Patent Grant
11301839
This application is a U.S. National Stage filing under 35 U.S.C. § 119, based on and claiming benefit of and priority to SG Patent Application No. 10201500276V filed Jan. 14, 2015.
This invention relates to methods and systems for permitting consumers to make a purchase, for example, but not exclusively, at a point of sale location, such as a retail store, a café or restaurant, or at a location where they pay for a service, such as in a taxi.
It has become common for consumers provided with a payment card (credit card or debit card) to employ a digital wallet to make online purchases. One well-known system is the “Masterpass™” system offered by Mastercard International Inc. and depicted in
A consumer uses software such as a browser running on a computer 101 associated with the consumer. The computer 101 is connected via the internet to a merchant server 102 (i.e. one operated by a “merchant” which retails, or offers for hire or rental, product(s) and/or service(s)). The details of one or more payment cards associated with the user are stored in a server 103 under the control of a bank which issued the cards (“issuing bank”). These details include “payment credentials”, such as the primary account number (PAN), which is conventionally a 16-digit number. The server 103 operates as a “digital wallet”, and the server 103 is designated in
The wallet provider 103 sends a message to the merchant server 102 which includes the payment credentials of the (selected) payment card in the digital wallet. The merchant server 102 passes the message to its bank 104 (the “acquiring bank”) which communicates with the bank which issued the payment card (“issuing bank”) via a payment network, for example Banknet operated by MasterCard, to authorize and subsequently effect the transfer of the corresponding sum of money. Once the payment transaction is authorized, the merchant server 102 completes the purchase, e.g. dispatching a purchased item to the consumer.
This system, while having many advantageous features, has some disadvantageous features also. One is that it involves passing the payment credentials (which are highly confidential information) to the merchant site, which may not be entirely trustworthy (e.g. if the online merchant is hacked or a fraudulent merchant site).
The present invention proposes in general terms that, upon a request from a merchant server, a secure server uses the payment credentials stored by the wallet provider to generate a token. The token is provided to the merchant server. To effect a payment transaction, the merchant server returns the token to the secure server with details of the desired payment transaction, and the secure server arranges for the payment transaction to occur, and notifies the merchant server. The merchant server does not receive the payment credentials of the payment card during this process, so even if its security is compromised, the payment credentials are not at risk.
Furthermore, the token is preferably specific to the merchant (as well as to the payment card), so even if the token is stolen by a thief, the thief is not able to use it to make a purchase from another merchant.
Typically, the secure server is not the associated with the wallet provider. It may for example, be a separate “service provider” operated by a banking organization, such as a bank at which the merchant maintains an account (the “acquiring bank”).
The invention is particularly applicable to a situation in which the consumer wants to purchase an item/service from a point-of-sale location, such as one which is physically distant from the merchant server in the sense that a telecommunications link is provided between them. The point-of-sale location may, for example, be a retail store, a restaurant or café, or even a mobile point-of-sale location such as a bus or a taxi cab. The merchant server in this case communicates with equipment located at the point-of-sale location to inform the equipment that the purchase has been authorized.
In an example, the equipment at the point-of-sale location may be responsible for calculating the transaction amount (e.g. if the purchase is of food and/or drink, the total price of the items the consumer has ordered plus any applicable taxes; or if the purchase is of a service, such as being driven on a certain journey by a taxi, the price of the service), and the transaction amount is communicated from the equipment at the point-of-sale location to the merchant server. The merchant then provides the secure server with the token and the transaction amount, so that the secure server can arrange for the transaction to be authorized and the payment to be made.
In preferred embodiments, a token is generated for each respective payment transaction. Thus, once the token has been used, a thief who acquires it cannot use it even with the same merchant.
The “payment card” referred to in this document is not necessarily a physical (e.g. plastic) card. Rather, the term refers to a credit card or debit card account, having a primary account number (PAN) maintained by a “card issuer” (typically, a bank). The PAN functions as payment credentials used when making a payment. Conventionally, the PAN is a 16-digit number, which, if a physical card exists, is printed on the card. However, a payment card can be used in the present invention irrespective of whether a physical card bearing the payment credentials exists.
Embodiments of the invention will now be described for the sake of example only, with reference to the following drawings in which:
Referring to
The system of
The CA may be supplied by the merchant, and may be arranged to present to the consumer the item(s) (product(s) and/or service(s)) which the merchant supplies. It may include a database describing these item(s), or obtain the information as required by communicating with the merchant server 112.
The merchant also operates at one or more points-of-sale distant from the merchant server (e.g. at least 500 m, at least 10 km, and perhaps 10 s, 100 s or even 1000 s of kilometers distant from the merchant server). Indeed, the point-of-sale may be a mobile point-of-sale, such as one located in a vehicle (a taxi, bus, or train), which is able to give the consumer (and/or any accompanying persons) a ride. It may alternatively be at a station where vehicles arrive or depart.
At each point-of-sale there is respective equipment running an application associated with the merchant: a “merchant application (MA)”. The consumer may be at one of these points-of-sale, and/or wishes to obtain a product and/or service delivered at this point of sale. The merchant application at this one of the points-of-sale is denoted by 112 in
The point-of-sale is typically equipped with any necessary physical items and/or personnel to implement the purchase. For example, if the purchase is of a physical product, that product may be located at the point-of-sale, so that the consumer may take it away following the purchase, or so that it can be delivered to him from the point-of-sale. In another example, if the purchase is of a food and/or beverage, the point-of-sale may be a café or restaurant, where the food and/or beverage may be prepared and consumed. In a further example, the point-of-sale may be at a location where a train, bus or taxi may be mounted or dismounted, with any necessary driver also being present. In yet a further example, purchase may relate to the rental of a physical item (e.g. a bicycle or car) and the point-of-sale may be a location where the consumer may obtain or return the physical item.
Note that the equipment running the merchant application may not be owned by the merchant, or dedicated to running the application. For example, it is possible to envisage a retail store providing equipment which is arranged to run a respective merchant application for each of a plurality of merchants. Each application would permit the consumer, when he or she is at the point-of-sale, to make a purchase of a product and/or service from the corresponding merchant.
The merchant is also able to communicate with a service provider 114 (SP). The merchant maintains a bank account with a bank 115 (“acquiring bank”), which typically also operates the service provider 114. The service provider 114 is, unlike the merchant server 112, assumed to be a secure environment. As in the system of
Turning to
In step 1, the consumer operates the consumer application 111 (CA), and decides to make a purchase, and instructs the consumer application 111 accordingly. At this stage, the consumer application 111 may display a number of different payment options (e.g. using respective payment methods), and the consumer selects to make a payment by the method proposed here. For example, he may click on branding (a payment acceptance brand) displayed by the consumer application 111 and associated with the present method. That is, it includes an acceptance of the use of a payment card registered with the digital wallet 116. Note that the displayed payment options may include multiple digital wallets (e.g. associated with different issuing banks), so that the consumer can select the appropriate digital wallet. The consumer application 111 then sends a request to the merchant server 112 (MS) to obtain payment credentials. This includes a message that a payment card registered with the digital wallet is to be used. The request further includes data specifying the identity of the point-of-sale, i.e. one at which the consumer is located and/or from which he or she wishes to receive a product and/or service. Specifically, it includes merchant information such as a unique merchant identifier for which a payment acceptance mark has been established.
In step 2, the merchant server 112 requests payment credentials from the service provider 114 (SP) by sending it a message.
In step 3, the service provider 114 requests payment credentials from the wallet provider 116 (WP) by sending it a message including the identity data.
The wallet provider 116 then verifies the identity of the consumer by further steps which are not shown in
If multiple payment cards associated with the consumer are registered with the wallet provider 116 which the consumer selected, then the consumer is enabled to select one of them.
This may be done by a separate process (not shown) of communication between the consumer and the wallet provider 116.
In step 4, the wallet provider 116 sends the service provider 114 the (real) payment credentials of the selected payment card from the wallet provider 116.
The service provider 114 then generates a token for the selected payment card. The token is preferably generated using the real payment credentials, and preferably, but not necessarily, has the format of payment card credentials (e.g. it too is a 16 digit number). It preferably also encodes the identity of the merchant. The token may be regarded an alternative payment credential linked to the original (i.e. real) payment credential transmitted by the wallet provider 116. The token may be a hexadecimal number or may mimic an ISO (independent sales organization) based card number. It may be generated by any conventional method, or for example, as described in U.S. patent application Ser. No. 14/514,290. It may subsequently be encrypted.
In step 5, the service provider 114 sends the token to the merchant server 112.
In step 6, the merchant server 112 sends the consumer application 111 a message saying that the merchant server 112 has received a token. The token is retained in the merchant server 112.
In step 7, the consumer initiates the purchase, rental or hire of a particular item (product and/or service). For example, if the consumer has ordered or been given a certain food and/or beverage, the consumer indicates that he or she wants to pay the bill for them. The consumer controls the consumer application 111 to send a message to the merchant server 112 specifying the item to be bought,
In step 8 the merchant server 112 sends the merchant application 113 a message indicating that the consumer wants to make the purchase.
In step 9 the merchant application 113 sends the merchant server 112 a message which includes the amount of the transaction (“the final transaction amount”). For example, depending upon the nature of the merchant, this might be the total (including taxes) restaurant or café bill, taxi fare, etc.
In step 10, the merchant server 112 sends the consumer's token for the selected payment card, and the final transaction amount obtained in step 9, to the service provider 114, as a transaction authorization request.
In step 11, the service provider 114 decrypts the token received in the transaction authorization request (if it was encrypted), and performs a de-tokenization operation on the token, to retrieve the (real) payment credentials which the service provider 114 received in step 4. Detokenization means that the service provider 114 converts the token obtained from the merchant server 112 to the real payment credentials (funding PAN), such as by looking the token up in a mapping table. The service provider 114 sends the real payment credentials to the acquiring bank 115. Then, according to the same steps as the prior art the bank 115 obtains authorization from the issuer of the payment card (“issuing bank”) for a payment of the final transaction amount via the payment network. The payment settlement and reconciliation will subsequently be carried out, according to a conventional protocol.
In step 12, the bank sends an authorization response to the service provider 114, indicating that the payment has been approved.
In step 13, the service provider 114 forwards the authorization response to the merchant server 112.
In step 14, the merchant server 112 notifies the consumer application 111 that the payment has been authorized. In step 15, the merchant server 112 notifies the merchant application 113 that the payment has been authorized. Note that steps 14 and 15 may alternately be performed in the opposite order or simultaneously.
Note that during this process the real payment credentials are only sent to the (secure) service provider 114, not to the (insecure) merchant server 112. Furthermore, the service provider 114 may store the payment credentials only for the time taken to generate the token, after which they can be deleted; the service provider regenerates the payment credentials in step 11.
The service provider 114 will only perform step 11 if it receives the token from the same merchant whose identity was used to generate the token. Thus, the token can only be used to make a payment using the merchant server 112. Therefore, if the token is stolen, the thief will not be able to use it to make a payment to another merchant.
Furthermore, the service provider 114 will preferably only accept a given token once. That is, when it receives the transaction authorization request, it checks that it has not previously received the token it contains, and only completes step 11 in the case that this check is positive. This means that after the transaction is completed, a thief who obtains it will not be able to use the token to make a subsequent payment via the merchant server 112. When the consumer wants to make a further transaction using the merchant 112, the entire process of
Many embodiments are possible within the scope and spirit of the invention as will be clear to a skilled reader.
Firstly, although the embodiment shown in
Secondly, the token need not necessarily encode the (real) payment credentials. Instead, the service provider 114 could issue tokens which are generated using a random or unpredictable number generator. The service provider 114 might keep a database which, for each token it has issued, contains the corresponding payment credentials, so that when the service provider receives a token, it can extract the payment credentials from its database. Alternatively, the service provider 114 might keep a database which, for each token it has issued, indicates the identity of the corresponding consumer, so that the service provider 114 can obtain the payment credentials again from the wallet provider 116.
Thirdly, in principle the operations of the wallet provider 116 and the service provider 114 could be performed by a single server (so that the messages of steps 3 and 4 are unnecessary).
This variation would, for example, be appropriate if the card issuing bank happens to be the same as the acquiring bank 113.
Fourthly, although
| Number | Name | Date | Kind |
|---|---|---|---|
| 5883810 | Franklin | Mar 1999 | A |
| 6327578 | Linehan | Dec 2001 | B1 |
| 6484182 | Dunphy | Nov 2002 | B1 |
| 7292999 | Hobson | Nov 2007 | B2 |
| 7383231 | Gupta | Jun 2008 | B2 |
| 7502760 | Gupta | Mar 2009 | B1 |
| 8335745 | Perlman | Dec 2012 | B2 |
| 9419841 | Kozolchyk | Aug 2016 | B1 |
| 9537857 | Koved | Jan 2017 | B1 |
| 9565212 | Faltyn | Feb 2017 | B2 |
| 9589298 | Pant | Mar 2017 | B2 |
| 9602508 | Mahaffey | Mar 2017 | B1 |
| 9779345 | Gaddam | Oct 2017 | B2 |
| 9846878 | Kumnick | Dec 2017 | B2 |
| 10133861 | Guionneau | Nov 2018 | B2 |
| 10223692 | Jeon | Mar 2019 | B2 |
| 10289835 | Machani | May 2019 | B1 |
| 10356053 | Zubovsky | Jul 2019 | B1 |
| 10489852 | Bhat | Nov 2019 | B2 |
| 20010037300 | Miyazaki | Nov 2001 | A1 |
| 20020049655 | Bennett | Apr 2002 | A1 |
| 20020133467 | Hobson | Sep 2002 | A1 |
| 20030028470 | Dutta | Feb 2003 | A1 |
| 20030028481 | Flitcroft | Feb 2003 | A1 |
| 20030061170 | Uzo | Mar 2003 | A1 |
| 20040059682 | Hasumi | Mar 2004 | A1 |
| 20040078273 | Loeb | Apr 2004 | A1 |
| 20040162997 | Hopmann | Aug 2004 | A1 |
| 20050102188 | Hutchison | May 2005 | A1 |
| 20050119978 | Ates | Jun 2005 | A1 |
| 20050154643 | Doan | Jul 2005 | A1 |
| 20050166263 | Nanopoulos | Jul 2005 | A1 |
| 20050192896 | Hutchison | Sep 2005 | A1 |
| 20060235795 | Johnson | Oct 2006 | A1 |
| 20060235796 | Johnson | Oct 2006 | A1 |
| 20070101152 | Mercredi | May 2007 | A1 |
| 20080223918 | Williams | Sep 2008 | A1 |
| 20090192940 | Mann, III | Jul 2009 | A1 |
| 20100088237 | Wankmueller | Apr 2010 | A1 |
| 20100100952 | Sample | Apr 2010 | A1 |
| 20110087592 | van der Veen | Apr 2011 | A1 |
| 20120259782 | Hammad | Oct 2012 | A1 |
| 20120317036 | Bower | Dec 2012 | A1 |
| 20120324242 | Kirsch | Dec 2012 | A1 |
| 20130018643 | Sharma | Jan 2013 | A1 |
| 20130263212 | Faltyn | Oct 2013 | A1 |
| 20130283361 | Rao | Oct 2013 | A1 |
| 20140067674 | Leyva | Mar 2014 | A1 |
| 20140067675 | Leyva | Mar 2014 | A1 |
| 20140074637 | Hammad | Mar 2014 | A1 |
| 20140164243 | Aabye | Jun 2014 | A1 |
| 20140189352 | Baskaran | Jul 2014 | A1 |
| 20140189808 | Mahaffey | Jul 2014 | A1 |
| 20140222668 | Wall | Aug 2014 | A1 |
| 20140223516 | Vongsouvanh | Aug 2014 | A1 |
| 20140223573 | Reedy | Aug 2014 | A1 |
| 20140229375 | Zaytzsev | Aug 2014 | A1 |
| 20140236792 | Pant | Aug 2014 | A1 |
| 20140310183 | Weber | Oct 2014 | A1 |
| 20140337230 | Bacastow | Nov 2014 | A1 |
| 20140351126 | Priebatsch | Nov 2014 | A1 |
| 20150012443 | Bhat | Jan 2015 | A1 |
| 20150134519 | Wankmueller | May 2015 | A1 |
| 20150199689 | Kumnick | Jul 2015 | A1 |
| 20150262161 | McMullan | Sep 2015 | A1 |
| 20150269566 | Gaddam | Sep 2015 | A1 |
| 20150278550 | Lin | Oct 2015 | A1 |
| 20150324789 | Dvorak | Nov 2015 | A1 |
| 20160028550 | Gaddam | Jan 2016 | A1 |
| 20160127454 | Maheshwari | May 2016 | A1 |
| 20160140335 | Proulx | May 2016 | A1 |
| 20160148197 | Dimmick | May 2016 | A1 |
| 20160203475 | Venugopalan | Jul 2016 | A1 |
| 20160224983 | Cash | Aug 2016 | A1 |
| 20160267467 | Rutherford | Sep 2016 | A1 |
| 20160321653 | Jacobs | Nov 2016 | A1 |
| 20160350747 | Pruthi | Dec 2016 | A1 |
| 20160350751 | Keys | Dec 2016 | A1 |
| 20170257215 | Huang | Sep 2017 | A1 |
| 20170323299 | Davis | Nov 2017 | A1 |
| 20180005228 | Anderson | Jan 2018 | A1 |
| 20180025342 | Shauh | Jan 2018 | A1 |
| 20180039615 | Trivedi | Feb 2018 | A1 |
| 20180075455 | Kumnick | Mar 2018 | A1 |
| 20180150836 | Kumar | May 2018 | A1 |
| 20180247294 | Shauh | Aug 2018 | A1 |
| 20190080312 | Yeager | Mar 2019 | A1 |
| 20190158487 | Hayes | May 2019 | A1 |
| 20190386831 | Jamkhedkar | Dec 2019 | A1 |
| 20210342850 | Kumar | Nov 2021 | A1 |
| Number | Date | Country |
|---|---|---|
| 1028401 | Aug 2000 | EP |
| 1400906 | Mar 2004 | EP |
| 2002024716 | Jan 2002 | JP |
| 2004094619 | Mar 2004 | JP |
| 2008152338 | Jul 2008 | JP |
| 2011209861 | Oct 2011 | JP |
| Entry |
|---|
| Mark E. Peters (Emerging eCommerce Credit and Debit Card Protocols) (Year: 2002). |
| PCT International Search Report and Written Opinion for PCT/SG2016/050014 dated Apr. 12, 2016, 7 pp. |
| Number | Date | Country | |
|---|---|---|---|
| 20160203475 A1 | Jul 2016 | US |
