WO2011072165A1 - Systèmes et procédés pour transactions par carte de crédit virtuelle - Google Patents

Systèmes et procédés pour transactions par carte de crédit virtuelle Download PDF

Info

Publication number
WO2011072165A1
WO2011072165A1 PCT/US2010/059768 US2010059768W WO2011072165A1 WO 2011072165 A1 WO2011072165 A1 WO 2011072165A1 US 2010059768 W US2010059768 W US 2010059768W WO 2011072165 A1 WO2011072165 A1 WO 2011072165A1
Authority
WO
WIPO (PCT)
Prior art keywords
consumer
merchant
credit card
computer system
transaction
Prior art date
Application number
PCT/US2010/059768
Other languages
English (en)
Inventor
Yigal Baher
Original Assignee
Yigal Baher
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yigal Baher filed Critical Yigal Baher
Publication of WO2011072165A1 publication Critical patent/WO2011072165A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • G06Q30/0601Electronic shopping [e-shopping]
    • G06Q30/0613Third-party assisted

Definitions

  • the present application is directed to systems and methods for credit card transactions between a consumer and a merchant and, more particularly, for systems and methods for secure credit card transactions in which a permanent credit card account number of the consumer is not revealed to the merchant during the transaction.
  • a consumer system may initiate a transaction with a merchant system.
  • the consumer system may generate a first verification code and a second verification code, each of which may be comprised of an alphanumeric string.
  • the consumer system may provide the merchant system with the first verification code.
  • the merchant system may transmit the first verification code to an authorizing entity, and the consumer system may independently transmit the second verification code to the authorizing entity.
  • the authorizing entity may compare the verification codes received from both the consumer system and the merchant system. Based on the results of the comparison, the authorizing entity may either approve or reject the transaction.
  • Figure 1 is a diagram of a network environment according to one embodiment.
  • Figure 2 is an illustration of the general flow of information within a network environment according to one embodiment.
  • Figure 3 is a flow diagram of a secure mode of a virtual credit card application according to one environment.
  • Figure 4 is a flow diagram of a manual mode of a virtual credit card application according to one environment.
  • Figure 5 illustrates the syntax of a seller transaction code according to one embodiment.
  • Figure 6 illustrates the syntax of a consumer sales order number according to one embodiment.
  • Figure 7 illustrates the syntax of a temporary uniform resource locator according to one embodiment. Detailed Description
  • a consumer system initiates a transaction with a merchant system.
  • the consumer system generates a first verification code and a second verification code, each of which may be comprised of an alphanumeric string.
  • the first and second verification codes may each be comprised of a randomly generated number of a predetermined length.
  • the consumer system provides the merchant system with the first verification code.
  • the merchant system transmits the first verification code to an authorizing entity, and the consumer system independently transmits the second verification code to the
  • the authorizing entity compares the first and second verification codes received from the merchant system and the consumer system, respectively. Based on the/esults of the comparison, the authorizing entity either approves or rejects the transaction. In one embodiment, the authorizing entity approves the transaction if the first verification code received from the consumer system is identical to the second verification code received from the merchant system. Otherwise, the authorizing entity may reject the transaction.
  • ACK - Acknowledgement An acknowledge signal sent between systems, can indicate success or failure.
  • CSON - Consumer Sales Order Number An alphanumeric string generated by the credit card application software and used by the credit card company to verify a transaction between a consumer and a merchant.
  • CC - Credit Card A credit account established by an authorizing bank with a cardholder.
  • the credit account allows the cardholder (consumer) to undertake a transaction with a merchant.
  • the authorizing bank issues funds to the merchant in the amount of the transaction.
  • the cardholder is then obligated to repay the authorizing bank the amount of the transaction and, in some cases, interest or fees.
  • the term "credit card” may refer to a physical card presented by the cardholder to the merchant, or to a virtual credit card (see definition below).
  • CCA - Credit Card Application A software application functional to emulate a credit card account in a transaction between a consumer and a merchant without disclosing a credit card number to the merchant.
  • CC Number - Credit Card Number An alphanumeric string used to uniquely identify a credit card account associated with a consumer.
  • Device ID - Device Identification Number An alphanumeric string used to uniquely identify a particular electronic device used by a consumer to complete a transaction with a merchant.
  • MAC Address Media Access Control Address. A unique number assigned to each piece of network hardware by the manufacturer. The MAC address allows each network device to be uniquely identified on a network so that data intended for that device can be properly delivered to the intended device.
  • PDA Personal Digital Assistant.
  • RFID - Radio Frequency Identification The use of a device that transmits radio waves for identification.
  • SSL - Secure Socket Layer An encryption protocol that allows secure communications over a network.
  • STC - Seller Transaction Code An alphanumeric string generated by a merchant to uniquely identify a particular transaction with a particular consumer.
  • tempURL Temporary Uniform Resource Locator. A temporary Internet address generated by a merchant and for use by a credit card application to deliver a consumer sales order number to the merchant.
  • Figure 1 is a simplified block diagram of a network environment 100 that may illustrate one embodiment of the present invention.
  • this figure depicts objects as functionally separate, such depiction is merely for illustrative purposes. It will be apparent to those skilled in the art that the objects portrayed in this figure may be arbitrarily combined or divided into separate software, firmware, or hardware components. Furthermore, it will also be apparent to those skilled in the art that such components, regardless of how they are combined or divided, can execute on the same computer or can be arbitrarily distributed among different computers which may be connected by one or more networks.
  • network environment 100 comprises a plurality of computer or data processing systems coupled to a
  • Communications network 102 provides a mechanism for allowing communication between the various systems depicted in Figure 1.
  • Communications network 102 may be a local area network (LAN), a wide area network (WAN), a wireless network, an intranet, the Internet, a private network, a public network, or any other suitable communications network.
  • Communications network 102 may comprise many interconnected computer systems and communication links.
  • communication links may be hard wire links, optical links, satellite or other wireless communication links, wave propagation links, or any other mechanism for communication of information.
  • Various communication protocols may be used to facilitate communication of information via the communication links, including TCP/IP, HTTP, HTTPS, and IPsec protocols, extensible markup language (XML), wireless application protocol (WAP), protocols under development by industry standards organizations, vendor-specific protocols, customized protocols, and others as known by those skilled in the art.
  • Consumer system 104 may represent a mobile or stationary communications device 1 12 such as a personal digital assistant (PDA), cell phone, smart phone, personal computer, laptop computer or the like.
  • the communications device 1 12 may run on an operating system such as Windows, Windows Mobile, MacOS, iPhone OS, SunOS, Linux, Unix, or any other operating system for mobile or stationary computers and
  • the communications device 1 12 may run a credit card application (CCA) that allows the use of a credit card to pay for a transaction between a consumer and a merchant.
  • CCA credit card application
  • the application may also facilitate communication between the consumer system 104 and any other system connected to the communications network 102.
  • the communications device may include a display area for visually displaying information.
  • Merchant system 106 may represent a system of a merchant and may be located online (e.g. , on the Internet) or at a physical storefront.
  • the merchant system 106 may comprise a routing device 1 14. It is to be understood that data conveyed between the various systems of Figure 1 may traverse a plurality of routing devices 1 14 on their way between source and destination sites. The mechanisms for data transfer over the Internet (or other communication link) are well known and not described in great detail here. It is understood that data are transferred as packets according one or more protocols, such as the Transmission Control Protocol/Internet Protocol (TCP/IP), and the routing device 1 14 facilitates the transfer of data packets back and forth between the systems illustrated in Figure 1 .
  • TCP/IP Transmission Control Protocol/Internet Protocol
  • Merchant system 106 may also comprise a database server 1 16 and an online web server 1 18.
  • the web server 1 18 may deliver content, such as one or more web pages, to another computer on the communications network 102 (e.g., the consumer system communication device 1 12).
  • the content may be delivered using Hypertext Transfer Protocol (HTTP) or another protocol.
  • HTTP Hypertext Transfer Protocol
  • the web pages may comprise a home page for the merchant, an inventory listing of products and/or services offered by the merchant, and a shopping cart function to facilitate purchase of the products or services.
  • web server 1 18 comprises hardware, operating system, web server software, TCP/IP protocols, and site content, either collectively or individually.
  • the merchant system 106 database server 1 16 may provide database services to the web server 1 18.
  • Database services may include inventory control of products and services, orders received through the web server 1 18, order details, such as name and address of consumer, and other information specific to the operation of the particular merchant.
  • database server 1 16 comprises hardware, operating system, database software, TCP/IP protocols, and database content, either collectively or individually.
  • router 1 14, database server 1 16, and web server 1 8 may be comprised of and reside on individual computers, a plurality of computers, or a single computer without departing from the scope of the present invention.
  • Processing gateway system 108 may represent a system that enables the merchant system to authorize and process credit card
  • the merchant system obtains credit card account information from the consumer system, which may occur through the merchant system 106.
  • the credit card account information may be passed to the processing gateway system 108.
  • the processing gateway system 108 may submit the transaction to a credit card network comprising a plurality of financial institutions that manage the processing, clearing, and settlement of credit card transactions. These financial institutions that manage credit card transactions are referred to herein as an authorizing entity.
  • the authorizing entity may be comprised of the financial institution that issued the consumer's credit card, or may be comprised of more than one financial institution.
  • the transaction may then be routed to the credit card company system 1 10 of the issuing bank for the consumer's credit card which approves or denies the transaction.
  • the approval/denial decision may be routed by the credit card network back to the issuing bank.
  • the approval may be routed through the credit card network back to the merchant system 106 for completion of the transaction.
  • Figure 1 does not explicitly illustrate the credit card network. However, in one embodiment, the credit card network is included within credit card company system 10.
  • Both the processing gateway system 108 and the credit card company system 1 10 may comprise a router 120, 126 which functions similarly to the router 1 14 described above for the merchant system 106.
  • the processing gateway system 108 may further comprise a transactions database server 122 and a gateway web application server 124.
  • the transactions database server 122 may maintain records of each transaction processed as well as information on each merchant and other database information.
  • the gateway web application server 124 may provide secure communications through communication network 102, and contain one or more application programs that control operation of the processing gateway system 108.
  • the router 120, transactions database server 122, and gateway web application server 124 may be comprised of and reside on individual computers, a plurality of computers, or a single computer without departing from the scope of the present invention.
  • the credit card company system 1 10 may further comprise a transactions database server 128 and transactions processing web application server 30.
  • the transactions database server 128 may maintain account records for each consumer's account, transaction records, and other database information.
  • the transactions processing web application server 130 may provide secure communications through communication network 102, and contain one or more application programs that control operation of the credit card company system.
  • the router 126, transaction database server 128, and transactions processing web application server 130 may be comprised of and reside on individual computers, a plurality of computers, or a single computer without departing from the scope of the present invention.
  • Figure 2 illustrates a general flow of information between the various systems depicted in Figure 1 according to one embodiment.
  • the consumer utilizing communications device 1 12 initiates a transaction with the merchant.
  • the transaction may occur in either a secure mode or a manual mode.
  • a transaction in secure mode is a web-based transaction involving the consumer accessing the merchant system 106 via the communications network 102.
  • a manual mode transaction is typically used when the consumer is interacting with the merchant other than over the Internet, such as when the consumer is at the merchant's physical storefront, or the transaction is being carried out by voice over the telephone.
  • the merchant system 106 For a secure transaction, the merchant system 106 notifies consumer system 104 of a secure mode transaction. The merchant system 106 then sends a seller transaction code (STC) and a temporary URL address to the consumer system 104 with an acknowledgement of the transaction. The consumer system 104 generates a first verification code and submits the first verification code back to the merchant system 106 using the temporary URL. The consumer system 104 also includes the STC so that the merchant system 106 can properly identify the consumer system 104. The consumer system 104 also sends the STC and a second verification code to the credit card company system 1 10. The first or second verification code may be comprised of a consumer sales order number (CSON). The CSON is described in more detail below.
  • CSON consumer sales order number
  • the merchant system 106 independent of the consumer system 104, sends the STC and CSON to the processing gateway system 108, which in turn sends the STC and CSON to the credit card company.
  • the credit card company issues and acknowledgement back to the consumer system 04 and processing gateway system 108.
  • the processing gateway system 108 relays the acknowledgement to the merchant system 106.
  • the consumer system 104 obtains current credit card information from memory or other storage medium and displays the information for use by the merchant in the transaction. Alternately, the consumer system 104 may obtain new credit card information from the credit card company system, which may then be displayed for use by the merchant in the transaction.
  • FIG. 3 is a high level flowchart describing the steps of processing a secure credit card transaction according to one embodiment of the CCA.
  • the consumer uses communications device 1 12, the consumer initiates a transaction (step 300) and logs into the merchant's website (step 302) resident on the online web server 1 18.
  • the consumer browses the website and selects products to purchase by placing the products or services into a shopping cart (step 304).
  • the merchant system 106 stores the consumer's shopping cart information on online store database server 1 16 and generates a STC and temporary URL specific to this transaction (step 306). Within the online store database server 1 16, information is stored to associate this particular purchase by the consumer with the STC and temporary URL (see step 324 below).
  • the shopping cart function of the merchant's website displays payment options for the consumer to select, one of which is the CCA (step 308).
  • a prompt is displayed on the communications device 1 2 to enter identification information such as a personal identification number (PIN) or biometric data (step 310).
  • PIN personal identification number
  • biometric data may be a fingerprint, voice print, skin pH, retinal scan, facial recognition, or the like as in known in the art.
  • the CCA then verifies the identification information against reference data stored in memory (step 312). If the identification information validation fails, then a counter is started (step 314) and the value of the counter is compared to a predetermined value (step 316).
  • the predetermined value is three.
  • the consumer has three chances to correctly enter the identification information.
  • a maximum counter value of three is used here, any number of validation attempts could be used, including one. If the value of the counter is below the predetermined value, then control returns to step 310 for the next entry of the identification information. If the maximum number of entries of the identification information is reached, then the CCA locks the use of the communications device 1 12 from further transactions (step 318) and a notification of a potential intruder is sent to the consumer and the credit card company system 1 10 (step 320).
  • the lockout may be for a predetermined period of time (e.g., one hour) or may require resetting by another entity (e.g., the credit card company system 1 10).
  • the CCA prompts the consumer to select secure or manual mode (step 322). If secure mode is selected, the CCA stores the STC and temporary URL in memory on the communications device 1 12 (or another storage device associated with the communications device 1 12) (step 324). At step 328, the CCA then generates one or more consumer sales order numbers (CSON) (e.g., verification codes), each of which may be a unique alphanumeric string that will be used for security purposes during later validation of the transaction as described below.
  • CSON consumer sales order numbers
  • the CCA then accesses the merchant system 106 using the temporary URL and submits the STC and a first CSON to the merchant system 106 (step 328).
  • the CCA independently submits the STC and a second CSON to the credit card company system 1 10 (step 328) via the communications device 1 12.
  • the merchant system 106 checks the STC received via the temporary URL against the STC stored in the database server 1 16 for that temporary URL (step 330). If the received STC does not match the stored STC, then the merchant system 106 notifies the CCA of the failure.
  • the CCA clears the memory of the communications device 1 12 for this transaction (e.g., deletes the STC and temporary URL) (step 332) and displays an error message on the display of the communications device 1 12 (step 334).
  • the merchant system 106 submits the STC and the first CSON to the processing gateway system 108 (step 336).
  • the processing gateway checks the validity of the STC and the first CSON (steps 338 and 340). If the processing gateway system 108 verification fails, then an error message is sent to the merchant system 106 (step 342) and may also be displayed on the communications device 1 12 (step 344). If the processing gateway system 108 verification passes, then the gateway processing system 108 submits the STC and the first CSON to the credit card company system 1 10 (step 346).
  • the credit card company system 1 10 stores the STC and the first CSON on the transactions database server 128 (step 348).
  • the credit card company system 1 10 retrieves from the transactions database server 128 the first CSON received from the merchant system 106 and the second CSON received from the CCA via the consumer system 104, which are indexed in the database by the common STC.
  • the credit card company system 1 10 e.g. , authorizing entity
  • performs a comparison of the first and second CSON (step 350).
  • the credit card company system 1 10 will either approve the transaction and send a message to the consumer system 104 and the processing gateway (step 354), or deny the transaction and send an error message to both the processing gateway system 108 (step 352) and to consumer system 104 (step 344), and clear the memory of consumer system 104 (step 332). If the transaction is approved, the credit card company system may additionally charge the credit card account of the consumer (step 354) and mark the transaction as committed (step 356).
  • the comparison of the first and second CSON performed by the credit card company system 1 10 at step 350 is a check of whether the first and second CSON are identical.
  • the transaction may be approved if the first and second CSON are identical, and denied otherwise.
  • other embodiments may rely on a different comparison.
  • either or both of the CCA and the processing gateway system 108 may encrypt the first and second CSON in a manner known by the credit card company system 1 10, such as AES or SSL encryption.
  • Other alterations of the first and second CSON may also be performed as is known in the art, such appending the CSON with a check code.
  • the comparison may be other than a check for identical values.
  • Figure 4 is a high level flowchart describing the steps of processing a manual mode transaction according to one embodiment.
  • the consumer initiates a transaction (step 400) by activating the CCA.
  • the CCA then prompts the consumer to enter identification information such as a PIN or biometric data (step 402).
  • the CCA then verifies the identification information against reference data stored in memory (step 404). If the identification information validation fails, then a counter is started (step 406) and the value of the counter is compared to a predetermined value (step 408). As illustrated in Figure 4, the predetermined value is three. Thus, the consumer has three chances to correctly enter the identification information. Although a maximum counter value of three is used here, any number of validation attempts could be used, including one.
  • control returns to step 402 for the next entry of the identification information. If the maximum number of entries of the identification information is reached, then the CCA locks the use of the communications device 1 12 from further transactions (step 410) and a notification of a potential intruder is sent to the consumer and the credit card company system 1 0 (step 412).
  • the lockout may be for a predetermined period of time (e.g., one hour) or may require resetting by another entity (e.g., the credit card company system 1 0).
  • the CCA prompts the consumer to select secure or manual mode (step 414). If manual mode is selected, the CCA checks for Internet connectivity (step 416). If Internet connectivity has been established, a variable for the connection state is set to a value of one (step 418); otherwise, the variable is zero. The value of the connection state is then checked (step 420). If the connection state is zero, indicating that the communications device 1 12 is not currently connected to the Internet, then the CCA retrieves from memory the last credit card information established by the CCA and displays the information on the communications device 1 12 (step 422).
  • connection state is one, indicating that the communications device 1 12 is currently connected to the Internet
  • the CCA contacts the credit card company system 1 10 and requests a limited use (e.g., a one-time use) credit card number (step 424).
  • the CCA stores the limited use credit card information (credit card number, expiration date, cardholder's name, credit limit, etc.) in the memory of the communications device 1 12 (step 426) and then displays the information on the communications device 1 12 (step 422).
  • the displayed information may be in the form of an alphanumeric string which the merchant may enter into a point of sale terminal, a barcode which may be scanned by the merchant, or other such display as is known in the art.
  • the communications device 1 12 includes functionality to allow transmittal of the credit card information over a relatively short distance to the merchant.
  • Such functionality may include a radio frequency identification (RFID) transmitter, an infrared transmitter, a Bluetooth transmitter, or other transmitter as is known in the art.
  • RFID radio frequency identification
  • the communications device 1 12 may then transmit the credit card information directly to the merchant's point of sale terminal and avoid displaying the information where a third party may see it.
  • the CCA may include a timer function that limits the amount of time the credit card information is displayed or the short range communication is functional.
  • the CCA may start the timer (step 428) and then clear the display or terminate the short range communication functionality after a
  • predetermined period of time (step 430).
  • the manual mode may make use of a temporary, limited use credit card number.
  • the credit card company system 1 10 upon request by the CCA, generates a credit card number different than a permanent credit card number associated with the consumer's account. This limited use credit card number may be valid for a single use or for a predetermined period of time (e.g., one hour or one day).
  • the credit card company system 1 10 may maintain a database of which permanent credit card account number is associated with each limited use credit card number in the transactions database server 128.
  • the CCA contacts the credit card company system 1 10 and notifies the credit card company system 1 10 that the limited use credit card number has been used. In the case of a single-use temporary credit card number, the CCA sends a request to the credit card company system 1 10 that the single-use credit card number be deactivated from further use.
  • the consumer's .permanent credit card number may not be revealed to the merchant during the transaction.
  • the merchant is given the STC and the CSON, but these values may be valid for only a single transaction and only when verified through a comparison of similar information submitted -to the credit card company system 1 10 through the processing gateway system 108.
  • the manual mode the merchant is given a limited use credit card number, not the permanent credit card account number.
  • the present invention provides security to the consumer since the permanent credit card account information is not stored in the communications device 1 12. Additionally, a third party in possession of the communications device 1 2 may not access the permanent credit card account information.
  • the STC may be an alphanumeric string having a length of 1024 bits.
  • the string may be comprised of a variety of substrings.
  • the Merchant ID substring uniquely identifies the merchant.
  • the Transaction ID substring is a random value that unique identifies each transaction.
  • the STC may be comprised of substrings indicating the time and date of the transaction and the total dollar amount of the transaction.
  • the STC may also include a Cyclic Redundancy Check (CRC) error detection code to check for errors after transmitting the STC over the communications network 102.
  • the CRC may be based on any error detection algorithm as is known in the art.
  • the STC may have a length other than 1024 bits and may contain more or less information than illustrated in Figure 5.
  • FIG. 6 illustrates one embodiment of the alphanumeric string that comprises the CSON.
  • the CSON may have a length of 1024 bits and may be comprised on a variety of substrings.
  • the Device ID substring uniquely identifies a particular communications device 1 12.
  • the Device ID substring is comprised of a combination of the MAC address of the communications device 1 12 and the consumer's permanent credit card account number.
  • the Sales ID substring may be generated by the consumer system 04 to identify a sales order number.
  • the Transaction ID substring is a random value that unique identifies each transaction and may be the same as the transaction ID in the STC (see Figure 5).
  • the CSON may also be comprised of substrings indicating the time and date of the transaction, the total dollar amount of the transaction, and a CRC error detection code to check for errors after transmitting the STC over the communications network 102,
  • FIG. 7 illustrates one embodiment of the temporary URL generated by the merchant system 106.
  • the temporary URL may be comprised of the host name for the merchant's online web site (e.g. , IP address, fully qualified domain name) followed by an alphanumeric string or prefixed by a subdomain.
  • the alphanumeric string has a length of 32 characters.
  • the subdomain may be a randomly generated URL and may have a length of 32 alphanumeric characters.
  • the temporary URL may be comprised of more or less subdomains having lengths other than 32 alphanumeric characters.
  • the temporary URL may be comprised of any IP addresses, domain names, alphanumeric characters, etc. as is known in the art to provide a desired level of security.
  • the CCA is
  • the host site may be the credit card company system 1 10 and may be accessible over communications network 102.
  • the consumer enrolls in the service through the credit card company (or other authorized entity) and the credit card company issues a communications device 1 12 to the consumer.
  • One embodiment may be implemented using a conventional general purpose or a specialized digital computer or microprocessor programmed according to the teachings of the present disclosure, as will be apparent to those skilled in the computer art.
  • Appropriate software coding can be readily prepared by skilled programmers based on the teachings of the present disclosure, as will be apparent to those skilled in the software art.
  • the invention may also be implemented by the preparation of integrated circuits or by interconnecting an appropriate network of conventional component circuits, as will be readily apparent to those skilled in the art.
  • One embodiment includes a computer program product which is a storage medium having instructions ⁇ stored thereon which can be used to program a computer to perform any of the features presented herein.
  • the storage medium may include, but is not limited to, any type of disk including floppy disks, optical discs, DVD, CD-ROMs, microdrive, magneto-optical disks, ROMs, RAMs, EPROMs, EEPROMs, DRAMs, VRAMs, flash memory devices, magnetic or optical cards, nanosystems (including molecular memory ICs), or any other type of media or device suitable for storing instructions and/or data.
  • the present invention includes software for controlling both the hardware of the general purpose/specialized computer or microprocessor, and for enablingthe computer or microprocessor to interact with a human user or other mechanism utilizing the results of the present invention.
  • software may include, but is not limited to, device drivers, operating systems, execution environments/containers, and user applications.

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

L'invention concerne des procédés et des dispositifs permettant de réaliser des transactions par carte de crédit virtuelle sécurisées. Dans un mode de réalisation, un système de consommateur initie une transaction avec un système de commerçant. Le système de consommateur génère un premier code de vérification et un second code de vérification. Le système de consommateur fournit le premier code de vérification au système de commerçant. Le système de commerçant transmet le premier code de vérification à un organisme d'habilitation, et le système de consommateur transmet de façon indépendante le second code de vérification à l'organisme d'habilitation. L'organisme d'habilitation compare les codes de vérification reçus à la fois du système de consommateur et du système de commerçant. En fonction des résultats de la comparaison, l'organisme d'habilitation soit approuve soit refuse la transaction.
PCT/US2010/059768 2009-12-09 2010-12-09 Systèmes et procédés pour transactions par carte de crédit virtuelle WO2011072165A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US12/634,655 2009-12-09
US12/634,655 US20110137748A1 (en) 2009-12-09 2009-12-09 Systems and Methods for Virtual Credit Card Transactions

Publications (1)

Publication Number Publication Date
WO2011072165A1 true WO2011072165A1 (fr) 2011-06-16

Family

ID=44082932

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2010/059768 WO2011072165A1 (fr) 2009-12-09 2010-12-09 Systèmes et procédés pour transactions par carte de crédit virtuelle

Country Status (2)

Country Link
US (1) US20110137748A1 (fr)
WO (1) WO2011072165A1 (fr)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9665865B1 (en) * 2002-10-01 2017-05-30 World Award Academy, World Award Foundation, Amobilepay, Inc. One-scan and one-touch payment and buying using haptic control via messaging and calling multimedia system on mobile and wearable device, currency token interface, point of sale device, and electronic payment card
US9704151B2 (en) * 2002-10-01 2017-07-11 Andrew H B Zhou Systems and methods for mobile application, wearable application, transactional messaging, calling, digital multimedia capture and payment transactions
US9646300B1 (en) * 2002-10-01 2017-05-09 World Award Academy, World Award Foundation, Amobilepay, Inc. Systems and methods for mobile application, wearable application, transactional messaging, calling, digital multimedia capture, payment transactions, and one touch service
US9710804B2 (en) * 2012-10-07 2017-07-18 Andrew H B Zhou Virtual payment cards issued by banks for mobile and wearable devices
US20130085938A1 (en) * 2011-10-04 2013-04-04 Keith J. Stone Method and system for account holders to make, track and control virtual credit card numbers using an electronic device
US10013692B2 (en) * 2011-11-10 2018-07-03 Cryptocode, Inc. Systems and methods for authorizing transactions via a digital device
US9569760B2 (en) * 2011-12-30 2017-02-14 Paypal, Inc. Rapid checkout after payment
US20130232035A1 (en) * 2012-03-05 2013-09-05 Mastercard International Incorporated System and method for providing integrated electronic commerce marketplace and settlement functionality
CN104603809B (zh) * 2012-04-16 2019-07-05 盐技术股份有限公司 在移动设备上使用虚拟卡促进交易的系统和方法
US20150186872A1 (en) * 2014-01-01 2015-07-02 Bank Of America Corporation Temporary virtual card
US20180330383A1 (en) * 2017-05-12 2018-11-15 Comenity Llc Limited use temporary credit account
KR101904389B1 (ko) * 2017-07-13 2018-10-05 비씨카드(주) 가상 카드 발급 방법, 금융사 서버 및 제휴사 서버
US11928676B2 (en) 2018-12-17 2024-03-12 Bread Financial Payments, Inc. Short-term authorized pass
US20230410096A1 (en) * 2020-11-12 2023-12-21 Vishal Mishra A system and method for artificial intelligence-based digital credit module and personalized assistance

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5826245A (en) * 1995-03-20 1998-10-20 Sandberg-Diment; Erik Providing verification information for a transaction
US20030061163A1 (en) * 2001-09-27 2003-03-27 Durfield Richard C. Method and apparatus for verification/authorization by credit or debit card owner of use of card concurrently with merchant transaction
US20050154643A1 (en) * 2004-01-08 2005-07-14 International Business Machines Corporation Purchasing information requested and conveyed on demand
US20080217396A1 (en) * 2007-03-06 2008-09-11 Securecard Technologies, Inc. Device and method for conducting secure economic transactions

Family Cites Families (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5754653A (en) * 1995-07-26 1998-05-19 Canfield; Henry A. Coding formula for verifying checks and credit cards
WO1998040982A1 (fr) * 1997-03-12 1998-09-17 Visa International Commerce electronique de securite faisant appel a des cartes a circuit integre
US6477578B1 (en) * 1997-12-16 2002-11-05 Hankey Mhoon System and method for conducting secure internet transactions
CN1384945A (zh) * 1999-05-25 2002-12-11 塞弗派澳大利亚有限公司 网上交易处理系统
AU4933799A (en) * 1999-08-02 2001-02-19 E-Mark Systems Inc. Electronic settlement system, settlement device, and terminal
US6895391B1 (en) * 1999-11-09 2005-05-17 Arcot Systems, Inc. Method and system for secure authenticated payment on a computer network
ES2348860T3 (es) * 2000-05-05 2010-12-16 Infineon Technologies Ag olloooo.
AU2002215210A1 (en) * 2000-11-16 2002-05-27 Telefonaktiebolaget Lm Ericsson (Publ) User authentication apparatus, controlling method thereof, and network system
US6641050B2 (en) * 2001-11-06 2003-11-04 International Business Machines Corporation Secure credit card
US7200577B2 (en) * 2002-05-01 2007-04-03 America Online Incorporated Method and apparatus for secure online transactions
US7349871B2 (en) * 2002-08-08 2008-03-25 Fujitsu Limited Methods for purchasing of goods and services
TWI261492B (en) * 2004-12-23 2006-09-01 Coretronic Corp Support frame of screen
US7128274B2 (en) * 2005-03-24 2006-10-31 International Business Machines Corporation Secure credit card with near field communications
US20080126260A1 (en) * 2006-07-12 2008-05-29 Cox Mark A Point Of Sale Transaction Device With Magnetic Stripe Emulator And Biometric Authentication
US20080077526A1 (en) * 2006-09-20 2008-03-27 First Data Corporation Online payer authorization systems and methods
AU2007307688B2 (en) * 2006-10-11 2011-06-23 Visa International Service Association Method and system for processing micropayment transactions
EP3054408A1 (fr) * 2008-06-24 2016-08-10 HSBC Technology & Services (USA) Inc. Procédés et systèmes pour vérifier des informations concernant des comptes financiers fournies par un client utilisant des transactions de débit et de crédit
US8725574B2 (en) * 2008-11-17 2014-05-13 Mastercard International Incorporated Methods and systems for payment account issuance over a mobile network

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5826245A (en) * 1995-03-20 1998-10-20 Sandberg-Diment; Erik Providing verification information for a transaction
US20030061163A1 (en) * 2001-09-27 2003-03-27 Durfield Richard C. Method and apparatus for verification/authorization by credit or debit card owner of use of card concurrently with merchant transaction
US20050154643A1 (en) * 2004-01-08 2005-07-14 International Business Machines Corporation Purchasing information requested and conveyed on demand
US20080217396A1 (en) * 2007-03-06 2008-09-11 Securecard Technologies, Inc. Device and method for conducting secure economic transactions

Also Published As

Publication number Publication date
US20110137748A1 (en) 2011-06-09

Similar Documents

Publication Publication Date Title
US20110137748A1 (en) Systems and Methods for Virtual Credit Card Transactions
US20230059316A1 (en) Systems and methods for performing financial transactions using active authentication
US11127016B2 (en) Unique code for token verification
US20220318799A1 (en) Systems And Methods For Using A Transaction Identifier To Protect Sensitive Credentials
US11443290B2 (en) Systems and methods for performing transactions using active authentication
CN106357640B (zh) 基于区块链网络的身份认证方法、系统及服务器
US8898762B2 (en) Payment transaction processing using out of band authentication
US8527417B2 (en) Methods and systems for authenticating an identity of a payer in a financial transaction
US10453062B2 (en) Systems and methods for performing person-to-person transactions using active authentication
US20120041879A1 (en) Methods and systems for payment processing between consumers and merchants
US20130185209A1 (en) Transaction-based one time password (otp) payment system
US20120239570A1 (en) Systems and methods for performing ATM transactions using active authentication
US11816666B2 (en) Secure payment processing
US20130325721A1 (en) Data Processing
US11188892B2 (en) Apparatus, system and method for processing multiple payment transactions
KR101712616B1 (ko) 이동통신단말기를 위한 인증서비스 장치 및 방법, 접근제어 서버, 그리고 이동통신단말기의 인증 정보 등록 방법
US20240193603A1 (en) Systems and methods for performing atm fund transfer using active authentication
EA041883B1 (ru) Система и способ для проведения удаленных транзакций с использованием платежного терминала точки продаж

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10836713

Country of ref document: EP

Kind code of ref document: A1

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10836713

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10836713

Country of ref document: EP

Kind code of ref document: A1