WO2008123762A1 - Method and apparatus for performing a transaction - Google Patents

Method and apparatus for performing a transaction Download PDF

Info

Publication number
WO2008123762A1
WO2008123762A1 PCT/MY2007/000020 MY2007000020W WO2008123762A1 WO 2008123762 A1 WO2008123762 A1 WO 2008123762A1 MY 2007000020 W MY2007000020 W MY 2007000020W WO 2008123762 A1 WO2008123762 A1 WO 2008123762A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
transaction
payment
card
generic identifier
Prior art date
Application number
PCT/MY2007/000020
Other languages
French (fr)
Inventor
Hock Seng Cheah
Original Assignee
Epetrol Holding Sdn. Bhd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Epetrol Holding Sdn. Bhd. filed Critical Epetrol Holding Sdn. Bhd.
Priority to PCT/MY2007/000020 priority Critical patent/WO2008123762A1/en
Publication of WO2008123762A1 publication Critical patent/WO2008123762A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/04Billing or invoicing

Definitions

  • This invention relates to a method and apparatus for performing a transaction, more particularly but not exclusively, for purchasing petrol.
  • a payment infrastructure for such electronic or cashless payments usually comprises a card reader located at a merchant and which reads information from a payment card and transmits the information to an acquiring bank of the merchant. The acquiring bank then processes the transaction and obtains authorisation from an issuing bank of the payment card for approval of the transaction.
  • Figure 1 shows a current infrastructure for performing a payment transaction at petrol stations 100 owned by different petrol companies such as PetronasTM, ShellTM, EssoTM etc. Each of these petrol companies has an associated acquiring bank 102 which accepts the payment transactions on behalf of the petrol company and transmits the transactions to a central interchange 104 for switching to the respective issuing banks 106 of payment cards that were used to initiate the transaction.
  • petrol stations 100 owned by different petrol companies such as PetronasTM, ShellTM, EssoTM etc.
  • Each of these petrol companies has an associated acquiring bank 102 which accepts the payment transactions on behalf of the petrol company and transmits the transactions to a central interchange 104 for switching to the respective issuing banks 106 of payment cards that were used to initiate the transaction.
  • VISATM credit card issued by for example
  • the backbone of the infrastructure is provided for by the banks/financial institutions and thus, if there is a push for more secure technology to prevent fraud, for example changing from magnetic strip credit cards to EMV compliant credit credits, involve substantial up-front costs to modify the infrastructure, and these costs are borne by the banks/financial institutions.
  • the invention provides a method of performing a transaction over a data network, using a generic identifier which has identification information for uniquely identifying a user, the generic identifier being associated with payment accounts issued by different financial institutions, the method comprising the steps of: at the time of the transaction, receiving the identification information over the data network, displaying each of the associated payment accounts for selection by the user; receiving the selected payment account and obtaining authorisation from the financial institution that issued the selected payment account for approval of the transaction.
  • the generic identifier may be a physical card having an electronic chip, and the identification information is stored in the electronic chip. It is envisaged that the generic identifier may be a virtual card and the generic identifier is the identification information.
  • the physical card is a national identification card such as a Malaysian national identification card, or a national identification card issued by a government.
  • the physical card is compliant with international standards like ICAO Doc, 9303, ISO 7501 , EMV, etc., and is optionally protected by dynamic authentication security using advanced cryptographic processes and the identification information apart from just text data may also be a combination of biometrics of the user (such as portrait photograph of the user and a pair of fingerprints).
  • the displaying step may further include displaying a promotion associated with each payment account so that the user knows what promotion is available at that given time to decide which payment account to use for the transaction.
  • the promotion may be merchant specific, specific to the payment account, or specific to the financial institution.
  • the method may further comprise . the steps of, prior to the transaction, registering the generic identifier with a service provider, and selecting which payment accounts of different financial institutions to associate with the generic identifier. Further, the method further comprises the step of selecting which loyalty program offered by merchants is to be associated with the generic identifier. The method may also comprise the step of, at the time of the transaction, identifying the merchant and crediting the user's loyalty account associated with the merchant with loyalty points that corresponds to the transaction amount.
  • the invention further provides apparatus for performing a transaction over a data network using a generic identifier which has identification information for uniquely identifying a user, the generic identifier being associated with payment accounts issued by different financial institutions, the apparatus comprising: means for receiving the identification information over the data network, means for displaying each of the associated payment accounts for selection by the user; means for receiving the selected payment account and obtaining authorisation from the financial institution that issued the selected payment account for approval of the transaction.
  • Figure 1 is a simplified diagram illustrating a current infrastructure for using credit card payment for petrol
  • Figure 2 shows different parties to a payment transaction according to a preferred infrastructure of the present invention which uses a Malaysia national identification card as a payment instrument
  • Figure 3 shows a close up view of the Malaysia national identification card of Figure 2;
  • Figure 4 is a registration and activation device for registration the Malaysia national identification card with a provider of the infrastructure of Figure 2;
  • Figure 5 is a flow chart showing a registration process using the registration and activation device of Figure 4;
  • Figure 6 is a simplified diagram illustrating the role of the infrastructure provider of Figure 2;
  • Figure 7 shows various equipments located at a petrol station of Figure 2 for initiating and processing a payment transaction.
  • FIG 2 is a block diagram of a preferred embodiment of an infrastructure having a number of devices for performing the transaction of the present invention.
  • the preferred embodiment is described in relation to the petrol industry.
  • this invention proposes the use of a generic identifier in the form of the Malaysia national identification card or MyKad 100 for short.
  • a close up view of MyKad is shown in Figure 3.
  • the infrastructure is managed by an infrastructure provider (or commonly known as a 'master acquirer' in banking terminology) administering a host system 202 and a central switch 204 connected to the host system 202.
  • a data network 206 links service providers 208 to the central switch 204 and from the central switch 204 to partnering banks 210.
  • the central switch 204 is a server with high end switching functionalities including cryptographic encryption and message formatting capabilities.
  • a national identification card provides excellent proof of the integrity and identity of the user. Further, the banks need not create their own database but simply ride on the national records since information (i.e. identity and user information) must be stored at the national level anyway.
  • this card has an electronic high security processor with high capacity non-volatile memory chip 201 that not only stores the identity data of the individual (name, unique identification number date of birth.etc.) but also stores biometrics of the user in the form of an electronic impression of the fingerprint (or fingerprints and portrait photograph), and thus, excellent as an authentication and purchasing instrument. In this way, information stored in the chip 201 is an exact copy of the national register and thus, when information is retrieved from the chip 201, this is equivalent to extracting information from the national register.
  • the electronic chip is also compliant with security standards associated with chip based identification documents (such as ISO 7816 and EMV) to ensure the security authentication capabilities of the card.
  • chip based identification documents such as ISO 7816 and EMV
  • the registration and activation device 212 has a card reader for receiving the Mykad, a display for displaying messages to prompt or inform the user and a fingerprint scanner.
  • the registration and activation device 212 Prior to using Mykad 200 as a purchasing instrument, a user first registers his Mykad 200 with the infrastructure provider using a registration and activation device 212, shown in Figure 4.
  • the registration and activation device 212 has a card reader 212a for receiving and reading the identification information on Mykad, a display 212b for displaying messages to prompt or inform the user and a fingerprint scanner 212c.
  • a flow chart of the registration process is shown in Figure 5.
  • the registration process begins at step 400 with the user inserting his Mykad into the card reader 212a of the registration and activation device 212, and selecting "registration" option.
  • the registration and activation device 212 then reads identification information stored in the electronic chip 201 of Mykad and communicates with the host system 202 to check whether there is existing record for this user. If an existing record exists, then at step 404, a message is displayed on a display of the registration and activation device 212 to inform the user accordingly.
  • the host system 202 communicates this to the registration and activation device 212 to authenticate the user, at step 406.
  • the registration and activation device 212 displays a prompt asking for the 'live' capture of the user's fingerprint and this is scanned by the fingerprint scanner 212c.
  • the fingerprint is converted into digital data (template) and transmitted to the electronic chip 201 for identity verification (and optionally to the the host system 202 for similar verification at step 408). If the fingerprint data (template) does not match in the template stored in the chip memory (or in the records of the host system 202 for the user), then the registration is refused and the user is informed accordingly. This is to prevent fraud.
  • the registration continues with the user being provided with a list of partnering banks and the types of payment accounts offered by each bank at step 412 for selection by the user.
  • the types of payment accounts issued by the respective banks are then associated with the user's Mykad and this information is stored at the host system 202 at step 414.
  • the host system 202 then informs the partnering banks 210 associated with the selected payment accounts at step 416 of the user's selection so that the partnering bank's records is updated with the information. Once this is done, the registration is completed and this is updated on the display of the registration and activation device 212 at step 418.
  • the partnering banks may approve or reject the user's request to associate his Mykad with a bank's payment account in case there is an issue with the user's credit history. Such a step is recommended and preferred to ensure that fraud liability is with the banks.
  • the user can use his Mykad as a purchasing instrument.
  • the user inserts his MyKad into a payment terminal 400 at the petrol station 208a of Figure 2 and Figure 7 shows two examples, an indoor payment terminal 400a located in the shop over the counter and an outdoor payment terminal (OPT) 400b installed directly to a pump 402 controlled by a pump controller 408 , just like any conventional payment card systems prior to filling up the vehicle at the pump.
  • the indoor payment terminal 400a will first be described and this includes a system controller in the form of a PC 404 and a card reader 406 which is communicatively coupled wirelessly (although it may also be wired) to the PC 404 and the payment process is initiated with the Mykad being inserted into the card reader 406.
  • the card reader 406 has a fingerprint scanner 407 and identification information from the Mykad is captured as the card is authenticated, similar to the registration process explained earlier.
  • the required data from the Mykad is extracted from the chip memory 201 and transmitted to the PC 404 and then to the host system 202 for bank verification (or other associated host systems) that this is a valid and registered user via the central switch 204. If the verification is successful, the host system 202 then initiates the payment terminal 400a to display a menu on its screen 404a representing each of the payment accounts of different banks 210 that was chosen by the user at time of registration to allow user selection of the bank as well as payment instruments (credit, debit or prepaid) to be used to pay for the goods.
  • bank verification or other associated host systems
  • the information displayed also provides information on the promotions or discounts offered by the various banks for this particular petrol company 208 operating the petrol station 208a. For example, choosing a particular card from issuing bank A may give a 3% rebate on the total petrol purchase to the user and choosing another card from issuing bank B may give just 2% rebate. The user can then select which payment account to transact from and makes his selection accordingly, together with the intended amount of petrol that the user wishes to purchase.
  • this information is transmitted to the central switch 204 which switches the information to the issuing bank 210 that offered the selected payment account. If there is no issue with the transaction, the issuing bank 210 then approves the transaction, which then communicates this to the pump controller 408 to release the pump 402 to enable the refuelling of the user's vehicle based on the amount transacted and this completes the transaction. If the issuing bank finds issue with the transaction (for example, the user is behind in his payment), then the issuing bank refuses to accept the transaction and this is communicated to the system controller 404 which the pump 402 is not released.
  • the same processing steps of reading the identification information on the Mykad and authentication/verification steps are carried out and if the authentication/verification is successful, the same selection of payment account is required by the user and the amount is approved, before the pump 402 is released by the pump controller 408 for the user to carrying out the refuelling. Upon completion, the exact transacted amount is then charged to the selected payment account of the corresponding bank.
  • the process is similar to what is described in Figure 5 but instead of selecting the registration option, the user selects "deactivation" option.
  • the same authentication is required and if the authentication is successful, the records of the user are removed from the host system and this information is sent to the affected partner banks to update their records. Subsequently, any purchase using the Mykad would not be allowed to proceed since the host system does not have a record of the Mykad.
  • the infrastructure provider is essentially acting like a centralised interchange 300 (i.e. the host system 202 and the central switch 204) with integrated settlement capabilities, linking the merchants, in this case the petrol companies 100, and the partnering banks 102/106, which may be acquiring or issuing banks.
  • the infrastructure is provided by the infrastructure provider 300 and not by the banks/financial institutions, and thus relieves the banks/financial institution with investment cost for maintaining or upgrading the infrastructure.
  • Having a common interchange also means that efficiency in the payment processing and due to the economics of scale, the cost of processing is also reduced.
  • the Merchant Discount Rate could be set by this provider on a competitive market basis. Since the function of the acquiring banks is now performed by the centralised interchange (or master acquirer), such an arrangement offers high flexibility of connectivity not only to existing bank transactions but also to any other transactions that requires online host approval and user identity verification/authentication. In effect, this system may use existing infrastructure elements (identification cards and payment terminals) in a manner which facilitates the authentication/verification of electronic transactions in a highly secure and auditable manner.
  • the user does not need to track or remember the different promotions or discount offered by the different issuing banks since such information is provided at time of the transaction and the user has the flexibility of choosing which payment account to transact from that benefits him the most. From the bank's end, if there is any change in the promotions or discounts, they need only inform the infrastructure provider which updates the information stored on the host system 202 to reflect the change and this is much easier than informing each user/customer individually. The user would also be assured that he would not miss out any great deals since the information is presented at time of the transaction.
  • the host system would be able to identify the merchant that is providing the goods/services (for example, by an ID of the card reader, which is also transmitted together with identification of the user) and the promotion and discounts displayed only pertains to that particular merchant, which allows the user to make an informed decision as to which bank offers the best discounts/rates in relation to that merchant so that he can select a payment account issued by that bank.
  • the described embodiment should not be construed as limitative.
  • the user may be required to input a PIN number in addition to the fingerprint impression.
  • impressions from two fingers may be required.
  • an electronic portrait photograph of the user may be included as part of the verification process.
  • the payment accounts may be issued by other financial institutions and not necessary banks, for example VISATM,
  • the pump 402 is released only upon the successful verification and approval by the bank corresponding to the selected bank account. However, it is envisaged that it could be "pump first, pay later".
  • the described embodiment has been explained in relation to the petrol industry but it should be apparent that the invention is similarly applicable for any industry and even on a national level, where all transactions conducted electronically are performed using Mykad and using the infrastructure proposed.
  • the described embodiment uses a national identification card as an example but it is envisaged that other forms of identifiers may be used, in particular one issued by a particular organisation or association and which is associated with different partner financial institutions to obtain the benefits of using a generic card for performing transactions.
  • identifiers may be used, in particular one issued by a particular organisation or association and which is associated with different partner financial institutions to obtain the benefits of using a generic card for performing transactions.
  • the generic identifier may be a virtual card and not a physical card.
  • the described embodiment can be expanded to include tracking of loyalty points, which is a common form of rewarding clients and the loyalty points could be offered by the financial institution or by the merchant.
  • the financial institution if a user selects a particular payment account to charge the payment to, the amount charged would be recorded by the bank and the corresponding loyalty calculated and credited to the user's account in a conventional matter.
  • the loyalty program that is being offered by a particular merchant can similarly be made available to opt-in at the time of registration so that at the time of the transaction, since the host system is able to identify the merchant (for example, a particular petrol company), the host system can then credit the associated merchant's loyalty card with the appropriate loyalty points accordingly. This provides great flexibility and convenience to the user, without needing to carry different loyalty cards offered by different merchants.
  • Another possible application of the described embodiment would be the use of the same for government transactions with members of the public in respect of the identification of the individual as well as payment of government or quasi- govence or public utilities dues and also the delivery of government services to members of the public.
  • the data network may be the internet, WAN or private secure network.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A method and apparatus for performing a transaction over a data network using a generic identifier is disclosed herein. In the described embodiment, the generic identifier is a national identification card (200) having an electronic chip (201) containing identification information for uniquely identifying a user. The generic identifier (200) is associated with payment accounts issued by different financial institutions so that, at the time of the transaction, the associated accounts are displayed for selection by the user to choose which payment account to charge the transaction to.

Description

Method and Apparatus for Performing A Transaction
Background and Field of the Invention
This invention relates to a method and apparatus for performing a transaction, more particularly but not exclusively, for purchasing petrol.
Electronic payment has been growing in popularity and the use of payment cards for payment, such as credit or debit cards, instead of cash, is on the rise and ubiquitous. A payment infrastructure for such electronic or cashless payments usually comprises a card reader located at a merchant and which reads information from a payment card and transmits the information to an acquiring bank of the merchant. The acquiring bank then processes the transaction and obtains authorisation from an issuing bank of the payment card for approval of the transaction.
Figure 1 shows a current infrastructure for performing a payment transaction at petrol stations 100 owned by different petrol companies such as Petronas™, Shell™, Esso™ etc. Each of these petrol companies has an associated acquiring bank 102 which accepts the payment transactions on behalf of the petrol company and transmits the transactions to a central interchange 104 for switching to the respective issuing banks 106 of payment cards that were used to initiate the transaction.
To elaborate and as an example, to pay for petrol at a Petronas™ petrol station 100a, a consumer provides a VISA™ credit card issued by for example
Citibank™ 106a and a cashier at the petrol station 100a swipes the card through a card reader. The credit card information is transmitted to an associated acquiring bank, in this case Maybank™ 102a, which obtains authorisation from Citibank™ (the issuing bank) for approval of the transaction. If the transaction is approved, this is communicated via the acquiring bank 102 to the card reader and a payment receipt is generated for signing by the consumer. The acquiring bank 102a then bills the issuing bank on behalf of the merchant 100a and the issuing bank 106a, in turn, collects payment from the consumer. With such an arrangement, credit card commissions are borne by the merchants, and in this case the petrol companies, which means that these fees have to be paid by the petrol companies to the acquiring banks 102, issuing banks 106 as well as VISA, resulting in reduced profits.
From the bank or financial institutions' viewpoint, the backbone of the infrastructure is provided for by the banks/financial institutions and thus, if there is a push for more secure technology to prevent fraud, for example changing from magnetic strip credit cards to EMV compliant credit credits, involve substantial up-front costs to modify the infrastructure, and these costs are borne by the banks/financial institutions.
With competition between banks and financial institutions, it is common for an issuing bank to issue different types of payment cards to target different consumer groups and substantial money can be spent promoting a particular payment card. This adds to the operating cost of the banks and moreover, costs is further increase since each of these cards must similarly be made compatible with the technology employed by the infrastructure for carrying out the transaction.
It is also common to entice people to sign up with a particular payment card by having tie-ups with merchants to give discounts on the merchant's goods or services when using a particular payment card to pay. This also leads to consumers owning multiple payment cards from different issuing banks in order to enjoy the discounts and benefits associated with each of these payment cards, and trying to remember and to keep track which payment card is having promotions by which merchants can be difficult.
It is an object of the present invention to provide a method and apparatus for performing a transaction which addresses at least one of the disadvantages of the prior art and/or to provide the public with a useful choice. Summary of the Invention
The invention provides a method of performing a transaction over a data network, using a generic identifier which has identification information for uniquely identifying a user, the generic identifier being associated with payment accounts issued by different financial institutions, the method comprising the steps of: at the time of the transaction, receiving the identification information over the data network, displaying each of the associated payment accounts for selection by the user; receiving the selected payment account and obtaining authorisation from the financial institution that issued the selected payment account for approval of the transaction.
The generic identifier may be a physical card having an electronic chip, and the identification information is stored in the electronic chip. It is envisaged that the generic identifier may be a virtual card and the generic identifier is the identification information.
Advantageously, the physical card is a national identification card such as a Malaysian national identification card, or a national identification card issued by a government. Preferably, the physical card is compliant with international standards like ICAO Doc, 9303, ISO 7501 , EMV, etc., and is optionally protected by dynamic authentication security using advanced cryptographic processes and the identification information apart from just text data may also be a combination of biometrics of the user (such as portrait photograph of the user and a pair of fingerprints).
The displaying step may further include displaying a promotion associated with each payment account so that the user knows what promotion is available at that given time to decide which payment account to use for the transaction. The promotion may be merchant specific, specific to the payment account, or specific to the financial institution.
The method may further comprise . the steps of, prior to the transaction, registering the generic identifier with a service provider, and selecting which payment accounts of different financial institutions to associate with the generic identifier. Further, the method further comprises the step of selecting which loyalty program offered by merchants is to be associated with the generic identifier. The method may also comprise the step of, at the time of the transaction, identifying the merchant and crediting the user's loyalty account associated with the merchant with loyalty points that corresponds to the transaction amount.
The invention further provides apparatus for performing a transaction over a data network using a generic identifier which has identification information for uniquely identifying a user, the generic identifier being associated with payment accounts issued by different financial institutions, the apparatus comprising: means for receiving the identification information over the data network, means for displaying each of the associated payment accounts for selection by the user; means for receiving the selected payment account and obtaining authorisation from the financial institution that issued the selected payment account for approval of the transaction.
Brief Description of the Drawings
An embodiment of the invention will now be described, by way of example, with reference to the accompanying drawings in which,
Figure 1 is a simplified diagram illustrating a current infrastructure for using credit card payment for petrol; Figure 2 shows different parties to a payment transaction according to a preferred infrastructure of the present invention which uses a Malaysia national identification card as a payment instrument;
Figure 3 shows a close up view of the Malaysia national identification card of Figure 2;
Figure 4 is a registration and activation device for registration the Malaysia national identification card with a provider of the infrastructure of Figure 2;
Figure 5 is a flow chart showing a registration process using the registration and activation device of Figure 4; Figure 6 is a simplified diagram illustrating the role of the infrastructure provider of Figure 2; and
Figure 7 shows various equipments located at a petrol station of Figure 2 for initiating and processing a payment transaction.
Detailed Description of the Preferred Embodiment
Figure 2 is a block diagram of a preferred embodiment of an infrastructure having a number of devices for performing the transaction of the present invention. As an example, the preferred embodiment is described in relation to the petrol industry. Instead of having different payment cards, this invention proposes the use of a generic identifier in the form of the Malaysia national identification card or MyKad 100 for short. A close up view of MyKad is shown in Figure 3. The infrastructure is managed by an infrastructure provider (or commonly known as a 'master acquirer' in banking terminology) administering a host system 202 and a central switch 204 connected to the host system 202. A data network 206 links service providers 208 to the central switch 204 and from the central switch 204 to partnering banks 210. In this embodiment, the central switch 204 is a server with high end switching functionalities including cryptographic encryption and message formatting capabilities.
Using a national identification card as an authentication and/or purchasing tool has many advantages. For example, a national identification card provides excellent proof of the integrity and identity of the user. Further, the banks need not create their own database but simply ride on the national records since information (i.e. identity and user information) must be stored at the national level anyway. Further, in the case of Mykad 200, this card has an electronic high security processor with high capacity non-volatile memory chip 201 that not only stores the identity data of the individual (name, unique identification number date of birth.etc.) but also stores biometrics of the user in the form of an electronic impression of the fingerprint (or fingerprints and portrait photograph), and thus, excellent as an authentication and purchasing instrument. In this way, information stored in the chip 201 is an exact copy of the national register and thus, when information is retrieved from the chip 201, this is equivalent to extracting information from the national register.
Further, the electronic chip is also compliant with security standards associated with chip based identification documents (such as ISO 7816 and EMV) to ensure the security authentication capabilities of the card.
There is also a MyKad registration and activation device 212 and this is located at a petrol station 208a for convenience. The registration and activation device 212 has a card reader for receiving the Mykad, a display for displaying messages to prompt or inform the user and a fingerprint scanner.
Prior to using Mykad 200 as a purchasing instrument, a user first registers his Mykad 200 with the infrastructure provider using a registration and activation device 212, shown in Figure 4. The registration and activation device 212 has a card reader 212a for receiving and reading the identification information on Mykad, a display 212b for displaying messages to prompt or inform the user and a fingerprint scanner 212c.
A flow chart of the registration process is shown in Figure 5. The registration process begins at step 400 with the user inserting his Mykad into the card reader 212a of the registration and activation device 212, and selecting "registration" option. The registration and activation device 212 then reads identification information stored in the electronic chip 201 of Mykad and communicates with the host system 202 to check whether there is existing record for this user. If an existing record exists, then at step 404, a message is displayed on a display of the registration and activation device 212 to inform the user accordingly.
If no matching record is found, the host system 202 communicates this to the registration and activation device 212 to authenticate the user, at step 406. The registration and activation device 212 then displays a prompt asking for the 'live' capture of the user's fingerprint and this is scanned by the fingerprint scanner 212c. The fingerprint is converted into digital data (template) and transmitted to the electronic chip 201 for identity verification (and optionally to the the host system 202 for similar verification at step 408). If the fingerprint data (template) does not match in the template stored in the chip memory (or in the records of the host system 202 for the user), then the registration is refused and the user is informed accordingly. This is to prevent fraud.
If the fingerprint data matches the host system's records, then the registration continues with the user being provided with a list of partnering banks and the types of payment accounts offered by each bank at step 412 for selection by the user. Upon selection, the types of payment accounts issued by the respective banks are then associated with the user's Mykad and this information is stored at the host system 202 at step 414. Based on the selected payment accounts, the host system 202 then informs the partnering banks 210 associated with the selected payment accounts at step 416 of the user's selection so that the partnering bank's records is updated with the information. Once this is done, the registration is completed and this is updated on the display of the registration and activation device 212 at step 418.
Of course, at step 416, it is envisaged that the partnering banks may approve or reject the user's request to associate his Mykad with a bank's payment account in case there is an issue with the user's credit history. Such a step is recommended and preferred to ensure that fraud liability is with the banks.
Once the registration is completed, the user can use his Mykad as a purchasing instrument. To initiate payment, the user inserts his MyKad into a payment terminal 400 at the petrol station 208a of Figure 2 and Figure 7 shows two examples, an indoor payment terminal 400a located in the shop over the counter and an outdoor payment terminal (OPT) 400b installed directly to a pump 402 controlled by a pump controller 408 , just like any conventional payment card systems prior to filling up the vehicle at the pump. The indoor payment terminal 400a will first be described and this includes a system controller in the form of a PC 404 and a card reader 406 which is communicatively coupled wirelessly (although it may also be wired) to the PC 404 and the payment process is initiated with the Mykad being inserted into the card reader 406. The card reader 406 has a fingerprint scanner 407 and identification information from the Mykad is captured as the card is authenticated, similar to the registration process explained earlier. The required data from the Mykad is extracted from the chip memory 201 and transmitted to the PC 404 and then to the host system 202 for bank verification (or other associated host systems) that this is a valid and registered user via the central switch 204. If the verification is successful, the host system 202 then initiates the payment terminal 400a to display a menu on its screen 404a representing each of the payment accounts of different banks 210 that was chosen by the user at time of registration to allow user selection of the bank as well as payment instruments (credit, debit or prepaid) to be used to pay for the goods. In this embodiment, the information displayed also provides information on the promotions or discounts offered by the various banks for this particular petrol company 208 operating the petrol station 208a. For example, choosing a particular card from issuing bank A may give a 3% rebate on the total petrol purchase to the user and choosing another card from issuing bank B may give just 2% rebate. The user can then select which payment account to transact from and makes his selection accordingly, together with the intended amount of petrol that the user wishes to purchase.
Upon selection of the payment account of a corresponding bank, this information is transmitted to the central switch 204 which switches the information to the issuing bank 210 that offered the selected payment account. If there is no issue with the transaction, the issuing bank 210 then approves the transaction, which then communicates this to the pump controller 408 to release the pump 402 to enable the refuelling of the user's vehicle based on the amount transacted and this completes the transaction. If the issuing bank finds issue with the transaction (for example, the user is behind in his payment), then the issuing bank refuses to accept the transaction and this is communicated to the system controller 404 which the pump 402 is not released.
As an alternative to making payment .over the counter, it is common to pay at the self-service kiosk or pay at the pump 402 using the OPT 400b which has a card reader 410 and a fingerprint scanner 412. Essentially, the same processing steps of reading the identification information on the Mykad and authentication/verification steps are carried out and if the authentication/verification is successful, the same selection of payment account is required by the user and the amount is approved, before the pump 402 is released by the pump controller 408 for the user to carrying out the refuelling. Upon completion, the exact transacted amount is then charged to the selected payment account of the corresponding bank.
If the user wishes to deactivate his Mykad with the infrastructure provider, the process is similar to what is described in Figure 5 but instead of selecting the registration option, the user selects "deactivation" option. The same authentication is required and if the authentication is successful, the records of the user are removed from the host system and this information is sent to the affected partner banks to update their records. Subsequently, any purchase using the Mykad would not be allowed to proceed since the host system does not have a record of the Mykad.
It should be apparent that the payment transaction described above is independent of the financial institution based card schemes, such as Mastercard™ or VISA™ but may be linked as required by the bank.
It would be appropriate at this stage to elaborate more on the role of the infrastructure provider and this may be better explained with reference to Figure 6. Unlike conventional structures, the infrastructure provider is essentially acting like a centralised interchange 300 (i.e. the host system 202 and the central switch 204) with integrated settlement capabilities, linking the merchants, in this case the petrol companies 100, and the partnering banks 102/106, which may be acquiring or issuing banks. In other words, the infrastructure is provided by the infrastructure provider 300 and not by the banks/financial institutions, and thus relieves the banks/financial institution with investment cost for maintaining or upgrading the infrastructure. Having a common interchange also means that efficiency in the payment processing and due to the economics of scale, the cost of processing is also reduced.
Further, since the infrastructure is owned and operated by the infrastructure provider, the Merchant Discount Rate (MDR) could be set by this provider on a competitive market basis. Since the function of the acquiring banks is now performed by the centralised interchange (or master acquirer), such an arrangement offers high flexibility of connectivity not only to existing bank transactions but also to any other transactions that requires online host approval and user identity verification/authentication. In effect, this system may use existing infrastructure elements (identification cards and payment terminals) in a manner which facilitates the authentication/verification of electronic transactions in a highly secure and auditable manner. Further, since such a system uses a common front end user identifier (in this case, MyKad), this enables the connection of the user to a spectrum of hosts systems to allow disparate host systems to authorise transactions once the user has been authenticated and his identity verified by the respective host systems. It would be apparent from the described embodiment that using a generic identifier makes the payment system very much flexible and simpler since the user need only carry one card. The various banks and financial institutions need not spent money on issuing payment cards or investing in marketing programs to promote a particular card since all this is replaced by a generic identifier. In particular, if the generic identifier is a national identification card, once this is recognised as a common access card, there is little justification for deploying other cards that merely add to costs. Another cost element is the transactional switching infrastructure associated with proprietary cards issued by various banks or financial institutions and with the proposed infrastructure, such costs are reduced.
Also, the user does not need to track or remember the different promotions or discount offered by the different issuing banks since such information is provided at time of the transaction and the user has the flexibility of choosing which payment account to transact from that benefits him the most. From the bank's end, if there is any change in the promotions or discounts, they need only inform the infrastructure provider which updates the information stored on the host system 202 to reflect the change and this is much easier than informing each user/customer individually. The user would also be assured that he would not miss out any great deals since the information is presented at time of the transaction. Further, since promotions or discounts are, more often than not, merchant specific and at the time of the transaction, the host system would be able to identify the merchant that is providing the goods/services (for example, by an ID of the card reader, which is also transmitted together with identification of the user) and the promotion and discounts displayed only pertains to that particular merchant, which allows the user to make an informed decision as to which bank offers the best discounts/rates in relation to that merchant so that he can select a payment account issued by that bank.
The described embodiment should not be construed as limitative. For example, to increase security, the user may be required to input a PIN number in addition to the fingerprint impression. Also, instead of just one fingerprint impression, stored in the chip 201 , impressions from two fingers may be required. Also, an electronic portrait photograph of the user may be included as part of the verification process. Further, the payment accounts may be issued by other financial institutions and not necessary banks, for example VISA™,
Mastercard™.
In the described embodiment, the pump 402 is released only upon the successful verification and approval by the bank corresponding to the selected bank account. However, it is envisaged that it could be "pump first, pay later". The described embodiment has been explained in relation to the petrol industry but it should be apparent that the invention is similarly applicable for any industry and even on a national level, where all transactions conducted electronically are performed using Mykad and using the infrastructure proposed.
Further, the described embodiment uses a national identification card as an example but it is envisaged that other forms of identifiers may be used, in particular one issued by a particular organisation or association and which is associated with different partner financial institutions to obtain the benefits of using a generic card for performing transactions. Of course, in such a case, there may not be any need for registering the generic card since it is likely that the card is registered with the organisation or association at time of issue. The generic identifier may be a virtual card and not a physical card.
Also, the described embodiment can be expanded to include tracking of loyalty points, which is a common form of rewarding clients and the loyalty points could be offered by the financial institution or by the merchant. In the case of the financial institution, if a user selects a particular payment account to charge the payment to, the amount charged would be recorded by the bank and the corresponding loyalty calculated and credited to the user's account in a conventional matter. In the case of the merchant, the loyalty program that is being offered by a particular merchant can similarly be made available to opt-in at the time of registration so that at the time of the transaction, since the host system is able to identify the merchant (for example, a particular petrol company), the host system can then credit the associated merchant's loyalty card with the appropriate loyalty points accordingly. This provides great flexibility and convenience to the user, without needing to carry different loyalty cards offered by different merchants.
Another possible application of the described embodiment would be the use of the same for government transactions with members of the public in respect of the identification of the individual as well as payment of government or quasi- govemment or public utilities dues and also the delivery of government services to members of the public.
Also, the data network may be the internet, WAN or private secure network.
Having now fully described the invention, it should be apparent to one of ordinary skill in the art that many modifications can be made hereto without departing from the scope as claimed.

Claims

1. A method of performing a transaction over a data network, using a generic identifier which has identification information for uniquely identifying a user, the generic identifier being associated with payment accounts issued by different financial institutions, the method comprising the steps of: at the time of the transaction, receiving the identification information over the data network, displaying each of the associated payment accounts for selection by the user; receiving the selected payment account and obtaining authorisation from the financial institution that issued the selected payment account for approval of the transaction.
2. A method according to claim 1, wherein the generic identifier is a physical card having an electronic chip, and the identification information is stored in the electronic chip.
3. A method according to claim 2, wherein the physical card is a national identification card.
4. A method according to claim 2, wherein the physical card is in the form of a Malaysian national identification card.
5. A method according to any of claims 2 to 4, wherein the physical card is compliant with an international standard selected from one of the following: ICAO Doc, 9303, ISO 7501, EMV, ISO 7816, ISO 19794 (biometrics), ISO 14443 and PKCS 11.
6. A method according to any of the preceding claim, wherein the identification information is biometrics of the user.
7. A method according to claim 6, wherein the biometrics is the fingerprint and/or portrait photograph of the user.
8. A method according to any preceding claim, wherein the displaying step further includes displaying a promotion associated with each payment account.
9. A method according to claim 8, wherein the promotion is merchant specific.
10. A method according to claim 8, wherein the promotion is specific to the payment account.
11. A method according to claim 8, wherein the promotion is specific to the financial institution.
12. A method according to any preceding claim, further comprising the steps of, prior to the transaction, registering the generic identifier with a service provider, and selecting which payment accounts of different financial institutions to associate with the generic identifier.
13. A method according to claim 12, further comprising the step of selecting which loyalty program offered by merchants to be associated with the generic identifier.
14. A method according to claim 10, further comprising the step of, at the time of the transaction, identifying the merchant and crediting the user's loyalty account associated with the merchant with loyalty points that corresponds to the transaction amount.
15. Apparatus for performing a transaction over a data network using a generic identifier which has identification information for uniquely identifying a user, the generic identifier being associated with payment accounts issued by different financial institutions, the apparatus comprising: means for receiving the identification information over the data network, means for displaying each of the associated payment accounts for selection by the user; means for receiving the selected payment account and obtaining authorisation from the financial institution that issued the selected payment account for approval of the transaction.
PCT/MY2007/000020 2007-04-10 2007-04-10 Method and apparatus for performing a transaction WO2008123762A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/MY2007/000020 WO2008123762A1 (en) 2007-04-10 2007-04-10 Method and apparatus for performing a transaction

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/MY2007/000020 WO2008123762A1 (en) 2007-04-10 2007-04-10 Method and apparatus for performing a transaction

Publications (1)

Publication Number Publication Date
WO2008123762A1 true WO2008123762A1 (en) 2008-10-16

Family

ID=39831164

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/MY2007/000020 WO2008123762A1 (en) 2007-04-10 2007-04-10 Method and apparatus for performing a transaction

Country Status (1)

Country Link
WO (1) WO2008123762A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2466810A (en) * 2009-01-08 2010-07-14 Visa Europe Ltd Processing payment authorisation requests
GB2513127A (en) * 2013-04-15 2014-10-22 Visa Europe Ltd Method and System for Activating Credentials
GB2513125A (en) * 2013-04-15 2014-10-22 Visa Europe Ltd Method and system for transmitting credentials
GB2523101A (en) * 2014-02-12 2015-08-19 Ipl Information Proc Ltd Method and system for executing online transfer of assets
CN106134283A (en) * 2014-04-28 2016-11-16 英特尔Ip公司 The dynamic conformance statement issued for radio application and certification

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002014985A2 (en) * 2000-08-17 2002-02-21 Kern Daniel A Automated payment system
US20040010462A1 (en) * 2002-07-15 2004-01-15 Susan Moon Method and system for a multi-purpose transactional platform
US6796492B1 (en) * 1995-04-13 2004-09-28 James G. Gatto Electronic fund transfer or transaction system
WO2005043438A1 (en) * 2003-10-20 2005-05-12 Chameleon Network Inc. Portable electronic authorization system and method
US20050273431A1 (en) * 2000-07-11 2005-12-08 Abel Luther C System and method for consumer control over card-based transactions

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6796492B1 (en) * 1995-04-13 2004-09-28 James G. Gatto Electronic fund transfer or transaction system
US20050273431A1 (en) * 2000-07-11 2005-12-08 Abel Luther C System and method for consumer control over card-based transactions
WO2002014985A2 (en) * 2000-08-17 2002-02-21 Kern Daniel A Automated payment system
US20040010462A1 (en) * 2002-07-15 2004-01-15 Susan Moon Method and system for a multi-purpose transactional platform
WO2005043438A1 (en) * 2003-10-20 2005-05-12 Chameleon Network Inc. Portable electronic authorization system and method

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2466810A (en) * 2009-01-08 2010-07-14 Visa Europe Ltd Processing payment authorisation requests
US8688574B2 (en) 2009-01-08 2014-04-01 Visa Europe Limited Payment system
US11669816B2 (en) 2009-01-08 2023-06-06 Visa Europe Limited Payment system
GB2513127A (en) * 2013-04-15 2014-10-22 Visa Europe Ltd Method and System for Activating Credentials
GB2513125A (en) * 2013-04-15 2014-10-22 Visa Europe Ltd Method and system for transmitting credentials
WO2014170667A1 (en) * 2013-04-15 2014-10-23 Visa Europe Limited Method and System for Transmitting Credentials
US11138596B2 (en) 2013-04-15 2021-10-05 Visa Europe Limited Method and system for transmitting credentials
US11941615B2 (en) 2013-04-15 2024-03-26 Visa Europe Limited Method and system for transmitting credentials
GB2523101A (en) * 2014-02-12 2015-08-19 Ipl Information Proc Ltd Method and system for executing online transfer of assets
CN106134283A (en) * 2014-04-28 2016-11-16 英特尔Ip公司 The dynamic conformance statement issued for radio application and certification
CN106134283B (en) * 2014-04-28 2019-10-22 英特尔Ip公司 Dynamic conformance statement and certification for radio application publication

Similar Documents

Publication Publication Date Title
US9317866B2 (en) Transaction apparatus, systems and methods
US7604166B2 (en) Method and system for flexible purchases using only fingerprints at the time and location of purchase
AU2009279757B2 (en) Application currency code for dynamic currency conversion transactions with contactless consumer transaction payment device
US8117118B2 (en) Retailer debit card system
US20060206437A1 (en) Financial transaction processing system
US20090177579A1 (en) Transaction System Supporting Dynamic Currency Conversion
AU2022201014B2 (en) Application currency code for dynamic currency conversion transactions with contactless consumer transaction payment device
US10664816B2 (en) Method and system for making electronic payments
WO2008123762A1 (en) Method and apparatus for performing a transaction
WO2013022533A1 (en) Methods and systems of electronic messaging
US20220067742A1 (en) Method and system for flexible purchases using only biometrics at the time and location of purchase
AU2017200399A1 (en) Transaction system supporting dynamic currency conversion
CA2344733A1 (en) Financial transaction processing system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07747217

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: LOSS OF RIGHTS COMMUNICATION (EPO F1205A OF 28.12.09)

122 Ep: pct application non-entry in european phase

Ref document number: 07747217

Country of ref document: EP

Kind code of ref document: A1