WO2017031198A1 - Payment devices having multiple modes of conducting financial transactions - Google Patents
Payment devices having multiple modes of conducting financial transactions Download PDFInfo
- Publication number
- WO2017031198A1 WO2017031198A1 PCT/US2016/047329 US2016047329W WO2017031198A1 WO 2017031198 A1 WO2017031198 A1 WO 2017031198A1 US 2016047329 W US2016047329 W US 2016047329W WO 2017031198 A1 WO2017031198 A1 WO 2017031198A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- account
- payment card
- merchant
- cardholder
- additional
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/357—Cards having a plurality of specified features
- G06Q20/3572—Multiple accounts on card
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/327—Short range or proximity payments by means of M-devices
- G06Q20/3278—RFID or NFC payments by means of M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4018—Transaction verification using the card verification value [CVV] associated with the card
Definitions
- the present disclosure generally relates to financial services, and more particularly relates to payment devices and systems for settling financial transactions.
- Plastic payment cards such as credit cards, were introduced in the United States in the late 1940s as a way for a bank's most trusted customers to pay for meals and travel without carrying large amounts of cash. Since then, billions of payment cards have been issued by tens of thousands of banks.
- EMVCo card issuing networks
- This microchip confidentially stores the information and programs needed to generate a unique cryptographic signature at the time a transaction is made at a merchant POS.
- Computing processes are performed securely and confidentially inside the embedded microchip at the time of each transaction and the result is passed along with the payment account data through the existing payment network to the card issuing bank where it is verified using the same information stored in the card.
- the stored information is never disclosed by the issuer and cannot be extracted from the microchip by any practical means.
- the microchip-embedded card thus provides a one-time code for each card transaction performed at a physical point of sale. If all merchants honor this new mechanism, the risk that a counterfeit card could be produced by misappropriation of account data is largely eliminated.
- NFC near field communication
- the microchip-embedded cards also known as EMV cards or smart cards
- NFC-enabled cards must also work in environments that have not yet embraced the new standards.
- Many merchants have yet to adopt the EMV-enabled terminals that can activate the microchip cards and read the cryptographic code or the NFC readers that can read the wireless communication signals.
- the card issuers include a conventional magnetic stripe on the back of the card.
- issuers include the payment account number either printed on the card and/or embossed into the plastic. Therefore, not only can the microchip and NFC components be used in making financial
- the magnetic stripe can be used in a financial transaction using a POS swiping process or the account num bers can be used in telephone or Internet transaction.
- the method by which the card communicates the account information to the merchant terminal is known as the mode.
- the microchip card can be utilized in at least four different modes of financial transactions, including, for example, magnetic stripe swiping mode, various modes using the EMV chip, NFC mode, and manual card number entry.
- the microchip may also enable additional modes, which is one reason why there may be more than four different modes of financial transactions.
- a thief who encounters one of these new EMV or NFC payment cards and has physical control of the card even for a few brief moments can easily steal the sensitive payment account data without considering the embedded chip or NFC components. This can be done by reading the payment data from the magnetic stripe, in order to prepare a counterfeit card. The thief can also steal the data by taking a picture of the card and capturing the card numbers for fraudulent electronic commerce. It should be noted that both the magnetic stripe data and the printed data are not protected by digital security means like cryptography. The compromised data may then be used at less secure retail merchants, who have not yet adopted the EMV system, or the thief may go online to perform electronic commerce transactions.
- the present invention introduces several innovative elements for payment cards and financial networks and the authorization and settlement of financial transactions.
- a payment card may take such forms as, for example, a plastic payment card, a virtual card, a wearable commerce device, one or more components embedded in a mobile device, an application running on mobile devices or computers, and other payment credential forms.
- a payment card comprises a first component incorporated into a plastic substrate, the first component configured to provide details of a first substitute account associated with a cardholder's primary financial account.
- the payment card may also include additional components incorporated into the plastic substrate.
- the additional components are configured to provide details of additional substitute accounts associated with the cardholder's valid credentials.
- the first substitute account includes details that are distinct from the details of the second substitute account and are distinct from all additional substitute accounts. At least one of the first, second or additional substitute accounts is provided to a merchant for conducting a financial transaction with the merchant.
- an account correlating device comprises at least one network interface configured to communicate with a plurality of merchant terminals via a first network and to communication with a financial institution via a secure network.
- the account correlating device also includes a transaction
- the transaction authentication module configured to authenticate a first financial transaction for a first merchant terminal of the plurality of merchant terminals based on a first set of details obtained by the first merchant terminal of a first substitute account associated with a payment card owned by a cardholder.
- the transaction authentication module is further configured to authenticate additional financial transactions for additional merchant terminals of the plurality of merchant terminals based on additional, different set of details obtained by the additional merchant terminal of the additional substitute account associated with the payment card owned by the cardholder.
- a system for providing security for a payment card includes a first merchant terminal and an additional merchant terminal each connected to a network.
- the first merchant terminal is configured to obtain details of a first substitute account from a first set of information associated with a payment card owned by a cardholder.
- the additional merchant terminal is configured to obtain details of an additional substitute account from an additional set of information associated with the payment card.
- the system further includes an account correlating device connected to the network.
- the account correlating device is configured to receive the details of the first and additional substitute accounts from the first and additional merchant terminals, respectively.
- the account correlating device is further configured to associate the first and additional substitute accounts to a valid credential belonging to the cardholder.
- the account correlating device manages financial transactions between a financial institution, from which the cardholder retains the valid credential, and the first and additional merchant terminals.
- the first set of information is different from the additional sets of information.
- FIG. 1 is a block diagram illustrating a payment card system according to various implementations of the present disclosure.
- FIGS. 2A and 2B are diagrams illustrating a front view and back view, respectively, of a first payment card according to various implementations of the present disclosure.
- FIGS. 3A and 3B are diagrams illustrating a front view and back view, respectively, of a second payment card according to various implementations of the present disclosure.
- FIG. 4 is a block diagram illustrating the account correlating device shown in FIG. 1 according to various implementations of the present disclosure.
- FIG. 5 is a block diagram illustrating the user account module shown in FIG. 4 according to various implementations of the present disclosure.
- the present invention is directed to payment devices, hereafter referred to as a payment card, such as, for example, plastic payment cards, virtual cards, wearable commerce devices, components embedded in mobile devices, applications running on mobile devices or computers, and other payment credentials.
- the present invention is also directed to systems and methods for conducting financial transactions using the payment devices.
- the present invention may include a commercially viable computing service, mobile application, and web site and may be implemented in conjunction with a financial institution using payment cards or other payment devices as described herein.
- the present invention introduces several novel elements that can be employed by existing card and valid credential issuers to combat various forms of fraud.
- the term "valid credential" is used in this document to represent a valid funding instrument, which may be, but is not limited to, a credit card, charge card, direct deposit account, savings account, checking account, loyalty card, gift card, or other cards or devices.
- the present invention includes multimodal payment devices, which can be used in various modes for different types of financial transactions.
- payments cards described herein may include multiple modes for completing a transaction. Some modes may include those involving a microchip embedded in the card, those involving near field communication (NFC) components, those involving the magnetic stripe, those involving entering the card number and card verification value (CVV) in an online transaction, and/or other modes.
- NFC near field communication
- CVV card verification value
- the present invention includes novel fraud-reducing features, a mobile phone application, and a companion web site to control the novel fraud- reducing features.
- a computing service can be used in the authorization and settlement networks serving both online and retail merchants.
- PAN primary account number
- an account correlating device can be interposed between the merchant and the issuing bank to supplement the security of transactions, or called by the issuing bank as part of processing the payment.
- the payment device systems described herein substitute cardholder PAN details securely, in the network, prior to transaction authorization and settlement. In this way, disclosure of the cardholder's PAN details to the merchant is
- the present invention uses several distinct, anonymous, and unpredictable sets of substitute account details for each payment device.
- one set of substitute account details may be associated with one or more modes of the EMV chip, another set may be associated with another mode of the EMV chip, another set of substitute account details may be associated with the NFC components, another set for the magnetic stripe, and another for use during electronic commerce, and yet another for manual entry.
- Using several distinct sets of substitute account details can prevent cross-mode payment fraud.
- a thief might intercept the EMV card details and produce a counterfeit magnetic stripe card.
- a thief might take both EMV and magnetic stripe account details, using card data readers, and perform unauthorized electronic commerce transactions.
- the present invention is not limited by the same PAN being used for all modes. Instead, the present invention uses multiple distinct sets of substitute account details corresponding to multiple valid credentials, where each substitute account can be associated with a distinct mode. In this way, cross-modal payment fraud can be prevented.
- the payment devices described in the present disclosure may be implemented as credit cards, debit cards, virtual cards, wearable devices, Internet of things (loT) devices, components and/or application embedded in mobile devices, and/or other financial credentials.
- the payment devices described in the present disclosure may apply to non-payment devices that are used in other environments besides commerce.
- non-payment devices e.g., loyalty cards, mobile devices, and other non-financial credentials
- non-payment devices may apply to other functions for standing in as a proxy credential to electronically authenticate identification, such as for health insurance purposes, driver's license purposes, etc. , to gain access to a secure location, to provide a photographic
- FIG. 1 is a block diagram illustrating an embodiment of a payment card system 10 in which a financial institution 28 issues a payment card, such as a credit card or debit card, to a customer.
- a payment card such as a credit card or debit card
- the customer may use another type of proxy credential other than a payment card, such as a mobile device.
- the payment card system 10 includes a public network 12, one or more user devices 14, one or more merchant terminals 16, one or more wireless communication antennas 18, one or more mobile devices 20, and an account correlating device 24.
- the term "merchant terminal” is used to describe a physical terminal, website, or other devices for providing functionality by a merchant at which a payment is originated.
- Merchant terminals can be embedded in POS equipment and can be "virtual" as in ecommerce website processing. Also, merchant terminals can be background devices where no card, customer, merchant, or goods are involved, such as when recurring payments are initiated for services.
- the "merchant terminal” may represent POS devices, merchant online systems, and other mechanisms owned/controlled by the merchant to conduct various modes of purchase.
- the merchant terminals may include any merchant systems used in different payment modes using one or more types of technologies (e.g. , EMV chip, magnetic stripe, NFC, e-commerce, etc.).
- the network 12 may include a wide area network, the Internet, private networks, and/or other publicly accessible networks. Also, the network 12 may include local area networks associated with various merchants. The network 12 may also be in communication with one or more cellular networks connected to the antennas 18.
- the user devices 14, merchant terminals 16, and antennas 18 may be connected by one or more wired or wireless connections to the network 12 to enable electronic communication among the various components.
- the wireless communication antennas 18 may include one or more cellular towers, orbiting satellites, or other wireless communication hubs for communication with the mobile devices 20.
- the account correlating device 24 could be a server, a web server, software running on a server, a hardware appliance, or any suitable intermediary computing device or means for providing various transaction services.
- the account correlating device 24 is also connected to a secure network 26, which is also connected via wired or wireless connections to one or more financial institutions 28 and one or more databases 30.
- the secure network 26 may be a private network, local area network, a virtual private network (VPN), or a public network with a high level of encryption.
- the account correlating device 24 may be configured to store information in the database 30 that directs one or several substitute accounts to an authentic account owned by a cardholder or customer of the financial institution 28. During a purchasing operation, the customer to whom a payment card has been issued may use the payment card as payment for merchandise or services.
- the payment card can be presented to a merchant at one of the merchant terminals 16. It should be noted that several merchant terminals 16 may be associated with the same merchant for obtaining account information through various modes. In fact, multiple merchant terminals 16 may be associated with a single device used by a merchant for obtaining information at a single POS device. Accordingly, the POS device may obtain information from the payment card by a first mode utilizing a microchip embedded in the card or by additional modes, which may involve the use of the NFC components or magnetic stripe on the card. In other transactions, such as online or telephone transactions, the card number printed and/or embossed on the card may be entered electronically or by an order- taking representative of the merchant.
- the payment card system 10 may instead be configured as a system for performing non-payment actions.
- the non-payment system may process other types of credentials for entities other than financial institutions.
- the account correlating device 24 uses the database 30 to associate arbitrary substitute account data values to details of a cardholder's valid credential.
- the arbitrary substitute account data values and valid credential details may be provided by the cardholding customer at the time of enrolling in a service provided by the account correlating device 24.
- the cardholding customer may change the valid credential details that are associated to the substitute account at any time using a mobile application on one of the mobile devices 20 or via a web service provided by the account correlating device 24 using a user device 14, which may be a conventional computer or web browser.
- the account correlating device 24 enables multiple valid credentials to be associated with multiple substitute accounts.
- the valid credentials may be financial or non- financial credentials.
- the account correlating device 24 enables valid credentials from the issuing cardholder financial institution 28 to be associated with the multiple substitute accounts. In one embodiment, the account correlating device 24 enables valid credentials from both issuing cardholder financial institution 28 as well as other financials or non-financial institutions to be associated with the multiple substitute accounts.
- the account correlating device 24 is deployed into the payment card system 10 such that all transactions presented by a merchant via one of the merchant terminals 16 for authorization against one of the multiple substitute accounts represented on each card are received by the account correlating device 24.
- the account correlating device 24 associates the multiple substitute accounts with one or more of the customer's valid credentials using a customizable rules engine, which is sensitive to one or more facts including, but not limited to, the current transaction data.
- the current transaction data may include, for example, but is not limited to, merchant category code, merchant ID, amount of transaction, substitute account number, service code, card security code, etc.
- the account correlating device 24 may also have access by way of the database 30 to data including, but not limited to, prior
- the geographic location may be determined, for example, by the Global Positioning System (GPS), proximity to radio signals such as Wi-FiTM, BluetoothTM, Bluetooth Low Energy beacons, ZigbeeTM, Z-waveTM, or any combination of these and other location-sensitive factors.
- GPS Global Positioning System
- the substitute accounts which can be associated with a valid credential, have themselves, unless otherwise associated, no balance or established credit and cannot be used to settle any transactions.
- the payment card system 10 may be used to provide security for the use of a payment card.
- the payment card system 10 may include a first merchant terminal 16 connected to a public network 12, wherein the first merchant terminal 16 is configured to obtain details of a first substitute account from a first set of information associated with a payment card owned by a cardholder.
- the payment card system 10 may include a second merchant terminal 16 connected to the public network 12, wherein the second merchant terminal 16 is configured to obtain details of a second substitute account from a second set of information associated with the payment card.
- the payment card system 10 also includes an account correlating device 24 connected to the public network 12.
- the account correlating device 24 is configured to receive the details of the first and second substitute accounts from the first and second merchant terminals 16, respectively.
- the account correlating device 24 is further configured to associate the first and second substitute accounts to valid credentials belonging to the cardholder.
- the account correlating device 24 also manages financial transactions between a financial institution 28, from which the cardholder retains the valid credential, and the first and second merchant terminals 16. Also, it should be noted that the first set of information is preferably different from the second set of information.
- the payment card system 10 may also include a third merchant terminal 16 connected to the public network 12, wherein the third merchant terminal 16 may be configured to obtain details of a third substitute account from a third and preferably different set of information associated with the payment card.
- the first set of information is obtained from a microchip on the payment card
- the second set of information is obtained from NFC components embedded in the payment card
- the third set of information is obtained from a magnetic stripe on the payments card
- the fourth set of information is obtained from card numbers printed and/or embossed on the payment card. Additional sets of information obtained from various other modes now known or later developed may also be obtained.
- the first, second, third, fourth and other sets of information may be generated by the financial institution.
- An alternative embodiment includes the payment card system 10 in which the payment card is devoid of a printed and/or embossed account number. Also, the payment card may be devoid of a magnetic stripe, or one of the other modes. In this case, the cardholder may use the payment card at a merchant terminal using only the microchip and/or NFC components, or the modes remaining on the card.
- a different set of account details may be communicated to the cardholder for conducting an online or telephone transaction.
- the different set of details may be mailed, emailed, or texted to the cardholder via a computer (e.g., user device 14) and/or via a mobile device 20.
- the mobile device 20 associated with the cardholder may be incorporated in the system 10.
- One of the merchant terminals 16 may be an online merchant device configured to conduct an online transaction, and the mobile device 20 may be configured to store, retrieve one generated from the account correlating device 24 or calculate a dynamic card verification value (d-CVV), which is
- one or more of the merchant terminals 16 may be embedded within point-of-sale (POS) devices.
- POS point-of-sale
- the user device 14 associated with the cardholder is configured to enable the cardholder to manage the substitute accounts and the valid credentials via the account correlating device 24.
- the account correlating device 24 is configured to enable the cardholder to enter enrollment information, monitor the activities of the substitute accounts, enable and disable one or more modes of conducting transactions with the payment card, report if the payment card has been lost or stolen, and provision information related to the various valid credentials.
- the account correlating device 24 may provide a website including one or more webpages enabling the cardholder to navigate the website potentially using the user device 14.
- FIGS. 2A and 2B illustrate a first type of payment card 36 according to various embodiments of the present invention.
- FIG. 2A shows a front side 38 of the payment card 36
- FIG. 2B shows a back side 40 of the payment card 36.
- the payment card 36 may include a name 42 of the financial institution 28, a microchip 44, a card number 46, a customer name 48, and an expiration date 50 on the front side 38 of the payment card 36.
- the card number 46 may be embossed in the payment card 36.
- the back side 40 of the payment card 36 may include a magnetic stripe 52, a signature box 54, and a card verification value (CVV) 56.
- the payment card 36 may further include NFC components, which may be embedded under the surface of the payment card 36, for enabling touchless transactions.
- the payment card 36 may be a plastic EMV microchip card that is issued by a card-issuing bank according to the issuing rules for one of several global branded payment card networks.
- the payment card 36 includes provisioning and personalization such that it may be used at any EMV-enabled merchant POS.
- the account details included in the microch ip 44 are not those of the primary card holder, but rather are arbitrary values generated by the card issuer.
- the account details may be referred to herein as "substitute account details.”
- the substitute account details are used as a stand-in for a valid credential but do not identify any particular customer. They refer instead to a substitute account generated by the card issuing bank but not associated with any particular valid credential.
- the microchip 44 and magnetic stripe 52 contain distinct payment account numbers, expiration dates, and other token account details for two different substitute accounts. Simply, the microchip 44 and magnetic stripe 52 appear to represent completely distinct payment accounts.
- a transaction performed with the microchip 44 at an EMV-enabled merchant will contain different account details than a transaction performed at a merchant using the magnetic stripe 52 on the same card 36.
- an NFC transaction may utilize payment account details that differ from the both the EMV- enabled mode and the magnetic stripe mode.
- the financial institution 28 provides the customer with substitute account details for use in electronic commerce and telephone commerce transactions such that the details are distinct from either the substitute account details for the microchip 44 or the magnetic stripe 52. It will be appreciated that facsimile, electronic mail, and other forms of electronic and telephone communication may also be used. It will also be appreciated that the substitute account details may be recorded on a mail order form for transactions conducted through the mail.
- the electronic commerce substitute account details may not be printed or embossed on the payment card 36 but provided separately to the customer, or may be printed or embossed on the payment card, depending upon the embodiment.
- FIGS. 3A and 3B illustrate a second type of payment card 60 according to various embodiments of the present invention.
- FIG. 3A shows a front side 62 of the payment card 60 and FIG.
- the payment card 60 may include a name 66 of the financial institution and a microchip 68 on the front side 62 of the payment card 60. It should be noted that the payment card 60 is devoid of a card number and the customer's name that may normally appear on a conventional payment card.
- the back side 64 of the payment card 60 may be blank or may simply include a name and address of the financial institution. The back side 64 is therefore devoid of a conventional magnetic stripe and CVV number.
- the payment card 60 has no pre-printed account number, embossed account data, expiration data, cardholder name, or other account data. By making the card anonymous and without including a human- readable account number, the trivial theft of account data from the face and back of the card can be prevented.
- the embodiment of FIG. 3 does not follow these present day rules. Nevertheless, the payment card 60 as described in the present disclosure can be carried in public without the risk of being lost or stolen, since the cardholder name and account number cannot be retrieved visually. For online, mail order, telephone, and similar transactions, a separate card or electronic file can be safely stored at the cardholder's home.
- the payment card 36, 60 may be formed from a plastic substrate.
- a first component e.g., the microchip 44
- the first component may be configured to provide details of a first substitute account associated with a cardholder's valid credentials.
- the payment card 36 of Fig 2 may also include additional components incorporated into the plastic substrate.
- the additional components are configured to provide details of additional substitute accounts associated with the cardholder's valid credentials.
- the first substitute account includes details that are distinct from the details of the second substitute account and are distinct from all additional substitute accounts. At least one of the first, second or additional substitute accounts is provided to a merchant (e.g. using a merchant terminal 16) for conducting a financial transaction with the merchant
- the merchant is configured to communicate the details of the at least one of the substitute accounts to the account correlating device 24 via the network 12.
- the account correlating device 24 is configured to associate at least one of the substitute accounts to one of the cardholder's valid credentials, and wherein the account correlating device 24 is further configured to manage financial transactions between the financial institution 28 associated with the cardholder's primary financial account and the merchant terminal 16 associated with the merchant.
- the payment card 36 of FIG. 2 may further include an additional component (e.g. , card number 46) incorporated in the plastic substrate.
- the card number can be printed and/or embossed on the plastic substrate.
- the payment card e.g. , payment card 60
- the details of the first, second and additional substitute accounts may be read from the first, second, and additional components by a point-of-sale (POS) device, such as the merchant terminal 16.
- POS point-of-sale
- some implementations may include use of the mobile device 20, which is associated with the cardholder.
- FIG. 4 is a block diagram showing an embodiment of the account correlating device 24 shown in FIG. 1 .
- the account correlating device 24 includes a security module 74, one or more web pages 76, a user account module 78, one or more network interfaces 80, and a transaction authentication module 82.
- the one or more network interfaces 80 are configured to enable communication on the first public network 12 and also to enable communication on the secure network 26.
- the user account module 78 allows a user, or customer, to perform a number of different actions related to the financial account and how the payment card 36, 60 can be used.
- the user account module 78 is described in more detail below with respect to FIG. 5.
- the security module 74 may include a random number generator for generating a temporary dynamic card verification value (d-CVV).
- the d-CVV may be communicated to the mobile device.
- the security module 74 may include an encryption engine for encrypting data transmitted over the public network 12.
- the account correlating device 24 may be configured as a web server that allows one or more users to access information from the web pages 76 and to establish a secure connection to enable the transfer of sensitive data, such as customer information, card numbers, etc.
- authentication module 82 is configured to authenticate a financial transaction using the payment card 36, 60.
- the token account details are protected by encryption using a cryptographic key, which can be provided by the security module 74.
- the cryptographic key is derived from a customer created password.
- the cryptographic key may instead depend on other data, including, but not limited to, the identity of the mobile device 20, the cardholding customer's identity number known to the security module 74 of the account correlating device 24, the country in which the cardholding customer registered for the computing service, a master key controlled by biometric authentication of the cardholder, such as fingerprint, iris scan, facial or voice recognition, or biorhythmic pattern matching one or more body rhythms including, but not limited to, pulse rate, epidermal conductivity, iris size, blink rate, encephalography,
- electrocardiography or other factors that are independently or in combination considered as biomarkers for individuality.
- Normal plastic cards may have a single three- or four-digit CVV imprinted on either the back or front of the card.
- Electronic commerce sites now routinely ask for this value to ensure the customer has the card in their possession. But since the CVV is a short num ber printed on the card, it can easily be stolen together with the card account data. Therefore, use of a dynamic CVV (d-CVV), which may be generated by the security module 74 at the time of the transaction, and good for only one transaction, prevents this form of theft.
- d-CVV dynamic CVV
- the d- CVV may apply to multiple transactions associated with a specific merchant or may be used multiple times according to other criteria, such as a range of days, certain days of the week, area code of merchant, category of purchase, etc.
- a mobile application running on a mobile device 20 associated with the cardholder may be configured to retrieve the d-CVV on demand.
- a web site provided by the account correlating device 24 may be used when the mobile device 20 is unavailable. Therefore, in this case, the account correlating device 24 may generate the d-CVV.
- system 10 may alternatively be applied to non-payment uses.
- the system 10 may be used for replacing some form of identifier with a token or substitute identifier.
- identifiers might include social security numbers (in the U.S.), public health identification numbers, loyalty programs, other forms of account numbers where a risk of disclosure, identity theft, or other fraud might be possible using the genuine number.
- the account correlating device 24 may also find application to provide limited transaction access to protected record sets such as medical records requests, laboratory results, credit inquiries, professional licensing, commercial licensing, and other forms of relying party inquiries which utilize a government or enterprise issued identifying account number.
- the payment card system 10 may also be used in some transactions for non-payment uses which could include driving licenses, border control documents, building and resource access cards, and gift cards.
- the payment card 36, 60 may use one or more of the modes for non-payment uses while still using one or more of the modes for payment transactions using separate substitute account details for different modes.
- the account correlating device 24 may include at least one network interface 80 configured to communicate with a plurality of merchant terminals 16 via the first public network 12 and to communication with the financial institution 28 via the secure network 26.
- the financial institution 28 may be a bank that issues the payment card 36, 60 to the cardholder.
- the account correlating device 24 may also include the transaction authentication module 82 configured to authenticate a first financial transaction for a first merchant terminal of the plurality of merchant terminals 16 based on a first set of details obtained by the first merchant terminal of a first substitute account associated with a payment card 36, 60 owned by a cardholder.
- the transaction authentication module 82 may be further configured to authenticate a second financial transaction for a second merchant terminal of the plurality of merchant terminals 16 based on a second, different set of details obtained by the second merchant terminal of a second substitute account associated with the payment card 36, 60 owned by the cardholder.
- the transaction authentication module 82 may be further configured to determine if the substitute accounts correspond to valid credential of the cardholder. The transaction authentication module 82 may be further configured to determine if the received substitute account details correspond to the expected substitute account details for the mode of payment card that was used. The transaction authentication module 82 is further configured to manage financial transactions between the financial institution 28 and the first and second merchant terminals 16. The transaction authentication module 82 is further configured to authenticate additional financial transactions for additional merchant terminals of the plurality of merchant terminals 16 based on additional set of details obtained by the additional merchant terminals of additional substitute accounts associated with the primary account of the payment card 36, 60 owned by the cardholder.
- the first set of details may be obtained from a microchip 44 on the payment card 36, 60
- the second set of details may be obtained from a magnetic stripe 52 on the payment card 36
- a third set of details may be obtained from card numbers 46 printed and/or embossed on the payment card 36.
- the network interface 80 may be further configured to
- the network interface 80 may be further configured to receive instructions from the remote device 14, 20 to enable the cardholder to manage a primary account associated with the payment card 36, 60, wherein managing the primary account includes at least one of entering enrollment information 86, monitoring 94 the activities of the primary account, enabling and disabling 90 one or more modes of conducting transactions with the payment card, reporting 92 that the payment card has been lost or stolen, and provisioning 88 information related to the first and second substitute accounts.
- FIG. 5 is a block diagram showing an embodiment of the user account module 78 shown in FIG. 4.
- the user account module 78 includes an enrollment module 86, a provisioning module 88, an enabling module 90, a reporting module 92, and a monitoring module 94.
- a user may access the user account module 78 using a mobile application running on the cardholder's mobile device 20 or by accessing a web site provided by the account correlating device 24 using the cardholder's user device 14.
- the user account module 78 enables the cardholding customer to establish and manage rules which the account correlating device 24 implements on the cardholding customer's behalf.
- rules may be sensitive to one or more facts known to the cardholding customer, including, but not limited to, payment value, merchant ID, local time and date encoded in a transaction message, the distance of registered location of the merchant from the geographic location of the
- the cardholding customer's mobile device at the time of the transaction the local currency of the transaction, the country in which the transaction is presented, the country in which the merchant is established, whether the transaction is presented as a magnetic stripe transaction, as an EMV transaction, or as an electronic commerce, telephone, or mail order transaction, and the method of cardholder verification such as one or more of, but not limited to, entry of a personal identification number (PIN) code into the merchant POS terminal, signing a receipt, entering a passcode into a mobile device, and fingerprint or other biometric identification method.
- PIN personal identification number
- the enrollment module 86 may be configured to enable a cardholder to enroll additional substitute accounts and additional valid credentials.
- the enabling module 90 may be used to allow the cardholder to enable or disable certain modes or types of transactions depending on the various uses that the cardholder may anticipate based on various criteria, or to enable or disable specific transactions themselves, prior to their authentication.
- the enabling module 90 may be used to allow the cardholder to nominate which valid credential a payment will be charged against in a variety of scenarios or criteria.
- the reporting module 92 allows the user to report if the payment card 36, 60 has been lost or stolen.
- One embodiment of the reporting module 92 may enable the account correlating device 24 to report manually or automatically relevant information to the user or financial institution 28, including reporting potentially fraudulent activity across the substitute account details and/or payment card.
- the monitoring module 94 allows the user to view previous transactions to monitor all activity of the card.
- the provisioning module 88 may allow the user to separately distinguish the multiple different sets of substitute account details.
- Conventional card issuing systems may assume that certain data elements are shared among the microchip, magnetic stripe, and printed/embossed card number. However, as opposed to the
- the provisioning module 88 allows the provisioning of each of these and further elements using separate data elements.
- the provisioning module 88 is configured to separately identify these multiple distinct sets of substitute account data, which may be stored in a common provisioning data file conveyed during card provisioning steps.
- a cardholder may become subject to unauthorized use of their payment card 36, 60 if it is lost or stolen.
- a thief may be able to use the N FC features for purchases under to certain spending threshold (e.g. , $100), the thief will normally not be able to use the EMV features of the card without the
- the cardholder's PIN code which can be entered during the provisioning process using the provisioning module 88. Also, the stolen card cannot be used for electronic or telephone commerce due to the distinct account details for this separate transaction mode.
- the provisioning module 88 may further include receiving identifying information of the cardholder that is not printed on the payment card 36, 60. According to some embodiments, the
- provisioning module 88 may set up the cardholder's usage rules by requiring the presence of the cardholder's mobile device 20 in conjunction with the transaction using the payment card 36, 60. Also, the mobile application of the mobile device 20 may be used to instantly block transactions from a stolen card that is reported stolen by the reporting module 92.
- the user account module 78 might configure its rules to prevent magnetic stripe transactions unless they are unlocked each time by the cardholder using the mobile application on the mobile device 20. This latter method would effectively prevent the use of counterfeit magnetic stripe cards.
- the user account module 78 might also configure its rules to prevent transactions from any and all different modes, or to prevent transactions that fall under certain criteria, unless they are unlocked each time by the cardholder.
- a mobile application is available on the cardholding customer's primary mobile device 20.
- the mobile application may be used by the cardholding customer to enroll a substitute account or valid credential into the account correlating device 24, control the provisions or associations of the valid credentials with the one or more substitute account details provisioned to the payment card.
- the mobile application also allows the user to enable or disable the authorization of transactions presented with any of the substitute accounts provisioned to the plastic payment card, report the payment card as lost or stolen, and as an additional authentication factor for sensitive or high-value or high-risk transactions.
- the mobile device 20 may also store substitute account details, which may be associated with "card present" transactions and "card not present” transactions, in memory.
- substitute account details may be stored in the memory and can be recalled by the customer by entering a password and/or another authentication factor into the mobile device 20.
- the mobile application securely holds the electronic commerce substitute account details and displays them for the user upon proper authentication with password, biometrics, and/or other factors.
- the substitute account details are transmitted by account correlating device 24 and are received by the mobile device 20, which can then be recalled by the customer by entering a password and/or another authentication factor into the mobile device 20.
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Physics & Mathematics (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
Description
Claims
Priority Applications (7)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
MX2018002007A MX2018002007A (en) | 2015-08-17 | 2016-08-17 | Payment devices having multiple modes of conducting financial transactions. |
EP16837748.9A EP3338230A4 (en) | 2015-08-17 | 2016-08-17 | Payment devices having multiple modes of conducting financial transactions |
SG11201801267RA SG11201801267RA (en) | 2015-08-17 | 2016-08-17 | Payment devices having multiple modes of conducting financial transactions |
AU2016308150A AU2016308150B2 (en) | 2015-08-17 | 2016-08-17 | Payment devices having multiple modes of conducting financial transactions |
CA2996145A CA2996145A1 (en) | 2015-08-17 | 2016-08-17 | Payment devices having multiple modes of conducting financial transactions |
CN201680060587.2A CN108475374B (en) | 2015-08-17 | 2016-08-17 | Payment device with multiple modes for conducting financial transactions |
BR112018003090A BR112018003090A2 (en) | 2015-08-17 | 2016-08-17 | payment devices having multiple ways of conducting financial transactions |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201562282991P | 2015-08-17 | 2015-08-17 | |
US62/282,991 | 2015-08-17 | ||
US15/239,122 | 2016-08-17 | ||
US15/239,122 US11157895B2 (en) | 2015-08-17 | 2016-08-17 | Payment devices having multiple modes of conducting financial transactions |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2017031198A1 true WO2017031198A1 (en) | 2017-02-23 |
Family
ID=58051305
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2016/047329 WO2017031198A1 (en) | 2015-08-17 | 2016-08-17 | Payment devices having multiple modes of conducting financial transactions |
Country Status (7)
Country | Link |
---|---|
US (1) | US11157895B2 (en) |
AU (1) | AU2016308150B2 (en) |
BR (1) | BR112018003090A2 (en) |
CA (1) | CA2996145A1 (en) |
MX (1) | MX2018002007A (en) |
SG (1) | SG11201801267RA (en) |
WO (1) | WO2017031198A1 (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11147459B2 (en) * | 2018-01-05 | 2021-10-19 | CareBand Inc. | Wearable electronic device and system for tracking location and identifying changes in salient indicators of patient health |
US10729211B2 (en) | 2018-04-12 | 2020-08-04 | CareBand Inc. | Wristband locking mechanism, wristband, wearable electronic device and method of securing an article to a person |
US11978555B2 (en) | 2020-04-08 | 2024-05-07 | CareBand Inc. | Wearable electronic device and system using low-power cellular telecommunication protocols |
US11961088B2 (en) * | 2020-04-21 | 2024-04-16 | Jpmorgan Chase Bank, N.A. | System and method for providing temporal card verification value (CVV) for secure online transaction processing |
US11503434B2 (en) * | 2020-04-22 | 2022-11-15 | CareBand Inc. | Method and system for connectivity between a personal area network and an internet protocol network via low power wide area network wearable electronic device |
DE102021004951A1 (en) * | 2021-10-01 | 2023-04-06 | Giesecke+Devrient Mobile Security Gmbh | Card-shaped data carrier |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5276311A (en) * | 1989-03-01 | 1994-01-04 | Hartmut Hennige | Method and device for simplifying the use of a plurality of credit cards, or the like |
US20030111527A1 (en) * | 2000-12-06 | 2003-06-19 | George Blossom | Selectable multi-purpose card |
US20080017720A1 (en) * | 2006-07-06 | 2008-01-24 | Kranzley Arthur D | Multi-use payment card and methods of using same |
US20100268648A1 (en) * | 2009-03-27 | 2010-10-21 | Mark Wiesman | Methods and systems for using an interface and protocol extensions to perform a financial transaction |
US20140006277A1 (en) * | 2011-09-29 | 2014-01-02 | Raj Rao | System and method for providing smart electronic wallet and reconfigurable transaction card thereof |
US20140258102A1 (en) * | 2001-07-24 | 2014-09-11 | Jpmorgan Chase Bank, N.A. | Multiple account advanced payment card and method of routing card transactions |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4443027A (en) | 1981-07-29 | 1984-04-17 | Mcneely Maurice G | Multiple company credit card system |
US9251637B2 (en) | 2006-11-15 | 2016-02-02 | Bank Of America Corporation | Method and apparatus for using at least a portion of a one-time password as a dynamic card verification value |
US20090187507A1 (en) * | 2006-12-20 | 2009-07-23 | Brown Kerry D | Secure financial transaction network |
US7922082B2 (en) | 2008-01-04 | 2011-04-12 | M2 International Ltd. | Dynamic card validation value |
EP2467817A4 (en) | 2009-07-07 | 2014-04-09 | Richard H Chenot | Systems and methods for per-transaction financial card enabled personal financial management |
US8615468B2 (en) | 2010-01-27 | 2013-12-24 | Ca, Inc. | System and method for generating a dynamic card value |
US20120153028A1 (en) | 2010-12-15 | 2012-06-21 | Poznansky Amir | Transaction Card with dynamic CVV |
-
2016
- 2016-08-17 SG SG11201801267RA patent/SG11201801267RA/en unknown
- 2016-08-17 US US15/239,122 patent/US11157895B2/en active Active
- 2016-08-17 MX MX2018002007A patent/MX2018002007A/en unknown
- 2016-08-17 BR BR112018003090A patent/BR112018003090A2/en not_active Application Discontinuation
- 2016-08-17 WO PCT/US2016/047329 patent/WO2017031198A1/en active Application Filing
- 2016-08-17 AU AU2016308150A patent/AU2016308150B2/en active Active
- 2016-08-17 CA CA2996145A patent/CA2996145A1/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5276311A (en) * | 1989-03-01 | 1994-01-04 | Hartmut Hennige | Method and device for simplifying the use of a plurality of credit cards, or the like |
US20030111527A1 (en) * | 2000-12-06 | 2003-06-19 | George Blossom | Selectable multi-purpose card |
US20140258102A1 (en) * | 2001-07-24 | 2014-09-11 | Jpmorgan Chase Bank, N.A. | Multiple account advanced payment card and method of routing card transactions |
US20080017720A1 (en) * | 2006-07-06 | 2008-01-24 | Kranzley Arthur D | Multi-use payment card and methods of using same |
US20100268648A1 (en) * | 2009-03-27 | 2010-10-21 | Mark Wiesman | Methods and systems for using an interface and protocol extensions to perform a financial transaction |
US20140006277A1 (en) * | 2011-09-29 | 2014-01-02 | Raj Rao | System and method for providing smart electronic wallet and reconfigurable transaction card thereof |
Also Published As
Publication number | Publication date |
---|---|
AU2016308150B2 (en) | 2022-05-19 |
MX2018002007A (en) | 2018-11-09 |
US20170053267A1 (en) | 2017-02-23 |
CA2996145A1 (en) | 2017-02-23 |
SG11201801267RA (en) | 2018-05-30 |
US11157895B2 (en) | 2021-10-26 |
AU2016308150A1 (en) | 2018-03-08 |
BR112018003090A2 (en) | 2018-09-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20210073821A1 (en) | Proxy device for representing multiple credentials | |
AU2015259162B2 (en) | Master applet for secure remote payment processing | |
US10706136B2 (en) | Authentication-activated augmented reality display device | |
AU2016308150B2 (en) | Payment devices having multiple modes of conducting financial transactions | |
US9361619B2 (en) | Secure and convenient mobile authentication techniques | |
US8281991B2 (en) | Transaction secured in an untrusted environment | |
US20160239833A1 (en) | Methods and systems for processing an electronic payment | |
US20090055319A1 (en) | Novel card-less, name-less, number-less, and paper-less method and system of highly secure completely anonymous customer-merchant transactions | |
US20110010289A1 (en) | Method And System For Controlling Risk Using Static Payment Data And An Intelligent Payment Device | |
US20190080330A1 (en) | Biometric-based transaction authentication system | |
CN108475374B (en) | Payment device with multiple modes for conducting financial transactions | |
Almuairfi et al. | Anonymous proximity mobile payment (APMP) | |
US20020073315A1 (en) | Placing a cryptogram on the magnetic stripe of a personal transaction card | |
EP4020360A1 (en) | Secure contactless credential exchange | |
US20140008432A1 (en) | Method for hub and spokes pin verification for credit cards with card information stored in a magnetic stripe | |
WO2022159345A1 (en) | Mobile user authentication system and method | |
CN108780547B (en) | Proxy device for representing multiple certificates | |
US20230245125A1 (en) | Identity verification using a virtual credential | |
GB2469029A (en) | Internet payment card verification using mobile location |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 16837748 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: MX/A/2018/002007 Country of ref document: MX |
|
ENP | Entry into the national phase |
Ref document number: 2996145 Country of ref document: CA |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 2016308150 Country of ref document: AU Date of ref document: 20160817 Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2016837748 Country of ref document: EP |
|
REG | Reference to national code |
Ref country code: BR Ref legal event code: B01A Ref document number: 112018003090 Country of ref document: BR |
|
WWE | Wipo information: entry into national phase |
Ref document number: 11201801267R Country of ref document: SG |
|
ENP | Entry into the national phase |
Ref document number: 112018003090 Country of ref document: BR Kind code of ref document: A2 Effective date: 20180216 |