WO2008007939A1 - Convenient online payment system - Google Patents
Convenient online payment system Download PDFInfo
- Publication number
- WO2008007939A1 WO2008007939A1 PCT/MY2007/000047 MY2007000047W WO2008007939A1 WO 2008007939 A1 WO2008007939 A1 WO 2008007939A1 MY 2007000047 W MY2007000047 W MY 2007000047W WO 2008007939 A1 WO2008007939 A1 WO 2008007939A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- user
- payment
- online payment
- online
- merchant
- Prior art date
Links
- 238000000034 method Methods 0.000 claims abstract description 69
- 238000012795 verification Methods 0.000 claims description 6
- 230000001755 vocal effect Effects 0.000 claims description 5
- 230000009471 action Effects 0.000 description 16
- 230000003213 activating effect Effects 0.000 description 7
- 230000008569 process Effects 0.000 description 5
- 239000003795 chemical substances by application Substances 0.000 description 4
- 238000004891 communication Methods 0.000 description 4
- 230000033001 locomotion Effects 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 230000008450 motivation Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000002360 explosive Substances 0.000 description 1
- 230000000193 eyeblink Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000012011 method of payment Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000979 retarding effect Effects 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/12—Payment architectures specially adapted for electronic shopping systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/04—Payment circuits
Abstract
The object of the invention is to develop a method and a system for online payment wherein its users, do not need to provide personal and account information to the various participating merchant portals when purchasing goods and services from a plurality of online merchant portals after providing them once to the online payment system during registration. In an embodiment of the. online payment system that, carries out the method of the invention, a payment client residing in the payment device accepts user inputs, including username and password. A payment server authenticates the users when they log in to the system using the username and user's password and also stores the user account information that were given earlier. A merchant transaction module in each merchant portal communicates with both payment client and payment server to authenticate the user. The merchant transaction module retrieves necessary information from the payment server to conclude the transaction. The invention can be used in the execution of a micropayment scheme.. Multiple levels of security for user authentication, determined by an effective security level ensure fraud-free transactions.
Description
Convenient Online Payment System
Field of Invention
The present invention relates to a method for purchasing online and an online payment system for doing so and particularly to a payment transaction system.
Background of the Invention
With the explosive growth of the Internet, fixed and mobile telecommunications over the last decade and the rapid increase in the number of consumers with access to the World Wide Web and telecommunication networks, there has been a great deal, of interest in the development of electronic commerce on the Internet and telecommunication networks. -
Several examples of Internet payment systems already exist. While not an exhaustive list, some examples of Internet " payment systems include PayPal, VeriSign, Bitpass and many others.
Despite the existence of prior art systems and methods such as those identified above, many sellers offering goods or services through Internet, especially very low priced articles, find it difficult to sell their products, as customers normally find it a hassle to first, register with the portal and then enter their login information every time they visit a site. On top of this, they have to register with every merchant portal from which they wish to purchase goods and services. Merchants, on the other hand typically have to establish a separate relationship with each credit card issuer or payment provider, each with its own payment processing protocols, making the use of such systems complicated.
The issue of trust is another obstacle that keeps customers away from Internet and other online merchant websites. Trust is the major issue retarding the growth of
e-commerce on the Internet. Customers loathe providing their creditxard details to websites that are not well known, fearing that such information may be misused. There have been well-published cases of users who make credit card payments through the Internet, only to find someone has used their credit cards to make additional . purchases. A single trusted point of contact addresses the concern of many e-commerce purchasers regarding supplying their personal and credit card information via the Internet to websites that may have little or no security and which may not safeguard or may misuse such information.
In addition, the use of an online payment system that allows micropayment, i.e. payment in small dollar amount, is extremely advantageous for purchases or monetary transactions of this nature. Often, consumers are reluctant to use, and merchants are reluctant to accept credit card • transactions for small * dollar amounts. Merchants are reluctant to accept a credit card for a small dollar amount transaction because of the high processing fees per transaction. The users are reluctant to conduct small monetary transactions because conventional online payment systems require them to enter a multitude of information with each merchant before a transaction can be concluded. By permitting the use of an online payment system that make purchases for small dollar amounts convenient for users, merchants may very well be rable- to begin charging for goods and/or services Jthat they had been providing for free in the past.
Summary of the Invention
It is the object of this invention to provide a method and an online payment transaction system that provides a single trusted point of contact between merchants and their customers. The invention caters for both large transactions and smaller, micropayment transactions.
By using the invention, the user only has to log in once to the online payment system prior to purchasing good and services from a plurality of merchant portals
' instead of providing password and user information repeatedly to each of the merchant portals. Account and personal information for making purchases has been provided by the user to the online payment system during registration and this information is provided to each merchant portal via the online payment system for completing a purchase or a financial transaction. This is in contrast to the prior art, where each merchant portal has their own registration and payment methods making online transactions tedious for the users.
The invention further comprises means and methods for further authenticating a logged-in user. The means and method for further authenticating a logged-in user - is determined by an effective security level that is dependent upon criteria set by the registered user, the merchants and the online payment system operator.
The invention can be used for the execution of a micropayment scheme.
Brief Description of the Drawings
The invention will now be described with reference to following figures which, constitute a part of this specification and are an exemplary embodiment of the invention, which may be embodied in various forms. It is to be understood that various aspects of the invention may be extricated from the entire invention and shown alone by itself to facilitate an understanding of the invention.
Figure 1 is a flowchart that outlines the main steps in the online payment method taught according to the invention that is not restricted to a particular online payment system.
Figure 2 is a representation of the online payment system taught according to the invention.
Figure 3 a is a flowchart that outlines the main steps in the preliminary process to be undertaken before a user can use the online payment system taught according to the invention.
Figure 3b is a flowchart that outlines the main steps taken when a user uses the online payment system taught according to the invention.
Figure 4 is a flowchart that outlines the process, how user's actions are being transformed to signals for activating a financial transaction at the online payment system.
Detailed Description of the Invention
Detailed description of the preferred embodiment which summarizes all aspects of different embodiments of- this invention is provided herein and refers to any figure briefly described before this. • It is appreciated that different aspects of the different embodiments may be implemented individually or in any combination and it is understood that the present invention may be embodied in various forms.
Therefore, specific details disclosed herein are. not to be interpreted as limiting, but rather as a basis for the claims and as a representative basis for teaching one skilled in the art to employ the present invention in virtually any appropriately detailed system, structure or manner.
The term 'payment devices' used throughout the following specification can be a personal computer, personal digital assistant (PDA), smart phone, mobile devices, fixed line smart terminal and other devices with browser capabilities which allow the user to perform actions for activating financial transaction with the online payment system.
The term "manually enter account or personal information" used hereinafter refers to the user's actions (including various gestures, motions of finger(s),
hand(s), head, sound made by vocal track or nose or other actions such as clapping hands, eye blinks or any movement of any parts of the user's body) corresponding to the syllables of the words for user's account and personal information, as captured by the user interface of the payment device, through sensors such as keyboard, mouse, microphone and camera.
The invention is a method for online payment and a system for carrying out the online payment method. The method provides users with a single trusted point of contact for making purchases and financial transactions. One embodiment of the online payment system for carrying out the method is further described after disclosing the method. The online payment method is a service that is operated on the Internet, mobile telecommunication networks or networks capable of connecting computer servers running the online payment system, the merchants and the users. Registered users access the online payment system to make online payments using computers, personal digital assistants (PDAs), smartphones, wireless mobile devices, fixed line data terminal or other devices that have Internet or interactive network capability, operational on fixed or mobile telecommunication networks. Participating merchants are linked to the online payment system by using their respective merchant portals. The users can make purchases and financial transactions. at the respective merchant portals with the online payment method.
The method as generally illustrated in Figure 1 without specifically referring to any system comprises each user providing his or her account and personal information to the online payment system. Registration of the users (121) with the online payment system can be done by themselves when they are online. During online registration, the user also provides a usemame and password to be used with the online payment system. Alternatively, the password is generated by the online payment system and given to the user. The users can also register themselves in other ways such as appearing in person over the counter of an authorized agent of the online payment system, sending authorization document
together with registration form by fax or by mail. If registration methods other than the online registration by a user are used, these methods may include generating a temporary user password and sending it to the user after approving the registered user for using the online payment method.
The online payment method can be applied by a financial institution or an entity providing users the online- payment method as a one of their services to customers, staffs, members or persons eligible to the service that are associated, with the entity. In this scenario, with the consent of the eligible persons, their existing account and personal information can be made available to the online payment system by the institution or entity.
The method includes prompting a user to change the temporary password upon first time login (122), if they are issued to the user earlier. After successful login, user can make purchases or financial transactions during that login session which is conveniently referred to as a "purchase session". The online payment method includes authenticating a. user's identity by the username and password each time the user logs in to the online payment system from the payment device. The payment device can be a personal computer, personal digital assistant (PDA)/ smart phone, mobile devices, fixed line smart terminal and other devices with browser capabilities which' allow the user to perform actions for activating financial transaction with the online payment system.
User of the online payment method can also be authenticated in other ways such as. using biometric feature authentication and public key infrastructure (PKI). User authentication method can be easily modified to include application of these authentication means and these adaptations are well known in the art. Authentication using these features can be part of the facilities of the payment device and their functions can be incorporated into the payment device.
During each purchase session, a user can visit any online portal with a browser in the conventional way for various purposes including" making purchases or financial transactions. When the user visits any participating merchant or any entity (124) that uses the online payment system to purchase something or make a financial transaction, the transaction is completed on the merchant portal without requesting the user to provide his account information and personal information to the merchant or entity again. As long as the user is logged in to the online payment system and stays active during a single purchase session, he can make purchases and financial transactions with various participating merchant portals. This is convenient when the user makes purchases from different merchants or' entities.
The online payment method includes identifying. the logged-in user (126) making purchases or visiting the merchant portal by the merchant portal. The merchant portal identifies a logged-in user by obtaining information from the payment device and querying a server, managing the online payment system for information to authenticate the user's identity. User authentication happens in the background and user may be optionally informed that he or she is successfully authenticated.
In the preferred embodiment of the present invention, user interacts with the online payment system via the User Interface (UI) on the payment device by using the UI devices comprising input or output devices or both (128). Said UI devices include keyboard, mouse, display, microphone, speaker, camera and the like. It is important to note that said output devices (such as display and speaker) function as an integral part of UI, because input devices take the output of output devices in conjunction with the input from input devices as input. Particularly, the user performs actions that are detected by the UI devices. Then the UI devices generate and send patterns of electronic signals to the UI module of the operating system of the payment device according to the actions performed. The UI module on the payment device recognizes such specific patterns of electronic signals sent
as a decision or command from the user to activate a payment transaction with the online payment system. For example, when the user clicks on the mouse button with the mouse pointer on the screen of the display pointing to the image of certain object to be purchased, electronic signals are generated by the mouse. Specific coordinates of the mouse pointer on the screen and said electronic signals are taken as input by the UI module. In another example, speakers which broadcast the audio of a question asking the user if he/she wants to purchase an item, is considered as an integral part together with the microphone which records the user's response. User actions or transaction activating actions as mentioned above includes i) clicking (single click, double click or other sequences) on a mouse with the mouse pointer on the screen pointing at an image of an object, ii) body motions as captured by -a camera, iii) giving voice commands via a microphone attached to the payment device, and iv) touching a - touch sensitive screen on the payment device. In another embodiment, the details of the actions of the user that can be regarded as transaction activating actions with the online payment system are specified in the agreement between the online payment operator and the user.
The transaction of a purchase is considered complete (134) after the merchant- portal obtains necessary information of the identified logged-in user (132)' from the server and the payment device. The information queried by the merchant portal includes the user's name, amount of credit in the user's account, the user's shipping address and other personal and account information needed for completing the purchases or transactions. It is to be noted that user account information and personal information is' provided by the user only once to the online payment system during user registration. Account information, personal information and other registration details can be updated when there are future changes in the user's account and personal information.
The online payment method also ensures that a sufficient amount of credit exists in the user's account before purchases and financial transactions are approved.
Users are required to deposit a certain amount of money into their account with the online payment system before first use. Other options of payment include designating credit limit to eligible users using the online payment system for making any purchases and financial transactions. If the user is given a credit limit to spend, the user is required to pay for the credit spent at regular intervals or after the credit limit is reached, whichever of the two comes first.
The online payment method that allows many users to contact a single trusted point of contact for payment to multiple merchants is a way for realizing a micropayment scheme. From the merchant's point of view, micropayment is feasible because transactions from many users can be accumulated from time to time and clearing each accumulated transactions with respective single transaction cost. This reduces transaction cost in comparison with high processing fees in the prior art. From the user's point of view, the greater the number of merchants who are using this online payment method, the higher the incentive or motivation is for them to use the online payment method since they are relieved of the hassles of providing details and being authenticated at every merchant portal.
The method disclosed herein can be complemented by additionally authenticating the user. Additional authentication of the user serves at least two purposes: firstly, to ensure from time to time that the logged-in user is the registered user when the purchase session is active and secondly, to further authenticate the user when the user is making purchases or financial transactions (130). Preferably, the step for authenticating the user is independent of the payment device for logging in to the online payment system. This ensures that the user can log in to the online payment system from any device that is enabled for such purpose.
One way for doing this is by sending multiple security queries to said logged-in user for additional authentication of said logged-in user via the payment device.
The merchant portal prompts the server managing the online payment system to
send the security queries to further authenticate user during purchases or financial transactions (130) or a server responsible for the overall operation of the online payment system sends the security ' queries from time to time to ensure the logged-in user is the same person. Different security queries are associated with different effective security level beforehand. The current effective security level affects which security queries are sent during the additional authentication. These security queries and -their association to the effective security level are. created before the user's first login and can be changed by the logged-in user subsequently. The security queries sent, the number of security queries sent each time and how frequent the security queries are sent are determined by the effective security level applied by the online payment system operator.
One way for determining the effective security level is to take into account the security criteria set by each registered user, merchant of each said merchant portal and the online payment system operator. These criteria include a user security level that is set by a particular registered user, merchant security factor that is set by a particular merchant and the system operator security factor that is controlled by the operator of the online payment system. User may apply a higher value for the user security level when they are using the online payment system in public area. Merchant can set the merchant security factor to a higher, value for larger transaction amount or for users with high risk profile. The online payment operator may alter the system operator security factor depending on the ownership of the payment device to access the online payment system and the user's profile. The effective security level is derived from the user security level, the merchant security factor and the system operator security factor and can be altered by the server responsible for the overall operation of the online payment system after it reviews the effective security level. The server responsible for the overall operation of the online payment system may alter the value of the effective security level if the effective security at a particular moment is unsuitable. For example, the effective security level will be set higher when the
user is using a shared computer accessible to other users to prevent other users abusing the online payment system user's account.
This authentication method is complemented with additional verification methods such as verbal question and answer with the user by service personnel representing the online payment system over telephone.
The foregoing steps from steps 128 to 134 are repeated (136) when the logged-in user makes other purchases or financial transactions from the- same merchant portal. Steps 124 to 136 are repeated (138) when the logged-in user makes other purchases or financial transactions with other merchant portals. The user logs out from online payment system (140) when the user has finished making his/her purchases and financial transactions using the online payment method.
The Online Payment System
The method can be executed by an online payment system that can be of various embodiments. One possible embodiment of the online payment system is described herein with respect to Figure 2, 3a and 3b. Initially, to sign up for the service, the user needs to register (310) with the online payment system operator, providing the necessary account and personal information. User registration (310) can be carried out manually through agents of an authorized agent of the online payment system, or online through a public data network using a browser capable device. Throughout this description, online means being connected to a public data network while a public data network encompasses the Internet, mobile telecommunication networks and any other data networks that is accessible to the public. Upon registration, the user is then given a media that stores the payment client program or downloads a payment client program (210), which can be a browser plug-in or standalone program, which is installed in the payment device (312). The plug-in is an additional program component that can be added to an existing browser to include additional functionalities, in this case those of a
payment client. The standalone program has its own independent window or windows, provides the payment client functionalities, in communication with an existing browser and is being executed as an independent process in the operating system of the payment device. The standalone program can also be a browser 5 integrated with payment client functionality. The payment device can be a personal computer, personal digital assistant (PDA), smart phone, mobile devices, fixed line smart terminal and other devices with browser capabilities which allow the user to perform actions for activating financial transaction with the online payment system. Such browsers are application programs on these
10 devices that enable the user to retrieve and view textual, audio and visual
' information, send information and interact with different parties through the
Internet, mobile telecommunication network or any networks connecting the users, the merchants and the payment server of the online payment system together.
15
The payment client (210) is a program that resides in the payment device. The user launches the payment client when he/she wants to log in to the payment server and the payment client stays active throughout his/her purchase session (as long as the user does not log out from the online payment system during which
20 he/she may make online purchases and- financial transactions). The payment client acts as an interface between the user and the payment server (220). The payment client (210) prompts for the user's login name and password during login and sends them using a secure communication protocol to the payment server (220) for authentication.
25.
The payment server (220) refers to a network of computers that executes the server program of the online payment system and is operated by the online payment system operator. The computers running the payment server program in synchronization are networked with each other and may be located in multiple
30 locations. Users' personal particulars, users' financial information, including credit card/ bank account number and method of payment are provided to the
payment server (220) during registration (310), either indirectly through agents or provided online directly by users. The payment server (220) manages user accounts including account information such as remaining amount of credit. All information given by the user during registration can be updated by the user at any point of time later.
The payment server (220) authenticates a user based on a primary means of authentication such as username and password sent from the payment client (210) during user login. Once users log in to the online payment system via the payment client (210), the payment server (220) knows which users are currently logged in to the system and is ready to endorse them if an authentication query is received from a merchant transaction module (230).
All merchants using the online payment system need to install a merchant transaction module (230) in their merchant portal's server. 'Portal' as used herein and throughout the specification refers to all online websites and portals such as Internet websites or portals on other types of telecommunication network accessible from the payment device. When the user visits a participating merchant portal using a browser, the merchant transaction module (230) contacts both the payment client (210) and payment server (220) to authenticate the user.
Using a secure communication protocol, the merchant transaction module (230) ensures that the user is using a valid payment client (210) and that he/she has sufficient credit in his/her account to make the purchases or financial transactions. An error message is displayed if there is insufficient credit in the user's account.
In order to carry out a transaction, the user goes online and logs in to the payment server using the payment client to start a purchase session (322). During a purchase session, the user uses a browser to visit any participating merchant portal providing products or services (324) to make purchases. At the same time, the user can also visit other websites or portals that are not a participating
merchant for other purposes just as in any conventional online session. The • participating merchant portal's server runs the merchant transaction module (230) provided by the online payment system operator. When the user visits the merchant portal, the payment client (210) contacts the merchant portal and if the merchant portal is a participating merchant portal of the online payment system, the merchant transaction module (23.0) responds to the payment client. The merchant transaction module. (230) obtains user authentication information (326) such as a unique user ID from the payment client (210) and the payment server
(220) to authenticate the user (326). This happens in the background and is not obvious to the user.
In the preferred embodiment of the present invention, user interacts with the online payment system via the User Interface (UI) on the payment device by using the UI devices comprising input or output devices or both. Said UI devices include keyboard, mouse, display, microphone, speaker, camera and the like. It is important to note that said output devices (such as display and speaker) function as an integral part of the UI because input devices take the output of output devices in conjunction with the input from input devices as input. Particularly, the user performs actions that are detected by the UI devices. Then the UI devices generate and send patterns of electronic signals to UI module of the operating system of the payment device according to the action performed. The UI module on the payment device recognizes such specific patterns of electronic signals sent as a decision or command from the user to activate a payment transaction with the online payment system (328). For example, when the user clicks on the mouse button with the mouse pointer on the screen of the display pointing to the image of certain object to be purchased, electronic signals are generated by the mouse. The specific coordinates of the mouse pointer on the screen and said electronic signals generated by the mouse are taken as input by the UI module. In another example, speakers which broadcast the audio of a question asking the user if he/she wants to purchase an item, is considered as an integral part together with the microphone which record the user's response. User actions to activate
payment transaction as above mentioned includes i) clicking (single click, double click or other sequences) on a mouse with the mouse pointer on the screen pointing at an image of an object, ii) body motion as captured by a camera, iii) giving voice commands via a microphone attached to the payment device, and iv) touching a touch sensitive screen on the payment device. In another embodiment, the details of the actions of the user that can be regarded as actions to activate a payment transaction with the online payment system are specified in the agreement between the online payment operator and the user.
The transaction of a purchase is considered complete (334) after the merchant portal obtains necessary information of the identified logged-in user (332) from the server and the payment device. The information queried by the merchant portal includes the user's name, amount of credit in the user's account, the user's shipping address and other personal and account information needed for completing the purchases or transactions. It is to be noted that user account information and personal information is provided by the user only once to the online payment system during user registration. Account information, personal information and other registration details can be updated when there are future changes in the user's account and personal information.
The merchant portal accepts and processes the transaction (334) once the user has chosen or selected his/her items to be purchased or service transactions to be carried out. The merchant portal accepts and processes the transactions on the condition that the user is authenticated earlier. Alternatively in another embodiment of the invention, which will be explained elsewhere in this specification, user is subjected to additional authentication (330) before the purchases or transactions are completed. The merchant transaction module (230) retrieves all necessary information from the payment server (220) and the payment client (210) to conclude the transaction (332). Such information may include shipping address and email address for order confirmation. The user can continue to make purchases with the same participating merchant (336) or visit
other participating merchant portals (338) to make other purchases in the same manner during the entire purchase session. When the user has finished making purchases, he or she logs out from the payment server to end the purchase session (340). In this manner, the user does not have to sign in at every merchant portal he/she visits or manually provide user's account information or personal information to the participating merchants.
It needs to be noted that the online payment system provides users a single trusted point of contact (the payment server (220)) for payment to multiple merchants, which is an infrastructure for realizing a micropayment scheme. From the merchant's point of view, micropayment. is . feasible because transactions from many users can be accumulated from time to time and clearing each accumulated transactions with respective single transaction cost. This reduces transaction cost in comparison with high processing fees in the prior art. From the users'" point of view, the greater the number of merchants using this online payment system, the higher the incentive or motivation is for them to use the online payment system since they are relieved of the hassles of providing details and being authenticated at every merchant portal.
In the case of an unregistered user or a registered user who is not logged in to the online payment system clicks the "buy button" or other window or web page objects or performs an action for activating a purchase or financial transaction on the merchant portal, they are not allowed to make purchases or financial transactions by using the means and method of this invention because they are not identified by the merchant transaction module (230) and the payment server (220). A different payment screen is shown so that users not using the online payment system can pay in a conventional manner if he/she so chooses.
In another embodiment of the online payment system, the user is additionally authenticated from time to time and before the purchases and financial transactions made by the logged-in user are completed. Additional authentication
of the user serves at least two purposes: firstly, to ensure from time to time that the logged-in user is the same person throughout the purchase session and secondly, to further authenticate the logged-in user when the logged-in tiser is making purchases or financial transactions (330). Preferably, the act of authenticating the user is independent of the payment device for logging in to the payment server (220). This ensures that the user can log in to the online payment system from any device that is installed with the payment client (220).
One way for carrying out additional authentication of said logged-in user is by having the payment server (220) sending multiple security queries to said logged- in user via the payment client (210). Users set questions and corresponding answers with the online payment system before the user's first login and the questions and corresponding answers are stored by the payment server (220). The user can change questions and answers set earlier at a point of time later. Different security queries are associated with different effective security level.
After the initial authentication of the user using his or her username and password during user login, the payment server (220) and the merchant transaction module
(230) use the security queries method to additionally authenticate the user during
■ a purchase session. : • . '
One way of determining the effective security level that is to take into account the security criteria set by each registered user, merchant of each said merchant portal and the online payment system operator. These criteria include a user security level that is set by a particular registered user, a merchant security factor that is set by a particular merchant and a system operator security factor that is controlled by the operator of the online payment system. User may set a higher value for the user security level through the payment client (210) when they are using the online payment system in public area. Merchants can set the merchant security factor to a higher value through their respective merchant transaction module (230) for larger transaction amount or for users with high risk profile. The payment server (220) may alter the system operator security factor
depending on the ownership of the payment device to access the online payment r system and the user's profile. The effective security level is then derived from the user security level, the merchant security factor and the system operator security factor and can be altered by the payment server (220). The payment server (210) alters the effective security if the effective security level at a particular moment is unsuitable. For example, the effective security level will be higher when the user is using a shared computer accessible to other users to prevent other users abusing the online payment system user's account
The merchant can set a higher value for the merchant security factor for additional security, such as in the case of a user trying to make a large transaction. The merchant transaction module (230) may initiate the additional authentication by sending a request to the payment server (220). The payment server (220) sends the security queries to the user via the payment client (210) and may initiate the additional authentication. The user must correctly answer one or more security queries before being allowed to proceed with the purchase. The security queries sent, the number of security queries sent each time and how frequent the security queries are sent are determined by the effective security level.
This authentication method is complemented with additional verification methods such as verbal question and answer with the user by service personnel representing the online payment system over telephone.
Preferably, all information such as user registration details, security queries, purchase details are transmitted to and fro among the payment client (210), the payment server (220) and the merchant transaction module (230) using a secure communication protocol.
While the invention has been described in connection with a preferred embodiment, it is not intended to limit the scope of the invention to the particular
form set forth, but on the contrary, it is intended to cover such alternatives, modifications, and equivalents as may be included within the scope of the invention as defined by the appended claims.
Claims
1. A system for online payment, comprising: a plurality of payment devices wherein a payment client is residing in each of the device; a plurality of merchant portal servers wherein a merchant transaction- module is residing in each said merchant portal server; and a payment server storing said users' account and personal information and authenticating any said user when any said user logs in to the system, said payment server is providing users and merchants with a single trusted point of contact for making purchases and financial transactions, said payment server
. endorsing any of said users as a registered user after- said users successfully logged in through said payment client, said payment server also allowing said users to make purchases and financial transactions using the system as long as the users stay logged-in to the system, and said payment server enabling each said merchant portal server to obtain all the necessary information to conclude said purchases and said financial transactions from said payment server and payment client without requiring said logged-in user to manually enter account or personal information to the payment system using the user interface of the payment device during transaction.
2. The system for online payment as claimed in claim 1, wherein said authenticating user when user logs in to the system is done by checking the user's username and the password.
3. The system for online payment as claimed in claim 1, wherein said merchant transaction module queries said payment server and payment client for information to authenticate said user's identity and to conclude said purchases and financial transactions.
4. The system for online payment as claimed in claim 1, wherein said user informs the online payment system about his/her decision to make purchases
and perfoπn a financial transaction by generating specific patterns of electrical signal via UI devices to a User Interface (UI) module on the payment device to activate the payment transaction at the online payment system. . .
5. The system for online payment as claimed in claim 4, wherein said UI devices include keyboard; mouse, display, microphone, speaker, and camera.
6. The system for online payment as claimed in claim 3, wherein said necessary information queried to conclude said purchases and financial transactions includes said user's name, amount of credit in said user's account and said user's shipping address.
7. The system for online -payment as -claimed in claim 1, wherein the online payment system operator ensures the user's account have sufficient credit prior to approving any purchases and financial transactions.
8. The system for online payment as claimed in claim 1,. wherein said user is given a credit limit to spend using the online payment system. ■ " • •
9. The system for online payment as claimed in claim 1, further comprising at least one additional authentication step.
10. The system for online payment as claimed in claim 9, wherein said additional authentication step includes multiple security queries, biometric features and/ or public key .infrastructure (PKI).
11. The system for online payment as claimed in claim 10, wherein said multiple security queries are sent to the user via the payment client on the payment device, to which the user must respond correctly before being accepted by the online payment system to conclude said purchases and financial transactions.
12. The system for online payment as claimed in claim 10, wherein said multiple security queries are sent by said payment server.
5 13. The system for online payment as claimed in claim 12, wherein said payment server initiates the sending of said security queries.
14. The system for online payment as claimed in claim 12, wherein said merchant portal initiates the sending of said security queries by sending a request to " 10 said payment server.
. 15. The system for online payment as claimed in claim 10, wherein an effective security level determines the number of said multiple security queries that are sent.
15 . ' . - ■ _
16. The system for online payment as claimed in claim 10, wherein said security queries are associated with different security levels and are sent according to an effective security level. .
20 17. The system for online payment as claimed in claim 10, wherein an effective security level determines how frequent said security queries are sent.
18. The system for online payment as claimed in claim 15, wherein factors affecting said current security level include a user security level, a merchant
25 security factor and a system operator security factor.
19. The system for online payment as claimed in claim 18, wherein said merchant security factor is determined by one or more of the following comprising the transaction amount and each said user's profile.
30
20. The system for online payment as claimed in claim 18, wherein said system operator security factor is determined by one or more of the following comprising the ownership of the payment device that each said user uses and each said user's profile.
21. The system for online payment as claimed in claim 1, further comprising a means for additional verification.
22. The system for online payment as claimed in claim 21, wherein the additional verification is verbal questions and answers with said users by service personnel representing the online payment system.
23. The system for online payment as claimed in claim 1 wherein said payment client is a plug-in software component for an existing browser.
24. The system for online payment as claimed in claim 1 wherein said payment client is a standalone program.
25. The system for online payment as claimed in claim 1 wherein said payment client is a standalone program with browser capability.
26. The system for online payment as claimed in claim 1 wherein purchases or financial transactions for each said merchant is accumulated from time to time and each accumulated transactions is cleared with respective single transaction cost.
27. A method for making online purchases and financial transactions, the method comprising: providing user's account information and personal information to an online payment system during registration; authenticating a user logging in to the online payment system;
making purchases and financial transactions by said logged-in user with one or more merchants using the online payment system; and completing said purchases and said financial transactions made by said logged-in user by providing users and merchants with a single trusted point of 5 contact, wherein said merchant obtains all necessary information of said logged-in user from a server responsible for the overall operation of the online payment system -and the payment device without requiring said logged-in user to manually enter account or personal information to said online payment system during transaction. 10 ■ .
28. The method as claimed hi claim 27, wherein said step of providing user's account information and personal information is carried out during registration with the online payment system.
15 29. The method as claimed in claim 27, wherein said step of authenticating a user . is done by checking the user's username and the password.
30. The method as claimed in claim 27, wherein said step of making purchases . and financial transaction is done by generating specific patterns of electrical 0 signal via UI devices to a User Interface (UI) module on the payment system to activate the payment transaction at the online payment system.
31. The method as claimed in claim 30, wherein said UI devices include keyboard, mouse, display, microphone, speaker and camera. 5
32. The method as claimed in claim 27, wherein said step of obtaining all necessary information includes querying said server and said payment device for information to authenticate said user's identity by said merchants, querying said server and said payment device for information to complete 0 said purchases and financial transactions by said merchants while server and
the payment device replying said merchant with the requested user's information.
33. The method as claimed in claim 32, wherein said information queried to complete said purchases and financial transactions includes said user's name, amount of credit in said user's account and said user's shipping address.
34. The method as claimed in claim 27, including ensuring sufficient credit exists in the user's account prior to approving any purchases and financial transactions.
35. The method as claimed in claim 27, including giving a credit limit to said user ■ prior to using the online payment system for making any purchases and financial transactions. . ' . -
36. The method as claimed in claim 27, further comprising an additional authentication step.
37. The method as claimed in claim 36, wherein said additional authentication step includes multiple security queries, biometric features and/ or public key infrastructure (PKI).
38. The method as claimed in claim 37, wherein said multiple security queries are sent to said logged-in user via the payment device.
39. The method as claimed in claim 38, wherein the online payment system operator initiates the sending of the security queries.
40. The method as claimed in claim 38, wherein the merchant requests the online payment system operator to send the multiple security queries.
41. The method as claimed in claim 37, wherein the number of said multiple security queries sent is determined by an effective security level.
42. The method as claimed in claim 41, wherein security queries are associated 5 with different security levels and are sent according to the effective security level.
43. The method as claimed in claim 41, wherein an effective security level determines how frequent said security queries are sent.
10 .
.
44. The method as claimed in claim 41, wherein factors affecting said current security level include a user security level, a merchant security factor and a system operator security factor.
15 45. The method as claimed in claim 44-, wherein said merchant security factor is determined by one or more of the following, .comprising the transaction amount and each said user's profile.
46. The method as claimed in claim 44, wherein said system operator security . 0 factor is determined by one or. more of the following comprising the ownership of the payment device that each said user uses arid each said user's profile.
47. The method for online payment as claimed in claim 27, further comprising a 5 means for additional verification.
48. The method as claimed in claim 47, wherein the additional verification is verbal questions and answers with said users by service personnel representing the online payment system. 0
49. The method as claimed in claim 27, further includes accumulating the purchases or financial transactions for each said merchant from time to time and each accumulated transactions is cleared with respective single ' transaction cost.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| MYPI20063273 | 2006-07-11 | ||
| MYPI20063273 | 2006-07-11 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| WO2008007939A1 true WO2008007939A1 (en) | 2008-01-17 |
Family
ID=38923453
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/MY2007/000047 WO2008007939A1 (en) | 2006-07-11 | 2007-07-04 | Convenient online payment system |
Country Status (1)
| Country | Link |
|---|---|
| WO (1) | WO2008007939A1 (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2466810A (en) * | 2009-01-08 | 2010-07-14 | Visa Europe Ltd | Processing payment authorisation requests |
| US8543508B2 (en) | 2010-07-09 | 2013-09-24 | Visa International Service Association | Gateway abstraction layer |
| US8639846B2 (en) | 2005-06-29 | 2014-01-28 | Visa U.S.A. Inc. | Adaptive gateway for switching transactions and data on unreliable networks using context-based rules |
| GB2513125A (en) * | 2013-04-15 | 2014-10-22 | Visa Europe Ltd | Method and system for transmitting credentials |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20030006901A (en) * | 2001-07-16 | 2003-01-23 | 주식회사 트루게이트 | Electronic commerce billing system and method by using fingerprint authentication |
| US20040177097A1 (en) * | 2000-12-01 | 2004-09-09 | Philips Electronics North America Corporation | Web-based, biometric authentication system and method |
| US20040243477A1 (en) * | 2003-01-24 | 2004-12-02 | Mathai Thomas J. | System and method for online commerce |
| KR20050063609A (en) * | 2003-12-22 | 2005-06-28 | 한국전자통신연구원 | System and method for settlement using biometrics through network |
-
2007
- 2007-07-04 WO PCT/MY2007/000047 patent/WO2008007939A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040177097A1 (en) * | 2000-12-01 | 2004-09-09 | Philips Electronics North America Corporation | Web-based, biometric authentication system and method |
| KR20030006901A (en) * | 2001-07-16 | 2003-01-23 | 주식회사 트루게이트 | Electronic commerce billing system and method by using fingerprint authentication |
| US20040243477A1 (en) * | 2003-01-24 | 2004-12-02 | Mathai Thomas J. | System and method for online commerce |
| KR20050063609A (en) * | 2003-12-22 | 2005-06-28 | 한국전자통신연구원 | System and method for settlement using biometrics through network |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8639846B2 (en) | 2005-06-29 | 2014-01-28 | Visa U.S.A. Inc. | Adaptive gateway for switching transactions and data on unreliable networks using context-based rules |
| GB2466810A (en) * | 2009-01-08 | 2010-07-14 | Visa Europe Ltd | Processing payment authorisation requests |
| US8688574B2 (en) | 2009-01-08 | 2014-04-01 | Visa Europe Limited | Payment system |
| US11669816B2 (en) | 2009-01-08 | 2023-06-06 | Visa Europe Limited | Payment system |
| US8543508B2 (en) | 2010-07-09 | 2013-09-24 | Visa International Service Association | Gateway abstraction layer |
| US9846905B2 (en) | 2010-07-09 | 2017-12-19 | Visa International Service Association | Gateway abstraction layer |
| GB2513125A (en) * | 2013-04-15 | 2014-10-22 | Visa Europe Ltd | Method and system for transmitting credentials |
| WO2014170667A1 (en) * | 2013-04-15 | 2014-10-23 | Visa Europe Limited | Method and System for Transmitting Credentials |
| US11138596B2 (en) | 2013-04-15 | 2021-10-05 | Visa Europe Limited | Method and system for transmitting credentials |
| US11941615B2 (en) | 2013-04-15 | 2024-03-26 | Visa Europe Limited | Method and system for transmitting credentials |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10963932B2 (en) | User enhanced authentication system for online purchases | |
| US20200351272A1 (en) | Unified identity verification | |
| US11954670B1 (en) | Systems and methods for digital account activation | |
| US20030046237A1 (en) | Method and system for enabling the issuance of biometrically secured online credit or other online payment transactions without tokens | |
| US9679293B1 (en) | Systems and methods for multifactor authentication | |
| US20160132846A1 (en) | Online payment processing method, apparatus and system | |
| US20140229388A1 (en) | System and Method for Data and Identity Verification and Authentication | |
| US20170109750A1 (en) | Systems and methods for facilitating card verification over a network | |
| US20140297538A1 (en) | System and Method for Data and Identity Verification and Authentication | |
| US20010051924A1 (en) | On-line based financial services method and system utilizing biometrically secured transactions for issuing credit | |
| US20090300097A1 (en) | Systems and methods for facilitating clientless form-filling over a network | |
| KR20010008360A (en) | A credit card payment method for electronic commerce | |
| US20170243224A1 (en) | Methods and systems for browser-based mobile device and user authentication | |
| US11348150B2 (en) | Systems and methods for facilitating card verification over a network | |
| WO2008007939A1 (en) | Convenient online payment system | |
| US11195169B1 (en) | Systems and methods for digital wallet | |
| KR20110129735A (en) | The internet loan system where the quick loan is possible | |
| CN116547684A (en) | System and method for identifying optimized internet connection configurations | |
| JP2002229956A (en) | Biometrics certification system, biometrics certification autority, service provision server, biometrics certification method and program, and service provision method and program | |
| CN116547682A (en) | Systems, methods, and computer program products for authenticating a device | |
| KR20110095762A (en) | System and method for providing on-line personal credit loan | |
| US20230021963A1 (en) | Systems and methods for facilitating card verification over a network | |
| KR20210029910A (en) | System and method for finacial service | |
| KR20190141409A (en) | Mobile coupon payment relay validation system and method in on-line and off-line | |
| KR20070115034A (en) | Method and system for authenticating user and payment in internet |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| 121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 07768889 Country of ref document: EP Kind code of ref document: A1 |
|
| DPE1 | Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101) | ||
| NENP | Non-entry into the national phase |
Ref country code: DE |
|
| NENP | Non-entry into the national phase |
Ref country code: RU |
|
| 122 | Ep: pct application non-entry in european phase |
Ref document number: 07768889 Country of ref document: EP Kind code of ref document: A1 |