing bank card (processing center) with an invoice, and the processing center authorizes this bank card, based on received identification parameters of a bank card, and makes a decision on payment based on an analysis of these parameters, limits and restrictions established by the issuing bank and owner a plastic card, as well as the condition (for debit plastic cards) that the amount of the invoice must be less than the balance on the account of the presented card. In case of positive authorization and fulfillment of the specified payment conditions, the processing center system writes off the invoice amount from the card’s personal account, after which it informs the payee of the result of paying the invoice, and the payee informs the payer about it. An implementation of this method is also known by using instead of a plastic card a mobile terminal with software installed in it (mobile application, electronic wallet), which means that the mobile application contains encrypted card authorization parameters and these parameters are read by the Payee in a contactless way or over the Internet (3, 4, 5). At the same time, the authorization and billing procedure in the framework of traditional commerce is carried out similarly to card technology, and in electronic commerce the mobile application is used as a terminal connecting the mobile network and the Internet to an electronic store, as well as a device for entering card identification parameters through the keyboard of a mobile terminal into the system Internet acquirer. Further interaction of the non-contact pos terminal with the processing center in the framework of traditional commerce and the Internet acquiring system with the Processing center in the framework of electronic commerce is carried out similarly (5, 6, 7).

The second direction of increasing the security of payment by bank cards is the proactive management of the state of the bank card account by sending SMS from a mobile phone or opening an additional sub-account (8, 9). However, this direction is not universal for all international banking payment systems, either from the point of view of using it simultaneously in traditional and electronic commerce, or from the point of view of a significant increase in security. In addition, the SMS-based solution does not meet the technical requirements of modern processing centers in terms of time, and solutions based on additional sub-accounts can be applied only to individual banks, and not the entire system as a whole.

Based on the foregoing, for the prototype it is advisable to take the first direction, as a basic solution, including for the second direction.

The processing center of the issuing bank of the plastic card means a complex of hardware and software that has a database that stores both the identification parameters of the card (name of the holder, bank card number, expiration date and CVV), as well as the status of the card’s personal bank account, as well as technological procedures and appropriately protected authorization protocols for communication with the automated banking system of plastic card issuing banks, Internet acquirers, other centers and a payment system network Topics.

An Internet intermediary (Internet acquirer) is understood to mean some organization that has a set of hardware and software tools connected via the Internet to the systems of online stores, and through a network of payment systems to processing centers. In the framework of e-commerce, Internet shops, when invoicing to the buyer (Payer), redirects him via the Internet to an Internet acquirer, into the Internet interface of which the Payer enters the card authorization parameters, which then together with the invoice for goods or services from the Merchant-payee are transferred to the processing center of the card issuing bank.

Protected plastic card authorization technologies on the Internet mean 3D-secure technologies, for example Visa 3D Secure or MasterCard Secure Code.

A contact pos terminal refers to some technical device where a bank card with a magnetic strip or a special chip is placed, on which the identification parameters of the card (name and surname of the card holder, card number, expiration date, CVV code) are stored in a secure form. transmitted by the pos-terminal to the processing center.

A non-contact (passive or active, for example, based on NFC technology) pos-terminal is a technical device that reads authorization parameters at a certain distance from a card or mobile terminal equipped with appropriate non-contact information exchange devices, such as NFC.

A mobile terminal is understood as any technical device (mobile phone, smartphone, etc.) that provides voice and Internet connections over a cellular network.

A mobile application means software installed on the mobile terminal of the Payer-holder of a bank card, interacting with contactless pos-terminals or with the software of the online stores of the Payee-seller, as well as via the Internet with the software of the Internet acquirers or software other intermediaries involved in the settlements.

By single-level authorization we mean authorization only of the user himself (for example, by login and password), while multi-level authorization means, for example, simultaneous authorization of the user's hardware, user software, bank card, and the user himself.

The presence of a mobile application allows the Payer to pay for goods and services both from a bank card and, when possible, from a mobile application (mobile Internet banking). The mobile application is registered in the processing center of the issuing bank under an agreement with the owner of the bank card by registering its mobile terminal number and highlighting to the bank card holder its authorization parameters in the form of login and password. In most cases, a mobile application is implemented using a standard web browser or based on Java interfaces using web services. When authorizing a mobile application, a bank card is not authorized, but a user is authorized to manage a card account. After registering the mobile application, the owner of the bank card “downloads” it to the mobile terminal and installs it. Thus, when identifying the Payer through the mobile terminal, one-level authorization occurs. Moreover, in the case of payment by credit card, and this happens in the overwhelming cases of traditional commerce and in most cases of electronic commerce, the mobile application does not participate in the payment process.

The known method and its various implementations provide for the combination of invoicing and the consent of the Payer to pay the invoice by authorizing the plastic card presented to him or by authorizing a mobile application accessing the card account.

Thus, for a known method, such a method is adopted that uses all known payment methods within the framework of traditional commerce, including bank contact and contactless cards, mobile terminals with a mobile application installed on them and equipped with contactless technology devices, contact and contactless pos-terminals , and within the framework of electronic commerce implements security systems based on 3D-secure and "virtual" bank cards.

The known method and its implementation have the following technology features:

1. It is known that entering information from the keyboard of any terminal can be subjected to unauthorized reading of information by an attacker by various means, it is also known that while information is in the buffer of the system that receives information, this information can be stolen by attackers using dos attacks. It is also known that with the help of phishing, a user can be fraudulently redirected to a double site of malicious users, where he will enter secret parameters, and besides this, with the help of dos-attacks, such redirection can be carried out automatically by malicious users.

2. When using a conventional bank card in traditional commerce, a certain person takes part who authorizes this card (seller, waiter, etc.), who can hold the card for some time and who can easily read the identification parameters of the bank card visually.

3. When using contactless bank cards (such as an “electronic wallet”) in traditional commerce, there are restrictions on the payment of goods, since the Payer’s control of the state of debited funds is difficult, which allows them to be used mainly as “transport” cards.

4. When using bank cards in e-commerce, authorization parameters are entered into the Internet acquirer system via the Internet from the computer keyboard, while there is only one authorization level - authorization by card parameters, while the Payer himself is not authorized or identified.

5. When using a mobile terminal with the Mobile application installed on it in electronic commerce, its authorization using 3D-secure is possible only when the selection of goods or services is made directly from the mobile terminal equipped with the mobile application, since the Payer is forwarded from the online store Internet acquiring is possible only from the device from which the choice of goods or services is made.

6. When using a mobile terminal with a mobile application installed on it in traditional commerce, it is possible only with authorization through contactless pos-terminals, which excludes this technology on an existing network of payment systems with conventional pos-terminals, which means that it does not allow the user to make a payment from a regular card.

7. The prototype mobile application interacts with online store systems and processing centers based on web services that have security flaws and are susceptible to dos attacks.

The known method can be implemented by a device containing the Payer's device (bank card and / or mobile terminal with a software application that emits a bank card), pos-terminals of the Payee (contact, contactless, including active or passive), software the hardware complex of online stores, the network of the payment card system, the processing center of the issuing bank, the intermediary system of the Internet acquirer, as well as communication channels based on the Internet and mobile communications networks.

The known method is implemented as follows.

A payer who has an account with a bank or non-bank organization receives a bank card, downloads a mobile application to his mobile terminal. At the same time, the mobile application is a standard or original browser that interacts with the processing center through an automated banking system based on web services, the user is authorized by entering the username and password of the Payer, the owner of the bank card, into the mobile application, and registration is made by highlighting these authorization parameters for this card holder. To pay for goods or services within the framework of traditional commerce by authorizing a card, the Payer places a regular bank card in a contact pos terminal or a contactless passive pos terminal on a plastic card, or brings a mobile terminal equipped with contactless transceivers to a contactless pos terminal. To pay for goods and services as part of e-commerce, when choosing these goods and services over the Internet from any terminal, including a mobile one, the Payer is redirected to the Internet acquirer system and enters the identification parameters of his card with the terminal’s keyboard, through which the choice is made goods. In the case when the selection of a product or service is made from a mobile terminal when redirecting a mobile application to the Internet acquiring system, authorization can be done by entering a username and password. The Internet acquirer contacts the processing center and authorizes a bank card and transfers the account of the Merchant-payee. After successful authorization of the card in the processing center and the sufficiency of the amount on the personal account of the card to pay the invoice, the amount of the invoice is written off from the personal account of the card in favor of the payee. After that, the Recipient of the payment and the Payer directly to the mobile terminal or through the Recipient of payment is notified of the payment of the bill. In the framework of traditional commerce, the payee prints the check in two copies, one of which is signed by the payer and remains with the payee.

However, the known method and its implementations have the following main disadvantages:

1. In the framework of traditional commerce, when paying by bank cards by contact, there are security risks associated with the fact that when authorizing a card, the card parameters are not only on the magnetic stripe or chip of the card, but also visually reflected on the card itself, which means it can be unauthorized read and then used in e-commerce.

2. The use of “virtual” bank cards (without a magnetic strip and / or chip) as a way of protection in electronic commerce does not allow them to pay in traditional commerce.

3. In the framework of traditional commerce, when paying by bank cards in a non-contact way, there is a security risk regarding unauthorized replenishment of the amount on the card.

4. In the framework of electronic commerce, when paying by bank cards, the payer must enter the card authorization parameters into the Internet acquirer system via the keyboard via the Internet, which is a threat of unauthorized seizure of the card authorization parameters through malicious attacks on the payer's computer, phishing attacks, as well as various attacks on the Internet acquiring system.

5. In the framework of electronic commerce, when choosing a product or service from a device other than a mobile application, there is a security risk due to phishing, as well as a security risk due to attacks on the payer's computer.

6. Systems of Internet equavers, online stores, and processing centers that interact with a mobile application based on web services are susceptible to attacks by intruders in order to seize card authorization parameters.

Thus, the use of bank card payments in e-commerce, despite the use of secure 3D-secwe technologies and “virtual cards”, does not significantly increase the level of payment security, and the use of an additional mobile application for a mobile terminal, even in conjunction with contactless technologies , removes only some security threats and does not provide universality of settlements in the framework of traditional and electronic commerce, as it is unique for each ba ka-issuer.

3. Disclosure of invention

Since all security threats relate to unauthorized access to the identification parameters of plastic cards, according to which they are authorized in the prototype, it is advisable to refuse these parameters as authorization and make them only identification, i.e. suitable for personal account identification only. In this case, any attack by attackers on these parameters will become inappropriate. However, in this case, additional means of protection should be introduced that do not simultaneously violate the existing technology of payment for traditional and electronic commerce, are uniform for traditional and electronic commerce and leave the Payer the choice of using old or new payment methods for bank cards. At the same time, it is necessary that the bank card holder can use the existing payment network of bank payment systems and, together with the issuing bank, can choose the degree and level of security of payments made by him.

The aim of the invention is the universality of payment technologies, both within the framework of the traditional one using any existing contact and contactless types of pos-terminals, and electronic commerce, using the Internet and mobile technologies, with a level of security exceeding the security when paying by bank cards of any kind.

This goal is achieved by the fact that the method of payment for goods and services for traditional and electronic commerce, which consists in the fact that the payment is made by identifying the payer's bank card, the identification parameters of which are reflected in the database of the processing center, or authorize a mobile software application installed on the mobile terminal the payer and uniquely associated with the payer's bank card, while the payers enter through a contact or contactless pos-terminal to pay the bill whether the identification parameters of the card are entered into the Internet acquiring system, and the payees enter the account details with the cost of the goods, while the identification parameters of the card and account details are jointly transferred to the processing center of the issuing bank, which authorizes the card and deducts funds from the card’s personal account, after why the processing centers send a notification of the payment to both the Payer and the Payee, according to the invention, the mobile phone number and mobile application Payers reg they are encrypted in a special authorization center together with the bank card parameters, and in the database of the processing center, under the control of the issuing bank system for the bank card issued by him, an additional parameter “consent to pay the bill” is entered, and the decision of the processing center on authorization cards and debiting funds from the personal account cards are accepted by processing centers that analyze the presence of this parameter and, if available, access the secure Internet through a special authorization center, and then via the mobile network, to the payers mobile application, and after the consent of the payers with the invoice, expressed by managing the mobile application, authorize the mobile application and receive the response of the payers, after which they transfer the response of the payers through closed Internet channels to processing centers which, based on this answer, authorize or deduct funds from the personal account or not.

A device for implementing the proposed method includes: the device of the Payer (a bank card and / or a mobile terminal with a software application emitting a bank card installed on it), pos-terminals of the Payee (contact, contactless, including active or passive), the system Online stores in the form of a hardware and software complex, a network of a payment card system, a processing center of an issuing bank, an intermediary system of an Internet acquirer, an authorization center, and also communication channels based on a network Internet and mobile networks.

Thus, the device’s operation technology is as follows: A payer who has an account with a bank or non-bank organization receives a bank card, agrees with the bank of issuers the terms of “consent to pay the bill” and registers the mobile application in the database of a special authorization center. A special authorization center is understood to mean a complex of technical tools and databases that store in encrypted form all the identification parameters of mobile applications registered by the Payers-holders of bank cards, as well as the variable parameters of “consent to pay the bill”. The authorization center is equipped with secure technological procedures for processing database requests, including authorization ones, and appropriately protected authorization protocols for communication with processing centers, payment systems and online stores. A potential payer - the owner of a bank card - downloads the mobile application to his mobile terminal and enters the parameters of his bank card into it, while all the registration parameters of the mobile application and the entered card parameters are encrypted in the mobile application. At the same time, in the database of the processing center, this bank card is marked with a special parameter - “consent to pay the bill”, which means that upon authorization of the card it is necessary to obtain the consent of the Payer with the invoice. The states of this parameter agreed between the cardholder and the issuing bank, for example, the states “do not require consent for all payments less than a certain amount”, are stored in the database of the processing center, and all states set by the Payer, for example, “received during n- hours, give automatic consent ”, are stored in the database of a special authorization center. Thus, the “consent to pay the bill” parameter can be in several states, the joint management of which, including the ability to set these states, including the duration of this parameter and the limits for debiting, is carried out jointly by the issuing bank and the bank card holder or independently Payer. To pay for goods or services within the framework of traditional commerce by identifying a card, the Payer places a bank card in a contact pos terminal or a passive plastic non-contact pos terminal, or brings a mobile terminal to a contactless pos terminal. To pay for goods and services as part of e-commerce, when choosing these goods and services over the Internet from any device, including a computer or mobile terminal, the online store redirects the Payer's device to the Internet EQ system, into which the payer enters the parameters through the device’s keyboard identification with his card. Upon receipt of the card identification parameters in the database of the processing center, the card is identified, the sufficiency of the amount on the account is analyzed to pay the invoice, and the availability and status of the “consent to pay the bill” parameter is analyzed. If the “consent to pay the bill” parameter is present and if it requires a call to the authorization center, the processing center contacts the authorization center via secure communication channels, which in turn contacts the mobile application via mobile communication channels, and the request for consent the invoice is made simultaneously in the Internet connection mode and in the mode of mobile short messages, which makes it possible to unconditionally deliver this request, regardless of whether there is a mobile terminal P of the person on the Internet. Having received a request for consent to pay the bill, the Payer, controlling the mobile application, sending an encrypted response in the Internet connection mode or in the short message mode by means of multi-level authorization of the mobile application in the authorization center. After receiving an authorized consent to pay the bill through a mobile application, the authorization center sends it to the processing center via a secure channel. Upon receipt of the consent of the Payer to pay the bill, the processing center authorizes the card and debits the amount of the bill from the personal account of the card in favor of the payee. After that, the Recipient of the payment and the Payer directly to the mobile terminal or through the Recipient of payment is notified of the payment of the bill. In the framework of traditional commerce, the payee prints the check in two copies, one of which is signed by the payer and remains with the payee. In the absence of the “consent to payment of the bill” parameter, the bill is paid using the prototype technology.

With regard to the method, the applicant considers it necessary to highlight the following development and / or refinement of the set of its essential features relating to particular cases of performance or use.

To increase the security of payments, it is preferable that in the case of e-commerce the authorization center can simultaneously act as a special Internet Equaira, which makes it possible to more securely authorize the payer when he connects to the online store from a mobile application, rather than from a third-party terminal. At the same time, the Payer should have the opportunity to authorize the card from a mobile application through a regular Internet acquirer by entering the authorization parameters of the card from the keyboard of a mobile terminal or through an authorization center acting as an Internet acquirer, automatically, based on multi-level authorization, combining most authorization of the card and consent to pay the bill.

In order to provide additional protection against malicious attacks on authorization centers, it is advisable that the mobile application interacts with the authorization center based on client-server technologies.

It is advisable to provide for the possibility of reciprocal interaction on the transfer of consent to pay an invoice from a mobile application via a mobile network with an authorization center in short message mode when the Internet connection mode of a mobile network is absent or impossible.

In order to improve the usability, it is advisable that the change in the status of the consent parameter for paying the bill in the authorization center be carried out by Payers from their mobile application.

In some cases, it is convenient that, if the payment was temporarily unavailable between the authorization center and the mobile application due to the lack of mobile communication, the payer could send “consent to pay the bill” for payments in the near future from the mobile application to the authorization center .

In conclusion of this section of the description, it must be emphasized that, on the whole, the advantage of the present invention lies in the fact that, on the one hand, it eliminates the confidentiality of the identification parameters of bank cards, which are visually reflected on the bank card and entered from the keyboard into the Internet acquirer system, which makes any attack by an attacker for the purpose of unauthorized obtaining of these parameters impractical, and on the other hand makes it possible to use a more secure technology and existing and prospective sales network of international and national card payment systems based on innovative mobile solutions without rebuilding the structure of payment systems and interaction technologies.

An important advantage of the invention is that it allows both the use of existing payment technologies for any type of bank card and the proposed payment technology without compromising the integrity of existing technologies.

The invention is illustrated in the drawing.

Figure 1 shows a block diagram of a device that implements this method.

The device contains:

1 - payer (buyer, bank card holder); 2 - payer bank card (contact or contactless); 3 - a mobile terminal with a mobile application installed on it, 4 - the payer's computer, 5 - the recipient of payment of traditional commerce (seller); 6 - contact pos-terminal (ATM) of the seller; 7 - contactless pos-terminal of the seller (passive or active); 8 - online store system (e-commerce seller); 9 - a network of an international or national payment system based on bank cards; 10 - processing center of the issuing bank of plastic cards; 11 - Internet acquiring system; 12 - authorization center; 13 - mobile network; 14 - the Internet, 15 - a processing center device for storing a record of the consent parameter and its states, 16 - a processing center device for analyzing consent parameters and its states, 17 - an authorization center device for registering and storing protected parameters of a terminal, mobile application, and bank card, 18 - a special Internet acquirer, 19 - a device for choosing an Internet Equaira.

The device operates as follows.

Payer 1 as the owner of bank card 2, under an agreement with the issuing bank, marks the card as requiring approval for payment, after which the issuer bank sets the “consent” parameter state to the active state in the database of the processing center, which means that authorization of the card requires the consent of the payer 1 with the invoice issued by the Payee 5 within the framework of traditional commerce, or the invoice issued by the online store system 8. Next, the Payer 1, as the owner of a bank card 2, regis ated in the device 17 the authorization center 12 via the mobile application 3, emitting identification card parameters, wherein the processing center 10 receives from the authorization center 12 the confirmation to the mobile application implement consent function with the invoice. The payer 1 has the ability to communicate with the authorization center 12 via the mobile network 13 in the Internet connection or short message modes via the multi-level authorization 3 and transmit to the authorization center state changes of the “consent” parameter, including restrictions on its time and / or by the amount issued by the payee 5 amount of the invoice. Upon receipt of state changes of the “consent” parameter, the authorization center transfers this information to the processing center 10 via secure Internet channels 14 to device 15. To pay for services within the framework of traditional or electronic commerce, Payer 1 may have at its disposal: contact or contactless banking card 2, a mobile terminal with a mobile application 3 installed on it, and a computer with Internet access 4. Contact 6 or contactless 7 pos-terminals communicate via the international payment system systems 9 with the processing center of the card issuing bank, and the online store systems 8 communicate via the Internet with the systems of Internet acquirers 11, which in turn interact with the processing centers of the issuing banks 10. In the event that Payer 1 pays with its cards through contact 6 or contactless 7 pos-terminal of Payee 5, Payer 1 places or applies this card 2 to the corresponding pos-terminal 6 or 7, which identifies it. The identification parameters of the card together with the account of the Payee 5 are sent through the payment system 9 network to the processing center 10. Upon receipt of the identification parameters of card 2 in the database of the processing center 10, the card parameters are identified, the amount on the account is sufficient to pay the invoice and the parameter “ consent ”and its states by device 16. In the absence of this parameter, the processing center 10 implements the traditional technology, namely, the identification parameters of the card ie authorization and shall debit from the account of the payee exposed card amount. If there is a “consent” parameter in the database of the processing center 10 for card 2, and the analysis of the state of this parameter by the device 16 shows that a consent request is required to pay the invoice by Payer 1, the processing center 10 sends it via secure Internet channels 14 to authorization center 12 request for consent of User 1 with the invoice. The authorization center 10, on the basis of the card parameters, finds the registration data of the mobile terminal and mobile application 3 in the device 17 and sends a request for consent to the mobile terminal via the secure communication channels of the mobile network 13 in Internet connection and short message modes, transmitting simultaneously information about Payee 5 and the invoice amount. The payer 1 having received this request for payment of the bill, controlling the mobile application 3, sends a response using the mobile network 13 in the Internet connection mode or, if it is not available, in the short message mode. At the same time, a multi-level authorization of the mobile terminal and application 3 is performed in the authorization center 12. The authorization center 12 receives the response of the Payer 1 and transmits it via the secure communication channels of the Internet 14 to the processing center 10. If the answer of the Payer 1 is positive, the processing center 10 authorizes the card and deducts the payment amount set by the payee 5 from the personal account of the card, and in case of a negative answer or its absence, rejects the request to pay the payee's account 5. Similar the declared device operates in cases when Payer 1 pays the bill via contactless pos-terminal 7 from mobile terminal 3. For the case when within the framework of traditional commerce Payer 1 pays for payment 5 made by the Beneficiary using the mobile application installed on mobile terminal 3 through the contactless pos terminal 7, the identification parameters of the card through the mobile application 3 are received together with the account of the payee 5 through the network of the payment system 9 to the processing center ntr 10. Further, the operation of the device is similar to that of authorization of card 2 via the contactless pos-terminal 7. When paying for goods and services by Payer 1 as part of electronic commerce from computer 4, Payer 1 connects via the Internet to the online store system 8 from computer 4 and selects a product or service in the online store 8, after which, in accordance with the 3D-secure protocol, the payer 1 terminal is redirected via the Internet from the online store 8 to the online acquirer 11 system and the payer enters the identification parameters ation with his existing card traditional method, namely on the keyboard of the terminal 4. Further, the system acquiring Internet 2 is connected to the processing center 10 is performed and the algorithm of the devices described above for traditional commerce, i.e. the algorithm for obtaining the consent of the Payer 1 to pay the bill. In the case when the choice of goods or services is made from the mobile terminal 3, Payer 1 has the opportunity to make a payment similar to payment from computer 4 or automatically. In this case, it is necessary that the authorization center 12 function simultaneously and in the mode of a special Internet eaver 18. In addition, the online store system must have a device for selecting manual or automatic payment 19, which allows you to redirect User 1 terminal in accordance with 3D technology -secure to a regular 11 or special 18 Internet Equaira system. When the Payer 1 selects the automatic payment mode through the device 19 of the online store system 8, which is connected to the online store system 8 from the mobile terminal 3, the online store system redirects the mobile terminal 3 to a specialized Internet acquirer 18. When forwarding the mobile terminal 3 on a specialized Internet acquirer 18, multilevel authorization of the mobile application 3 and the identification parameters of the card along with the Internet account are carried out automatically Gazin received through the payment system network 9 to the processing center 10. At the same time the authorization center 12 receives the consent of the Payer 1 with the invoice as invoiced through an already Authorized mobile application. Upon receipt of the identification parameters of card 2 in the database of the processing center 10, the identification of the parameters of the card, analysis of the sufficiency of the amount on the invoice for payment of the invoice, and analysis of the parameter “consent to pay the invoice” and its statuses by device 16 are performed. considers the technology, namely the identification parameters of the card as authorization and deducts the amount set by the payee from the personal account of the card. If there is a “consent” parameter in the database of processing center 10 for card 2, and analysis of the state of this parameter by device 16 shows that a request for consent is required to pay the invoice by Payer 1, processing center 10 sends secure Internet channels 14 to the authorization center 12, a request for the consent of User 1 with the invoice. Since the center already has the automatic consent of the Payer 1 with the invoice, it is transferred to the processing center 10. The authorization center 12 authorizes the card 2 and debits the payment amount set by the online store system 8, after which it notifies the payer 1 and the Internet system store about the write-off.

Thus, a device that implements the proposed method not only makes it possible to make all existing and promising types of payments from a bank card in a secure mode, but also allows the use of innovative mobile technologies on an existing network and a promising network of international payment systems.

Information sources

1. “Payment systems based on bank cards”, 2007, http://www.plastic-karta.ru/platezhki_bank.html (prototype).

2. “About NFC / NFC technology and interoperability of systems” (About NFC \ NFC and Interoperability), 2011. http://www.nfc-forum.org/aboutnfc/.

3. I.M. Goldovsky “MMA eNFC: Mobile Authentication”. Place Magazine №11, 2007

4. Alexis Moussine-Pouchkine "The Java EE 6 Programming Model Explained", Oracle. Report at the conference "Java Tech Day 2011", http://www.javaone.ru/javaday/program.

5. Mussel K.M. “Method of payment for goods and services on the Internet,” RF patent No. 2161818.

6. RBS. The results of the decade. 2011 http://bankweb20.com/stati/decade-results.html

7. Mussel K.M. Monograph “Provision and billing of communication services. System Integration ”, Eco-Trends Publishing House, 2003

8. Patent US 5326906 (Publication date 1994-09-27) Title "CURRENCY TRANSFER SYSTEM AND METHOD USING FIXED LIMIT CARDS".

9. Patent US 7136835 (Publication date 2006-11-14) Title “CREDIT CARD SYSTEM AND METHOD”,

Claims (8)

1. The method of payment for goods and services for traditional and electronic commerce, which consists in the fact that the payment is made by identifying the payer's bank card, the identification parameters of which are reflected in the database of the processing center, or authorize a mobile software application installed on the payer's mobile terminal and uniquely connected with the payer's bank card, while the payers enter the identifier through the contact or contactless pos terminal or into the Internet acquirer system to pay the bill card payment parameters, and payment recipients enter account details with the cost of the goods, while card identification details and account details are jointly transferred to the processing center of the issuing bank, which authorizes the card and deducts funds from the card’s personal account, after which the processing centers send a notification about payment to both the Payer and the Payee, characterized in that the mobile phone number and mobile application Payers register in encrypted form in a special a separate authorization center together with bank card parameters, and a special authorization center means a set of technical tools and databases that store in encrypted form all the identification parameters of mobile applications registered by the Payers-holders of bank cards, as well as the changeable parameters of “consent to payment accounts ”, and in the database of the processing center under the control of the system of issuing banks for the bank card issued by him, an additional parameter“ consent payment of the bill, ”the decision of the processing center on authorizing the card and debiting the card’s personal account is made by processing centers that analyze the availability of this parameter and, if available, access the secure Internet through a special authorization center, and then through the mobile network to the mobile application of the payers, and after the consent of the payers with the invoice expressed by managing the mobile application, they authorize the mobile application and accept the response of the payers, after which transmit payers response Closed Internet channels to processing centers that are at the basis of this response and produce the authorization to debit from the account. 2. The method of payment for goods and services for traditional and electronic commerce according to claim 1, characterized in that the authorization centers are used simultaneously as Internet acquiring systems. 3. The method of payment for goods and services for traditional and electronic commerce according to claim 2, characterized in that the payers, when choosing a payment method in online store systems, if connected to this system from a mobile application, control the mobile application and pay directly through the authorization center , which is used in the role of Internet acquiring systems. 4. The method of payment for goods and services for traditional and electronic commerce according to claim 3, characterized in that the processing centers receive automatic consent of the payers for the payment on the basis of multi-level authorization of the mobile application, which are made after the payer is redirected from the online store system to the authorization centers acting as special Internet acquiring systems, which are understood as an authorization center with a bank card authorization function. 5. The method of payment for goods and services for traditional and electronic commerce according to claim 1, characterized in that the authorization centers interact with mobile applications based on a three-level authorization using client-server technologies. 6. The method of payment for goods and services for traditional and electronic commerce according to claim 1, characterized in that, in the absence of the possibility of interaction between the authorization center and the mobile application via the mobile Internet network to obtain consent to pay the bill, mobile applications interact with authorization center in short message mode. 7. The method of payment for goods and services for traditional and electronic commerce according to claim 1, characterized in that the state of the consent parameter for paying the bill in the authorization center is changed by the payers from their mobile application. 8. The method of payment for goods and services for traditional and electronic commerce according to claim 7, characterized in that, in the absence of a temporary possibility of interaction between the authorization center and the mobile application via the Internet and mobile communications at the time of payment, the payers send in advance from the mobile applications to the authorization center consent to pay the bill for payments in the near future.