WO2000016219A1 - Detection of unauthorized use of payment instruments over commercial network systems - Google Patents

Detection of unauthorized use of payment instruments over commercial network systems Download PDF

Info

Publication number
WO2000016219A1
WO2000016219A1 PCT/US1999/020693 US9920693W WO0016219A1 WO 2000016219 A1 WO2000016219 A1 WO 2000016219A1 US 9920693 W US9920693 W US 9920693W WO 0016219 A1 WO0016219 A1 WO 0016219A1
Authority
WO
WIPO (PCT)
Prior art keywords
buyer
agent
merchant
payment instrument
authorizing
Prior art date
Application number
PCT/US1999/020693
Other languages
French (fr)
Inventor
Peter Pekarek-Kostka
Original Assignee
Pekarek Kostka Peter
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Pekarek Kostka Peter filed Critical Pekarek Kostka Peter
Publication of WO2000016219A1 publication Critical patent/WO2000016219A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions

Definitions

  • the present invention relates to electronic commerce, and more particularly to the detection of unauthorized use of credit cards or other payment instruments over commercial network systems, and to facilitating business commerce using such networks
  • SSL Secure Socket Layer
  • SET Secure Electronic Transaction
  • Fraudulent transactions are often not the result of payment instrument information being captured while in transit As many merchants store customer information including payment instrument information they become vulnerable to attacks from unauthorized users who retrieve the information from the merchants data storage facility and fraudulently use the information against the same or other merchants
  • the present invention provides a method and system for credit card issuers and/or credit card syndicates, buyers, and sellers (and users of similar payment instruments) to transact business in such way that potential financial losses due to unauthorized use are limited
  • the present invention provides a method and system for detecting fraudulent activity with a payment instrument
  • Authorized users of a payment instrument register their instrument, e g , a credit card, with an organization or individual which utilizes the present invention to serve as an authorizing agent
  • the authorizing agent notifies the authorized user of a payment instrument, (and optionally the issuer of the payment instrument, or other entity) of any and all activity on the payment instrument immediately after such activity
  • the notification speed and means can be selected by the authorized payment instrument user, and can include pager service, telephone, facsimile, e-mail, and other notification methods
  • the authorized user can spot fraudulent activity instantaneously and notify the organization or individual utilizing the invention accordingly who in turn can notify any other party to the transaction in question, e g , merchant, payment instrument issuer, etc
  • the authorized user can also select a specific monetary limit to be associated with the payment instrument Any use or attempt to use the payment instrument at a merchant registered with the organization or individual utilizing the present invention is authorized or declined based on the monetary limit specified and accumulated use of payment instrument over a certain period of time
  • the organization or individual utilizing the present invention allows the authorized user of the payment instrument to register sub- payment instruments in the same way, and to control spending limits on these as well By selecting a zero monetary limit the authorized user can effectively restrict usage of the payment instrument completely
  • the card verifying authority provides a first form of protection, in that after a transaction between the merchant and any buyer, the "authorized" buyer is notified of the transaction via, for example, e-mail
  • a second form of protection which may be an alternative to or additive with the first form of protection, the authorized buyer can easily communicate electronically with the card verifying authority, to change the Internet credit limit at which the buyer feels most comfortable As a result, the buyer can, through this limit, put a cap on the exposure of any one unauthorized transaction and
  • a credit card holder registers his supplementary cards with the organization or individual utilizing the present invention in order to set different spending limits or restrict access for his 17-year and 10-year old children for transactions with merchants registered with the organization or individual utilizing the present invention
  • one master buyer can have ultimate control and responsibility for paying the charges against a plurality of payment instruments from a particular financing agent, but the payment instruments are possessed by a respective plurality of subordinates who have respective limits with the authorizing agent, set by the master buyer
  • a checking account holder elects to register his account with the organization or individual utilizing the present invention in order to obtain instant notification of any unauthorized use of the account checks at merchants registered with the organization or individual utilizing the present invention
  • the early notification allows the account holder to dispute the transactions immediately and to provide sufficient funds for other scheduled payments, e g , checks written
  • a merchant registers with the organization or individual utilizing the present invention in order to have buyers informed if their payment instruments are being used for orders
  • the early notification of buyers allows them to spot fraudulent transactions
  • the merchant after being notified of such a fraudulent transaction by the organization or individual utilizing the present invention, can reverse the order immediately
  • a credit and debit card holder registers all the cards he is carrying in his wallet with the organization or individual utilizing the present invention in order to speed up the process of notifying all card issuing institutions of a loss of his wallet and all credit and debit cards contained in it Once he is notified of a transaction performed with his card, he in turn, after realizing his wallet to be missing, notifies the organization or individual utilizing the present invention to provide instant loss notification to all credit and debit card issuers
  • FIG 1 is a schematic overview of the core features of the present invention
  • FIG 2 is a schematic showing the registration for authorized users
  • FIG 3 is a schematic showing the update process for authorized users
  • FIG 4 is a schematic which exemplifies a transaction under the present invention
  • FIG 5 is a schematic representation of the key entities for implementing the preferred embodiment of the invention in the context of purchase orders by means of a credit card, including registration of the buyer,
  • FIG 6 is a schematic similar to Figure 5, depicting the registration of the merchant.
  • FIG 7 is a schematic similar to Figure 5 depicting the preferred implementation of a credit card transaction
  • the present invention includes a controller 100, which includes a link to a data storage 120 and, through some kind of network interface 1 10, e g , a modem, a connection to a public or private network 400 Buyers 200 of goods and services are also connected to the same public or private network 400 through a buyer network interface 210 Merchants or sellers of goods and services 300 are also connected to the public or private network 400 through a merchant network interface 310
  • the type of public or private network allows two-way communication between all parties connected to the network
  • a typical network 400 is a corporate Intranet or the Internet
  • the invention pertains to a computerized system for authorizing remote purchases over a global communications network 400 between each of a multiplicity of registered users of payment instruments (buyers 200) having respective network interfaces 210, by which the buyers can transmit respective purchase orders for goods or services including indicia associated with respective payment instruments, to registered merchants 300 who have respective network interfaces 310 for receiving the purchase orders
  • a particular buyer may possess and be authorized to use several different types of payment instruments, and similarly, any particular merchant may accept a variety of payment instruments
  • each registered buyer may have several types of credit cards and each merchant may accept several types of credit cards
  • the controller 100 usually consists of a central processing unit (CPU), a number of input and output (I/O) devices, and some random access memory (RAM) or read only memory (ROM)
  • the controller 100 communicates with the controller's data storage 120 through some of the input/output devices
  • the registration of a payment instrument by an authorized user requires detailed payment instrument information (e g , credit card number and expiration date), and optionally user contact information for notification purposes, user's personal information (e g , name, address, password), and selected monetary limit, to be transmitted 500 from the user (e g , buyer 200) to the controller 100 of the organization or individual serving as the verifying or transaction authorizing agent
  • the controller 100 searches its current data storage area 120 for existing entries and as indicated at 510, 520 if the information submitted at 500 by the authorized buyer 200 is found to be unique, registers the information in the data storage area 120 Otherwise the authorized user will be asked to review the information provided and to resubmit it
  • the authorized buyer can at any time review
  • the controller 100 presents the buyer with the information currently saved in the data storage area 120 The buyer then is allowed to make changes 620 to the information, e g , change of monetary limit, before the amended data is stored 640 in the data storage area 120
  • the merchant 300 registers as well with the organization or individual serving as the authorizing agent, without the need to provide payment instrument information It should be appreciated that in general, such agent would be the entity most likely to configure and use the hardware and computer programs that implement the present invention
  • the buyer who is registered with the authorizing agent places an order 700 with a registered merchant and submits his payment instrument information (i e , indicia of the payment instrument such as account number and expiration date), and confirms the amount to be paid
  • the merchant forwards the information 710 received to the authorizing agent for authorization
  • the next step 720 requires the controller 100 to verify whether the payment instrument in question has been registered If it is not registered, the merchant is notified and has the option to continue with his regular payment collection process 730 If the payment instrument is registered, the authorizing agent verifies 740 whether the amount to be authorized exceeds the monetary limit if one was selected during buyer registration If it exceeds the limit the transaction is denied, and the merchant is notified accordingly 750 If the amount to be authorized is within the limit specified during buyer registration or if no limit has been specified, then the merchant is issued a transaction authorization code 760 by the authorizing agent The amount to be authorized may or may not be deducted from the monetary limit saved in the data storage area to adjust the limit applied to future transactions Once the transaction has been
  • FIGs 5-7 illustrate the foregoing general method and system of the invention, in the context of a credit card payment instrument
  • the invention allows credit/debit card holders to register their cards and to specify a certain financial limit ("Net Limit", as defined below) which applies to all transactions performed over the commercial network with sellers subscribing to the invention's service
  • Net Limit a certain financial limit
  • Acquiring Bank An individual or business, organization, or association which acts as the funds agent for the merchant by accepting the merchant's request to fulfill credit/debit card payment orders issued by the buyers
  • the amount paid to the merchant is the full credit/debit card payment order less a contractually specified discount fee
  • the full credit/debit card payment order is presented to the Card Issuer for payment
  • Authorizing Agent An individual or business, organization, or association utilizing the invention to facilitate credit/debit card transactions over commercial networks
  • the authorizing agent 800 operates the controller 100, controller network interface 110 and data storage 120, as shown in Figure 1
  • the data storage may be understood as constituting a database containing stored information including, e g , the name of each registered buyer, indicia associated with each buyer's payment instrument, a respective limit on payments that are authorized against each payment instrument, and the name of each registered merchant
  • the controller 100 can be understood as a computer program controlling the data processing of the database and the network interface, for receiving through the network 400 from the network interface 310 of any registered merchant 300 an electronic request for verification of payment on a particular purchase order made by any registered buyer 200, determining whether the merchant and buyer are registered, and transmitting to the merchant confirmation from the database, whether the particular purchase is authorized
  • the computer program also initiates the transmission through the network 400 of a message to the buyer's network interface 210 that a particular purchase order for a particular amount was executed against the buyer's payment instrument
  • the database in storage 120 also preferably contains the names of the funds agents of the merchants and the financing agent which provides the buyer with the payment instrument
  • the computer program in the controller 100 generates a transaction code unique to each authorized purchase order and transmits the code to the merchant and to the merchant's funds agent
  • each of a plurality of buyers 200 submits a request 500a to authorized agent via e-mail or online on authorizing agent's Internet-site, or off-line (e g , by fax, telephone, mail) stating that he wants all his credit/debit card purchases from each of a plurality of merchants 300 registered with authorized agent over a commercial network to be authorized by authorized agent in addition to the normal authorization process For that reason the buyer submits certain information which identifies him as an authorized credit/debit card user with his application while selecting the Net Limit - the limit for transactions to be authorized by agent 800 This information may include but is not limited to credit/debit card number, card expiration date, mother's maiden name, current account address, current daytime telephone number
  • Agent 800 verifies the submitted information 500b with the card issuer 828 and confirms the registration to the buyer by e-mail and/or some other means 520 (e g mail, fax)
  • the buyer is able to adjust his Net Limit via various means including but not limited to e-mail, phone, fax
  • the buyer can also request automated adjustments to his Net Limit (e g , Net Limit will be set to a certain amount on the 15 th of every month)
  • the limit can be at least one of a limit on a single purchase transaction, a limit on the total of all purchase transactions during a specified period of time, or a limit which declines from an initial value commensurately with the amount of purchases made
  • the registered buyers would typically select a limit for each payment instrument registered with the authorizing agent, which is lower than the maximum credit balance that the issuer of the payment instrument, permits the buyer to carry
  • the buyer can also register supplementary credit cards/debit cards and control the Net Limit of those cards, or allow supplementary credit card/debit card holders to register and control the supplementary card only
  • the merchant 300 registers with agent 800 in a similar way 802, but the information submitted is verified 804 with the merchant's acquiring bank 808, and registration is confirmed 806 by acquiring bank and/or authorizing agent
  • the actual transaction over the commercial network involves all parties as represented in Figure 7
  • Buyer 200 who is registered with authorizing agent 800, places an order 810 with registered merchant 300 over the commercial network and submits his credit/debit card number, the card holders name, and the amount to be paid
  • the merchant 300 verifies 812 the credit/debit card payment with authorizing agent 800 only up to the available Net Limit for the card The Net Limit may then, based on the buyer's registered preference be reduced by the amount
  • the merchant 300 receives 812 a unique transaction ID (TxlD), which identifies the purchase transaction and the merchant places a payment request 814 with the acquiring bank 808
  • authorizing agent 800 notifies 816 the acquiring bank 808 of the purchase transaction, and confirms the transaction to the buyer as well 818
  • This confirmation 816 from authorizing agent 800 allows the acquiring bank 808 to issue a payment 820 to the merchant From there on the acquiring bank 808 settles the payment 822 with the card issuer 828, who in turn invoices 824 the buyer 200 with the
  • the transmission of the transaction code from the authorizing agent to the merchant and from the merchant and the authorizing agent to the merchant's funds agent is not a necessary feature of the present invention, this does provide a number of advantages for the merchant fund agent, and financing agent
  • these entities can reduce their loss exposure and/or cost of doing business
  • the funds agent can offer the merchant a discount relative to the standard fee for handling the payment instrument, for those transactions which employ the authorizing agent
  • the financing agent may offer a lower interest rate to the user of the payment instrument, for transactions which are verified, or more favorable terms to the funds agent
  • the core aspect of the preferred embodiment of the present invention is that upon electronic placement of a purchase order transaction by any buyer with payment instrument to a registered merchant, the merchant notifies the authorizing agent of the transaction and the authorizing agent electronically communicates the occurrence of the transaction substantially immediately to the authorized buyer
  • the authorizing agent is depicted as an entity independent of the buyer, merchant, funds agents and financing agent This arrangement permits all four of these entities to deal with one master "clearing house", e g , a buyer or merchant can register all their credit card accounts with a single authorizing agent
  • the function performed by the autho ⁇ zing agent can be specific to a particular type of payment instrument, e g , to credit cards issued only by a particular financing agent
  • the financing agent could operate the controller 100, controller network interface 1 10 and data storage devices and associated programs, as depicted in Figure 1
  • other configurations for communicating the occurrence of the purchase order transaction to the authorized buyer are within the broad scope of the present invention
  • the merchant's request for payment from the funds agent can be considered as initiating an electronic transmission indicative of the use of the payment instrument for a particular transaction, and this transmission could be received directly or indirectly by the authorizing agent who in turn would be associated directly or indirectly with the funds agent, whereupon the authorizing agent will electronically communicate the occurrence of the transaction to the buyer and/or financing agent within, e g , 24 hours and preferably within one hour, from the time of the merchant's electronic transmission

Abstract

The present invention provides a method and system for detecting fraudulent activity with a payment instrument. Authorized users (200) of a payment instrument register their instrument, e.g., a credit card, with an organization or individual which utilizes the present invention to serve as an authorizing agent (800). The authorizing agent, notifies (818) the authorized user of a payment instrument, (and optionally the issuer (828) of the payment instrument, or other entity) of any and all activity (810, 812) on the payment instrument immediately after such activity. The notification speed and means can be selected by the authorized payment instrument user, and can include pager service, telephone, facsimile, e-mail, and other notification methods. The authorized user can spot fraudulent activity instantaneously and notify the organization or individual utilizing the invention according who in turn can notify any other party to the transaction in question, e.g., merchant (300), payment instrument issuer, etc.

Description

DETECTION OF UNAUTHORIZED USE OF PAYMENT INSTRUMENTS OVER COMMERCIAL NETWORK SYSTEMS
Background of the Invention
1. Field of the invention The present invention relates to electronic commerce, and more particularly to the detection of unauthorized use of credit cards or other payment instruments over commercial network systems, and to facilitating business commerce using such networks
2. Background Digital and analog networks allow more and more individuals and businesses to conduct business without face-to-face contact Transactions conducted without physical contact between the parties require different payment instruments, as the exchange of physical currency becomes impractical due to payment delay and risk of loss, if currency is sent through postal or other courier services These payment instruments include credit cards debit cards purchasing cards, e-checks, and customer cards Many of these payment instruments gained wide-spread acceptance in face-to-face transactions, where they also require some kind of identification to be used This identification can either be a signature or a personal identification number (PIN) only known to the legally authorized user of the payment instrument While these identification methods work in face-to-face transactions, they are insufficient in non face-to- face transactions, as information relayed over networks can be detected electronically and then used fraudulently by unauthorized users
There are several methods available to make those transactions more secure The transmission of information over digital or analog networks can be made mostly inaccessible through application of certain encryption techniques which are widely used The Secure Socket Layer (SSL) technique allows buyers of goods and services to transmit their payment instrument information to the merchant or seller of goods and services without the risk of that information being divulged Other methods focus on the authentication of the user transmitting payment instrument information One notable example is the Secure Electronic Transaction (SET) method This method requires both merchants and buyers to obtain security certificates, and to install them by storing them locally through specific software code This makes this method cumbersome, as all parties are required to install and maintain separate software code Many of these "wallet" type systems require passwords and cryptography to achieve a certain level of security (See, for example, U S Pat No 5,815,657, entitled "System, Method, and Article of Manufacture for Network Electronic Authorization Utilizing an Authorization Instrument")
Fraudulent transactions are often not the result of payment instrument information being captured while in transit As many merchants store customer information including payment instrument information they become vulnerable to attacks from unauthorized users who retrieve the information from the merchants data storage facility and fraudulently use the information against the same or other merchants
Summary of the Invention
The present invention provides a method and system for credit card issuers and/or credit card syndicates, buyers, and sellers (and users of similar payment instruments) to transact business in such way that potential financial losses due to unauthorized use are limited
The present invention provides a method and system for detecting fraudulent activity with a payment instrument Authorized users of a payment instrument register their instrument, e g , a credit card, with an organization or individual which utilizes the present invention to serve as an authorizing agent The authorizing agent, notifies the authorized user of a payment instrument, (and optionally the issuer of the payment instrument, or other entity) of any and all activity on the payment instrument immediately after such activity The notification speed and means can be selected by the authorized payment instrument user, and can include pager service, telephone, facsimile, e-mail, and other notification methods The authorized user can spot fraudulent activity instantaneously and notify the organization or individual utilizing the invention accordingly who in turn can notify any other party to the transaction in question, e g , merchant, payment instrument issuer, etc
The authorized user can also select a specific monetary limit to be associated with the payment instrument Any use or attempt to use the payment instrument at a merchant registered with the organization or individual utilizing the present invention is authorized or declined based on the monetary limit specified and accumulated use of payment instrument over a certain period of time
In another embodiment the organization or individual utilizing the present invention allows the authorized user of the payment instrument to register sub- payment instruments in the same way, and to control spending limits on these as well By selecting a zero monetary limit the authorized user can effectively restrict usage of the payment instrument completely
In the context of credit card use, registration links are established among the authorized buyer, merchants, the merchants' acquiring bank (e g , funds agent), a card issuer (e g , financing agent), and a card verifying authority (authorizing agent) In many respects the relationships among these entities are similar to those supporting credit card purchases via conventional telephone ordering The invention affords protection to the authorized buyer, in connection with commercial transactions over, e g , the Internet, through two aspects of the invention which are considered novel relative to conventional purchasing procedures for consumer goods According to the invention the card verifying authority provides a first form of protection, in that after a transaction between the merchant and any buyer, the "authorized" buyer is notified of the transaction via, for example, e-mail In a second form of protection, which may be an alternative to or additive with the first form of protection, the authorized buyer can easily communicate electronically with the card verifying authority, to change the Internet credit limit at which the buyer feels most comfortable As a result, the buyer can, through this limit, put a cap on the exposure of any one unauthorized transaction and, by monitoring the confirmation of transactions, the buyer can limit the number of transactions which might be unauthorized The following examples demonstrate the needs of legitimate users of payment instruments and merchants accepting these payment instruments, who will benefit from the present invention
A credit card holder registers his supplementary cards with the organization or individual utilizing the present invention in order to set different spending limits or restrict access for his 17-year and 10-year old children for transactions with merchants registered with the organization or individual utilizing the present invention In particular, one master buyer can have ultimate control and responsibility for paying the charges against a plurality of payment instruments from a particular financing agent, but the payment instruments are possessed by a respective plurality of subordinates who have respective limits with the authorizing agent, set by the master buyer
A checking account holder elects to register his account with the organization or individual utilizing the present invention in order to obtain instant notification of any unauthorized use of the account checks at merchants registered with the organization or individual utilizing the present invention The early notification allows the account holder to dispute the transactions immediately and to provide sufficient funds for other scheduled payments, e g , checks written
A merchant registers with the organization or individual utilizing the present invention in order to have buyers informed if their payment instruments are being used for orders The early notification of buyers allows them to spot fraudulent transactions The merchant, after being notified of such a fraudulent transaction by the organization or individual utilizing the present invention, can reverse the order immediately A credit and debit card holder registers all the cards he is carrying in his wallet with the organization or individual utilizing the present invention in order to speed up the process of notifying all card issuing institutions of a loss of his wallet and all credit and debit cards contained in it Once he is notified of a transaction performed with his card, he in turn, after realizing his wallet to be missing, notifies the organization or individual utilizing the present invention to provide instant loss notification to all credit and debit card issuers
Brief Description of the Drawings
These and other objects and advantages of the invention will be evident from the following description of the preferred embodiment, made with reference to the accompanying drawings, in which
FIG 1 is a schematic overview of the core features of the present invention,
FIG 2 is a schematic showing the registration for authorized users, FIG 3 is a schematic showing the update process for authorized users,
FIG 4 is a schematic which exemplifies a transaction under the present invention,
FIG 5 is a schematic representation of the key entities for implementing the preferred embodiment of the invention in the context of purchase orders by means of a credit card, including registration of the buyer,
FIG 6 is a schematic similar to Figure 5, depicting the registration of the merchant, and
FIG 7 is a schematic similar to Figure 5 depicting the preferred implementation of a credit card transaction
Detailed Description of the Preferred Embodiment(s) of the Invention
The general method and system of the present invention will be described with reference to FIGS 1 , 2, 3 and 4 As shown in FIG 1 , the present invention includes a controller 100, which includes a link to a data storage 120 and, through some kind of network interface 1 10, e g , a modem, a connection to a public or private network 400 Buyers 200 of goods and services are also connected to the same public or private network 400 through a buyer network interface 210 Merchants or sellers of goods and services 300 are also connected to the public or private network 400 through a merchant network interface 310 The type of public or private network allows two-way communication between all parties connected to the network A typical network 400 is a corporate Intranet or the Internet
In the most general sense, the invention pertains to a computerized system for authorizing remote purchases over a global communications network 400 between each of a multiplicity of registered users of payment instruments (buyers 200) having respective network interfaces 210, by which the buyers can transmit respective purchase orders for goods or services including indicia associated with respective payment instruments, to registered merchants 300 who have respective network interfaces 310 for receiving the purchase orders A particular buyer may possess and be authorized to use several different types of payment instruments, and similarly, any particular merchant may accept a variety of payment instruments For example, each registered buyer may have several types of credit cards and each merchant may accept several types of credit cards
The controller 100 usually consists of a central processing unit (CPU), a number of input and output (I/O) devices, and some random access memory (RAM) or read only memory (ROM) The controller 100 communicates with the controller's data storage 120 through some of the input/output devices As shown in Figures 1 and 2 the registration of a payment instrument by an authorized user (buyers) requires detailed payment instrument information (e g , credit card number and expiration date), and optionally user contact information for notification purposes, user's personal information (e g , name, address, password), and selected monetary limit, to be transmitted 500 from the user (e g , buyer 200) to the controller 100 of the organization or individual serving as the verifying or transaction authorizing agent The controller 100 then searches its current data storage area 120 for existing entries and as indicated at 510, 520 if the information submitted at 500 by the authorized buyer 200 is found to be unique, registers the information in the data storage area 120 Otherwise the authorized user will be asked to review the information provided and to resubmit it The authorized buyer can at any time review and change the information submitted during registration
As shown in Figure 3, at 600 610 once authenticated through payment instrument information and password, or by some other means, the controller 100 presents the buyer with the information currently saved in the data storage area 120 The buyer then is allowed to make changes 620 to the information, e g , change of monetary limit, before the amended data is stored 640 in the data storage area 120
The merchant 300 registers as well with the organization or individual serving as the authorizing agent, without the need to provide payment instrument information It should be appreciated that in general, such agent would be the entity most likely to configure and use the hardware and computer programs that implement the present invention
As shown in Figure 4, the buyer, who is registered with the authorizing agent places an order 700 with a registered merchant and submits his payment instrument information (i e , indicia of the payment instrument such as account number and expiration date), and confirms the amount to be paid The merchant forwards the information 710 received to the authorizing agent for authorization The next step 720 requires the controller 100 to verify whether the payment instrument in question has been registered If it is not registered, the merchant is notified and has the option to continue with his regular payment collection process 730 If the payment instrument is registered, the authorizing agent verifies 740 whether the amount to be authorized exceeds the monetary limit if one was selected during buyer registration If it exceeds the limit the transaction is denied, and the merchant is notified accordingly 750 If the amount to be authorized is within the limit specified during buyer registration or if no limit has been specified, then the merchant is issued a transaction authorization code 760 by the authorizing agent The amount to be authorized may or may not be deducted from the monetary limit saved in the data storage area to adjust the limit applied to future transactions Once the transaction has been approved, and the merchant receives an authorization code that identifies the purchase transaction, the merchant places a payment request with his merchant bank At the same time the authorizing agent confirms the transaction to the buyer and it may notify the merchant bank of the purchase transaction code as well This confirmation from the authorizing agent may be a condition for the merchant bank to issue a payment to the merchant The merchant bank settles the payment with the payment instrument issuer who in turn invoices the user with the appropriate amount and collects payment The notification of the buyer can be performed by various means including but not limited to e-mail, paging, fax, and phone Preferably, the notification is by data transmission from the agent's digital device to buyer's digital device, e g , computer-to-computer If the purchase order was initiated by an unauthorized buyer (stranger) rather than the registered buyer, the registered buyer would nevertheless be notified almost immediately by the authorizing agent Such notification is on a transaction-by-transaction basis and would normally be made within 24 hours, and preferably substantially concurrently with, or within one hour of, each transaction
Figures 5-7 illustrate the foregoing general method and system of the invention, in the context of a credit card payment instrument The invention allows credit/debit card holders to register their cards and to specify a certain financial limit ("Net Limit", as defined below) which applies to all transactions performed over the commercial network with sellers subscribing to the invention's service In the description, the following definitions apply
Buyer - An individual or business/organization/association willing to purchase a tangible or intangible item over a commercial network, settling all or part of the amount due with a credit or debit card Merchant - An individual or business/organization/association offering tangible or intangible items for sale over a commercial network, accepting credit or debit cards as full or partial payment
Card Issuer - An individual or business/organization/association which serves as a Financing Agent by in effect financing purchases of buyer via the issuance of credit or debit card to the buyer and invoicing the buyer for his transactions on a regular basis
Acquiring Bank - An individual or business, organization, or association which acts as the funds agent for the merchant by accepting the merchant's request to fulfill credit/debit card payment orders issued by the buyers The amount paid to the merchant is the full credit/debit card payment order less a contractually specified discount fee The full credit/debit card payment order is presented to the Card Issuer for payment
Authorizing Agent - An individual or business, organization, or association utilizing the invention to facilitate credit/debit card transactions over commercial networks
Net Limit - a monetary amount, up to which purchases made over protected commercial network are authorized
In order to allow both buyers 200 and merchants 300, to utilize the benefits of the invention, both register with the authorizing agent 800 In this description, the authorizing agent 800 operates the controller 100, controller network interface 110 and data storage 120, as shown in Figure 1 The data storage may be understood as constituting a database containing stored information including, e g , the name of each registered buyer, indicia associated with each buyer's payment instrument, a respective limit on payments that are authorized against each payment instrument, and the name of each registered merchant The controller 100 can be understood as a computer program controlling the data processing of the database and the network interface, for receiving through the network 400 from the network interface 310 of any registered merchant 300 an electronic request for verification of payment on a particular purchase order made by any registered buyer 200, determining whether the merchant and buyer are registered, and transmitting to the merchant confirmation from the database, whether the particular purchase is authorized The computer program also initiates the transmission through the network 400 of a message to the buyer's network interface 210 that a particular purchase order for a particular amount was executed against the buyer's payment instrument
The database in storage 120 also preferably contains the names of the funds agents of the merchants and the financing agent which provides the buyer with the payment instrument The computer program in the controller 100 generates a transaction code unique to each authorized purchase order and transmits the code to the merchant and to the merchant's funds agent
As shown in Figure 5, each of a plurality of buyers 200 submits a request 500a to authorized agent via e-mail or online on authorizing agent's Internet-site, or off-line (e g , by fax, telephone, mail) stating that he wants all his credit/debit card purchases from each of a plurality of merchants 300 registered with authorized agent over a commercial network to be authorized by authorized agent in addition to the normal authorization process For that reason the buyer submits certain information which identifies him as an authorized credit/debit card user with his application while selecting the Net Limit - the limit for transactions to be authorized by agent 800 This information may include but is not limited to credit/debit card number, card expiration date, mother's maiden name, current account address, current daytime telephone number
Agent 800 verifies the submitted information 500b with the card issuer 828 and confirms the registration to the buyer by e-mail and/or some other means 520 (e g mail, fax)
At any time, the buyer is able to adjust his Net Limit via various means including but not limited to e-mail, phone, fax The buyer can also request automated adjustments to his Net Limit (e g , Net Limit will be set to a certain amount on the 15th of every month) The limit can be at least one of a limit on a single purchase transaction, a limit on the total of all purchase transactions during a specified period of time, or a limit which declines from an initial value commensurately with the amount of purchases made The registered buyers would typically select a limit for each payment instrument registered with the authorizing agent, which is lower than the maximum credit balance that the issuer of the payment instrument, permits the buyer to carry
The buyer can also register supplementary credit cards/debit cards and control the Net Limit of those cards, or allow supplementary credit card/debit card holders to register and control the supplementary card only As shown in Figure 6, the merchant 300 registers with agent 800 in a similar way 802, but the information submitted is verified 804 with the merchant's acquiring bank 808, and registration is confirmed 806 by acquiring bank and/or authorizing agent
The actual transaction over the commercial network involves all parties as represented in Figure 7 Buyer 200, who is registered with authorizing agent 800, places an order 810 with registered merchant 300 over the commercial network and submits his credit/debit card number, the card holders name, and the amount to be paid The merchant 300 verifies 812 the credit/debit card payment with authorizing agent 800 only up to the available Net Limit for the card The Net Limit may then, based on the buyer's registered preference be reduced by the amount The merchant 300 receives 812 a unique transaction ID (TxlD), which identifies the purchase transaction and the merchant places a payment request 814 with the acquiring bank 808 At the same time authorizing agent 800 notifies 816 the acquiring bank 808 of the purchase transaction, and confirms the transaction to the buyer as well 818 This confirmation 816 from authorizing agent 800 allows the acquiring bank 808 to issue a payment 820 to the merchant From there on the acquiring bank 808 settles the payment 822 with the card issuer 828, who in turn invoices 824 the buyer 200 with the appropriate amount and collects payment 826 The notification of the buyer 818 can be performed by various means including but not limited to e-mail, paging, fax, and phone If the purchase order
810 was initiated by an unauthorized stranger rather than the registered buyer
200, the registered buyer would nevertheless be notified almost immediately by the authorizing agent 800
Although the transmission of the transaction code from the authorizing agent to the merchant and from the merchant and the authorizing agent to the merchant's funds agent is not a necessary feature of the present invention, this does provide a number of advantages for the merchant fund agent, and financing agent By using this feature of the invention, these entities can reduce their loss exposure and/or cost of doing business For example, the funds agent can offer the merchant a discount relative to the standard fee for handling the payment instrument, for those transactions which employ the authorizing agent Similarly, the financing agent may offer a lower interest rate to the user of the payment instrument, for transactions which are verified, or more favorable terms to the funds agent
It can be appreciated from the foregoing, that the core aspect of the preferred embodiment of the present invention, is that upon electronic placement of a purchase order transaction by any buyer with payment instrument to a registered merchant, the merchant notifies the authorizing agent of the transaction and the authorizing agent electronically communicates the occurrence of the transaction substantially immediately to the authorized buyer In the foregoing examples, the authorizing agent is depicted as an entity independent of the buyer, merchant, funds agents and financing agent This arrangement permits all four of these entities to deal with one master "clearing house", e g , a buyer or merchant can register all their credit card accounts with a single authorizing agent
It is within the broadest scope of the present invention, however, that the function performed by the authoπzing agent can be specific to a particular type of payment instrument, e g , to credit cards issued only by a particular financing agent In this embodiment of the invention, the financing agent could operate the controller 100, controller network interface 1 10 and data storage devices and associated programs, as depicted in Figure 1 Moreover, other configurations for communicating the occurrence of the purchase order transaction to the authorized buyer, are within the broad scope of the present invention For example, the merchant's request for payment from the funds agent can be considered as initiating an electronic transmission indicative of the use of the payment instrument for a particular transaction, and this transmission could be received directly or indirectly by the authorizing agent who in turn would be associated directly or indirectly with the funds agent, whereupon the authorizing agent will electronically communicate the occurrence of the transaction to the buyer and/or financing agent within, e g , 24 hours and preferably within one hour, from the time of the merchant's electronic transmission
Practitioners of ordinary skill in the fields of computer hardware and associated operating systems, applications, and communications software for Internet commerce, can readily implement all the features of the present invention based on the disclosure of this specification Example of systems and methods for Internet commerce that represent comparable levels of skill for implementation, can be found in U S Patents 5,794,207, 5,815,657 and 5,862,223 The computer programs and communications technique disclosed therein are readily adaptable for implementing the present invention The network over which the invention is utilized has generally been referred to as an "electronic network" but this terminology should not be construed as unnecessarily limiting in view of the possible changes in the form of communications and data transmission that may occur over the next to decades Furthermore, the networks can be more restrictive than a global communication network (e g , Intranet or Internet)

Claims

1 In a method for electronic purchases over an electronic network between a merchant and a buyer who uses a payment instrument issued to an authorized buyer, the improvement comprising upon electronic placement of a purchase order transaction with a merchant by any buyer using said payment instrument, the merchant initiates an electronic transmission indicative of the use of said payment instrument for said transaction, to an authorizing agent, and the authorizing agent electronically communicates the occurrence of the transaction within 24 hours to the authorized buyer
2 The method of claim 1 , wherein the authorized buyer is registered with the authorizing agent and sets a monetary limit of the amount of any purchase transaction any buyer can make with a merchant using said payment instrument
3 The method of claim 1 , wherein the authorizing agent communicates the occurrence of the transaction to the authorized buyer within one hour of the merchant's electronic transmission to the authorizing agent
4 A method for authorizing electronic purchases over an electronic network among a merchant, a buyer who will make a purchase from the merchant using a payment instrument, and a financing agent which provides the buyer with the payment instrument, comprising the merchant registering with a purchase payment authorizing agent, the buyer registering the payment instrument with said authorizing agent, the buyer placing an electronic purchase order with the merchant using indicia of the payment instrument, the merchant electronically communicating with the authorizing agent to verify the availability of the payment instrument to satisfy the payment obligation of the buyer, and the authorizing agent electronically communicating to the buyer that the merchant has fulfilled a purchase order for a particular amount from the buyer
5 The method of claim 4, wherein the merchant registers with a funds agent, the funds agent registers with the financing agent, after presentation to the funds agent by the merchant of said indicia of the buyer's payment instrument the funds agent credits the merchant the amount of the purchase by the buyer and secures settlement of said amount from the financing agent
6 The method of claim 4, wherein the authorizing agent verifies information supplied in the registration of the buyer concerning the payment instrument and the buyer, from the financing agent
7 The method of claim 4, wherein information supplied in the registration of the buyer includes a limit on the amount chargeable against the payment instrument as a result of purchase orders presented for authorization to the authorizing agent
8 The method of claim 4, wherein the payment instrument is selected from the group consisting of credit card, debit card, and checking account
9 The method of claim 7, wherein said limit includes at least one of a limit on a single purchase transaction a limit on the total of all purchase transactions during a specified period of time, or a limit which declines from an initial value commensurately with the amount of purchases made
10 The method of claim 7, wherein the financing agent imposes a maximum credit balance the buyer can carry on the payment instrument and said limit is lower than said maximum credit balance
11 The method of claim 7, wherein the buyer electronically adjusts said limit at the buyer's discretion
12 The method of claim 7, wherein the limit automatically adjusts to a specified value on a regular schedule
13 The method of claim 4, wherein the verification includes the authorizing agent transmitting a unique transaction identification code to the merchant
14 The method of claim 5, wherein the authorizing agent confirms with the funds agent, information supplied in the registration of the merchant, with the authorizing agent
15 The method of claim 5, comprising the authorizing agent transmitting a unique transaction identification code to the merchant, and the authorizing agent transmitting the identification code to the funds agent
16 The method of claim 15 further including the merchant transmitting the identification code with said indicia of the payment instrument, to the funds agent 17 A computerized system for authorizing remote purchases over an election network between each of a multiplicity of registered buyers having respective network interfaces by which the buyers can transmit respective purchase orders for goods or services including indicia associated with respective payment instruments, to registered merchants who have respective network interfaces for receiving the purchase orders, comprising a database of stored information including the name of each registered buyer, indicia associated with each buyer's payment instrument, and the name of each registered merchant, a network interface adapted for data communication among said database, the merchant's network interface and each buyer's network interface, and a computer program controlling the data processing of the database and the network interface, for receiving through the network from the network interface of any registered merchant an electronic request for verification of payment on a particular purchaser order made by any buyer, determining whether the merchant and buyer are registered, and transmitting to the merchant confirmation of whether the particular purchase is authorized, and transmitting through the network a message to the registered buyer's network interface, that a particular purchase order for a particular amount was executed against the buyer's payment instrument
18 The system of claim 17, wherein each registered buyer is also registered with a financing agent which provides the buyer with the payment instrument, each merchant is registered with a funds agent, each funds agent is registered with a financing agent, and, the database includes the name of the funds agent, the computer program generates a transaction code unique to each authorized purchase order and transmits the code to the merchant and to the merchant's funds agent, whereby after presentation to the funds agent by the merchant of said indicia of the buyer's payment instrument and said transaction code the funds agent credits the merchant the amount of the purchase by the buyer and secures settlement of said amount from the financing agent
19 The system of claim 17, wherein said database, network interface, and computer program are located in a facility which is independent of the issuers of the payment instruments
20 The system of claim 18, wherein said database, network interface, and computer program are located in a facility which is independent of said financing agent, merchant, and funds agent
PCT/US1999/020693 1998-09-10 1999-09-09 Detection of unauthorized use of payment instruments over commercial network systems WO2000016219A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US9974298P 1998-09-10 1998-09-10
US60/099,742 1998-09-10

Publications (1)

Publication Number Publication Date
WO2000016219A1 true WO2000016219A1 (en) 2000-03-23

Family

ID=22276407

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1999/020693 WO2000016219A1 (en) 1998-09-10 1999-09-09 Detection of unauthorized use of payment instruments over commercial network systems

Country Status (1)

Country Link
WO (1) WO2000016219A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20020000568A (en) * 2000-06-23 2002-01-05 이경우 Fraud prevention system and method over electronic or credit card commerce
EP1381929A2 (en) * 2001-02-26 2004-01-21 First Data Corporation Tiered processing method and system for identifying and mitigating merchant risk
WO2004031892A2 (en) * 2002-09-30 2004-04-15 First Data Corporation Processing partial payments using debit cards
US7300436B2 (en) 2000-02-22 2007-11-27 Rhytec Limited Tissue resurfacing

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5889863A (en) * 1996-06-17 1999-03-30 Verifone, Inc. System, method and article of manufacture for remote virtual point of sale processing utilizing a multichannel, extensible, flexible architecture
US5931917A (en) * 1996-09-26 1999-08-03 Verifone, Inc. System, method and article of manufacture for a gateway system architecture with system administration information accessible from a browser

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5889863A (en) * 1996-06-17 1999-03-30 Verifone, Inc. System, method and article of manufacture for remote virtual point of sale processing utilizing a multichannel, extensible, flexible architecture
US5931917A (en) * 1996-09-26 1999-08-03 Verifone, Inc. System, method and article of manufacture for a gateway system architecture with system administration information accessible from a browser

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7300436B2 (en) 2000-02-22 2007-11-27 Rhytec Limited Tissue resurfacing
KR20020000568A (en) * 2000-06-23 2002-01-05 이경우 Fraud prevention system and method over electronic or credit card commerce
EP1381929A2 (en) * 2001-02-26 2004-01-21 First Data Corporation Tiered processing method and system for identifying and mitigating merchant risk
EP1381929A4 (en) * 2001-02-26 2007-05-30 First Data Corp Tiered processing method and system for identifying and mitigating merchant risk
US7620592B2 (en) 2001-02-26 2009-11-17 First Data Corporation Tiered processing method and system for identifying and mitigating merchant risk
WO2004031892A2 (en) * 2002-09-30 2004-04-15 First Data Corporation Processing partial payments using debit cards
WO2004031892A3 (en) * 2002-09-30 2004-07-15 First Data Corp Processing partial payments using debit cards

Similar Documents

Publication Publication Date Title
US10872343B2 (en) Secure and efficient payment processing system
US8170954B2 (en) Secure and efficient payment processing system with account holder defined transaction limitations
US7398253B1 (en) System and method for performing an on-line transaction using a single-use payment instrument
US7827101B2 (en) Payment system clearing for transactions
US7143062B2 (en) Electronic cash eliminating payment risk
US20070136189A1 (en) On-line cash register for use in providing a consumer-to-consumer payment service
US20090254484A1 (en) Anon virtual prepaid internet shopping card
US20020120587A1 (en) System and method for performing secure user account purchases
US20090327133A1 (en) Secure mechanism and system for processing financial transactions
WO2007044596A2 (en) Identity theft and fraud protection system and method
AU775065B2 (en) Payment method and system for online commerce
US20030029914A1 (en) Pre-paid payment device and method therefor
US20050015304A1 (en) Secure purchasing over the internet
US20040122767A1 (en) Method for secure, anonymous electronic financial transactions
US20020123935A1 (en) Secure commerce system and method
US20020103766A1 (en) Controlled purchase systems
WO2000016219A1 (en) Detection of unauthorized use of payment instruments over commercial network systems
JP2001325545A (en) Settlement system
WO2001035276A1 (en) System and method for secure anonymous online commercial transactions
KR20020094871A (en) Credit certificate management system and method thereof

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): CA IL JP US

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
122 Ep: pct application non-entry in european phase