RU2700549C1 - Method of receiving payment requisites of payment recipient by payment systems - Google Patents

Abstract

FIELD: information technology.

SUBSTANCE: invention relates to methods of automating receipt of requisites of a payment recipient when forming an invoice for payment for payment systems intended for payment for services and goods. In the method, the payment recipient registers the required number of requisites on the server of the system, generates the required number of sales points, connects requisites to points of sale, for each operation generates a QR code containing a sales point identifier, a sales point name, a sales point address, a ticket, a payment purpose, an amount, wherein identifier, name and address must match with registered recipient on system server, payer when reading QR-code is convinced of correctness of payment recipient, enters amount, purpose, then sends the entered data and data from the QR code to the third-party payment system, which checks the payer account and transmits to the system server the identifier, address, name, the system server checks the identifier and address correspondence with the recipient name, and if data are confirmed, the system server returns to the third-party payment system requisites of the recipient, which verifies requisites of the recipient and reserves funds in amount of payment, sends ticket system, amount and purpose of payment to system server, system server transmits ticket, amount and purpose of payment to information system of payee, which checks ticket, amount, purpose of payment, order status and sends confirmation for receiving funds to system server, which analyzes recipient response and sends it to third-party payment system, which in case of confirmation transfers money and informs payer about it.

EFFECT: high security when performing electronic payments.

5 cl, 1 dwg

Description

The invention relates to methods for automating the receipt of details of a payee when forming a payment invoice for payment systems designed to pay for services and goods, as well as any other money transfers.

The following terminology is used in the description:

Payment system - a set of rules, procedures and technical infrastructure that ensure the transfer of value from one economic entity to another. Payment systems are one of the key parts of modern monetary systems. In some cases, payment instruments are not money or debts denominated in money, but conditional payment units or specialized securities (Web Money, Bitcoin can serve as an example). Payment systems are a substitute for cash payments when making domestic and international payments and are one of the basic services provided by banks and other relevant financial institutions.

Third-party payment system - an independent payment system that independently and separately functions from the method (for example, a bank).

Payment details - information necessary for the transfer of funds. In this case, the details of the payee and the details of the payer may be meant. In total, more than 40 details are used to make one payment.

Cashless payments are payments made without using cash, by transferring funds to accounts in financial institutions and offsetting mutual claims.

Personal data - any information relating directly or indirectly to a specific or determined individual (subject of personal data). Although the concept of personal data is quite old, the development of computer networks and automated data analysis has allowed to steal, centrally collect and massively sell data about a person. These data help you track down a person, plan a crime against him, or impersonate someone else.

Payer (buyer, user) - an individual or legal entity that pays for a product or service, as well as transfers to someone else. Payment may occur in a form other than cash.

Recipient (seller) - a natural person, characterized by full name and address of registration, or legal entity, characterized by the name and legal address or address of the point of sale or electronic address, receiving payment for the goods or service, and also receiving the transfer in their favor. Payment may occur in a form other than cash.

A matrix barcode is graphic information representing the possibility of reading it by technical means - a sequence of color and white, or other contrasting color of geometric shapes.

A QR code (English quick response) is a type of matrix barcode (two-dimensional barcode) developed and introduced by the Japanese company Denso-Wave.

URL (English Uniform Resource Locator, - a single pointer to a resource) - a uniform locator (determinant of location) of a resource.

Personal identifier - a data set containing a unique number in the system, name, physical or electronic address.

Transaction identifier - a data set containing a personal identifier, amount, payment purpose.

Ticket - a unique transaction number in the information system of the payee created by encryption. If the recipient does not have an information system, then the ticket takes the default value of zero (0).

Point of sale - a place where the buyer can pay for the selected product or service. A point of sale is characterized by its name, address and details associated with it. In the case of a physically existing store, the address is the mailing address, in the case of an individual, registration (registration address in the passport), in the case of an online store, the site URL.

System server - a combination of software and hardware to perform certain functions that ensure the functioning of the system. In this description refers to the implementation of the proposed method.

Client device — a smartphone, personal computer, or other (including mobile) device with special software installed for collaboration in the payment system and connected to it for data exchange.

In the present level of technology, there are many different payment systems intended for use by individuals (Example: Sberbank Online https://online.sberbank.ru) and legal entities (Example: iBank2 https://ibank2.ru). Recently, the most popular are non-cash online payment systems using the Internet for data transfer. Such systems are implemented as a program for a client device and have the following disadvantages:

- Include a limited list of payees for which the user does not need to enter payment details.

- For other recipients of payments, it is required to enter manually payment details that contain a large number (more than 40 parameters) of information that is difficult for an ordinary user to understand.

- The user may not know and may not be able to quickly receive the payment details of the payee in full.

These shortcomings significantly limit the distribution and widespread applicability of such payment systems.

The prior art method for making purchases is described in patent WO2012 / 083359, in which:

- The system stores the customer’s personal data, payment details of his bank cards and other accounts, including secret data for access.

- The payment details of the payees (sellers) are stored on the system server.

- For each purchase, the seller generates an individual QR code through the system server that allows you to uniquely identify this purchase. The received QR code is visually displayed for the buyer.

- The buyer has a client device, the software of which allows you to activate the QR code and interacts through a communication channel with the system server, which generates a purchase request.

- The system server performs payment for the purchase by transferring funds from the buyer’s accounts to the seller’s account.

The method of shopping described in patent WO2012 / 083359 eliminates the disadvantages associated with the need to enter the payment details of the seller and automates their receipt, however, it itself has a number of disadvantages:

- The system server of the described method stores the personal data of the payer, the payment details of his bank cards and other accounts, including secret data for access, as well as the history of the movement of funds. In fact, the system server will store consolidated information about accounts, including all the necessary secret information for transferring funds, which is unsafe.

- The described method of making purchases is designed to use exclusively its own payment system and does not involve the interaction and use of external payment systems, which limits the scope of its use, as payers (buyers) will have to install another payment system on their client devices and refuse to use existing payment systems systems.

- The payee (seller) is required to have a certain information system, which must be integrated with the system server and have a permanent communication channel, which limits the applicability of the method to sellers, since they will have to incur additional material costs.

Closest to the claimed is a technical solution for a patent for an invention, application RU No. 2658881 G06Q 30/04 (2012.01), with a priority date of June 1, 2016, according to which the METHOD FOR RECEIVING PAYMENT RECIPIENTS OF THE PAYMENT RECIPIENT is characterized in that the recipient of payment is registered once on the site server system, enters the data characterizing it and receives a personal identifier in the form of a graphic file with the image of a matrix barcode that is displayed (printed on paper, displayed by projection, holographic ki or display); the payer has a client device with a third-party payment system installed, adapted to work with the method; the payer, using the client device, reads the image of the matrix barcode from which it receives data characterizing the recipient, verifies them, enters the payment amount and confirms the payment; then the third-party payment system sends the operation identifier to the system server via communication channels, the system server verifies the data and returns the payment details to the third-party payment system; a third-party payment system transfers funds and, if successful, reports this to the system server; the system server notifies the recipient of the successful transfer of funds. In addition, the matrix barcode contains, in addition to the seller’s personal identifier, the payment amount and / or payment purpose and / or the seller’s details, for the generation of which the program library is used. In addition to the matrix barcode, the information is displayed in an alphanumeric way, while the payer manually enters the information into the software of a third-party payment system integrated with the method system.

Disadvantages: the protection of the operation is insufficient, since the company name (name of the payee) is not a unique factor, the QR code can be substituted, and the payer can’t track it in the same way as the one who pays it. In addition, the usual unencrypted unique transaction number generated by payment systems in a normal transaction can be predicted by a systematic appeal to the same payee and issued by payment by simply increasing the number, i.e. does not protect the payee from fraud.

The objective of the proposed method is to increase the security of the method by which payment systems obtain the details of the payee by including additional protection factors in the QR code that increase the security of the payment transaction, as well as creating additional levels of validation.

To do this, it is proposed to include in the QR code generated by the information system of the payee (seller) the address of the point of sale registered by the recipient in the system, corresponding to the name of the point of sale on the system server, as well as a ticket - a unique transaction number that is ciphered.

First moment. Since the name of the payee is not unique, adding a point of sale address in the QR code (and for online stores - the URL), combined with the name of the point of sale reflected at one of the data validation stages, will allow the payer to check the correspondence of the payee to that he addresses the payment. Thus, the payer, having read the QR code using a client device, for example, a smartphone, can identify who is paying and, in case of doubt, refuse the transaction. In addition, the validation of the identity of the payee is carried out by the system server and, if successful, i.e. establishing the correspondence of the identifier of the point of sale + name + address, sends confirmation to a third-party payment system (for example, to a bank). Thus, the inclusion of the point of sale address in the QR code increases the level of protection and increases the security of the payment transaction.

Second moment. Since a unique transaction number can be predicted, replacing it with a ticket (a cipher-generated unique transaction identifier), included in the QR code, increases the security level of the payment transaction. Thus, the security of electronic payments and the use of third-party payment systems is increased,

The general sequence of actions of the proposed method includes: the recipient is registered on the server of the system (i.e., in the system intended for the implementation of the proposed method), registers one or more details, creates the required number of points of sale (or uses a personal default), connects the details with points of sale, then the Recipient for each transaction generates a QR code containing the identifier of the point of sale, the name of the point of sale, the address of the point of sale, a ticket - optionally (if the recipient does not have of the formation system, the ticket has a default value of zero, that is, it is equal to zero), the purpose of the payment is optional, the amount is optional, with the identifier of the point of sale, the name of the point of sale and the address of the point of sale must match the recipient registered on the system server. Then the payer reads the QR code, makes sure the payment recipient is correct by the name and address shown to him, if necessary (if they are not indicated in the QR code) enters the amount, purpose, then sends the entered data and data from the QR code to a third-party payment system (a special case - to the bank), then the third-party payment system checks whether the payer’s account is frozen, whether there is enough money in the payer's account, if there is confirmation, then the third-party payment system transfers the identifier, address, name nie. Then the system server checks the identity and the address + name of the point of sale. If the data is confirmed, the system server returns the details of the recipient to the third-party payment system (to the bank). Then the third-party payment system checks the details of the recipient, freezes funds in the amount of the amount of the forthcoming payment and transfers the ticket, purpose and amount of payment to the system server, then the system server transfers the ticket, purpose and amount to the information system of the payee. Then, the payee checks the ticket, amount, order status, and sends a confirmation of receipt of funds to the system server, then the system server analyzes the recipient's response and passes it to the third-party payment system. Then, if confirmed, the third-party payment system transfers the money and informs the payer about it. In addition to the ability to control and cancel the transaction at the level of a third-party payment system (for example, a bank) - due to lack of funds and at the system server level - due to a mismatch of the identifier received by the system with the address and name, which can indicate a substitution of a QR code, there is an opportunity validation of data and cancellation at the level of the payee, for example, inconsistency of the order status. In addition, it becomes reasonable to cancel the payment at the payer level, if necessary, since it receives data (name of the point of sale, address of the point of sale, purpose, amount of payment) by which it can judge the correct indication of the payee.

Thus, the security of electronic payments is increased, as well as the versatility of using third-party payment systems, and the control procedure for payees becomes more reliable.

Differences from the prototype:

Firstly, since the name of the payee is not unique, in addition, one payee can have several points, add the point of sale in the QR code (and, for online stores, the URL) included in the system (additionally confirmed, for example , using geolocation), the combination of the name + address of the point of sale, reflected at one of the stages of data validation, will allow the payer to check the recipient's compliance with the one to which he addresses the payment. Thus, the payer, having read the QR code using a client device, for example, a smartphone, can identify who is paying and, in case of doubt, refuse the transaction. In addition, the validation of the identity of the payee is carried out by the system server and, if successful, i.e. establishing the conformity of the identifier + name + address with a given point of sale, sends a confirmation to a third-party payment system (for example, to a bank). T.O. the inclusion of the point of sale address in the matrix barcode increases the level of protection and increases the security of the payment transaction.

Secondly, in the prototype, the payee generates an operation identifier, which is included in the matrix barcode. This is not enough for the security of the payment, since the ordinary unencrypted unique transaction number generated by the payment systems in a normal transaction can be predicted by a systematic appeal to the same payee and issued simply by increasing the number for payment, i.e. does not protect the payee from fraud. In the claimed method, the matrix barcode is generated by the payee’s information system and is created on the basis of the identifier of the point of sale, the name of the point of sale, address of the point of sale (required data), ticket and optional amount, payment purpose, using the software and library used by the payee’s information system . The ticket is generated by the information system of the seller (payee), or by encryption based on unique transaction data (number, time, amount) or a random number generator, it is unique in the payee’s information system and is uniquely associated with a specific purchase, which increases security.

Thirdly, with the prototype, payment was made at the penultimate stage, after which the system still notified the payee about the payment made, when cancellation is already impossible. This is a useless feature to enhance security. In the inventive method, the recipient may refuse to receive payment before the bank transferred the money. That is, the server of the system analyzes the response of the payee and transfers it to the third-party payment system (to the bank), and the third-party payment system transfers the money, if confirmed, and informs the payer about this, which increases the security of the payment.

Thus, validation, that is, confirmation of the truth of the data, is carried out at three levels: when the payer verifies the amount, address, name; when a third-party payment system (bank) verifies the amount, payer details, recipient details, when the system server checks the identifier of the point of sale on the one hand and the address + name of the point of sale on the other, and when the payee verifies the ticket, order status and payment amount.

The technical result of the proposed method is to increase the security of payments when making electronic payments.

The technical result is achieved by a method including the fact that the payee is registered on the system server website, enters the data characterizing it and receives a personal identifier in the form of a graphic file with a matrix barcode image that is displayed (printed on paper, displayed by projection, holographic or on the display) ; then the payer using the client device reads the image of the matrix barcode from which it receives data characterizing the recipient, verifies them, enters the payment amount and confirms the payment; then a third-party payment system (for example, a bank) sends the transaction identifier to the system server via communication channels, the system server verifies the data and returns the payment details to the third-party payment system; a third-party payment system transfers funds and reports this to the server of the system;

characterized in that the recipient registers the required number of details on the system server, creates the required number of points of sale (or uses a personal default), associates the details with points of sale, then the receiver generates a QR code for each transaction containing the identifier of the point of sale, the name of the point of sale, point of sale address, ticket, payment purpose (optional), amount (optional), while the identifier, name and address must match the recipient registered on the system server, paid when reading the QR code, the customer is convinced of the correctness of the payment destination by the name and address shown to him, if necessary (if they are not indicated in the QR code), enter the amount, purpose, then sends the entered data and data from the QR code to a third-party payment system, the third-party payment system checks the payer’s account, then the third-party payment system transfers the identifier, address, name to the system server, then the system server checks the identity and address with the name of the recipient, and if the data are confirmed, the system server returns the details of the recipient to the third-party payment system, which checks the details of the recipient and reserves money in the amount of the payment amount, transfers the ticket, the amount and purpose of the payment to the system server, then the system server transfers the ticket, the amount and purpose of payment to the information system of the payee, then the recipient checks the ticket, amount, payment purpose, order status, and sends a confirmation of receipt of funds to the system server, the system server analyzes the recipient’s response and Pass the third party of its payment system and third-party payment system in the event of confirmation of the transfer of money and notify the payer. If the recipient does not have an information system, then the ticket is zero, and the QR code is static and contains the identifier of the point of sale, address of the point of sale, name of the point of sale. If the recipient is an online store, a uniform URL locator is used as the recipient’s location address. As a special case, adding to the QR code the address of the point of sale included in the system is additionally confirmed using geolocation. Another special case, in addition to the matrix barcode, information is displayed in an alphanumeric way, while the payer manually enters the information into the software of a third-party payment system integrated with the method system.

The advantages of this method of obtaining payment details of the payee by payment systems:

- The server of the system does not perform the functions of a payment system and, therefore, does not store the personal and secret data of the payer; instead, it provides a service for providing the recipient's payment details to any third-party payment systems. As a result, dangerous duplication of confidential data across multiple systems is avoided.

- From the previous advantage it follows that any third-party payment system that works with any money, including electronic wallets, by minimizing its software, without any integration actions with payment recipients, will be able to immediately start working with all the systems registered on the server sellers. At the same time, it will be enough for customers to simply update the software version on their client devices.

- For recipients of payments to work with the system and receive payments to their account, it is enough to register on the server of the system and receive a matrix barcode for further presentation to the buyer. Even in the absence of its own information system, to use the method, it is enough to print the resulting matrix barcode, which simplifies and reduces the cost of implementation.

The essence of the described method of obtaining payment system details of the payee is illustrated by the image in the figure.

Figure - Method for receiving payment system details of the payee, where

SS - System Server,

PR - Recipient (seller);

MK - Matrix barcode;

KU - Client device;

PS - Third-party payment system (for example, a bank);

PL - Payer (buyer, user);

1 - Read matrix barcode;

2 - Data entry by the payer, data validation and confirmation of payment;

3 - Transfer of the value of the matrix barcode and data entered by the payer;

4 - Transfer of the identifier, address and name of the point of sale;

5 - Transfer of details of the payee;

6 - Transfer of the ticket, amount and purpose of payment;

7 - Transfer of the ticket, amount and purpose of payment;

8 - Transmission of confirmation of readiness to accept payment;

9 - Transmission of confirmation of the recipient's readiness to accept payment;

10 - Transmission of a successful payment message.

An example implementation.

- The PR receiver registers the required number of details on the SS system server, creates the required number of points of sale, associates the details with points of sale.

- The PR receiver for each operation generates a QR code (MK) containing the identifier of the point of sale, the name of the recipient, address, ticket - optionally (if the recipient does not have an information system (IS), then the ticket has a zero value, i.e. is zero ), the purpose of the payment is optional, the amount is optional. In this case, the name and address of the point of sale must coincide with those registered on the server of the CC system.

- The payer of the subscriber reads (1) a QR code, makes sure that the payee is correct at the name and address of the point of sale shown to him, if necessary (if they are not indicated in the QR code) enter (2) the amount, purpose. Sends (3) data from the QR code and the PS entered by it to the third-party payment system.

- The third-party payment system PS checks whether the payer's account is frozen, whether there is enough money in the payer's account. If there is confirmation, then the third-party payment system PS transmits (4) to the system the identifier, address, name of the point of sale.

- The server of the SS system checks the correspondence of the identifier and the address + name of the point of sale. If there is confirmation, then the server of the CC system returns (5) to the third-party payment system PS the details of the payee PR.

- The third-party payment system PS checks the details of the payee of the PR. If the information is confirmed, it freezes funds in the amount of the amount of the forthcoming payment and transfers (6) the ticket and the amount to the server of the SS system.

- The server of the SS system transmits (7) the ticket and the amount to the information system of the payee of the PR.

- The payee of the PR payment checks the ticket, amount, order status. If the information matches the information in his information system, then he sends a confirmation for receiving funds (8) to the server of the SS system.

- The server of the SS system analyzes the response of the recipient and transmits to the third-party payment system PS (9).

- A third-party payment system, PS, in case of confirmation, transfers money and informs the payer about it (10).

The following elements are involved in the claimed method of obtaining payment details of the payee by payment systems:

- located on the Internet server system of the method with software and database;

- the payee (seller), who registered on the system server, entered his payment details, address and name of the point of sale (several points of sale) and further shows the payer (buyer) the image of the matrix barcode;

- matrix barcode containing information about the identifier, name and address, point of sale;

- a client device in the form of a smartphone with a camera, a third-party mobile application (for example, the Sberbank Online mobile application) and Internet access;

- a third-party payment system (for example, the Sberbank Online system) with which the mobile application of the smartphone interacts;

- a payer (buyer) who owns a smartphone and wants to make a purchase.

Claims (6)

1. A method for receiving payment system details of a payee, including the fact that the payee is registered on the server’s website, enters the data that characterizes it and receives a personal identifier in the form of a graphic file with a matrix barcode image that is displayed (printed on paper, displayed by projection, holographic or on display); then the payer, using the client device, reads the image of the matrix barcode from which it receives data characterizing the recipient, verifies them, enters the payment amount and confirms the payment; then the third-party payment system sends the operation identifier to the system server via communication channels, the system server verifies the data and returns the payment details to the third-party payment system; a third-party payment system transfers funds and reports this to the server of the system; characterized in that the recipient registers the required number of details on the system server, creates the required number of points of sale, associates the details with points of sale, then the receiver generates a QR code for each operation containing the identifier of the point of sale, the name of the point of sale, the address of the point of sale, ticket, purpose of payment (optional), amount (optional), while the identifier, name and address must coincide with those registered by the recipient on the system server, the payer is convinced of of the payment recipient by the name and address shown to him, if necessary (if they are not indicated in the QR code), enter the amount, purpose, then send the entered data and data from the QR count to the third-party payment system, the third-party payment system checks the payer’s account, then a third-party payment system sends an identifier, address, name to the system server, then the system server checks the correspondence of the identifier and address with the name of the recipient, and if the data is confirmed, the system server returns It sends the details of the recipient to the third-party payment system, which checks the details of the recipient and reserves money in the amount of the payment amount, transfers the ticket, the amount and purpose of the payment to the system server, then the system server transfers the ticket, the amount and payment purpose to the payment recipient’s information system, then the recipient checks the ticket, the amount, purpose of payment, order status and sends a confirmation of receipt of funds to the server of the system, the server of the system analyzes the response of the recipient and transfers it to a third-party payment system, and if confirmed, the third-party payment system transfers the money and informs the payer about it. 2. The method according to p. 1, characterized in that if the recipient does not have an information system, the ticket is zero, while the QR code is static and contains the identifier of the point of sale, address of the point of sale, name of the point of sale. 3. The method according to p. 1 or 2, characterized in that if the recipient is an online store as the recipient’s location address, a uniform URL locator is used. 4. The method according to p. 1 or 2, characterized in that adding to the QR code the address of the point of sale included in the system is additionally confirmed using geolocation. 5. The method according to claim 1 or 2, characterized in that, in addition to the matrix barcode, information is displayed in an alphanumeric way, while the payer manually enters the information into the software of a third-party payment system integrated with the method system.

Images