US20140143152A1 - Methods and systems using contactless card - Google Patents

Methods and systems using contactless card Download PDF

Info

Publication number
US20140143152A1
US20140143152A1 US14/150,324 US201414150324A US2014143152A1 US 20140143152 A1 US20140143152 A1 US 20140143152A1 US 201414150324 A US201414150324 A US 201414150324A US 2014143152 A1 US2014143152 A1 US 2014143152A1
Authority
US
United States
Prior art keywords
customer
financial institution
request
account
computer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US14/150,324
Inventor
Satish Mukunda MENON
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Citibank NA
Original Assignee
Citibank NA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Citibank NA filed Critical Citibank NA
Priority to US14/150,324 priority Critical patent/US20140143152A1/en
Publication of US20140143152A1 publication Critical patent/US20140143152A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/10Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
    • G06Q20/108Remote banking, e.g. home banking
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/326Payment applications installed on the mobile devices
    • G06Q20/3263Payment applications installed on the mobile devices characterised by activation or deactivation of payment capabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/22Payment schemes or models
    • G06Q20/24Credit schemes, i.e. "pay after"
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3278RFID or NFC payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/354Card activation or deactivation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists

Definitions

  • the present invention relates generally to the secure use of an RFID sticker for a financial transaction.
  • Radio frequency identification (RFID) stickers or tags use radio frequency to transmit data to an RFID reader.
  • the RFID sticker can be used for payments at a merchant that has point of sale terminals that accept these contactless devices.
  • the RFID sticker can be affixed to a device, such as a mobile phone.
  • the customer desires to use the RFID sticker to complete a transaction, the customer brings the RFID sticker within a certain proximity of a point of sale terminal.
  • the point of sale terminal can read the RFID sticker and process the transaction using the payment information supplied by the RFID sticker.
  • a third party can use an RFID reader to obtain account information from an unsuspecting customer having an RFID sticker.
  • the third party with the appropriate RFID reader can possibly obtain this account information by merely passing a customer's RFID sticker while walking on the sidewalk.
  • a financial institution allows a customer to switch on or off the account for use with the RFID sticker by submitting a request to the financial institution using internet banking, mobile banking, SMS texting, or other communications method. Because an RFID sticker cannot be turned on and off for each use, the customer can communicate with the financial institution to block the account or allow its use during designated time periods.
  • a computer-implemented method for more securely using an RFID mechanism in a transaction comprises receiving, by a computer of a financial institution, a first request from a customer to switch on the use an RFID mechanism associated with a credit account of the customer, wherein the first request is submitted via a website of the financial institution, a text message to the financial institution, a mobile banking application of the financial institution, or a phone call to the financial institution; switching on, by a computer of the financial institution, the use of the RFID mechanism associated with the credit account of the customer; receiving, by a computer of the financial institution, a request from a merchant to authorize a transaction with the customer using the RFID mechanism; transmitting, by a computer of the financial institution, an authorization to the merchant for the transaction; receiving, by a computer of a financial institution, a second request from a customer to deactivate the use of the RFID mechanism associated with the credit account of the customer, wherein the second request is submitted via the website of the financial institution, a text message to the financial institution, the mobile banking application of the
  • a computer-implemented method for more securely using an RFID mechanism in a transaction comprises receiving, by a computer of a financial institution, a request from a customer to switch on the use an RFID mechanism associated with a credit account of the customer, wherein the request is submitted via a website of the financial institution, a text message to the financial institution, a mobile banking application of the financial institution, or a phone call to the financial institution; switching on, by a computer of the financial institution, the use of the RFID mechanism associated with the credit account of the customer; receiving, by a computer of the financial institution, a request from a merchant to authorize a transaction with the customer using the RFID mechanism; transmitting, by a computer of the financial institution, an authorization to the merchant for the transaction; and switching off, by a computer of the financial institution, the use of the RFID mechanism associated with the credit account of the customer after the transaction with the merchant.
  • a computer-implemented method for conducting a transaction comprises receiving, by a computer of a financial institution, a first request from a customer using a first communication channel to activate the use of a payment mechanism associated with an account of the customer; activating, by a computer of the financial institution, the account of the customer; receiving, by a computer of the financial institution, a request from a point of sale to authorize a transaction with the customer using the payment mechanism; transmitting, by a computer of the financial institution, authorization for the transaction to the point of sale; and deactivating, by a computer of the financial institution, the account of the customer after the transaction.
  • a computer-implemented method for authorizing a transaction comprises receiving, by a computer, a request to authorize a transaction; determining, by the computer, whether the transaction was initiated by an RFID sticker; determining, by the computer, whether the account has been switched on or off for use of the RFID sticker; authorizing the transaction if the request was not initiated by the RFID sticker or the requested was initiated by the RFID sticker and the account has been switched on; and declining the transaction if the request was initiated by the RFID sticker and the account has been switched off.
  • FIG. 1 shows a mobile phone with an RFID sticker according to an exemplary embodiment.
  • FIG. 2 shows an exemplary system architecture according to an exemplary embodiment.
  • FIG. 3 shows a method for switching on and off an account according to an exemplary embodiment.
  • FIG. 4 shows a user interface for switching on and off an account according to an exemplary embodiment.
  • FIG. 5 shows a user interface for switching on and off an account according to an exemplary embodiment.
  • FIG. 6 shows a user interface for switching on and off an account according to an exemplary embodiment.
  • FIG. 7 shows a user interface for switching on and off an account according to an exemplary embodiment.
  • FIG. 8 shows a user interface on a mobile device for switching on and off an account according to an exemplary embodiment.
  • a credit card member can perform credit card transactions by placing the RFID sticker in close proximity to a contactless reader at a point of sale.
  • a financial institution can offer mobile couponing, store coupons on the mobile phone thereby reducing lost coupons, personalized rewards, and encourages customer loyalty and retention.
  • the RFID sticker can also be used with mobile coupons that are sent to the customer's card account.
  • the mobile coupons can be sent to the financial institution's customers who make credit card transactions with selected merchants.
  • the coupons can enable customers to enjoy discounts with selected merchants that allow payments using contactless devices a the point of sale. Customers can log on to a web site at the financial institution or another web address to view available coupons.
  • the methods and systems described herein use an RFID sticker, it is intended that any contactless technology can be used.
  • a mobile phone 100 is shown with an RFID sticker 110 affixed to a rear surface of the mobile phone 100 , though the RFID sticker 110 can be affixed to any exterior or interior surface of the mobile phone 100 .
  • this exemplary embodiment depicts the RFID sticker affixed to a mobile phone, it is intended that the RFID sticker can be affixed to any object, such as a wallet, key chain, or other device.
  • the RFID sticker can take the form of a tag and either be secured to another object, such as a key chain, or be used as a standalone item.
  • the exemplary embodiment discusses the affixation of the RFID sticker to the mobile phone, it is intended that the RFID sticker can be attached or coupled to the mobile phone using means other than adhesive, such as integrating the RFID sticker into a plastic, metal, or glass component; attaching the RFID sticker using screws, rivets, thread, or hook-and-loop fastening; or inserting the RFID sticker into a sleeve of the mobile phone or a case for a mobile phone.
  • the RFID sticker 110 can include an antenna, an integrated circuit having a processor, and in some instances may include a battery.
  • the processor can be EMV-DDA (Europay, MasterCard, VISA—Dynamic Data Authentication) enabled, so it can dynamically authenticate data whenever a payment request is made.
  • the processor may support an RSA key pair for each RFID sticker, whereby the RFID sticker generates and transmits a dynamic signature that is verified by a point of sale terminal.
  • the RFID sticker may include near field communication (NFC) technology.
  • each type of payment mechanism may include additional or alternative security measures, but each payment can implement the use of an account that is switched on or off based upon a customer's actions. For example, a mobile payment using a mobile device may require a customer to switch on the mobile payment feature, and the security may also include the use of a dynamically-generated PIN for each transaction.
  • a customer 205 has an RFID sticker, which can be affixed to a mobile phone 210 .
  • the RFID sticker was issued to the customer by a financial institution 225 , which holds an account for the customer that can be used in conjunction with the RFID sticker.
  • the account can be a credit account, debit account, charge card account, gift card account, prepaid account, or any other account type.
  • the customer 205 desires to conduct a transaction at a merchant 240 to purchase goods or services.
  • the customer would use an RFID sticker at a point of sale terminal of the merchant, whereby the RFID sticker is always in an “on” or active state and can be brought into proximity of the point of sale terminal to make a purchase.
  • the RFID sticker itself cannot be turned off, but the financial institution 225 blocks the use of the account associated with the RFID sticker.
  • an “off” or deactivated account remains available for use by the customer using payment mechanisms (e.g., online payments, telephone payments, use of a plastic credit card) other than the RFID sticker.
  • an off account cannot be used by the customer with any payment mechanism.
  • the customer 205 uses the mobile phone 210 , computer 215 , telephone 220 , or other device to transmit a message over a network 255 to the financial institution 225 .
  • the message can request that the financial institution 225 switch on (or activate or unblock) the account for use with an RFID sticker, or the message can request that the financial institution 225 switch off (or deactivate or block) the account to prevent use with the RFID sticker.
  • the financial institution 225 can receive requests sent over the network 255 by a communication server 230 , such as a web server.
  • the communication server 230 can provide this request to an account status server 235 that implements the request of the customer 205 .
  • the request of the merchant 240 for authorization by financial institution 225 will be declined.
  • the request of the merchant 240 for authorization by financial institution 225 will be approved, assuming there are sufficient funds and other security and financial criteria are satisfied.
  • the customer 205 desires to make a purchase at merchant 225 , the customer 205 sends the request to the financial institution 225 to activate the account.
  • the customer 205 approaches a point of sale terminal 245 at the merchant 240 to conduct the transaction.
  • the customer 205 waves, swipes, or otherwise directs the RFID sticker in the vicinity of or close proximity to the point of sale terminal 245 .
  • the point of sale terminal 245 receives account information from the RFID sticker, such account number, expiration date, and the name of the customer.
  • the point of sale terminal 245 communicates this account information with other transaction information, such as the transaction amount, to a merchant server 250 .
  • the point of sale terminal 245 can also include an indicator, such as one or more alphanumeric characters in a transaction field, that indicates that the transaction was initiated by an RFID sticker.
  • the RFID sticker can transmit to the point of sale terminal 245 information to indicate that the account information is being transmitted from an RFID sticker.
  • the point of sale terminal 245 can recognize that it received account information from an RFID sticker and appropriately include the indicator. Conventional credit card transactions where a card is swiped or dipped in a card reader do not include this indicator.
  • the merchant server 250 transmits the account information and transaction information to the financial institution 225 for authorization of the transaction.
  • the financial institution 225 can receive the authorization request at the communication server 230 .
  • the communication server 230 will confirm with the account status server 235 whether the account is switched on for use in an RFID transaction.
  • the financial institution 225 may also determine whether there are sufficient funds available, a sufficient credit line available, or consider other factors in authorizing the transaction. But if the account has been switched off and the request was initiated from an RFID sticker, then the financial institution 225 will not authorize the transaction from the merchant.
  • the financial institution 225 will transmit a message to the merchant server 250 declining the authorization for the transaction. If the account is activated, then the financial institution can transmit an authorization approval to the merchant server 250 , as long as other authorization criteria have been satisfied.
  • the customer can request to switch an account on or off by sending a message to the financial institution.
  • the financial institution recognizes the RFID capabilities of the account as being switched on, so the customer is able to make payments using the RFID sticker.
  • the customer's account can have an activation flag set to “Y” or “yes” in the active or on state.
  • the customer chooses to switch on or off the account.
  • the customer can choose a variety of methods for notifying the financial institution, including online banking, mobile banking, SMS text messaging, telephone, or any other method for contacting a customer service representative, such as visiting a branch location.
  • the financial institution can change the on status to off status or the off status to on status.
  • the financial institution recognizes the RFID capabilities of the account as being switched off, so the customer is unable to make payments using the RFID sticker.
  • the customer's account can have an activation flag set to “N” or “no” in the inactive or off state. While in the off state, if the financial institution receives a transaction request along with an indicator that the transaction was initiated by an RFID sticker, the financial institution will deny the transaction request.
  • the customer can use online banking services (e.g., Citibank Online, which is available at www.citibank.com.sg or www.citibank.com) to switch on or off an account.
  • online banking services e.g., Citibank Online, which is available at www.citibank.com.sg or www.citibank.com
  • FIG. 4 a screenshot of a webpage 400 presented by a financial institution is shown where a customer has logged into online banking for the financial institution.
  • the online banking website provides contactless payment options 410 for the customer, including “Apply for Citibank Quick Pay” link 420 , “Switch On/Off Citibank Quick Pay” link 430 , and “Citibank Quick Pay Coupon Inquiry” link 440 . If the customer desires to switch on or off the account, the customer can click on the link 430 .
  • a screenshot of a webpage 500 is shown where a customer has selected a link to switch on or off the account.
  • the financial institution presents on the webpage 500 an identification of at least one account that is capable of being switched on (activate) or off (deactivate).
  • a credit card account 510 is shown along with an optional graphical representation 520 of the appearance of the credit card, if a conventional plastic credit card exists for that account.
  • the customer has an option to click a link 530 to cancel the transaction or a link 540 to proceed with deactivating the card.
  • this exemplary embodiment recites the deactivation of the account, it is intended that the activation of the account follows a similar process.
  • FIG. 6 a screenshot of a webpage 600 is shown where a customer has selected a link to proceed with switching off or deactivating (or alternatively activating) an account.
  • the financial institution presents a confirmation window 610 that allows the customer to confirm whether to proceed by selecting a link 620 or to cancel by clicking a link 630 .
  • the financial institution Upon the selection of link 620 to proceed, the financial institution will switch off or deactivate (or alternatively activate) the account.
  • FIG. 7 a screenshot of a webpage 700 is shown where a customer has selected a link to confirm the deactivation (or activation) of an account.
  • the webpage 700 confirms in a message 710 that “Your card has been successfully deactivated for Citibank Quick Pay.”
  • the customer can click on a link 720 to proceed with other online banking services or log off online banking
  • the customer can switch on or off the account using a mobile banking platform.
  • the use of the mobile banking platform may require that the customer register a mobile phone number with the financial institution.
  • FIG. 8 a sequence of screenshots of a user interface 800 a, 800 b, 800 c, 800 d of a mobile device is shown.
  • the mobile device can be a mobile phone, a smart phone, a tablet computer, a personal data assistant, or any other mobile device.
  • the customer logs into a mobile banking application (“app”) installed on the mobile device, accessible through a website on the mobile device, or other interface using a cellular, Wi-Fi, or Internet connection.
  • the user interface 800 a presents to the customer an account summary 805 and mobile banking options 810 , which includes a “mobile wallet” link 815 .
  • the customer can select the link 815 to activate or deactivate an account.
  • the user interface 800 b presents to the customer an option to select a credit card or other account in a drop down menu 820 .
  • the customer also has an option to select a link 825 to “Activate/Deactivate” the account selected in drop down menu 820 .
  • the customer selects the link 825 to proceed with activation or deactivation.
  • the user interface 800 c presents to the customer a confirmation that the customer would like to activate or deactivate the selected account.
  • the user interface 800 c allows the customer to deactivate a credit card account, though it is intended that the user interface 800 c can be used to activate an account.
  • the customer can select a link 830 to confirm the deactivation (or activation) or a link 835 to go to a previous screen. Upon the selection of link 830 to confirm, the financial institution will deactivate (or activate) the account.
  • the user interface 800 d presents a confirmation message 840 to the customer that the request has been processed and the selected account has been deactivated (or activated).
  • the customer can click on a link 845 to proceed with other mobile banking services or go to a previous screen.
  • the customer If the customer misplaces, loses, or ends service on the mobile phone or the mobile phone is stolen or damaged, then the customer should report this event to the financial institution to prevent a fraudulent activation of the account by another individual.
  • the security of the mobile banking and SMS text messaging is limited in part to the secure handling of the mobile phone by the customer.
  • the customer can send an SMS text message to activate or deactivate the account.
  • the use of SMS text messaging may require that the customer register a mobile phone number with the financial institution.
  • the customer can send an SMS text message with the format “Off ⁇ last 4 digits of account number>” to a specified SMS number for the financial institution.
  • the customer can send an SMS text message with the format “On ⁇ last 4 digits of account number>” to a specified SMS number for the financial institution.
  • the financial institution can send a confirmation SMS text message back to the phone number listed on the account to indicate that the RFID sticker has been activated or deactivated accordingly.
  • the customer can receive an SMS text message asking a security question before performing the activation or deactivation.
  • the customer can send an SMS text message to the financial institution requesting the status of the account to determine whether it is currently activated or deactivated.
  • the financial institution can activate the account for a predetermined period of time to allow for a single transaction or an allotted time for shopping.
  • each account can default to a deactivated status.
  • the account is only activated for a predetermined period of time, such as five minutes, one hour, four hours, or one day.
  • the customer can optionally select the desired period of time for activation.
  • the financial institution can automatically deactivate the account. The automatic deactivation can be based upon a timestamp from the activation of the account.
  • the predetermined period of time can also be extended each time the customer conducts a transaction. In an instance where a customer is conducting numerous transactions and may need additional time, this feature could allow the period of time to be extended each time the customer makes a purchase using that account.
  • the financial institution can send a request to the customer (e.g., via text messaging) or the customer can send a request to the financial institution (e.g., via text messaging) to confirm that the time period should be extended.
  • a customer can call a financial institution's customer service number and ask to activate or deactivate the account.
  • the financial institution may require identification of the customer to verify their identity, such as one or more of a name, date of birth, account number, user name, password, address, mother's maiden name, pet's name, or information about account activity.
  • the customer can activate the account, deactivate the account, or receive any additional information or instructions.
  • the financial institution can speak to the customer using an operator or interactive voice response (e.g., an audio response unit).
  • the customer sends the instructions via one of the channels described above or another communication channel to the financial institution to activate or deactivate the account.
  • the customer is not limited to the use of only one channel.
  • the customer can activate the account with one channel and deactivate the account with a different channel.
  • the financial institution updates the account record to indicate that the account can or cannot be used for processing a transaction.
  • a merchant submits the payment for processing
  • the financial institution denies the transaction request.
  • the account is activated, then the financial institution approves the transaction request.
  • the activation and deactivation occurs on the financial institution's processing to prevent the use of unauthorized RFID sticker use and does not physically turn on or off the RFID sticker or the account associated with the RFID sticker.
  • Connectivity and security features include a function for switching on and switching off the ability to use the RFID sticker to complete a transaction.
  • Extra security features include Loss Card Liability, DDA compliance, and the requirement of a signature for transactions above a predetermined amount (e.g., $30 or SGD100). If a customer desires to conduct a transaction above the threshold, the customer would have to use a conventional credit card or alternative payment means. Below the threshold, the customer can use the contactless RFID sticker and a signature is not required. The financial institution can also monitor transaction outlier trends and alert the customer if fraud is suspected (e.g., numerous small transactions of the same amount being charged within a certain time period). Described herein, the customer can choose to switch on or off the RFID sticker capability in real-time using internet-based banking, mobile banking, 2-way SMS text messaging, or other communications methods.
  • Alerts can be triggered when transactions are processed above a pre-determined threshold.
  • the financial institution can send an SMS alert to a customer that a transaction has been made above the threshold.
  • All transactions using the RFID sticker may be required to undergo online authorization using the customer's available credit limit.
  • Customers can be limited to a liability of a predetermined amount (e.g., $30 or SGD100) for fraudulent transactions using the RFID sticker (after the financial institution is notified of the card loss).
  • the computers described herein have a processor and a computer readable medium, wherein the computer readable medium has program code.
  • the program code can be made of one or more modules that carry out instructions for implementing the systems and methods herein.
  • the processor can execute the instructions as programmed in the modules of the program code.
  • the systems and methods described can be implemented as a computer program product having a computer readable medium having a computer readable program code embodied therein, the computer readable program code adapted to be executed to implement a method for performing the methods described above. Each step or aspect can be performed by a different module, or a single module can perform more than a single step.
  • the systems and methods described herein as software can be executed on at least one computer or server, though it is understood that they can be configured in other ways and retain its functionality.
  • the above-described technology can be implemented on known devices such as a personal computer, a special purpose computer, cellular telephone, personal digital assistant (PDA), a programmed microprocessor or microcontroller and peripheral integrated circuit element(s), and ASIC or other integrated circuit, a digital signal processor, a hard-wired electronic or logic circuit such as a discrete element circuit, a programmable logic device such as a PLD, PLA, FPGA, PAL, or the like.
  • PLD personal digital assistant
  • PLA programmable logic device
  • PLA PLA
  • FPGA field-programmable logic device
  • the various components of the technology can be located at distant portions of a distributed network and/or the Internet, or within a dedicated secure, unsecured and/or encrypted system.
  • the components of the system can be combined into one or more devices or co-located on a particular node of a distributed network, such as a telecommunications network.
  • the components of the system can be arranged at any location within a distributed network without affecting the operation of the system.
  • the components could be embedded in a dedicated machine.
  • the various links connecting the elements can be wired or wireless links, or any combination thereof, or any other known or later developed element(s) that is capable of supplying and/or communicating data to and from the connected elements.
  • module as used herein can refer to any known or later developed hardware, software, firmware, or combination thereof that is capable of performing the functionality associated with that element.
  • determine, calculate and compute, and variations thereof, as used herein are used interchangeably and include any type of methodology, process, mathematical operation or technique.
  • the disclosed methods may be readily implemented in software, e.g., as a computer program product having one or more modules each adapted for one or more functions of the software, executed on a programmed general purpose computer, cellular telephone, PDA, a special purpose computer, a microprocessor, or the like.
  • the systems and methods of this invention can be implemented as a program embedded on a personal computer such as a JAVA®, CGI or Perl script, as a resource residing on a server or graphics workstation, as a routine embedded in a dedicated image system, or the like.
  • the systems and methods of this invention can also be implemented by physically incorporating this system and method into a software and/or hardware system, such as the hardware and software systems of a computer.
  • Such computer program products and systems can be distributed and employ a client-server architecture.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)

Abstract

It is desirable to implement security features that can prevent the unauthorized use of a customer's sensitive account information from an RFID sticker. The methods and systems described herein attempt to resolve the deficiencies with the conventional RFID stickers. In a more secure implementation, a financial institution allows a customer to activate or deactivate the account for use with the RFID sticker by submitting a request to the financial institution using internet banking, mobile banking, SMS texting, or other communications method.

Description

    CROSS-REFERENCE TO RELATED APPLICATIONS
  • This application is a continuation of U.S. patent application Ser. No. 13/346,045, filed Jan. 9, 2012, entitled “Methods and Systems Using Contactless Card,” which claims priority to U.S. Provisional Patent Application Ser. No. 61/449,164, entitled “Methods and Systems Using Contactless Card,” filed Mar. 4, 2011, all of which are hereby incorporated by reference in their entirety.
    • FIELD OF THE INVENTION
  • The present invention relates generally to the secure use of an RFID sticker for a financial transaction.
    • BACKGROUND
  • Radio frequency identification (RFID) stickers or tags use radio frequency to transmit data to an RFID reader. The RFID sticker can be used for payments at a merchant that has point of sale terminals that accept these contactless devices. The RFID sticker can be affixed to a device, such as a mobile phone. When the customer desires to use the RFID sticker to complete a transaction, the customer brings the RFID sticker within a certain proximity of a point of sale terminal. The point of sale terminal can read the RFID sticker and process the transaction using the payment information supplied by the RFID sticker.
  • Using RFID stickers can cause security issues with the customer's sensitive account information. A third party can use an RFID reader to obtain account information from an unsuspecting customer having an RFID sticker. The third party with the appropriate RFID reader can possibly obtain this account information by merely passing a customer's RFID sticker while walking on the sidewalk. As a result, it is desirable to implement security features that can prevent the unauthorized use of a customer's account information from an RFID sticker.
    • SUMMARY
  • It is desirable to implement security features that can prevent the unauthorized use of a customer's sensitive account information from an RFID sticker, and the methods and systems described herein attempt to resolve the deficiencies with the conventional RFID stickers. In a more secure implementation, a financial institution allows a customer to switch on or off the account for use with the RFID sticker by submitting a request to the financial institution using internet banking, mobile banking, SMS texting, or other communications method. Because an RFID sticker cannot be turned on and off for each use, the customer can communicate with the financial institution to block the account or allow its use during designated time periods.
  • In one embodiment, a computer-implemented method for more securely using an RFID mechanism in a transaction comprises receiving, by a computer of a financial institution, a first request from a customer to switch on the use an RFID mechanism associated with a credit account of the customer, wherein the first request is submitted via a website of the financial institution, a text message to the financial institution, a mobile banking application of the financial institution, or a phone call to the financial institution; switching on, by a computer of the financial institution, the use of the RFID mechanism associated with the credit account of the customer; receiving, by a computer of the financial institution, a request from a merchant to authorize a transaction with the customer using the RFID mechanism; transmitting, by a computer of the financial institution, an authorization to the merchant for the transaction; receiving, by a computer of a financial institution, a second request from a customer to deactivate the use of the RFID mechanism associated with the credit account of the customer, wherein the second request is submitted via the website of the financial institution, a text message to the financial institution, the mobile banking application of the financial institution, or a phone call to the financial institution; and switching off, by a computer of the financial institution, the use of the RFID mechanism associated with the credit account of the customer.
  • In another embodiment, a computer-implemented method for more securely using an RFID mechanism in a transaction comprises receiving, by a computer of a financial institution, a request from a customer to switch on the use an RFID mechanism associated with a credit account of the customer, wherein the request is submitted via a website of the financial institution, a text message to the financial institution, a mobile banking application of the financial institution, or a phone call to the financial institution; switching on, by a computer of the financial institution, the use of the RFID mechanism associated with the credit account of the customer; receiving, by a computer of the financial institution, a request from a merchant to authorize a transaction with the customer using the RFID mechanism; transmitting, by a computer of the financial institution, an authorization to the merchant for the transaction; and switching off, by a computer of the financial institution, the use of the RFID mechanism associated with the credit account of the customer after the transaction with the merchant.
  • In yet another embodiment, a computer-implemented method for conducting a transaction comprises receiving, by a computer of a financial institution, a first request from a customer using a first communication channel to activate the use of a payment mechanism associated with an account of the customer; activating, by a computer of the financial institution, the account of the customer; receiving, by a computer of the financial institution, a request from a point of sale to authorize a transaction with the customer using the payment mechanism; transmitting, by a computer of the financial institution, authorization for the transaction to the point of sale; and deactivating, by a computer of the financial institution, the account of the customer after the transaction.
  • In still yet another embodiment, a computer-implemented method for authorizing a transaction comprises receiving, by a computer, a request to authorize a transaction; determining, by the computer, whether the transaction was initiated by an RFID sticker; determining, by the computer, whether the account has been switched on or off for use of the RFID sticker; authorizing the transaction if the request was not initiated by the RFID sticker or the requested was initiated by the RFID sticker and the account has been switched on; and declining the transaction if the request was initiated by the RFID sticker and the account has been switched off.
  • Additional features and advantages of an embodiment will be set forth in the description which follows, and in part will be apparent from the description. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the exemplary embodiments in the written description and claims hereof as well as the appended drawings.
  • It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the invention as claimed.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • The methods, systems and/or programming described herein are further described in terms of exemplary embodiments. These exemplary embodiments are described in detail with reference to the drawings. These embodiments are non-limiting exemplary embodiments, in which like reference numerals represent similar structures throughout the several views of the drawings, and wherein:
  • FIG. 1 shows a mobile phone with an RFID sticker according to an exemplary embodiment.
  • FIG. 2 shows an exemplary system architecture according to an exemplary embodiment.
  • FIG. 3 shows a method for switching on and off an account according to an exemplary embodiment.
  • FIG. 4 shows a user interface for switching on and off an account according to an exemplary embodiment.
  • FIG. 5 shows a user interface for switching on and off an account according to an exemplary embodiment.
  • FIG. 6 shows a user interface for switching on and off an account according to an exemplary embodiment.
  • FIG. 7 shows a user interface for switching on and off an account according to an exemplary embodiment.
  • FIG. 8 shows a user interface on a mobile device for switching on and off an account according to an exemplary embodiment.
    •  DETAILED DESCRIPTION
  • Various embodiments and aspects of the invention will be described with reference to details discussed below, and the accompanying drawings will illustrate the various embodiments. The following description and drawings are illustrative of the invention and are not to be construed as limiting the invention. Numerous specific details are described to provide a thorough understanding of various embodiments of the present invention. However, in certain instances, well-known or conventional details are not described in order to provide a concise discussion of embodiments of the present invention.
  • The methods and systems described herein attempt to resolve the deficiencies with the conventional RFID stickers. In a more secure implementation, a credit card member can perform credit card transactions by placing the RFID sticker in close proximity to a contactless reader at a point of sale. By affixing the RFID sticker to a mobile phone, a financial institution can offer mobile couponing, store coupons on the mobile phone thereby reducing lost coupons, personalized rewards, and encourages customer loyalty and retention. Besides credit card payments, the RFID sticker can also be used with mobile coupons that are sent to the customer's card account. The mobile coupons can be sent to the financial institution's customers who make credit card transactions with selected merchants. The coupons can enable customers to enjoy discounts with selected merchants that allow payments using contactless devices a the point of sale. Customers can log on to a web site at the financial institution or another web address to view available coupons. Also, although the methods and systems described herein use an RFID sticker, it is intended that any contactless technology can be used.
  • Referring to FIG. 1, a mobile phone 100 is shown with an RFID sticker 110 affixed to a rear surface of the mobile phone 100, though the RFID sticker 110 can be affixed to any exterior or interior surface of the mobile phone 100. Although this exemplary embodiment depicts the RFID sticker affixed to a mobile phone, it is intended that the RFID sticker can be affixed to any object, such as a wallet, key chain, or other device. Alternatively, the RFID sticker can take the form of a tag and either be secured to another object, such as a key chain, or be used as a standalone item. Also, although the exemplary embodiment discusses the affixation of the RFID sticker to the mobile phone, it is intended that the RFID sticker can be attached or coupled to the mobile phone using means other than adhesive, such as integrating the RFID sticker into a plastic, metal, or glass component; attaching the RFID sticker using screws, rivets, thread, or hook-and-loop fastening; or inserting the RFID sticker into a sleeve of the mobile phone or a case for a mobile phone.
  • The RFID sticker 110 can include an antenna, an integrated circuit having a processor, and in some instances may include a battery. The processor can be EMV-DDA (Europay, MasterCard, VISA—Dynamic Data Authentication) enabled, so it can dynamically authenticate data whenever a payment request is made. The processor may support an RSA key pair for each RFID sticker, whereby the RFID sticker generates and transmits a dynamic signature that is verified by a point of sale terminal. The RFID sticker may include near field communication (NFC) technology. Additionally, although the exemplary embodiment describes the use of RFID, it is intended that the methods and systems described herein can be applied to the switching on and off of accounts associated with other payment mechanisms, including but not limited to payments using mobile devices, telephones, credit cards, smart cards, key fobs, various financial accounts, checks, and online payments. Each type of payment mechanism may include additional or alternative security measures, but each payment can implement the use of an account that is switched on or off based upon a customer's actions. For example, a mobile payment using a mobile device may require a customer to switch on the mobile payment feature, and the security may also include the use of a dynamically-generated PIN for each transaction.
  • Referring to FIG. 2, an exemplary system architecture 200 is shown. A customer 205 has an RFID sticker, which can be affixed to a mobile phone 210. The RFID sticker was issued to the customer by a financial institution 225, which holds an account for the customer that can be used in conjunction with the RFID sticker. The account can be a credit account, debit account, charge card account, gift card account, prepaid account, or any other account type.
  • The customer 205 desires to conduct a transaction at a merchant 240 to purchase goods or services. In a conventional manner, the customer would use an RFID sticker at a point of sale terminal of the merchant, whereby the RFID sticker is always in an “on” or active state and can be brought into proximity of the point of sale terminal to make a purchase. In the methods and systems described herein, however, the RFID sticker itself cannot be turned off, but the financial institution 225 blocks the use of the account associated with the RFID sticker. In the exemplary embodiment, an “off” or deactivated account remains available for use by the customer using payment mechanisms (e.g., online payments, telephone payments, use of a plastic credit card) other than the RFID sticker. In an alternative embodiment, an off account cannot be used by the customer with any payment mechanism.
  • In order to use the RFID sticker, the customer 205 uses the mobile phone 210, computer 215, telephone 220, or other device to transmit a message over a network 255 to the financial institution 225. The message can request that the financial institution 225 switch on (or activate or unblock) the account for use with an RFID sticker, or the message can request that the financial institution 225 switch off (or deactivate or block) the account to prevent use with the RFID sticker. The financial institution 225 can receive requests sent over the network 255 by a communication server 230, such as a web server. The communication server 230 can provide this request to an account status server 235 that implements the request of the customer 205. Once the financial institution 225 implements the request to deactivate the account, the request of the merchant 240 for authorization by financial institution 225 will be declined. Once the financial institution 225 implements the request to switch on the account, the request of the merchant 240 for authorization by financial institution 225 will be approved, assuming there are sufficient funds and other security and financial criteria are satisfied.
  • If the customer 205 desires to make a purchase at merchant 225, the customer 205 sends the request to the financial institution 225 to activate the account. The customer 205 approaches a point of sale terminal 245 at the merchant 240 to conduct the transaction. The customer 205 waves, swipes, or otherwise directs the RFID sticker in the vicinity of or close proximity to the point of sale terminal 245. The point of sale terminal 245 receives account information from the RFID sticker, such account number, expiration date, and the name of the customer. The point of sale terminal 245 communicates this account information with other transaction information, such as the transaction amount, to a merchant server 250. The point of sale terminal 245 can also include an indicator, such as one or more alphanumeric characters in a transaction field, that indicates that the transaction was initiated by an RFID sticker. In one embodiment, the RFID sticker can transmit to the point of sale terminal 245 information to indicate that the account information is being transmitted from an RFID sticker. In another embodiment, the point of sale terminal 245 can recognize that it received account information from an RFID sticker and appropriately include the indicator. Conventional credit card transactions where a card is swiped or dipped in a card reader do not include this indicator. The merchant server 250 transmits the account information and transaction information to the financial institution 225 for authorization of the transaction.
  • The financial institution 225 can receive the authorization request at the communication server 230. The communication server 230 will confirm with the account status server 235 whether the account is switched on for use in an RFID transaction. The financial institution 225 may also determine whether there are sufficient funds available, a sufficient credit line available, or consider other factors in authorizing the transaction. But if the account has been switched off and the request was initiated from an RFID sticker, then the financial institution 225 will not authorize the transaction from the merchant. The financial institution 225 will transmit a message to the merchant server 250 declining the authorization for the transaction. If the account is activated, then the financial institution can transmit an authorization approval to the merchant server 250, as long as other authorization criteria have been satisfied.
  • Referring to FIG. 3, the customer can request to switch an account on or off by sending a message to the financial institution. In 310, the financial institution recognizes the RFID capabilities of the account as being switched on, so the customer is able to make payments using the RFID sticker. The customer's account can have an activation flag set to “Y” or “yes” in the active or on state.
  • In 320, the customer chooses to switch on or off the account. The customer can choose a variety of methods for notifying the financial institution, including online banking, mobile banking, SMS text messaging, telephone, or any other method for contacting a customer service representative, such as visiting a branch location. Upon notifying the financial institution, the financial institution can change the on status to off status or the off status to on status.
  • In 330, the financial institution recognizes the RFID capabilities of the account as being switched off, so the customer is unable to make payments using the RFID sticker. The customer's account can have an activation flag set to “N” or “no” in the inactive or off state. While in the off state, if the financial institution receives a transaction request along with an indicator that the transaction was initiated by an RFID sticker, the financial institution will deny the transaction request.
  • As a security measure and to provide flexibility, at any time, credit card members can switch on or off the ability to use the RFID sticker. In one exemplary method, the customer can use online banking services (e.g., Citibank Online, which is available at www.citibank.com.sg or www.citibank.com) to switch on or off an account. Referring to FIG. 4, a screenshot of a webpage 400 presented by a financial institution is shown where a customer has logged into online banking for the financial institution. The online banking website provides contactless payment options 410 for the customer, including “Apply for Citibank Quick Pay” link 420, “Switch On/Off Citibank Quick Pay” link 430, and “Citibank Quick Pay Coupon Inquiry” link 440. If the customer desires to switch on or off the account, the customer can click on the link 430.
  • Referring to FIG. 5, a screenshot of a webpage 500 is shown where a customer has selected a link to switch on or off the account. The financial institution presents on the webpage 500 an identification of at least one account that is capable of being switched on (activate) or off (deactivate). In this exemplary embodiment, a credit card account 510 is shown along with an optional graphical representation 520 of the appearance of the credit card, if a conventional plastic credit card exists for that account. The customer has an option to click a link 530 to cancel the transaction or a link 540 to proceed with deactivating the card. Although this exemplary embodiment recites the deactivation of the account, it is intended that the activation of the account follows a similar process.
  • Referring to FIG. 6, a screenshot of a webpage 600 is shown where a customer has selected a link to proceed with switching off or deactivating (or alternatively activating) an account. The financial institution presents a confirmation window 610 that allows the customer to confirm whether to proceed by selecting a link 620 or to cancel by clicking a link 630. Upon the selection of link 620 to proceed, the financial institution will switch off or deactivate (or alternatively activate) the account.
  • Referring to FIG. 7, a screenshot of a webpage 700 is shown where a customer has selected a link to confirm the deactivation (or activation) of an account. The webpage 700 confirms in a message 710 that “Your card has been successfully deactivated for Citibank Quick Pay.” The customer can click on a link 720 to proceed with other online banking services or log off online banking
  • The customer can switch on or off the account using a mobile banking platform. The use of the mobile banking platform may require that the customer register a mobile phone number with the financial institution. Referring to FIG. 8, a sequence of screenshots of a user interface 800 a, 800 b, 800 c, 800 d of a mobile device is shown. The mobile device can be a mobile phone, a smart phone, a tablet computer, a personal data assistant, or any other mobile device. As shown in user interface 800 a, the customer logs into a mobile banking application (“app”) installed on the mobile device, accessible through a website on the mobile device, or other interface using a cellular, Wi-Fi, or Internet connection. The user interface 800 a presents to the customer an account summary 805 and mobile banking options 810, which includes a “mobile wallet” link 815. The customer can select the link 815 to activate or deactivate an account.
  • The user interface 800 b presents to the customer an option to select a credit card or other account in a drop down menu 820. The customer also has an option to select a link 825 to “Activate/Deactivate” the account selected in drop down menu 820. The customer selects the link 825 to proceed with activation or deactivation.
  • The user interface 800 c presents to the customer a confirmation that the customer would like to activate or deactivate the selected account. In this exemplary embodiment, the user interface 800 c allows the customer to deactivate a credit card account, though it is intended that the user interface 800 c can be used to activate an account. The customer can select a link 830 to confirm the deactivation (or activation) or a link 835 to go to a previous screen. Upon the selection of link 830 to confirm, the financial institution will deactivate (or activate) the account.
  • The user interface 800 d presents a confirmation message 840 to the customer that the request has been processed and the selected account has been deactivated (or activated). The customer can click on a link 845 to proceed with other mobile banking services or go to a previous screen.
  • If the customer misplaces, loses, or ends service on the mobile phone or the mobile phone is stolen or damaged, then the customer should report this event to the financial institution to prevent a fraudulent activation of the account by another individual. The security of the mobile banking and SMS text messaging is limited in part to the secure handling of the mobile phone by the customer.
  • The customer can send an SMS text message to activate or deactivate the account. The use of SMS text messaging may require that the customer register a mobile phone number with the financial institution. To deactivate or switch off an account, the customer can send an SMS text message with the format “Off <last 4 digits of account number>” to a specified SMS number for the financial institution. To activate or switch on the account, the customer can send an SMS text message with the format “On <last 4 digits of account number>” to a specified SMS number for the financial institution. The financial institution can send a confirmation SMS text message back to the phone number listed on the account to indicate that the RFID sticker has been activated or deactivated accordingly. In one alternative, the customer can receive an SMS text message asking a security question before performing the activation or deactivation. In another alternative, the customer can send an SMS text message to the financial institution requesting the status of the account to determine whether it is currently activated or deactivated.
  • In one alternative embodiment, the financial institution can activate the account for a predetermined period of time to allow for a single transaction or an allotted time for shopping. For example, each account can default to a deactivated status. When a customer requests activation of the account, the account is only activated for a predetermined period of time, such as five minutes, one hour, four hours, or one day. The customer can optionally select the desired period of time for activation. Once the period of time expires, the financial institution can automatically deactivate the account. The automatic deactivation can be based upon a timestamp from the activation of the account.
  • The predetermined period of time can also be extended each time the customer conducts a transaction. In an instance where a customer is conducting numerous transactions and may need additional time, this feature could allow the period of time to be extended each time the customer makes a purchase using that account. Alternatively, in order to extend the time, the financial institution can send a request to the customer (e.g., via text messaging) or the customer can send a request to the financial institution (e.g., via text messaging) to confirm that the time period should be extended.
  • In another example, a customer can call a financial institution's customer service number and ask to activate or deactivate the account. The financial institution may require identification of the customer to verify their identity, such as one or more of a name, date of birth, account number, user name, password, address, mother's maiden name, pet's name, or information about account activity. Using the phone, the customer can activate the account, deactivate the account, or receive any additional information or instructions. The financial institution can speak to the customer using an operator or interactive voice response (e.g., an audio response unit).
  • The customer sends the instructions via one of the channels described above or another communication channel to the financial institution to activate or deactivate the account. The customer is not limited to the use of only one channel. In some embodiments, the customer can activate the account with one channel and deactivate the account with a different channel. The financial institution updates the account record to indicate that the account can or cannot be used for processing a transaction. When a merchant submits the payment for processing, if the account is deactivated, then the financial institution denies the transaction request. If the account is activated, then the financial institution approves the transaction request. In these exemplary embodiments, the activation and deactivation occurs on the financial institution's processing to prevent the use of unauthorized RFID sticker use and does not physically turn on or off the RFID sticker or the account associated with the RFID sticker.
  • Connectivity and security features include a function for switching on and switching off the ability to use the RFID sticker to complete a transaction. Extra security features include Loss Card Liability, DDA compliance, and the requirement of a signature for transactions above a predetermined amount (e.g., $30 or SGD100). If a customer desires to conduct a transaction above the threshold, the customer would have to use a conventional credit card or alternative payment means. Below the threshold, the customer can use the contactless RFID sticker and a signature is not required. The financial institution can also monitor transaction outlier trends and alert the customer if fraud is suspected (e.g., numerous small transactions of the same amount being charged within a certain time period). Described herein, the customer can choose to switch on or off the RFID sticker capability in real-time using internet-based banking, mobile banking, 2-way SMS text messaging, or other communications methods.
  • Alerts can be triggered when transactions are processed above a pre-determined threshold. For example, the financial institution can send an SMS alert to a customer that a transaction has been made above the threshold. All transactions using the RFID sticker may be required to undergo online authorization using the customer's available credit limit. Customers can be limited to a liability of a predetermined amount (e.g., $30 or SGD100) for fraudulent transactions using the RFID sticker (after the financial institution is notified of the card loss).
  • In implementing these systems and methods to be performed by a suitably programmed computer, it is intended that the computers described herein have a processor and a computer readable medium, wherein the computer readable medium has program code. The program code can be made of one or more modules that carry out instructions for implementing the systems and methods herein. The processor can execute the instructions as programmed in the modules of the program code. The systems and methods described can be implemented as a computer program product having a computer readable medium having a computer readable program code embodied therein, the computer readable program code adapted to be executed to implement a method for performing the methods described above. Each step or aspect can be performed by a different module, or a single module can perform more than a single step.
  • The systems and methods described herein as software can be executed on at least one computer or server, though it is understood that they can be configured in other ways and retain its functionality. The above-described technology can be implemented on known devices such as a personal computer, a special purpose computer, cellular telephone, personal digital assistant (PDA), a programmed microprocessor or microcontroller and peripheral integrated circuit element(s), and ASIC or other integrated circuit, a digital signal processor, a hard-wired electronic or logic circuit such as a discrete element circuit, a programmable logic device such as a PLD, PLA, FPGA, PAL, or the like. In general, any device capable of implementing the processes described herein can be used to implement the systems and techniques according to this invention.
  • It is to be appreciated that the various components of the technology can be located at distant portions of a distributed network and/or the Internet, or within a dedicated secure, unsecured and/or encrypted system. Thus, it should be appreciated that the components of the system can be combined into one or more devices or co-located on a particular node of a distributed network, such as a telecommunications network. As will be appreciated from the description, and for reasons of computational efficiency, the components of the system can be arranged at any location within a distributed network without affecting the operation of the system. Moreover, the components could be embedded in a dedicated machine.
  • Furthermore, it should be appreciated that the various links connecting the elements can be wired or wireless links, or any combination thereof, or any other known or later developed element(s) that is capable of supplying and/or communicating data to and from the connected elements. The term module as used herein can refer to any known or later developed hardware, software, firmware, or combination thereof that is capable of performing the functionality associated with that element. The terms determine, calculate and compute, and variations thereof, as used herein are used interchangeably and include any type of methodology, process, mathematical operation or technique.
  • Moreover, the disclosed methods may be readily implemented in software, e.g., as a computer program product having one or more modules each adapted for one or more functions of the software, executed on a programmed general purpose computer, cellular telephone, PDA, a special purpose computer, a microprocessor, or the like. In these instances, the systems and methods of this invention can be implemented as a program embedded on a personal computer such as a JAVA®, CGI or Perl script, as a resource residing on a server or graphics workstation, as a routine embedded in a dedicated image system, or the like. The systems and methods of this invention can also be implemented by physically incorporating this system and method into a software and/or hardware system, such as the hardware and software systems of a computer. Such computer program products and systems can be distributed and employ a client-server architecture.
  • The embodiments described above are intended to be exemplary. One skilled in the art recognizes that numerous alternative components and embodiments that may be substituted for the particular examples described herein and still fall within the scope of the invention.

Claims (33)

What is claimed is:
1. A computer-implemented method for more securely using an RFID mechanism in a transaction, the method comprising:
receiving, by a computer, a first request from a customer to activate a credit account for making a payment using the RFID mechanism;
upon receiving the first request, activating, by the computer, the credit account for making the payment using the RFID mechanism;
receiving, by the computer, a request from a merchant to authorize a payment from the customer using the RFID mechanism;
authorizing, by the computer, the payment from the customer using the RFID mechanism when the account is activated subsequent to the first request;
receiving, by the computer, a second request from a customer to deactivate the credit account to prevent making a second payment using the RFID mechanism; and
upon receiving the second request, deactivating, by the computer, the credit account to prevent making the second payment using the RFID mechanism, wherein the credit account of the customer remains available for use by the customer using any payment mechanism other than the RFID mechanism after deactivating the credit account.
2. The method according to claim 1, wherein the first request is submitted via a website, a text message, a mobile banking application, or a phone call.
3. The method according to claim 1, wherein the second request is submitted via a website, a text message, a mobile banking application, or a phone call.
4. The method according to claim 1, wherein receiving the first request further comprises:
verifying an identity of the customer;
receiving a selection of a link by the customer to activate the credit account; and
updating a record in a database of a financial institution that the credit account is activated.
5. The method according to claim 1, further comprising:
determining whether the credit account is activated based upon a record in a database of the financial institution;
authorizing the payment if the credit account is activated; and
declining the transaction if the credit account is deactivated.
6. The method according to claim 1, wherein the website used to submit the first request is an online banking website of the financial institution.
7. The method according to claim 1, wherein the first request is received from a mobile device of the customer.
8. The method according to claim 1, wherein the first request is submitted via the text message to the financial institution, the method further comprising:
receiving the text message from a mobile phone number registered with the financial institution for the customer,
wherein the text message comprises an instruction to activate the credit account.
9. The method according to claim 1, wherein receiving the second request further comprises:
verifying an identity of the customer;
receiving a selection of a link to deactivate the credit account; and
updating a record in a database of a financial institution that the credit account is deactivated.
10. The method according to claim 1, wherein the second request is submitted via the text message to the financial institution, the method further comprising:
receiving the text message from a mobile phone number registered with the financial institution for the customer,
wherein the text message comprises an instruction to deactivate the credit account.
11. The method according to claim 1, wherein the authorization further comprises determining whether a transaction amount exceeds a predetermined threshold and whether account is activated or deactivated.
12. A computer-implemented method for more securely using an RFID mechanism in a transaction, the method comprising:
receiving, by a computer of a financial institution, a request from a customer to switch on the use an RFID mechanism associated with a credit account of the customer, wherein the request is submitted via a website of the financial institution, a text message to the financial institution, a mobile banking application of the financial institution, or a phone call to the financial institution;
switching on, by a computer of the financial institution, the use of the RFID mechanism associated with the credit account of the customer;
receiving, by a computer of the financial institution, a request from a merchant to authorize a transaction with the customer using the RFID mechanism;
transmitting, by a computer of the financial institution, an authorization to the merchant for the transaction; and
switching off, by a computer of the financial institution, the use of the RFID mechanism associated with the credit account of the customer after the transaction with the merchant.
13. The method according to claim 12, wherein switching off the credit account further comprises:
identifying the time of the switching on of the account;
identifying a predetermined time for the account to remain on; and
switching off the use of the RFID mechanism associated with the account after the predetermined period of time.
14. The method according to claim 13, further comprising receiving a request from the customer to extend the predetermined period of time.
15. The method according to claim 13, further comprising automatically extending the predetermined period of time based upon a completion of the transaction by the customer.
16. The method according to claim 12, wherein receiving the request further comprises:
verifying the identity of the customer;
receiving a selection of a link to switch on the account; and
updating a record in a database that the account is on.
17. The method according to claim 12, wherein the website used to submit the request is an online banking website of the financial institution.
18. The method according to claim 12, wherein the request is received from a mobile device of the customer.
19. The method according to claim 12, wherein the request is submitted via the text message to the financial institution, the method further comprising:
receiving the text message from a mobile phone number registered with the financial institution for the customer,
wherein the text message comprises an instruction to switch on the use of the RFID mechanism associated with the account.
20. A computer-implemented method for conducting a transaction, the method comprising:
receiving, by a computer of a financial institution, a first request from a customer using a first communication channel to activate the use of a payment mechanism associated with an account of the customer;
activating, by a computer of the financial institution, the account of the customer;
receiving, by a computer of the financial institution, a request from a point of sale to authorize a transaction with the customer using the payment mechanism;
transmitting, by a computer of the financial institution, authorization for the transaction to the point of sale; and
deactivating, by a computer of the financial institution, the account of the customer after the transaction.
21. The computer implemented method according to claim 18, further comprising receiving, by a computer of a financial institution, a second request from a customer using a second communication channel to deactivate the use of the payment mechanism associated with the account of the customer.
22. The computer implemented method according to claim 18, wherein the first communication channel is selected from the group consisting of the internet, a mobile network, and a telephone network.
23. The computer implemented method according to claim 18, wherein the payment mechanism comprises an RFID sticker.
24. A computer-implemented method for authorizing a transaction, the method comprising:
receiving, by a computer, a request to authorize a transaction;
determining, by the computer, whether the transaction was initiated by an RFID sticker;
determining, by the computer, whether the account has been switched on or off for use of the RFID sticker;
authorizing the transaction if:
the request was not initiated by the RFID sticker; or
the requested was initiated by the RFID sticker and the account has been switched on; and
declining the transaction if:
the request was initiated by the RFID sticker and the account has been switched off.
25. A computer-implemented method for preventing processing of unauthorized transactions using an RFID mechanism, the method comprising:
receiving, by a computer of a financial institution, a first request from a customer to activate a credit account of the customer for use with the RFID mechanism, wherein the RFID mechanism is always in a state of transmitting data, and wherein the first request is submitted via a website of the financial institution, a text message to the financial institution, a mobile banking application of the financial institution, or a phone call to the financial institution;
after receiving the first request, activating, by a computer of the financial institution, the credit account of the customer allowing processing of at least one transaction that is made by the customer using the RFID mechanism, wherein activating comprises linking the use of the RFID mechanism to the credit account of the customer for any subsequent transactions after the first request;
after activating the credit card account of the customer, receiving, by a computer of the financial institution, a request from a merchant to authorize the at least one transaction that is made by the customer using the RFID mechanism;
transmitting, by a computer of the financial institution, an authorization for the at least one transaction to the merchant;
completing the at least one authorized transaction;
after completing the at least one authorized transaction, receiving, by a computer of the financial institution, a second request from the customer to deactivate the credit account of the customer from use of the RFID mechanism, and wherein the second request is submitted via the website of the financial institution, a text message to the financial institution, the mobile banking application of the financial institution, or a phone call to the financial institution; and
after receiving the second request, deactivating, by a computer of the financial institution, the credit account of the customer, wherein deactivating comprises unlinking the use of the RFID mechanism from the credit account of the customer for any subsequent transactions made using the RFID mechanism after the second request, and wherein the credit account of the customer remains available for use by the customer using a payment mechanism other than the RFID mechanism after deactivating the credit account of the customer.
26. The method according to claim 25, wherein receiving the first request further comprises:
verifying an identity of the customer;
receiving a selection of a link by the customer activating the credit account; and
updating a record in a database of the financial institution that the credit account is in an active state.
27. The method according to claim 25, further comprising:
determining whether the credit account is in an active state based on a record in a database of the financial institution;
authorizing the at least one transaction if the credit account is in an active state; and
declining the at least one transaction if the credit account is in a deactive state.
28. The method according to claim 25, wherein the website used to submit the first request is an online banking website of the financial institution.
29. The method according to claim 25, wherein the first request is received from a mobile device of the customer.
30. The method according to claim 25, wherein the first request is submitted via the text message to the financial institution, the method further comprising:
receiving the text message from a mobile phone number registered with the financial institution for the customer, wherein the text message comprises an instruction to activate the credit account.
31. The method according to claim 25, wherein receiving the second request further comprises:
verifying an identity of the customer;
receiving a selection of a link by the customer deactivating the credit account; and
updating a record in a database of the financial institution that the credit account is in a deactive state.
32. The method according to claim 25, wherein the second request is submitted via the text message to the financial institution, the method further comprising:
receiving the text message from a mobile phone number registered with the financial institution for the customer, wherein the text message comprises an instruction to deactivate the credit account.
33. The method according to claim 25, wherein the authorization further comprises determining whether a transaction amount exceeds a predetermined threshold, and whether the credit account is in an active state or in a deactive state.
US14/150,324 2011-03-04 2014-01-08 Methods and systems using contactless card Abandoned US20140143152A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US14/150,324 US20140143152A1 (en) 2011-03-04 2014-01-08 Methods and systems using contactless card

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US201161449164P 2011-03-04 2011-03-04
US13/346,045 US8630952B2 (en) 2011-03-04 2012-01-09 Methods and systems using contactless card
US14/150,324 US20140143152A1 (en) 2011-03-04 2014-01-08 Methods and systems using contactless card

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US13/346,045 Continuation US8630952B2 (en) 2011-03-04 2012-01-09 Methods and systems using contactless card

Publications (1)

Publication Number Publication Date
US20140143152A1 true US20140143152A1 (en) 2014-05-22

Family

ID=47007173

Family Applications (2)

Application Number Title Priority Date Filing Date
US13/346,045 Active US8630952B2 (en) 2011-03-04 2012-01-09 Methods and systems using contactless card
US14/150,324 Abandoned US20140143152A1 (en) 2011-03-04 2014-01-08 Methods and systems using contactless card

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US13/346,045 Active US8630952B2 (en) 2011-03-04 2012-01-09 Methods and systems using contactless card

Country Status (2)

Country Link
US (2) US8630952B2 (en)
SG (1) SG183653A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103985040A (en) * 2014-05-24 2014-08-13 中国科学院新疆理化技术研究所 Mobile phone wallet recharging system and operation method thereof
PH12017000153A1 (en) * 2017-05-15 2019-01-21 Renato C Valencia Method and system for enabling a payment transaction to be conducted in a linked, integrated, interchangeable payment system (liips) including a passageway payment system using an rfid sticker linked to payment devices

Families Citing this family (34)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10867298B1 (en) 2008-10-31 2020-12-15 Wells Fargo Bank, N.A. Payment vehicle with on and off function
US20100114768A1 (en) 2008-10-31 2010-05-06 Wachovia Corporation Payment vehicle with on and off function
AU2011210870A1 (en) 2010-01-29 2012-08-16 Avery Dennison Corporation Smart sign box using electronic interactions
US10977965B2 (en) 2010-01-29 2021-04-13 Avery Dennison Retail Information Services, Llc Smart sign box using electronic interactions
US8762241B2 (en) 2010-09-10 2014-06-24 Ebay Inc. Online quick key pay
US9858583B2 (en) 2011-09-01 2018-01-02 Avery Dennison Retail Information Services, Llc Apparatus, system and method for tracking consumer product interest using mobile devices
US8630908B2 (en) 2011-11-02 2014-01-14 Avery Dennison Corporation Distributed point of sale, electronic article surveillance, and product information system, apparatus and method
US20130225079A1 (en) * 2012-02-24 2013-08-29 Identive Group, Inc. Providing Continued Operation of NFC Mobile Devices and Tags
US10360556B2 (en) * 2012-07-19 2019-07-23 Veritec Inc. Financial card transaction security and processing methods
US20140032410A1 (en) * 2012-07-24 2014-01-30 Ipay International, S.A. Method and system for linking and controling of payment cards with a mobile
KR20150072438A (en) * 2012-10-15 2015-06-29 파워드 카드 솔루션스, 엘엘씨 System and method for secure remote access and remote payment using a mobile device and a powered display card
EP3214572B1 (en) 2012-10-18 2020-01-29 Avery Dennison Corporation System and apparatus for nfc security
EP2795950B1 (en) * 2012-11-19 2018-09-05 Avery Dennison Corporation Nfc security system and method for disabling unauthorized tags
US8788389B1 (en) * 2013-04-26 2014-07-22 Quisk, Inc. Methods and systems for providing a customer controlled account lock feature
US9830673B2 (en) * 2013-04-26 2017-11-28 Roche Diabetes Care, Inc. System portal control for a diabetes management system
WO2015058213A1 (en) 2013-10-19 2015-04-23 Williams Armani Phone and tablet case
US9256866B2 (en) 2014-03-03 2016-02-09 Comenity Llc Drivers license look-up
GB2533333A (en) 2014-12-16 2016-06-22 Visa Europe Ltd Transaction authorisation
US11429975B1 (en) 2015-03-27 2022-08-30 Wells Fargo Bank, N.A. Token management system
US11170364B1 (en) 2015-07-31 2021-11-09 Wells Fargo Bank, N.A. Connected payment card systems and methods
US9935961B2 (en) * 2015-09-11 2018-04-03 Bank Of America Corporation Controlling access to data
US11030591B1 (en) * 2016-04-01 2021-06-08 Wells Fargo Bank, N.A. Money tracking robot systems and methods
US10902405B1 (en) * 2016-05-11 2021-01-26 Wells Fargo Bank, N.A. Transient mobile wallets
US11886611B1 (en) 2016-07-01 2024-01-30 Wells Fargo Bank, N.A. Control tower for virtual rewards currency
US10992679B1 (en) 2016-07-01 2021-04-27 Wells Fargo Bank, N.A. Access control tower
US11615402B1 (en) 2016-07-01 2023-03-28 Wells Fargo Bank, N.A. Access control tower
US11386223B1 (en) 2016-07-01 2022-07-12 Wells Fargo Bank, N.A. Access control tower
US11935020B1 (en) 2016-07-01 2024-03-19 Wells Fargo Bank, N.A. Control tower for prospective transactions
US11556936B1 (en) 2017-04-25 2023-01-17 Wells Fargo Bank, N.A. System and method for card control
US11062388B1 (en) 2017-07-06 2021-07-13 Wells Fargo Bank, N.A Data control tower
US11188887B1 (en) 2017-11-20 2021-11-30 Wells Fargo Bank, N.A. Systems and methods for payment information access management
US20190230422A1 (en) * 2018-01-22 2019-07-25 Verifone, Inc. Intelligent model for dynamically selecting best transmission channel
US10992606B1 (en) 2020-09-04 2021-04-27 Wells Fargo Bank, N.A. Synchronous interfacing with unaffiliated networked systems to alter functionality of sets of electronic assets
US11546338B1 (en) 2021-01-05 2023-01-03 Wells Fargo Bank, N.A. Digital account controls portal and protocols for federated and non-federated systems and devices

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7213000B2 (en) * 2001-05-10 2007-05-01 International Business Machines Corporation Reserve price auctioning
US20080081600A1 (en) * 2006-10-02 2008-04-03 Lg Electronics Inc. Method of setting ending time of application of mobile communication terminal, method of ending application of mobile communication terminal, and mobile communication terminal for performing the same
US20100312700A1 (en) * 2008-11-08 2010-12-09 Coulter Todd R System and method for managing status of a payment instrument
US20110060684A1 (en) * 2009-03-25 2011-03-10 Jucht Scott J Machine, program product, and computer-implemented methods for confirming a mobile banking request
US20110213707A1 (en) * 2010-03-01 2011-09-01 Fiserv, Inc. Systems and methods for facilitating person-to-person payments
US20120078737A1 (en) * 2009-05-12 2012-03-29 MASSPAY Sp. z o.o. Method for authorization of a transaction with the use of mobile phone

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6636833B1 (en) * 1998-03-25 2003-10-21 Obis Patents Ltd. Credit card system and method
US7264154B2 (en) * 2004-07-12 2007-09-04 Harris David N System and method for securing a credit account
US20070200684A1 (en) * 2005-05-06 2007-08-30 Colby Steven M RFID Device Configured for Data Entry
US20060231611A1 (en) * 2005-03-23 2006-10-19 Chakiris Phil M Radio frequency identification purchase transactions
TW200912761A (en) 2007-07-20 2009-03-16 Soon Huat Leonard Wee A radio frequency transponder
US20110011939A1 (en) 2007-12-19 2011-01-20 Linda Seah Contact-less and dual interface inlays and methods for producing the same
US8351854B2 (en) * 2008-09-30 2013-01-08 Research In Motion Limited Mobile wireless communications device having touch activated near field communications (NFC) circuit

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7213000B2 (en) * 2001-05-10 2007-05-01 International Business Machines Corporation Reserve price auctioning
US20080081600A1 (en) * 2006-10-02 2008-04-03 Lg Electronics Inc. Method of setting ending time of application of mobile communication terminal, method of ending application of mobile communication terminal, and mobile communication terminal for performing the same
US20100312700A1 (en) * 2008-11-08 2010-12-09 Coulter Todd R System and method for managing status of a payment instrument
US20110060684A1 (en) * 2009-03-25 2011-03-10 Jucht Scott J Machine, program product, and computer-implemented methods for confirming a mobile banking request
US20120078737A1 (en) * 2009-05-12 2012-03-29 MASSPAY Sp. z o.o. Method for authorization of a transaction with the use of mobile phone
US20110213707A1 (en) * 2010-03-01 2011-09-01 Fiserv, Inc. Systems and methods for facilitating person-to-person payments

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103985040A (en) * 2014-05-24 2014-08-13 中国科学院新疆理化技术研究所 Mobile phone wallet recharging system and operation method thereof
PH12017000153A1 (en) * 2017-05-15 2019-01-21 Renato C Valencia Method and system for enabling a payment transaction to be conducted in a linked, integrated, interchangeable payment system (liips) including a passageway payment system using an rfid sticker linked to payment devices

Also Published As

Publication number Publication date
US20120265682A1 (en) 2012-10-18
SG183653A1 (en) 2012-09-27
US8630952B2 (en) 2014-01-14

Similar Documents

Publication Publication Date Title
US8630952B2 (en) Methods and systems using contactless card
US10268810B2 (en) Methods, apparatus and systems for securely authenticating a person depending on context
US8732022B2 (en) Secure mobile-based financial transactions
US9117210B2 (en) Systems and methods for randomized mobile payment
US9842356B2 (en) System, method, apparatus and computer program product for interfacing a multi-card radio frequency (RF) device with a mobile communications device
US20130110658A1 (en) Systems and methods for enabling mobile payments
US20080270301A1 (en) Mobile payment system and method
JP2014021974A (en) Method for online payment, and system and electronic device for executing the same
WO2009058633A1 (en) System and method for validation of transactions
US20150170137A1 (en) Smartphone application enabling instant activation or deactivation of credit cards with the touch of a button
JP2014096140A (en) Method for payment processing, and system and electronic device for executing the same
US20210004806A1 (en) Transaction Device Management
US20200372147A1 (en) Systems for enabling tokenized wearable devices
US20120072309A1 (en) method for secure transactions
US20170154324A1 (en) Safely faciltating higher risk payments
EP4020360A1 (en) Secure contactless credential exchange
US11438766B2 (en) Terminal type identification in interaction processing
WO2018141488A1 (en) User authorization for cards and contactless payment devices
WO2018118254A1 (en) Electronic payment device transactions
CA3000413C (en) Systems for enabling tokenized wearable devices
US11494756B2 (en) Payment transactions with integrated point of sale terminals

Legal Events

Date Code Title Description
STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION