WO2001054003A1 - Procede de paiement securise par internet - Google Patents

Procede de paiement securise par internet Download PDF

Info

Publication number
WO2001054003A1
WO2001054003A1 PCT/AU2000/000024 AU0000024W WO0154003A1 WO 2001054003 A1 WO2001054003 A1 WO 2001054003A1 AU 0000024 W AU0000024 W AU 0000024W WO 0154003 A1 WO0154003 A1 WO 0154003A1
Authority
WO
WIPO (PCT)
Prior art keywords
identification code
purchaser
computer
vendor
account identification
Prior art date
Application number
PCT/AU2000/000024
Other languages
English (en)
Inventor
Bradley Wein
Ben Thompson
Original Assignee
Abanack Pty. Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Abanack Pty. Ltd. filed Critical Abanack Pty. Ltd.
Priority to PCT/AU2000/000024 priority Critical patent/WO2001054003A1/fr
Priority to AU24251/00A priority patent/AU2425100A/en
Publication of WO2001054003A1 publication Critical patent/WO2001054003A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/04Billing or invoicing

Definitions

  • This invention relates to a secure Internet payment method. It relates particularly but not exclusively to an Internet payment method which incorporates a step of verifying the identity of the purchaser's computer before the payment transaction is allowed to proceed.
  • Credit card fraud in Internet-related financial transactions is a significant problem for merchants and financial institutions, because Internet credit card transactions are conducted without requiring the purchaser's signature. There are many ways in which such fraud can occur.
  • One example is when a person steals a credit card and uses it to make purchases over the Internet before it is cancelled.
  • Another example is when a person intercepts a genuine Internet credit card transaction and obtains from it details sufficient to enable the person to make fraudulent purchases.
  • a purchaser visits a vendor's web site over the Internet and decides to make a purchase. The purchaser selects the items which are to be purchased and places them in a virtual shopping cart.
  • the purchaser then agrees to the total amount to be paid, and enters details of his or her credit card into a web page associated with the vendor.
  • the vendor then forwards the credit card details to a bank or other credit card verification authority, which then determines whether the credit card details are valid and whether the transaction is within the purchaser's credit limit. If these test are met, the bank advises the vendor that the transaction is authorised, and the vendor notifies the purchaser.
  • Efforts to prevent credit card fraud over the Internet have to date largely focused on ensuring that credit card information for genuine purchases is sent in a secure manner, such as in an encrypted form. Transmission of credit card details from purchaser to vendor is typically done through the medium of a "secure" server, employing a medium level of encryption to protect the data transmitted from interception.
  • US Patent 6,012,144 describes a method for performing credit card purchases over two networks such as the Internet and the public telephone system.
  • the transaction is commenced by the purchaser on one of the networks (e.g. the Internet), and the vendor's computer automatically calls the purchaser back via the other network (e.g. the telephone system) to verify the transaction and authenticate the identity or authority of the purchaser.
  • networks e.g. the Internet
  • the vendor's computer automatically calls the purchaser back via the other network (e.g. the telephone system) to verify the transaction and authenticate the identity or authority of the purchaser.
  • methods such as this add complexity to an Internet financial transaction process, thereby reducing the likelihood that individuals will be willing to use the system, and resulting, from the vendor's point of view, in loss of sales.
  • Multi-factor authentication for improving the security of e-commerce, delivery and access to sensitive documents • Improved identification for "push" of sensitive or protected information
  • a method of making a payment of a transaction amount over the Internet between a purchaser, who has a computer with a computer hardware identification code, and a vendor including the following steps: (a) from the purchaser's computer the purchaser forwards to the vendor over the Internet an account identification code identifying an account which the purchaser holds with a financial institution;
  • the present invention relies on the creation of a database which registers and links a prospective purchaser's account identification code (such as a credit card number or a code derived from a credit card number) with the purchaser's computer hardware identification code (such as a processor serial number or a code derived from a processor serial number).
  • the database may be maintained by the vendor or by the financial institution, but it is preferred that the database is maintained by a verification service provider which is separate from the vendor and the financial institution. It is further preferred that the database holds account identification codes for accounts held with a plurality of different financial institutions, with the database being available for query by multiple different vendors.
  • step of testing to determine whether the computer hardware identification code associated with the account identification code matches the computer hardware identification code on the computer from which the purchaser forwarded the account identification code is performed directly between the verification service provider and the purchaser's computer.
  • the purchaser may of course have more than one computer. It is therefore preferred that the database allow a person to register more than one computer hardware identification code for each account identification code.
  • the purchaser may have more than one bank account . It is therefore preferred that the database allow a person to register more than one account identification code for each computer hardware identification code.
  • the step of transmitting details of the transaction amount and account identification code to the financial institution for authorisation is performed by the vendor.
  • the vendor transmits the transaction amount to the verification service provider together with the account identification code, and the step of transmitting details of the transaction amount and account identification code to the financial institution for authorisation is performed by the verification service provider.
  • the message from the financial institution to the vendor indicating that the transaction has been authorised or has not been authorised may be sent via the verification service provider.
  • a message may be sent to the purchaser inviting the purchaser to register with the database, on providing appropriately secure verification of identity.
  • a message may sent to the owner of the account and/or to the financial institution, indicating that a transaction has been attempted with the account identification code from a computer which is not the computer registered in the database, and providing an alert to the effect that a fraudulent transaction may have been attempted.
  • the account identification code may be any suitable type of code. It is particularly preferred that the account identification code be a credit card or debit card number, or a code derived from such a number.
  • the computer hardware identification code may be any suitable type of code. It is preferred that the computer hardware identification code be an unchangeable code physically hardwired or otherwise embedded into an item of hardware associated with the purchaser's computer. It is particularly preferred that the computer hardware identification code be a network card serial number, a computer processor serial number, or a code derived from such a number.
  • Figure 1 is a schematic diagram of one embodiment of the invention.
  • Figure 2 is a schematic diagram of an alternative embodiment of the invention.
  • FIG. 1 there is shown a method of making a payment of a transaction amount between a purchaser's computer 1 and a vendor 3, via the Internet 2.
  • the method involves the purchaser forwarding from the purchaser's computer 1 to the vendor 3 an account identification code identifying an account which the purchaser holds with a financial institution 8.
  • the vendor checks the account identification code in a database 5 which stores details of registered account identification codes and associated computer hardware identification codes. Communications between vendor 3 and database 5 may be over the Internet 4 or via a secure communications channel or private line. Database 5 may even be located in the premises of vendor 3.
  • the account identification code is not located in database 5
  • a message indicating this is sent to the vendor.
  • the vendor then notifies the purchaser, who is optionally given opportunity to register with the database on providing adequate security information to authenticate his or her identity.
  • database 5 performs a test to determine whether the computer hardware identification code located in the database matches the code on the purchaser's computer 1. This test is preferably done by means of an Internet connection between database 5 and purchaser's computer 1 , in real time during the processing of the online purchase transaction, preferably transparently to the purchaser and vendor. It is possible, although not as desirable, that the test could be routed to the purchaser's computer 1 via vendor 3, rather than via direct Internet connection 6.
  • a message to this effect is sent to the vendor and the transaction fails.
  • a message is also sent to the registered owner of the account and to the financial institution advising them of the possible attempted unauthorised transaction.
  • a message to this effect is sent to the vendor 3. Either after receiving this message, or at the same time as sending the account identification code to database 5, vendor 3 contacts bank 8 via the Internet 7 or via a direct line, a dial-up line or any other suitable connection. Vendor 3 transmits to bank 8 details of the account identification code and the transaction amount. The bank then processes the authorisation request in accordance with its standard criteria before responding to vendor 3 with an authorisation message or a refusal of authorisation, and the transaction proceeds or fails accordingly.
  • the account identification code is not registered in the database.
  • the message may optionally incorporate further information on the nature of the result returned, such as providing a measure of reliability regarding verification of the initial registration of the purchaser's computer.
  • the scenario illustrated in Figure 2 is similar, except that the vendor communicates only with the database service provider 5, who communicates with the bank as agent for the vendor.
  • the vendor communicates only with the database service provider 5, who communicates with the bank as agent for the vendor.
  • details of the transaction amount are provided by vendor 3 to database service provider 5, as well as the account identification code.
  • the database service provider tests the computer hardware identification code and contacts financial institution 8 via the Internet 7 or via a private line, a dial-up line or any other suitable communications method.
  • Financial institution 8 provides the authorisation to database service provider 5, who relays it to vendor 3.
  • the method of the present invention could be accomplished by providing a server with a permanent connection to the Internet, with the server running database software fulfilling the function of database 5.
  • This server could be connected to individual vendors and financial institutions through the Internet, private lines, dial-up connections or any other suitable communication means.
  • the server could be located in the premises of a vendor or a financial institution, although it is preferred that the server be located separately. As traffic increases, to ensure availability and the ability to handle large transaction volumes, a number of clusters of servers geographically separated will be required.
  • the method of the present invention requires that the purchaser have a computer which has a computer hardware identification code which is capable of being read remotely. Many computers do not currently have such a hardware code. An aspiring purchaser who wishes to make purchases using the secure method of the present invention could do so by acquiring a processor which has a remotely accessible identification code such as an Intel Pentium III processor, or by adding to the purchaser's computer a hardware item with a remotely accessible identification code, such as an add-in card, board or other device.
  • the Pentium III processor serial number it is preferred that the computer hardware identification code used for the purposes of the present invention be a code based on modified version of the processor serial number, rather than the processor serial number itself.

Landscapes

  • Business, Economics & Management (AREA)
  • Development Economics (AREA)
  • Accounting & Taxation (AREA)
  • Economics (AREA)
  • Finance (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

L'invention concerne un procédé qui permet de payer par Internet (2, 4, 6, 7) le montant d'une transaction conclue entre un acheteur possédant un ordinateur (1) muni d'un code d'identification de l'ordinateur et un vendeur (3). Le procédé consiste pour l'acheteur à envoyer par Internet (2, 4, 6, 7) au vendeur (3), depuis son ordinateur (1), un code d'identification de compte qui identifie un compte détenu par l'acheteur auprès d'une institution financière. Le code d'identification de compte est ensuite vérifié dans une base de données (5) qui contient une description détaillée de codes d'identification de compte enregistrés et de codes d'identification de l'ordinateur associés. Si le code d'identification de compte n'est pas trouvé dans la base de données (5), un message est adressé au vendeur (3) pour l'en informer. Dans le cas contraire, un test est effectué afin de déterminer si le code d'identification de l'ordinateur associé au code d'identification de compte correspond au code d'identification de l'ordinateur stocké dans l'ordinateur à partir duquel l'acheteur a transmis le code d'identification de compte.
PCT/AU2000/000024 2000-01-18 2000-01-18 Procede de paiement securise par internet WO2001054003A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/AU2000/000024 WO2001054003A1 (fr) 2000-01-18 2000-01-18 Procede de paiement securise par internet
AU24251/00A AU2425100A (en) 2000-01-18 2000-01-18 Secure internet payment method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/AU2000/000024 WO2001054003A1 (fr) 2000-01-18 2000-01-18 Procede de paiement securise par internet

Publications (1)

Publication Number Publication Date
WO2001054003A1 true WO2001054003A1 (fr) 2001-07-26

Family

ID=3700782

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU2000/000024 WO2001054003A1 (fr) 2000-01-18 2000-01-18 Procede de paiement securise par internet

Country Status (2)

Country Link
AU (1) AU2425100A (fr)
WO (1) WO2001054003A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2368168A (en) * 2000-05-17 2002-04-24 Nigel Henry Rawlins Transaction authentication
SG115432A1 (en) * 2001-12-04 2005-10-28 Clickhere2 Network Pte Ltd A computer-based donation system
WO2005084100A3 (fr) * 2004-03-10 2007-07-05 Legitimi Ltda Systeme de controle d'acces pour services d'information base sur la signature materielle et logicielle d'un dispositif demandeur

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997019414A1 (fr) * 1995-11-21 1997-05-29 Oxford Media Pty. Ltd. Systeme de paiement monetaire par reseau informatique

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997019414A1 (fr) * 1995-11-21 1997-05-29 Oxford Media Pty. Ltd. Systeme de paiement monetaire par reseau informatique

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2368168A (en) * 2000-05-17 2002-04-24 Nigel Henry Rawlins Transaction authentication
SG115432A1 (en) * 2001-12-04 2005-10-28 Clickhere2 Network Pte Ltd A computer-based donation system
WO2005084100A3 (fr) * 2004-03-10 2007-07-05 Legitimi Ltda Systeme de controle d'acces pour services d'information base sur la signature materielle et logicielle d'un dispositif demandeur

Also Published As

Publication number Publication date
AU2425100A (en) 2001-07-31

Similar Documents

Publication Publication Date Title
US7003501B2 (en) Method for preventing fraudulent use of credit cards and credit card information, and for preventing unauthorized access to restricted physical and virtual sites
US6947727B1 (en) Method and system for authentication of a service request
RU2645593C2 (ru) Верификация портативных потребительских устройств
US9582802B2 (en) Identity theft and fraud protection system and method
ES2748847T3 (es) Transacciones de tarjeta de pago seguras
US20100179906A1 (en) Payment authorization method and apparatus
USRE43440E1 (en) Method for performing a transaction over a network
AU2004252925B2 (en) Transaction verification system
US7698567B2 (en) System and method for tokenless biometric electronic scrip
US7319987B1 (en) Tokenless financial access system
US8016189B2 (en) Electronic transaction systems and methods therefor
US6847816B1 (en) Method for making a payment secure
US7248719B2 (en) Tokenless electronic transaction system
JP4097040B2 (ja) 電子取引および電子送信の承認のためのトークンレス識別システム
US6192142B1 (en) Tokenless biometric electronic stored value transactions
US6985608B2 (en) Tokenless electronic transaction system
US20060190412A1 (en) Method and system for preventing fraudulent use of credit cards and credit card information, and for preventing unauthorized access to restricted physical and virtual sites
US20050033653A1 (en) Electronic mail card purchase verification
CA2260533A1 (fr) Methode et appareil de commerce electronique
WO2006062998A2 (fr) Systeme et procede de verification et de gestion d'identite
EP1134707A1 (fr) Procédé et dispositif d'authorisation de paiement
WO2001052205A1 (fr) Procede et dispositif de traitement
US20100017333A1 (en) Methods and systems for conducting electronic commerce
WO2001054003A1 (fr) Procede de paiement securise par internet
JP2001243391A (ja) クレジットカード決済システム

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase