WO2018004475A1 - A remote payment system and method - Google Patents

A remote payment system and method Download PDF

Info

Publication number
WO2018004475A1
WO2018004475A1 PCT/TR2016/000175 TR2016000175W WO2018004475A1 WO 2018004475 A1 WO2018004475 A1 WO 2018004475A1 TR 2016000175 W TR2016000175 W TR 2016000175W WO 2018004475 A1 WO2018004475 A1 WO 2018004475A1
Authority
WO
WIPO (PCT)
Prior art keywords
payment
electronic device
financial institution
management system
access management
Prior art date
Application number
PCT/TR2016/000175
Other languages
French (fr)
Inventor
Mesru KOPRULU
Original Assignee
Turkcell Teknoloji Arastirma Ve Gelistirme Anonim Sirketi
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to TR201608895 priority Critical
Priority to TR2016/08895 priority
Application filed by Turkcell Teknoloji Arastirma Ve Gelistirme Anonim Sirketi filed Critical Turkcell Teknoloji Arastirma Ve Gelistirme Anonim Sirketi
Publication of WO2018004475A1 publication Critical patent/WO2018004475A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • G06Q20/425Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • G06Q20/027Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP] involving a payment switch or gateway
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • G06Q20/123Shopping for digital content
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3223Realising banking transactions through M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices using wireless devices
    • G06Q20/325Payment architectures, schemes or protocols characterised by the use of specific devices using wireless devices using wireless networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transaction

Abstract

The present invention relates to a remote payment system (1) and method (100) which considerably facilitates user verification transaction without affecting security during payment transaction being carried out over internet connection provided from mobile operator network.

Description

DESCRIPTION

A REMOTE PAYMENT SYSTEM AND METHOD Technical Field

The present invention relates to a remote payment system and method which considerably facilitates user verification transaction without affecting security during payment transaction being carried out over internet connection provided from mobile operator network.

Background of the Invention

Today, internet usage in commerce and shopping becomes widespread at a fast pace upon communication technologies develop and accelerate. For shopping carried out in digital environments, security issue has always been accepted as one of the issues of the highest priority. Customers usually hesitate sharing their credit card information during payment transaction in the course of shopping done in websites. Today, different verification methods are used for payments which are made remotely by credit card in electronic commerce and mobile commerce transactions. Some of these methods verify credit card while the others verify credit card user. It is very important to verify the user and to guarantee that the card is not being used by another person in payment transactions made by credit card. At the present time, the most reliable method accepted all over the world and by all authorities is 3 Dimensional Security (3-D Secure) verification.

In secure payment systems with 3 Dimensional Security System used in the state of the art, the user firstly enters the website or the mobile application of the merchant and then proceeds to the payment step after completing the shopping. In this step, the user selects the payment method and gives payment order by entering his/her information. After the payment order is received, the merchant initiates the payment transaction to be carried out by 3 Dimensional Security System. Card information such as for example credit card -which are entered by the user in order that the payment transaction is carried out over current merchant plug-in (MPI) application- are queried by access management system (ACS Access Control System) of a financial institution such as bank with which the card is connected and if it is determined that the card is available for payment transaction as a result of the query transaction, information of the said 3 Dimensional Security Verification page are received. Thereupon, the merchant plug-in directs the electronic device of the user who makes contact with the merchant such as for example mobile phone, smartphone, tablet computer to the 3 Dimensional Security Verification page of the financial institution. After the electronic device is directed to the 3 Dimensional Security Verification page, the access management system receives the demand for 3 Dimensional Security Verification and fulfils this demand. In order that the demand is fulfilled, the access management system sends a single-use password to the user's phone number included in the records of the financial institution and associated with the related card and it asks the user to enter this password reaching his/her phone to the related part in the 3 Dimensional Security Verification page. The access management system compares the password sent to the user with the password entered to the related part in the 3 Dimensional Security Verification page by the user and completes the verification transaction. In the event that the password entered by the user is verified, the access management system composes return message in an encrypted way, signs it based on the pre-determined protocols and sends the message comprising the 3 dimensional security verification codes in thereof to the merchant plug-in over the messaging connection established with the user's electronic device. Then, the user's electronic device is directed to the merchant plug-in and it receives reply from the merchant plug-in. The merchant plug-in verifies the signed message received from the access management system and sends payment request to the merchant financial institution. And the merchant financial institution receives provision approval by sending it to the financial institution which is associated with the card used in the payment transaction over common network infrastructure together with the 3 dimensional security verification codes. The United States patent document no. US2012231771 discloses a method and system for a remote payment authorization. A customer uses a computer in order to browse a product displayed on the internet. The customer enters a unique number into the computer. This unique number is authorized and an authorization code is sent to the customer's communication device. The customer enters the authorization code into the computer to complete the transaction.

The Turkish patent document no. TR200801801 discloses a method and system for transmitting commercial transaction data over a mobile phone without using a credit card between a member business and a customer. The system operating according to the said method enters the mobile number of the customer and the payment amount to the webpage specific to the business and then transmits the provision demand to the bank server; if the number is registered in the system, the bank server queries whether the credit card status is available for carrying out transaction or not; in the event that the customer approves the transaction, s/he replies by entering the credit card password to the SMS sent to his/her phone; it is controlled by the bank server whether the credit card password is correct or not; if it is correct, provision is given to the business for the transaction.

The South Korea patent document no. KR101550825 discloses a system for user identity authentication during online payment. In the said system, the card information -whereby payment would be made- are received and then the phone number matched with the related card is sent to the network management unit. In the invention, this number sent is compared with the phone number obtained over a wireless network. If the result of the comparison is positive, the user identity authentication is completed.

Summary of the Invention

An objective of the present invention is to realize a remote payment system and method which considerably facilitates user verification transaction without affecting security during payment transaction being carried out over internet connection provided from mobile operator network.

Detailed Description of the Invention

"A Remote Payment System and Method" realized to fulfill the objective of the present invention is shown in the figures attached, in which:

Figure 1 is a schematic view of the inventive system.

Figure 2 is a flow chart of the inventive method.

Figure 3 is a continuation the flow chart included in the Figure 2.

The components illustrated in the figures are individually numbered, where the numbers refer to the following:

1. System

2. Mobile communication network

3. Electronic device

4. Electronic device identity detection unit

5. Merchant's server

6. Payment intermediary financial institution access management system

7. Merchant financial institution

8. Electronic device identity query unit

9. Payment intermediary financial institution's 3 dimensional security verification system

100. Method

Persons or institutions who send a payment order comprising of a payment intermediary such as credit card to a merchant over mobile internet by means of an electronic device such as mobile phone, smart phone, tablet computer by using mobile internet service provided by a mobile network operator are referred as user within the description. Persons or institutions who receive the payment orders sent via the users by using mobile internet service through their electronic devices are referred as merchant within the description.

An institution such as bank with which the payment intermediary stated by the user is associated is referred as payment intermediary financial institution within the description. An institution such as bank wherein the merchant's financial accounts are located are referred as merchant financial institution within the description.

The inventive remote payment system (1) which considerably facilitates user verification transaction without affecting security during remote payment transaction being carried out over mobile internet connection provided by mobile network operator essentially comprises:

at least one mobile network operator (not shown in the figures) which provides a mobile communication service for example such as mobile internet service over a mobile communication network (2) in global system for mobile communications (GSM) for its subscribers;

at least one electronic device (3) which essentially has at least one private number, in other words a phone number, that is assigned by the mobile network operator order to benefit from services such as mobile internet provided by the mobile network operator order; and enables to give payment order that comprises the payment intermediary information determined at least by the user for the payment transaction of a good or service received from e merchant over the said mobile internet service;

at least one electronic device identity detection unit (4) which is located within the mobile network operator and enables to detect the private number of the electronic device (3) that is assigned at least by the mobile network operator based on the IP (Internet Protocol) address of the electronic device (3) using mobile internet during the usage of mobile internet; at least one merchant's server (5) which receives the payment order that is sent over mobile internet through the electronic device (3) by the user; and is in communication with the payment intermediary financial institution in order to control validity and accuracy of the payment intermediary information that are stated in the said payment order;

at least one payment intermediary financial institution access management system (6) which is located within the payment intermediary financial institution; is in communication with the electronic device (3), the electronic device identity detection unit (4) and the merchant's server (5); receives the payment intermediary information inside the payment order that is sent by the user from the merchant's server (5) and controls whether the said payment intermediary is valid or not; if the payment intermediary is not valid, sends message to the merchant's server (5) about the fact that the payment intermediary is not valid in order that the user is informed; if the payment intermediary is valid, sends information -that are necessary for the electronic device (3) to be able to send message to it automatically in order that the security transactions required for realizing the payment are carried out- to the merchant's server (5); when a message reaches it from the electronic device (3), compares the private number of the electronic device (3) detected by the electronic device identity detection unit (4) with the private number of the electronic device (3) that is registered in itself and associated with the related payment intermediary previously; if it detects as a result of the comparison transaction that the two numbers compared are same with each other, gives security approval for making the payment order of which is sent by the user; and sends the information related to this approval to the merchant's server (5);

at least one merchant financial institution (7) which is in communication with the merchant's server (5) and the payment intermediary financial institution; and demands provision from the payment intermediary financial institution for realizing the payment by receiving the information related to the security approval that is sent to the merchant's server (5) by the payment intermediary financial institution access management system (6) and getting in contact with the payment intermediary financial institution.

The inventive remote payment system (1 ) also comprises at least one electronic device identity query unit (8) which is located within the mobile network operator; in communication with the payment intermediary financial institution access management system (6); and enables to determine the identity of the electronic device (3) comprising at least the private number of the electronic device (3) by carrying out query transaction on the payment intermediary financial institution access management system (6) with the IP information of an electronic device (3).

The mobile network operator included in the inventive remote payment system ( 1 ) enables its subscribers to benefit from services such as short message, call and internet in global system for mobile communications over the mobile communication network (2) by means of their electronic devices (3) over a private number assigned for them, in other words phone number, by it.

The electronic device (3) included in the inventive remote payment system (1) is a device such as mobile phone, smart phone, tablet computer which enable a user to benefit from services such as short message, call and internet provided over a mobile network (2) by a mobile network operator over a private number assigned for the user by the mobile network operator. In one preferred embodiment of the invention, the user sends the payment order -which comprises at least the information of a payment intermediary for example such as credit card whereby the payment will be made in thereof for the product or service bought from a merchant's application that can be run on the electronic device (3) or website by means of his/her electronic device (3)- to the merchant's server (5) over the mobile internet provided by the mobile network operator by means of the electronic device (3). The electronic device identity detection unit (4) included in the inventive remote payment system (1) is located within the mobile network operator and when the electronic device (3) utilizes the internet provided by the mobile network operator, it detects the IP (Internet Protocol) address information used by the electronic device (3) and thus accesses the private number of the electronic device (3) -which is assigned at least by the mobile network operator- from this IP address information detected. In one preferred embodiment of the invention, the electronic device identity detection unit (4) detects the private number related to the said electronic device (3) from the IP information of the electronic device (3) sending the message, inserts the said private number detected into the message as well and thereby ensures that the message accesses the payment intermediary financial institution access management system (6) if the message sent by the electronic device (3) is not encrypted by an encryption technique for example such as secure socket layer (SSL) during sending message from the electronic device (3) to the payment intermediary financial institution access management system (6) automatically in order that security verification transaction is carried out by the payment intermediary financial institution access management system (6). In an alternative embodiment of the invention, the payment intermediary financial institution access management system (6) can carry out query transaction in the electronic device identity detection unit (4) in order to determine the private number of the electronic device (3) by connecting to the electronic device identity detection unit (4). The merchant's server (5) included in the inventive remote payment system (1 ) is in communication with the electronic device (3), the payment intermediary financial institution access management system (6) and the electronic device identity query unit (8). The merchant's server (5) receives the payment order that is received over the mobile internet provided by the mobile network operator from the electronic device (3) and comprises at least the information related to a payment intermediary for example such as credit card whereby it is desired to make payment in thereof. The merchant's server (5) gets in contact with the payment intermediary financial institution access management system (6) after it receives the payment order and sends the payment intermediary information included in the payment order to the payment intermediary financial institution access management system (6) so as to be controlled whether the payment intermediary is valid or not. If it is determined by the payment intermediary financial institution access management system (6) that the payment intermediary is not valid, the merchant's server (5) informs the user over the electronic device (3) about the fact that the payment intermediary included in the payment is not valid. The merchant's server (5) receives the information - which are required for the electronic device (3) to send message to the payment intermediary financial institution access management system (6) automatically- from the payment intermediary financial institution access management system (6) and sends the said information to the electronic device (3) if it is determined by the payment intermediary financial institution access management system (6) that the payment intermediary is valid. In one preferred embodiment of the invention, the merchant's server (5) connects to the merchant financial institution (7) by receiving the information related to the said approval from the payment intermediary financial institution access management system (6) and triggers the merchant financial institution (7) on the subject of receiving provision from the payment intermediary financial institution for carrying out the payment transaction if the payment transaction is approved after the security approval transaction carried out by the payment intermediary financial institution access management system (6). The merchant's server (5) gets in contact with the electronic device (3) by receiving the acknowledgement related to the said transaction from the payment intermediary financial institution access management system (6) and informs the user over the electronic device (3) about the fact that the security verification approval cannot be taken related to the payment transaction if the payment transaction is not approved after the security approval transaction carried out by the payment intermediary financial institution access management system (6). In one preferred embodiment of the invention, messagings between the merchant's server (5) and the payment intermediary financial institution access management system (6) are carried out over at least one merchant plug-in (MPI) interface.

The payment intermediary financial institution access management system (6) included in the inventive remote payment system (1) is located within the payment intermediary financial institution and it is in communication with the electronic device (3), the electronic device identity detection unit (4) and the merchant's server (5). The payment intermediary financial institution access management system (6) receives the payment order sent by the merchant's server (5) and comprising at least the payment intermediary information in thereof and it controls whether the said payment intermediary is valid or not by means of the information recorded in thereof. The payment intermediary financial institution access management system (6) sends message to the merchant's server (5) about the fact that the payment intermediary is not valid in order that the user is informed by getting in contact with the merchant's server (5) if it detects that the payment intermediary is not valid as a result of the controlling transaction. The payment intermediary financial institution access management system (6) sends information necessary for the electronic device (3) to send message to itself automatically in order to carry out verification security transactions required for making the payment by getting in contact with the merchant's server (5) if it detects that the payment intermediary is valid as a result of the controlling transaction. In one preferred embodiment of the invention, the payment intermediary financial institution access management system (6) carries out the security verification transaction when message is received from the electronic device (3). The payment intermediary financial institution access management system (6) receives the message -which is sent by the electronic device (3) and wherein the private number of the electronic device (3) is inserted by the electronic device identity detection unit (4)- over the electronic device identity detection unit (4) if the message received from the electronic device (3) is not encrypted by an encryption technique for example such as secure sockets layer (SSL). The payment intermediary financial institution access management system (6) compares the private number of the electronic device (3) included inside the message coming thereupon with the private number of the electronic device (3) registered in thereof and associated with the related payment intermediary previously. The payment intermediary financial institution access management system (6) gives security approval on the subject of making the payment -order of which is sent by the user- and sends the information related to this approval to the merchant's server (5) if it detects that the two numbers compared are same with each other as a result of the comparison transaction. If the message reaching the payment intermediary financial institution access management system (6) from the electronic device (3) is encrypted by an encryption technique for example such as secure socket layer (SSL); the payment intermediary financial institution access management system (6) opens the incoming message, creates a key, associates the created key to the said information inside the message and records them in one embodiment of the invention. Then, the payment intermediary financial institution access management system (6) creates a directing message which comprises the key that is created in order that the electronic device (3) is directed to the page that can be accessed by unencrypted messaging and has another address (URL) belonging to it so that its private number is detected, and the said address information and it sends this directing message created to the electronic device (3). After the electronic device (3) receiving the directing message is automatically directed to the address included inside the message, the electronic device identity detection unit (4) detects the private number of the electronic device (3) from the IP address of the electronic device (3) that is directed to the unencrypted page. The electronic device identity detection unit (4) sends the message comprising the said private number information to the payment intermediary financial institution access management system (6) together with the key information. The payment intermediary financial institution access management system (6) detects the private number of the user who is recorded by it previously by associating it to the keys from the key information inside the message coming from the electronic device identity detection unit (4) and it compares this number with the private number inside the message coming from the electronic device identity detection unit (4). If the payment intermediary financial institution access management system (6) detects that the two numbers compared are same with each other as a result of the comparison transaction, it gives security approval on the subject of making the payment order of which is sent by the user and sends the information related to this approval to the merchant's server (5). In an alternative embodiment of the invention, the payment intermediary financial institution access management system (6) detects the IP information of the electronic device (3) from inside the message coming from the electronic device (3) if the message coming from the electronic device (3) to the payment intermediary financial institution access management system (6) is encrypted by an encryption technique for example such as secure sockets layer (SSL) after it is detected by the payment intermediary financial institution access management system (6) that the payment intermediary is valid. The payment intermediary financial institution access management system (6) queries the private number of the electronic device (3) using the IP information detected on the electronic device identity detection unit (4), by connecting to the electronic device identity detection unit (4) after detecting the IP information of the electronic device (3). The payment intermediary financial institution access management system (6) compares the private number of the electronic device (3) obtained as a result of the query transaction with the private number of the electronic device (3) that is registered in itself and associated with the related payment intermediary previously. The payment intermediary financial institution access management system (6) gives security approval for making the payment order of which is sent by the user and sends the information related to this approval to the merchant's server (5) if it detects as a result of the comparison transaction that the two numbers compared are same with each other. The merchant financial institution (7) included in the inventive remote payment system (1) is in communication with the merchant's server (5) and the payment intermediary financial institution. The merchant financial institution (7) gets in contact with the payment intermediary financial institution by receiving the information related to the security verification approval coming from the merchant's server (5) and it demands provision from the payment intermediary financial institution for realizing the payment.

The inventive remote payment system (1) also comprises at least one payment intermediary financial institution's 3 dimensional security verification system (9) which is included within the intermediary financial institution; in communication with the payment intermediary financial institution access management system (6) and the electronic device (3); and in the event that the two numbers -which are compared as a result of the comparison transaction for the private number of the electronic device (3) that is detected by the electronic device identity detection unit (4) with the private number of the electronic device (3) that is registered in the payment intermediary financial institution access management system (6) and associated with the related payment intermediary previously when a message reaches the payment intermediary financial institution access management system (6) from the electronic device (3) by the payment intermediary financial institution access management system (6)- are different from each other, it gets in contact with the electronic device (3) in accordance with the acknowledgement received from the payment intermediary financial institution access management system (6); and creates a single-use password for the user to approve the payment transaction by entering the display opening on his/her electronic device (3) and sends this created password to the electronic device (3); takes the value entered to the electronic device (3) by the user in a pre-determined period of time and compares the said value with the created password and gives security approval for making the payment order of which is sent by the user if it detects that the value entered to the electronic device (3) by the user and the created password are same with each other as a result of the comparison transaction and sends the information related to this approval to the payment intermediary financial institution access management system (6) so as to be sent to the merchant's server (5); if it detects that the value entered to the electronic device (3) and the created password are different than each other as a result of the comparison transaction, gives information to the payment intermediary financial institution access management system (6) in order that the user is informed about the fact that the transaction cannot be carried out for security reasons by not giving security approval for making the payment order of which is sent by the user.

In the inventive remote payment system ( 1 ), firstly the user sends the payment order -which comprises at least the information of a payment intermediary for example such as credit card whereby the payment will be made in thereof for the product or service bought from a merchant's application that can be run on the electronic device (3) of the user or website by means of his/her electronic device (3)- to the merchant's server (5) over the mobile internet provided by the mobile network operator by means of the electronic device (3). The merchant's server (5) receives the payment order that is received over the mobile internet provided by the mobile network operator from the electronic device (3) and that comprises at least the information related to a payment intermediary for example such as credit card whereby it is desired to make payment in thereof; and it sends the payment intermediary information included in the payment order to the payment intermediary financial institution access management system (6) so as to be controlled whether the payment intermediary is valid or not by getting in contact with the payment intermediary financial institution access management system (6) after it receives the payment order. The payment intermediary financial institution access management system (6) receives the payment order sent by the merchant's server (5) and comprises at least the payment intermediary information in thereof and it controls whether the said payment intermediary is valid or not by means of the information recorded in thereof. If the payment intermediary financial institution access management system (6) detects that the payment intermediary is not valid as a result of the controlling transaction, it sends message to the merchant's server (5) about the fact that the payment intermediary is not valid in order that the user is informed by getting in contact with the merchant's server (5). Thereupon, the merchant's server (5) informs the user about the fact that the payment intermediary included in the payment order is not valid over the electronic device (3). If the payment intermediary financial institution access management system (6) detects that the payment intermediary is valid as a result of the controlling transaction, it sends information -which are necessary for the electronic device (3) to be able to send message to it automatically in order that the verification security transactions required for realizing the payment are carried out- to the merchant's server (5) by getting in contact with the merchant's server (5). And the merchant's server (5) receives the information which are required for the electronic device (3) to be able to send message to the payment intermediary financial institution access management system (6) automatically and sends the said information to the electronic device (3). After sending message to the payment intermediary financial institution access management system (6) automatically in accordance with the information coming from the merchant's server (5), the electronic device (3) carries out the verification security transaction on the basis of the private number assigned to the subscriber by the mobile network operator in order to determine whether the payment can be made or not. In one preferred embodiment of the invention, the electronic device (3) sends at least one POST message to the payment intermediary financial institution access management system (6). If the message received from the electronic device (3) is not encrypted by an encryption technique for example such as secure socket layer (SSL), the payment intermediary financial institution access management system (6) receives the message -which is sent by the electronic device (3) and wherein the private number of the electronic device (3) is inserted by the electronic device identity detection unit (4)- over the electronic device identity detection unit (4). The payment intermediary financial institution access management system (6) compares the private number of the electronic device (3) included inside the message coming thereupon with the private number of the electronic device (3) registered in thereof and associated with the related payment intermediary previously. The payment intermediary financial institution access management system (6) gives security approval on the subject of making the payment -order of which is sent by the user- and sends the information related to this approval to the merchant's server (5) if it detects that the two numbers compared are same with each other as a result of the comparison transaction. If the message reaching the payment intermediary financial institution access management system (6) from the electronic device (3) is encrypted by an encryption technique for example such as secure socket layer (SSL); the payment intermediary financial institution access management system (6) opens the incoming message, creates a key, associates the created key to the said information inside the message and records them. Then, the payment intermediary financial institution access management system (6) creates a directing message which comprises the key that is created in order that the electronic device (3) is directed to the page that can be accessed by unencrypted messaging and has another address (URL) belonging to it so that its private number is detected, and the said address information and it sends this directing message created to the electronic device (3). After the electronic device (3) receiving the directing message is automatically directed to the address included inside the message, the electronic device identity detection unit (4) detects the private number of the electronic device (3) from the IP address of the electronic device (3) that is directed to the unencrypted page. The electronic device identity detection unit (4) sends the message comprising the said private number information to the payment intermediary financial institution access management system (6) together with the key information. The payment intermediary financial institution access management system (6) detects the private number of the user who is recorded by it previously by associating it to the keys from the key information inside the message coming from the electronic device identity detection unit (4) and it compares this number with the private number inside the message coming from the electronic device identity detection unit (4). If the payment intermediary financial institution access management system (6) detects that the two numbers compared are same with each other as a result of the comparison transaction, it gives security approval on the subject of making the payment order of which is sent by the user and sends the information related to this approval to the merchant's server (5). In an alternative embodiment of the invention, the payment intermediary financial institution access management system (6) detects the IP information of the electronic device (3) from inside the message coming from the electronic device (3) if the message coming from the electronic device (3) to the payment intermediary financial institution access management system (6) is encrypted by an encryption technique for example such as secure sockets layer (SSL) after it is detected by the payment intermediary financial institution access management system (6) that the payment intermediary is valid. The payment intermediary financial institution access management system (6) queries the private number of the electronic device (3) using the IP information detected on the electronic device identity query unit (8), by connecting to the electronic device identity query unit (8) after detecting the IP information of the electronic device (3). The payment intermediary financial institution access management system (6) compares the private number of the electronic device (3) obtained as a result of the query transaction with the private number of the electronic device (3) that is registered in itself and associated with the related payment intermediary previously. The payment intermediary financial institution access management system (6) gives security approval for making the payment order of which is sent by the user and sends the information related to this approval to the merchant's server (5) if it detects as a result of the comparison transaction that the two numbers compared are same with each other. If the payment intermediary financial institution access management system (6) detects that the private number of the electronic device (3) detected by means of the electronic device identity detection unit (4) and the private number registered in itself are not same with each other as a result of the security verification transaction on the basis of the private number assigned to the subscriber by the mobile network operator, the payment intermediary financial institution gets in contact with the payment intermediary financial institution's 3 dimensional security verification system (9). The payment intermediary financial institution's 3 dimensional security verification system (9) gets in contact with the electronic device (3) and creates a single-use password for the user to approve the payment transaction by entering the display opening on his/her electronic device (3) and sends this created password to the electronic device (3). The payment intermediary financial institution's 3 dimensional security verification system (9) takes the value entered to the electronic device (3) by the user in a pre-determined period of time and compares the said value with the created password. The payment intermediary financial institution's 3 dimensional security verification system (9) gives security approval for making the payment order of which is sent by the user if it detects that the value entered to the electronic device (3) by the user and the created password are same with each other as a result of the comparison transaction and it sends the information related to this approval to the payment intermediary financial institution access management system (6) so as to be sent to the merchant's server (5). And the payment intermediary financial institution access management system (6) sends the payment approval information received from the payment intermediary financial institution's 3 dimensional security verification system (9), to the merchant's server (5). If the payment intermediary financial institution's 3 dimensional security verification system (9) detects that the value entered to the electronic device (3) and the created password are different than each other as a result of the comparison transaction, it gives information to the payment intermediary financial institution access management system (6) in order that the user is informed about the fact that the transaction cannot be carried out for security reasons by not giving security approval for making the payment order of which is sent by the user. In the event that the merchant's server (5) receives the information from the payment intermediary financial institution access management system (6) that the transaction cannot be carried out for security reasons as a result of the security verification transaction, it sends message to the electronic device (3) in order to ensure that the user is informed about the fact that the transaction cannot be carried out over the electronic device (3) by getting in contact with the electronic device (3). The merchant's server (5) connects to the merchant financial institution (7) by receiving the information related to the said approval from the payment intermediary financial institution access management system (6) and triggers the merchant financial institution (7) on the subject of receiving provision from the payment intermediary financial institution for carrying out the payment transaction if the payment transaction is approved after the security approval transaction carried out by the payment intermediary financial institution access management system (6). The merchant financial institution (7) gets in contact with the payment intermediary financial institution by receiving the information related to the security verification approval coming from the merchant's server (5) and it demands provision from the payment intermediary financial institution for realizing the payment. With the inventive remote payment system (1), it is ensured that a user can carry out payment transactions in a short time and easily without having to enter any password by means of his/her electronic device (3) which uses the phone number defined in the payment intermediary financial institution in the payment transaction required for remote shopping by means of his/her phone number previously associated with the payment intermediary owned by him/her in the payment intermediary financial institution.

The inventive remote payment method (100) which considerably facilitates user verification transaction without affecting security during remote payment transaction being carried out over mobile internet connection provided by mobile network operator, comprises steps of:

the payment order wherein there are at least information of the payment intermediary where the payment will be realized, is being sent to the merchant's server (5) over mobile internet by means of the electronic device (3) (101);

the payment order is being sent to the payment intermediary financial institution access management system (6) by the merchant's server (5) (102); the payment intermediary financial institution access management system (6) controlling whether the payment intermediary included inside the payment order is valid or not (103);

if it is detected that the payment intermediary is not valid as a result of the controlling transaction ( 103), the payment intermediary financial institution access management system (6) getting in contact with the merchant's server (5) and sending message to the merchant's server (5) about the fact that the payment intermediary is not valid for informing the user (104);

the user being informed about the fact that the payment intermediary included inside the payment order is not valid by the merchant's server (5) over the electronic device (3) (105);

if it is detected that the payment intermediary is valid as a result of the controlling transaction (103), the payment intermediary financial institution access management system (6) getting in contact with the merchant's server (5) and sending the information -which are necessary for the electronic device (3) to be able to send message to it automatically in order that the security verification transactions required for realizing the payment are carried out- to the merchant's server (5) (106);

the merchant's server (5) sending the information received from the payment intermediary financial institution access management system (6) to the electronic device (3) ( 107);

the electronic device (3) sending message to the payment intermediary financial institution access management system (6) automatically in accordance with the information received from the merchant's server (5) (108);

the payment intermediary financial institution access management system (6) carrying out the security verification transaction on the basis of the private number assigned to the subscriber by the mobile network operator in order to determine whether the payment can be made or not (109);

if the payment transaction is not approved as a result of the security verification transaction carried out by the payment intermediary financial institution access management system (6) (109), the payment intermediary financial institution access management system (6) informing the merchant's server (5) about the fact that the payment transaction is not approved by getting in contact with the merchant's server (5) (1 10);

the merchant's server (5) informing the user about the fact that the payment transaction cannot be carried out over the electronic device (3) by getting in contact with the electronic device (3) (1 1 1 );

after the security verification transaction carried out by the payment intermediary financial institution access management system (6) (1 09), the payment intermediary financial institution access management system (6) sending the information about the approval to the merchant's server (5)

(1 12);

the merchant's server (5) connecting to the merchant financial institution (7) and triggering the merchant financial institution (7) on the subject of receiving provision from the payment intermediary financial institution for carrying out the payment transaction (1 13); and

the merchant financial institution (7) getting in contact with the payment intermediary financial institution and demanding provision from the payment intermediary financial institution in order that the payment is realized (1 14). In the inventive remote payment method (100), firstly the user sends the payment order -which comprises at least the information of a payment intermediary for example such as credit card whereby the payment will be made in thereof for the product or service bought from a merchant's application that can be run on the electronic device (3) or website by means of his/her electronic device (3)- to the merchant's server (5) over the mobile internet provided by the mobile network operator by means of the electronic device (3) (101 ). The merchant's server (5) receives the payment order that is received over the mobile internet provided by the mobile network operator from the electronic device (3) and that comprises at least the information related to a payment intermediary for example such as credit card whereby it is desired to make payment in thereof and after receiving the payment order, it sends the payment intermediary information included inside the payment order to the payment intermediary financial institution access management system (6) so as to be controlled whether the payment intermediary is valid or not by getting in contact with the payment intermediary financial institution access management system (6) ( 102). The payment intermediary financial institution access management system (6) receives the payment order which is sent by the merchant's server (5) and comprises at least the payment intermediary information in thereof and it controls whether the said payment intermediary is valid or not by means of the information recorded in thereof (103). If the payment intermediary financial institution access management system (6) detects that the payment intermediary is not valid as a result of the controlling transaction ( 103), it sends message to the merchant's server (5) about the fact that the payment intermediary is not valid for informing the user by getting in contact with the merchant's server (5) (104). Thereupon, the merchant's server (5) informs the user about the fact that the payment intermediary included inside the payment order is not valid over the electronic device (3) (105). If the payment intermediary financial institution access management system (6) detects that the payment intermediary is valid as a result of the controlling transaction (103), it sends the information -which are necessary for the electronic device (3) to be able to send message to it automatically in order that the security verification transactions required for realizing the payment are carried out- to the merchant's server (5) by getting in contact with the merchant's server (5) (106). The merchant's server (5) receives the information -which are required for the electronic device (3) to send message to the payment intermediary financial institution access management system (6) automatically- from the payment intermediary financial institution access management system (6) and sends the said information to the electronic device (3) ( 107). After the electronic device (3) sends message to the payment intermediary financial institution access management system (6) automatically in accordance with the information received from the merchant's server (5) (108), the payment intermediary financial institution access management system (6) carries out the security verification transaction on the basis of the private number assigned to the subscriber by the mobile network operator in order to determine whether the payment can be made or not (109). If the payment transaction is not approved as a result of the security verification transaction carried out by the payment intermediary financial institution access management system (6) (109), the payment intermediary financial institution access management system (6) informs the merchant's server (5) about the fact that the payment transaction is not approved by getting in contact with the merchant's server (5) ( 1 10). After receiving the information that the transaction cannot be carried out for security reasons as a result of the security verification transaction (109) from the payment intermediary financial institution access management system (6), the merchant's server (5) sends message to the electronic device (3) in order to ensure that the user is informed about the fact that the payment transaction cannot be carried out by getting in contact with the electronic device (3) (1 1 1). After the security verification transaction carried out by the payment intermediary financial institution access management system (6) (109), the payment intermediary financial institution access management system (6) sends the information about the said approval to the merchant's server (5) if the payment transaction is approved (1 12) and the merchant's server (5) connects to the merchant financial institution (7) by receiving the information related to the said approval and triggers the merchant financial institution (7) on the subject of receiving provision from the payment intermediary financial institution for carrying out the payment transaction (1 13). The merchant financial institution (7) gets in contact with the payment intermediary financial institution by receiving the information related to the security verification approval coming from the merchant's server (5) and demands provision from the payment intermediary financial institution in order that the payment is realized (1 14).

In one preferred embodiment of the inventive method, if the message coming from the electronic device (3) is not encrypted by an encryption technique for example such as secure socket layer (SSL) at the step of the payment intermediary financial institution access management system (6) carrying out the security verification transaction on the basis of the private number assigned to the subscriber by the mobile network operator in order to determine whether the payment can be made or not (109); the payment intermediary financial institution access management sy stem (6) receives the message -which is sent by the electronic device (3) and wherein the private number of the electronic device (3) is inserted by the electronic device identity detection unit (4)- over the electronic device identity detection unit (4). The payment intermediary financial institution access management system (6) compares the private number of the electronic device (3) included inside the message coming thereupon with the private number of the electronic device (3) registered in thereof and associated with the related payment intermediary previously. The payment intermediary financial institution access management system (6) gives security approval on the subject of making the payment -order of which is sent by the user- and sends the information related to this approval to the merchant's server (5) if it detects that the two numbers compared are same with each other as a result of the comparison transaction.

In one embodiment of the inventive method, if the message coming from the electronic device (3) to the payment intermediary financial institution access management system (6) is encrypted by an encryption technique for example such as secure socket layer (SSL) at the step of the payment intermediary financial institution access management system (6) carrying out the security verification transaction on the basis of the private number assigned to the subscriber by the mobile network operator in order to determine whether the payment can be made or not (109); the payment intermediary financial institution access management system (6) opens the incoming message, creates a key, associates the created key to the said information inside the message and records them. Then, the payment intermediary financial institution access management system (6) creates a directing message which comprises the key that is created in order that the electronic device (3) is directed to the page that can be accessed by unencrypted messaging and has another address (URL) belonging to it so that its private number is detected, and the said address information and it sends this directing message created to the electronic device (3). After the electronic device (3) receiving the directing message is automatically directed to the address included inside the message, the electronic device identity detection unit (4) detects the private number of the electronic device (3) from the IP address of the electronic device (3) that is directed to the unencrypted page and the electronic device identity detection unit (4) sends the message comprising the said private number information to the payment intermediary financial institution access management system (6) together with the key information. The payment intermediary financial institution access management system (6) detects the private number of the user who is recorded by it previously by associating it to the keys from the key information inside the message coming from the electronic device identity detection unit (4) and it compares this number with the private number inside the message coming from the electronic device identity detection unit (4). If the payment intermediary financial institution access management system (6) detects that the two numbers compared are same with each other as a result of the comparison transaction, it gives security approval on the subject of making the payment order of which is sent by the user and sends the information related to this approval to the merchant's server (5).

In an alternative embodiment of the inventive method, if the message coming from the electronic device (3) to the payment intermediary financial institution access management system (6) is encrypted by an encryption technique for example such as secure socket layer (SSL) at the step of the payment intermediary financial institution access management system (6) carrying out the security verification transaction on the basis of the private number assigned to the subscriber by the mobile network operator in order to determine whether the payment can be made or not (109); the payment intermediary financial institution access management system (6) detects the IP information of the electronic device (3) from inside the message coming from the electronic device (3). The payment intermediary financial institution access management system (6) queries the private number of the electronic device (3) using the IP information detected on the electronic device identity detection unit (4), by connecting to the electronic device identity detection unit (4) after detecting the IP information of the electronic device (3). The payment intermediary financial institution access management system (6) compares the private number of the electronic device (3) obtained as a result of the query transaction with the private number of the electronic device (3) that is registered in itself and associated with the related payment intermediary previously. The payment intermediary financial institution access management system (6) gives security approval for making the payment order of which is sent by the user and sends the information related to this approval to the merchant's server (5) if it detects as a result of the comparison transaction that the two numbers compared are same with each other.

In one preferred embodiment of the inventive method, if the payment intermediary financial institution access management system (6) detects that the private number of the electronic device (3) detected by means of the electronic device identity detection unit (4) or the electronic device identity query unit (8) and the private number registered in itself are not same with each other as a result of the security verification transaction on the basis of the private number assigned to the subscriber by the mobile network operator at the step of the payment intermediary financial institution access management system (6) carrying out the security verification transaction on the basis of the private number assigned to the subscriber by the mobile network operator in order to determine whether the payment can be made or not (109); it gets in contact with the payment intermediary financial institution's 3 dimensional security verification system (9). The payment intermediary financial institution's 3 dimensional security verification system (9) gets in contact with the electronic device (3) and creates a single-use password for the user to approve the payment transaction by entering the display opening on his/her electronic device (3) and sends this created password to the electronic device (3). The payment intermediary financial institution's 3 dimensional security verification system (9) takes the value entered to the electronic device (3) by the user in a pre-determined period of time and compares the said value with the created password. The payment intermediary financial institution's 3 dimensional security verification system (9) gives security approval for making the payment order of which is sent by the user if it detects that the value entered to the electronic device (3) by the user and the created password are same with each other as a result of the comparison transaction and it sends the information related to this approval to the payment intermediary financial institution access management system (6) so as to be sent to the merchant's server (5). And the payment intermediary financial institution access management system (6) sends the payment approval information received from the payment intermediary financial institution's 3 dimensional security verification system (9), to the merchant's server (5). If the payment intermediary financial institution's 3 dimensional security verification system (9) detects that the value entered to the electronic device (3) and the created password are different than each other as a result of the comparison transaction, it gives information to the payment intermediary financial institution access management system (6) in order that the user is informed about the fact that the transaction cannot be carried out for security reasons by not giving security approval for making the payment order of which is sent by the user.

In one preferred embodiment of the inventive method, the automatic message sent by the electronic device (3) to the payment intermediary financial institution access management system (6) is at least one POST message at the step of the electronic device (3) sending message to the payment intermediary financial institution access management system (6) automatically in accordance with the information received from the merchant's server (5) (108).

With the inventive remote payment method (100), it is ensured that a user can carry out payment transactions in a short time and easily without having to enter any password by means of his/her electronic device (3) which uses the phone number defined in the payment intermediary financial institution in the payment transaction required for remote shopping by means of his/her phone number previously associated with the payment intermediary owned by him/her in the payment intermediary financial institution.

Within these basic concepts; it is possible to develop a wide range of embodiments of the inventive "Remote Payment System (1) and Method (100)", the invention cannot be limited to examples disclosed herein and it is essentially according to claims.

Claims

A remote payment system (1) which considerably facilitates user verification transaction without affecting security during remote payment transaction being carried out over mobile internet connection provided by mobile network operator; comprising
at least one mobile network operator which provides a mobile communication service for example such as mobile internet service over a mobile communication network (2) in global system for mobile communications (GSM) for its subscribers;
at least one electronic device (3) which essentially has at least one private number, in other words a phone number, that is assigned by the mobile network operator order to benefit from services such as mobile internet provided by the mobile network operator order; and enables to give payment order that comprises the payment intermediary information determined at least by the user for the payment transaction of a good or service received from e merchant over the said mobile internet service;
at least one electronic device identity detection unit (4) which is located within the mobile network operator and enables to detect the private number of the electronic device (3) that is assigned at least by the mobile network operator based on the IP (Internet Protocol) address of the electronic device (3) using mobile internet during the usage of mobile internet;
at least one merchant's server (5) which receives the payment order that is sent over mobile internet through the electronic device (3) by the user; and is in communication with the payment intermediary financial institution in order to control validity and accuracy of the payment intermediary information that are stated in the said payment order;
and characterized by at least one payment intermediary financial institution access management system (6) which is located within the payment intermediary financial institution; is in communication with the electronic device (3), the electronic device identity detection unit (4) and the merchant's server (5); receives the payment intermediary information inside the payment order that is sent by the user from the merchant's server (5) and controls whether the said payment intermediary is valid or not; if the payment intermediary is not valid, sends message to the merchant's server (5) about the fact that the payment intermediary is not valid in order that the user is informed; if the payment intermediary is valid, sends information -that are necessary for the electronic device (3) to be able to send message to it automatically in order that the security transactions required for realizing the payment are carried out- to the merchant's server (5); when a message reaches it from the electronic device (3), compares the private number of the electronic device (3) detected by the electronic device identity detection unit (4) with the private number of the electronic device (3) that is registered in itself and associated with the related payment intermediary previously; if it detects as a result of the comparison transaction that the two numbers compared are same with each other, gives security approval for making the payment order of which is sent by the user; and sends the information related to this approval to the merchant's server (5); and
at least one merchant financial institution (7) which is in communication with the merchant's server (5) and the payment intermediary financial institution; and demands provision from the payment intermediary financial institution for realizing the payment by receiving the information related to the security approval that is sent to the merchant's server (5) by the payment intermediary financial institution access management system (6) and getting in contact with the payment intermediary financial institution.
2. A remote payment system (1) according to Claim 1 , characterized by at least one electronic device identity query unit (8) which is located within the mobile network operator; in communication with the payment intermediary financial institution access management system (6); and enables to determine the identity of the electronic device (3) comprising at least the private number of the electronic device (3) by carrying out query transaction on the payment intermediary financial institution access management system (6) with the IP information of an electronic device (3).
3. A remote payment system (1) according to Claim 1 or 2, characterized by the mobile network operator which enables its subscribers to benefit from services such as short message, call and internet in global system for mobile communications over the mobile communication network (2) by means of their electronic devices (3) over a private number assigned for them by itself.
4. A remote payment system (1) according to any of the preceding claims, characterized by the electronic device (3) which is a device such as mobile phone, smart phone, tablet computer that enables a user to benefit from services such as short message, call and internet provided over a mobile network (2) by a mobile network operator over a private number assigned for the user by the mobile network operator.
5. A remote payment system ( 1) according to any of the preceding claims, characterized by the electronic device (3) which sends the payment order - that comprises at least the information of a payment intermediary for example such as credit card whereby the payment will be made in thereof for the product or service bought from a merchant's application that can be run on the electronic device (3) of the user or website- to the merchant's server (5) over the mobile internet provided by the mobile network operator.
6. A remote payment system (1) according to any of the preceding claims, characterized by the electronic device identity detection unit (4) which is located within the mobile network operator and when the electronic device (3) utilizes the internet provided by the mobile network operator, which detects the IP address information used by the electronic device (3) and thus accesses the private number of the electronic device (3) -that is assigned at least by the mobile network operator- from this IP address information detected.
7. A remote payment system (1 ) according to any of the preceding claims, characterized by the electronic device identity detection unit (4) which detects the private number related to the said electronic device (3) from the
IP information of the electronic device (3) sending the message, inserts the said private number detected into the message as well and thereby ensures that the message accesses the payment intermediary financial institution access management system (6) if the message sent by the electronic device (3) is not encrypted by an encryption technique for example such as secure socket layer (SSL) during sending message from the electronic device (3) to the payment intermediary financial institution access management system (6) automatically in order that security verification transaction is carried out by the payment intermediary financial institution access management system (6).
8. A remote payment system (1) according to any of the preceding claims, characterized by the electronic device identity query unit (8) on which the payment intermediary financial institution access management system (6) can carry out query transaction in order to determine the private number of the electronic device (3) by connecting to it.
9. A remote payment system (1 ) according to any of the preceding claims, characterized by the merchant's server (5) which is in communication with the electronic device (3), the payment intermediary financial institution access management system (6) and the electronic device identity query unit (8).
10. A remote payment system (1 ) according to any of the preceding claims, characterized by the merchant's server (5) which gets in contact with the payment intermediary financial institution access management system (6) by receiving the payment order that is received over the mobile internet provided by the mobile network operator from the electronic device (3) and comprises at least the information related to a payment intermediary for example such as credit card whereby it is desired to make payment in thereof; and sends the payment intermediary information included in the payment order to the payment intermediary financial institution access management system (6) so as to be controlled whether the payment intermediary is valid or not.
11. A remote payment system (1 ) according to Claim 10, characterized by the merchant's server (5) which informs the user over the electronic device (3) about the fact that the payment intermediary included in the payment is not valid if it is determined by the payment intermediary financial institution access management system (6) that the payment intermediary is not valid.
12. A remote payment system (1 ) according to Claim 10, characterized by the merchant's server (5) which receives the information -that are required for the electronic device (3) to send message to the payment intermediary financial institution access management system (6) automatically- from the payment intermediary financial institution access management system (6) and sends the said information to the electronic device (3) if it is determined by the payment intermediary financial institution access management system (6) that the payment intermediary is valid.
13. A remote payment system (1 ) according to any of the preceding claims, characterized by the merchant's server (5) which connects to the merchant financial institution (7) by receiving the information related to the said approval from the payment intermediary financial institution access management system (6) and triggers the merchant financial institution (7) on the subject of receiving provision from the payment intermediary financial institution for carrying out the payment transaction if the payment transaction is approved after the security approval transaction carried out by the payment intermediary financial institution access management system
(6).
14. A remote payment system (1) according to any of the preceding claims, characterized by the merchant's server (5) which gets in contact with the electronic device (3) by receiving the acknowledgement related to the said transaction from the payment intermediary financial institution access management system (6) and informs the user over the electronic device (3) about the fact that the security verification approval cannot be taken related to the payment transaction if the payment transaction is not approved after the security approval transaction carried out by the payment intermediary financial institution access management system (6).
15. A remote payment system (1 ) according to any of the preceding claims, characterized by the merchant's server (5) which carries out messagings between the payment intermediary financial institution access management system (6) over at least one merchant plug-in (MPI) interface.
16. A remote payment system ( 1 ) according to any of the preceding claims, characterized by the payment intermediary financial institution access management system (6) which is located within the payment intermediary financial institution and in communication with the electronic device (3), the electronic device identity detection unit (4) and the merchant's server (5).
17. A remote payment system (1) according to any of the preceding claims.
characterized by the payment intermediary financial institution access management system (6) which receives the payment order sent by the merchant's server (5) and comprising at least the payment intermediary information in thereof and controls whether the said payment intermediary is valid or not by means of the information recorded in thereof.
18. A remote payment system (1) according to Claim 17, characterized by the payment intermediary financial institution access management system (6) which sends message to the merchant's server (5) about the fact that the payment intermediary is not valid in order that the user is informed by getting in contact with the merchant's server (5) if it detects that the payment intermediary is not valid as a result of the controlling transaction.
19. A remote payment system (1) according to Claim 17, characterized by the payment intermediary financial institution access management system (6) which sends information necessary for the electronic device (3) to send message to itself automatically in order to carry out verification security transactions required for making the payment by getting in contact with the merchant's server (5) if it detects that the payment intermediary is valid as a result of the controlling transaction.
20. A remote payment system (1) according to any of the preceding claims, characterized by the payment intermediary financial institution access management system (6) which carries out the security verification transaction when message is received from the electronic device (3).
21. A remote payment system (1) according to Claim 20, characterized by the payment intermediary financial institution access management system (6) which receives the message -that is sent by the electronic device (3) and wherein the private number of the electronic device (3) is inserted by the electronic device identity detection unit (4)- over the electronic device identity detection unit (4) if the message received from the electronic device (3) is not encrypted by any encryption technique.
22. A remote payment system (1 ) according to Claim 21 , characterized by the payment intermediary financial institution access management system (6) which compares the private number of the electronic device (3) included inside the message coming from the electronic device (3) with the private number of the electronic device (3) registered in thereof and associated with the related payment intermediary previously.
23. A remote payment system (1) according to Claim 22, characterized by the payment intermediary financial institution access management system (6) which gives security approval on the subject of making the payment -order of which is sent by the user- and sends the information related to this approval to the merchant's server (5) if it detects that the two numbers compared are same with each other as a result of the comparison transaction.
24. A remote payment system (1) according to Claim 20, characterized by the payment intermediary financial institution access management system (6) which opens the incoming message, creates a key and then associates the created key to the said information inside the message and records them if the message coming from the electronic device (3) is encrypted by an encryption technique.
25. A remote payment system (1) according to Claim 24, characterized by the payment intermediary financial institution access management system (6) which creates a directing message comprising the key that is created in order that the electronic device (3) is directed to the page that can be accessed by unencrypted messaging and has another address (URL) belonging to it so that the private number of the electronic device (3) is detected, and the said address information; and sends this directing message created to the electronic device (3).
26. A remote payment system (1) according to Claim 25, characterized by the electronic device (3) which receives the directing message and is automatically directed to the address included inside the message after it receives the said message.
27. A remote payment system (1) according to Claim 26, characterized by the electronic device identity detection unit (4) which detects the private number of the electronic device (3) from the IP address of the electronic device (3) that is directed to the unencrypted page after the electronic device (3) is automatically directed to the address included inside the message, and sends the message comprising the said private number information to the payment intermediary financial institution access management system (6) together with the key information.
28. A remote payment system (1) according to Claim 27, characterized by the payment intermediary financial institution access management system (6) which detects the private number of the user who is recorded by it previously by associating it to the keys from the key information inside the message coming from the electronic device identity detection unit (4), and compares this detected number with the private number inside the message coming from the electronic device identity detection unit (4).
29. A remote payment system (1 ) according to Claim 28, characterized by the payment intermediary financial institution access management system (6) which gives security approval on the subject of making the payment -order of which is sent by the user- and sends the information related to this approval to the merchant's server (5) if it detects that the two numbers compared are same with each other as a result of the comparison transaction.
30. A remote payment system (1 ) according to Claim 20, characterized by the payment intermediary financial institution access management system (6) which detects the IP information of the electronic device (3) from inside the message coming from the electronic device (3) if the message coming from the electronic device (3) is encrypted by an encryption technique.
31. A remote payment system (1 ) according to Claim 30, characterized by the payment intermediary financial institution access management system (6) which queries the private number of the electronic device (3) using the IP information detected on the electronic device identity detection unit (4), by connecting to the electronic device identity detection unit (4) after detecting the IP information of the electronic device (3).
32. A remote payment system (1 ) according to Claim 31 , characterized by the payment intermediary financial institution access management system (6) which compares the private number of the electronic device (3) obtained as a result of the query transaction with the private number of the electronic device (3) that is registered in itself and associated with the related payment intermediary previously.
33. A remote payment system (1) according to Claim 32, characterized by the payment intermediary financial institution access management system (6) which gives security approval for making the payment order of which is sent by the user and sends the information related to this approval to the merchant's server (5) if it detects as a result of the comparison transaction that the two numbers compared are same with each other.
34. A remote payment system (1) according to any of the preceding claims, characterized by at least one payment intermediary financial institution's 3 dimensional security verification system (9) which is included within the intermediary financial institution; in communication with the payment intermediary financial institution access management system (6) and the electronic device (3); and in the event that the two numbers -which are compared as a result of the comparison transaction for the private number of the electronic device (3) that is detected by the electronic device identity detection unit (4) with the private number of the electronic device (3) that is registered in the payment intermediary financial institution access management system (6) and associated with the related payment intermediary previously when a message reaches the payment intermediary financial institution access management system (6) from the electronic device (3) by the payment intermediary financial institution access management system (6)- are different from each other, gets in contact with the electronic device (3) in accordance with the acknowledgement received from the payment intermediary financial institution access management system (6); and creates a single-use password for the user to approve the payment transaction by entering the display opening on his/her electronic device (3) and sends this created password to the electronic device (3); takes the value entered to the electronic device (3) by the user in a pre-determined period of time and compares the said value with the created password and gives security approval for making the payment order of which is sent by the user if it detects that the value entered to the electronic device (3) by the user and the created password are same with each other as a result of the comparison transaction and sends the information related to this approval to the payment intermediary financial institution access management system (6) so as to be sent to the merchant's server (5); if it detects that the value entered to the electronic device (3) and the created password are different than each other as a result of the comparison transaction, gives information to the payment intermediary financial institution access management system (6) in order that the user is informed about the fact that the transaction cannot be carried out for security reasons by not giving security approval for making the payment order of which is sent by the user.
35. A remote payment system (1) according to any of the preceding claims, characterized by the merchant financial institution (7) which is in communication with the merchant's server (5) and the payment intermediary financial institution; and demands provision from the payment intermediary financial institution for realizing the payment by getting in contact with the payment intermediary financial institution by receiving the information related to the security verification approval coming from the merchant' s server (5).
36. A remote payment method (100) which considerably facilitates user verification transaction without affecting security during remote payment transaction being carried out over mobile internet connection provided by mobile network operator characterized by the steps of:
the payment order wherein there are at least information of the payment intermediary where the payment will be realized, is being sent to the merchant's server (5) over mobile internet by means of the electronic device (3) (101);
the payment order is being sent to the payment intermediary financial institution access management system (6) by the merchant's server (5) ( 102); the payment intermediary financial institution access management system (6) controlling whether the payment intermediary included inside the payment order is valid or not ( 103);
if it is detected that the payment intermediary is not valid as a result of the controlling transaction (103). the payment intermediary financial institution access management system (6) getting in contact with the merchant's server (5) and sending message to the merchant's server (5) about the fact that the payment intermediary is not valid for informing the user (104);
the user being informed about the fact that the payment intermediary included inside the payment order is not valid by the merchant's server (5) over the electronic device (3) (105);
if it is detected that the payment intermediary is valid as a result of the controlling transaction (103). the payment intermediary financial institution access management system (6) getting in contact with the merchant's server (5) and sending the information -which are necessary for the electronic device (3) to be able to send message to it automatically in order that the security verification transactions required for realizing the payment are carried out- to the merchant's server (5) (106); the merchant's server (5) sending the information received from the payment intermediary financial institution access management system (6) to the electronic device (3) ( 107);
the electronic device (3) sending message to the payment intermediary financial institution access management system (6) automatically in accordance with the information received from the merchant's server (5) ( 108);
the payment intermediary financial institution access management system (6) carrying out the security verification transaction on the basis of the private number assigned to the subscriber by the mobile network operator in order to determine whether the payment can be made or not (109);
if the payment transaction is not approved as a result of the security verification transaction carried out by the payment intermediary financial institution access management system (6) (109), the payment intermediary financial institution access management system (6) informing the merchant's server (5) about the fact that the payment transaction is not approved by getting in contact with the merchant's server (5) ( 1 10);
the merchant's server (5) informing the user about the fact that the payment transaction cannot be carried out over the electronic device (3) by getting in contact with the electronic device (3) (1 1 1 );
after the security verification transaction carried out by the payment intermediary financial institution access management system (6) (109), the payment intermediary financial institution access management system (6) sending the information about the approval to the merchant's server (5) (1 12);
the merchant's server (5) connecting to the merchant financial institution (7) and triggering the merchant financial institution (7) on the subject of receiving provision from the payment intermediary financial institution for carrying out the payment transaction ( 1 13); and
the merchant financial institution (7) getting in contact with the payment intermediary financial institution and demanding provision from the payment intermediary financial institution in order that the payment is realized (1 14).
37. A remote payment method (100) according to Claim 36, characterized by the step of the payment intermediary financial institution access management system (6) carrying out the security verification transaction on the basis of the private number assigned to the subscriber by the mobile network operator in order to determine whether the payment can be made or not (109) which comprises transactions of: if the message coming from the electronic device (3) is not encrypted by an encryption technique; the payment intermediary financial institution access management system (6) receives the message -which is sent by the electronic device (3) and wherein the private number of the electronic device (3) is inserted by the electronic device identity detection unit (4)- over the electronic device identity detection unit (4); the payment intermediary financial institution access management system (6) compares the private number of the electronic device (3) included inside the message coming thereupon with the private number of the electronic device (3) registered in thereof and associated with the related payment intermediary previously; the payment intermediary financial institution access management system (6) gives security approval on the subject of making the payment -order of which is sent by the user- and sends the information related to this approval to the merchant's server (5) if it detects that the two numbers compared are same with each other as a result of the comparison transaction.
38. A remote payment method (100) according to Claim 36, characterized by the step of the payment intermediary financial institution access management system (6) carrying out the security verification transaction on the basis of the private number assigned to the subscriber by the mobile network operator in order to determine whether the payment can be made or not (109) which comprises transactions of: if the message coming from the electronic device (3) is encrypted by an encryption technique; the payment intermediary financial institution access management system (6) opens the incoming message and creates a key, associates the created key to the said information inside the message and records them; then, the payment intermediary financial institution access management system (6) creates a directing message which comprises the key that is created in order that the electronic device (3) is directed to the page that can be accessed by unencrypted messaging and has another address (URL) belonging to it so that its private number is detected, and the said address information and it sends this directing message created to the electronic device (3); after the electronic device (3) is automatically directed to the address included inside the message, the electronic device identity detection unit (4) detects the private number of the electronic device (3) from the IP address of the electronic device (3) that is directed to the unencrypted page and the electronic device identity detection unit (4) sends the message comprising the said private number information to the payment intermediary financial institution access management system (6) together with the key information; the payment intermediary financial institution access management system (6) detects the private number of the user who is recorded by it previously by associating it to the keys from the key information inside the message coming from the electronic device identity detection unit (4) and it compares this number with the private number inside the message coming from the electronic device identity detection unit (4); If the payment intermediary financial institution access management system (6) detects that the two numbers compared are same with each other as a result of the comparison transaction, it gives security approval on the subject of making the payment order of which is sent by the user and sends the information related to this approval to the merchant's server (5).
39. A remote payment method (100) according to Claim 36, characterized by the step of the payment intermediary financial institution access management system (6) carrying out the security verification transaction on the basis of the private number assigned to the subscriber by the mobile network operator in order to determine whether the payment can be made or not (109) which comprises transactions of: if the message coming from the electronic device (3) is encrypted by an encryption technique; the payment intermediary financial institution access management system (6) detects the IP information of the electronic device (3) from inside the message coming from the electronic device (3); the payment intermediary financial institution access management system (6) queries the private number of the electronic device (3) using the IP information detected on the electronic device identity- detection unit (4), by connecting to the electronic device identity detection unit (4) after detecting the IP information of the electronic device (3); the payment intermediary financial institution access management system (6) compares the private number of the electronic device (3) obtained as a result of the query transaction with the private number of the electronic device (3) that is registered in itself and associated with the related payment intermediary previously; the payment intermediary financial institution access management system (6) gives security approval for making the payment order of which is sent by the user and sends the information related to this approval to the merchant's server (5) if it detects as a result of the comparison transaction that the two numbers compared are same with each other.
40. A remote payment method ( 100) according to any of Claim 36 to 39.
characterized by the step of the payment intermediary financial institution access management system (6) carrying out the security verification transaction on the basis of the private number assigned to the subscriber by the mobile network operator in order to determine whether the payment can be made or not (109) which comprises transactions of: if the payment intermediary financial institution access management system (6) detects that the private number of the electronic device (3) detected by means of the electronic device identity detection unit (4) or the electronic device identity query unit (8) and the private number registered in itself are not same with each other; the payment intermediary financial institution access management system (6) gets in contact with the payment intermediary financial institution's 3 dimensional security verification system (9); the payment intermediary financial institution's 3 dimensional security verification system (9) gets in contact with the electronic device (3) and creates a single-use password for the user to approve the payment transaction by entering the display opening on his/her electronic device (3) and sends this created password to the electronic device (3); the payment intermediary financial institution's 3 dimensional security verification system (9) takes the value entered to the electronic device (3) by the user in a pre-determined period of time and compares the said value with the created password; the payment intermediary financial institution 3 dimensional security verification system (9) gives security approval for making the payment order of which is sent by the user if the payment intermediary financial institution's 3 dimensional security verification system (9) detects that the value entered to the electronic device (3) by the user and the created password are same with each other as a result of the comparison transaction and it sends the information related to this approval to the payment intermediary financial institution's access management system (6) so as to be sent to the merchant's server (5); the payment intermediary financial institution access management system (6) sends the payment approval information received from the payment intermediary financial institution's 3 dimensional security verification system (9), to the merchant's server (5); if the payment intermediary financial institution 3 dimensional security verification system (9) detects that the value entered to the electronic device (3) and the created password are different than each other as a result of the comparison transaction, the payment intermediary financial institution's 3 dimensional security verification system (9) gives information to the payment intermediary financial institution access management system (6) in order that the user is informed about the fact that the transaction cannot be carried out for security reasons by not giving security approval for making the payment order of which is sent by the user.
41. A remote payment method (100) according to any of Claim 36 to 39, characterized by the step of the electronic device (3) sending message to the payment intermediary financial institution access management system (6) automatically in accordance with the information received from the merchant's server (5) (108) wherein the automatic message sent by the electronic device (3) to the payment intermediary financial institution access management system (6) is at least one POST message.
PCT/TR2016/000175 2016-06-27 2016-12-02 A remote payment system and method WO2018004475A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
TR201608895 2016-06-27
TR2016/08895 2016-06-27

Publications (1)

Publication Number Publication Date
WO2018004475A1 true WO2018004475A1 (en) 2018-01-04

Family

ID=57963406

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/TR2016/000175 WO2018004475A1 (en) 2016-06-27 2016-12-02 A remote payment system and method

Country Status (1)

Country Link
WO (1) WO2018004475A1 (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TR200801801A2 (en) 2008-03-19 2009-10-21 Kuveyt Türk Katilim Bankasi A.Ş. The use of a credit card system and method that allows you to make payments via mobile phone.
US20110217994A1 (en) * 2010-03-03 2011-09-08 Boku, Inc. Systems and Methods to Automate Transactions via Mobile Devices
US20120018506A1 (en) * 2009-05-15 2012-01-26 Visa Intrernational Service Association Verification of portable consumer device for 3-d secure services
US20120231771A1 (en) 2008-10-27 2012-09-13 Ebay, Inc. Method and apparatus for authorizing a payment via a remote device
US8532612B1 (en) * 2007-03-30 2013-09-10 Google Inc. Obtaining mobile information for networked transactions
WO2013189934A1 (en) * 2012-06-22 2013-12-27 Netsize Secure in-application authentication
KR101550825B1 (en) 2015-05-15 2015-09-10 김현민 Method for credit card payment using mobile
US9256868B2 (en) * 2009-05-18 2016-02-09 Mastercard International Incorporated Switching functions for mobile payments system

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8532612B1 (en) * 2007-03-30 2013-09-10 Google Inc. Obtaining mobile information for networked transactions
TR200801801A2 (en) 2008-03-19 2009-10-21 Kuveyt Türk Katilim Bankasi A.Ş. The use of a credit card system and method that allows you to make payments via mobile phone.
US20120231771A1 (en) 2008-10-27 2012-09-13 Ebay, Inc. Method and apparatus for authorizing a payment via a remote device
US20120018506A1 (en) * 2009-05-15 2012-01-26 Visa Intrernational Service Association Verification of portable consumer device for 3-d secure services
US9256868B2 (en) * 2009-05-18 2016-02-09 Mastercard International Incorporated Switching functions for mobile payments system
US20110217994A1 (en) * 2010-03-03 2011-09-08 Boku, Inc. Systems and Methods to Automate Transactions via Mobile Devices
WO2013189934A1 (en) * 2012-06-22 2013-12-27 Netsize Secure in-application authentication
KR101550825B1 (en) 2015-05-15 2015-09-10 김현민 Method for credit card payment using mobile

Similar Documents

Publication Publication Date Title
US8924301B2 (en) Token based transaction authentication
US7349871B2 (en) Methods for purchasing of goods and services
US8615468B2 (en) System and method for generating a dynamic card value
EP1710980B1 (en) Authentication services using mobile device
US6847953B2 (en) Process and method for secure online transactions with calculated risk and against fraud
US7107248B1 (en) System and method of bootstrapping a temporary public-key infrastructure from a cellular telecommunication authentication and billing infrastructure
EP2369545B1 (en) Method of secure authentication and billing for goods and services using a cellular telecommunication and an authorization infrastructure
EP2212842B1 (en) System and method for secure management of transactions
CA2718515C (en) System and method for making electronic payments from a wireless mobile device
US7801826B2 (en) Framework and system for purchasing of goods and services
US7447494B2 (en) Secure wireless authorization system
ES2319722T3 (en) Telepago procedure and system for the practice of this procedure.
US7685020B2 (en) Mobile commerce receipt system
RU2648944C2 (en) Methods, devices, and systems for secure provisioning, transmission and authentication of payment data
EP1203357B1 (en) Short message service (sms) e-commerce
US9911118B2 (en) Device pairing via trusted intermediary
DE60131534T2 (en) Comprehensive authentication mechanism
EP2587420A1 (en) Authentication and payment system and method using mobile communication terminal
US20130226799A1 (en) Authentication process for value transfer machine
AU2011207549B2 (en) Remote variable authentication processing
US7431202B1 (en) System and method to monitor credit card transactions
US20040107170A1 (en) Apparatuses for purchasing of goods and services
US7757945B2 (en) Method for electronic payment
US8504475B2 (en) Systems and methods for enrolling users in a payment service
US20120030044A1 (en) Virtual point of sale terminal and electronic wallet apparatuses and methods for processing secure wireless payment transactions

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16834132

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16834132

Country of ref document: EP

Kind code of ref document: A1