SK500212010A3 - The procedure of sales in electronic commerce accessible from a mobile communication device - Google Patents

Abstract

Approach It includes communication between business sys témom accessible through GUI mobile communication Joint devices (4), when the after selection purchased items from removable memory cards (1) reads identification acquierera (12), will send the to headquarters ob mercial system (2), where after approval identifiers cie acquierera (12) will to creation transaction credit parameter and these enter to of a removable it memory cards (1) than initiator platobno- terminal applications. On the removable memory card (1) progress respective payment terminal application, while the creates payment cryptogram, especially in after time EMV cryptogram. the is a posted to headquarters business system (2), where the with it can load than with common cryptogram customary POS termi may catch.

Description

The solution concerns the cooperation between the virtual trade systems, the payment system and the clearing system, which may be provided by different entities. The solution describes the method of installation, activation of selected hardware elements, the method of user registration in the system and the procedure of performing payment-terminal operations, which can ensure reliable and secure payment and sales process. The method according to this solution follows the initial patent applications SK PP 00032-2009 of 03.05.2009 and SK PP50009-2010 of 27.03.2010.

BACKGROUND OF THE INVENTION

Users of mobile communication devices in various forms such as mobile phones, PDA tablets, laptops can access an electronic trading system (for example in the form of an OVI store from NOKIE), where various electronic items such as downloadable ringtones, songs, maps, games can be purchased. and other apps. Before the first purchase, the user must register and log in to the trading system and usually also have to install the appropriate application on the mobile communication device that communicates with the relevant trading system in the central office. The user may be prompted to enter the user name and password under which they will act. After creating his account in the trading system, the user is informed about the result of registration and can also be currently logged into the trading system. To verify the registration, an e-mail or SMS with an activation link can be sent from the trading system to the selected e-mail address or telephone number. Clicking the activation line verifies in the trading system that the entered email or phone number is correct. User registration may also be accompanied by confirmation of acceptance of business terms and conditions of the trading system operator.

and

After the user account has been successfully created, the user can choose the goods he / she wants to buy, eg. MP3. By clicking on "buy" the trading system will ask for a password. Successful user authentication is followed by the selection of a payment card with which the user wants to pay. Depending on the payment card selection, the user is prompted to enter the PAN card number, card expiration date and CVC2 / CW2 code. The information thus entered is sent to the head office of the trading system, where it is processed as a normal payment by credit card. For convenience, this information for a credit card or multiple credit cards can also be stored on a mobile communication device. The disadvantage of this arrangement is that when the credit card is authenticated remotely, sensitive data is transferred to the trading system central. Although mostly the amount for items in a trading system accessible from a mobile communication device is relatively low, in the order of euros or dollars, there is a risk of misuse of credit card data for any unauthorized third party withdrawal. The system should therefore provide a higher level of security, but should not increase transaction costs or reduce convenience, as the user is not willing to deal with complicated procedures when making small payments and purchases.

SUMMARY OF THE INVENTION

The above deficiencies are substantially eliminated by the e-commerce sales process accessible from the mobile communication device according to this technical solution, which includes in particular the following steps:

Al. inserting the removable memory card into the appropriate slot of the mobile communication device, the insertion causing the software to self-install.

A2. setting application configuration data, which step may include selecting and entering a user password. During configuration, the removable memory card may also be paired with a particular mobile communication device, for example in relation to the SIM card or in relation to the hardware of the mobile communication device. At this point, the user registration may also include communication with the remote trading system central where the user identification data is stored.

A3. activation of a removable memory card by means of an activation key to be assigned by the card issuer and / or the bank. Entering the correct activation key will make the removable memory card and ready for use payment application.

If a program for communicating with a trading system is not already installed in the mobile communication device, the program installation and user registration can now occur. In this installation, a payment terminal on a removable memory card may be designated as the preferred payment method. If the payment application is installed at the time when the application for communication with the trading system is already installed and the user is already registered, the option of additional setting of preferential payment method is used.

The steps described so far represent a preparatory phase that is sufficient to be performed only once for a given hardware connection of a removable memory card and a particular mobile communication device. The following phase represents the executive part of trading, including the execution of the payment-terminal application of this solution with the following steps:

BI. After the decision to buy an item from the trading system, the user is directed to the mobile communication device menu and launches the respective application. In this step, the stored parameters of the user's account are read and by browsing the items in the remote trading system headquarters, the user is allowed to select the desired item. B2. The user agrees to purchase the selected item. The trading system prompts him for a password that belongs to the user account.

B3. A payment option is displayed on the display of the mobile communication device, and the payment option described in this description can be set as a preferential method. The application is waiting for confirmation from the user. After confirmation, the payment terminal application runs directly on the removable memory card. After selecting the payment application according to this solution, the co-controller and the interface between the removable memory card and the mobile communication device are activated. If the payment application password entered is positive, the acquirer's configuration data is read into the payment application unit. This will make the generic payment terminal a specific terminal with the identity of the acquirer. The payment-terminal unit could have the acquirer's identification data entered and uploaded as the basic and single payment terminal data, but this would restrict the otherwise broader use of the payment terminal on the removable memory card. Subsequently, the acquierea identification data is sent to the head office of the trading system by means of a communication means provided by the mobile communication device itself, e.g. as a GPRS (General Packet Radio Service) channel. At the head office of the trading system, it is checked whether the acquirer's identification data belongs to the contractor. A positive evaluation will cause a payment parameter file to be sent from the trading system to the mobile communication device, which also includes the amount of the amount paid. In essence, evaluating the acquierea status means establishing membership of a given trading system.

The data set with payment parameters may or may not be encrypted. By receiving it to the mobile communication device, a set of input parameters is sent to the removable memory card to the payment terminal unit via the appropriate interface and controller, which initiates communication with the payment card unit. Communication between them takes place as if it were a POS (point of hall) connection of the terminal with an ICC (integrated circuit card) by a payment card inserted in the card reader. The result of the transaction is encrypted by the acquierer's private key and sent via a removable memory card interface to the mobile communication device, which sends the payment cryptogram to the trading system central.

At the headquarters of the trading system, the payment cryptogram is decrypted by the acquierer's public key and its status is assessed. Payment can be processed offline or online. For offline payment, the trading venue does not have to associate with the acquirer every time. In the case of a negative AAC (Application Authentication Cryptogram) response, the user will be informed of the payment decline. If the offline payment is evaluated positively, a confirmation message in the form TC (Transaction Certificate) is sent to the user.

Online payment is evaluated when connected to an acquirer. If an ARQC (Authorization Request Cryptogram) response is requested, the trading system will be linked to the acquirer's system with a question and task to authorize the payment. This is done in connection with the card issuer system. The response to an ARQC request file is an Authorization Response Cryptogram (ARPC), which contains a payment confirmation or rejection. The message is encrypted with the acquirer's private key.

Acquierer sends the cryptogram to the headquarters of the trading system, where, depending on the type of cryptogram, the last decision is taken and the result is communicated to the user in the form of AAC / TC on the display of the mobile communication device. In this way, the payment-terminal application runs as an online application, which, according to the settings on the payment card, allows a specified number of offline payments to be made. To ensure that the counter is resolved, it is appropriate that the ARPC payment cryptogram be sent to a removable memory card via an interface to the mobile communication device upon receipt. There the payment terminal unit receives this cryptogram and sends an instruction to reset the counter to the payment card unit.

Acquierer creates payment files which, from the perspective of the cooperating bank, have the same structure as if they were created when paying through a regular POS terminal. This makes the transaction clearing and debiting of the user's bank account the same as in the case of current non-cash transactions.

B4. After successful completion and confirmation of the payment application, the user will receive a confirmation of payment and then from the trading system will be transferred data that represented the purchased item. The transfer is in principle possible to the user's mobile communication device or to another device of a third party to which the user sends a purchased item such as a gift. At the end of this phase, the application on the mobile communication device will offer the option to return directly to the BI point to purchase the next item or return to the normal display menu.

The removable memory card may contain the following units to ensure the operation of the above steps: a payment-terminal application unit, in particular an EMV standard (Europay, MasterCard, VISA), a payment card unit, a microcontroller, an encryption unit, a self-installation unit. The removable memory card can also include an NFC communication element with an antenna, which makes the removable memory card also suitable for communication with conventional POs with terminals and can be used not only for payments with a remote trading system where communication is provided by a mobile communication device. . over GPRS. The removable memory card is inserted in an appropriate slot of the mobile communication device and represents an element held by the user. This removable memory card, together with the appropriate software, was provided to the system by an acquierer who has a contractual relationship with the trading system operator. At a remote location away from the mobile communication device, the acquierer system is coupled to the merchant system, wherein the acquierer system includes a payment terminal configuration data unit as well as an encryption and decryption unit. Upon agreement between the acquierer and the trading system operator, the removable memory card may also include a trading system communication package.

The credit card issuer, for example a bank, which provides the appropriate data to a credit card unit located on a removable memory card, may also be part of ensuring the non-cash payments run. Acquierer and the card issuer may or may not be the same entity.

The preferred arrangement of the relationship between the user and the individual system operators will include a contract between the user and the card issuer, a contract between the acquierer and the trading system operator, and a contract between the acquierer and the card issuer. A trading system operator does not need to have a bank account with a credit card issuer, but may have the money sent to another bank account. The described arrangement also allows the merging of some subscribers, for example the payment card issuer may also be an acquierer, but the advantage of the translated solution is that it allows to securely and profitably exploit existing systems and relationships between the card issuer, banks and business system operators. Existing standards will be used in communication protocols between existing users of such systems, and increased comfort and security is ensured through the acquierer system, which distributes removable memory cards to users according to this solution. This system ensures a high level of security where even small payments in the order of euros or dollars are made through a standard payment terminal application and sensitive data is not provided to a remote location, for example, to a trading system headquarters, Internet browsers and the like.

BRIEF DESCRIPTION OF THE DRAWINGS

The solution is explained in more detail with the help of Figures 1 to 44.

In the figures no. 1 to 3, four steps of the preparation phase with the installation of a payment application, which occurred after inserting a removable memory card into the mobile phone slot, are shown in the diagram. In the picture no. 2 also shows an example of entering personal data when configuring a payment application. In the picture no. 3 is a step of entering a password from a removable memory card vendor.

In the picture no. 4 is an example of a mobile phone display in the possibility of pairing a mobile communication device with a removable memory card.

Picture no. 5 illustrates a method for specifying an activation key that belongs to a particular removable memory card.

In the picture no. 6 shows the successful completion of a removable memory card installation.

Picture no. 7 includes an application installation offer step intended to communicate with a trading system.

Picture no. 8 illustrates a flow chart of an application for communicating with a trading system after installation of a payment application.

Picture no. 9 shows a preset of a preferential payment method in an application for communicating with a trading system.

In the picture no. 10 shows user registration in a trading system.

In the picture no. 11 shows an example of successful completion of registration in a trading system that is associated with an offer to start shopping.

In the picture no. 12 is a block diagram showing a first insertion of a removable memory card into a mobile communication device when auto installation begins. In the picture no. 13 shows an example of a structure of user input data into a payment application. In the picture no. 14 shows the possibility that previously entered user data will also be used when installing and registering an application for communication with a trading system. In the picture no. 15 shows the transmission of user data to a trading system central office.

In the figures no. 16 to 19 are diagrams illustrating purchasing steps in a trading system from a user's perspective. In the picture no. 16 shows an offer step to purchase a particular item. In the picture no. 17 is an example of a payment method selection. In the picture no. 18 shows the course of a payment application. In the picture no. 19 illustrates downloading the purchased item to a mobile communication device.

In the picture no. 20 shows a structure of elements where the system includes a mobile phone, a removable memory card, and then a trading system central connected to an acquierer that is also associated with the card issuer. In this figure, we also observe how, based on a contract between the trading system operator and the acquierer, the acquierer identifiers, the acquierer public key, and the terminal identification are moved to the trading system operator database.

In the picture no. 21 shows a pre-preparation phase with the step of uploading files and applications of a trading system operator to a removable memory card managed by an acquierer. In the picture no. 22, the pre-preparation phase is again illustrated, now with the step of loading data of the acquirer and the credit card issuer into the removable memory card.

Figures no. Figures 23 and 24 show the state after the pre-preparation phase, when the removable memory card is loaded with the necessary data and applications from all system participants.

In the picture no. 25 illustrates a procedure for performing the preparatory phase of a mobile communication device. In the picture no. 26 shows data transmission from a mobile communication device to a trading system headquarters in a preparatory phase.

In the picture no. 27 shows the relationships between the individual elements of the system when the payment-terminal application is started on a removable memory card, when this action is triggered by an instruction to purchase the selected item. In this figure we observe that after entering the correct password, the payment terminal identification data is requested.

In the picture no. 28 is the step of sending the acquier identification to the trading system headquarters.

In the picture no. 29 is a step where payment parameters are sent from a trading system central to a mobile communication device.

In the picture no. 30 illustrates how payment parameters are moved over an interface to a removable memory card using payment parameters as input to a payment terminal application.

In the picture no. 31 shows the flow of processing and encryption in a payment terminal unit using the acquier private key.

In the picture no. 32 shows sending a payment cryptogram from a mobile communication device to a trading system headquarters, wherein the payment cryptogram is used by the card issuer MasterKey as well as the acquier's private key.

In the picture no. 33 is a step for evaluating a payment cryptogram for offline payment.

In the picture no. 34 is an example of a payment decline.

In the picture no. 35 is an example of offline payment confirmation.

In the picture no. 36 is the beginning of the evaluation of the payment cryptogram for online payment communication with the acquirer and the card issuer.

In the picture no. 37 shows the relationships between the card issuer and the acquierer in online authorization.

In the picture no. 38 illustrates sending an encrypted ARPC response from the acquierer to a trading system central where the instruction is decrypted and evaluated.

In the picture no. 39 shows a procedure for resetting the counter on a credit card unit after a successful online payment.

In the picture no. 40 shows the possibilities of cryptograms on the side of the acquierer.

In the picture no. 41 shows the position of the acquirer with the obtained cryptograms in relation to the other participants involved in the trading system.

In the picture no. 42 is an example of communication in clearing payments with another participant, the trading system operator's bank.

In the figures no. 43-44, we observe clearing between the accounts of the card issuer bank and the trading system operator's bank, which also shows the relationship between the user, the card issuer, the acquirer, the trading system operator's home bank and the trading system operator itself.

DETAILED DESCRIPTION OF THE INVENTION

In this example of Figures 1 to 44, a trading system 2 known as the OVI store operated by NOKIA is described. The present technical solution is capable of cooperating with any other trading system 2 on the same principle, and the indication of the OVI store designation, which is a NOKIA trademark, need not be construed as limiting the scope of protection. Also, the use of the NOKIA E71 mobile phone 4 in the form of a mobile communication device 4 is merely an example intended to facilitate understanding of the relationships and procedures in the described system and is not to be construed as limiting the required scope of protection.

The user 3 of the mobile communication device 4 NOKIA E71 inserts a removable memory card 1 received from the acquier 12 into his / her phone, in this case it may be a Logomotion acquierer 12 (LGM acquierer 12). LGM acquierer 12 has a contract with the card issuer 13 and also with the operator of the 2 OVI store. As a result of this cooperation, the acquirer 12 deposited on the removable memory card 1 a payment card unit 5 containing data in the structure of the current ICC payment cards, including a credit card personal data unit 18, during the pre-preparation phase. At the same time, the program necessary for communication with the trading system 2 is also recorded on the removable memory card and is located in the trading application installation unit 17. This program could be downloaded by the user 3 to the mobile communication device 4 also from the headquarters of the OVI store 2 via the mobile network 14, but for which it would have to pay as a normal data transfer and therefore it is appropriate if the software is directly located on the removable memory card i.

After its insertion into an accessible slot, the installation of a payment application, referred to in this example as LGM payment application, will start automatically according to Figures 12, 25 and 1. The display 10 of the mobile communication device 4 gradually shows the installation progress (Figures 1 to 6) and via the keyboard 9 of the mobile communication device 4 the user 3 agrees to the procedure and enters personal data and passwords. In the activation (Figure 5), it will also use the password from the card issuer 13. After entering the correct password, the display 10 will show that the LGM payment application has been installed and is ready for use (Figure 6).

In this example, the mobile communication device 4 has not yet installed the software required to communicate with the trading system, and therefore the user 3 is offered an installation option (Figure 7). In another example, the trading system may be configured such that no communication program is required directly in the mobile communication device 4, and only a conventional Internet browser is used. The pretreatment phase is shown in Figures 20 to 24.

The system operator 2 acquirer 12 has signed a contract under which the operator receives the parameters for running transactions (acquirer 12 identification by ID, its public cryptographic key, and a set of payment terminal identifiers). Upon agreement, the acquirer 12 may provide placement of the business application installation unit 17.

During the pre-preparation phase, within the part that can be referred to as prepersonalization of the removable memory card i (e.g. named LgmPayCard), the configuration data for the payment terminal unit 6 (e.g. in the EMVP structure) is placed in the configuration data unit 11, usually in the form protected element. The payment terminal unit 6 will act as a virtual POS terminal for payments in the trading system 2. During personalization, the parameters of the LgmPayCard as a payment instrument are placed in the Secure Element.

During the installation of the trading system 2, it is preset that the preferred payment method is payment via the LGM payment application (Figure 9). In principle, it is also possible to use other payment methods where the payment card units 5 are located within the mobile communication device 4 and the removable memory card 11. After the installation of the trading system software 2, in this case OVI n

store, user 3 is offered a purchase option (Figure 11) in the trading system 2. From the user's perspective 3, the purchase process in trading system 2 is almost the same as the previous payment method (Figures 16 to 19). Once the purchased item is selected, payment options 4 appear on the display 10 of the mobile communication device 4. In this example, three options were shown on the display 10: payment by VISA card, payment by MasterCard and payment by LGM Pay by payment terminal. The controller 7 manages the communication between the LGM payment application and the LgmPayCard.

User 3 chose LGM Pay and entered the correct password. Subsequently, the microSD controller 7 (Fig. 27) runs to the removable memory card to enter the task - requesting the acquirer identification 12. From the configuration data unit 11, the identifier of the acquirer 12 is read into the EMV processor unit representing the payment terminal unit 6. From here the microSD controller 7 and the mobile data network 14 are sent (Figure 28) the identification of the acquirer 12 to the head office of the trading system 2. Here it is assessed whether the identification of the acquirer 12 belongs to one of the entities with which the trading system operator 2 has a contract. A positive response triggers on the trading system side 2 a task in which transaction payment parameters, including the payment value, in the form of TermID + TrxNo + TrxDet, are sent back to the mobile communication device 4 (Figure 29). The LGM payment application sends the transaction request with the appropriate parameters to the payment terminal unit 6, where the evaluation is performed in cooperation with the payment card application (e.g., PayPass risk management) and an EMV standard transaction is being prepared. Encryption takes place using the masterkey of the card issuer 13.

The data is sent via the microSD controller 7 to the payment terminal unit 6, which at this stage (FIG. 30) acts as the payment terminal of the acquirer 12. Now, within the removable memory card I communication between the payment terminal unit 6 and the payment card unit 5 takes place. generates a cryptogram using MasterKey card issuer 13, for example in the form Trx = RS (IssMKey [TrxDet]) + AAC / TC / ARQC. From the mobile communication device 4, a payment cryptogram goes to the headquarters of the trading system 2, in this example in the EMV structure as Trx = RSA (Acq

PrivKey [AcqID + TermID + TrxNo + RS (IssMKey [TrxDet]) + AAC / TC / ARQC J), which was created by encrypting the private key of the acquirer 12 and where part of the encrypted file is a cryptogram encrypted by MasterKey card issuer 13 (Figure 32) . Encryption and decryption on the removable memory card platform 6 is provided by the encryption unit 15.

At the head office of the trading system 2, the status of the acquirer 12 is evaluated using the public key of the acquirer (Figure 33). Figures 33 to 35 show the evaluation of the offline payment. If the result contains an AAC file, the payment and thus the entire business transaction is denied, which is subsequently (Figure 34) notified to the user 3 on the display £ 0. In the case of a positive offline response (Figure 35), the TC result is decided without communicating with the acquirer 12. TC means that user 3 will be informed that the payment was successful and the paid items are ready for download.

Decryption of the payment scheme is possible because the trading system operator 2 has pre-stored public encryption keys from the acquirer 12. the operator evaluates the next procedure according to the decrypted message.

In the figures no. Figures 36 to 38 show online payment reconciliation. This is required if the amount you pay is higher or when you make a set number of offline payments. The ARQC request file is sent from the trading system headquarters 2 (Figure 37) to the acquirer 12, who sends the task for online authorization to the card issuer 13. There the status authorization takes place and a response is created in which the private key of the acquirer 12 is an encrypted response, for example in the form Trx = RSA (Acq PrivKey [ARPCj). Acquierer 12 sends this response to the trading system central 2 where the response is decrypted by means of (Figure 38) the acquier 12 public key and its result in the form of AAC or TC is sent to the mobile communication device 4. The card issuer 13 returns the result online verifications (ARPC = (AAC or TC) + other data that may be additional to trading system data 2.

Successful payment initiates on the side of the trading system 2 the copying of the paid data to the mobile communication device 4. This externally terminates the entire business case from the user's perspective 3. In the picture no. 39 shows how the counter on the credit card unit 5 can be reset after successful online payment. An ARPC file is sent to the payment terminal unit 6 via the microSD controller 7, which is evaluated there as an instruction to reset the computer, since the ARPC responder file represents a confirmation of successful online payment. Specifically, the number of newly made offline payments is controlled by Risk Management, which is set in the credit card unit 5 by the credit card issuer 13. Resetting the counter allows you to make the prescribed number of offline payments.

Subsequent clearing from cash accounting is performed using stored cryptograms, for example in the form Trx = RSA (Acq PrivKey [AcqID + TermID + TrxNo + RS (IssMKey [TrxDet]) + AAC]), Trx = RSA (Acq PrivKey [AcqID + TermID + TrxNo + RS (IssMKey [TrxDet]) + TC]

PrivKey [AcqID + TermID + TrxNo + RS (IssMKey [TrxDet]) + ARQC]. These are according to Figure no. 40 are located on the acquirer server 12 and, according to a pre-agreed and contracted procedure (Figures 41 to 44), sends the card 13 to the card issuer bank and the merchant system operator bank for offsetting. All transactions (offline and online) are sent at pre-agreed time intervals. Acquirer 12 creates standard files with summary of realized transactions for participating banks. Transaction accounting and payments are carried out according to the standards of the participating banks and have the same form as for physical POS terminals at traditional merchants.

In this example, the removable memory card I also has an NFC communication element 8 with the antenna, although it was not active in any of the steps described above. It is designed to make payments via NFC readers of classic POS terminals, which significantly expands the possibilities of using payment means on a removable memory card L

All designations used, such as OVI store, NOKIA, Logomotion, are trademarks of their respective owners and do not determine the scope of protection as described. The present solution is applicable in principle to any trading system 2 with the same or similar structures.

Industrial usability

Industrial applicability is obvious. According to this solution, it is possible to industrially and re-install, configure, and use a method and procedure for selling in a trading system accessible from a mobile communication device using a payment terminal located on a removable memory card. The advantage is high security while maintaining the existing data standards of payment transactions.

Claims (18)

Procedure for selling in an e-commerce accessible from a mobile communication device (4) via a mobile data network (14), where the purchased items are downloaded from the trading system center (2) to the mobile communication device (4) using payment means from the payment card issuer (13), characterized in that after selecting the purchased item, an activation command is sent to the removable memory card (1), the payment terminal unit (6) takes over the acquirer's identification data (12) from the configuration data unit (11), via a removable memory card controller (7) to a mobile communication device (4), which forwards it via a mobile data network (14) to a trading system central (2), in the trading system central (2) the identification data is compared with data of admissible acquiers (12), a positive comparison result initiates the sending of transaction payment parameters including the price of the purchased item to the mobile communication device (4), the received transaction payment parameters are sent via the controller (7) to the payment terminal unit (6), which prompts the payment card unit (5) to process the payment file, a payment cryptogram created by the card issuer (13) of the card (1), the generated cryptogram leaves from the payment terminal unit (6) to the trading system central (2), where the received payment cryptogram is evaluated. Method according to claim 1, characterized in that the user (3) is required to enter the correct password before sending an activation command to the removable memory card (1). Method according to claim 1 or 2, characterized in that the evaluation of the payment cryptogram on the part of the trading system operator (2) consists in particular in decrypting the cryptogram using the public key of the acquirer (12) and subsequently assessing the message according to online or offline payment rules. Method according to claim 3, characterized in that the decrypted cryptogram is considered to be offline rejection or receipt of payment and the user (3) is informed on the display (10) of the mobile communication device (4) of a failed or successful purchase result. Method according to claim 3, characterized in that, after obtaining the online payment data from the cryptogram, the ARQC task is sent from the central trading system (2) to the payment issuer (13) directly or via the acquirer system (12) to the issuer. (13) an ARPC response file is created by the payment card, which is encrypted with the acquier's private key (12) and sent directly or via the acquier (12) to the trading system central (2); 12) decrypts the received message and its contents in the form of AAC rejection or TC consent is sent to the mobile communication device (4). The selling process according to any one of claims 1 to 5, characterized in that upon receipt of the ARPC online payment consent to the mobile communication device (4), a counter is reset on the removable memory card (1), the command being based on the unit (6) a payment terminal on a removable memory card (1) to a payment card unit (5). Selling process according to any one of claims 1 to 6, characterized in that it comprises a preparatory phase in which a payment-terminal application located on a removable memory card (1) is installed, wherein the installation or the subsequent step after the installation comprises entering personal data the user (3) and preferably also the activation key provided by the card issuer (13). Method according to claim 7, characterized in that, in the preparatory phase, the removable memory card (1) is paired with the mobile communication device by means of a SIM card or a telephone number. Method according to any one of claims 1 to 8, characterized in that it comprises a pre-preparation phase in which the removable memory card (1) provided by the acquirer (12) stores the software means of the payment card issuer (13). Method according to any one of claims 1 to 9, characterized in that it comprises a pre-preparation phase in which the removable memory card (1) provided by the acquierer (12) stores the software means of the trading system operator (2), preferably in the installation unit (17). business app. Method according to any one of claims 1 to 10, characterized in that it comprises a pre-preparation phase in which the acquierer (12) stores the payment terminal configuration data on the removable memory card (1), preferably in the configuration data unit (11). Method according to any one of claims 1 to 11, characterized in that the encryption and decryption on the side of the mobile communication device (4), including the payment cryptogram encryption, takes place in a cryptographic unit (15) which is located on the removable memory card (1). Method according to any one of claims 1 to 12, characterized in that the user data (3) entered during the installation of the payment application are available for transfer to the trading system central (2) for subsequent installation and registration of the application for communication with the trading system (2). . Method according to any one of claims 1 to 13, characterized in that the acquirer (12) provides the received payment cryptograms for settlement between the trading system operator's bank (2) and the card issuer (13) and / or the user's bank (3). Method according to any one of claims 1 to 14, characterized in that the user data (3) entered during the installation of the payment application are available for transfer to the trading system headquarters (2) for subsequent installation and registration of the application for communication with the trading system (2). . Method according to any one of claims 1 to 15, characterized in that the user (3) controls the installation process of the removable memory card (1) with the payment terminal unit (6) via the GUI (Graphical user interface) of the mobile communication device (4). Method according to any one of the preceding claims, characterized in that the first insertion of the removable memory card (1) activates the installation of the acquirer software (12). Method according to any one of claims 1 to 17, characterized in that the activation of the removable memory card (1) in the mobile communication device (4) causes a preferential preselection of the payment path by the payment terminal of the acquirer (12).