WO2015040543A1 - Systems and methods for transacting via a mobile communications channel - Google Patents

Systems and methods for transacting via a mobile communications channel Download PDF

Info

Publication number
WO2015040543A1
WO2015040543A1 PCT/IB2014/064557 IB2014064557W WO2015040543A1 WO 2015040543 A1 WO2015040543 A1 WO 2015040543A1 IB 2014064557 W IB2014064557 W IB 2014064557W WO 2015040543 A1 WO2015040543 A1 WO 2015040543A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile communications
consumer
request
value store
communications channel
Prior art date
Application number
PCT/IB2014/064557
Other languages
French (fr)
Inventor
Horatio Nelson HUXHAM
Tara Anne MOSS
Alan Joseph O'REGAN
Hough Arie VAN WYK
Original Assignee
Visa International Service Association
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Visa International Service Association filed Critical Visa International Service Association
Priority to AP2016009030A priority Critical patent/AP2016009030A0/en
Publication of WO2015040543A1 publication Critical patent/WO2015040543A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3221Access to banking information through M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3223Realising banking transactions through M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists

Definitions

  • the field of the invention relates to the processing of transactions and, in particular, to the processing of transactions via a mobile communications channel.
  • One example provides a consumer having a mobile communications device and a mobile money operator, typically being a bank or a mobile network operator.
  • the mobile money operator acting as an issuing entity, may provide a mobile money platform to enable the consumer to transact against a consumer account using his or her mobile communications device.
  • the mobile money operator provides a direct mobile communications channel between itself and the consumer to enable the consumer to transact against the consumer's account maintained by the mobile money operator via the mobile communications channel.
  • a notable problem associated with technology of the type described above is that many entities having a value store containing a plurality of consumer accounts may, in some cases, be unable to provide a direct mobile communications channel between itself and the consumer.
  • the entity is a retailer having a plurality of consumer loyalty accounts but without the necessary mobile communications infrastructure or resources to provide the above-described mobile communications channel
  • the retailer is unable to allow its consumers to transact against their consumer loyalty accounts via a mobile communications channel.
  • a further problem which may be associated with such systems is that the mobile communications channel between the entity having a value store and the consumer may not have a desired level of security.
  • the entity having a value store is a bank or a mobile money operator
  • payment credentials or other financial information may be transmitted from the bank or mobile money operator to the mobile communications device of the consumer "in the clear", thereby increasing the risk of fraudulent activities such as man-in-the-middle attacks.
  • Embodiments of the invention aim to address these and other problems individually and collectively, at least to some extent.
  • a method for transacting via a mobile communications channel carried out at a payment processor and comprising the steps of: receiving a request relating to processing of a transaction against a consumer account held at a value store of a third party entity; receiving, from a mobile communications device of a consumer, an authorization for the request, wherein the authorization for the request is received from the mobile communications device directly via a mobile communications channel; determining, using at least a consumer account identifier, the value store at which the consumer account is held; and, processing the request against the consumer account held at the value store of the third party entity.
  • a further feature provides for the request to be a request to process a transaction against the consumer account held at the value store of the third party entity and in favor of a recipient account. [0010] A yet further feature provides for the request and the authorization for the request to be received together from the mobile communications device directly via the mobile communications channel.
  • a still further feature provides for the request to process a transaction to include the consumer account identifier, a recipient account identifier and a transaction value.
  • An even further feature provides for the method to include a step of determining, using the recipient account identifier, an acquiring entity associated with the recipient account. [0013] The step of processing the request may include initiating a transfer of funds from the value store to the acquiring entity.
  • a further feature provides for initiating a transfer of funds from the value store to the acquiring entity to initiate an original credit transaction (OCT) push transaction from the consumer account held at the value store of the third party entity to the recipient account.
  • OCT original credit transaction
  • Still further features provide for the request to be received from a recipient, and for the request to include a consumer identifier.
  • Yet further features provide for receiving the authorization for the request from the mobile communications device to be in response to a step of transmitting an authorization request message to the mobile communications device directly via the mobile communications channel, for the mobile communications device to be identified using the consumer identifier, and for the authorization for the request to include the consumer account identifier.
  • the request to be a request for payment credentials for use in a transaction against the consumer account held at the value store of the third party entity and in favor of a recipient account; for processing the request to generate payment credentials linked to the consumer account held at the value store; and, for the method to include a step of transmitting the generated payment credentials to the mobile communications device of the consumer directly via the mobile communications channel.
  • consumer account to be a financial institution account; alternatively, for the consumer account to be a non-financial institution account having a monetizable value; for the third party entity to be an issuing entity; for the third party entity to be an issuer processor; for the third party entity to be a mobile money operator; and for the value store to be a mobile money platform,
  • the payment processor to be a payment processing network or implemented as part of a payment processing network; and for the payment processor to be a payment processing gateway which connects the value store to a payment processing network and which is configured to process transactions conducted against consumer accounts held at the value store,
  • Still further features provide for communications between the mobile communications device and the payment processor to be encrypted communications such that the mobile communications channel is end-to-end secure; for communications sent from the mobile communications device to be encrypted using a hardware security element of the mobile communications device; and for communications sent from the payment processor to be encrypted and/or zone- translated by a security gateway of the payment processor,
  • the hardware security element of the mobile communications device to be a hardware security module (HSM) compliant with at least a security level 2 of the Federal Information Processing Standards (FIPS) 140- 2 standard, preferably with security level 3 or security level 4 of the FIPS 140-2 standard; and for the HSM to be a component of a cryptographic expansion device for attachment to a Subscriber Identity Module (SIM) card, the cryptographic expansion device comprising a first set of electrical contacts disposed on a first side thereof for interfacing to the mobile communications device, a second set of electrical contacts disposed on a second side thereof for interfacing, in use, to the SIM card it is to be attached to, the HSM coupled to the first and second sets of electrical contacts and including a secure processing unit and a public processing unit, [0022] Further features provide for the method to include steps of: establishing a registration of a third party entity having a value store containing a plurality of consumer accounts therein, including capturing at least one credential of a consumer held at the value store,
  • Yet further features provide for the step of establishing a registration of a mobile communications channel of a consumer with the payment processor to include one or both of the steps of capturing a value store identifier and capturing a consumer account identifier; and for the at least one credential of the consumer to include one or more of an identifier of a mobile communications device of the consumer, preferably the Mobile Subscriber Integrated Services Digital Network- Number (MSISDN) of the mobile communications device of the consumer, financial information associated with the consumer account, personal information of the consumer, and an identifier of a hardware security element of the mobile communications device of the consumer.
  • MSISDN Mobile Subscriber Integrated Services Digital Network- Number
  • step of establishing a registration of the mobile communications channel to include the step of receiving, from the third party entity, an identifier of the mobile communications channel and an indication that the mobile communications channel is a trusted channel, and optionally prompting the consumer to confirm, using the mobile communications device, that the mobile communications channel is a trusted channel,
  • a further feature provides for the step of using the at least one credential of the consumer held at the value store to establish trust to include prompting the consumer, via the mobile communications device, for at least one verification credential to verify the at least one credential of the consumer held at the value store, receiving the at least one verification credential from the mobile communications device, analyzing the at least one verification credential against the at least one credential held at the value store, and, if the at least one verification credential matches the at least one credential held at the value store, establishing the mobile communications channel as a trusted channel.
  • step of establishing a registration of the mobile communication channel to include the steps of: using the at least one credential held at the value store, processing a dummy transaction against the consumer account held at the value store, receiving a transaction reference associated with the dummy transaction from the third party entity, receiving a consumer transaction reference from the mobile communications device of the consumer, and matching the transaction reference associated with the dummy transaction to the consumer transaction reference to establish the mobile communications channel as a trusted channel.
  • a system for transacting via a mobile communications channel including a payment processor which comprises: a request receiving component for receiving a request relating to processing of a transaction against a consumer account held at a value store of a third party entity: an authorization receiving component for receiving, from a mobile communications device of a consumer, an authorization for the request, wherein the authorization for the request is received from the mobile communications device directly via a mobile communications channel; a value store determining component for determining, using at least a consumer account identifier, the value store at which the consumer account is held; and, a processing component for processing the request against the consumer account held at the value store of the third party entity,
  • MNO Mobile Network Operator
  • GSM Global System for Mobile Communications
  • UMTS Universal Mobile Telecommunications System
  • SMS Short Message Service
  • USSD Unstructured Supplementary Service Data
  • DTMF Dual-Tone Multi-Frequency Modulation
  • IVR interactive voice response
  • SIM Application Toolkit-based communications A yet further feature provides for the request and authorization for the request to be received together from the mobile communications device directly via the mobile communications channel.
  • a still further feature provides for the payment processor to include an acquirer determining component for determining, using a recipient account identifier, an acquiring entity associated with a recipient account.
  • An even further feature provides for the processing component to include an initiating component for initiating a transfer of funds from the value store to the acquiring entity. [0032] A further feature provides for initiating a transfer of funds from the value store to the acquiring entity to initiate an original credit transaction (OCT) push transaction from the consumer account held at the value store of the third party entity to the recipient account.
  • OCT original credit transaction
  • the payment processor to include an authorization request message transmitting component for transmitting an authorization request message to the mobile communications device directly via the mobile communications channel, and for the mobile communications device to be identified using a consumer identifier received in the request.
  • processing component to include: a credential generating component for generating payment credentials linked to the consumer account held at the value store; and, a credential transmitting component for transmitting the generated payment credentials to the mobile communications device of the consumer directly via the mobile communications channel.
  • the payment processor to include a registration component having: a third party registration component for establishing a registration of a third party entity having a value store containing a plurality of consumer accounts therein, the third party registration component capturing at least one credential of a consumer held at the value store, wherein the registration is established via a first communications channel: and a mobile communications channel registration component for establishing a registration of a mobile communications channel of a consumer with the payment processor to be used for transactions against the value store, wherein establishing a registration of a mobile communications channel uses the at least one credential of the consumer held at the value store to establish trust.
  • a registration component having: a third party registration component for establishing a registration of a third party entity having a value store containing a plurality of consumer accounts therein, the third party registration component capturing at least one credential of a consumer held at the value store, wherein the registration is established via a first communications channel: and a mobile communications channel registration component for establishing a registration of a mobile communications channel of a consumer with
  • a computer program product for transacting via a mobile communications channel
  • the computer program product comprising a computer-readable medium having stored computer-readable program code for performing the steps of: receiving a request relating to processing of a transaction against a consumer account held at a value store of a third party entity; receiving, from a mobile communications device of a consumer, an authorization for the request, wherein the authorization for the request is received from the mobile communications device directly via a mobile communications channel; determining, using at least a consumer account identifier, the value store at which the consumer account is held; and, processing the request against the consumer account held at the value store of the third party entity.
  • Further features provide for the computer-readable medium to be a non- transitory computer-readable medium and for the computer-readable program code to be executable by a processing circuit.
  • a further aspect provides a system having: a third party entity having a value store containing a plurality of consumer accounts therein; a consumer having a consumer account held at the value store of the third party entity, the consumer having a mobile communications device; and a remotely accessible server of a payment processor, the remotely accessible server being configured to communicate with the third party entity over a first communications channel and with the mobile communications device of the consumer over a second communications channel, the second communications channel being a mobile communications channel, and wherein the remotely accessible server is further configured to perform the steps of: receiving, from the mobile communications device of the consumer, a request to process a transaction against the consumer account held at the value store of the third party entity and in favor of a recipient account, wherein the request is received via the mobile communications channel and includes a plurality of transaction details including a consumer account identifier, a recipient account identifier and a transaction value; determining, using at least the consumer account identifier, the value store at which the consumer account is held; determining, using the recipient account identifier
  • the first communication channel to be the Internet; for communications between the remotely accessible server and the third party entity to be enabled by an application programming interface (API) of the payment processor consumed by the third party entity; and for at least some of the communications between the remotely accessible server and the third party entity to be messages complying with the International Organization for Standardization (ISO) 8583 standard on financial transaction card originated messages.
  • API application programming interface
  • An even further aspect provides a system having: a third party entity having a value store containing a plurality of consumer accounts therein; a consumer having a consumer account held at the value store of the third party entity, the consumer having a mobile communications device; and a remotely accessible server of a payment processor, the remotely accessible server configured to perform the steps of: establishing a registration of the third party entity with the payment processor via a communication channel, including capturing at least one credential of a consumer held at the value store; and establishing a registration of a mobile communication channel of a consumer with the payment processor to be used for transactions against the value store, wherein establishing a registration of a mobile communication channel includes using the at least one credential of the consumer held at the value store to establish trust.
  • a further feature provides for the registration of the third party entity with the payment processor via the communication channel to include the step of providing an application programming interface (API) which the third party entity is capable of consuming.
  • API application programming interface
  • the mobile communications device to be a mobile phone; for the mobile phone to be a feature mobile phone; and for communications over the mobile communications channel to be transmitted using one of Short Message Service (SMS) protocol, Unstructured Supplementary Service Data (USSD) protocol, and Radio Frequency (RF) communications protocol including second generation (2G) GSM protocol, third generation (3G) GSM protocol, Long Term Evolution (LTE) protocol, and Wi-Fi protocol.
  • SMS Short Message Service
  • USSD Unstructured Supplementary Service Data
  • RF Radio Frequency
  • FIG. 1A is a schematic diagram which illustrates an embodiment of a system for transacting via a mobile communications channel
  • FIG. 1 B is a schematic diagram which illustrates components of the system illustrated in FIG. 1A;
  • FIG. 2 is a swim-lane flow diagram illustrating a first method of registering a mobile communications channel of a consumer with a payment processor to be used for transactions against a value store;
  • FIG. 3 is a swim-lane flow diagram illustrating a second method of registering a mobile communications channel of a consumer with a payment processor to be used for transactions against a value store;
  • FIG. 4 is a flow diagram illustrating a method for transacting via a mobile communications channel
  • FIG. 5 is a swim-lane flow diagram illustrating another method for transacting via a mobile communications channel
  • FIG. 6 is a swim-lane flow diagram which illustrates yet another method for transacting via a mobile communications channel
  • FIG. 7 illustrates an exemplary mobile communications network coupling a mobile communications device of a consumer with a payment processor
  • FIG. 8 illustrates an example of a computing device in which various aspects of the disclosure may be implemented.
  • FIG. 9 shows a block diagram of a communication device that may be used in embodiments of the disclosure.
  • Systems and methods for transacting via a mobile communications channel are provided.
  • Systems may provide a payment processor which may be capable of establishing a mobile communications channel directly with a mobile communications device of a consumer.
  • the payment processor may further permit third party entities to register a value store having a plurality of consumer accounts therein. In this manner, the payment processor may allow a consumer to transact against a consumer account held at the value store of the third party entity using the consumers mobile communications device. Consequently, third party entities may not be required to maintain or operate costly infrastructure or services so as to provide a mobile communications channel directly to a consumer's mobile communications device,
  • a “mobile communications channel” may be any appropriate communications channel existing or capable of existing between a mobile communications device of a consumer and a remote server of an entity or institution.
  • a mobile communications channel once registered, may be a communications channel through which a consumer is capable of establishing communications with an entity or institution using the consumer's mobile communications device and through which the consumer may transmit requests and responses to the entity or institution using the consumer's mobile communications device,
  • a "mobile communications channel” may utilize a mobile communications network maintained or operated by a Mobile Network Operator (MNO).
  • MNO Mobile Network Operator
  • a mobile communications channel may utilize a Global System for Mobile Communications (GSM), Universal Mobile Telecommunications System (UMTS) or any other similar mobile communications network.
  • requests and responses transmitted through the mobile communications channel may be Short Message Service (SMS) communications, Unstructured Supplementary Service Data (USSD) communications, Dual-Tone Multi-Frequency Modulation (DTMF) signaling, voice communications, interactive voice response (!VR) communications, SIM Application Toolkit-based communications and the like.
  • SMS Short Message Service
  • USSD Unstructured Supplementary Service Data
  • DTMF Dual-Tone Multi-Frequency Modulation
  • voice communications voice communications
  • !VR interactive voice response
  • SIM Application Toolkit-based communications SIM Application Toolkit-based communications and the like.
  • the mobile communications channel utilizes a data communication network such as the Internet.
  • the mobile communications network may support Extensible Hypertext Markup Language
  • the third party entity may be any third party maintaining, operating or holding a value store.
  • Exemplary third parties include: an issuing entity such as an issuing bank; an issuer processor such as a bank; a non-deposit taking financial institution, for example, a mobile money operator or a micro-finance institution; a retailer operating a loyalty program such as a supermarket or an airline operating a frequent flyer program; and the like.
  • the third party entity may make use of mobile money agents or branch networks as a service channel for a mobile money program.
  • the value store may be a store of any number of accounts, each account having a monetizable value.
  • a consumer may have a consumer account held at the value store.
  • the consumer account may thus be any account having a value or balance capable of being monetized, for example, a financial institution account such as a bank account or a unit trust account, or a non-financial institution account such as a consumer loyalty account, a mobile phone airtime balance, or a retailer account, a mobile money value store platform or the like.
  • FIG. 1A illustrates one embodiment of a system (100) for transacting via a mobile communications channel.
  • the system (100) may include a mobile communications device (1 12) of a consumer (1 10), a third party entity (120) having a value store (122) containing a plurality of consumer accounts therein, and a payment processor (130),
  • the payment processor (130) may include a remotely accessible server (132) which may be linked to a value store database (134) containing details of registered value stores and a consumer database (136) containing details of registered consumers.
  • the remotely accessible server (132) may be configured to communicate with the third party entity (120) over a first communications channel (140) and with the mobile communications device (1 12) of the consumer (1 10) over a second communications channel, the second communications channel being a mobile communications channel (150).
  • the consumer (1 10) may be able to communicate with the third party entity (120) through a non-mobile communications channel (160), for example, by way of physical communication (i.e. visiting a branch of the third party entity) or through a secure website of the third party entity (120).
  • the system (100) may further include an acquiring entity (170), typically being an acquiring bank, managing a plurality of recipient accounts.
  • an acquiring entity typically being an acquiring bank, managing a plurality of recipient accounts.
  • participation of an acquiring entity is not required, for example for transactions which may be processed against and/or in favor of accounts held at the value store (122).
  • the value store is a prepaid mobile phone account
  • transactions may either increase or decrease a monetizable value in the consumer account
  • the third party entity (120) may be an issuing entity such as an issuing bank.
  • the third party entity (120) may be an issuer processor such as a bank or a non-deposit taking financial institution, for example, a mobile money operator or a micro-finance institution.
  • the payment processor (130) may be maintained or operated by an independent service provider providing a service to and on behalf of the third party entity (120).
  • the payment processor (130), through the remotely accessible server (132) and other infrastructure, may be configured to process transactions conducted against the consumer accounts held at the value store (122).
  • the payment processor (130) may be a payment processing gateway which serves to connect the value store to a payment processing network.
  • the payment processor (130) may be part of, and/or maintained or operated by a payment processing network.
  • the payment processor (130) may have multiple value stores registered therewith and may be configured to process transactions conducted against, and in some cases between, consumer accounts held in different value stores.
  • the payment processing network may include data processing subsystems, networks, and operations used to support and deliver authorization services, exception file services, and clearing and settlement services.
  • a payment processing network may be any suitable network able to transmit and receive financial system transaction messages (e.g., ISO 8583 messages), and process original credit and debit card transactions.
  • An exemplary payment processing network may include VisaNetTM, Payment processing networks such as VisaNetTM are able to process credit card transactions, debit card transactions, and other types of commercial transactions.
  • the payment processing network may include one or more servers and may use any suitable wired or wireless network, including the Internet.
  • the first communication channel (140) may be any suitable communications channel, for example and as illustrated in FIG. 1 A, the Internet (142).
  • communications between the remotely accessible server (132) and the third party entity (120) are enabled by an application programming interface (API) of the payment processor (130) which is consumed by the third party entity (120).
  • API application programming interface
  • the communications between the remotely accessible server (132) and the third party entity (120) are messages complying with the International Organization for Standardization (ISO) 8583 standard on financial transaction card originated messages or other similar financial system transaction messages, such that payment credentials of consumers may be transmitted over the first communication channel (140) in accordance with the Payment Card Industry Data Security Standard (PCI DSS) on cardholder information.
  • the API may be a web- based interface such as a Hypertext Transfer Protocol (HTTP) interface which the third party (120) or its value store (122) is capable of consuming.
  • HTTP Hypertext Transfer Protocol
  • the mobile communications device (1 12) may be any electronic communications device capable of communicating over a mobile communications network, such as a cellular communications network.
  • a mobile communications network such as a cellular communications network.
  • the term should be interpreted to specifically include all mobile or cellular phones, including so-called “feature mobile phones” and smartphones, and may also include other electronic devices such as computers, laptops, handheld personal computers, personal digital assistants, tablet computers, wearable computing devices, and the like.
  • the mobile communications device (1 12) is a mobile phone of the consumer ( 10).
  • Communications over the mobile communications channel (150) may be transmitted using one or more of Short Message Service (SMS) protocol, Unstructured Supplementary Service Data (USSD) protocol, and Radio Frequency (RF) communications protocol including second generation (2G) GSM protocol, third generation (3G) GSM protocol, Long Term Evolution (LTE) protocol, and the like,
  • SMS Short Message Service
  • USSD Unstructured Supplementary Service Data
  • RF Radio Frequency
  • Communications between the mobile communications device (1 12) and the remotely accessible server (132) may be encrypted communications such that the mobile communications channel (150) is an end-to-end secure channel. Any suitable encryption method or algorithm may be employed to create such a secure channel, as will be appreciated by those skilled in the art,
  • communications sent from the mobile communications device (1 12) may be encrypted using a hardware security element of the mobile communications device (1 12).
  • the hardware security element may be embedded in the mobile communications device, disposed within a micro secure digital (SD) or similar card form factor which is placed in a corresponding card slot of the mobile communications device (1 12).
  • SD micro secure digital
  • the hardware security element may be disposed within a communication component of the mobile communications device, such as a universal integrated circuit card (UICC) (or Subscriber Identity Module (SIM) card). It is also anticipated that in some embodiments the hardware security element may be disposed in an expansion device which may be connected to a mobile communications device or alternatively disposed within, for example a label, tray or card which is then placed in between a U!CC and a U!CC interface of the mobile communications device such that the hardware security element can intercept and appropriately process any communication sent between the UICC and the mobile communications device and consequently, between the mobile communications device and a mobile communication network.
  • UICC universal integrated circuit card
  • SIM Subscriber Identity Module
  • the hardware security element may be a cloud- based secure element using host card emulation (HCE) which enables network- accessible storage external to the mobile communications device (1 12) with an application executing on the mobile communications device (1 12) and configured to emulate card functions.
  • HCE host card emulation
  • the hardware security element of the mobile communications device (1 12) is a hardware security module (HSM) compliant with at least a security level 2 of the Federal Information Processing Standards (FIPS) 140- 2 standard, preferably with security level 3 or security level 4 of the FIPS 140-2 standard.
  • HSM hardware security module
  • the HSM is implemented as a component of a cryptographic expansion device for attachment to a SIM card, the cryptographic expansion device comprising a first set of electrical contacts disposed on a first side thereof for interfacing to the mobile communications device (1 12), a second set of electrical contacts disposed on a second side thereof for interfacing, in use, to the SIM card it is to be attached to, the HSM coupled to the first and second sets of electrical contacts for interfacing to both the SIM card and the mobile communications device (1 12).
  • the HSM of the cryptographic expansion device may include a public processing unit (PPU) and a secure processing unit (SPU) which may be logically and physically separate from each other.
  • the cryptographic expansion device acts as an intermediary between the SIM card and the mobile communications device to enable a user of the mobile device to send and receive secure, encrypted communications.
  • a cryptographic expansion device of the type described above thus allows a mobile communications device operating in the system (100) of FIG. A to send and receive encrypted communications and may provide enhanced security over traditional software encryption methods.
  • communications sent from and received by the remotely accessible server (132) may be encrypted and/or zone-translated using a security gateway (not shown) of the payment processor (130) in communication with the remotely accessible server (132).
  • the third party entity (120) may not be required to provide, or capable of providing, a direct mobile communications channel between the value store (122) and the consumer (1 10).
  • the consumer (1 10) would be unable to use the mobile communications device (1 12) to transact against the consumer account held at the value store (122),
  • a mobile communications channel (150) may be registered between the mobile communications device (1 12) of the consumer (1 10) and the remotely accessible server (132). This may enable the consumer (1 10) to transact against the consumer account via the payment processor (130) and the first communications channel (140) between the value store (122) and the remotely accessible server (132) using the registered mobile communications channel (150).
  • FIG. 1 B is a schematic diagram which illustrates components of the payment processor (130) of the system (100) illustrated in FIG. 1A as well as the various parties with which the payment processor interacts.
  • Various components, modules or interfaces of the payment processor (130) may be implemented on the remotely accessible server (132) which may be any appropriate server computer, distributed server computer, cloud-based server computer or the like.
  • various components, modules or interfaces of the payment processor (130) may be implemented on respective server computers.
  • the payment processor (130) may include a payment processing network interface (172), a mobile interface (174) and a third party interface (176),
  • the payment processing network interface (172) may be configured to transmit and receive financial system transaction messages to and from financial institutions via a payment processing network (138),
  • the payment processor (130) forms a part of the payment processing network (138), in which case the payment processing network interface (172) interfaces to associated data processing subsystems, networks and operations of the payment processing network ( 38) which are used to support and deliver the services of the payment processing network (138),
  • the financial transaction messages may be ISO 8583 messages. Thus all communications between the payment processor ( 30) and the payment processing network (138) or other financial institutions, as the case may be, may be via the payment processing network interface (172).
  • the mobile interface (174) may be configured to provide a direct mobile communications channel (150) between the payment processor (130) and the consumer's mobile communications device (1 12).
  • the mobile interface (174) may provide the necessary hardware and software components to interface to a mobile communications network (152) or to provide a secure communications channel between the payment processor (130) and the mobile communications device (1 12),
  • the mobile interface (174) may permit the payment processor (130) to transmit and receive SMS messages, initiate USSD or IVR sessions, transmit and receive secure messages and the like.
  • all communications between the mobile communications device (1 12) of the consumer (1 10) and the payment processor may be via the mobile interface (174) which provides the mobile communications channel (150).
  • the third party interface (176) may enable communications between the payment processor (130) and third party entities (120A-C).
  • the third party interface (176) may enable the communications with a third party entity (120A-C) via the Internet or other similar communication network. This may require the third party entities (120A-C) to consume an application programming interface (API) of the payment processor.
  • API application programming interface
  • communications transmitted between the third party entities (120A-C) and the payment processor (130) are financial system transaction messages.
  • the payment processor (130) may also include a request receiving component (178) for receiving a request relating to the processing of a transaction against a consumer account held at a value store of a third party entity (e.g. 120A) and an authorization receiving component (180) for receiving, from the mobile communications device (1 12) of the consumer (1 10), an authorization for the request.
  • the authorization for the request may be received from the mobile communications device (1 12) directly via the mobile communications channel (150).
  • the request relating to processing of a transaction against a consumer account and the authorization for the request are received from the mobile communications device (1 12) together in the same message.
  • the authorization for the request may be implicit in the transmitting of the request. For example, it may be the case that the consumer is required to enter a passcode before the consumer may be permitted to transmit a request relating to processing of a transaction, in which case, the request implicitly includes the authorization for the request.
  • the request may be received separately, for example, from a recipient (198) via the acquiring entity (170) and payment processing network (138), where appropriate.
  • the request may include a consumer identifier, for example an SISDN provided to the recipient (198) by the consumer (1 10) and usable in identifying the mobile communications device of the consumer (1 10).
  • the payment processor (130) may include an authorization request message transmitting component (182) for transmitting an authorization request message to the mobile communications device directly via the mobile communications channel (150).
  • the mobile communications device may be identified using the consumer identifier, for example by querying a consumer database (136) containing details of registered consumers.
  • the payment processor (130) may further include a value store determining component (184) for determining, using at least a consumer account identifier received with either the request or the authorization for the request, the value store at which the consumer account is held. This may include querying one or both of a value store database (134) containing details of registered value stores and the consumer database (136) containing details of registered consumers.
  • the payment processor (130) may include an acquirer determining component (186) for determining, using a recipient account identifier, an acquiring entity associated with the recipient account.
  • the acquirer determining component (186) may determine the acquiring entity using a portion of the recipient account identifier.
  • the recipient account identifier may be a PAN, the first six digits of which are bank identification number (BIN) usable in identifying the acquiring entity (170).
  • the payment processing network (138), and not the payment processor (130) determines, using the recipient account identifier, an acquiring entity associated with the recipient account.
  • a processing component (188) may also be provided for processing the request against the consumer account held at the value store of the third party entity (120A).
  • the processing component (188) may include an initiating component (190) for initiating a transfer of funds from the value store to the acquiring entity.
  • initiating a transfer of funds from the value store to the acquiring entity initiates an original credit transaction (OCT) push transaction from the consumer account held at the value store of the third party entity to the recipient account. This may be effected by transmitting an ISO 8583 0200 Acquirer Financial Request message or other appropriate financial transaction message.
  • initiating a transfer of funds from the value store to the acquiring entity may include instructing the third party entity to initiate the transfer of funds.
  • the processing component (188) may further include a credential generating component (192) for generating payment credentials and linking the generated payment credentials to the consumer account held at the value store and a credential transmitting component (194) for transmitting the generated payment credentials to the mobile communications device (1 12) of the consumer (1 10) directly via the mobile communications channel (150).
  • the credential generating component (192) may request payment credentials from the third party entity (120A).
  • the payment processor (130) may include a registration component (196) which may include a third party registration component for establishing a registration of a third party entity having a value store containing a plurality of consumer accounts therein .
  • the third party registration component may capture at least one credential of a consumer held at the value store.
  • the third party registration component may establish registration of a first communications channel.
  • the registration component (196) may also include a mobile communications channel registration component for establishing a registration of a mobile communications channel of a consumer with the payment processor to be used for transactions against the value store.
  • the mobile communications channel registration component may establish a registration of a mobile communications channel using the at least one credential of the consumer held at the value store to establish trust.
  • Various methods may be used to register a mobile communications channel (150) of a consumer with the payment processor (130) to enable it to be used for transactions against the consumer account.
  • a registration of the third party entity (120) may be established, and at least one credential or reference of the consumer (1 10) held at the value store (122) may be transmitted from the third party entity (120) and captured by the remotely accessible server (132).
  • the registration of the third party entity (120) may be established via the first communications channel (140).
  • a registration of the mobile communications channel (150) of the consumer (1 10) with the payment processor (130) may be established.
  • the at least one credential or reference of the consumer (1 10) held at the value store may be used to authenticate the registration so as to establish trust, in other words, to verify that the mobile communications channel (150) is indeed a trusted channel.
  • establishing trust may relate to transferring an established degree of trust in a channel between the consumer (1 10) and the third party entity (120) to a similar degree of trust in a channel between the consumer (1 10) and the payment processor (130). This may be effected by proving that a credential held by the third party entity (120) and relating to the consumer (1 10) can be verified by the consumer (1 10) to the payment processor (130).
  • the flow diagram (200) of FIG. 2 illustrates a first method of registering a mobile communications channel of a consumer with a payment processor to be used for transactions against a value store.
  • the required consumer credentials are "pushed" to the remotely accessible server (132) to establish the mobile communications channel (150) as a trusted channel.
  • the third party entity (120) provides details of the value store (122) to the remotely accessible server (132) over the first communications channel (140). These details may include a value store identifier, consumer account identifiers, details of mobile communications channels of consumers holding consumer accounts, consumer identifiers, and the like.
  • the value store (122) of the third party entity (120) is registered with the payment processor (130) as a value store against which consumers may transact via the remotely accessible server (132) using their mobile communications devices.
  • the registration of the third party entity (120) with the payment processor (130) may involve the step of providing an API which the third party entity (120) is capable of consuming.
  • the consumer (1 10) in this case a new consumer in respect of the particular value store of the third party entity, initializes the registration of a new consumer account to be held at the value store (122).
  • This account registration process may take place using any suitable method, such as a conventional method involving capturing required "know-your-customer (KYC)" information from the consumer and generating a new consumer account to be held at the value store (122),
  • the consumer (1 10) only has the non-mobile communications channel (160) available by way of which to transact against the consumer account at this stage.
  • the consumer (1 10) may transact against the consumer account using any number of convention means, except that no direct mobile communications channel is available by which the consumer (1 10) may transact against the consumer account.
  • the consumer (1 10) may transact by visiting a brick-and-mortar branch of the third party entity (120) or by accessing a website of the third party entity (120) via which the consumer may transact.
  • the consumer (1 10) may desire to extend the transaction capabilities available under the consumer account to include a mobile communications channel, and uses the established non-mobile communications channel (160) to initialize the registration of the consumer account with the payment processor (130).
  • the consumer (1 10) may initialize the registration by physically communicating such a request to the third party entity (120), for example, in the case where the third party entity (120) is a retailer at which the consumer (1 10) holds an account.
  • the consumer (1 10) may initialize the registration using electronic means, such as by way of a link on a banking website in the case where the third party entity (120) is an issuing bank at which the consumer (1 10) holds a bank account,
  • the consumer (1 10) may initialize the registration directly with the remotely accessible server (132). For example, the consumer (1 10) may select the value store (122) and an identifier of the consumer account using a mobile software application and transmit this selection to the remotely accessible server (132) to initialize the registration of the mobile communications channel (150).
  • the third party entity (120) receives this request and transmits one or more credentials (typically a consumer identifier) of the consumer (1 10), an identifier of the mobile communications channel (150), and an indication that the channel is a trusted channel to the remotely accessible server (132), at a next stage (212).
  • Consumer credentials may include one or more of an identifier of a mobile communications device (1 12) of the consumer (1 10), such as one or more of the group of: the Mobile Subscriber Integrated Services Digital Network-Number (MSISDN) of the mobile communications device (1 12); financial information associated with the consumer account; personal information of the consumer; and an identifier of a hardware security element of the mobile communications device of the consumer.
  • MSISDN Mobile Subscriber Integrated Services Digital Network-Number
  • the consumer (1 10) has credentials stored with the value store (122), such as a password, personal information and/or a security question.
  • credentials are provided to the payment processor (130) by the third party entity (120), and the payment processor (130) may then request the same credential from the consumer (1 10).
  • the mobile communications channel (150) is registered.
  • the remotely accessible server (132) captures at least a consumer account identifier and a value store identifier, and may at this point register the mobile communications channel (150) identified by the third party entity (120) as a trusted channel which may be used to transact against the consumer account held at the value store (122).
  • the remotely accessible server (132) may require, at a next stage (214), the consumer (1 10) to confirm that the mobile communications channel and/or the mobile communications device identified by the third party entity (120) is indeed trusted. At a next stage (216), the consumer (1 10) confirms, typically using the mobile communications device (1 12). The remotely accessible server (132) then, at a final stage (218), establishes the mobile communications channel (150) as a trusted channel for the particular consumer (1 10).
  • the third party entity (120) is a bank acting as an issuer processor and the value store (122) contains a plurality of payment card accounts.
  • the consumer (1 10) may "push" payment card details, consumer details and/or an identification of the mobile communications channel (150) to the payment processor (130), preferably via the third party entity (120), for example, by presenting or inserting a physical payment card at an acceptance point such as a point of sale (POS) device.
  • POS point of sale
  • the payment card account of the consumer (1 10) is registered by the payment processor (130) as a payment instrument which the consumer (1 10) may use to transact over the mobile communications channel (150).
  • the flow diagram (300) of FIG. 3 illustrates a second method of registering a mobile communications channel of a consumer with a payment processor to be used for transactions against a value store.
  • the required consumer credentials are "pulled" from the consumer (1 10) and the third party entity (120) respectively and verified against one another by the remotely accessible server (132) to establish the mobile communications channel (150) as a trusted channel.
  • the initial stages (302-308) of the method of FIG. 3 corresponds to the initial stages (202-208) of the method of FIG. 2, wherein the consumer (1 10) registers the consumer account with the third party entity (120) and the third party entity (120) registers the value store (122) with the payment processor (130).
  • the third party entity (120) transmits a request to the remotely accessible server (132) to register the mobile communications channel (150) of the consumer (1 10) as a channel which can be used to transact against the consumer account held at the value store (122).
  • the third party entity (120) may transmit this request in response to a corresponding request received from the consumer (1 10), or may automatically request such channels to be registered for all or some of its account holders.
  • the remotely accessible server (132) To establish trust in the mobile communications channel (150) identified by the third party entity (120), the remotely accessible server (132), at a next stage (312), prompts the third party entity (120) for a consumer credential, which may, for example, be any of the consumer credentials described above.
  • the third party entity (120), at a next stage (314), provides the required consumer credential to the remotely accessible server (132). In other embodiments, the remotely accessible server (132) may already be in possession of the required credential or credentials.
  • the remotely accessible server (132) then, at a next stage (316), prompts the consumer (1 10) for a verification credential, which is typically the same credential as the consumer credential the third party entity (120) was prompted for.
  • the remotely accessible server (132) receives some piece of information relating to the consumer (1 10) from the third party entity (120), and then requests the same piece of information from the consumer (1 10) to establish trust in the communication channel.
  • This credential may, for example, be the answer to a security question, a passphrase or unique code.
  • the consumer (1 10) transmits the verification credential to the remotely accessible server (132) using the mobile communications device (1 12),
  • the remotely accessible server (132) analyzes both sets of credentials, and if these credentials match, the remotely accessible server (132) establishes the mobile communications channel (150) as a trusted channel for the particular consumer (1 10) at a final stage (320).
  • the payment processor (130) processes a dummy transaction against the consumer account held at the value store (122).
  • the remotely accessible server (132) utilizes one or more of the credentials of the consumer, such as an account number, to process a dummy transaction, after which the third party entity (120) is prompted for a transaction reference.
  • the third party entity (120) then provides a transaction reference to the remotely accessible server (132) uniquely identifying the dummy transaction against the consumer account.
  • the remotely accessible server (132) in turn requests the consumer (1 10) to transmit a consumer transaction reference from the mobile communications device (1 12) for that same transaction.
  • the remotely accessible server (132) matches the transaction reference received from the third party entity (120) with the consumer transaction reference to establish trust, in other words, to verify that the consumer (1 10) has legitimate access to the consumer account in the value store (122) which is to be registered for use with the mobile communications channel (150). [0115] Once the first communications channel (140) and the mobile communications channel (150) are successfully registered, the consumer (1 10) may use the mobile communications device (1 12) to transact against the consumer account held at the value store (122).
  • the flow diagram (400) of FIG. 4 illustrates one embodiment of a method for transacting via a mobile communications channel.
  • the consumer (1 10) transmits a request relating to processing of a transaction against a consumer account held at a value store of a third party to the payment processor (130),
  • the consumer (1 10) uses the mobile communications device (1 12), to transmit the request to process the transaction against the consumer account.
  • request is a request to process a transaction being a payment transaction. It should be appreciated, however, that any suitable transaction may be processed in relation to the consumer account, such as a withdrawal transaction, a deposit transaction, an account information request, and the like.
  • the consumer (1 10) may request that a payment be made by transferring funds from the loyalty account to a recipient account, which may, similarly to the consumer account, be any account having a monetizable value.
  • a recipient account may be an account at the same value store as the consumer account, or an account at a different value store which is also registered with the payment processor (130).
  • the recipient account may be a financial account held at an acquiring entity.
  • the payment processor (130) receives the request to process a transaction against the consumer account.
  • the request may include a plurality of transaction details, such as a consumer account identifier, a recipient account identifier and a transaction value.
  • the remotely accessible server (132) of the payment processor (130) uses the consumer account identifier received from the mobile communications device (1 12) to determine the value store at which the consumer account is held.
  • the recipient account identifier may be an account number identifying an account in favor of which OCT push transactions may be processed.
  • the request may also include a value store identifier which may be used to identify the value store, !t
  • a value store identifier which may be used to identify the value store
  • a plurality of value stores may be registered with the payment processor (130)
  • one third party entity may itself control a plurality of value stores which are registered with the payment processor (130). in such a case, a value store identifier is used to route the transaction request to the appropriate value store.
  • the remotely accessible server (132) of the payment processor (130) determines, using the recipient account identifier, the acquiring entity (170) associated with the recipient account, and, at a next stage (408), initiates a transfer of funds from the value store (122) to the acquiring entity (170) and in favor of the recipient account.
  • the transfer of funds may be initiated using an OCT push transaction from the consumer account to the recipient account.
  • the payment processes" (130) may require the third party entity (120), or an issuer associated with the consumer account held at the value store (122) of the third party entity (120), to authorize the transaction.
  • the third party entity (120) or the appropriate issuer authorizes the transfer of funds, and at a next stage (412), the payment processor (130) processes the transaction.
  • the acquiring entity (170) credits the relevant recipient account.
  • the system (100) and method described above may be used by the consumer (1 10) to request and be provisioned with payment credentials, for example, single-use ("one-time") payment credentials.
  • the consumer (1 10) may access a menu provided by a transaction application on the mobile communications device (1 12) and select a "request one-time payment credentials" option for a specific consumer account, such as a bank account.
  • these payment credentials include one or more of a primary account number (PAN), a card expiry date, and a card verification value (CVV) for conducting payment card transactions.
  • PAN primary account number
  • CVV card verification value
  • a hardware security element such as a cryptographic expansion device may be employed to ensure that requests, and particularly payment credentials, are transmitted along an end-to-end encrypted mobile communications channel.
  • the request for payment credentials may be received by the remotely accessible server (132), and the remotely accessible server (132) may use an identifier of the consumer, the mobile communications device, or the value store, to identify the value store to which the request must be routed.
  • the request for payment credentials may then either be forwarded to the appropriate third party entity, for example an issuer, which then generates the payment credentials and transmits the credentials to the payment processor (130), or the payment processor (130) itself may generate the payment credentials.
  • the latter case may ensure that card details remain in a PCI DSS environment, particularly in cases where the first communication channel (140) does not comply with PCI DSS requirements.
  • FIG. 5 is a flow diagram illustrating another method (500) for transacting via a mobile communications channel.
  • the method (500) of FIG. 5 illustrates an embodiment wherein the request relating to processing of a transaction against a consumer account held at a value store of a third party entity is a request for payment credentials.
  • the payment credentials may be for use in a transaction against a consumer account held at a value store of a third party entity and in favor of a recipient account.
  • the consumer may transmit directly via the mobile communications channel a request for payment credentials to the payment processor (130).
  • the request may include a consumer account identifier and a transaction value.
  • the request may further include an indication of the intended use of the payment credentials, for example, whether they will be for an e-commerce transaction, an ATM withdrawal, an agent cash-out or the like.
  • the request may include a passcode entered by the consumer so as to authorize the request.
  • the payment processor in response to receiving the request, the payment processor may prompt the consumer to enter a passcode into the mobile communications device (1 12) which may then be transmitted to the payment processor directly via the mobile communications channel so as to authorize the request.
  • the payment processor (130) may receive the request relating to processing of a transaction against a consumer account held at a value store of a third party entity, which in this example is a request for payment credentials, at a next stage (504). This may include receiving the authorization for the request although in another embodiment the authorization for the request may be received separately.
  • the payment processor (130) may, using the consumer account identifier, identify the consumer account against which the payment credentials will be usable.
  • the payment processor (130) may debit the consumer account with an amount equal to the transaction value or may reserve the transaction value in the consumer account. In some embodiments, this may include transmitting an instruction to the third party entity (120) to have the consumer account debited or the funds reserved while in other embodiments, the consumer account may be debited or the funds may be reserved by the payment processor (130).
  • the payment processor (130) may then, at a next stage (510), generate payment credentials linked to the consumer account held at the value store.
  • the generated payment credentials may be single-use-only or one-time-use payment credentials.
  • the payment credentials may have a time-to-live or a limited use time, for example ten minutes, 48 hours or the like.
  • the payment credentials may include one or more of the group of: a primary account number (PAN); a bank identification number (BIN); a card verification value (OA/), a passcode, an expiry date and the like, in some embodiments, this may be dependent upon the type of transaction for which the payment credentials are to be used.
  • the payment processor may link the payment credentials to the debited or reserved amount and, at a following stage (514), transmit the payment credentials to the mobile communications device (1 12) of the consumer directly via the mobile communications channel.
  • the payment credentials may be received at the mobile communications device (1 12) of the consumer such that the consumer may then proceed to use the payment credentials in a transaction.
  • the consumer may enter the payment credentials into an appropriately configured ATM in order to withdraw an amount of money.
  • the source of funds for the transaction will be the consumer account at the value store against which the payment credentials were generated and linked.
  • a BIN included in the payment credentials may cause the payment processing network (138) to route the transaction to the payment processor (130) for authorization.
  • the payment processor (130) may check that the payment credentials are being used for the correct type of transaction, that the transaction value is within the requested transaction value amount and that the passcode, CW and/or expiry date, where applicable are correct, if the authorization is successful, the payment processor may allow the transaction to proceed and thereafter facilitate settlement and clearance as may be required.
  • FIG. 6 is a flow diagram which illustrates another method for transacting via a mobile communications channel.
  • the method (600) of FIG. 6 illustrates an embodiment wherein the request relating to processing of a transaction against a consumer account held at a value store of a third party entity and in favor of a recipient account is received from a recipient.
  • the recipient may, for example, be a brick-and-mortar or e-commerce merchant.
  • the consumer may provide the recipient (198) with a consumer identifier.
  • the consumer identifier may, for example, be an MSISDN of the consumer's mobile communications device (1 12) or derivative thereof and may be keyed by the consumer into a point-of-sale device or e-commerce website, as the case may be, of the recipient (198), The consumer may provide such an identifier so as to complete a purchase at the recipient (198).
  • the recipient (198) may then, at a following stage (604), transmit a request relating to processing of a transaction, including the consumer identifier and a recipient account identifier, to the acquiring entity (170).
  • the request may be financial system transaction message, for example an ISO 8583 message.
  • the acquiring entity (170) may, in turn, forward the request relating to processing of a transaction, including the consumer identifier and a recipient account identifier, optionally via a payment processing network as may be required, to the payment processor (130) at a next stage (808).
  • the payment processor (130) may then receive the request relating to processing of a transaction, including the consumer identifier and a recipient account identifier at a following stage (608). At a next stage (810), the payment processor (130) may identify a mobile communications device (1 12) of the consumer using the consumer identifier and, at a following stage (612), may transmit an authorization request message to the mobile communications device (1 12) directly via the mobile communications channel.
  • the mobile communications device (1 12) may then receive the authorization request message at a following stage (614).
  • the authorization request message may prompt the consumer to authorize the request, for example, by entering a passcode. If the consumer does authorize the request, the mobile communications device (1 12), at a next stage (616), may transmit authorization for the request directly via the mobile communications channel.
  • the authorization for the request may include a consumer account identifier and optionally a value store identifier.
  • the authorization for the request may be received at the payment processor (130) directly via the mobile communications channel at a next stage (618).
  • the payment processor (130) using at least the consumer account identifier, may determine the value store at which the consumer account is held.
  • the payment processor (130) may process the request against the consumer account held at the value store of the third party entity. Processing the request may include initiating a transfer of funds from the value store to the acquiring entity (170).
  • Systems and methods are therefore provided for transacting via a mobile communications channel.
  • the systems and methods provided may be advantageous over prior art systems particularly in that they enable consumers to use their mobile communications devices, such mobile phones, to transact against value stores which do not provide direct mobile communications channels between the value store and the consumer.
  • the consumer may register its mobile communications device with the payment processing network such that it can transact through an equally trusted mobile communications network, via the payment processing network, against a consumer account held at the value store,
  • the described systems and methods may also be advantageous for value stores already having direct mobile communications channels to its users, as it allows any value store containing accounts having monetizable value, irrespective of whether a mobile communications channel exists between the value store and account holders, to be restructured from a closed loop value store to an open loop value store.
  • multiple different value stores may be connected to the payment processor and consumers are enabled to transfer funds between inherently different value stores through trusted mobile communications channels.
  • the systems and methods described may especially be desirable to entities unable to provide a direct mobile communications channel between a value store and its consumers.
  • the entity is a retailer having a plurality of consumer loyalty accounts but without the necessary mobile communications infrastructure or resources to provide the above-described mobile communications channel
  • the retailer may register the value store and its account holders with the payment processor in order to allow its account holders to transact against their consumer loyalty accounts via a mobile communications channel.
  • the systems and methods described may provide a higher level of security, particularly in cases where payment credentials are transmitted to mobile communications devices of consumers from entities having direct mobile communications channels to its account holders.
  • the entity having a value store is a bank or a mobile money operator
  • payment credentials or other financial information may, instead of being transmitted from the bank or mobile money operator to the mobile communications device of the consumer "in the clear", the credentials may be securely transmitted from the payment processor to the mobile communications device of the account holder, as described above.
  • F!G, 7 illustrates an exemplary mobile communications network (700) coupling, for example, a mobile communications device (1 12) of a consumer with a payment processor (130) through a USSD/GPRS Gateway (707).
  • a Mobile Station (MS) (720A) may include consumer's mobile communications device (1 12), or any equipment or software needed to communicate with a mobile communications network operated by a Mobile Network Operator,
  • the Mobile Network Operator may include a Base Station Subsystem (BSS) (720B).
  • BSS Base Station Subsystem
  • the BSS is a section of a traditional mobile telephone network which is responsible for handling traffic and signaling between a mobile communications device and the network switching subsystem.
  • the BSS (720B) may carry out transcoding of speech channels, allocation of radio channels to mobile communications devices, paging, transmission and reception over the air interface, and many other tasks related to radio networks and other communications networks.
  • the BSS (720B) may comprise Base Transceiver Stations (730A) and (730B), or BTS, which contains the equipment for transmitting and receiving radio signals (transceivers), antennas, and equipment for encrypting and decrypting communications with the base station controller (BSC).
  • BSC base station controller
  • the BTS (730A) and (730B) may be towers scattered through a region to provide mobile communications service coverage over the region over several different frequencies,
  • BTS (730A) and (730B) are controlled by a parent Base Station Controller (BSC) (732).
  • BSC Base Station Controller
  • the base station controller (BSC) provides the intelligence behind the BTSs.
  • a BSC has tens or even hundreds of BTSs under its control.
  • the BSC handles allocation of radio channels, receives measurements from the mobile communications devices, and controls handovers from BTS (730A) to BTS (730B) (except in the case of an inter-BSC handover in which case control is in part the responsibility of the anchor Mobile Switching Center (740)).
  • a function of the BSC is to act as a concentrator where many different low capacity connections to BTSs (with relatively low utilization) become reduced to a smaller number of connections towards the Mobile Switching Center (MSC) (740) (with a high level of utilization).
  • MSC Mobile Switching Center
  • networks are often structured to have many BSCs (732) distributed into regions near their BTSs (730A) and (730B) which are then connected ⁇ large centralized MSG sites (740) in the Network Sub-System (NSS) (707A) in the USSD/GPRS Gateway (707),
  • the BSC (732) may be coupled to a Packet Control Unit (PCU) (734).
  • the PCU (734) performs some of the processing tasks of the BSC (732), but for radio packet data.
  • the allocation of channels between voice and data is controlled by the BSS (720B), but once a channel is allocated to the PCU, the PCU takes full control over that channel.
  • the PCU can be built into the BSS, built into the BSC, or even, in some proposed architectures, it can be at the SGSN (Serving GPRS Support Node) site (736).
  • the PCU (734) is a separate node communicating extensively with the BSC (732) on the radio side and the SGSN (736) on the GPRS core network (707B) side in the USSD/GPRS Gateway (707).
  • the Network Subsystem (NSS) (707A) processes USSD protocol in standard GSM operation.
  • the Mobile Switching Center (740) may also include a Visitor Locator Register (VLR), which locates another subscriber's mobile communications device connecting through a Mobile Network Operator's BTS (e.g., tower). For example, the VLR would locate the location of a Verizon user if the Verizon user was connecting to an AT&T tower.
  • VLR Visitor Locator Register
  • An extension of the Mobile Switching Center (740) may also include a Public Switched Telephone Network (PSTN) (740A), which is a network of the world's public circuit-switched telephone networks, it consists of telephone lines, fiber optic cables, microwave transmission links, cellular networks, communications satellites, and undersea telephone cables, all inter-connected by switching centers, thus allowing any telephone in the world to communicate with any other.
  • PSTN Public Switched Telephone Network
  • the MSC/VLR (740) may be in communication with a SS7 Network / MAP (742).
  • Signaling System No. 7 is a set of telephony signaling protocols which are used to set up most of the world's public switched telephone network telephone calls. The main purpose is to set up and tear down telephone calls. Other uses include number translation, local number portability, prepaid billing mechanisms, short message service (SMS), and a variety of other mass market messaging and communications services.
  • the SS7 Network may also include a Mobile Application Part (MAP), which is an SS7 protocol which provides an application layer for the various nodes in GSM and UMTS mobile core networks and GPRS core networks to communicate with each other in order to provide services to mobile phone users.
  • MAP Mobile Application Part
  • the Mobile Application Part (MAP) (742) is the application-layer protocol used to access the Home Location Register (HLR) (744), Visitor Location Register (VLR) and Mobile Switching Center (MSG) (740), Equipment Identity Register (EIR) (744), Authentication Centre (AUC) (744), Short message service center and Serving GPRS Support Node (SGSN) (736).
  • the Home Location Register (HLR) (744), in conjunction with the EIR and AUC (also in 744), would locate and identify a user mobile communications device, for example, detecting and identifying an AT&T user connecting to an AT&T BTS (e.g., tower).
  • the SS7 Network / MAP (742), or the USSD Gateway Network Sub-System (NSS) (707A) may include a SS7 stack (742A), a MAP module (742B), a Session Manager (742C), a Locator Module (742D), a Logger Module (742E), and a Database Server (742F).
  • Certain data elements transmitted in mobile messages e.g., SMS, USSD
  • SMS, USSD may be stored in the Logger Module (742E) and the Database Server (742F).
  • NSS (707A may have access to messages, and in turn, stored data elements transmitted in the messages and logged in the gateway.
  • the USSD/GPRS Gateway (707) may also include a GPRS core network (707B).
  • the GPRS core network (707B) is a central part of the General Packet Radio Service which allows 2G, 3G, and WCDMA (wideband CDMA) mobile networks to transmit IP packets to external networks such as the Internet.
  • the GPRS core network (707B) can be an integrated part of the GSM network switching subsystem, and includes a network of GPRS support nodes (GSN).
  • GSN GPRS support nodes
  • a GSN is a network node which supports the use of GPRS in the GSM core network.
  • the Gateway GPRS Support Node (GGSN) (746) can be a main component GPRS code network (707B).
  • the GGSN (746) is responsible for the interworking and routing between the GPRS IP network (738) and external packet switched networks, like the Internet (770) and other communications networks. From an external network's point of view, the GGSN (746) is a router to a sub-network GPRS backbone IP Network (738). When the GGSN (746) receives data addressed to a specific user, it checks if the user is active.
  • the GGSN (746) forwards the data to the Serving GPRS Support Node (SGSN) (736) serving the mobile user through the GPRS backbone IP Network (738), but if the mobile user is inactive, the data is discarded.
  • SGSN Serving GPRS Support Node
  • mobile-originated packets from the SGSN (736), through the GPRS backbone IP Network (738), are routed by the GGSN (746) to the right external network, such as the Internet (770).
  • the GGSN (746) is the anchor point that enables the mobility of the user terminal in the GPRS IP networks (738) to connect to an external network, such as the Internet (770).
  • Serving GPRS Support Node (736) can be responsible for the delivery of data packets from and to the mobile stations (720A) within a geographical service area. Its tasks include packet routing and transfer, mobility management (attach/detach and location management), logical link management, and authentication and charging functions.
  • the location register of the SGSN (736) stores location information (e.g., current VLR), and user profiles (e.g., IMSI, address(es) used in the packet data network) of all GPRS users registered with the SGSN (736).
  • the USSD/GPRS Gateway (707) may be in communication with an Application Server (770).
  • the Application Server may be operated on the payment processor (130), or may be included in the USSD/GPRS Gateway (707).
  • the Application Server may include a Billing Server. Some NO's do not have their USSD Gateway connected to the Billing Server, however with the rise in conducting transactions using mobile communications devices, USSD Gateways may now be connected to the billing sever operated on the application server (770).
  • the payment processor (130) may include a consumer account mobile interface and an access point.
  • the payment processor (130) may also include an application server (770).
  • the payment processor (130) may include a non-transitory computer readable medium that includes instructions for generating transaction request messages and transaction response messages.
  • payment processor (130) can be part of payment processing network server computer.
  • the payment processor (130) may also include an Access Point (AP) or payment processing network interface, which provides access to a payment processing network.
  • AP Access Point
  • FIG. 8 illustrates an example of a computing device (800) in which various aspects of the disclosure may be implemented.
  • the computing device (800) may be suitable for storing and executing computer program code.
  • the various participants and elements in the previously described system diagrams may use any suitable number of subsystems or components of the computing device (800) to facilitate the functions described herein.
  • the computing device (800) may include subsystems or components interconnected via a communication infrastructure (805) (for example, a communications bus, a cross-over bar device, or a network).
  • the computing device (800) may include at least one central processor (810) and at least one memory component in the form of computer-readable media.
  • the memory components may include system memory (815), which may include read only memory (ROM) and random access memory (RAM).
  • ROM read only memory
  • RAM random access memory
  • a basic input/output system (BIOS) may be stored in ROM
  • System software may be stored in the system memory (815) including operating system software.
  • the memory components may also include secondary memory (820).
  • the secondary memory (820) may include a fixed disk (821 ), such as a hard disk drive, and, optionally, one or more removable-storage interfaces (822) for removable- storage components (823).
  • the removable-storage interfaces (822) may be in the form of removab!e- storage drives (for example, magnetic tape drives, optical disk drives, floppy disk drives, etc.) for corresponding removable storage-components (for example, a magnetic tape, an optical disk, a floppy disk, etc.), which may be written to and read by the removable-storage drive.
  • removab!e- storage drives for example, magnetic tape drives, optical disk drives, floppy disk drives, etc.
  • removable storage-components for example, a magnetic tape, an optical disk, a floppy disk, etc.
  • the removable-storage interfaces (822) may also be in the form of ports or sockets for interfacing with other forms of removable-storage components (823) such as a flash memory drive, external hard drive, or removable memory chip, etc.
  • the computing device (800) may include an external communications interface (830) for operation of the computing device (800) in a networked environment enabling transfer of data between multiple computing devices (800).
  • Data transferred via the external communications interface (830) may be in the form of signals, which may be electronic, electromagnetic, optical, radio, or other types of signal.
  • the external communications interface (830) may enable communication of data between the computing device (800) and other computing devices including servers and external storage facilities. Web services may be accessible by the computing device (800) via the communications interface (830).
  • the external communications interface (830) may also enable other forms of communication to and from the computing device (800) including, voice communication, near field communication, Bluetooth, etc.
  • the computer-readable media in the form of the various memory components may provide storage of computer-executable instructions, data structures, program modules, and other data.
  • a computer program product may be provided by a computer-readable medium having stored computer-readable program code executable by the central processor (810).
  • a computer program product may be provided by a non-transient computer- readable medium, or may be provided via a signal or other transient means via the communications interface (830).
  • Interconnection via the communication infrastructure (805) allows a central processor (810) to communicate with each subsystem or component and to control the execution of instructions from the memory components, as well as the exchange of information between subsystems or components.
  • Peripherals such as printers, scanners, cameras, or the like
  • I/O input/output
  • Peripherals such as printers, scanners, cameras, or the like
  • I/O input/output
  • Peripherals such as printers, scanners, cameras, or the like
  • I/O input/output
  • These components may be connected to the computing device (800) by any number of means known in the art, such as a serial port,
  • One or more monitors (845) may be coupled via a display or video adapter (840) to the computing device (800).
  • FIG. 9 shows a block diagram of a communication device (900) that may be used in embodiments of the disclosure.
  • the communication device (900) may be a cell phone, a feature phone, a smart phone, a satellite phone, or a computing device having a phone capability.
  • the communication device (900) may include a processor (905) (e.g., a microprocessor) for processing the functions of the communication device (900) and a display (920) to allow a user to see the phone numbers and other information and messages.
  • the communication device (900) may further include an input element (925) to allow a user to input information into the device (e.g., input buttons, touch screen, etc.), a speaker (930) to allow the user to hear voice communication, music, etc., and a microphone (935) to allow the user to transmit his or her voice through the communication device (900).
  • the processor (910) of the communication device (900) may connect to a memory (915).
  • the memory (915) may be in the form of a computer-readable medium that stores data and, optionally, computer-executable instructions.
  • the communication device (900) may also include a communication element (940) for connection to communication channels (e.g., a cellular telephone network, data transmission network, Wi-Fi network, satellite-phone network, Internet network, Satellite Internet Network, etc.).
  • the communication element (940) may include an associated wireless transfer element, such as an antenna.
  • the communication element (940) may include a subscriber identity module (SIM) in the form of an integrated circuit that stores an international mobile subscriber identity and the related key used to identify and authenticate a subscriber using the communication device (900).
  • SIM subscriber identity module
  • One or more subscriber identity modules may be removable from the communication device (900) or embedded in the communication device (900).
  • the communication device (900) may further include a contact!ess element (950), which is typically implemented in the form of a semiconductor chip (or other data storage element) with an associated wireless transfer element, such as an antenna.
  • the contactless element (950) may be associated with (e.g., embedded within) the communication device (900) and data or control instructions transmitted via a cellular network may be applied to the contactless element (950) by means of a contactless element interface (not shown).
  • the contactless element interface may function to permit the exchange of data and/or control instructions between mobile device circuitry (and hence the cellular network) and the contactless element (950).
  • the contactless element (950) may be capable of transferring and receiving data using a near field communications (NFC) capability (or near field communications medium) typically in accordance with a standardized protocol or data transfer mechanism (e.g., ISO 14443/NFC).
  • NFC near field communications
  • Near field communications capability is a short-range communications capability, such as radio-frequency identification (RF!D), Bluetooth, infra-red, or other data transfer capability that can be used to exchange data between the communication device (900) and an interrogation device.
  • RFID radio-frequency identification
  • Bluetooth infra-red
  • the communication device (900) may be capable of communicating and transferring data and/or control instructions via both a cellular network and near field communications capability.
  • the data stored in the memory (915) may include: operation data relating to the operation of the communication device (900), personal data (e.g., name, date of birth, identification number, etc.), financial data (e.g., bank account information, a bank identification number (BIN), credit or debit card number information, account balance information, expiration date, loyalty provider account numbers, etc.), transit information (e.g., as in a subway or train pass), access information (e.g., as in access badges), etc.
  • a user may transmit this data from the communication device (900) to selected receivers.
  • the communication device (900) may be, amongst other things, a notification device that can receive alert messages and access reports, a portable merchant device that can be used to transmit control data identifying a discount to be applied, as well as a portable consumer device that can be used to make payments.
  • the software code may be stored as a series of instructions, or commands on a non-transitory computer- readable medium, such as a random access memory (RAM), a read-only memory (ROM), a magnetic medium such as a hard-drive or a floppy disk, or an optical medium such as a CD-ROM. Any such computer-readable medium may also reside on or within a single computational apparatus, and may be present on or within different computational apparatuses within a system or network. [0185] Any of the steps, operations, or processes described herein may be performed or implemented with one or more hardware or software modules, alone or in combination with other devices.
  • RAM random access memory
  • ROM read-only memory
  • magnetic medium such as a hard-drive or a floppy disk
  • optical medium such as a CD-ROM.
  • Any of the steps, operations, or processes described herein may be performed or implemented with one or more hardware or software modules, alone or in combination with other devices.
  • a software module is implemented with a computer program product comprising a non-transient computer- readable medium containing computer program code, which can be executed by a computer processor for performing any or all of the steps, operations, or processes described.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Systems and methods for transacting via a mobile communications channel are provided. In a method carried out at a payment processor, a request relating to processing of a transaction against a consumer account held at a value store of a third party entity is received. An authorization for the request is also received from a mobile communications device of a consumer. The authorization for the request is received from the mobile communications device directly via a mobile communications channel. The payment processor determines, using at least a consumer account identifier, the value store at which the consumer account is held and processes the request against the consumer account held at the value store of the third party entity.

Description

SYSTEMS AMD METHODS FOR TRANSACTING VIA A MOBULE
COMMUNICATIONS CHANNEL
CROSS-REFERENCES TO RELATED APPLICATIONS
[0001] This application claims priority to South African Patent Application No. 2013/07003, titled "SYSTEMS AND METHODS FOR TRANSACTING VIA A MOBILE COMMUNICATIONS CHANNEL" and which is incorporated by reference herein.
FIELD OF THE INVENTION
[0002] The field of the invention relates to the processing of transactions and, in particular, to the processing of transactions via a mobile communications channel.
BACKGROUND
[0003] In developed economies, conducting financial transactions using mobile communications devices may enhance a consumer's financial experience and offer real-time control in managing the consumer's conventional financial accounts. In developing economies, however, many consumers may not have conventional financial accounts. Mobile money providers or operators may provide unbanked or under-banked consumers in these developing economies with simplified access to financial services using mobile communications devices.
[0004] One example provides a consumer having a mobile communications device and a mobile money operator, typically being a bank or a mobile network operator. The mobile money operator, acting as an issuing entity, may provide a mobile money platform to enable the consumer to transact against a consumer account using his or her mobile communications device. The mobile money operator provides a direct mobile communications channel between itself and the consumer to enable the consumer to transact against the consumer's account maintained by the mobile money operator via the mobile communications channel. [0005] A notable problem associated with technology of the type described above is that many entities having a value store containing a plurality of consumer accounts may, in some cases, be unable to provide a direct mobile communications channel between itself and the consumer. For example, in cases where the entity is a retailer having a plurality of consumer loyalty accounts but without the necessary mobile communications infrastructure or resources to provide the above-described mobile communications channel, the retailer is unable to allow its consumers to transact against their consumer loyalty accounts via a mobile communications channel.
[0006] A further problem which may be associated with such systems is that the mobile communications channel between the entity having a value store and the consumer may not have a desired level of security. For example, in cases where the entity having a value store is a bank or a mobile money operator, payment credentials or other financial information may be transmitted from the bank or mobile money operator to the mobile communications device of the consumer "in the clear", thereby increasing the risk of fraudulent activities such as man-in-the-middle attacks.
[0007] Embodiments of the invention aim to address these and other problems individually and collectively, at least to some extent.
BRIEF SUMMARY
[0008] In accordance with a first aspect of the invention there is provided a method for transacting via a mobile communications channel, carried out at a payment processor and comprising the steps of: receiving a request relating to processing of a transaction against a consumer account held at a value store of a third party entity; receiving, from a mobile communications device of a consumer, an authorization for the request, wherein the authorization for the request is received from the mobile communications device directly via a mobile communications channel; determining, using at least a consumer account identifier, the value store at which the consumer account is held; and, processing the request against the consumer account held at the value store of the third party entity. [0009] A further feature provides for the request to be a request to process a transaction against the consumer account held at the value store of the third party entity and in favor of a recipient account. [0010] A yet further feature provides for the request and the authorization for the request to be received together from the mobile communications device directly via the mobile communications channel.
[0011] A still further feature provides for the request to process a transaction to include the consumer account identifier, a recipient account identifier and a transaction value.
[0012] An even further feature provides for the method to include a step of determining, using the recipient account identifier, an acquiring entity associated with the recipient account. [0013] The step of processing the request may include initiating a transfer of funds from the value store to the acquiring entity.
[0014] A further feature provides for initiating a transfer of funds from the value store to the acquiring entity to initiate an original credit transaction (OCT) push transaction from the consumer account held at the value store of the third party entity to the recipient account.
[0015] Still further features provide for the request to be received from a recipient, and for the request to include a consumer identifier.
[0016] Yet further features provide for receiving the authorization for the request from the mobile communications device to be in response to a step of transmitting an authorization request message to the mobile communications device directly via the mobile communications channel, for the mobile communications device to be identified using the consumer identifier, and for the authorization for the request to include the consumer account identifier.
[0017] Even further features provide for the request to be a request for payment credentials for use in a transaction against the consumer account held at the value store of the third party entity and in favor of a recipient account; for processing the request to generate payment credentials linked to the consumer account held at the value store; and, for the method to include a step of transmitting the generated payment credentials to the mobile communications device of the consumer directly via the mobile communications channel. [0018] Further features provide for the consumer account to be a financial institution account; alternatively, for the consumer account to be a non-financial institution account having a monetizable value; for the third party entity to be an issuing entity; for the third party entity to be an issuer processor; for the third party entity to be a mobile money operator; and for the value store to be a mobile money platform,
[0019] Yet further features provide for the payment processor to be a payment processing network or implemented as part of a payment processing network; and for the payment processor to be a payment processing gateway which connects the value store to a payment processing network and which is configured to process transactions conducted against consumer accounts held at the value store,
[0020] Still further features provide for communications between the mobile communications device and the payment processor to be encrypted communications such that the mobile communications channel is end-to-end secure; for communications sent from the mobile communications device to be encrypted using a hardware security element of the mobile communications device; and for communications sent from the payment processor to be encrypted and/or zone- translated by a security gateway of the payment processor,
[0021] Further features provide for the hardware security element of the mobile communications device to be a hardware security module (HSM) compliant with at least a security level 2 of the Federal Information Processing Standards (FIPS) 140- 2 standard, preferably with security level 3 or security level 4 of the FIPS 140-2 standard; and for the HSM to be a component of a cryptographic expansion device for attachment to a Subscriber Identity Module (SIM) card, the cryptographic expansion device comprising a first set of electrical contacts disposed on a first side thereof for interfacing to the mobile communications device, a second set of electrical contacts disposed on a second side thereof for interfacing, in use, to the SIM card it is to be attached to, the HSM coupled to the first and second sets of electrical contacts and including a secure processing unit and a public processing unit, [0022] Further features provide for the method to include steps of: establishing a registration of a third party entity having a value store containing a plurality of consumer accounts therein, including capturing at least one credential of a consumer held at the value store, wherein the registration is established via a first communications channel; and establishing a registration of a mobile communications channel of a consumer with the payment processor to be used for transactions against the value store, wherein establishing a registration of a mobile communications channel includes using the at least one credential of the consumer held at the value store to establish trust,
[0023] Yet further features provide for the step of establishing a registration of a mobile communications channel of a consumer with the payment processor to include one or both of the steps of capturing a value store identifier and capturing a consumer account identifier; and for the at least one credential of the consumer to include one or more of an identifier of a mobile communications device of the consumer, preferably the Mobile Subscriber Integrated Services Digital Network- Number (MSISDN) of the mobile communications device of the consumer, financial information associated with the consumer account, personal information of the consumer, and an identifier of a hardware security element of the mobile communications device of the consumer.
[0024] Still further features provide for the step of establishing a registration of the mobile communications channel to include the step of receiving, from the third party entity, an identifier of the mobile communications channel and an indication that the mobile communications channel is a trusted channel, and optionally prompting the consumer to confirm, using the mobile communications device, that the mobile communications channel is a trusted channel,
[0025] A further feature provides for the step of using the at least one credential of the consumer held at the value store to establish trust to include prompting the consumer, via the mobile communications device, for at least one verification credential to verify the at least one credential of the consumer held at the value store, receiving the at least one verification credential from the mobile communications device, analyzing the at least one verification credential against the at least one credential held at the value store, and, if the at least one verification credential matches the at least one credential held at the value store, establishing the mobile communications channel as a trusted channel. [0026] Yet further features provide for the step of establishing a registration of the mobile communication channel to include the steps of: using the at least one credential held at the value store, processing a dummy transaction against the consumer account held at the value store, receiving a transaction reference associated with the dummy transaction from the third party entity, receiving a consumer transaction reference from the mobile communications device of the consumer, and matching the transaction reference associated with the dummy transaction to the consumer transaction reference to establish the mobile communications channel as a trusted channel. [0027] In accordance with another aspect of the invention there is provided a system for transacting via a mobile communications channel, the system including a payment processor which comprises: a request receiving component for receiving a request relating to processing of a transaction against a consumer account held at a value store of a third party entity: an authorization receiving component for receiving, from a mobile communications device of a consumer, an authorization for the request, wherein the authorization for the request is received from the mobile communications device directly via a mobile communications channel; a value store determining component for determining, using at least a consumer account identifier, the value store at which the consumer account is held; and, a processing component for processing the request against the consumer account held at the value store of the third party entity,
[0028] Further features provide for the mobile communications channel to utilize a Mobile Network Operator (MNO) mobile communications network, for the mobile communications channel to utilize one or both of a Global System for Mobile Communications (GSM) and a Universal Mobile Telecommunications System (UMTS) mobile communications network, and for requests and responses received via the mobile communications channel to be one or more of: Short Message Service (SMS) communications: Unstructured Supplementary Service Data (USSD) communications; Dual-Tone Multi-Frequency Modulation (DTMF) signaling; interactive voice response (IVR) communications; and SIM Application Toolkit-based communications. [0029] A yet further feature provides for the request and authorization for the request to be received together from the mobile communications device directly via the mobile communications channel.
[0030] A still further feature provides for the payment processor to include an acquirer determining component for determining, using a recipient account identifier, an acquiring entity associated with a recipient account.
[0031] An even further feature provides for the processing component to include an initiating component for initiating a transfer of funds from the value store to the acquiring entity. [0032] A further feature provides for initiating a transfer of funds from the value store to the acquiring entity to initiate an original credit transaction (OCT) push transaction from the consumer account held at the value store of the third party entity to the recipient account.
[0033] Still further features provide for the payment processor to include an authorization request message transmitting component for transmitting an authorization request message to the mobile communications device directly via the mobile communications channel, and for the mobile communications device to be identified using a consumer identifier received in the request.
[0034] Yet further features provide for the processing component to include: a credential generating component for generating payment credentials linked to the consumer account held at the value store; and, a credential transmitting component for transmitting the generated payment credentials to the mobile communications device of the consumer directly via the mobile communications channel.
[0035] Even further features provide for the payment processor to include a registration component having: a third party registration component for establishing a registration of a third party entity having a value store containing a plurality of consumer accounts therein, the third party registration component capturing at least one credential of a consumer held at the value store, wherein the registration is established via a first communications channel: and a mobile communications channel registration component for establishing a registration of a mobile communications channel of a consumer with the payment processor to be used for transactions against the value store, wherein establishing a registration of a mobile communications channel uses the at least one credential of the consumer held at the value store to establish trust.
[0036] In accordance with yet another aspect of the invention, there is provided a computer program product for transacting via a mobile communications channel, the computer program product comprising a computer-readable medium having stored computer-readable program code for performing the steps of: receiving a request relating to processing of a transaction against a consumer account held at a value store of a third party entity; receiving, from a mobile communications device of a consumer, an authorization for the request, wherein the authorization for the request is received from the mobile communications device directly via a mobile communications channel; determining, using at least a consumer account identifier, the value store at which the consumer account is held; and, processing the request against the consumer account held at the value store of the third party entity. [0037] Further features provide for the computer-readable medium to be a non- transitory computer-readable medium and for the computer-readable program code to be executable by a processing circuit.
[0038] A further aspect provides a system having: a third party entity having a value store containing a plurality of consumer accounts therein; a consumer having a consumer account held at the value store of the third party entity, the consumer having a mobile communications device; and a remotely accessible server of a payment processor, the remotely accessible server being configured to communicate with the third party entity over a first communications channel and with the mobile communications device of the consumer over a second communications channel, the second communications channel being a mobile communications channel, and wherein the remotely accessible server is further configured to perform the steps of: receiving, from the mobile communications device of the consumer, a request to process a transaction against the consumer account held at the value store of the third party entity and in favor of a recipient account, wherein the request is received via the mobile communications channel and includes a plurality of transaction details including a consumer account identifier, a recipient account identifier and a transaction value; determining, using at least the consumer account identifier, the value store at which the consumer account is held; determining, using the recipient account identifier, an acquiring entity associated with the recipient account; and initiating a transfer of funds from the value store to the acquiring entity.
[0039] Further features provide for the first communication channel to be the Internet; for communications between the remotely accessible server and the third party entity to be enabled by an application programming interface (API) of the payment processor consumed by the third party entity; and for at least some of the communications between the remotely accessible server and the third party entity to be messages complying with the International Organization for Standardization (ISO) 8583 standard on financial transaction card originated messages.
[0040] An even further aspect provides a system having: a third party entity having a value store containing a plurality of consumer accounts therein; a consumer having a consumer account held at the value store of the third party entity, the consumer having a mobile communications device; and a remotely accessible server of a payment processor, the remotely accessible server configured to perform the steps of: establishing a registration of the third party entity with the payment processor via a communication channel, including capturing at least one credential of a consumer held at the value store; and establishing a registration of a mobile communication channel of a consumer with the payment processor to be used for transactions against the value store, wherein establishing a registration of a mobile communication channel includes using the at least one credential of the consumer held at the value store to establish trust.
[0041] A further feature provides for the registration of the third party entity with the payment processor via the communication channel to include the step of providing an application programming interface (API) which the third party entity is capable of consuming.
[0042] Still further features provide for the mobile communications device to be a mobile phone; for the mobile phone to be a feature mobile phone; and for communications over the mobile communications channel to be transmitted using one of Short Message Service (SMS) protocol, Unstructured Supplementary Service Data (USSD) protocol, and Radio Frequency (RF) communications protocol including second generation (2G) GSM protocol, third generation (3G) GSM protocol, Long Term Evolution (LTE) protocol, and Wi-Fi protocol.
[0043] In order for the invention to be more fully understood, implementations thereof will now be described with reference to the accompanying drawings.
BRIEF DESCRIPTION OF THE DRAWINGS
[0044] FIG. 1A is a schematic diagram which illustrates an embodiment of a system for transacting via a mobile communications channel;
[0045] FIG. 1 B is a schematic diagram which illustrates components of the system illustrated in FIG. 1A;
[0046] FIG. 2 is a swim-lane flow diagram illustrating a first method of registering a mobile communications channel of a consumer with a payment processor to be used for transactions against a value store;
[0047] FIG. 3 is a swim-lane flow diagram illustrating a second method of registering a mobile communications channel of a consumer with a payment processor to be used for transactions against a value store;
[0048] FIG. 4 is a flow diagram illustrating a method for transacting via a mobile communications channel;
[0049] FIG. 5 is a swim-lane flow diagram illustrating another method for transacting via a mobile communications channel;
[0050] FIG. 6 is a swim-lane flow diagram which illustrates yet another method for transacting via a mobile communications channel;
[0051] FIG. 7 illustrates an exemplary mobile communications network coupling a mobile communications device of a consumer with a payment processor; [0052] FIG. 8 illustrates an example of a computing device in which various aspects of the disclosure may be implemented; and,
[0053] FIG. 9 shows a block diagram of a communication device that may be used in embodiments of the disclosure. DETAILED DESCRIPTION
[0054] Systems and methods for transacting via a mobile communications channel are provided. Systems may provide a payment processor which may be capable of establishing a mobile communications channel directly with a mobile communications device of a consumer. The payment processor may further permit third party entities to register a value store having a plurality of consumer accounts therein. In this manner, the payment processor may allow a consumer to transact against a consumer account held at the value store of the third party entity using the consumers mobile communications device. Consequently, third party entities may not be required to maintain or operate costly infrastructure or services so as to provide a mobile communications channel directly to a consumer's mobile communications device,
[0055] In the specification to be, a "mobile communications channel" may be any appropriate communications channel existing or capable of existing between a mobile communications device of a consumer and a remote server of an entity or institution. In particular, a mobile communications channel, once registered, may be a communications channel through which a consumer is capable of establishing communications with an entity or institution using the consumer's mobile communications device and through which the consumer may transmit requests and responses to the entity or institution using the consumer's mobile communications device,
[0056] In some embodiments, a "mobile communications channel" may utilize a mobile communications network maintained or operated by a Mobile Network Operator (MNO). In particular, a mobile communications channel may utilize a Global System for Mobile Communications (GSM), Universal Mobile Telecommunications System (UMTS) or any other similar mobile communications network. As such, requests and responses transmitted through the mobile communications channel may be Short Message Service (SMS) communications, Unstructured Supplementary Service Data (USSD) communications, Dual-Tone Multi-Frequency Modulation (DTMF) signaling, voice communications, interactive voice response (!VR) communications, SIM Application Toolkit-based communications and the like. It may also be that the mobile communications channel utilizes a data communication network such as the Internet. Accordingly, the mobile communications network may support Extensible Hypertext Markup Language-based communications, Hypertext Markup Language-based communications or the like. In some embodiments, the mobile communications channel may be a secure communications channel.
[0057] The third party entity may be any third party maintaining, operating or holding a value store. Exemplary third parties include: an issuing entity such as an issuing bank; an issuer processor such as a bank; a non-deposit taking financial institution, for example, a mobile money operator or a micro-finance institution; a retailer operating a loyalty program such as a supermarket or an airline operating a frequent flyer program; and the like. In some cases, where the consumer accounts are mobile wallet or mobile money accounts, the third party entity may make use of mobile money agents or branch networks as a service channel for a mobile money program. [0058] In turn, the value store may be a store of any number of accounts, each account having a monetizable value. A consumer may have a consumer account held at the value store. The consumer account may thus be any account having a value or balance capable of being monetized, for example, a financial institution account such as a bank account or a unit trust account, or a non-financial institution account such as a consumer loyalty account, a mobile phone airtime balance, or a retailer account, a mobile money value store platform or the like.
[0059] FIG. 1A illustrates one embodiment of a system (100) for transacting via a mobile communications channel.
[0060] The system (100) may include a mobile communications device (1 12) of a consumer (1 10), a third party entity (120) having a value store (122) containing a plurality of consumer accounts therein, and a payment processor (130), The payment processor (130) may include a remotely accessible server (132) which may be linked to a value store database (134) containing details of registered value stores and a consumer database (136) containing details of registered consumers. [0061] The remotely accessible server (132) may be configured to communicate with the third party entity (120) over a first communications channel (140) and with the mobile communications device (1 12) of the consumer (1 10) over a second communications channel, the second communications channel being a mobile communications channel (150).
[0062] Furthermore, the consumer (1 10) may be able to communicate with the third party entity (120) through a non-mobile communications channel (160), for example, by way of physical communication (i.e. visiting a branch of the third party entity) or through a secure website of the third party entity (120).
[0063] The system (100) may further include an acquiring entity (170), typically being an acquiring bank, managing a plurality of recipient accounts. However it may also be the case that participation of an acquiring entity is not required, for example for transactions which may be processed against and/or in favor of accounts held at the value store (122). For example, in a case where the value store is a prepaid mobile phone account, transactions may either increase or decrease a monetizable value in the consumer account,
[0064] As has been mentioned in the foregoing, the third party entity (120) may be an issuing entity such as an issuing bank. The third party entity (120) may be an issuer processor such as a bank or a non-deposit taking financial institution, for example, a mobile money operator or a micro-finance institution.
[0065] In some embodiments, the payment processor (130) may be maintained or operated by an independent service provider providing a service to and on behalf of the third party entity (120). The payment processor (130), through the remotely accessible server (132) and other infrastructure, may be configured to process transactions conducted against the consumer accounts held at the value store (122). The payment processor (130) may be a payment processing gateway which serves to connect the value store to a payment processing network. In other embodiments, the payment processor (130) may be part of, and/or maintained or operated by a payment processing network. The payment processor (130) may have multiple value stores registered therewith and may be configured to process transactions conducted against, and in some cases between, consumer accounts held in different value stores. [0066] The payment processing network may include data processing subsystems, networks, and operations used to support and deliver authorization services, exception file services, and clearing and settlement services. A payment processing network may be any suitable network able to transmit and receive financial system transaction messages (e.g., ISO 8583 messages), and process original credit and debit card transactions. An exemplary payment processing network may include VisaNet™, Payment processing networks such as VisaNet™ are able to process credit card transactions, debit card transactions, and other types of commercial transactions. Furthermore, the payment processing network may include one or more servers and may use any suitable wired or wireless network, including the Internet.
[0067] The first communication channel (140) may be any suitable communications channel, for example and as illustrated in FIG. 1 A, the Internet (142). Typically, communications between the remotely accessible server (132) and the third party entity (120) are enabled by an application programming interface (API) of the payment processor (130) which is consumed by the third party entity (120).
[0068] In some embodiments, at least some of the communications between the remotely accessible server (132) and the third party entity (120) are messages complying with the International Organization for Standardization (ISO) 8583 standard on financial transaction card originated messages or other similar financial system transaction messages, such that payment credentials of consumers may be transmitted over the first communication channel (140) in accordance with the Payment Card Industry Data Security Standard (PCI DSS) on cardholder information. Irrespective of whether the third party entity (120) is capable of communicating by way of ISO 8583 standard messages, the API may be a web- based interface such as a Hypertext Transfer Protocol (HTTP) interface which the third party (120) or its value store (122) is capable of consuming. [0069] The mobile communications device (1 12) may be any electronic communications device capable of communicating over a mobile communications network, such as a cellular communications network. The term should be interpreted to specifically include all mobile or cellular phones, including so-called "feature mobile phones" and smartphones, and may also include other electronic devices such as computers, laptops, handheld personal computers, personal digital assistants, tablet computers, wearable computing devices, and the like. In the embodiment of FIG. 1A, the mobile communications device (1 12) is a mobile phone of the consumer ( 10).
[0070] Communications over the mobile communications channel (150) may be transmitted using one or more of Short Message Service (SMS) protocol, Unstructured Supplementary Service Data (USSD) protocol, and Radio Frequency (RF) communications protocol including second generation (2G) GSM protocol, third generation (3G) GSM protocol, Long Term Evolution (LTE) protocol, and the like,
[0071] Communications between the mobile communications device (1 12) and the remotely accessible server (132) may be encrypted communications such that the mobile communications channel (150) is an end-to-end secure channel. Any suitable encryption method or algorithm may be employed to create such a secure channel, as will be appreciated by those skilled in the art,
[0072] In some cases, communications sent from the mobile communications device (1 12) may be encrypted using a hardware security element of the mobile communications device (1 12). The hardware security element may be embedded in the mobile communications device, disposed within a micro secure digital (SD) or similar card form factor which is placed in a corresponding card slot of the mobile communications device (1 12).
[0073] Alternatively, the hardware security element may be disposed within a communication component of the mobile communications device, such as a universal integrated circuit card (UICC) (or Subscriber Identity Module (SIM) card). It is also anticipated that in some embodiments the hardware security element may be disposed in an expansion device which may be connected to a mobile communications device or alternatively disposed within, for example a label, tray or card which is then placed in between a U!CC and a U!CC interface of the mobile communications device such that the hardware security element can intercept and appropriately process any communication sent between the UICC and the mobile communications device and consequently, between the mobile communications device and a mobile communication network. [0074] It is further anticipated that the hardware security element may be a cloud- based secure element using host card emulation (HCE) which enables network- accessible storage external to the mobile communications device (1 12) with an application executing on the mobile communications device (1 12) and configured to emulate card functions.
[0075] In some embodiments, the hardware security element of the mobile communications device (1 12) is a hardware security module (HSM) compliant with at least a security level 2 of the Federal Information Processing Standards (FIPS) 140- 2 standard, preferably with security level 3 or security level 4 of the FIPS 140-2 standard.
[0076] In one embodiment, the HSM is implemented as a component of a cryptographic expansion device for attachment to a SIM card, the cryptographic expansion device comprising a first set of electrical contacts disposed on a first side thereof for interfacing to the mobile communications device (1 12), a second set of electrical contacts disposed on a second side thereof for interfacing, in use, to the SIM card it is to be attached to, the HSM coupled to the first and second sets of electrical contacts for interfacing to both the SIM card and the mobile communications device (1 12).
[0077] The HSM of the cryptographic expansion device may include a public processing unit (PPU) and a secure processing unit (SPU) which may be logically and physically separate from each other. The cryptographic expansion device acts as an intermediary between the SIM card and the mobile communications device to enable a user of the mobile device to send and receive secure, encrypted communications. A cryptographic expansion device of the type described above thus allows a mobile communications device operating in the system (100) of FIG. A to send and receive encrypted communications and may provide enhanced security over traditional software encryption methods. [0078] it is foreseen that, in the case where the mobile communications device (1 12) is equipped with a cryptographic expansion device of the type described above, communications sent from and received by the remotely accessible server (132) may be encrypted and/or zone-translated using a security gateway (not shown) of the payment processor (130) in communication with the remotely accessible server (132).
[0079] As described with reference to FIG. 1 A, the third party entity (120) may not be required to provide, or capable of providing, a direct mobile communications channel between the value store (122) and the consumer (1 10). As such, without the services and functionality of the payment processor (130), the consumer (1 10) would be unable to use the mobile communications device (1 12) to transact against the consumer account held at the value store (122), However, by providing the payment processor (130), a mobile communications channel (150) may be registered between the mobile communications device (1 12) of the consumer (1 10) and the remotely accessible server (132). This may enable the consumer (1 10) to transact against the consumer account via the payment processor (130) and the first communications channel (140) between the value store (122) and the remotely accessible server (132) using the registered mobile communications channel (150).
[0080] FIG. 1 B is a schematic diagram which illustrates components of the payment processor (130) of the system (100) illustrated in FIG. 1A as well as the various parties with which the payment processor interacts. Various components, modules or interfaces of the payment processor (130) may be implemented on the remotely accessible server (132) which may be any appropriate server computer, distributed server computer, cloud-based server computer or the like. In some embodiments, various components, modules or interfaces of the payment processor (130) may be implemented on respective server computers.
[0081] The payment processor (130) may include a payment processing network interface (172), a mobile interface (174) and a third party interface (176),
[0082] The payment processing network interface (172) may be configured to transmit and receive financial system transaction messages to and from financial institutions via a payment processing network (138), In some embodiments, the payment processor (130) forms a part of the payment processing network (138), in which case the payment processing network interface (172) interfaces to associated data processing subsystems, networks and operations of the payment processing network ( 38) which are used to support and deliver the services of the payment processing network (138), The financial transaction messages may be ISO 8583 messages. Thus all communications between the payment processor ( 30) and the payment processing network (138) or other financial institutions, as the case may be, may be via the payment processing network interface (172). [0083] The mobile interface (174) may be configured to provide a direct mobile communications channel (150) between the payment processor (130) and the consumer's mobile communications device (1 12). The mobile interface (174), for example, may provide the necessary hardware and software components to interface to a mobile communications network (152) or to provide a secure communications channel between the payment processor (130) and the mobile communications device (1 12), The mobile interface (174) may permit the payment processor (130) to transmit and receive SMS messages, initiate USSD or IVR sessions, transmit and receive secure messages and the like. Thus all communications between the mobile communications device (1 12) of the consumer (1 10) and the payment processor may be via the mobile interface (174) which provides the mobile communications channel (150).
[0084] The third party interface (176) may enable communications between the payment processor (130) and third party entities (120A-C). The third party interface (176) may enable the communications with a third party entity (120A-C) via the Internet or other similar communication network. This may require the third party entities (120A-C) to consume an application programming interface (API) of the payment processor. In some embodiments, communications transmitted between the third party entities (120A-C) and the payment processor (130) are financial system transaction messages.
[0085] The payment processor (130) may also include a request receiving component (178) for receiving a request relating to the processing of a transaction against a consumer account held at a value store of a third party entity (e.g. 120A) and an authorization receiving component (180) for receiving, from the mobile communications device (1 12) of the consumer (1 10), an authorization for the request. The authorization for the request may be received from the mobile communications device (1 12) directly via the mobile communications channel (150).
[0086] In some embodiments, the request relating to processing of a transaction against a consumer account and the authorization for the request are received from the mobile communications device (1 12) together in the same message. In some cases, the authorization for the request may be implicit in the transmitting of the request. For example, it may be the case that the consumer is required to enter a passcode before the consumer may be permitted to transmit a request relating to processing of a transaction, in which case, the request implicitly includes the authorization for the request.
[0087] in other embodiments however, the request may be received separately, for example, from a recipient (198) via the acquiring entity (170) and payment processing network (138), where appropriate. The request may include a consumer identifier, for example an SISDN provided to the recipient (198) by the consumer (1 10) and usable in identifying the mobile communications device of the consumer (1 10). in such embodiments, the payment processor (130) may include an authorization request message transmitting component (182) for transmitting an authorization request message to the mobile communications device directly via the mobile communications channel (150). The mobile communications device may be identified using the consumer identifier, for example by querying a consumer database (136) containing details of registered consumers. [0088] The payment processor (130) may further include a value store determining component (184) for determining, using at least a consumer account identifier received with either the request or the authorization for the request, the value store at which the consumer account is held. This may include querying one or both of a value store database (134) containing details of registered value stores and the consumer database (136) containing details of registered consumers.
[0089] In some embodiments, the payment processor (130) may include an acquirer determining component (186) for determining, using a recipient account identifier, an acquiring entity associated with the recipient account. The acquirer determining component (186) may determine the acquiring entity using a portion of the recipient account identifier. For example, in some embodiments, the recipient account identifier may be a PAN, the first six digits of which are bank identification number (BIN) usable in identifying the acquiring entity (170). In other embodiments, the payment processing network (138), and not the payment processor (130), determines, using the recipient account identifier, an acquiring entity associated with the recipient account.
[0090] A processing component (188) may also be provided for processing the request against the consumer account held at the value store of the third party entity (120A). The processing component (188) may include an initiating component (190) for initiating a transfer of funds from the value store to the acquiring entity. In some embodiments, initiating a transfer of funds from the value store to the acquiring entity initiates an original credit transaction (OCT) push transaction from the consumer account held at the value store of the third party entity to the recipient account. This may be effected by transmitting an ISO 8583 0200 Acquirer Financial Request message or other appropriate financial transaction message. In other embodiments, initiating a transfer of funds from the value store to the acquiring entity may include instructing the third party entity to initiate the transfer of funds. [0091] The processing component (188) may further include a credential generating component (192) for generating payment credentials and linking the generated payment credentials to the consumer account held at the value store and a credential transmitting component (194) for transmitting the generated payment credentials to the mobile communications device (1 12) of the consumer (1 10) directly via the mobile communications channel (150). In other embodiments, the credential generating component (192) may request payment credentials from the third party entity (120A).
[0092] Furthermore, the payment processor (130) may include a registration component (196) which may include a third party registration component for establishing a registration of a third party entity having a value store containing a plurality of consumer accounts therein . The third party registration component may capture at least one credential of a consumer held at the value store. The third party registration component may establish registration of a first communications channel. The registration component (196) may also include a mobile communications channel registration component for establishing a registration of a mobile communications channel of a consumer with the payment processor to be used for transactions against the value store. The mobile communications channel registration component may establish a registration of a mobile communications channel using the at least one credential of the consumer held at the value store to establish trust.
[0093] Various methods may be used to register a mobile communications channel (150) of a consumer with the payment processor (130) to enable it to be used for transactions against the consumer account. Firstly, a registration of the third party entity (120) may be established, and at least one credential or reference of the consumer (1 10) held at the value store (122) may be transmitted from the third party entity (120) and captured by the remotely accessible server (132). The registration of the third party entity (120) may be established via the first communications channel (140). Secondly, a registration of the mobile communications channel (150) of the consumer (1 10) with the payment processor (130) may be established. During this registration, the at least one credential or reference of the consumer (1 10) held at the value store may be used to authenticate the registration so as to establish trust, in other words, to verify that the mobile communications channel (150) is indeed a trusted channel.
[0094] In some embodiments, establishing trust may relate to transferring an established degree of trust in a channel between the consumer (1 10) and the third party entity (120) to a similar degree of trust in a channel between the consumer (1 10) and the payment processor (130). This may be effected by proving that a credential held by the third party entity (120) and relating to the consumer (1 10) can be verified by the consumer (1 10) to the payment processor (130).
[0095] The flow diagram (200) of FIG. 2 illustrates a first method of registering a mobile communications channel of a consumer with a payment processor to be used for transactions against a value store. In this exemplary scenario, the required consumer credentials are "pushed" to the remotely accessible server (132) to establish the mobile communications channel (150) as a trusted channel.
[0096] At an initial stage (202), the third party entity (120) provides details of the value store (122) to the remotely accessible server (132) over the first communications channel (140). These details may include a value store identifier, consumer account identifiers, details of mobile communications channels of consumers holding consumer accounts, consumer identifiers, and the like.
[0097] At a next stage (204) at the remotely accessible server (132), the value store (122) of the third party entity (120) is registered with the payment processor (130) as a value store against which consumers may transact via the remotely accessible server (132) using their mobile communications devices. As described above, the registration of the third party entity (120) with the payment processor (130) may involve the step of providing an API which the third party entity (120) is capable of consuming.
[0098] At a next stage (206), the consumer (1 10), in this case a new consumer in respect of the particular value store of the third party entity, initializes the registration of a new consumer account to be held at the value store (122). The third party entity (120), at a next stage (208), registers the account in the value store (122). This account registration process may take place using any suitable method, such as a conventional method involving capturing required "know-your-customer (KYC)" information from the consumer and generating a new consumer account to be held at the value store (122),
[0099] Typically, the consumer (1 10) only has the non-mobile communications channel (160) available by way of which to transact against the consumer account at this stage. The consumer (1 10) may transact against the consumer account using any number of convention means, except that no direct mobile communications channel is available by which the consumer (1 10) may transact against the consumer account. For example, the consumer (1 10) may transact by visiting a brick-and-mortar branch of the third party entity (120) or by accessing a website of the third party entity (120) via which the consumer may transact.
[0100] At a next stage (210), the consumer (1 10) may desire to extend the transaction capabilities available under the consumer account to include a mobile communications channel, and uses the established non-mobile communications channel (160) to initialize the registration of the consumer account with the payment processor (130).
[0101] The consumer (1 10) may initialize the registration by physically communicating such a request to the third party entity (120), for example, in the case where the third party entity (120) is a retailer at which the consumer (1 10) holds an account. Alternatively, the consumer (1 10) may initialize the registration using electronic means, such as by way of a link on a banking website in the case where the third party entity (120) is an issuing bank at which the consumer (1 10) holds a bank account,
[0102] In some embodiments, the consumer (1 10) may initialize the registration directly with the remotely accessible server (132). For example, the consumer (1 10) may select the value store (122) and an identifier of the consumer account using a mobile software application and transmit this selection to the remotely accessible server (132) to initialize the registration of the mobile communications channel (150).
[0103] The third party entity (120) receives this request and transmits one or more credentials (typically a consumer identifier) of the consumer (1 10), an identifier of the mobile communications channel (150), and an indication that the channel is a trusted channel to the remotely accessible server (132), at a next stage (212). Consumer credentials may include one or more of an identifier of a mobile communications device (1 12) of the consumer (1 10), such as one or more of the group of: the Mobile Subscriber Integrated Services Digital Network-Number (MSISDN) of the mobile communications device (1 12); financial information associated with the consumer account; personal information of the consumer; and an identifier of a hardware security element of the mobile communications device of the consumer.
[0104] In one particular embodiment, the consumer (1 10) has credentials stored with the value store (122), such as a password, personal information and/or a security question. One or more of these credentials are provided to the payment processor (130) by the third party entity (120), and the payment processor (130) may then request the same credential from the consumer (1 10). Once this credential is correctly verified, the mobile communications channel (150) is registered. [0105] The remotely accessible server (132) captures at least a consumer account identifier and a value store identifier, and may at this point register the mobile communications channel (150) identified by the third party entity (120) as a trusted channel which may be used to transact against the consumer account held at the value store (122). [0106] Optionally, and as illustrated in FIG. 2, the remotely accessible server (132) may require, at a next stage (214), the consumer (1 10) to confirm that the mobile communications channel and/or the mobile communications device identified by the third party entity (120) is indeed trusted. At a next stage (216), the consumer (1 10) confirms, typically using the mobile communications device (1 12). The remotely accessible server (132) then, at a final stage (218), establishes the mobile communications channel (150) as a trusted channel for the particular consumer (1 10). [0107] In one embodiment, the third party entity (120) is a bank acting as an issuer processor and the value store (122) contains a plurality of payment card accounts. To establish the mobile communications channel (150) as a trusted channel, the consumer (1 10) may "push" payment card details, consumer details and/or an identification of the mobile communications channel (150) to the payment processor (130), preferably via the third party entity (120), for example, by presenting or inserting a physical payment card at an acceptance point such as a point of sale (POS) device. Once authorized, the payment card account of the consumer (1 10) is registered by the payment processor (130) as a payment instrument which the consumer (1 10) may use to transact over the mobile communications channel (150).
[0108] The flow diagram (300) of FIG. 3 illustrates a second method of registering a mobile communications channel of a consumer with a payment processor to be used for transactions against a value store. In this exemplary scenario, the required consumer credentials are "pulled" from the consumer (1 10) and the third party entity (120) respectively and verified against one another by the remotely accessible server (132) to establish the mobile communications channel (150) as a trusted channel.
[0109] The initial stages (302-308) of the method of FIG. 3 corresponds to the initial stages (202-208) of the method of FIG. 2, wherein the consumer (1 10) registers the consumer account with the third party entity (120) and the third party entity (120) registers the value store (122) with the payment processor (130).
[0110] At a next stage (310), the third party entity (120) transmits a request to the remotely accessible server (132) to register the mobile communications channel (150) of the consumer (1 10) as a channel which can be used to transact against the consumer account held at the value store (122). The third party entity (120) may transmit this request in response to a corresponding request received from the consumer (1 10), or may automatically request such channels to be registered for all or some of its account holders.
[0111] To establish trust in the mobile communications channel (150) identified by the third party entity (120), the remotely accessible server (132), at a next stage (312), prompts the third party entity (120) for a consumer credential, which may, for example, be any of the consumer credentials described above. The third party entity (120), at a next stage (314), provides the required consumer credential to the remotely accessible server (132). In other embodiments, the remotely accessible server (132) may already be in possession of the required credential or credentials.
[0112] The remotely accessible server (132) then, at a next stage (316), prompts the consumer (1 10) for a verification credential, which is typically the same credential as the consumer credential the third party entity (120) was prompted for. In other words, the remotely accessible server (132) receives some piece of information relating to the consumer (1 10) from the third party entity (120), and then requests the same piece of information from the consumer (1 10) to establish trust in the communication channel. This credential may, for example, be the answer to a security question, a passphrase or unique code.
[0113] At a next stage (318), the consumer (1 10) transmits the verification credential to the remotely accessible server (132) using the mobile communications device (1 12), The remotely accessible server (132) then analyzes both sets of credentials, and if these credentials match, the remotely accessible server (132) establishes the mobile communications channel (150) as a trusted channel for the particular consumer (1 10) at a final stage (320).
[0114] in some embodiments, in order to establish trust, the payment processor (130) processes a dummy transaction against the consumer account held at the value store (122). In such a case, the remotely accessible server (132) utilizes one or more of the credentials of the consumer, such as an account number, to process a dummy transaction, after which the third party entity (120) is prompted for a transaction reference. The third party entity (120) then provides a transaction reference to the remotely accessible server (132) uniquely identifying the dummy transaction against the consumer account. The remotely accessible server (132) in turn requests the consumer (1 10) to transmit a consumer transaction reference from the mobile communications device (1 12) for that same transaction. The remotely accessible server (132) matches the transaction reference received from the third party entity (120) with the consumer transaction reference to establish trust, in other words, to verify that the consumer (1 10) has legitimate access to the consumer account in the value store (122) which is to be registered for use with the mobile communications channel (150). [0115] Once the first communications channel (140) and the mobile communications channel (150) are successfully registered, the consumer (1 10) may use the mobile communications device (1 12) to transact against the consumer account held at the value store (122). The flow diagram (400) of FIG. 4 illustrates one embodiment of a method for transacting via a mobile communications channel.
[0116] At a first stage (402), the consumer (1 10) transmits a request relating to processing of a transaction against a consumer account held at a value store of a third party to the payment processor (130), The consumer (1 10) uses the mobile communications device (1 12), to transmit the request to process the transaction against the consumer account. In the example illustrated in FIG. 4, request is a request to process a transaction being a payment transaction. It should be appreciated, however, that any suitable transaction may be processed in relation to the consumer account, such as a withdrawal transaction, a deposit transaction, an account information request, and the like. [0117] For example, in the case where the third party entity (120) is a retailer at which the consumer (1 10) holds a loyalty account, the consumer (1 10) may request that a payment be made by transferring funds from the loyalty account to a recipient account, which may, similarly to the consumer account, be any account having a monetizable value. It should be noted that the recipient account may be an account at the same value store as the consumer account, or an account at a different value store which is also registered with the payment processor (130). In some cases, the recipient account may be a financial account held at an acquiring entity.
[0118] At a next stage (404), the payment processor (130) receives the request to process a transaction against the consumer account. The request may include a plurality of transaction details, such as a consumer account identifier, a recipient account identifier and a transaction value. The remotely accessible server (132) of the payment processor (130) uses the consumer account identifier received from the mobile communications device (1 12) to determine the value store at which the consumer account is held. In some embodiments, the recipient account identifier may be an account number identifying an account in favor of which OCT push transactions may be processed. [0119] Ιΐ is foreseen that the request may also include a value store identifier which may be used to identify the value store, !t should be appreciated that a plurality of value stores may be registered with the payment processor (130), and that one third party entity may itself control a plurality of value stores which are registered with the payment processor (130). in such a case, a value store identifier is used to route the transaction request to the appropriate value store.
[0120] At a next stage (406), the remotely accessible server (132) of the payment processor (130) determines, using the recipient account identifier, the acquiring entity (170) associated with the recipient account, and, at a next stage (408), initiates a transfer of funds from the value store (122) to the acquiring entity (170) and in favor of the recipient account. The transfer of funds may be initiated using an OCT push transaction from the consumer account to the recipient account.
[0121] In some embodiments, and as illustrated in FIG. 4, at a next stage (410), the payment processes" (130) may require the third party entity (120), or an issuer associated with the consumer account held at the value store (122) of the third party entity (120), to authorize the transaction. The third party entity (120) or the appropriate issuer authorizes the transfer of funds, and at a next stage (412), the payment processor (130) processes the transaction. At a final stage (414), the acquiring entity (170) credits the relevant recipient account. [0122] It is foreseen that the system (100) and method described above may be used by the consumer (1 10) to request and be provisioned with payment credentials, for example, single-use ("one-time") payment credentials. For example, the consumer (1 10) may access a menu provided by a transaction application on the mobile communications device (1 12) and select a "request one-time payment credentials" option for a specific consumer account, such as a bank account. In one embodiment, these payment credentials include one or more of a primary account number (PAN), a card expiry date, and a card verification value (CVV) for conducting payment card transactions.
[0123] As described above, a hardware security element such as a cryptographic expansion device may be employed to ensure that requests, and particularly payment credentials, are transmitted along an end-to-end encrypted mobile communications channel. [0124] The request for payment credentials may be received by the remotely accessible server (132), and the remotely accessible server (132) may use an identifier of the consumer, the mobile communications device, or the value store, to identify the value store to which the request must be routed. [0125] The request for payment credentials may then either be forwarded to the appropriate third party entity, for example an issuer, which then generates the payment credentials and transmits the credentials to the payment processor (130), or the payment processor (130) itself may generate the payment credentials. The latter case may ensure that card details remain in a PCI DSS environment, particularly in cases where the first communication channel (140) does not comply with PCI DSS requirements.
[0126] The payment credentials may then be used by the consumer (1 10) to transact against the particular consumer account for which the payment credentials were requested. [0127] FIG. 5 is a flow diagram illustrating another method (500) for transacting via a mobile communications channel. The method (500) of FIG. 5 illustrates an embodiment wherein the request relating to processing of a transaction against a consumer account held at a value store of a third party entity is a request for payment credentials. The payment credentials may be for use in a transaction against a consumer account held at a value store of a third party entity and in favor of a recipient account.
[0128] At a first stage (502), the consumer, using its mobile communications device (1 12), may transmit directly via the mobile communications channel a request for payment credentials to the payment processor (130). The request may include a consumer account identifier and a transaction value. In some embodiments, the request may further include an indication of the intended use of the payment credentials, for example, whether they will be for an e-commerce transaction, an ATM withdrawal, an agent cash-out or the like. In some embodiments, the request may include a passcode entered by the consumer so as to authorize the request. In other embodiments, in response to receiving the request, the payment processor may prompt the consumer to enter a passcode into the mobile communications device (1 12) which may then be transmitted to the payment processor directly via the mobile communications channel so as to authorize the request.
[0129] The payment processor (130) may receive the request relating to processing of a transaction against a consumer account held at a value store of a third party entity, which in this example is a request for payment credentials, at a next stage (504). This may include receiving the authorization for the request although in another embodiment the authorization for the request may be received separately.
[0130] At a next stage (506), the payment processor (130) may, using the consumer account identifier, identify the consumer account against which the payment credentials will be usable.
[0131] At a following stage (508), the payment processor (130) may debit the consumer account with an amount equal to the transaction value or may reserve the transaction value in the consumer account. In some embodiments, this may include transmitting an instruction to the third party entity (120) to have the consumer account debited or the funds reserved while in other embodiments, the consumer account may be debited or the funds may be reserved by the payment processor (130).
[0132] The payment processor (130) may then, at a next stage (510), generate payment credentials linked to the consumer account held at the value store. The generated payment credentials may be single-use-only or one-time-use payment credentials. The payment credentials may have a time-to-live or a limited use time, for example ten minutes, 48 hours or the like. The payment credentials may include one or more of the group of: a primary account number (PAN); a bank identification number (BIN); a card verification value (OA/), a passcode, an expiry date and the like, in some embodiments, this may be dependent upon the type of transaction for which the payment credentials are to be used.
[0133] At a next stage (512), the payment processor may link the payment credentials to the debited or reserved amount and, at a following stage (514), transmit the payment credentials to the mobile communications device (1 12) of the consumer directly via the mobile communications channel. [0134] At a next stage (516), the payment credentials may be received at the mobile communications device (1 12) of the consumer such that the consumer may then proceed to use the payment credentials in a transaction. For example, the consumer may enter the payment credentials into an appropriately configured ATM in order to withdraw an amount of money. The source of funds for the transaction will be the consumer account at the value store against which the payment credentials were generated and linked. A BIN included in the payment credentials may cause the payment processing network (138) to route the transaction to the payment processor (130) for authorization. Before authorizing the transaction, the payment processor (130) may check that the payment credentials are being used for the correct type of transaction, that the transaction value is within the requested transaction value amount and that the passcode, CW and/or expiry date, where applicable are correct, if the authorization is successful, the payment processor may allow the transaction to proceed and thereafter facilitate settlement and clearance as may be required.
[0135] FIG. 6 is a flow diagram which illustrates another method for transacting via a mobile communications channel. The method (600) of FIG. 6 illustrates an embodiment wherein the request relating to processing of a transaction against a consumer account held at a value store of a third party entity and in favor of a recipient account is received from a recipient. The recipient may, for example, be a brick-and-mortar or e-commerce merchant.
[0136] At a first stage (602), the consumer may provide the recipient (198) with a consumer identifier. The consumer identifier may, for example, be an MSISDN of the consumer's mobile communications device (1 12) or derivative thereof and may be keyed by the consumer into a point-of-sale device or e-commerce website, as the case may be, of the recipient (198), The consumer may provide such an identifier so as to complete a purchase at the recipient (198).
[0137] The recipient (198) may then, at a following stage (604), transmit a request relating to processing of a transaction, including the consumer identifier and a recipient account identifier, to the acquiring entity (170). In some embodiments, the request may be financial system transaction message, for example an ISO 8583 message. The acquiring entity (170) may, in turn, forward the request relating to processing of a transaction, including the consumer identifier and a recipient account identifier, optionally via a payment processing network as may be required, to the payment processor (130) at a next stage (808).
[0138] The payment processor (130) may then receive the request relating to processing of a transaction, including the consumer identifier and a recipient account identifier at a following stage (608). At a next stage (810), the payment processor (130) may identify a mobile communications device (1 12) of the consumer using the consumer identifier and, at a following stage (612), may transmit an authorization request message to the mobile communications device (1 12) directly via the mobile communications channel.
[0139] The mobile communications device (1 12) may then receive the authorization request message at a following stage (614). The authorization request message may prompt the consumer to authorize the request, for example, by entering a passcode. If the consumer does authorize the request, the mobile communications device (1 12), at a next stage (616), may transmit authorization for the request directly via the mobile communications channel. The authorization for the request may include a consumer account identifier and optionally a value store identifier.
[0140] The authorization for the request may be received at the payment processor (130) directly via the mobile communications channel at a next stage (618). In response to receiving authorization for the request and at a following stage (620), the payment processor (130), using at least the consumer account identifier, may determine the value store at which the consumer account is held.
[0141] At a next stage (622), the payment processor (130) may process the request against the consumer account held at the value store of the third party entity. Processing the request may include initiating a transfer of funds from the value store to the acquiring entity (170).
[0142] Systems and methods are therefore provided for transacting via a mobile communications channel. The systems and methods provided may be advantageous over prior art systems particularly in that they enable consumers to use their mobile communications devices, such mobile phones, to transact against value stores which do not provide direct mobile communications channels between the value store and the consumer. [0143] In cases where trusted channels already exist between a payment processor and a value store and between a consumer and the value store, but where the trusted channel between the consumer and the value store is not a mobile communications channel, the consumer may register its mobile communications device with the payment processing network such that it can transact through an equally trusted mobile communications network, via the payment processing network, against a consumer account held at the value store,
[0144] The described systems and methods may also be advantageous for value stores already having direct mobile communications channels to its users, as it allows any value store containing accounts having monetizable value, irrespective of whether a mobile communications channel exists between the value store and account holders, to be restructured from a closed loop value store to an open loop value store. In other words, multiple different value stores may be connected to the payment processor and consumers are enabled to transfer funds between inherently different value stores through trusted mobile communications channels.
[0145] The systems and methods described may especially be desirable to entities unable to provide a direct mobile communications channel between a value store and its consumers. For example, in cases where the entity is a retailer having a plurality of consumer loyalty accounts but without the necessary mobile communications infrastructure or resources to provide the above-described mobile communications channel, the retailer may register the value store and its account holders with the payment processor in order to allow its account holders to transact against their consumer loyalty accounts via a mobile communications channel.
[0146] Furthermore, the systems and methods described may provide a higher level of security, particularly in cases where payment credentials are transmitted to mobile communications devices of consumers from entities having direct mobile communications channels to its account holders. For example, in cases where the entity having a value store is a bank or a mobile money operator, payment credentials or other financial information may, instead of being transmitted from the bank or mobile money operator to the mobile communications device of the consumer "in the clear", the credentials may be securely transmitted from the payment processor to the mobile communications device of the account holder, as described above.
[0147] F!G, 7 illustrates an exemplary mobile communications network (700) coupling, for example, a mobile communications device (1 12) of a consumer with a payment processor (130) through a USSD/GPRS Gateway (707). A Mobile Station (MS) (720A) may include consumer's mobile communications device (1 12), or any equipment or software needed to communicate with a mobile communications network operated by a Mobile Network Operator, The Mobile Network Operator may include a Base Station Subsystem (BSS) (720B). The BSS is a section of a traditional mobile telephone network which is responsible for handling traffic and signaling between a mobile communications device and the network switching subsystem. The BSS (720B) may carry out transcoding of speech channels, allocation of radio channels to mobile communications devices, paging, transmission and reception over the air interface, and many other tasks related to radio networks and other communications networks. The BSS (720B) may comprise Base Transceiver Stations (730A) and (730B), or BTS, which contains the equipment for transmitting and receiving radio signals (transceivers), antennas, and equipment for encrypting and decrypting communications with the base station controller (BSC). For example, the BTS (730A) and (730B) may be towers scattered through a region to provide mobile communications service coverage over the region over several different frequencies,
[0148] BTS (730A) and (730B) are controlled by a parent Base Station Controller (BSC) (732). The base station controller (BSC) provides the intelligence behind the BTSs. Typically, a BSC has tens or even hundreds of BTSs under its control. The BSC handles allocation of radio channels, receives measurements from the mobile communications devices, and controls handovers from BTS (730A) to BTS (730B) (except in the case of an inter-BSC handover in which case control is in part the responsibility of the anchor Mobile Switching Center (740)). A function of the BSC is to act as a concentrator where many different low capacity connections to BTSs (with relatively low utilization) become reduced to a smaller number of connections towards the Mobile Switching Center (MSC) (740) (with a high level of utilization). Overall, this means that networks are often structured to have many BSCs (732) distributed into regions near their BTSs (730A) and (730B) which are then connected ΐο large centralized MSG sites (740) in the Network Sub-System (NSS) (707A) in the USSD/GPRS Gateway (707),
[0149] For GPRS (general packet radio service), the BSC (732) may be coupled to a Packet Control Unit (PCU) (734). The PCU (734) performs some of the processing tasks of the BSC (732), but for radio packet data. The allocation of channels between voice and data is controlled by the BSS (720B), but once a channel is allocated to the PCU, the PCU takes full control over that channel. The PCU can be built into the BSS, built into the BSC, or even, in some proposed architectures, it can be at the SGSN (Serving GPRS Support Node) site (736). In most cases, the PCU (734) is a separate node communicating extensively with the BSC (732) on the radio side and the SGSN (736) on the GPRS core network (707B) side in the USSD/GPRS Gateway (707).
[0150] The Network Subsystem (NSS) (707A) processes USSD protocol in standard GSM operation. The Mobile Switching Center (740) may also include a Visitor Locator Register (VLR), which locates another subscriber's mobile communications device connecting through a Mobile Network Operator's BTS (e.g., tower). For example, the VLR would locate the location of a Verizon user if the Verizon user was connecting to an AT&T tower. An extension of the Mobile Switching Center (740) may also include a Public Switched Telephone Network (PSTN) (740A), which is a network of the world's public circuit-switched telephone networks, it consists of telephone lines, fiber optic cables, microwave transmission links, cellular networks, communications satellites, and undersea telephone cables, all inter-connected by switching centers, thus allowing any telephone in the world to communicate with any other. Originally a network of fixed-line analog telephone systems, the PSTN (740A) is now almost entirely digital in its core and includes mobile as well as fixed telephones,
[0151] The MSC/VLR (740) may be in communication with a SS7 Network / MAP (742). Signaling System No. 7 (SS7) is a set of telephony signaling protocols which are used to set up most of the world's public switched telephone network telephone calls. The main purpose is to set up and tear down telephone calls. Other uses include number translation, local number portability, prepaid billing mechanisms, short message service (SMS), and a variety of other mass market messaging and communications services. The SS7 Network may also include a Mobile Application Part (MAP), which is an SS7 protocol which provides an application layer for the various nodes in GSM and UMTS mobile core networks and GPRS core networks to communicate with each other in order to provide services to mobile phone users. [0152] The Mobile Application Part (MAP) (742) is the application-layer protocol used to access the Home Location Register (HLR) (744), Visitor Location Register (VLR) and Mobile Switching Center (MSG) (740), Equipment Identity Register (EIR) (744), Authentication Centre (AUC) (744), Short message service center and Serving GPRS Support Node (SGSN) (736). The Home Location Register (HLR) (744), in conjunction with the EIR and AUC (also in 744), would locate and identify a user mobile communications device, for example, detecting and identifying an AT&T user connecting to an AT&T BTS (e.g., tower).
[0153] To perform the tasks and communicate with the entities described above, the SS7 Network / MAP (742), or the USSD Gateway Network Sub-System (NSS) (707A), may include a SS7 stack (742A), a MAP module (742B), a Session Manager (742C), a Locator Module (742D), a Logger Module (742E), and a Database Server (742F). Certain data elements transmitted in mobile messages (e.g., SMS, USSD) may be stored in the Logger Module (742E) and the Database Server (742F). Thus, anyone within the mobile communication network with access to the USSD Gateway (707), specifically the NSS (707A), may have access to messages, and in turn, stored data elements transmitted in the messages and logged in the gateway. However, there are controls to reduce the potential of data elements from SMS messages being compromised. Examples of such security controls include, but are not limited to, access to an associated SIM (Subscriber Identity Module), limits on transaction size or frequency, etc.
[0154] The USSD/GPRS Gateway (707) may also include a GPRS core network (707B). The GPRS core network (707B) is a central part of the General Packet Radio Service which allows 2G, 3G, and WCDMA (wideband CDMA) mobile networks to transmit IP packets to external networks such as the Internet. The GPRS core network (707B) can be an integrated part of the GSM network switching subsystem, and includes a network of GPRS support nodes (GSN). A GSN is a network node which supports the use of GPRS in the GSM core network. There can be two GSNs, namely Gateway GPRS Support Node (GGSN) (746) and Serving GPRS Support Node (736), which are communicatively connected by a GPRS backbone IP Network (738).
[0155] The Gateway GPRS Support Node (GGSN) (746) can be a main component GPRS code network (707B). The GGSN (746) is responsible for the interworking and routing between the GPRS IP network (738) and external packet switched networks, like the Internet (770) and other communications networks. From an external network's point of view, the GGSN (746) is a router to a sub-network GPRS backbone IP Network (738). When the GGSN (746) receives data addressed to a specific user, it checks if the user is active. If it is, the GGSN (746) forwards the data to the Serving GPRS Support Node (SGSN) (736) serving the mobile user through the GPRS backbone IP Network (738), but if the mobile user is inactive, the data is discarded. On the other hand, mobile-originated packets from the SGSN (736), through the GPRS backbone IP Network (738), are routed by the GGSN (746) to the right external network, such as the Internet (770). The GGSN (746) is the anchor point that enables the mobility of the user terminal in the GPRS IP networks (738) to connect to an external network, such as the Internet (770).
[0156] Serving GPRS Support Node (SGSN) (736) can be responsible for the delivery of data packets from and to the mobile stations (720A) within a geographical service area. Its tasks include packet routing and transfer, mobility management (attach/detach and location management), logical link management, and authentication and charging functions. The location register of the SGSN (736) stores location information (e.g., current VLR), and user profiles (e.g., IMSI, address(es) used in the packet data network) of all GPRS users registered with the SGSN (736).
[0157] The USSD/GPRS Gateway (707) may be in communication with an Application Server (770). The Application Server may be operated on the payment processor (130), or may be included in the USSD/GPRS Gateway (707). The Application Server may include a Billing Server. Some NO's do not have their USSD Gateway connected to the Billing Server, however with the rise in conducting transactions using mobile communications devices, USSD Gateways may now be connected to the billing sever operated on the application server (770). [0158] The payment processor (130) may include a consumer account mobile interface and an access point. The payment processor (130) may also include an application server (770). The payment processor (130) may include a non-transitory computer readable medium that includes instructions for generating transaction request messages and transaction response messages. In some embodiments, payment processor (130) can be part of payment processing network server computer. The payment processor (130) may also include an Access Point (AP) or payment processing network interface, which provides access to a payment processing network. [0159] FIG. 8 illustrates an example of a computing device (800) in which various aspects of the disclosure may be implemented. The computing device (800) may be suitable for storing and executing computer program code. The various participants and elements in the previously described system diagrams may use any suitable number of subsystems or components of the computing device (800) to facilitate the functions described herein.
[0160] The computing device (800) may include subsystems or components interconnected via a communication infrastructure (805) (for example, a communications bus, a cross-over bar device, or a network). The computing device (800) may include at least one central processor (810) and at least one memory component in the form of computer-readable media.
[0161] The memory components may include system memory (815), which may include read only memory (ROM) and random access memory (RAM). A basic input/output system (BIOS) may be stored in ROM, System software may be stored in the system memory (815) including operating system software. [0162] The memory components may also include secondary memory (820). The secondary memory (820) may include a fixed disk (821 ), such as a hard disk drive, and, optionally, one or more removable-storage interfaces (822) for removable- storage components (823).
[0163] The removable-storage interfaces (822) may be in the form of removab!e- storage drives (for example, magnetic tape drives, optical disk drives, floppy disk drives, etc.) for corresponding removable storage-components (for example, a magnetic tape, an optical disk, a floppy disk, etc.), which may be written to and read by the removable-storage drive.
[0164] The removable-storage interfaces (822) may also be in the form of ports or sockets for interfacing with other forms of removable-storage components (823) such as a flash memory drive, external hard drive, or removable memory chip, etc.
[0165] The computing device (800) may include an external communications interface (830) for operation of the computing device (800) in a networked environment enabling transfer of data between multiple computing devices (800). Data transferred via the external communications interface (830) may be in the form of signals, which may be electronic, electromagnetic, optical, radio, or other types of signal.
[0166] The external communications interface (830) may enable communication of data between the computing device (800) and other computing devices including servers and external storage facilities. Web services may be accessible by the computing device (800) via the communications interface (830).
[0167] The external communications interface (830) may also enable other forms of communication to and from the computing device (800) including, voice communication, near field communication, Bluetooth, etc.
[0168] The computer-readable media in the form of the various memory components may provide storage of computer-executable instructions, data structures, program modules, and other data. A computer program product may be provided by a computer-readable medium having stored computer-readable program code executable by the central processor (810).
[0169] A computer program product may be provided by a non-transient computer- readable medium, or may be provided via a signal or other transient means via the communications interface (830).
[0170] Interconnection via the communication infrastructure (805) allows a central processor (810) to communicate with each subsystem or component and to control the execution of instructions from the memory components, as well as the exchange of information between subsystems or components. [0171] Peripherals (such as printers, scanners, cameras, or the like) and input/output (I/O) devices (such as a mouse, touchpad, keyboard, microphone, joystick, or the like) may couple to the computing device (800) either directly or via an I/O controller (835). These components may be connected to the computing device (800) by any number of means known in the art, such as a serial port,
[0172] One or more monitors (845) may be coupled via a display or video adapter (840) to the computing device (800).
[0173] FIG. 9 shows a block diagram of a communication device (900) that may be used in embodiments of the disclosure. The communication device (900) may be a cell phone, a feature phone, a smart phone, a satellite phone, or a computing device having a phone capability.
[0174] The communication device (900) may include a processor (905) (e.g., a microprocessor) for processing the functions of the communication device (900) and a display (920) to allow a user to see the phone numbers and other information and messages. The communication device (900) may further include an input element (925) to allow a user to input information into the device (e.g., input buttons, touch screen, etc.), a speaker (930) to allow the user to hear voice communication, music, etc., and a microphone (935) to allow the user to transmit his or her voice through the communication device (900). [0175] The processor (910) of the communication device (900) may connect to a memory (915). The memory (915) may be in the form of a computer-readable medium that stores data and, optionally, computer-executable instructions.
[0176] The communication device (900) may also include a communication element (940) for connection to communication channels (e.g., a cellular telephone network, data transmission network, Wi-Fi network, satellite-phone network, Internet network, Satellite Internet Network, etc.). The communication element (940) may include an associated wireless transfer element, such as an antenna.
[0177] The communication element (940) may include a subscriber identity module (SIM) in the form of an integrated circuit that stores an international mobile subscriber identity and the related key used to identify and authenticate a subscriber using the communication device (900). One or more subscriber identity modules may be removable from the communication device (900) or embedded in the communication device (900).
[0178] The communication device (900) may further include a contact!ess element (950), which is typically implemented in the form of a semiconductor chip (or other data storage element) with an associated wireless transfer element, such as an antenna. The contactless element (950) may be associated with (e.g., embedded within) the communication device (900) and data or control instructions transmitted via a cellular network may be applied to the contactless element (950) by means of a contactless element interface (not shown). The contactless element interface may function to permit the exchange of data and/or control instructions between mobile device circuitry (and hence the cellular network) and the contactless element (950).
[0179] The contactless element (950) may be capable of transferring and receiving data using a near field communications (NFC) capability (or near field communications medium) typically in accordance with a standardized protocol or data transfer mechanism (e.g., ISO 14443/NFC). Near field communications capability is a short-range communications capability, such as radio-frequency identification (RF!D), Bluetooth, infra-red, or other data transfer capability that can be used to exchange data between the communication device (900) and an interrogation device. Thus, the communication device (900) may be capable of communicating and transferring data and/or control instructions via both a cellular network and near field communications capability.
[0180] The data stored in the memory (915) may include: operation data relating to the operation of the communication device (900), personal data (e.g., name, date of birth, identification number, etc.), financial data (e.g., bank account information, a bank identification number (BIN), credit or debit card number information, account balance information, expiration date, loyalty provider account numbers, etc.), transit information (e.g., as in a subway or train pass), access information (e.g., as in access badges), etc. A user may transmit this data from the communication device (900) to selected receivers. [0181] The communication device (900) may be, amongst other things, a notification device that can receive alert messages and access reports, a portable merchant device that can be used to transmit control data identifying a discount to be applied, as well as a portable consumer device that can be used to make payments.
[0182] The foregoing description has been presented for the purpose of illustration; it is not intended to be exhaustive or to limit the invention to the precise forms disclosed. Persons skilled in the relevant art can appreciate that many modifications and variations are possible in light of the above disclosure.
[0183] Some portions of this description describe the embodiments in terms of algorithms and symbolic representations of operations on information. These algorithmic descriptions and representations are commonly used by those skilled in the data processing arts to convey the substance of their work effectively to others skilled in the art. These operations, while described functionally, computationally, or logically, are understood to be implemented by computer programs or equivalent electrical circuits, microcode, or the like. The described operations may be embodied in software, firmware, hardware, or any combinations thereof, [0184] The software components or functions described in this application may be implemented as software code to be executed by one or more processors using any suitable computer language such as, for example, Java, C++, or Perl using, for example, conventional or object-oriented techniques. The software code may be stored as a series of instructions, or commands on a non-transitory computer- readable medium, such as a random access memory (RAM), a read-only memory (ROM), a magnetic medium such as a hard-drive or a floppy disk, or an optical medium such as a CD-ROM. Any such computer-readable medium may also reside on or within a single computational apparatus, and may be present on or within different computational apparatuses within a system or network. [0185] Any of the steps, operations, or processes described herein may be performed or implemented with one or more hardware or software modules, alone or in combination with other devices. In one embodiment, a software module is implemented with a computer program product comprising a non-transient computer- readable medium containing computer program code, which can be executed by a computer processor for performing any or all of the steps, operations, or processes described. [0186] Finally, the language used in the specification has been principally selected for readability and instructional purposes, and it may not have been selected to delineate or circumscribe the inventive subject matter. It is therefore intended that the scope of the invention be limited not by this detailed description, but rather by any claims that issue on an application based hereon. Accordingly, the disclosure of the embodiments of the invention is intended to be illustrative, but not limiting, of the scope of the invention, which is set forth in the following claims.

Claims

WHAT IS CLAIMED IS:
1 , A method for transacting via a mobile communications channel, carried out at a payment processor and comprising the steps of:
receiving a request relating to processing of a transaction against a consumer account held at a value store of a third party entity;
receiving, from a mobile communications device of a consumer, an authorization for the request, wherein the authorization for the request is received from the mobile communications device directly via a mobile communications channel;
determining, using at least a consumer account identifier, the value store at which the consumer account is held; and,
processing the request against the consumer account held at the value store of the third party entity.
2, The method as claimed in claim 1 , wherein the request is a request to process a transaction against the consumer account held at the value store of the third party entity and in favor of a recipient account.
3. The method as claimed in claim 2, wherein the request and the authorization for the request are received together from the mobile communications device directly via the mobile communications channel.
4. The method as claimed in claim 2, wherein the request to process a transaction includes the consumer account identifier, a recipient account identifier and a transaction value.
5. The method as claimed in claim 4, wherein the method includes a step of determining, using the recipient account identifier, an acquiring entity associated with the recipient account,
6. The method as claimed in claim 5, wherein the step of processing the request includes initiating a transfer of funds from the value store to the acquiring entity.
7, The method as claimed in claim 6, wherein initiating a transfer of funds from the value store to the acquiring entity initiates an original credit transaction (OCT) push transaction from the consumer account held at the value store of the third party entity to the recipient account,
8, The method as claimed in claim 1 , wherein the request is received from a recipient, and wherein the request includes a consumer identifier.
9. The method as claimed in claim 8, wherein receiving the authorization for the request from the mobile communications device is in response to a step of transmitting an authorization request message to the mobile communications device directly via the mobile communications channel, wherein the mobile communications device is identified using the consumer identifier, and wherein the authorization for the request includes the consumer account identifier.
10. The method as claimed in claim 1 , wherein the request is a request for payment credentials for use in a transaction against the consumer account held at the value store of the third party entity and in favor of a recipient account;
wherein processing the request generates payment credentials linked to the consumer account held at the value store; and,
wherein the method includes a step of transmitting the generated payment credentials to the mobile communications device of the consumer directly via the mobile communications channel.
1 1 . The method as claimed in claim 1 , including steps of:
establishing a registration of a third party entity having a value store containing a plurality of consumer accounts therein, including capturing at least one credential of a consumer held at the value store, wherein the registration is established via a first communications channel; and
establishing a registration of a mobile communications channel of a consumer with the payment processor to be used for transactions against the value store, wherein establishing a registration of a mobile communications channel includes using the at least one credential of the consumer held at the value store to establish trust.
12, A system for transacting via a mobile communications channel, the system including a payment processor which comprises:
a request receiving component for receiving a request relating to processing of a transaction against a consumer account held at a value store of a third party entity;
an authorization receiving component for receiving, from a mobile
communications device of a consumer, an authorization for the request, wherein the authorization for the request is received from the mobile communications device directly via a mobile communications channel;
a value store determining component for determining, using at least a consumer account identifier, the value store at which the consumer account is held; and,
a processing component for processing the request against the consumer account held at the value store of the third party entity.
13. The system as claimed in claim 12, wherein the mobile communications channel utilizes a Mobile Network Operator (MNO) mobile communications network, wherein the mobile communications channel utilizes one or both of a Global System for Mobile Communications (GSM) and a Universal Mobile Telecommunications System (UMTS) mobile communications network, and wherein requests and responses received via the mobile communications channel are one or more of: Short Message Service (SMS) communications; Unstructured Supplementary Service Data (USSD) communications; Dual-Tone Multi-Frequency Modulation (DTMF) signaling; interactive voice response (IVR) communications; and SIM
Application Toolkit-based communications.
14. The system as claimed in claim 12, wherein the request and authorization for the request are received together from the mobile communications device directly via the mobile communications channel.
15. The system as claimed in claim 12, wherein the payment processor includes an acquirer determining component for determining, using a recipient account identifier, an acquiring entity associated with a recipient account.
16, The system as claimed in claim 15, wherein the processing component includes an initiating component for initiating a transfer of funds from the value store to the acquiring entity.
17. The system as claimed in claim 16, wherein initiating a transfer of funds from the value store to the acquiring entity initiates an original credit transaction (OCT) push transaction from the consumer account held at the value store of the third party entity to the recipient account.
18. The system as claimed in claim 12, wherein the payment processor includes an authorization request message transmitting component for transmitting an authorization request message to the mobile communications device directly via the mobile communications channel, wherein the mobile communications device is identified using a consumer identifier received in the request.
19. The system as claimed in claim 12, wherein the processing component includes:
a credential generating component for generating payment credentials linked to the consumer account held at the value store; and,
a credential transmitting component for transmitting the generated payment credentials to the mobile communications device of the consumer directly via the mobile communications channel.
20. The system as claimed in claim 12, wherein the payment processor includes a registration component having:
a third party registration component for establishing a registration of a third party entity having a value store containing a plurality of consumer accounts therein, the third party registration component capturing at least one credential of a
consumer held at the value store, wherein the registration is established via a first communications channel; and a mobile communications channel registration component for establishing a registration of a mobile communications channel of a consumer with the payment processor to be used for transactions against the value store, wherein establishing a registration of a mobile communications channel uses the at least one credential of the consumer held at the value store to establish trust.
21 . A computer program product for transacting via a mobile communications channel, the computer program product comprising a computer-readable medium having stored computer-readable program code for performing the steps of:
receiving a request relating to processing of a transaction against a consumer account held at a value store of a third party entity;
receiving, from a mobile communications device of a consumer, an authorization for the request, wherein the authorization for the request is received from the mobile communications device directly via a mobile communications channel:
determining, using at least a consumer account identifier, the value store at which the consumer account is held; and,
processing the request against the consumer account held at the value store of the third party entity.
PCT/IB2014/064557 2013-09-18 2014-09-16 Systems and methods for transacting via a mobile communications channel WO2015040543A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AP2016009030A AP2016009030A0 (en) 2013-09-18 2014-09-16 Systems and methods for transacting via a mobile communications channel

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ZA201307003 2013-09-18
ZA2013/07003 2013-09-18

Publications (1)

Publication Number Publication Date
WO2015040543A1 true WO2015040543A1 (en) 2015-03-26

Family

ID=52688309

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2014/064557 WO2015040543A1 (en) 2013-09-18 2014-09-16 Systems and methods for transacting via a mobile communications channel

Country Status (2)

Country Link
AP (1) AP2016009030A0 (en)
WO (1) WO2015040543A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016161172A1 (en) * 2015-03-31 2016-10-06 Visa International Service Association Multi-protocol data transfer

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120109818A1 (en) * 2010-09-21 2012-05-03 Mark Carlson Third Party Integrated Security System
US20120191556A1 (en) * 2011-01-21 2012-07-26 American Express Travel Related Services Company, Inc. Systems and methods for virtual mobile transaction
US20130103466A1 (en) * 2007-11-30 2013-04-25 Blaze Mobile, Inc. Financial transaction processing with digital artifacts using a mobile communications device
US20130212003A1 (en) * 2012-02-10 2013-08-15 Intuit Inc. Mobile money order
US20130238493A1 (en) * 2011-04-13 2013-09-12 Citicorp Credit Services, Inc. Methods and systems for routing payment transactions

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130103466A1 (en) * 2007-11-30 2013-04-25 Blaze Mobile, Inc. Financial transaction processing with digital artifacts using a mobile communications device
US20120109818A1 (en) * 2010-09-21 2012-05-03 Mark Carlson Third Party Integrated Security System
US20120191556A1 (en) * 2011-01-21 2012-07-26 American Express Travel Related Services Company, Inc. Systems and methods for virtual mobile transaction
US20130238493A1 (en) * 2011-04-13 2013-09-12 Citicorp Credit Services, Inc. Methods and systems for routing payment transactions
US20130212003A1 (en) * 2012-02-10 2013-08-15 Intuit Inc. Mobile money order

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016161172A1 (en) * 2015-03-31 2016-10-06 Visa International Service Association Multi-protocol data transfer
US11151533B2 (en) 2015-03-31 2021-10-19 Visa International Service Association Multi-protocol data transfer
US11769128B2 (en) 2015-03-31 2023-09-26 Visa International Service Association Multi-protocol data transfer

Also Published As

Publication number Publication date
AP2016009030A0 (en) 2016-02-29

Similar Documents

Publication Publication Date Title
AU2017203373B2 (en) Provisioning payment credentials to a consumer
US11823170B2 (en) Integrated communications network for transactions
US10902397B2 (en) Interoperable financial transactions via mobile devices
AU2018202542B2 (en) Automated account provisioning
US11849372B2 (en) System and method for location determination using mesh routing
EP3055978B1 (en) Systems, methods, and computer program products for managing communications
US20150339659A1 (en) System And Method For Payment Credential-Based Mobile Commerce
US20140188738A1 (en) Mobile banking system with cryptographic expansion device
CN113115285B (en) Information processing method and device
WO2014111888A1 (en) Mobile payment system
US20170039552A1 (en) Systems, methods and devices for providing a single-use payment credential
US20170024729A1 (en) Secure Transmission of Payment Credentials
WO2015040543A1 (en) Systems and methods for transacting via a mobile communications channel
AU2014307582A1 (en) System and method for generating payment credentials
EP3192028A1 (en) Method and system for conducting a cash-on-delivery (cod) transaction
Çabuk et al. WIDIPAY: A CROSS-LAYER DESIGN FOR MOBILE PAYMENT SYSTEM OVER LTE DIRECT

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14846264

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14846264

Country of ref document: EP

Kind code of ref document: A1