The present invention relates to transactions for payments of goods/services and, more particularly, to a phone-based electronic wallet providing authentication of transactions across multiple channels of commerce.
Both credit cards and debit cards are commonly used in the retail environment for the purchase of goods and/or services. Such cards are popular with consumers, and merchants accept these cards as a necessary part of doing business, i.e., they provide an effective substitute to cash and checks.
These card-based transactions are typically performed across multiple channels of commerce. For example, card-based transactions may be performed in person at a retail outlet, via a computer connected to the internet, via a mobile phone and/or via a company-based call center (e.g., a 1-800 number for a catalog company). These various transactions are conducted in different ways and, accordingly, have different levels of fraud risk associated therewith. In addition, the mentioned transactions generally require that the consumer have his or her card in hand to either present to the cashier in a retail environment, or to enter the requested information via the internet and/or over the telephone. Those knowledgeable in the field with recognize that the risk of financial fraud is greater during remote transactions because there is less ability for the merchant to verify the identity and authenticity of the cardholder.
It will also be appreciated that in today's environment it is common for a consumer to carry his or her cell/mobile phone on their person at all times. In fact, on many occasions it is more likely that the consumer will be carrying his/her phone, than carrying his/her wallet. Companies have attempted to tap into this trend by offering/facilitating various phone-based applications directed to a whole range of services. The recent growth of so-called “smart phones” has greatly increased the interest of companies in this area. As a result, more and more transactions are likely to be performed from a remote location, e.g., ordering a product over the internet while standing in line. However, as the number of remote transactions increase, so does the risk of financial fraud.
There is therefore a need in the art for a method and system for authenticating electronic transactions across multiple channels of commerce. There is a further need in the art for a method and system which operates in conjunction with a phone (e.g., a smart phone) for authenticating financial transactions whether initiated in person, over the internet via a stand alone terminal, via the placement of a call to the call center of a company, and/or via a transaction initiated with the very same phone. Finally, there is a need in the art for a method and system which allows a bank or other financial institution to reduce fees to merchants conducting remote electronic transactions when utilizing enhanced authentication techniques, and to limit/reverse the shifting of fraud liability to the merchant for such remote transactions.
The present invention provides a mobile-phone centric electronic wallet providing the security of a virtual card terminal for online and off-line purchases. A wallet server (e.g., an application running in a cloud) and synchronized companion mobile and computer interface enables consumers to make purchases (which can include: retail, e-commerce, mobile, call center, etc) and use the mobile phone to authenticate against one of the authentication techniques tied to the chosen card (which can include: an offline PIN utilizing a secure memory chip, a MasterCard SecureCode PIN, and/or an online PIN such as an ATM PIN) where the necessary transaction and card specific authentication and processing method is directed by a central directory. The authentication process of the present invention allows participating banks to deem such transactions as more fully authenticated, which will allow them to lower the costs charged to merchants. The authentication process of the present invention will also limit/reverse the shifting of liability to the merchant since these more fully authenticated transactions will have less fraud associated therewith.
This system with its various authentication mechanisms will preferably utilize a central, hosted directory, which, when queried by the wallet application during a transaction, will instruct the wallet how the transaction needs to be authenticated and processed, depending on the card used and type of transaction. In all instances, the authentication result and authentication method will be communicated from the wallet to the merchant via specific transaction codes and/or transaction tokens that will further enable proper risk scoring, authorization processing, and enforcement of specific scheme rules and terms and conditions (e.g. pricing, rules, liability shift, etc.) by the merchant acquirer. The wallet facilitates authentication from multi-commerce channels and will leverage multi-band communication to facilitate transaction authentication.
For retail (Point-of-sale (POS)/Face-to-Face (F2F)) purchase transactions, the consumer may use the PayPass contactless capabilities which may be a feature of a chip located in the phone. For higher transaction value amounts where a PIN may be required, the wallet will prompt the user for the PIN on the phone. Successful authentication will be communicated from the wallet to the merchants or its Acquirer directly for approval processing.
For some remote (e-commerce, mobile or call center) purchase transactions, the consumer will employ his/her mobile phone and the wallet capabilities as a virtual POS terminal. In this case, when the consumer makes a purchase (e.g., through a computer or the mobile phone itself), the wallet will prompt the user for the PIN on the phone and enable a secure verification of the PIN value entered by the user, either in a pure offline mode, against the algorithm associated with the secure element on the phone, using for example the EMV protocol, or in an online mode, by encrypting the PIN and transmitting it. Successful authentication will be communicated from the wallet to the merchant's checkout system to be relayed to the Acquirer for approval processing.
For other remote (e-commerce, mobile or call center) purchase transactions, this invention builds on the pre-existing MasterCard SecureCode (MSC) system. It is contemplated herein that the SecureCode protocol can be extended to include a novel SecureCode wallet Application Programming Interface (API), to enable a MSC validation within the wallet interface through the wallet API, instead of through an internet browser session/window to communicate with the bank's authentication server. To facilitate this, the mobile phone will prompt the user for entry of the MSC password or PIN within the wallet-driven interface on the phone and communicate securely with the ACS (the bank's MSC authentication server). Successful authentication will be communicated from the wallet to the merchant's checkout system to be relayed to the Acquirer for approval. This last step preferably replaces the pre-existing MSC Merchant software, thus reducing the implementation requirements for the merchant. Finally, this interface will preferably allow setup and reset of a MSC password or PIN, again without the need to use a separate browser window or session with the bank's authentication server.
Thus, the system and method of the present invention provide an electronic wallet for authenticating transactions across multiple channels of commerce using the consumer's own mobile phone. The present invention provides better economics for merchants through lower fee structures, and limits/reduces the shifting of fraud liability to the merchant for remote transactions. The present invention is scalable in design to provide easy integration for merchants, and to avoid issuer by issuer sales and implementations. It is also easy to deploy directly to customers. Finally, the present invention will promote profitability by driving transaction volumes and revenues.
Referring now to
As further described in
Offline PIN 20 preferably utilizes an offline PIN verification process whereby the PIN entered by the consumer is verified by a secure element located on phone 10. In this process, the wallet plays the role of a “virtual terminal”, interacting with the secure element, and upon verification of the PIN, passes the CHIP token (ARQC) to the merchant for authorization. In this “virtual terminal”, the secure element serves the role as the “card”. Offline PIN 20 can, for example, be used in connection with a PayPass payment.
Secure Code PIN 22 is a PIN associated with a card enrolled in the MasterCard SecureCode system. It is contemplated herein that the SecureCode system could also utilize a password and/or code, rather than a PIN.
Online PIN 24 is used in an online PIN verification process whereby the wallet application 12 plays the role of a “virtual terminal”, interacting to encrypt the PIN for transmission to the merchant. The use of an online PIN verification process may provide greater flexibility in authenticating transactions by, for example, allowing an issuing bank to authenticate the transactions associated with its cardholders without the need for the issuing bank to enroll/register its cardholders and/or adopt new infrastructure.
Users may have different instances of wallet application 12 on different phones. A sync service can maintain the various instances synchronized with an online server (similar to how browser bookmarks can be stored offline in different instances of an internet browser and be synchronized between various machines.) Merchants can add a piece of code to their checkout button that invokes the wallet application. During checkout, users select card and shipping address (if needed). The authentication PIN is entered into the phone in response to a prompt from the mobile application. The wallet passes back the information to the merchant who submits this information through existing channels (internet gateway or payment processor), i.e., no changes are required to existing processes or integration.
In one preferred embodiment, the wallet application may be a browser HTML 5 application (not a native application) that self-installs in the mobile phone or computer browser on the first use.
In another preferred embodiment, the wallet application can securely store information on the phone (shipping address, card alias, secure token, etc.). This information can be used to authenticate to the remote server. This also enables offline transactions. The mobile application can preferably “talk” to the secure element on the phone. In this regard, the mobile application could play the role of a virtual POS terminal in initiating card present CHIP plus PIN transactions.
In accordance with the present invention, a consumer may use his phone or computer to shop at a web-based retailer. When the consumer is ready to check out, he will preferably have the option of clicking a checkout button associated with the present system. Clicking the button prompts the consumer to provide his username and password to log-in, and to confirm both the payment card to be used and the shipping address to which the item is to be sent. Thereafter, the system will prompt the consumer to enter the authenticating PIN, and the transaction is then completed. At that point, the consumer is preferably returned to the merchant's site.
The present invention provides several benefits to the consumer. More particularly, the present invention provides easy and convenient checkout through a form fill or pass through function, which is preferably part of the wallet application. The present invention offers secure payments via a PIN, or other biometric parameters such as a voice print or fingerprint. In this regard, the smart phone may be provided with a biometric reader and/or analyzer.
The present invention also provides benefits to the merchant including a potential liability shift from the merchant to the authorizing bank for all wallet-based transactions. More particularly, the use of an authentication process for remote transactions reduce the risk of fraud associated with such transactions, and may limit/reverse the shifting of fraud liability from the authorizing bank to the merchant. The use of the authentication process described herein may also provide more attractive economics to the merchant through access to lower fee structures, depending on the consumer authentication method. The present invention also provides limited integration impact in that it provides a simple wallet API to pass card details, shipping information and security tokens, and does not require any new contractual relationships (i.e., it leverages existing card acceptance). Finally, the present invention is backwards compatible, (i.e., it provides native support for SecureCode) thus resulting in better consumer experience/ergonomics.
The wallet application of the present invention provides a comprehensive solution to financial transactions conducted across multiple channels of commerce. The present wallet application provides a simple and winning proposition to consumers, and provides a form fill option in an innovative application. The present invention can use existing payment networks (e.g., Mastercard worldwide system) which are already accepted by merchants, thereby eliminating the need for heavy integration, while providing more security and better economics. The present invention does not require issuing banks to implement new requirements since the system can function with existing authorization techniques, e.g., SecureCode, CHIP and PIN and/or online PIN. The present invention also contemplates the long term convergence path of the three commerce platforms—retail, e-commerce and mobile—towards a mobile phone centric system. The present invention also provides the potential to deliver incremental top line revenue growth by 1) protection of transaction volumes and revenues; 2) by providing an innovative and proprietary approach with the option to price different services to issuers, merchants or partners (e.g., directory service, wallet service, etc.); and 3) by providing flexibility for later expansion (new funding source, secure elements, etc.).
It is also contemplated that the authentication processes described herein can be used in applications where the consumer owns a “dumb phone”. For example, in applications where the consumer is conducting an e-commerce transaction through his computer, or has initiated a call to a call center, and the consumer does not own a smart phone, the present system can utilize existing SMS messaging or other messaging technology to contact the “dumb phone” of the consumer and request the entry of a PIN. Upon receipt of the PIN from the “dumb phone”, the transaction can be authenticated and completed.
An existing 3D Secure process is shown in the flow chart of
One drawback to the process described above with respect to
The new embodiments of the present invention shown in
Turning first to
Turning now to
As described, in step 708 of
As mentioned hereinabove, the processes described in
In another embodiment, the wallet is used as a security supplement. In one application, this is accomplished by authenticating the wallet itself More particularly, the wallet application is loaded onto the phone, and a payment card is entered into the application. The user's identity is verified, and the wallet thereafter holds the payment data in a secure manner. When the user subsequently uses the wallet to make a purchase, the wallet can communicate to the merchant that the wallet itself has been authenticated, thus decreasing the likelihood of a fraudulent transaction. Referring to
During a future transaction, the wallet can communicate to the merchant that the card has previously been authenticated, thus reducing the likelihood of a fraudulent transaction. Turning now to
In another preferred embodiment, a wallet MPI is contemplated wherein the wallet becomes the new SecureCode MPI for merchants. Referring to
It will be appreciated that the present invention has been described herein with reference to certain preferred or exemplary embodiments. The preferred or exemplary embodiments described herein may be modified, changed, added to or deviated from without departing from the intent, spirit and scope of the present invention, and it is intended that all such additions, modifications, amendments and/or deviations be included in the scope of the present invention.
This application is a continuation of U.S. patent application Ser. No. 13/209,312, filed on Aug. 12, 2011, now pending, which claims the benefit of U.S. Provisional Application Ser. No. 61/486,847, filed Mar. 29, 2011 and U.S. Provisional Application Ser. No. 61/372,955, filed on Aug. 12, 2010, the disclosures of which are hereby incorporated by reference in their entirety.
Number | Name | Date | Kind |
---|---|---|---|
5696909 | Wallner | Dec 1997 | A |
7039611 | Devine | May 2006 | B2 |
7051002 | Keresman, III et al. | May 2006 | B2 |
7111789 | Rajasekaran et al. | Sep 2006 | B2 |
7653602 | Davis | Jan 2010 | B2 |
7693783 | Balasubramanian et al. | Apr 2010 | B2 |
7707113 | DiMartino et al. | Apr 2010 | B1 |
7707120 | Dominguez et al. | Apr 2010 | B2 |
7720783 | Staddon et al. | May 2010 | B2 |
7761380 | Katz | Jul 2010 | B2 |
7827115 | Weller et al. | Nov 2010 | B2 |
7870219 | McCormack et al. | Jan 2011 | B2 |
7885870 | Nam et al. | Feb 2011 | B2 |
7904360 | Evans | Mar 2011 | B2 |
8468545 | Townsend et al. | Jun 2013 | B2 |
8527417 | Telle | Sep 2013 | B2 |
9160741 | Wentker | Oct 2015 | B2 |
20020179704 | Deaton | Dec 2002 | A1 |
20020194138 | Dominguez et al. | Dec 2002 | A1 |
20030195963 | Song et al. | Oct 2003 | A1 |
20030200184 | Dominguez et al. | Oct 2003 | A1 |
20040210536 | Gudelj et al. | Oct 2004 | A1 |
20040243514 | Wankmueller | Dec 2004 | A1 |
20040243520 | Bishop et al. | Dec 2004 | A1 |
20050176424 | Kumar et al. | Aug 2005 | A1 |
20050222961 | Staib et al. | Oct 2005 | A1 |
20050246278 | Gerber et al. | Nov 2005 | A1 |
20050289052 | Wankmueller | Dec 2005 | A1 |
20060282382 | Balasubramanian et al. | Dec 2006 | A1 |
20070143227 | Kranzley et al. | Jun 2007 | A1 |
20070295803 | Levine et al. | Dec 2007 | A1 |
20080120214 | Steele | May 2008 | A1 |
20080154770 | Rutherford et al. | Jun 2008 | A1 |
20080189186 | Choi et al. | Aug 2008 | A1 |
20090037982 | Wentker et al. | Feb 2009 | A1 |
20090150262 | Mizhen | Jun 2009 | A1 |
20090216840 | Pajunen | Aug 2009 | A1 |
20090234751 | Chan | Sep 2009 | A1 |
20090240594 | Kerner et al. | Sep 2009 | A1 |
20090325542 | Wentker et al. | Dec 2009 | A1 |
20100057619 | Weller et al. | Mar 2010 | A1 |
20100057934 | Ratica | Mar 2010 | A1 |
20100063895 | Dominguez et al. | Mar 2010 | A1 |
20100082486 | Lee | Apr 2010 | A1 |
20100114740 | Dominguez et al. | May 2010 | A1 |
20100153272 | Wentker et al. | Jun 2010 | A1 |
20100169215 | Balasubramanian et al. | Jul 2010 | A1 |
20100243728 | Wiesman et al. | Sep 2010 | A1 |
20100268648 | Wiesman et al. | Oct 2010 | A1 |
20100312703 | Kulpati et al. | Dec 2010 | A1 |
20100332393 | Weller et al. | Dec 2010 | A1 |
20110029437 | Lee | Feb 2011 | A1 |
20110119155 | Hammad | May 2011 | A1 |
20120011065 | Winfield-Chislett | Jan 2012 | A1 |
Number | Date | Country |
---|---|---|
10-2005-0045157 | May 2005 | KR |
10-2009-0012897 | Feb 2009 | KR |
10-2010-0084068 | Jul 2010 | KR |
2008-005018 | Jan 2008 | WO |
Entry |
---|
International Search Report and Written Opinion from PCT Application No. PCT/US2011/047678, dated Feb. 28, 2012. |
Number | Date | Country | |
---|---|---|---|
20170243218 A1 | Aug 2017 | US |
Number | Date | Country | |
---|---|---|---|
61468847 | Mar 2011 | US | |
61372955 | Aug 2010 | US |
Number | Date | Country | |
---|---|---|---|
Parent | 13209312 | Aug 2011 | US |
Child | 15481077 | US |