WO2008089383A2 - Systems and method for secure wireless payment transactions - Google Patents
Systems and method for secure wireless payment transactions Download PDFInfo
- Publication number
- WO2008089383A2 WO2008089383A2 PCT/US2008/051395 US2008051395W WO2008089383A2 WO 2008089383 A2 WO2008089383 A2 WO 2008089383A2 US 2008051395 W US2008051395 W US 2008051395W WO 2008089383 A2 WO2008089383 A2 WO 2008089383A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- transaction
- code
- authority
- payment
- user
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4012—Verifying personal identification numbers [PIN]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/36—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
- G06Q20/367—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
- G06Q20/3674—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes involving authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/12—Accounting
Definitions
- the embodiments described herein relate to using a wireless device, such as a cell phone, to pay for a transaction, and more particularly providing secure authentication for such payment transactions.
- the wallet can be charged up, i.e., the dollar amount can be stored in the wallet on the cell phone, by interfacing the cell phone with a special machine. Once the device is interfaced with the machine, the consumer can insert bills into the machine and the wallet on the cell phone will be charged up with the corresponding dollar amount.
- the wallet application is downloaded to the user's cell phone the user can enroll other associated services such as debit and/or credit cards for transaction payment.
- These contactless payment cell phones have taken the place of older systems that allow the user to pay for a transaction by punching buttons on the cell phone. Often, the charge for such transactions would then show up on the user's cell phone bill.
- Such systems have several draw backs. For example, rolling out machines that interface with a cell phone and accept dollars add significant infrastructure cost for the cell phone carrier or financial institution in charge of the system. Further, seeking out such machines can be time consuming and/or inconvenient, and may limit adoption. Further, downloading applications and enrolling services may also limit adoption if the consumer feels that it is too complicated or too time consuming. Another major draw back to such systems, is the lack of secure authentication involved. [0006] It will be understood that multifactor authentication is preferred for financial transactions. For example, the simplest form of multifactor authentication is two factor authentication in which the transaction is authenticated based on something the consumer has and something the consumer knows. The ubiquitous ATM or debit card is the best example of this.
- One system tries to avoid this problem of authentication by requiring their user to input a code associated with the item to be purchased and then transmit the code to a pre-defined number, e.g., via a text message.
- the predetermined number is associated with a payment system and when the message including the code is received, it will trigger an operator to call the user's cell phone in order to confirm the order. The consumer can then be required to provide a secret PIN to the operator in order to complete the transaction. While such a system may provide better authentication, it eliminates the convenience of fast, contactless payment.
- a secured transaction payment system allows a user to use their mobile communication device to complete payment transactions.
- the user first sets up a prepaid account and selects a Personal Identification Number (PIN).
- PIN Personal Identification Number
- An identifier that identifies the user's mobile communication device is then associated with the PIN.
- the user inputs the PIN into the device and sends it, e.g., via a text message, to a pre-determined number, such as a 5 digit short code.
- the pre-determined number is associated with the payment authority on which the user's account is stored.
- the payment authority receives the PIN
- the message will also include the user's device identifier.
- the payment authority can then check the PIN and device identifier in order to authenticate the user. If the user is authenticated, then the payment authority will transmit a transaction code back to the user. The user will receive the transaction code on their mobile communication device and can provide the transaction code to the merchant.
- the POS system can then transmit the transaction code, a merchant ID, and the transaction dollar amount to the payment authority.
- the payment authority recognizes the transaction code, it will check the user's account to make sure that sufficient funds are available to cover the dollar amount, and if so will transmit an approval code back to the POS system.
- the POS system receives the approval code, the transaction can be completed and a receipt will be generated for the user.
- the system provides multifactor authentication by requiring the PIN (something the user knows) and the device identifier
- the message when the user transmits their PIN, the message is first routed through a message authority. Accordingly, when the message is finally received by the payment authority it can also include an identifier that identifies the message authority. This identifier can also be used in the authentication process to ensure that the message is actually being received from the correct message authority.
- the message authority can be required to provide a digital certificate to provide a further factor for authentication.
- the transaction code sent back to the user can include blanks, or X's that are to be filled in with numbers or data known to the user.
- the payment authority can transmit two of the numbers and leave two of the numbers blank. The user can then complete the four-digit code using two numbers known to the user.
- the payment authority will also know the two numbers known to the user. Accordingly, when the transaction code is then transmitted back to the payment authority via the POS system, the payment authority will be able to verify the code as a correct code.
- the length of the transaction code can be variable based on a certain time, date, etc., in order to avoid the possibility that the same code would be sent to more than one consumer at the same time. For example, if transaction volume increases significantly at lunch time, then, e.g., a four-digit code may not provide enough distinct codes for every simultaneous transaction. In such instances, the length of the code can be extended, e.g., to five digits in order to avoid this situation.
- the transaction code can be valid for a set period of time, e.g., 15 minutes, in order to prevent a fraudulent transaction if the user's mobile communication device is left unattended before completing the transaction.
- Figure 1 is a flowchart illustrating an example method of a user establishing a payment account on a payment authority in accordance with one embodiment
- Figure 2 is a flowchart illustrating an example method of a payment authority receiving user information and establishing a payment account for the user in accordance with one embodiment
- Figure 3 is a flowchart illustrating an example method of a user using that mobile communication device to complete a payment transaction in accordance with one embodiment
- Figure 4 is a flowchart illustrating an example method for authenticating a payment transaction in accordance with one embodiment
- Figure 5 is a diagram illustrating an example method for completing a payment transaction on a point of sale which can be abbreviated
- Figure 6 is a diagram illustrating an example method for proving a payment transaction in accordance with one embodiment.
- Figure 7 is a diagram illustrating an example payment authentication system in accordance with one embodiment.
- secure wireless payment transactions can be completed by requiring a user to send a message to a pre-determined number and input a PIN associated with the user's account.
- the PESf is transmitted, e.g., via a text message, to a payment authority, which can authenticate the user based on the PIN the user provided in an identifier identifying the user's mobile communication device.
- a payment authority can authenticate the user based on the PIN the user provided in an identifier identifying the user's mobile communication device.
- the message usually includes the mobile communication device number, e.g., the telephone number associated with the mobile communication device.
- the payment authority can use the PIN provided by the user and the mobile communication device identifier included in the message to authenticate the user. This provides two factor authentication since the user must have their mobile communication device and know their PIN.
- the term mobile communication device is intended to include a cell phone, smart phone, Personal Data Assistant (PDA) with wireless communication capabilities, a portable digital music player with wireless communication capabilities, or any portable device that includes wireless communication capabilities.
- PDA Personal Data Assistant
- At the core of a system configured to implement the functions described herein is a payment authority.
- the term "authority” as used herein is intended to refer to all the resources, i.e., hardware and software, needed to perform the associated functions described herein. Thus, for example, the term “authority” is intended to encompass all of the processors, servers, routers, databases, user interfaces, APIs, communications interfaces, and applications needed to perform the functions described below.
- a payment authority can be configured to set up and maintain user accounts for use in secure wireless payment transactions.
- a payment authority is also responsible for authenticating and approving user transactions.
- Figures 1 through 6 illustrate flowcharts that describe example methods for setting up a user account and using the user account for secure wireless payment transactions.
- Figure 7 is a diagram illustrating an example of a secure wireless payment transaction system in accordance with one embodiment.
- FIG. 1 is a flowchart illustrating an example process for establishing an account on a payment authority in accordance with one embodiment described herein.
- a user can access the payment authority to establish an account.
- the user can access the payment authority via a homepage on the worldwide web.
- the user can access the homepage using their computer and/or their mobile communication device.
- the user can supply a user name and password.
- the user can be asked to generate a unique username and password in step 104.
- the user's user name can be the user's mobile communication device identifier, e.g., the user's mobile communication device 10 digit telephone number.
- the user can be asked to generate a unique password, or the password can be generated by the system.
- the user's password is sent to the user's mobile communication device.
- the password entered in step 104 is the password the user received on the user's device. This can help verify the user's mobile communication device identifier.
- step 106 the user can then provide their financial account information.
- This financial account information will be used to charge the user's account as described below.
- step 108 the user can then provide their mobile communication device identifier, i.e., telephone number, if not already provided, e.g., in step 104.
- the PIN will often comprise a series of digits, such as numbers or alphanumeric digits. Since today's mobile communication devices can include sophisticated keyboards and text entry methods, the PIN selected in step 110 can comprised a variety of symbols, characters, data, etc; however, to ensure that the PINs operate over the broadest range of mobile communication devices, the digits comprising the PIN established in step 110 should be limited to data that can be input via a simple telephone keypad.
- the digits comprising the PIN established in step 110 should be limited to the numbers 0-9 and/or letters A-Z, which are often associated with numbers on a simple cellular phone keypad as will be understood.
- the user can select a recharge option indicating to what level the account should be charged using the financial account information provided in step 106. For example, the user can select to charge their account to $100 and to automatically recharge the account to $100 whenever the account balance drops below $20. Alternatively, the user can opt for manual recharging, which would require the user to log-on and recharge the account as needed. In other embodiments, the user can select to charge their account based on a predetermined frequency, e.g., every week, 2 weeks or every month. It should be noted, however, that the frequency recharging option should also include a start date and a stop date. Simple and obvious variations, combinations, are alternatives to these recharging options will be apparent and can all be used with the systems and methods described herein.
- the user can enter, or select promotions in step 114.
- the user may have received an incentive or promotion to establish an account.
- Such an incentive or promotion could be an initial, e.g., $10 charge up of the account, or a discount at a participating merchant.
- the incentive or promotion can be associated with a promotion code which the user can input in step 114 in order to obtain the incentive or promotion.
- the user can select from a list of promotions during account establishment. Selection of the promotion in step 114 can comprise an opt-in selection. In other words, the user can opt-in to receive via their mobile communication device promotion such as discounts or coupons to participating merchants.
- the promotions can be location-based promotions or services.
- the merchant provides a merchant identifier to the payment authority.
- the payment authority can use this merchant identifier to determine the location of the user.
- Promotions for merchants in the area such as discounts, coupons, sales, etc. can then be sent to the user via the user's mobile communication device.
- the promotions can be selected based on the type of transaction being engaged in by the user. For example, if the user is buying clothes, then promotions for other clothes merchants within the area can be forwarded to the user. In this manner, the systems and methods described herein can provide simple, targeted location based services for the user.
- account establishment ends after step 112, or possibly step 114.
- an application such as a digital wallet
- an application can be downloaded to the user's mobile communication device in step 116.
- the user can interface their mobile communication device with their computer in order to download the application.
- the application can be downloaded over the air to the user's mobile communication device.
- step 206 the payment authority will receive the user's mobile communication device identifier (step 108), if it has not already been received, e.g., in step 202.
- step 208 the payment authority will receive the user's PIN as selected in step 110.
- PIN creation can be a more involved process.
- step 208 will often comprise the payment authority activating a PIN generation application designed to aid the user in establishing a unique PIN. The goal of such an application can also be to generate a PIN that cannot be easily guessed and that meets other requirements such as length.
- step 210 the payment authority can receive the user's financial account information and recharge value.
- the payment authority can be configured to query financial institutions associated with the financial account information to determine whether or not the user has sufficient funds to establish and charge an account.
- the payment authority can be configured to update the account record with the information received in steps 202 to 210, and then if it is not already done so verify the account balance and transfer funds in step 214 using the financial account information and recharge value received in step 210.
- Figure 3 is a flowchart illustrating an example process by which the user can use their mobile communication device in order to engage in such transactions.
- the user can send their PIN, established in step 110, to the payment authority in step 302. Often this will comprise the user inputting their PIN via the mobile communication devices user interface, e.g., keypad.
- the mobile communication devices user interface e.g., keypad.
- the PIN can be sent via text message.
- SMS short code can be associated with the payment authority.
- the user can then input their PIN and send them a text message via the Short Message Service (SMS) system.
- SMS Short Message Service
- the text message will include the mobile communication device identifier, i.e., the Mobile Identification Number (MIN).
- MIN Mobile Identification Number
- the payment authority can use the PIN and the mobile communication device identifier to authenticate the user. If the user is authenticated, then the user will receive a transaction number via their mobile communication device.
- the payment authority can send, in step 304, a text message back to the user that includes the transaction number.
- the user's mobile communication device receives the message, it can display the transaction number on the mobile communication device display.
- the user can then provide the transaction number to the merchant in step 306 and the merchant can use the transaction number to complete the transaction and provide a receipt to the user in step 308.
- a real time account balance in also provided in step 304 so the user knows their account balance before making a purchase transaction.
- FIG. 4 is a diagram illustrating a process for completing a payment transaction from the perspective of the payment authority.
- the message authority can receive a message that includes the PIN.
- this message can comprise a text message sent via the SMS system; however, in other embodiments, the message can be sent via the Mobile Message Service (MMS) system, via mobile e-mail, or even via voice message, e.g., using voice recognition technology.
- MMS Mobile Message Service
- the payment authority can extract the mobile communication device identifier in step 404.
- the PIN and the device identifier can be used to authenticate the user in step 410. In other embodiments, further information can be used to provide even stronger multifactor authentication.
- a digital certificate can be used as an additional factor in the authentication process.
- the message is typically relayed to the payment authority through a message authority.
- a message authority For example, an SMS message is sent through a 3 rd party message authority.
- the message authority can be figured to attach a digital certificate in step 406 that can be used as an additional factor for user authentication.
- certain embodiments can use a message authority identifier as a further factor for authentication of the user.
- the message authority's network identifier such as the message authority's IP Address or other unique identifier, can be used to ensure that the message is coming from the appropriate message authority in step 408.
- the information received in steps 402 through steps 408 can be used to authenticate the user in step 410.
- the payment authority can be configured to send a transaction code to the user in step 412.
- the transaction code can comprise any data or information that can be displayed on a users, mobile communication device and that can be input into the POS systems of participating merchants.
- the transaction code is a 4, 8, etc., digit code comprising purely numbers or alphanumeric data.
- the length of the code can be variable in certain embodiments.
- the code is a 4 digit numerical code. Accordingly, once the user is authenticated, the payment authority can be configured to transmit a 4 digit numerical code back to the user's mobile communication device. The device can then display the code to the user so that the user can provide the code to the merchant.
- FIG. 5 is a flow chart illustrating an example method for completing a transaction using the code provide in step 412 from the point of view of the merchant POS system.
- the merchant will receive the transaction code from the user and input it into the POS system.
- the POS system can be configured to send the code to a transaction authority.
- the transaction authority can, for example, be a gift card or stored value card transaction processor.
- the transaction code can be processed just as any other gift card or stored value card transaction would be processed.
- the POS can be configured to forward a merchant ID, and the transaction dollar amount in step 504.
- the transaction authority can be configured to recognize the transaction code as being associated with the payment authority and forward the transaction information to the payment authority.
- the payment authority in turn should recognize the transaction code and return an approval code in step 508.
- the transaction authority can in turn forward the approval code to the originating POS in step 510, which can complete the transaction and generate a receipt in step 512.
- FIG. 6 is a diagram illustrating an example transaction completion process from the point of view of the payment authority. Accordingly, in step 602, the payment authority can receive the transaction code, merchant ID, and dollar amount from the transaction authority. In step 604, the payment authority can recognize the code and generate an approval code, which is returned to the transaction authority.
- step 606 the payment authority can store the approval code, merchant ID, and dollar amount and generate settlement instructions in step 608.
- step 610 the payment authority can execute the settlement instructions.
- the settlement instruction can instruct that the appropriate funds be sent to the respective merchant's bank accounts.
- the code can be of variable length. For example, a 4 digit code may not be sufficient at certain times or periods, to ensure that a unique code is available for every transaction occurring simultaneously. For example, the lunch or dinner hour may produce too many simultaneous transactions for a 4 digit code. Similarly, the Christmas season, for example, may result in an extended period of high transaction volume requiring more, or longer transaction codes, hi certain embodiments, the length of the transaction code can be extended to 5, 6, etc., digits in order to accommodate such high volume. [0057] It should also be noted that the idea of a simultaneous transaction depends to some degree on how long the transaction code remains valid.
- the transaction code must remain valid for some period of time to allow completion of the transaction; however, for security reasons, the transaction code should not remain active indefinitely. Accordingly, the transaction can have an associated period of validity, e.g., 15 minutes, after which it is no longer valid. Modulating this period of validity can also help reduce the number of simultaneous transaction during busy periods and allow the use of a shorter code; however, this may not be preferable as the user may not be aware of the shorter period and inadvertently allow their code to lapse. [0058] In certain embodiments, the transaction code can actually comprise certain digits generated by the payment authority and certain digits known to the user. This can allow an additional factor for authentication.
- the payment authority can generate (step 412) a 4 digit code comprising two numbers and two blanks.
- the user receives the code (step 304), they can fill in the blanks with two numbers known to the user and the payment authority.
- the payment authority subsequently receives the transaction code from the transaction authority (step 602), the payment authority will recognize the complete code as a valid code and approve the transaction.
- FIG. 7 is a diagram illustrating an example secure payment transaction system 700 configured in accordance with one embodiment.
- payment authority 712 can be configured to establish and maintain user accounts.
- a user can log-on to payment authority 712 using their personal computer 718 and establish a user account, e.g., in accordance with the processes described in relation to the process illustrated in figure 1.
- Payment authority 712 can be configured to establish and store user account 714 in accordance with the process described in relation to figure 2.
- the user will have a PIN that they can input into their mobile communication device 702 and send to payment authority 712 in order to receive a transaction code that they can use to complete a payment transaction.
- device 702 can transmit the PIN to payment authority 712 via message authority 710.
- Device 702 can send the PIN via a variety of messaging services.
- device 702 can send the PIN via a text message such as an SMS message.
- a short code can be associated with payment authority 712. These short codes are typically 5 digits.
- the user can simply send an SMS message including the PESf to the short code.
- messaging authority 710 will be a SMSC.
- device 702 can generate a message that is sent to the associated communication network 704.
- communication network 704 will generally comprise a plurality of base station 706 interface with one or more Mobile Switching Centers (MSC) 708.
- MSC Mobile Switching Centers
- the message can be received by base station 706 and forwarded to MSC 708, which can be configured to forward the message to message authority 710. e.g., the associated SMSC.
- device 702 can be configured to send the PIN via an MMS message, in which case message authority will be an MMSC.
- device 702 can be configured to send a PIN via a SkyMail message, a short mail message, via e-mail messaging, e.g., using standard protocol such as SMTP over TCP/IP, etc.
- payment authority 712 can generate a transaction code and send it back to device 702 via communication networks 704.
- further factors can be used to authenticate the user.
- the network address associated with message authority 710 can be used to authenticate that the message came from the appropriate message authority.
- message authority 710 can be configured to provide a digital certificate with the message that can be used by payment authority 712 to authenticate the validity of the message.
- payment authority can send a transaction code that included blank fields to be completed by the user as a further authentication factor.
- Transaction authority 724 can, for example, be a gift cart or shared value processing system such as the ValueTech system, TenderCard system, Discover system, FDC gift processing system, Chockstone system, the BankServe system, etc.
- Transaction authority 724 will recognize the transaction code as being associated with payment authority 712 and forward the transaction code, along with the merchant ID and transaction amount to payment authority 712. Payment authority 712 should recognize the transaction code and generate an approval code, which is sent back to POS system 722 via transaction authority 724. Once the approval code is received and processed in 722, the transaction can be completed and a receipt to be generated for the user.
- Payment authority 712 can be configured to store the approval code, merchant ID, and transaction amount and generate settlement instruction 716, which can be forwarded to financial institution 720 for settlement.
- communications network 704 can be a cellular communication network such as a GSM network, CDMA network, a 3 G network, etc.
- the various other components of system 700 can communicate using the associates network or networks, including the Internet and World Wide Web.
- the other components can communicate via one or more wired or wireless Metropolitan Area networks (MANs), one or more wired or wireless Wide Area Networks (WANs), one or more wired or wireless Local Area Networks (LANs), one or more Personal Area Networks (PANs), etc.
- MANs Metropolitan Area networks
- WANs Wide Area Networks
- LANs Local Area Networks
- PANs Personal Area Networks
- the various components are configured to communicate using the requisite communication protocols and signal schemes.
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- General Physics & Mathematics (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Development Economics (AREA)
- Economics (AREA)
- Marketing (AREA)
- Technology Law (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Mobile Radio Communication Systems (AREA)
- Cash Registers Or Receiving Machines (AREA)
Abstract
When purchasing an item or service, a user enters a PIN into their mobile communication device and send the PIN, e.g. via text message to a payment authority. The payment authority authenticates the user using at least the PIN and the mobile communication device identifier associated with the user's mobile communication device. If the user is authenticated, then the payment authority will send a transaction code back to the user, which will be displayed on the user's mobile communication device. The user can then provide the transaction code to the merchant. The merchant can enter the transaction code in to the merchant's point of sale system and complete the transaction.
Description
S P E C I F I C A T I O N
SYSTEMS AND METHOD FOR SECURE WIRELESS PAYMENT
TRANSACTIONS
RELATED APPLICATIONS INFORMATION
[0001] This application claims priority under 35 U.S. C. 119(e) to U.S.
Provisional Application Serial No. 60/759,854 filed on January 18, 2006
BACKGROUND
1. Field of the Invention
[0002] The embodiments described herein relate to using a wireless device, such as a cell phone, to pay for a transaction, and more particularly providing secure authentication for such payment transactions.
2. Background of the Invention
[0003] As contactless payment systems have become more common, there has been a recent push to enable contactless payment of transactions via a consumer's cell phone. As with contactless payment cards, cell phones are being equipped with a short range Radio Frequency Identification (RFID) chip. A wallet application is then downloaded to the cell phone and a dollar amount is stored in the wallet. To pay for a transaction, the consumer then simply waives their cell phone within a few inches of a special display found in stores that accommodate such a payment mechanism. The special display includes an RFID
reader that can access the wallet and deduct the appropriate amount via the RFID chip on the cell phone.
[0004] In one such system, the wallet can be charged up, i.e., the dollar amount can be stored in the wallet on the cell phone, by interfacing the cell phone with a special machine. Once the device is interfaced with the machine, the consumer can insert bills into the machine and the wallet on the cell phone will be charged up with the corresponding dollar amount. In other systems, once the wallet application is downloaded to the user's cell phone the user can enroll other associated services such as debit and/or credit cards for transaction payment. These contactless payment cell phones have taken the place of older systems that allow the user to pay for a transaction by punching buttons on the cell phone. Often, the charge for such transactions would then show up on the user's cell phone bill.
[0005] Such systems have several draw backs. For example, rolling out machines that interface with a cell phone and accept dollars add significant infrastructure cost for the cell phone carrier or financial institution in charge of the system. Further, seeking out such machines can be time consuming and/or inconvenient, and may limit adoption. Further, downloading applications and enrolling services may also limit adoption if the consumer feels that it is too complicated or too time consuming. Another major draw back to such systems, is the lack of secure authentication involved.
[0006] It will be understood that multifactor authentication is preferred for financial transactions. For example, the simplest form of multifactor authentication is two factor authentication in which the transaction is authenticated based on something the consumer has and something the consumer knows. The ubiquitous ATM or debit card is the best example of this. In order for an ATM or debit transaction to be successful, the user must possess their card (something the user has) and know their PIN (something the user knows). Even two factor authentication can virtually eliminate fraudulent transactions. [0007] The systems above, however, are only single factor authentication systems. In other words, the consumer simply needs to have their phone and waive it in front of the special display in order to complete a transaction. Accordingly, there is a risk that the consumer's cell phone can be stolen and then be used to make transactions.
[0008] One system tries to avoid this problem of authentication by requiring their user to input a code associated with the item to be purchased and then transmit the code to a pre-defined number, e.g., via a text message. The predetermined number is associated with a payment system and when the message including the code is received, it will trigger an operator to call the user's cell phone in order to confirm the order. The consumer can then be required to provide a secret PIN to the operator in order to complete the transaction. While
such a system may provide better authentication, it eliminates the convenience of fast, contactless payment.
SUMMARY
[0009] A secured transaction payment system allows a user to use their mobile communication device to complete payment transactions. The user first sets up a prepaid account and selects a Personal Identification Number (PIN). An identifier that identifies the user's mobile communication device is then associated with the PIN. When the user wishes to complete a payment transaction using their mobile communication device, the user inputs the PIN into the device and sends it, e.g., via a text message, to a pre-determined number, such as a 5 digit short code.
[0010] The pre-determined number is associated with the payment authority on which the user's account is stored. When the payment authority receives the PIN, the message will also include the user's device identifier. The payment authority can then check the PIN and device identifier in order to authenticate the user. If the user is authenticated, then the payment authority will transmit a transaction code back to the user. The user will receive the transaction code on their mobile communication device and can provide the transaction code to the merchant.
[0011] The merchant can then enter the transaction code into their Point
Of Sale (POS) system. The POS system can then transmit the transaction code, a
merchant ID, and the transaction dollar amount to the payment authority. When the payment authority recognizes the transaction code, it will check the user's account to make sure that sufficient funds are available to cover the dollar amount, and if so will transmit an approval code back to the POS system. When the POS system receives the approval code, the transaction can be completed and a receipt will be generated for the user.
[0012] Accordingly, the system provides multifactor authentication by requiring the PIN (something the user knows) and the device identifier
(something the user has).
[0013] For example, when the user transmits their PIN, the message is first routed through a message authority. Accordingly, when the message is finally received by the payment authority it can also include an identifier that identifies the message authority. This identifier can also be used in the authentication process to ensure that the message is actually being received from the correct message authority.
[0014] hi another aspect, the message authority can be required to provide a digital certificate to provide a further factor for authentication.
[0015] In still anther aspect, the transaction code sent back to the user can include blanks, or X's that are to be filled in with numbers or data known to the user. In other words, if the transaction is, e.g., a four-digit number, then the payment authority can transmit two of the numbers and leave two of the numbers
blank. The user can then complete the four-digit code using two numbers known to the user. In addition to knowing the user's PIN, the payment authority will also know the two numbers known to the user. Accordingly, when the transaction code is then transmitted back to the payment authority via the POS system, the payment authority will be able to verify the code as a correct code.
[0016] In still another embodiment, the length of the transaction code can be variable based on a certain time, date, etc., in order to avoid the possibility that the same code would be sent to more than one consumer at the same time. For example, if transaction volume increases significantly at lunch time, then, e.g., a four-digit code may not provide enough distinct codes for every simultaneous transaction. In such instances, the length of the code can be extended, e.g., to five digits in order to avoid this situation.
[0017] In still another embodiment, the transaction code can be valid for a set period of time, e.g., 15 minutes, in order to prevent a fraudulent transaction if the user's mobile communication device is left unattended before completing the transaction.
[0018] These and other features, aspects, and embodiments of the invention are described below in the section entitled "Detailed Description."
BRIEF DESCRIPTION OF THE DRAWINGS
[0019] Features, aspects, and embodiments of the inventions are described in conjunction with the attached drawings, in which:
[0020] Figure 1 is a flowchart illustrating an example method of a user establishing a payment account on a payment authority in accordance with one embodiment;
[0021] Figure 2 is a flowchart illustrating an example method of a payment authority receiving user information and establishing a payment account for the user in accordance with one embodiment;
[0022] Figure 3 is a flowchart illustrating an example method of a user using that mobile communication device to complete a payment transaction in accordance with one embodiment;
[0023] Figure 4 is a flowchart illustrating an example method for authenticating a payment transaction in accordance with one embodiment;
[0024] Figure 5 is a diagram illustrating an example method for completing a payment transaction on a point of sale which can be abbreviated
POS system;
[0025] Figure 6 is a diagram illustrating an example method for proving a payment transaction in accordance with one embodiment; and
[0026] Figure 7 is a diagram illustrating an example payment authentication system in accordance with one embodiment.
DETAILED DESCRIPTION
[0027] In the systems and methods described below, secure wireless payment transactions can be completed by requiring a user to send a message to a
pre-determined number and input a PIN associated with the user's account. The PESf is transmitted, e.g., via a text message, to a payment authority, which can authenticate the user based on the PIN the user provided in an identifier identifying the user's mobile communication device. For example, when a mobile communication device initiates a communication, whether the communication is a text message, voice call, mobile e-mail, etc., the message usually includes the mobile communication device number, e.g., the telephone number associated with the mobile communication device. Accordingly, the payment authority can use the PIN provided by the user and the mobile communication device identifier included in the message to authenticate the user. This provides two factor authentication since the user must have their mobile communication device and know their PIN.
[0028] The term mobile communication device is intended to include a cell phone, smart phone, Personal Data Assistant (PDA) with wireless communication capabilities, a portable digital music player with wireless communication capabilities, or any portable device that includes wireless communication capabilities. At the core of a system configured to implement the functions described herein is a payment authority. The term "authority" as used herein is intended to refer to all the resources, i.e., hardware and software, needed to perform the associated functions described herein. Thus, for example, the term "authority" is intended to encompass all of the processors, servers, routers,
databases, user interfaces, APIs, communications interfaces, and applications needed to perform the functions described below.
[0029] A payment authority can be configured to set up and maintain user accounts for use in secure wireless payment transactions. A payment authority is also responsible for authenticating and approving user transactions. Figures 1 through 6 illustrate flowcharts that describe example methods for setting up a user account and using the user account for secure wireless payment transactions. Figure 7 is a diagram illustrating an example of a secure wireless payment transaction system in accordance with one embodiment.
[0030] Figure 1 is a flowchart illustrating an example process for establishing an account on a payment authority in accordance with one embodiment described herein. First, in step 102, a user can access the payment authority to establish an account. For example, in certain embodiments, the user can access the payment authority via a homepage on the worldwide web. Depending on the embodiment, the user can access the homepage using their computer and/or their mobile communication device.
[0031] In step 104, the user can supply a user name and password. For example, the user can be asked to generate a unique username and password in step 104. In certain other embodiments, however, the user's user name can be the user's mobile communication device identifier, e.g., the user's mobile communication device 10 digit telephone number. Further, the user can be asked
to generate a unique password, or the password can be generated by the system. For example, in one embodiment, the user's password is sent to the user's mobile communication device. Thus, the password entered in step 104 is the password the user received on the user's device. This can help verify the user's mobile communication device identifier.
[0032] In step 106, the user can then provide their financial account information. This financial account information will be used to charge the user's account as described below.
[0033] In step 108, the user can then provide their mobile communication device identifier, i.e., telephone number, if not already provided, e.g., in step 104. [0034] The PIN will often comprise a series of digits, such as numbers or alphanumeric digits. Since today's mobile communication devices can include sophisticated keyboards and text entry methods, the PIN selected in step 110 can comprised a variety of symbols, characters, data, etc; however, to ensure that the PINs operate over the broadest range of mobile communication devices, the digits comprising the PIN established in step 110 should be limited to data that can be input via a simple telephone keypad. Accordingly, the digits comprising the PIN established in step 110 should be limited to the numbers 0-9 and/or letters A-Z, which are often associated with numbers on a simple cellular phone keypad as will be understood.
[0035] In step 112, the user can select a recharge option indicating to what level the account should be charged using the financial account information provided in step 106. For example, the user can select to charge their account to $100 and to automatically recharge the account to $100 whenever the account balance drops below $20. Alternatively, the user can opt for manual recharging, which would require the user to log-on and recharge the account as needed. In other embodiments, the user can select to charge their account based on a predetermined frequency, e.g., every week, 2 weeks or every month. It should be noted, however, that the frequency recharging option should also include a start date and a stop date. Simple and obvious variations, combinations, are alternatives to these recharging options will be apparent and can all be used with the systems and methods described herein.
[0036] In certain embodiments, the user can enter, or select promotions in step 114. For example, the user may have received an incentive or promotion to establish an account. Such an incentive or promotion could be an initial, e.g., $10 charge up of the account, or a discount at a participating merchant. The incentive or promotion can be associated with a promotion code which the user can input in step 114 in order to obtain the incentive or promotion. Alternatively, in certain embodiments, the user can select from a list of promotions during account establishment. Selection of the promotion in step 114 can comprise an opt-in selection. In other words, the user can opt-in to receive via their mobile
communication device promotion such as discounts or coupons to participating merchants.
[0037] In certain embodiments, the promotions can be location-based promotions or services. For example, as explained below, when the user is engaged in a transaction, the merchant provides a merchant identifier to the payment authority. The payment authority can use this merchant identifier to determine the location of the user. Promotions for merchants in the area, such as discounts, coupons, sales, etc. can then be sent to the user via the user's mobile communication device. Moreover, the promotions can be selected based on the type of transaction being engaged in by the user. For example, if the user is buying clothes, then promotions for other clothes merchants within the area can be forwarded to the user. In this manner, the systems and methods described herein can provide simple, targeted location based services for the user. [0038] In most embodiments, account establishment ends after step 112, or possibly step 114. In certain embodiments, however, an application, such as a digital wallet, can be downloaded to the user's mobile communication device in step 116. In such instances, the user can interface their mobile communication device with their computer in order to download the application. Alternatively, the application can be downloaded over the air to the user's mobile communication device.
[0039] Referring to Figure 2, an example process for account establishment is illustrated from the perspective of the payment authority. Thus, in step 202, the payment authority will receive the user name and password (as provided in step 104) and will establish an account record in step 204. In step 206, the payment authority will receive the user's mobile communication device identifier (step 108), if it has not already been received, e.g., in step 202. In step 208, the payment authority will receive the user's PIN as selected in step 110. [0040] It should be noted that PIN creation can be a more involved process. For example, step 208 will often comprise the payment authority activating a PIN generation application designed to aid the user in establishing a unique PIN. The goal of such an application can also be to generate a PIN that cannot be easily guessed and that meets other requirements such as length. [0041] In step 210, the payment authority can receive the user's financial account information and recharge value. In certain embodiments, the payment authority can be configured to query financial institutions associated with the financial account information to determine whether or not the user has sufficient funds to establish and charge an account. In step 212, the payment authority can be configured to update the account record with the information received in steps 202 to 210, and then if it is not already done so verify the account balance and transfer funds in step 214 using the financial account information and recharge value received in step 210.
[0042] Now that the user's account has been established, the user is set to use their mobile communication device for secure wireless payment transactions. Figure 3 is a flowchart illustrating an example process by which the user can use their mobile communication device in order to engage in such transactions. When the user has selected an item at a participating merchant and is ready to pay, the user can send their PIN, established in step 110, to the payment authority in step 302. Often this will comprise the user inputting their PIN via the mobile communication devices user interface, e.g., keypad.
[0043] In certain embodiments, the PIN can be sent via text message. For example, an SMS short code can be associated with the payment authority. The user can then input their PIN and send them a text message via the Short Message Service (SMS) system. As explained above, the text message will include the mobile communication device identifier, i.e., the Mobile Identification Number (MIN). The payment authority can use the PIN and the mobile communication device identifier to authenticate the user. If the user is authenticated, then the user will receive a transaction number via their mobile communication device. For example, the payment authority can send, in step 304, a text message back to the user that includes the transaction number. When the user's mobile communication device receives the message, it can display the transaction number on the mobile communication device display.
[0044] The user can then provide the transaction number to the merchant in step 306 and the merchant can use the transaction number to complete the transaction and provide a receipt to the user in step 308.
[0045] In certain embodiments, a real time account balance in also provided in step 304 so the user knows their account balance before making a purchase transaction.
[0046] Figure 4 is a diagram illustrating a process for completing a payment transaction from the perspective of the payment authority. First, in step 402, the message authority can receive a message that includes the PIN. As explained above, this message can comprise a text message sent via the SMS system; however, in other embodiments, the message can be sent via the Mobile Message Service (MMS) system, via mobile e-mail, or even via voice message, e.g., using voice recognition technology. Once the message is received the payment authority can extract the mobile communication device identifier in step 404. In certain embodiments, the PIN and the device identifier can be used to authenticate the user in step 410. In other embodiments, further information can be used to provide even stronger multifactor authentication. For example, in certain embodiments, a digital certificate can be used as an additional factor in the authentication process. When the message is sent by the user in step 302, the message is typically relayed to the payment authority through a message authority. For example, an SMS message is sent through a 3rd party message
authority. Thus, the message authority can be figured to attach a digital certificate in step 406 that can be used as an additional factor for user authentication. [0047] Additionally, or in the alternative, certain embodiments can use a message authority identifier as a further factor for authentication of the user. In other words, since the message authority and payment authority are interfaced over a network, the message authority's network identifier, such as the message authority's IP Address or other unique identifier, can be used to ensure that the message is coming from the appropriate message authority in step 408. [0048] As noted, the information received in steps 402 through steps 408 can be used to authenticate the user in step 410. Once authenticated, the payment authority can be configured to send a transaction code to the user in step 412. [0049] The transaction code can comprise any data or information that can be displayed on a users, mobile communication device and that can be input into the POS systems of participating merchants. In certain embodiments, for example, the transaction code is a 4, 8, etc., digit code comprising purely numbers or alphanumeric data. As explained below, the length of the code can be variable in certain embodiments.
[0050] In one specific implementation, the code is a 4 digit numerical code. Accordingly, once the user is authenticated, the payment authority can be configured to transmit a 4 digit numerical code back to the user's mobile
communication device. The device can then display the code to the user so that the user can provide the code to the merchant.
[0051] Figure 5 is a flow chart illustrating an example method for completing a transaction using the code provide in step 412 from the point of view of the merchant POS system. First, in step 502, the merchant will receive the transaction code from the user and input it into the POS system. In step 504, the POS system can be configured to send the code to a transaction authority. The transaction authority can, for example, be a gift card or stored value card transaction processor. Thus, the transaction code can be processed just as any other gift card or stored value card transaction would be processed.
[0052] Along with the transaction code, the POS can be configured to forward a merchant ID, and the transaction dollar amount in step 504.
[0053] In step 506, the transaction authority can be configured to recognize the transaction code as being associated with the payment authority and forward the transaction information to the payment authority. The payment authority in turn should recognize the transaction code and return an approval code in step 508. The transaction authority can in turn forward the approval code to the originating POS in step 510, which can complete the transaction and generate a receipt in step 512.
[0054] Figure 6 is a diagram illustrating an example transaction completion process from the point of view of the payment authority.
Accordingly, in step 602, the payment authority can receive the transaction code, merchant ID, and dollar amount from the transaction authority. In step 604, the payment authority can recognize the code and generate an approval code, which is returned to the transaction authority.
[0055] hi step 606, the payment authority can store the approval code, merchant ID, and dollar amount and generate settlement instructions in step 608. In step 610, the payment authority can execute the settlement instructions. The settlement instruction can instruct that the appropriate funds be sent to the respective merchant's bank accounts.
[0056] In certain embodiments, the code can be of variable length. For example, a 4 digit code may not be sufficient at certain times or periods, to ensure that a unique code is available for every transaction occurring simultaneously. For example, the lunch or dinner hour may produce too many simultaneous transactions for a 4 digit code. Similarly, the Christmas season, for example, may result in an extended period of high transaction volume requiring more, or longer transaction codes, hi certain embodiments, the length of the transaction code can be extended to 5, 6, etc., digits in order to accommodate such high volume. [0057] It should also be noted that the idea of a simultaneous transaction depends to some degree on how long the transaction code remains valid. It should be apparent that the transaction code must remain valid for some period of time to allow completion of the transaction; however, for security reasons, the
transaction code should not remain active indefinitely. Accordingly, the transaction can have an associated period of validity, e.g., 15 minutes, after which it is no longer valid. Modulating this period of validity can also help reduce the number of simultaneous transaction during busy periods and allow the use of a shorter code; however, this may not be preferable as the user may not be aware of the shorter period and inadvertently allow their code to lapse. [0058] In certain embodiments, the transaction code can actually comprise certain digits generated by the payment authority and certain digits known to the user. This can allow an additional factor for authentication. For example, the payment authority can generate (step 412) a 4 digit code comprising two numbers and two blanks. When the user receives the code (step 304), they can fill in the blanks with two numbers known to the user and the payment authority. When the payment authority subsequently receives the transaction code from the transaction authority (step 602), the payment authority will recognize the complete code as a valid code and approve the transaction.
[0059] Figure 7 is a diagram illustrating an example secure payment transaction system 700 configured in accordance with one embodiment. At the heart of system 700 is payment authority 712. As described above, payment authority 712 can be configured to establish and maintain user accounts. Thus for example, a user can log-on to payment authority 712 using their personal computer 718 and establish a user account, e.g., in accordance with the processes
described in relation to the process illustrated in figure 1. Payment authority 712 can be configured to establish and store user account 714 in accordance with the process described in relation to figure 2.
[0060] Once a user's account is established, the user will have a PIN that they can input into their mobile communication device 702 and send to payment authority 712 in order to receive a transaction code that they can use to complete a payment transaction. When the user inputs the PIN into device 702, device 702 can transmit the PIN to payment authority 712 via message authority 710. [0061] Device 702 can send the PIN via a variety of messaging services.
For example, in one embodiment, device 702 can send the PIN via a text message such as an SMS message. Further, in certain embodiments a short code can be associated with payment authority 712. These short codes are typically 5 digits. Thus, the user can simply send an SMS message including the PESf to the short code. In such instances, messaging authority 710 will be a SMSC. [0062] Thus, device 702 can generate a message that is sent to the associated communication network 704. It will be understood that communication network 704 will generally comprise a plurality of base station 706 interface with one or more Mobile Switching Centers (MSC) 708. The message can be received by base station 706 and forwarded to MSC 708, which can be configured to forward the message to message authority 710. e.g., the associated SMSC. In other embodiments, device 702 can be configured to send
the PIN via an MMS message, in which case message authority will be an MMSC. In still other embodiments, device 702 can be configured to send a PIN via a SkyMail message, a short mail message, via e-mail messaging, e.g., using standard protocol such as SMTP over TCP/IP, etc.
[0063] Once payment authority 712 has validated the user using the PIN sent via device 702 and the mobile identifier included in the message, payment authority 712 can generate a transaction code and send it back to device 702 via communication networks 704. As noted above, in certain embodiments, further factors can be used to authenticate the user. For example, the network address associated with message authority 710 can be used to authenticate that the message came from the appropriate message authority. Further, message authority 710 can be configured to provide a digital certificate with the message that can be used by payment authority 712 to authenticate the validity of the message. In still other embodiments, payment authority can send a transaction code that included blank fields to be completed by the user as a further authentication factor.
[0064] Once the user receives the transaction code, the user can provide the transaction code to the merchant who will input the transaction code into the merchant's POS system 722. POS system 722 will then send the transaction code to payment authority 712 via transaction authority 724. Transaction authority 724 can, for example, be a gift cart or shared value processing system such as the
ValueTech system, TenderCard system, Discover system, FDC gift processing system, Chockstone system, the BankServe system, etc.
[0065] Transaction authority 724 will recognize the transaction code as being associated with payment authority 712 and forward the transaction code, along with the merchant ID and transaction amount to payment authority 712. Payment authority 712 should recognize the transaction code and generate an approval code, which is sent back to POS system 722 via transaction authority 724. Once the approval code is received and processed in 722, the transaction can be completed and a receipt to be generated for the user.
[0066] Payment authority 712 can be configured to store the approval code, merchant ID, and transaction amount and generate settlement instruction 716, which can be forwarded to financial institution 720 for settlement. [0067] It will be understood that communications network 704 can be a cellular communication network such as a GSM network, CDMA network, a 3 G network, etc. Further, it will be understood that the various other components of system 700 can communicate using the associates network or networks, including the Internet and World Wide Web. For example, the other components can communicate via one or more wired or wireless Metropolitan Area networks (MANs), one or more wired or wireless Wide Area Networks (WANs), one or more wired or wireless Local Area Networks (LANs), one or more Personal Area Networks (PANs), etc. Further, it will be understood that the various components
are configured to communicate using the requisite communication protocols and signal schemes.
[0068] While certain embodiments of the inventions have been described above, it will be understood that the embodiments described are by way of example only. Accordingly, the inventions should not be limited based on the described embodiments. Rather, the scope of the inventions described herein should only be limited in light of the claims that follow when taken in conjunction with the above description and accompanying drawings.
Claims
1. A secure wireless payment transaction system comprises a payment authority, the payment authority configured to: receive a Personal Identification Number (PIN) in a message that is sent from a mobile communication device; receive a mobile communication device identifier identifying the mobile communication device with the message; and authenticate a transaction based on the PIN and the mobile communication device identifier; generate a transaction code if the transaction is authenticated; and return the transaction code to the mobile communication device.
2. The secure wireless payment transaction system of claim 1, wherein the mobile communication device identifier is a Mobile Identification Number (MIN) associated with the mobile communication device.
3. The secure wireless payment transaction system of claim 1 , wherein the transaction code is a 4 digit code.
4. The secure wireless payment transaction system of claim 1, wherein the transaction code is a 8 digit code.
5. The secure wireless payment transaction system of claim 1 , wherein the transaction code includes blanks that are to be filled in using digits known to a user and to the payment authority.
6. The secure wireless payment transaction system of claim 1 , wherein the length of the transaction code is variable.
7. The secure wireless payment transaction system of claim 1, further comprising a message authority configured to relay the message to the payment authority.
8. The secure wireless payment transaction system of claim 7, wherein the message authority is configured to provide a digital certificate to the payment authority, and wherein the payment authority is further configured to use the digital certificate to authenticate the transaction.
9. The secure wireless payment transaction system of claim 7, wherein the payment authority is further configured to use a network identifier associated with the message authority to authenticate the transaction.
10. The secure wireless payment transaction system of claim 1, wherein the payment authority is configured to receive the transaction code, a merchant identifier, and a transaction amount from a Point Of Sale (POS) system, and wherein the payment authority is configured to approve the transaction using the transaction code, a merchant identifier, and a transaction amount.
11. The secure wireless payment transaction system of claim 10, wherein approving the transaction comprises determining if a user account associated with the transaction has sufficient funds to cover the transaction amount.
12. The secure wireless payment transaction system of claim 10, wherein the payment authority is further configured to generate an approval code if the transaction is approved, and send the approval code to the POS system.
13. The secure wireless payment transaction system of claim 10, wherein the payment authority is further configured to store the approval code, merchant ED, and transaction account and to generate settlement instructions for the transaction.
14. The secure wireless payment transaction system of claim 13, wherein the payment authority is further configured to execute the settlement instructions.
15. The secure wireless payment transaction system of claim 1, wherein the message is a text message.
16. The secure wireless payment transaction system of claim 1, wherein the message is a Short Message Service (SMS) message.
17. The secure wireless payment transaction system of claim 16, wherein the SMS message was sent to via a short code.
18. The secure wireless payment transaction system of claim 1 , wherein the payment authority is further configured to return a real time account balance with the transaction code.
19. A method for secure wireless transaction, comprising: receiving a Personal Identification Number (PIN) in a message that is sent from a mobile communication device; receiving a mobile communication device identifier identifying the mobile communication device with the message; and authenticating a transaction based on the PIN and the mobile communication device identifier; generating a transaction code if the transaction is authenticated; and returning the transaction code to the mobile communication device.
20. The method of claim 19, wherein receiving a mobile communication device identifier comprises receiving a Mobile Identification Number (MIN) associated with the mobile communication device.
21. The method of claim 19, wherein generating a transaction code comprises generating a 4 digit code.
22. The method of claim 19, wherein generating a transaction code comprises generating a 8 digit code.
23. The method of claim 19, wherein generating a transaction code comprises generating a transaction code that includes blanks that are to be filled in using digits known to a user and to the payment authority.
24. The method of claim 19, wherein the length of the transaction code is variable.
25. The method of claim 19, further comprising receiving a digital certificate, and wherein authenticating the transaction further comprises authenticating the transaction based on the digital certificate.
26. The method of claim 19, further comprising using a network identifier associated with a message authority configured to relay the massage to authenticate the transaction.
27. The method of claim 19, further comprising receiving the transaction code, a merchant identifier, and a transaction amount from a Point OfSaIe (POS) system, and approving the transaction using the transaction code, a merchant identifier, and a transaction amount.
28. The method of claim 27, wherein approving the transaction comprises determining if a user account associated with the transaction has sufficient funds to cover the transaction amount.
29. The method of claim 27, further comprising generating an approval code if the transaction is approved, and sending the approval code to the POS system.
30. The method of claim 27, further comprising storing the approval code, merchant ID, and transaction account and generating settlement instructions for the transaction.
31. The method of claim 30, further comprising executing the settlement instructions.
32. The method of claim 19, further comprising returning a real time account balance with the transaction code.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP08705998A EP2122557A4 (en) | 2007-01-18 | 2008-01-18 | Systems and method for secure wireless payment transactions |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/624,620 | 2007-01-18 | ||
US11/624,620 US7657489B2 (en) | 2006-01-18 | 2007-01-18 | Systems and method for secure wireless payment transactions |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2008089383A2 true WO2008089383A2 (en) | 2008-07-24 |
WO2008089383A3 WO2008089383A3 (en) | 2008-09-25 |
Family
ID=39636721
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2008/051395 WO2008089383A2 (en) | 2007-01-18 | 2008-01-18 | Systems and method for secure wireless payment transactions |
Country Status (3)
Country | Link |
---|---|
US (2) | US7657489B2 (en) |
EP (1) | EP2122557A4 (en) |
WO (1) | WO2008089383A2 (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7657489B2 (en) | 2006-01-18 | 2010-02-02 | Mocapay, Inc. | Systems and method for secure wireless payment transactions |
GB2463299A (en) * | 2008-08-29 | 2010-03-10 | Etranzact Global Ltd | Authenticating a transaction using a one-time pass code generated on a mobile device |
GB2466038A (en) * | 2008-12-09 | 2010-06-16 | Alexzandre Anthony Capurro | Authorisation of cashless payment using SMS |
US8374588B2 (en) | 2008-06-02 | 2013-02-12 | Mocapay, Inc. | Method and system for sending marketing messages to mobile-device users from a mobile-commerce platform |
WO2013054074A2 (en) * | 2011-10-12 | 2013-04-18 | Technology Business Management Limited | Id authentication |
US8463674B2 (en) | 2008-01-03 | 2013-06-11 | Mocapay, Inc. | System and method for distributing mobile gift cards |
WO2013062459A3 (en) * | 2011-10-26 | 2013-07-11 | Mopper Ab | Method and arrangement for secure transactions between mobile terminals |
US8744940B2 (en) | 2008-01-03 | 2014-06-03 | William O. White | System and method for distributing mobile compensation and incentives |
US9210573B2 (en) | 2011-12-27 | 2015-12-08 | Infosys Limited | Method and apparatus for registering a computing device with a service provider |
US9832649B1 (en) | 2011-10-12 | 2017-11-28 | Technology Business Management, Limted | Secure ID authentication |
Families Citing this family (153)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8571975B1 (en) | 1999-11-24 | 2013-10-29 | Jpmorgan Chase Bank, N.A. | System and method for sending money via E-mail over the internet |
US8019362B2 (en) * | 2003-02-07 | 2011-09-13 | Sybase 365, Inc. | Universal short code administration facility |
US8412566B2 (en) | 2003-07-08 | 2013-04-02 | Yt Acquisition Corporation | High-precision customer-based targeting by individual usage statistics |
US8447700B2 (en) * | 2005-10-11 | 2013-05-21 | Amazon Technologies, Inc. | Transaction authorization service |
US8352376B2 (en) * | 2005-10-11 | 2013-01-08 | Amazon Technologies, Inc. | System and method for authorization of transactions |
US8352323B2 (en) * | 2007-11-30 | 2013-01-08 | Blaze Mobile, Inc. | Conducting an online payment transaction using an NFC enabled mobile communication device |
US20070255662A1 (en) * | 2006-03-30 | 2007-11-01 | Obopay Inc. | Authenticating Wireless Person-to-Person Money Transfers |
US20080032741A1 (en) * | 2006-03-30 | 2008-02-07 | Obopay | Programmable Functionalities for Mobile Consumer Communications Devices with Identification-Modules |
US8532021B2 (en) * | 2006-03-30 | 2013-09-10 | Obopay, Inc. | Data communications over voice channel with mobile consumer communications devices |
US20070244811A1 (en) * | 2006-03-30 | 2007-10-18 | Obopay Inc. | Mobile Client Application for Mobile Payments |
US8249965B2 (en) * | 2006-03-30 | 2012-08-21 | Obopay, Inc. | Member-supported mobile payment system |
BRPI0710021A2 (en) * | 2006-03-30 | 2011-08-02 | Obopay Inc | mobile individualized payment system |
US7512567B2 (en) * | 2006-06-29 | 2009-03-31 | Yt Acquisition Corporation | Method and system for providing biometric authentication at a point-of-sale via a mobile device |
EP2092474A4 (en) | 2006-10-17 | 2011-09-28 | Yt Acquisition Corp | A method of distributing information via mobile devices and enabling its use at a point of transaction |
US20080114699A1 (en) * | 2006-11-13 | 2008-05-15 | Gong Yi Yuan | System, hardware and method for mobile pos payment |
JP4274242B2 (en) * | 2006-12-28 | 2009-06-03 | ブラザー工業株式会社 | Processing execution device and telephone number registration device |
CA2675034A1 (en) * | 2007-01-09 | 2008-07-17 | Visa U.S.A. Inc. | Contactless transaction |
US20090287601A1 (en) * | 2008-03-14 | 2009-11-19 | Obopay, Inc. | Network-Based Viral Payment System |
US20100063935A1 (en) * | 2007-03-30 | 2010-03-11 | Obopay, Inc. | Multi-Factor Authorization System and Method |
US20090319425A1 (en) * | 2007-03-30 | 2009-12-24 | Obopay, Inc. | Mobile Person-to-Person Payment System |
US8768778B2 (en) | 2007-06-29 | 2014-07-01 | Boku, Inc. | Effecting an electronic payment |
US20090063312A1 (en) * | 2007-08-28 | 2009-03-05 | Hurst Douglas J | Method and System for Processing Secure Wireless Payment Transactions and for Providing a Virtual Terminal for Merchant Processing of Such Transactions |
US7729989B1 (en) | 2007-09-19 | 2010-06-01 | Amazon Technologies, Inc. | Method and apparatus for message correction in a transaction authorization service |
US8239326B1 (en) * | 2007-09-19 | 2012-08-07 | Amazon Technologies, Inc. | Method and apparatus for authorizing transactions using transaction phrases in a transaction authorization service |
US7774076B2 (en) * | 2007-10-29 | 2010-08-10 | First Data Corporation | System and method for validation of transactions |
US20090138390A1 (en) * | 2007-11-26 | 2009-05-28 | Mastercard International, Inc. | Financial Transaction Message Exchange System |
US9424562B2 (en) * | 2007-11-30 | 2016-08-23 | U.S. Bank National Association | Profile-based arrangements and methods for disparate network systems |
US7958052B2 (en) * | 2007-12-31 | 2011-06-07 | Mastercard International Incorporated | Methods and systems for cardholder initiated transactions |
GB2457445A (en) * | 2008-02-12 | 2009-08-19 | Vidicom Ltd | Verifying payment transactions |
US8577804B1 (en) * | 2008-02-20 | 2013-11-05 | Collective Dynamics LLC | Method and system for securing payment transactions |
US9852426B2 (en) | 2008-02-20 | 2017-12-26 | Collective Dynamics LLC | Method and system for secure transactions |
US11816665B2 (en) | 2008-02-20 | 2023-11-14 | Stripe, Inc. | Method and system for multi-modal transaction authentication |
US20090281904A1 (en) * | 2008-04-02 | 2009-11-12 | Pharris Dennis J | Mobile telephone transaction systems and methods |
GB0809383D0 (en) | 2008-05-23 | 2008-07-02 | Vidicom Ltd | Customer to supplier funds transfer |
GB0809382D0 (en) * | 2008-05-23 | 2008-07-02 | Vidicom Ltd | Funds transfer electronically |
GB0809386D0 (en) * | 2008-05-23 | 2008-07-02 | Vidicom Ltd | Transferring funds electronically |
GB0809381D0 (en) | 2008-05-23 | 2008-07-02 | Vidicom Ltd | Funds transfer electronically |
US8307412B2 (en) | 2008-10-20 | 2012-11-06 | Microsoft Corporation | User authentication management |
US8522010B2 (en) * | 2008-10-20 | 2013-08-27 | Microsoft Corporation | Providing remote user authentication |
US8185443B2 (en) * | 2008-10-27 | 2012-05-22 | Ebay, Inc. | Method and apparatus for authorizing a payment via a remote device |
US20100115600A1 (en) * | 2008-11-05 | 2010-05-06 | Appsware Wireless, Llc | Method and system for securing data from an external network to a point of sale device |
US8966610B2 (en) * | 2008-11-05 | 2015-02-24 | Apriva, Llc | Method and system for securing data from a non-point of sale device over an external network |
US20100115127A1 (en) * | 2008-11-05 | 2010-05-06 | Appsware Wireless, Llc | Method and system for securing data from a non-point of sale device over a lan |
US20100115599A1 (en) * | 2008-11-05 | 2010-05-06 | Appsware Wireless, Llc | Method and system for securing data from a point of sale device over an external network |
US20100114723A1 (en) * | 2008-11-05 | 2010-05-06 | Appsware Wireless, Llc | Method and system for providing a point of sale network within a lan |
US20100115624A1 (en) * | 2008-11-05 | 2010-05-06 | Appsware Wireless, Llc | Method and system for securing data from a point of sale device over a lan |
US9652761B2 (en) | 2009-01-23 | 2017-05-16 | Boku, Inc. | Systems and methods to facilitate electronic payments |
US8041639B2 (en) * | 2009-01-23 | 2011-10-18 | Vidicom Limited | Systems and methods to facilitate online transactions |
US8116730B2 (en) * | 2009-01-23 | 2012-02-14 | Vidicom Limited | Systems and methods to control online transactions |
US8548426B2 (en) | 2009-02-20 | 2013-10-01 | Boku, Inc. | Systems and methods to approve electronic payments |
US9990623B2 (en) | 2009-03-02 | 2018-06-05 | Boku, Inc. | Systems and methods to provide information |
US8700530B2 (en) | 2009-03-10 | 2014-04-15 | Boku, Inc. | Systems and methods to process user initiated transactions |
US9230259B1 (en) | 2009-03-20 | 2016-01-05 | Jpmorgan Chase Bank, N.A. | Systems and methods for mobile ordering and payment |
US8160943B2 (en) | 2009-03-27 | 2012-04-17 | Boku, Inc. | Systems and methods to process transactions based on social networking |
US8224727B2 (en) | 2009-05-27 | 2012-07-17 | Boku, Inc. | Systems and methods to process transactions based on social networking |
US9886693B2 (en) * | 2009-03-30 | 2018-02-06 | Yuh-Shen Song | Privacy protected anti identity theft and payment network |
US20110225045A1 (en) * | 2009-03-30 | 2011-09-15 | Yuh-Shen Song | Paperless Coupon Transactions System |
US20100257067A1 (en) * | 2009-04-01 | 2010-10-07 | Tai Man Chan | Remote web service appliance for point of sale actions |
US8131258B2 (en) | 2009-04-20 | 2012-03-06 | Boku, Inc. | Systems and methods to process transaction requests |
US9595028B2 (en) | 2009-06-08 | 2017-03-14 | Boku, Inc. | Systems and methods to add funds to an account via a mobile communication device |
US9697510B2 (en) | 2009-07-23 | 2017-07-04 | Boku, Inc. | Systems and methods to facilitate retail transactions |
US20130006479A1 (en) * | 2009-07-30 | 2013-01-03 | Anderson Gerald G | Microchip System and Method for Operating a Locking Mechanism and for Cashless Transactions |
US9519892B2 (en) | 2009-08-04 | 2016-12-13 | Boku, Inc. | Systems and methods to accelerate transactions |
US8116732B2 (en) * | 2009-08-05 | 2012-02-14 | Oto Technologies, Llc | Routing mobile users to secure locations based on transaction type |
US9864991B2 (en) * | 2009-09-22 | 2018-01-09 | Murphy Oil Usa, Inc. | Method and apparatus for secure transaction management |
US8660911B2 (en) | 2009-09-23 | 2014-02-25 | Boku, Inc. | Systems and methods to facilitate online transactions |
US8224709B2 (en) | 2009-10-01 | 2012-07-17 | Boku, Inc. | Systems and methods for pre-defined purchases on a mobile communication device |
US8321285B1 (en) | 2009-10-05 | 2012-11-27 | Mocapay, Inc. | Method and system for routing transactions to a mobile-commerce platform |
CA2818958A1 (en) * | 2009-11-18 | 2011-05-26 | Magid Joseph Mina | Anonymous transaction payment systems and methods |
US8429047B2 (en) * | 2009-12-02 | 2013-04-23 | Mocapay, Inc. | System and method for merging mobile gift cards |
US8412626B2 (en) | 2009-12-10 | 2013-04-02 | Boku, Inc. | Systems and methods to secure transactions via mobile devices |
EP2521992A4 (en) * | 2010-01-07 | 2013-09-04 | Accells Technologies 2009 Ltd | System and method for performing a transaction responsive to a mobile device |
US8566188B2 (en) | 2010-01-13 | 2013-10-22 | Boku, Inc. | Systems and methods to route messages to facilitate online transactions |
CN102985885B (en) * | 2010-03-22 | 2016-11-23 | 艾菲尼迪公司 | For based on the neighbouring system of point-to-point payment transaction, Apparatus and method for |
US8140403B2 (en) | 2010-03-23 | 2012-03-20 | Amazon Technologies, Inc. | User profile and geolocation for efficient transactions |
US20110238476A1 (en) * | 2010-03-23 | 2011-09-29 | Michael Carr | Location-based Coupons and Mobile Devices |
US8219542B2 (en) | 2010-03-25 | 2012-07-10 | Boku, Inc. | Systems and methods to provide access control via mobile phones |
US8583504B2 (en) | 2010-03-29 | 2013-11-12 | Boku, Inc. | Systems and methods to provide offers on mobile devices |
US8781963B1 (en) | 2010-04-16 | 2014-07-15 | Jpmorgan Chase Bank, N.A. | Systems and methods for providing a mobile financial platform |
US8355987B2 (en) | 2010-05-06 | 2013-01-15 | Boku, Inc. | Systems and methods to manage information |
CA2704864A1 (en) | 2010-06-07 | 2010-08-16 | S. Bhinder Mundip | Method and system for controlling access to a monetary valued account |
WO2012012545A1 (en) | 2010-07-20 | 2012-01-26 | Wi-Mexx International Limited | System and methods for transferring money |
US8566233B2 (en) | 2010-07-29 | 2013-10-22 | Intel Corporation | Device, system, and method for location-based payment authorization |
CA2808093A1 (en) | 2010-08-11 | 2012-02-16 | Boku, Inc. | Systems and methods to identify carrier information for transmission of premium messages |
US8555355B2 (en) * | 2010-12-07 | 2013-10-08 | Verizon Patent And Licensing Inc. | Mobile pin pad |
US8699994B2 (en) | 2010-12-16 | 2014-04-15 | Boku, Inc. | Systems and methods to selectively authenticate via mobile communications |
US8412155B2 (en) | 2010-12-20 | 2013-04-02 | Boku, Inc. | Systems and methods to accelerate transactions based on predictions |
US8583496B2 (en) | 2010-12-29 | 2013-11-12 | Boku, Inc. | Systems and methods to process payments via account identifiers and phone numbers |
US8700524B2 (en) | 2011-01-04 | 2014-04-15 | Boku, Inc. | Systems and methods to restrict payment transactions |
US20120191600A1 (en) * | 2011-01-24 | 2012-07-26 | General Electric Company | Method and system for payment of charges associated with charging an electric vehicle |
US8744974B2 (en) * | 2011-03-12 | 2014-06-03 | Mocapay, Inc. | Systems and methods for secure wireless payment transactions when a wireless network is unavailable |
US8543087B2 (en) | 2011-04-26 | 2013-09-24 | Boku, Inc. | Systems and methods to facilitate repeated purchases |
US9191217B2 (en) | 2011-04-28 | 2015-11-17 | Boku, Inc. | Systems and methods to process donations |
US9830622B1 (en) | 2011-04-28 | 2017-11-28 | Boku, Inc. | Systems and methods to process donations |
US8805326B2 (en) * | 2011-05-10 | 2014-08-12 | Ebay Inc. | Payment transactions on mobile device using mobile carrier |
US9965768B1 (en) | 2011-05-19 | 2018-05-08 | Amazon Technologies, Inc. | Location-based mobile advertising |
DE102011103292A1 (en) | 2011-05-26 | 2012-11-29 | Wincor Nixdorf International Gmbh | Procedures and service calculator and cardless authentication system |
US8538845B2 (en) | 2011-06-03 | 2013-09-17 | Mozido, Llc | Monetary transaction system |
US8554671B2 (en) * | 2011-07-18 | 2013-10-08 | Rabih Salem Ballout | System and associated method and service for providing a platform that allows for the exchange of cash between members in a mobile environment |
US10733593B2 (en) | 2011-07-18 | 2020-08-04 | Rabih S. Ballout | Kit, system and associated method and service for providing a platform to prevent fraudulent financial transactions |
US12014347B2 (en) | 2011-07-18 | 2024-06-18 | Rabih S. Ballout | Kit, system and associated method and service for providing a platform to prevent fraudulent financial transactions |
US20130036058A1 (en) * | 2011-08-03 | 2013-02-07 | American Express Travel Related Services Company, Inc. | Systems and methods for securely processing transactions |
US8713656B2 (en) | 2011-10-23 | 2014-04-29 | Gopal Nandakumar | Authentication method |
US20130104197A1 (en) | 2011-10-23 | 2013-04-25 | Gopal Nandakumar | Authentication system |
US8800014B2 (en) * | 2011-10-23 | 2014-08-05 | Gopal Nandakumar | Authentication method |
US8695071B2 (en) | 2011-10-23 | 2014-04-08 | Gopal Nandakumar | Authentication method |
US20130104209A1 (en) * | 2011-10-23 | 2013-04-25 | Gopal Nandakumar | Authentication system |
US20130099891A1 (en) * | 2011-10-23 | 2013-04-25 | Gopal Nandakumar | Authentication method |
US10438196B2 (en) | 2011-11-21 | 2019-10-08 | Mozido, Inc. | Using a mobile wallet infrastructure to support multiple mobile wallet providers |
US9208488B2 (en) | 2011-11-21 | 2015-12-08 | Mozido, Inc. | Using a mobile wallet infrastructure to support multiple mobile wallet providers |
US8984276B2 (en) | 2012-01-10 | 2015-03-17 | Jpmorgan Chase Bank, N.A. | System and method for device registration and authentication |
US8639621B1 (en) | 2012-04-25 | 2014-01-28 | Wells Fargo Bank, N.A. | System and method for a mobile wallet |
US20140379563A1 (en) * | 2013-06-23 | 2014-12-25 | Gaurav BAZAZ | Apparatus and methods for web initiated phone payments |
US20150088746A1 (en) * | 2013-09-26 | 2015-03-26 | SayPay Technologies, Inc. | Method and system for implementing financial transactions |
US20150095238A1 (en) * | 2013-09-30 | 2015-04-02 | Apple Inc. | Online payments using a secure element of an electronic device |
US9965606B2 (en) | 2014-02-07 | 2018-05-08 | Bank Of America Corporation | Determining user authentication based on user/device interaction |
US9647999B2 (en) | 2014-02-07 | 2017-05-09 | Bank Of America Corporation | Authentication level of function bucket based on circumstances |
US9286450B2 (en) | 2014-02-07 | 2016-03-15 | Bank Of America Corporation | Self-selected user access based on specific authentication types |
US9223951B2 (en) | 2014-02-07 | 2015-12-29 | Bank Of America Corporation | User authentication based on other applications |
US9208301B2 (en) | 2014-02-07 | 2015-12-08 | Bank Of America Corporation | Determining user authentication requirements based on the current location of the user in comparison to the users's normal boundary of location |
US9600817B2 (en) | 2014-03-04 | 2017-03-21 | Bank Of America Corporation | Foreign exchange token |
US9721248B2 (en) | 2014-03-04 | 2017-08-01 | Bank Of America Corporation | ATM token cash withdrawal |
US9424572B2 (en) | 2014-03-04 | 2016-08-23 | Bank Of America Corporation | Online banking digital wallet management |
US9600844B2 (en) | 2014-03-04 | 2017-03-21 | Bank Of America Corporation | Foreign cross-issued token |
US9830597B2 (en) | 2014-03-04 | 2017-11-28 | Bank Of America Corporation | Formation and funding of a shared token |
US10002352B2 (en) | 2014-03-04 | 2018-06-19 | Bank Of America Corporation | Digital wallet exposure reduction |
US9721268B2 (en) | 2014-03-04 | 2017-08-01 | Bank Of America Corporation | Providing offers associated with payment credentials authenticated in a specific digital wallet |
US9406065B2 (en) * | 2014-03-04 | 2016-08-02 | Bank Of America Corporation | Customer token preferences interface |
US10127542B2 (en) * | 2014-04-29 | 2018-11-13 | Paypal, Inc. | Payment code generation using a wireless beacon at a merchant location |
US9191287B1 (en) | 2014-05-05 | 2015-11-17 | IP Research LLC | System and method for linking multiple devices into a single profile when making online purchases |
FR3023640B1 (en) * | 2014-07-10 | 2016-08-12 | Roam Data Inc | METHOD FOR MANAGING TRANSACTION, SERVER, COMPUTER PROGRAM PRODUCT AND CORRESPONDING STORAGE MEDIUM |
US9693083B1 (en) | 2014-12-31 | 2017-06-27 | The Directv Group, Inc. | Systems and methods for controlling purchasing and/or reauthorization to access content using quick response codes and text messages |
US9953324B2 (en) * | 2015-03-19 | 2018-04-24 | International Business Machines Corporation | Multi-point authentication for payment transactions |
US20160275507A1 (en) * | 2015-03-19 | 2016-09-22 | International Business Machines Corporation | Multi-point authentication for payment transactions |
US9892396B2 (en) * | 2015-03-19 | 2018-02-13 | International Business Machines Corporation | Multi-point authentication for payment transactions |
US20170091753A1 (en) * | 2015-09-28 | 2017-03-30 | Paypal, Inc. | Sensory feedback payment system |
US10453059B2 (en) | 2015-09-30 | 2019-10-22 | Bank Of America Corporation | Non-intrusive geo-location determination associated with transaction authorization |
US10607215B2 (en) | 2015-09-30 | 2020-03-31 | Bank Of America Corporation | Account tokenization for virtual currency resources |
US9729536B2 (en) | 2015-10-30 | 2017-08-08 | Bank Of America Corporation | Tiered identification federated authentication network system |
US10460367B2 (en) | 2016-04-29 | 2019-10-29 | Bank Of America Corporation | System for user authentication based on linking a randomly generated number to the user and a physical item |
US10268635B2 (en) | 2016-06-17 | 2019-04-23 | Bank Of America Corporation | System for data rotation through tokenization |
US10701064B2 (en) * | 2016-12-16 | 2020-06-30 | Vivek Chinar Nair | Secure system and method for managing the multi-factor authentication data of a user |
US11538025B1 (en) | 2017-02-14 | 2022-12-27 | Wells Fargo Bank, N.A. | Mobile wallet first time customer |
US10511692B2 (en) | 2017-06-22 | 2019-12-17 | Bank Of America Corporation | Data transmission to a networked resource based on contextual information |
US10524165B2 (en) | 2017-06-22 | 2019-12-31 | Bank Of America Corporation | Dynamic utilization of alternative resources based on token association |
US10313480B2 (en) | 2017-06-22 | 2019-06-04 | Bank Of America Corporation | Data transmission between networked resources |
US10523675B2 (en) * | 2017-11-08 | 2019-12-31 | Ca, Inc. | Remote direct memory access authorization |
US10607214B1 (en) | 2018-10-02 | 2020-03-31 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10771254B2 (en) | 2018-10-02 | 2020-09-08 | Capital One Services, Llc | Systems and methods for email-based card activation |
WO2021014786A1 (en) * | 2019-07-24 | 2021-01-28 | LINE Pay株式会社 | Information processing method, program, and terminal |
FR3104760B1 (en) * | 2019-12-13 | 2023-05-26 | Ingenico Group | METHOD, SERVER AND TRANSACTION AUTHENTICATION SYSTEM USING TWO COMMUNICATION CHANNELS |
WO2022123451A1 (en) * | 2020-12-08 | 2022-06-16 | Ahold Delhaize Licensing Sarl | Store checkout verification system |
US12034718B2 (en) | 2022-02-23 | 2024-07-09 | Bank Of America Corporation | Secure user authentication leveraging quantum key and steganography |
Family Cites Families (87)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040243478A1 (en) * | 1996-09-04 | 2004-12-02 | Walker Jay S. | Purchasing, redemption, and settlement systems and methods wherein a buyer takes possession at a retailer of a product purchased using a communication network |
US5991749A (en) | 1996-09-11 | 1999-11-23 | Morrill, Jr.; Paul H. | Wireless telephony for collecting tolls, conducting financial transactions, and authorizing other activities |
US5903721A (en) | 1997-03-13 | 1999-05-11 | cha|Technologies Services, Inc. | Method and system for secure online transaction processing |
US7177835B1 (en) | 1997-08-28 | 2007-02-13 | Walker Digital, Llc | Method and device for generating a single-use financial account number |
US6473500B1 (en) | 1998-10-28 | 2002-10-29 | Mastercard International Incorporated | System and method for using a prepaid card |
US6999569B2 (en) | 1998-10-28 | 2006-02-14 | Mastercard International Incorporated | System and method for using a prepaid card |
US6675153B1 (en) | 1999-07-06 | 2004-01-06 | Zix Corporation | Transaction authorization system |
US7315828B1 (en) | 1999-08-20 | 2008-01-01 | Hallmark Cards, Incorporated | Method of and system for delivering combined social expression cards and gift certificates |
US8596527B2 (en) * | 1999-11-05 | 2013-12-03 | Lead Core Fund, L.L.C. | Methods for locating a payment system utilizing a point of sale device |
US20090164331A1 (en) * | 1999-11-05 | 2009-06-25 | American Express Travel Related Services Company, Inc. | Systems for Locating a Payment System Utilizing a Point of Sale Device |
US20090265241A1 (en) * | 1999-11-05 | 2009-10-22 | American Express Travel Related Services Company, Inc. | Systems and methods for determining a rewards account to fund a transaction |
EP1266320A2 (en) | 2000-02-23 | 2002-12-18 | Capital One Financial Corporation | Systems and methods for providing anonymous financial transactions |
IL134741A (en) | 2000-02-27 | 2003-11-23 | Adamtech Ltd | Mobile transaction system and method |
US7865414B2 (en) * | 2000-03-01 | 2011-01-04 | Passgate Corporation | Method, system and computer readable medium for web site account and e-commerce management from a central location |
KR100933387B1 (en) | 2000-04-24 | 2009-12-22 | 비자 인터내셔날 써비스 어쏘시에이션 | Online payer authentication service |
WO2001090987A1 (en) | 2000-05-25 | 2001-11-29 | Wilson How Kiap Gueh | Transaction system and method |
US7716082B1 (en) | 2000-08-24 | 2010-05-11 | Gilbarco, Inc. | Wireless payment mat device and method for retail environments |
US7392388B2 (en) | 2000-09-07 | 2008-06-24 | Swivel Secure Limited | Systems and methods for identity verification for secure transactions |
US7155411B1 (en) | 2000-09-28 | 2006-12-26 | Microsoft Corporation | Integrating payment accounts and an electronic wallet |
US7337144B1 (en) | 2000-09-28 | 2008-02-26 | Microsoft Corporation | Method and system for restricting the usage of payment accounts |
US7398225B2 (en) * | 2001-03-29 | 2008-07-08 | American Express Travel Related Services Company, Inc. | System and method for networked loyalty program |
US7130817B2 (en) | 2000-12-15 | 2006-10-31 | First Data Corporation | Electronic gift linking |
FR2821225B1 (en) | 2001-02-20 | 2005-02-04 | Mobileway | REMOTE ELECTRONIC PAYMENT SYSTEM |
US20020128917A1 (en) | 2001-03-06 | 2002-09-12 | Electronic Data Systems Corporation | Method and apparatus for processing financial transactions |
US7542942B2 (en) | 2001-07-10 | 2009-06-02 | American Express Travel Related Services Company, Inc. | System and method for securing sensitive information during completion of a transaction |
US7742984B2 (en) | 2001-07-06 | 2010-06-22 | Hossein Mohsenzadeh | Secure authentication and payment system |
AUPR647701A0 (en) | 2001-07-19 | 2001-08-09 | Synkronos Pty Ltd | Virtual credit card terminal and method of transaction |
US20060111983A1 (en) | 2001-10-02 | 2006-05-25 | Malison Alexander E | System, apparatus, and method for facilitating point-of-sale transactions |
US20080255941A1 (en) | 2001-11-14 | 2008-10-16 | Jonathan Otto | Method and system for generating, selecting, and running executables in a business system utilizing a combination of user defined rules and artificial intelligence |
CN101482949A (en) * | 2001-12-04 | 2009-07-15 | M概念有限公司 | System and method for facilitating electronic financial transactions using a mobile telecommunications device |
US20030154139A1 (en) | 2001-12-31 | 2003-08-14 | Woo Kevin K. M. | Secure m-commerce transactions through legacy POS systems |
US7707120B2 (en) | 2002-04-17 | 2010-04-27 | Visa International Service Association | Mobile account authentication service |
US20030212601A1 (en) | 2002-05-09 | 2003-11-13 | Ivan Silva | Credit card SMS portal transmission system and process |
US7784684B2 (en) | 2002-08-08 | 2010-08-31 | Fujitsu Limited | Wireless computer wallet for physical point of sale (POS) transactions |
JP2004164597A (en) * | 2002-08-08 | 2004-06-10 | Fujitsu Ltd | Method for purchasing goods and services |
US7069244B2 (en) * | 2002-09-17 | 2006-06-27 | First Data Corporation | Method and system for merchant processing of purchase card transactions with expanded card type acceptance |
US20040103060A1 (en) | 2002-11-22 | 2004-05-27 | Pitney Bowes Incorporated | Secure payment system and method having one-time use authorization |
US20040122685A1 (en) | 2002-12-20 | 2004-06-24 | Daryl Bunce | Verification system for facilitating transactions via communication networks, and associated method |
CN1849632A (en) | 2003-07-02 | 2006-10-18 | 莫比培国际公司 | Digital mobile telephone transaction and payment system |
EP1536592B1 (en) | 2003-11-26 | 2006-08-09 | France Telecom | Authentication between a cellular mobile terminal and a short range access point |
CN1635525A (en) | 2003-12-31 | 2005-07-06 | 中国银联股份有限公司 | Security Internet payment system and security Internet payment authentication method |
WO2005076523A1 (en) | 2004-02-05 | 2005-08-18 | Veritas Mobile Solutions Pte. Ltd. | System and method for authenticating the identity of a user |
US7275685B2 (en) | 2004-04-12 | 2007-10-02 | Rearden Capital Corporation | Method for electronic payment |
US7693797B2 (en) | 2004-06-21 | 2010-04-06 | Nokia Corporation | Transaction and payment system security remote authentication/validation of transactions from a transaction provider |
US8886557B2 (en) | 2004-06-30 | 2014-11-11 | Tio Networks Corp. | Change-based transactions for an electronic kiosk |
US7014107B2 (en) * | 2004-07-20 | 2006-03-21 | Irek Singer | Wireless payment processing system |
US20060020542A1 (en) | 2004-07-21 | 2006-01-26 | Litle Thomas J | Method and system for processing financial transactions |
CA2542068C (en) | 2005-04-05 | 2016-01-26 | Dxstorm.Com Inc. | Electronic balance checking and credit approval system for use in conducting electronic transactions |
US20060235795A1 (en) | 2005-04-19 | 2006-10-19 | Microsoft Corporation | Secure network commercial transactions |
US8996423B2 (en) | 2005-04-19 | 2015-03-31 | Microsoft Corporation | Authentication for a commercial transaction using a mobile module |
US20060265243A1 (en) | 2005-05-20 | 2006-11-23 | Jeffrey Racho | System and method for establishing or verifying a person's identity using SMS and MMS over a wireless communications network |
US20060291422A1 (en) | 2005-06-27 | 2006-12-28 | Nokia Corporation | Mobility management in a communication system of at least two communication networks |
US20070063020A1 (en) | 2005-09-21 | 2007-03-22 | Capital One Financial Corporation | System and method for charity gift card |
US7658327B2 (en) | 2005-10-03 | 2010-02-09 | Teletech Holdings, Inc. | Virtual retail assistant |
US20070179888A1 (en) | 2005-11-10 | 2007-08-02 | Arielle Angelovich | System for organizational fundraising using retail gift cards |
US7657489B2 (en) * | 2006-01-18 | 2010-02-02 | Mocapay, Inc. | Systems and method for secure wireless payment transactions |
US20070203778A1 (en) | 2006-02-28 | 2007-08-30 | Accenture Global Services Gmbh | Workflow management |
US20070205275A1 (en) | 2006-03-06 | 2007-09-06 | First Data Corporation | Portable point of sale systems and methods |
US9336543B2 (en) | 2006-03-30 | 2016-05-10 | Datascape, Inc. | System and method for facilitating transactions through a network portal |
US7512567B2 (en) | 2006-06-29 | 2009-03-31 | Yt Acquisition Corporation | Method and system for providing biometric authentication at a point-of-sale via a mobile device |
US20080011825A1 (en) | 2006-07-12 | 2008-01-17 | Giordano Claeton J | Transactions using handheld electronic devices based on unobtrusive provisioning of the devices |
US7711620B2 (en) | 2006-08-22 | 2010-05-04 | Transaction Wireless, Inc. | Gift card services for mobile devices |
US20080077527A1 (en) | 2006-09-21 | 2008-03-27 | Mobilekash, Inc. | Method and System for a Purchase Transaction at a Remote Merchant Machine |
BRPI0715284A2 (en) | 2006-09-29 | 2013-07-16 | Dan Scammell | system and method for verifying user identity in electronic transactions |
EP2092474A4 (en) | 2006-10-17 | 2011-09-28 | Yt Acquisition Corp | A method of distributing information via mobile devices and enabling its use at a point of transaction |
US20080103984A1 (en) | 2006-10-30 | 2008-05-01 | Mobilekash, Inc. | System, Method, and Computer-Readable Medium for Mobile Payment Authentication and Authorization |
WO2008094168A1 (en) | 2007-02-02 | 2008-08-07 | Facebook, Inc. | System and method for giving gifts and displaying assets in a social network environment |
US20090012901A1 (en) | 2007-02-14 | 2009-01-08 | Mpower Mobile, Inc. | Multifactor authentication system for "cash back" at the point of sale |
US20080208742A1 (en) | 2007-02-22 | 2008-08-28 | First Data Corporation | Provisioning of a device for mobile commerce |
US20080208762A1 (en) | 2007-02-22 | 2008-08-28 | First Data Corporation | Payments using a mobile commerce device |
US8566239B2 (en) | 2007-02-22 | 2013-10-22 | First Data Corporation | Mobile commerce systems and methods |
US20080207234A1 (en) | 2007-02-22 | 2008-08-28 | First Data Corporation | Marketing messages in mobile commerce |
US20080208741A1 (en) | 2007-02-22 | 2008-08-28 | First Data Corporation | Account information lookup systems and methods in mobile commerce |
US20080208743A1 (en) | 2007-02-22 | 2008-08-28 | First Data Corporation | Transfer of value between mobile devices in a mobile commerce system |
US20080223918A1 (en) | 2007-03-15 | 2008-09-18 | Microsoft Corporation | Payment tokens |
WO2008119168A1 (en) | 2007-04-03 | 2008-10-09 | Cpni Inc. | A system and method for merchant discovery and transfer of payment data |
US8548908B2 (en) | 2007-04-11 | 2013-10-01 | First Data Corporation | Mobile commerce infrastructure systems and methods |
US20080267117A1 (en) | 2007-04-24 | 2008-10-30 | Stern Donald S | Method and system for linking to content and services for a communication device |
US20080296368A1 (en) | 2007-06-04 | 2008-12-04 | Newsom Victor V | Stored-value instrument protection system and method |
US20090037286A1 (en) | 2007-08-03 | 2009-02-05 | Fostered Solutions, Inc. | Restaurant patron payment system and method for mobile devices |
US20090063312A1 (en) * | 2007-08-28 | 2009-03-05 | Hurst Douglas J | Method and System for Processing Secure Wireless Payment Transactions and for Providing a Virtual Terminal for Merchant Processing of Such Transactions |
US8036944B2 (en) | 2007-12-28 | 2011-10-11 | Ebay, Inc. | System and method for conducting a gift value transaction |
US8463674B2 (en) | 2008-01-03 | 2013-06-11 | Mocapay, Inc. | System and method for distributing mobile gift cards |
US8374588B2 (en) | 2008-06-02 | 2013-02-12 | Mocapay, Inc. | Method and system for sending marketing messages to mobile-device users from a mobile-commerce platform |
US8031207B2 (en) | 2008-06-04 | 2011-10-04 | Mastercard International, Inc. | Card image description format to economize on data storage |
US8620299B2 (en) | 2008-08-12 | 2013-12-31 | Mastercard International Incorporated | Methods, systems and computer readable media for electronically delivering a prepaid card to a mobile device |
US8083135B2 (en) | 2009-01-12 | 2011-12-27 | Novell, Inc. | Information card overlay |
-
2007
- 2007-01-18 US US11/624,620 patent/US7657489B2/en not_active Ceased
-
2008
- 2008-01-18 EP EP08705998A patent/EP2122557A4/en not_active Ceased
- 2008-01-18 WO PCT/US2008/051395 patent/WO2008089383A2/en active Application Filing
-
2012
- 2012-05-11 US US13/469,997 patent/USRE44669E1/en active Active
Non-Patent Citations (1)
Title |
---|
See references of EP2122557A4 * |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
USRE44669E1 (en) | 2006-01-18 | 2013-12-24 | Mocapay, Inc. | Systems and method for secure wireless payment transactions |
US7657489B2 (en) | 2006-01-18 | 2010-02-02 | Mocapay, Inc. | Systems and method for secure wireless payment transactions |
US8463674B2 (en) | 2008-01-03 | 2013-06-11 | Mocapay, Inc. | System and method for distributing mobile gift cards |
US8744940B2 (en) | 2008-01-03 | 2014-06-03 | William O. White | System and method for distributing mobile compensation and incentives |
US8589267B2 (en) | 2008-01-03 | 2013-11-19 | Mocapay, Inc. | System and method for re-distributing and transferring mobile gift cards |
US8374588B2 (en) | 2008-06-02 | 2013-02-12 | Mocapay, Inc. | Method and system for sending marketing messages to mobile-device users from a mobile-commerce platform |
US9292862B2 (en) | 2008-06-02 | 2016-03-22 | Mocapay, Inc. | Method and system for sending marketing messages to mobile-device users from a mobile-commerce platform |
GB2463299A (en) * | 2008-08-29 | 2010-03-10 | Etranzact Global Ltd | Authenticating a transaction using a one-time pass code generated on a mobile device |
GB2466038A (en) * | 2008-12-09 | 2010-06-16 | Alexzandre Anthony Capurro | Authorisation of cashless payment using SMS |
WO2013054074A3 (en) * | 2011-10-12 | 2013-08-15 | Technology Business Management Limited | Id authentication |
WO2013054074A2 (en) * | 2011-10-12 | 2013-04-18 | Technology Business Management Limited | Id authentication |
US9832649B1 (en) | 2011-10-12 | 2017-11-28 | Technology Business Management, Limted | Secure ID authentication |
WO2013062459A3 (en) * | 2011-10-26 | 2013-07-11 | Mopper Ab | Method and arrangement for secure transactions between mobile terminals |
US10423950B2 (en) | 2011-10-26 | 2019-09-24 | Mopper Ab | Method and arrangement for authorizing a user |
US9210573B2 (en) | 2011-12-27 | 2015-12-08 | Infosys Limited | Method and apparatus for registering a computing device with a service provider |
Also Published As
Publication number | Publication date |
---|---|
US20070175978A1 (en) | 2007-08-02 |
US7657489B2 (en) | 2010-02-02 |
USRE44669E1 (en) | 2013-12-24 |
EP2122557A2 (en) | 2009-11-25 |
EP2122557A4 (en) | 2011-01-26 |
WO2008089383A3 (en) | 2008-09-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7657489B2 (en) | Systems and method for secure wireless payment transactions | |
US9047600B2 (en) | Mobile and wearable device payments via free cross-platform messaging service, free voice over internet protocol communication, free over-the-top content communication, and universal digital mobile and wearable device currency faces | |
US10026076B2 (en) | Systems, methods, and computer readable media for payment and non-payment virtual card transfer between mobile devices | |
US7014107B2 (en) | Wireless payment processing system | |
US7533065B2 (en) | Advanced method and arrangement for performing electronic payment transactions | |
US20090012901A1 (en) | Multifactor authentication system for "cash back" at the point of sale | |
US20100317318A1 (en) | Methods and apparatus for providing pre-paid payment capability on mobile telephone | |
US20080257952A1 (en) | System and Method for Conducting Commercial Transactions | |
US20060224470A1 (en) | Digital mobile telephone transaction and payment system | |
EP2731065A1 (en) | Method for processing a payment, and system and electronic device for implementing the same | |
KR20090108045A (en) | Mobile vending purchasing | |
KR102597502B1 (en) | Systems and methods with reduced device processing time | |
AU2023200221A1 (en) | Remote transaction system, method and point of sale terminal | |
US20110066513A1 (en) | Method and system for secure mobile payment | |
US20160267444A1 (en) | Payments through Virtualization of a Physical Point of Sale (POS) Terminal and Money Transfer Using Mobile Device | |
WO2014077770A1 (en) | Method for making a payment using a portable communication device | |
CN103903367A (en) | Method and system for loading-in-air of financial IC card embedded into mobile terminal | |
EP1906349A1 (en) | Payment and transaction system using digital mobile telephones | |
CA2475275C (en) | Wireless data processing system for credit payment | |
CN112136302B (en) | Mobile network operator authentication protocol | |
Mbinkeu | New Perspectives of Mobile Payment Platform for Developing Countries | |
UA95299U (en) | THE PROCESS OF MAKING CONTACT FREE PAYMENTS THROUGH A POS TERMINAL WITH THE USE OF MOBILE COMMUNICATION | |
GB2478304A (en) | Secure financial transaction for gift voucher system | |
AU2012203282A1 (en) | Method and system of managing micro financial transactions on mobile communication device | |
WO2011100247A1 (en) | Mobile payments using sms |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 2008705998 Country of ref document: EP |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 08705998 Country of ref document: EP Kind code of ref document: A2 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |