1. Field
The present application relates generally to online transactions, and more specifically to systems and methods for reducing the risk of credit card data theft associated with online transactions.
2. Background
Traditionally, online payments with credit cards involve the entry of credit card data (e.g., credit card number, expiration date, security code, cardholder name, billing address, etc.) at a given web site, such as, for example, at an online or electronic commerce (e-commerce) merchant site, payment processing site (e.g., PayPal), or the like.
Known online transaction systems and methods typically involve having the user enter his or her credit card data at a website or via a mobile application, which in turn may involve transmitting the credit card data over the Internet. While there have been some improvements to securing connections between computers that send or receive sensitive information (e.g., credit card data), such information may become susceptible to interception when transmitted between nodes on the Internet. In addition, other risks associated with online transactions include keystroke logging technologies (hardware and software-based) that make it possible to track or log the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored. Accordingly, it would be desirable to allow online customers and merchants to conduct online transactions without having the customers enter and send their credit card data over the Internet.
The following presents a simplified summary of one or more embodiments in order to provide a basic understanding of such embodiments. This summary is not an extensive overview of all contemplated embodiments, and is intended to neither identify key or critical elements of all embodiments nor delineate the scope of any or all embodiments. Its sole purpose is to present some concepts of one or more embodiments in a simplified form as a prelude to the more detailed description that is presented later.
In accordance with one or more embodiments and corresponding disclosure thereof, various aspects are described in connection with methods for secure payment processing. In one approach, the method may be performed by a registration server in an e-commerce network. For example, the method may involve receiving registration information from a user. The method may involve authenticating the user based at least in part on the received registration information. The method may involve gathering data regarding open credit card accounts for the user. In related aspects, gathering may involve accessing the data from a credit information entity (e.g., pulling the credit report from a credit bureau server). In the alternative, or in addition, gathering may involve receiving the data from the user (e.g., having the user input information regarding the open credit card accounts). In further related aspects, an electronic device may be configured to execute the methodology described above.
In accordance with one or more embodiments and corresponding disclosure thereof, various aspects are described in connection with a secure payment method operable by an authentication server in an e-commerce network. For example, the method may involve receiving log-in information for a user. The method may involve, in response to the received log-in information matching stored authentication information, accessing data regarding open credit card accounts for the user from a credit information entity, such as, for example, a credit bureau. The method may involve sending secure account information about the open credit card accounts to at least one network entity (e.g., a registration server, a user device, and/or a merchant server). In related aspects, the method may further involve, in response to the user selecting a given one of the accounts from the secure account information, determining whether sufficient credit is available for the selected given account. The method may also involve, in response to verifying availability of the sufficient credit, processing a transaction with the selected given account (e.g., sending information regarding the selected given account and the transaction to a payment processing engine). In further related aspects, an electronic device may be configured to execute the methodology described above.
In accordance with one or more embodiments and corresponding disclosure thereof, various aspects are described in connection with a secure payment method operable by a user device. For example, the method may involve receiving log-in information from a user and sending the log-in information to an authentication server. The method may involve, in response to the log-in information matching authentication information at the authentication server, receiving data regarding open credit card accounts for the user. The method may involve displaying secure account information about the open credit card accounts based at least in part on the received data. In related aspects, the received data is based at least in part on a credit report for the user pulled from a credit bureau server and/or user-provided information. In further related aspects, an electronic device may be configured to execute the methodology described above.
To the accomplishment of the foregoing and related ends, the one or more embodiments comprise the features hereinafter fully described and particularly pointed out in the claims. The following description and the annexed drawings set forth in detail certain illustrative aspects of the one or more embodiments. These aspects are indicative, however, of but a few of the various ways in which the principles of various embodiments may be employed and the described embodiments are intended to include all such aspects and their equivalents.
Various embodiments are now described with reference to the drawings, wherein like reference numerals are used to refer to like elements throughout. In the following description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of one or more embodiments. It may be evident, however, that such embodiment(s) can be practiced without these specific details. In other instances, well-known structures and devices are shown in block diagram form in order to facilitate describing one or more embodiments.
The techniques described herein may be used for or within various online or electronic commerce (e-commerce) systems, sub-systems, and/or components thereof. With reference to
It is noted that, in other embodiments, some of the system entities may not be in operative communication with each other. It is further noted that, in other embodiments, one or more of the system entities may be combined or may be part of another system entity. For example, the registration server 110 and the authentication server 112 may be combined into a single system entity.
In related aspects, one or more of the system entities may comprise a computing device, server, wired or wireless communication device, or any other machine/device capable of communication with a computer network. In further related aspects, one or more of the system entities may communicate with each other a communication network, such as the Internet, preferably via secured connections or links.
Referring to
With reference to
In related aspects, the credit card data displayed to the user may be in the form of secure account information. The secure account information may be based on or include parts of data regarding open credit card accounts from a credit card report for the user. The data may be pulled from or accessed at a credit bureau server or the like. For example, the secure account information may be a subset of the pulled data. The subset of the pulled data may be truncated versions of credit card numbers. The truncated versions may be the last four digits of the credit card numbers or the like.
With reference to
In related aspects, the techniques of process 300 may be used on any e-commerce website. The user may select the present secured transaction service, as they would with PayPal or a credit card. However, no credit card data entry by the user is required, thereby preventing the transmission of user-entered credit card data across the Internet.
In further related aspects, the techniques of the secure payment service described herein gives customers a safe and secure way to make online purchases. The techniques described herein allow customers to make purchases online using credit card information from their credit report. The techniques described herein allow customers to monitor their credit card data and stay informed regarding changes to their credit availability, and also allow the user to report lost or stolen credit cards.
With reference to
With continued reference to
In related aspects, an account management page may be displayed to the user to allow the user to view available credit cards and/or set preferences. An example account management page is shown in
In view of exemplary systems shown and described herein, methodologies that may be implemented in accordance with the disclosed subject matter, will be better appreciated with reference to various flow charts. While, for purposes of simplicity of explanation, methodologies are shown and described as a series of acts/blocks, it is to be understood and appreciated that the claimed subject matter is not limited by the number or order of blocks, as some blocks may occur in different orders and/or at substantially the same time with other blocks from what is depicted and described herein. Moreover, not all illustrated blocks may be required to implement methodologies described herein. It is to be appreciated that functionality associated with blocks may be implemented by software, hardware, a combination thereof or any other suitable means (e.g., device, system, process, or component). Additionally, it should be further appreciated that methodologies disclosed throughout this specification are capable of being stored on an article of manufacture to facilitate transporting and transferring such methodologies to various devices. Those skilled in the art will understand and appreciate that a methodology could alternatively be represented as a series of interrelated states or events, such as in a state diagram.
In accordance with one or more aspects of the embodiments described herein, the secure payment techniques described herein involve (a) having the user sign up a secure payment account, (b) having the merchant set up to the secure payment processing service, and (c) having the user select and use the secure payment service on the merchant's website. With reference to
For example, if the user provides permission to pull data regarding open credit card accounts, the method 500 involves, at 508, having the secure payment system determine whether authentication is required. If so, at 509, the requisite authentication data may be provided by the user and, at 510, a pull is made from a data source for credit card data (e.g., a credit bureau or credit information entity/group), wherein the credit card data may include card names, card numbers (e.g., masked), account statuses (e.g., open, closed, over the limit, past due, collection, etc.), current balances, current payment amounts, etc. If not, the pull may be made from the data source without authentication. In related aspects, the secure payment system may assign a unique PIN to each card account pulled from the data source. In further related aspects, the user may provide credit card data to be used in conjunction with, or in lieu of, the pulled credit card data.
At 512, the user may be shown a list of credit card accounts according to the information or report pulled from the data source. In related aspects, the user may be shown balances on his/her cards (e.g., per latest balance reported on the pulled data, such as a credit report or the like) at the time of the online transaction at the merchant's website. An example of the information displayed to the user is illustrated in the embodiment of
With reference once again to
In related aspects, the user may select notification preferences about his/her secure payment account and/or associated credit card accounts. In further related aspects, the online transactions are not limited to the purchase of goods or services on the merchant's site. For example, the online transactions may generally involve cash transfers (e.g., at an online auction site) that may include incoming cash to the user's secure payment account or outbound cash to other secure payment accounts. The user may decide which other users have access to given ones of his/her card accounts (e.g., for inbound cash transfers or purchases).
With reference to
With reference to
At 606, in response to the user being found or authenticated, the secure payment system may obtain the current credit card information for the user and update the user's secure payment account. For example, the secure payment system may pull the current credit card information from a credit bureau or credit information entity (e.g., Experian), and match the pulled information to the user's secure payment account (e.g., card nickname, expiration date, etc.). The secure payment system may add new card accounts and/or notations regarding the status of the user's card accounts tied to the user's secure payment account. In one embodiment, the secure payment system may display a secure payment member home page to the user, as shown in the example screen shot of
With reference once again to
At 610, the user may be shown a list of card accounts associated with his/her secure payment account, and the user may select the card to use for the transaction. At 612, the secure payment system may send the transaction information to a payment processing engine associated with the selected card. For example, the transaction information may include details regarding the purchase date/time, the merchant, the amount, and the card account (e.g., the nickname of the card account selected for the transaction). At 614, the secure payment system may receive a response from the payment processing engine. At 616, the secure payment system may relay the response to the merchant's website. The response may include or be appended with a identifier for the user-selected card account such that the merchant may initiate credits/refunds without the user having to sign in. At 618, the secure payment system may notify the user (e.g., via email, SMS messaging, and/or phone call) regarding the purchase as appropriate. The notification may include the transaction information and a request to contact the secure payment system immediately if the user did not authorize the transaction. The notification to the user may include information regarding purchases, card expirations, newly opened card accounts, card accounts being closed or past due or in collection, and card balances or over the limit warnings. The notification may indicate changes to the user's secure payment account generally, such as, for example, that permission has been granted, changed, or revoked for purchase rights. The notification may indicate that purchase limit has been reached for using ones of the card accounts for the secure payment account. The notification may relate to an upcoming expiration date for a given card account, and may include a request to update card account information (e.g., a new expiration date).
As mentioned previously, involvement of the secure payment system in online transactions is not limited to the purchase of good or services at a merchant's website. As shown in
In accordance with one or more aspects of the subject of this disclosure, there is provided a method for secure online payments. With reference to
With reference to
In accordance with one or more aspects of the embodiments described herein, there are provided devices and apparatuses secure online payments, as described above with reference to
For example, the apparatus 1300 of
In related aspects, the apparatus 1300 may optionally include a processor component 1310 having at least one processor, in the case of the apparatus 1300 configured as a network entity, rather than as a processor. The processor 1310, in such case, may be in operative communication with the components 1302-1306 via a bus 1312 or similar communication coupling. The processor 1310 may effect initiation and scheduling of the processes or functions performed by electrical components 1302-1306.
In further related aspects, the apparatus 1300 may include a communication or transceiver component 1314. A stand alone receiver and/or stand alone transmitter may be used in lieu of or in conjunction with the transceiver 1314. The apparatus 1300 may optionally include a component for storing information, such as, for example, a memory device/component 1316. The computer readable medium or the memory component 1316 may be operatively coupled to the other components of the apparatus 1300 via the bus 1312 or the like. The memory component 1316 may be adapted to store computer readable instructions and data for effecting the processes and behavior of the components 1302-1306, and subcomponents thereof, or the processor 1310, or the methods disclosed herein. The memory component 1316 may retain instructions for executing functions associated with the components 1302-1306. While shown as being external to the memory 1316, it is to be understood that the components 1302-1306 can exist within the memory 1316.
In accordance with one or more aspects of the embodiments described herein, there is provided a methodology operable by an authentication server or the like in an e-commerce network. With reference to
With reference to
In accordance with one or more aspects of the embodiments described herein, there are provided devices and apparatuses (e.g., authentication servers or components thereof) for secure online payments, as described above with reference to
In accordance with one or more aspects of the embodiments described herein, there is provided a methodology operable by a user device. With reference to
With reference to
In accordance with one or more aspects of the embodiments described herein, there are provided devices and apparatuses (e.g., user devices or components thereof) for secure online payments, as described above with reference to
It is understood that the specific order or hierarchy of steps in the processes disclosed is an example of exemplary approaches. Based upon design preferences, it is understood that the specific order or hierarchy of steps in the processes may be rearranged while remaining within the scope of the present disclosure. The accompanying method claims present elements of the various steps in a sample order, and are not meant to be limited to the specific order or hierarchy presented.
Those of skill in the art would understand that information and signals may be represented using any of a variety of different technologies and techniques. For example, data, instructions, commands, information, non-transitory signals, bits, symbols, and chips that may be referenced throughout the above description may be represented by voltages, currents, electromagnetic waves, magnetic fields or particles, optical fields or particles, or any combination thereof.
Those of skill would further appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components, blocks, modules, circuits, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present disclosure.
The various illustrative logical blocks, modules, and circuits described in connection with the embodiments disclosed herein may be implemented or performed with a general purpose processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a field programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described herein. A general purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration.
In one or more exemplary embodiments, the functions described may be implemented in hardware, software, firmware, or any combination thereof. If implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a computer. By way of example, and not limitation, such computer-readable media can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. Also, any connection is properly termed a computer-readable medium. For example, if the software is transmitted from a website, server, or other remote source using a coaxial cable, fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, radio, and microwave, then the coaxial cable, fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, radio, and microwave are included in the definition of medium. Disk and disc, as used herein, includes Compact Disc (CD), laser disc, optical disc, Digital Versatile Disc (DVD), floppy disk and blu-ray disc where disks usually reproduce data magnetically, while discs reproduce data optically with lasers. Combinations of the above should also be included within the scope of computer-readable media.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present disclosure. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
This application claims the benefit of U.S. Provisional Application No. 61/406,335, filed Oct. 25, 2010, which is hereby expressly incorporated in its entirety by reference herein.
Number | Date | Country | |
---|---|---|---|
61406335 | Oct 2010 | US |