WO2021183688A1 - Procédé de sécurisation d'une transaction par carte de paiement - Google Patents
Procédé de sécurisation d'une transaction par carte de paiement Download PDFInfo
- Publication number
- WO2021183688A1 WO2021183688A1 PCT/US2021/021774 US2021021774W WO2021183688A1 WO 2021183688 A1 WO2021183688 A1 WO 2021183688A1 US 2021021774 W US2021021774 W US 2021021774W WO 2021183688 A1 WO2021183688 A1 WO 2021183688A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- cardholder
- payment card
- time data
- data code
- otdc
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims description 24
- 238000004891 communication Methods 0.000 claims abstract description 20
- 230000001815 facial effect Effects 0.000 claims description 2
- 230000005540 biological transmission Effects 0.000 abstract description 6
- 230000002401 inhibitory effect Effects 0.000 abstract description 3
- 238000013475 authorization Methods 0.000 description 5
- 238000013459 approach Methods 0.000 description 4
- 230000001010 compromised effect Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 230000008867 communication pathway Effects 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000000977 initiatory effect Effects 0.000 description 2
- 230000002265 prevention Effects 0.000 description 2
- 238000010200 validation analysis Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000002411 adverse Effects 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000002829 reductive effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012216 screening Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/065—Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
- H04L9/0656—Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
- H04L9/0662—Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/018—Certifying business or products
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/06—Buying, selling or leasing transactions
- G06Q30/0601—Electronic shopping [e-shopping]
- G06Q30/0609—Buyer or seller confidence or verification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/02—Banking, e.g. interest calculation or account maintenance
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
Definitions
- the invention pertains to secure electronic purchasing in general and secure credit and debit card purchasing in particular.
- Payment Card fraud is a problem of global proportions.
- USD $27 Billion
- card-not-present fraud jumped from $3.4 Billion (USD) to 4.57 Billion (USD). By 2020, card-not-present fraud was over 80 percent more common than card-present fraud.
- the account number on a Payment Card typically contains between 13 and 19 digits and most commonly 15 or 16 digits.
- An account number being compromised is one source of Payment Card fraud. Consumers give the account number to a salesperson over a phone line or enter it into a computer system in the course of making a purchase. l This creates opportunities for the account number to become compromised by a person working for the merchant or by a person who has hacked into the merchant’ s computer system. To avoid this risk, consumers can request a single-use Payment Card number. The Payment Card company will issue a single use 13-19 digit number that can be used only once.
- Another approach to fraud prevention is transaction monitoring.
- Card companies keep watch on the cardholders’ purchase behavior. If a purchase is made with the Card number that appears out of line with the cardholder’s ordinary purchasing patterns, whether in terms of location for card- present transactions or in terms of amount or the nature of the purchase for card-not-present transactions, the Card company may put a hold on the transaction, refusing to allow the transaction to proceed until the card holder can be reached. The card may be inactivated as well, pending verification of the transaction by the consumer. The effectiveness of this approach is open to debate, as less brazen criminals are unlikely to trigger the system. Additionally, false positives under this approach are extremely undesirable from the perspective of the Payment Card company, as they inhibit use of the Card by the consumer.
- a system for preventing or inhibiting Payment Card fraud is disclosed.
- the network will convey cardholder identifying information to the bank that issued the Payment Card.
- the issuing bank will generate a random, one time data code (OTDC) upon receipt of cardholder identifying information and an indication that the cardholder is attempting to use the card.
- the cardholder may request an OTDC from the issuing bank, either by directly messaging the issuing bank or via an automated communication between the cardholder’s mobile device and the issuing bank.
- the issuing bank will transmit the OTDC to the cardholder, which transmission may be encrypted and secured. Provision of an OTDC is part of the issuing bank’ s transaction approval criteria.
- the cardholder will provide the OTDC to the merchant.
- the transaction should not be approved.
- the OTDC will only work for the transaction in question, and it will preferably expire shortly after its generation, if it remains unused.
- Figure 1 A is a front view of a exemplary Payment Card.
- Figure IB is a rear view of an exemplary Payment Card.
- Figure 2 is a flow chart illustrating the steps of a preferred embodiment of the fraud prevention system disclosed herein.
- the transaction is initiated 1 when a cardholder 40 presents his or her Payment Card 20 or card number 30 to a merchant, such as Wal-martTM, a service station, AmazonTM, or a local plumber.
- the merchant transmits (at a minimum) 2A the card number 30 (or a code corresponding to the card number 30) and the transaction amount to the merchant bank or its processor(s)(collectively, the “merchant bank”), which transmits the card number 30 (or a code) to the issuing bank or its processor(s)(collectively, the “issuing bank” or “issuer bank” 45) via the appropriate card network 80, which are commonly indicated on the face of the Payment Card 20.
- the most common card networks are BanknetTM which processes MasterCardTM transactions and VisaNetTM which processes VisaTM transactions.
- Common issuing banks 45 include ChaseTM, Capital OneTM, Bank of AmericaTM, etc.
- American ExpressTM and DiscoverTM have their own networks; however, in addition to being networks American ExpressTM and DiscoverTM are also the issuing bank 45, serving dual roles in their systems.
- conventional banking facilities are not necessary for a bank to issue payment cards 20.
- the issuing bank 45 may be a digital bank. Criteria to be an issuing bank 45 will typically be determined by the card network 80.
- the cardholder information was contained in a magnetic strip 44 on the back of the Payment Card 20, though most modem Payment Cards 20 contain this information in the EMV chip 90 and/or contactless chip 49, which are usually provided in addition to the magnetic strip 44.
- the foregoing communication typically takes place over a telecommunication system such as the telephone system or the Internet.
- the issuing bank 45 determines 4 whether the transaction meets its criteria - the “transaction approval criteria” - and issues a code approving 14A or declining 14B the transaction, which is transmitted back through the card network to the merchant. At this point, the transaction is authorized (or not).
- the transaction approval criteria of issuing banks may vary substantially. Most check to ensure that the transaction will not exceed the credit limit or funds available associated with the Payment Card 20, that the cardholder 40 is in good standing, and that the Payment Card 20 is not expired.
- the issuing bank 45 may require the cardholder 40 to enter a personal identification number (PIN) or to provide a signature.
- PIN personal identification number
- the EVC information from the chip 90 will typically be required.
- many issuing banks 45 require the cardholder’ s billing address to be provided to the merchant.
- Many issuing banks 45 also require the merchant to obtain the card verification value (CVV) 46 from the cardholder 40. This is, typically, a three or four digit code on the back of many Payment Cards 20.
- CVV card verification value
- the transaction should not be authorized.
- Many issuing banks 45 also put a limit on the number of times a particular card number 30 may be attempted to be used without passing the transaction approval criteria, essentially “locking” the card number 30 for some period of time if too many failed attempts are made. How many are too many may vary, but 3 to 5 and most preferably 3 failed attempts before locking the card number 30 is an appropriate number to avoid brute force attacks. In a preferred embodiment of the invention, an additional security measure is provided.
- the issuing bank’s transaction authorization system typically a backend server, will generate 3 a one time data code (OTDC), sometimes referred to as a card-not-present transaction number (CNPN), though it may be used in card-present and card-not-present transactions.
- ODC one time data code
- CNPN card-not-present transaction number
- initiation of the transaction 1 will cause the cardholder’ s Payment Card number 30 or other cardholder identifying information to be transmitted 2A to the issuing bank 45.
- the merchant transmits information to the merchant’s bank or processor(s) which transmit information to the issuing bank 45 or its processor via the card network.
- the channels of communication Accordingly, these are not repeated for each communication between the merchant and the issuing bank 45.
- Receipt of sufficient information by the issuing bank 45 to (a) identify the cardholder 40 and (b) indicate that the cardholder 40 is attempting to conduct a transaction using the Payment Card 20 will trigger the issuing bank 45 to generate 3 an OTDC.
- the cardholder 40 may initiate the generation of an OTDC, by sending the issuing bank 45 a request 2B for an OTDC.
- OTDC Whether the OTDC is generated 3 automatically by the issuing bank 45 in response to information indicating that a transaction has been initiated 2 A or at the request 2B of the cardholder 40, generation of an OTDC may be done by a random number generator.
- the random number generator may be a true random number generator, a pseudo-random number generator, or a cryptographically secure pseudo-random number generator. All of these are intended to be encompassed within the phrase, “random number generator.” There are many different computer based random number generators known and available to those of skill in the art.
- the OTDC may be as many digits as the issuing bank 45 desires. Typically, the OTDC will be three to five digits. If letters or special characters are desired, they may be included in the OTDC.
- the issuing bank’s computer system may check 4 the OTDC to ensure that it hasn’t been utilized by the cardholder 40 or with the cardholder’s Payment Card number 30 before. If the randomly generated OTDC is not unique, or if it does not meet some other criteria of the issuing bank 45, the ineligible OTDC will be discarded and a new OTDC will be generated before the OTDC is transmitted 6 by the issuing bank 45. In some embodiments, the list of OTDC’s ineligible for use with a particular Payment Card 20 will reset. Generally speaking, the shorter the OTDC, the more likely a reset will be required to prevent the system from running out of eligible OTDC’s.
- the list of ineligible OTDC’s may reset once a set passage of time has expired - every thirty or ninety days for example. The list could reset every time Payment Card 20 expires and a new Payment Card 20 is issued. The list could reset every time a new card number 30 is issued. The list of ineligible OTDC’ s may never reset. A reset may be unnecessary when the OTDC is five of more digits in length. Finally, a list of ineligible OTDC’s is a security option, not a requirement. Because the OTDC is randomly generated, the odds of a new, randomly generated OTDC matching an earlier OTDC will be negligible - roughly 1/1000 for a three digit OTDC.
- Knowing one or even several OTDC’ s previously used with a particular payment card number 30 would be very unlikely to enable a third party to use the credit payment number 30 to make an unauthorized purchase even if the OTDC’ s were reused because a previously used OTDC is very unlikely to match the OTDC generated for the transaction in question.
- the issuing bank 45 locks card numbers 30 for excessive failed attempts to pass the transaction authorization criteria, the already small risk of a previously used OTDC being successfully used to fraudulently obtain authorization for a particular transaction is further reduced.
- the issuing bank 45 will transmit 6 the OTDC to the cardholder 40. It will be appreciated that generation of the OTDC and any screening of the selection will be performed by the issuing bank’s computer system. Transmission of the OTDC to the cardholder 40 may be via a variety of means. Transmission of the OTDC to the cardholder 40 may be done by email or text, telephone call, push notification, or any other communication pathway. The issuing bank 45 may encrypt 5 the message containing the OTDC and send the message to the cardholder 40 in a format that may require a security key from the cardholder 40 to open.
- the preferred embodiment will preferably use asymmetric encryption to secure the OTDC, though many commercially available encryption systems are available.
- security keys that may be used to authorize opening of the message include passwords and biometric keys such as a match from a fingerprint reader, facial recognition software, iris recognition software, voice recognition software or combinations of the foregoing.
- the transmission 6 of the OTDC to the cardholder 40 will be received 7 by the cardholder’ s personal portable computing device such as a tablet, netbook, or cellphone, which may be a smartphone (collectively, a “mobile device” ) or by a mobile device otherwise associated with the cardholder 40.
- the mobile device’s security may provide sufficient security. For example, if the cardholder’ s mobile device requires a password or a biometric key to open the mobile device, this may be sufficient to allow one using the mobile device to open or access the message containing the OTDC. Alternatively, the message containing the OTDC may require similar, independent security to open. Finally, the additional security is an option, not a requirement of the system. There is no requirement that any security be in place to open the message. If the issuing bank
- the message containing the OTDC may be transmitted without additional security.
- the cardholder 40 may use his or her mobile device as a digital version of the Payment Card 20.
- a downloadable mobile application designed to be compatible across mobile operating systems on mobile devices, such as iOS and Android operating systems and other like systems will be installed on the cardholder’s mobile device.
- a connected network may provide data storage, computing functionality, application security, and similar functionality.
- the cardholder 40 will enter identification information to create an account.
- the cardholder’ s identification information may include, without being limited to these items, some or all of the following: the cardholder’s name; the cardholder’s social security number; the cardholder’s date of birth; the cardholder’s home or billing address, and the cardholder’s driver’s license or other state or federally issued identification number.
- the cardholder 40 may also enter a payment card number 30, the expiration date 47 of the Payment Card 20, and the CVV number 46 for the Payment Card 20.
- the payment card number 30 and other cardholder identifying information will be stored on the mobile device or in a remote, typically cloud-based, data storage location. Much of the information above may correspond to the information typically found in computer chips 90 embedded in Payment Cards 20 utilizing EMV protocol.
- the information in or associated with the mobile device will be information sufficient to identify cardholder 40 and the account number 30, and information sufficient to identify the issuing bank 45. This allows the cardholder 40 to make contactless purchases - that is, a purchase from a merchant without presenting a physical Payment Card 20 to the merchant.
- Some Payment Cards 20 include contactless chips 49.
- Contactless chips 49 utilize radio-frequency identification (RFID) technology.
- RFID radio-frequency identification
- the merchant’ s card reader powers the contactless chip in the card which then emits a signal containing information sufficient to identify the cardholder 40 and the issuing bank 45. This information is then transmitted to the issuing bank 45 along with the other transaction information.
- the communication to the cardholder 40 of the OTDC may be performed as an in-application communication.
- the security measures discussed above may, optionally, be utilized to control access to any in-application communications, including messages containing the OTDC.
- the cardholder 40 will provide 8 the appropriate security key to allow the message containing the OTDC to be opened.
- the cardholder 40 When the communication to the cardholder 40 of the OTDC is encrypted, the cardholder 40 will have a decryption key to allow the cardholder’ s mobile device to decrypt 10 the communication.
- the decryption key may be contained on the cardholder’ s mobile device and/or contained within the downloadable mobile application on the mobile device. Updated decryption key(s) may be provided by the issuing bank 45 from time-to-time, via the same communication methods used to transmit the OTDC.
- the issuing bank’s computer system may generate 3 the OTDC upon receipt of information indicating that a transaction has been initiated and identifying the card holder 2A.
- a transaction is initiated when the cardholder 40 does anything to attempt to effect a purchase from a merchant and provides information via the merchant or the merchant’s computer network sufficient to allow the issuing bank 45 to identify the cardholder 40.
- the cardholder’ s mobile device could contact the issuing bank 45 directly, via the Internet or other telecommunication network, to alert the issuing bank 45 that an OTDC needs to be generated.
- This request 2B may occur automatically when the cardholder 40 commences use of the mobile device as a Payment Card 20, or the cardholder 40 may use the mobile device to contact the issuing bank 45 to request 2B an OTDC prior to using the mobile device or a physical Payment Card 20 to make a purchase or prior to initiating a card-not-present transaction online or over the phone. Regardless of what prompts the OTDC to be generated 3, it is transmitted 6 to the cardholder
- the OTDC is not provided to the issuing bank 45 by the merchant or the merchant’s system, the transaction should not be approved.
- the OTDC may have an expiration date or time.
- the OTDC may not work unless it is used within a set number of hours or minutes from when it is generated.
- the merchant may be identified to the issuing bank 45.
- the OTDC may be limited to use in a transactions with the identified merchant.
- the system may be configured to notify the cardholder 40 if an attempt was made to use the cardholder’s Payment Card number 30 that did not meet the issuing bank’s transaction approval criteria. This notification may include where the attempted transaction took place and what time the attempted transaction occurred.
- the system may provide the cardholder 40 with details as to why the transaction approval criteria were not satisfied, such as failure to input a correct OTDC.
- the disclosed system may automatically generate a communication, populate the communication with information about the failed transaction attempt, and send the communication to the cardholder 40.
- the disclosed system may send the communication to the cardholder 40 via email, text message, telephone call, push notification, or any other communication pathway, and the communication may be provided as an in-application communication.
- validation information may be provided to the cardholder 40. This could include date, time, merchant location, and amount. This may be provided to the cardholder 40 with text, email, push notification, in-application communication or any other means of communication.
- the validation information may also be maintained in a registry by the issuing bank 45 in a format accessible to the cardholder 40.
- a cardholder 40 will initiate 1 a purchase either in the physical presence of the merchant, online, or over the telephone.
- transmission 2A to the issuing bank 45 of the payment card number 30 or other cardholder identifying information will prompt the issuing bank 45 to generate 3 an OTDC.
- the issuing bank 45 will transmit 6 the OTDC to the cardholder 40 , most typically by transmitting 6 the
- the mobile device may prompt the cardholder 40 to provide a security key, which if provided will allow the mobile device to decrypt, display, and/or otherwise release 10 the OTDC.
- the cardholder 40 will then enter or otherwise provide 11 the OTDC to the merchant.
- this may be done on a keypad as the PIN stage of the transaction or in addition to the PIN stage of the transaction.
- this may be done as the CVV stage of the transaction or in addition to the CVV stage of the transaction.
- the mobile device may provide the OTDC directly to the merchant’ s terminal.
- the merchant will then transmit 12 the OTDC, and any other transaction information not already provided, to the issuing bank 45. If the OTDC matches the number generated by the issuing bank 45, and the issuing bank’s other transaction authorization criteria are met, 13 the transaction will be authorized 14 A. However, if the OTDC provided to the merchant 4 does not match the OTDC generated by the issuing bank 45, or if the bank’s other authorization criteria are not met, the transaction should not be authorized 14B.
- the OTDC may be used in ATM transactions as well.
- the term merchant includes an ATM.
- Most ATM (automated teller machine) transaction utilize card and PIN security.
- placing the Payment Card 20 into the ATM or, in any ATM’s that utilize touchless technology scanning the cardholder information into the ATM will cause a signal to be transmitted to the issuing bank 45, triggering the generation of an OTDC which will then be transmitted to the cardholder’s mobile device.
- the cardholder 40 will provide the OTDC to the ATM in lieu of or in addition to the PIN, at which point the ATM transaction will be allowed to proceed. If the OTDC is not provided to the ATM, the ATM transaction should not be authorized.
- the issuing bank 45 (or its processors) are responsible for generating the OTDC in most of the embodiments disclosed herein, those of skill in the art will appreciate that an intermediary could be responsible for generating the OTDC.
- the card network 80 could generate the OTDC and transmit it to both the cardholder 40 and the issuing bank 45. From there, the process would be the same.
- the cardholder 40 would transmit the OTDC to the merchant who would then transmit the OTDC to the issuing bank 45.
- the transaction would not be approved unless the OTDC provided to the issuing bank 45 by the merchant matched the OTDC generated by the intermediary.
- the identity of the intermediary is not important, except that the intermediary should not be the merchant, nor should the intermediary ever convey the OTDC to the merchant.
- the advantages of the present security system are multi-fold. If the cardholder’ s payment card number 30 is compromised, it cannot be used to make a purchase without the OTDC. Acquiring the OTDC will not allow a third party to make a purchase without the payment card number 30 and other elements of the issuing bank’s transaction approval criteria. Even acquiring the OTDC and the payment card number 30 will not allow a third party to make additional purchases on the Payment Card 20.
- the OTDC is a single use code. It is generated for the transaction in question and good for that transaction only. Having the payment card number 30 and an old OTDC will not allow a third party to make a purchase. A third party must have both the payment card number 30 and the current OTDC to make a purchase using the Payment Card 20. Obtaining one without the other is useless.
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Finance (AREA)
- Accounting & Taxation (AREA)
- Theoretical Computer Science (AREA)
- General Business, Economics & Management (AREA)
- Signal Processing (AREA)
- Development Economics (AREA)
- Economics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Marketing (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Entrepreneurship & Innovation (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)
Abstract
Priority Applications (8)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CA3170260A CA3170260A1 (fr) | 2020-03-10 | 2021-03-10 | Procede de securisation d'une transaction par carte de paiement |
CN202180033778.0A CN115605900A (zh) | 2020-03-10 | 2021-03-10 | 保障支付卡交易安全的方法 |
BR112022018239A BR112022018239A2 (pt) | 2020-03-10 | 2021-03-10 | Método para proteger uma transação de cartão de pagamento |
EP21768819.1A EP4118558A4 (fr) | 2020-03-10 | 2021-03-10 | Procédé de sécurisation d'une transaction par carte de paiement |
MX2022011100A MX2022011100A (es) | 2020-03-10 | 2021-03-10 | Metodo para asegurar una transaccion con tarjeta de pago. |
AU2021233841A AU2021233841A1 (en) | 2020-03-10 | 2021-03-10 | A method of securing a payment card transaction |
US17/939,310 US20230004990A1 (en) | 2020-03-10 | 2022-09-07 | Method of securing a payment card transaction |
ZA2022/11085A ZA202211085B (en) | 2020-03-10 | 2022-10-10 | A method of securing a payment card transaction |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US202062987402P | 2020-03-10 | 2020-03-10 | |
US62/987,402 | 2020-03-10 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2021/021785 Continuation WO2021183697A1 (fr) | 2020-03-10 | 2021-03-10 | Jeu vidéo électronique de sport |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2021183688A1 true WO2021183688A1 (fr) | 2021-09-16 |
Family
ID=77671962
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2021/021774 WO2021183688A1 (fr) | 2020-03-10 | 2021-03-10 | Procédé de sécurisation d'une transaction par carte de paiement |
Country Status (8)
Country | Link |
---|---|
EP (1) | EP4118558A4 (fr) |
CN (1) | CN115605900A (fr) |
AU (1) | AU2021233841A1 (fr) |
BR (1) | BR112022018239A2 (fr) |
CA (1) | CA3170260A1 (fr) |
MX (1) | MX2022011100A (fr) |
WO (1) | WO2021183688A1 (fr) |
ZA (1) | ZA202211085B (fr) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080154770A1 (en) * | 2003-06-04 | 2008-06-26 | Bruce Rutherford | Customer Authentication In E-Commerce Transactions |
US20080283591A1 (en) * | 2007-05-17 | 2008-11-20 | Oder Ii John David | Secure payment card transactions |
US20100241571A1 (en) * | 2009-03-20 | 2010-09-23 | Mcdonald Greg | System and method for cardless secure on-line credit card/debit card purchasing |
US20120011066A1 (en) * | 2010-07-12 | 2012-01-12 | Telle Todd N | Methods and systems for authenticating an identity of a payer in a financial transaction |
US20140279499A1 (en) * | 2013-03-12 | 2014-09-18 | Larry J. Kane | Single use qr code authorization system |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090222383A1 (en) * | 2008-03-03 | 2009-09-03 | Broadcom Corporation | Secure Financial Reader Architecture |
SG10201708440TA (en) * | 2017-10-12 | 2019-05-30 | Mastercard International Inc | Computer system and computer-implemented method for processing payment card transactions |
-
2021
- 2021-03-10 BR BR112022018239A patent/BR112022018239A2/pt unknown
- 2021-03-10 AU AU2021233841A patent/AU2021233841A1/en active Pending
- 2021-03-10 EP EP21768819.1A patent/EP4118558A4/fr active Pending
- 2021-03-10 MX MX2022011100A patent/MX2022011100A/es unknown
- 2021-03-10 WO PCT/US2021/021774 patent/WO2021183688A1/fr unknown
- 2021-03-10 CA CA3170260A patent/CA3170260A1/fr active Pending
- 2021-03-10 CN CN202180033778.0A patent/CN115605900A/zh active Pending
-
2022
- 2022-10-10 ZA ZA2022/11085A patent/ZA202211085B/en unknown
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080154770A1 (en) * | 2003-06-04 | 2008-06-26 | Bruce Rutherford | Customer Authentication In E-Commerce Transactions |
US20080283591A1 (en) * | 2007-05-17 | 2008-11-20 | Oder Ii John David | Secure payment card transactions |
US20100241571A1 (en) * | 2009-03-20 | 2010-09-23 | Mcdonald Greg | System and method for cardless secure on-line credit card/debit card purchasing |
US20120011066A1 (en) * | 2010-07-12 | 2012-01-12 | Telle Todd N | Methods and systems for authenticating an identity of a payer in a financial transaction |
US20140279499A1 (en) * | 2013-03-12 | 2014-09-18 | Larry J. Kane | Single use qr code authorization system |
Non-Patent Citations (2)
Title |
---|
MARKETING DEPARTMENT: "How to Secure Credit Card Transactions", CENTURY BUSINESS SOLUTIONS, 24 February 2017 (2017-02-24), pages 1 - 6, XP055857530, Retrieved from the Internet <URL:https://www.centurybizsolutions.net/credit-card-processing/how-to-secure-credit-card-transactions/> [retrieved on 20211103] * |
See also references of EP4118558A4 * |
Also Published As
Publication number | Publication date |
---|---|
BR112022018239A2 (pt) | 2022-10-25 |
ZA202211085B (en) | 2024-02-28 |
CN115605900A (zh) | 2023-01-13 |
EP4118558A4 (fr) | 2024-03-27 |
CA3170260A1 (fr) | 2021-09-16 |
MX2022011100A (es) | 2023-01-11 |
EP4118558A1 (fr) | 2023-01-18 |
AU2021233841A1 (en) | 2022-11-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8930273B2 (en) | System and method for generating a dynamic card value | |
US9361619B2 (en) | Secure and convenient mobile authentication techniques | |
JP5199095B2 (ja) | 近接デバイスにおける安全なアカウントナンバーのためのシステムおよび方法 | |
US10671988B2 (en) | Methods and systems for processing an electronic payment | |
EP2332092B1 (fr) | Appareil et procédé pour empêcher un accès non autorisé à une application de paiement installée dans un dispositif de paiement sans contact | |
US9286604B2 (en) | Over the air management of payment application installed in mobile device | |
AU2007290325B2 (en) | Transaction authentication using network | |
US20160155114A1 (en) | Smart communication device secured electronic payment system | |
US20140279555A1 (en) | Dynamically allocated security code system for smart debt and credit cards | |
US20160148194A1 (en) | Radio Frequency Powered Smart, Debit and Credit Card System Employing a Light Sensor to Enable Authorized Transactions | |
US20120203698A1 (en) | Method and System for Fraud Detection and Notification | |
US20140263624A1 (en) | Radio Frequency Powered Smart, Debit, and Credit Card System Employing A Light Sensor To Enable Authorized Transactions | |
US20070143230A1 (en) | Transaction verification system | |
US11936684B2 (en) | Systems and methods for protecting against relay attacks | |
JP2009507308A5 (fr) | ||
US20170024742A1 (en) | Methods and systems for using a consumer identity to perform electronic transactions | |
EP2787475A2 (fr) | Système de code de sécurité generée dynamiquement pour les cartes à puce, de crédit et de débit | |
US20230004990A1 (en) | Method of securing a payment card transaction | |
EP4020360A1 (fr) | Échange sécurisé de justificatifs sans contact | |
WO2021183688A1 (fr) | Procédé de sécurisation d'une transaction par carte de paiement | |
John | METHOD AND SYSTEM FOR SECURE CREDENTIAL GENERATION | |
Sinha | Is Your ATM Card Really Safe? | |
KR20040068445A (ko) | 휴대폰 승인번호를 이용한 신용/현금 카드 사용승인 처리방법 및 시스템 | |
KR20110106977A (ko) | 카드결제보안방법 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 21768819 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 3170260 Country of ref document: CA |
|
REG | Reference to national code |
Ref country code: BR Ref legal event code: B01A Ref document number: 112022018239 Country of ref document: BR |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 2021768819 Country of ref document: EP Effective date: 20221010 |
|
ENP | Entry into the national phase |
Ref document number: 112022018239 Country of ref document: BR Kind code of ref document: A2 Effective date: 20220912 |
|
ENP | Entry into the national phase |
Ref document number: 2021233841 Country of ref document: AU Date of ref document: 20210310 Kind code of ref document: A |