Patent Application
20130346223
The present invention relates to processing point-of-sale (POS) transactions. In particular, the present invention relates to systems and methods for processing a POS transaction using a mobile card and a mobile phone.
Payment cards, such as credit card, debit cards, and gift card, are ubiquitous. For decades, such payment cards have included an account number that is printed or embossed on the payment card, along with a magnetic stripe in which the account number is stored. More recently, account numbers have also been stored in a radio frequency identification (RFID) integrated circuit (IC) embedded in the payment card. To finalize a purchase transaction with a payment card, the payment card is swiped through a magnetic stripe reader or tapped on a proximity reader that are both integrated into a POS device. The readers read the account number from the magnetic stripe or the RFID IC. The account number is then used to route a transaction authorization request that is initiated by the POS device.
Unfortunately, the ease and convenience of payment card transactions has resulted various types of related theft and fraud. For example, when a payment card is lost or stolen, it remains active until the card holder notifies the issuer that the payment card has been lost. Thus, until the card holder realizes that the payment card has been lost and notifies the payment card issuer, an unauthorized user may make purchases using the payment card.
One common security measure on payment cards to prevent fraudulent use is a signature panel. The signature panel is generally employed by merchants to compare the signature on the panel with the signature of the card holder. Unfortunately, signatures are relatively easy to forge and relatively difficult to compare. Further, self-serve POS devices, such as those commonly employed at gas station pumps and kiosks, are common targets for stolen payment cards, as there is no way to verify the card holder's identity.
Another common security measure on payment cards is a printed or embossed name of the authorized card holder. Merchants can use this name by comparing it to a government issued identification card that includes a photo of the holder, such as a government issued driver's license card for example, to thereby confirm that the user presenting the payment card is in fact the authorized user of the payment card. Regrettably, however, fraudulent photo identification cards are increasingly common. Further, the self-serve POS devices discussed above are not generally equipped to verify the identity of the user presenting the payment card.
It would be desirable to provide systems and methods that would allow for an authorized user of a payment card additional security when using the payment card in a POS transaction.
To alleviate problems inherent in the prior art, the present invention introduces systems and methods for processing a point-of-sale (POS) transaction using a mobile card and a mobile phone.
Some embodiments of the present invention are associated with a “user” who is an authorized user of a mobile card and a mobile phone. As used herein, the term “user” might refer to, for example, a person who is capable of presenting a mobile card as payment in a POS transaction and also capable of engaging with a mobile phone to authorize the transaction. As used herein, the term “mobile card” might refer to, for example, a payment card that is capable of storing card information that can be automatically retrieved using a POS device. The term “POS device” might refer to, for example, a POS terminal capable of automatically retrieving information from a payment card. Thus, a “POS device” may include a payment card reader that is configured as an attachment to a mobile phone that enables the mobile phone to automatically retrieve card information from a payment card. As used herein, the term “mobile wallet account” might refer to, for example, any account capable of being associated with a mobile card, such as a credit account, a deposit account, a prepaid payment card account, or a frequent flyer account. These and other terms will be used to describe features of some embodiments of the present invention by reference to the following detailed description of some example embodiments, the appended claims and the drawings provided herewith.
For purposes of illustrating features of some embodiments of the present invention, a simple illustrative example will now be introduced and referenced throughout the disclosure. In the illustrative example, a user (named “John Doe”) is physically present at a brick-and-mortar store of a merchant named Benjamin's Shoes and has selected a pair of men's shoes to purchase that cost $215.99. At the checkout counter of Shoe Store, John Doe presents the pair of men's shoes to the cashier along with a mobile card as payment for the men's shoes. John Doe is an authorized user of the mobile card. John Doe is also carrying a mobile phone of which John Doe is an authorized user and that is associated with the mobile card. Those skilled in the art will recognize that this example is illustrative and not limiting and is provided purely for explanatory purposes.
Turning now in detail to the drawings,
The system 100 also includes communication networks, represented by the lines between the device 104 and the system 106, between the systems 106-110, between the system 110 and the mobile phone 112, and between the system 110 and the mobile wallet account 114. The communication networks may include, for example, a Local Area Network (LAN), a Metropolitan Area Network (MAN), a Wide Area Network (WAN), a proprietary network, a Public Switched Telephone Network (PSTN), a Wireless Application Protocol (WAP) network, a Bluetooth network, a cellular communication network, an Internet Protocol (IP) network such as the Internet, or some combination thereof. Moreover, as used herein, network communications include those enabled by wired or wireless technology. Although a limited number of communication networks are shown in
When used in combination with the mobile phone 112 and the mobile wallet account 114, the mobile card 102 is configured to be accepted as payment in a POS transaction. The mobile card 102 may have the form factor of a traditional plastic payment card. For example,
The mobile card 102 may also include a magnetic stripe 208 and/or a radio frequency identification (RFID) integrated circuit (IC) 210 embedded in the mobile card. In at least some example embodiments, the magnetic stripe 208 and/or RFID IC 210 can store card information. For example, the card information may include the serial number 202 that is printed on the front side of the mobile card 102, a bank identification number (BIN) associated with the mobile network system 110, and potentially other routing information. For example, the BIN may be a six-digit BIN, the serial number may be a ten-digit serial number, and the routing information may include information concerning the card issuer and the mobile network associated with the mobile card 102, for example.
In the example embodiment disclosed in
Before being accepted as payment in a POS transaction, the mobile card 102 must be activated by being associated with a mobile phone and a mobile wallet account. For example,
The data record 300 disclosed in
The method 400 of
At 404, the POS device 104 retrieves the card information 302 from the mobile card 102. Referring to the illustrative example, processing at 404 occurs once John Doe presents the mobile card 102 as payment for a POS transaction. For example, John Doe has entered a brick and mortar store of a merchant named Benjamin's Shoes and has selected a pair of men's shoes that cost $215.99. John Doe has handed the pair of men's shoes to the cashier at Benjamin's Shoes and has also presented his mobile card 102 as payment for the shoes. The cashier then swipes the magnetic stripe 208 of the mobile card 102 through a magnetic stripe reader of a POS device 104. During the swipe, a magnetic stripe reader of a POS device 104 retrieves the card information 302, and any other available routing information, from the magnetic stripe 208, which includes both the six-digit BIN of “541500” and the ten-digit serial number of “9876543210.” Alternatively, a proximity reader of the POS device 104 may retrieve the card information of the mobile card 102 from RFID IC embedded in the mobile card 102.
At 406, the POS device 104 sends the card information and a transaction amount to the acquirer system 106. Referring to the illustrative example, processing at 406 occurs after swiping the mobile card 102 as the cashier enters the cost of the men's shoes, “$215.99,” as the transaction amount into the POS device 104, or this amount may be automatically entered into the POS device 104 by a related cash register device. The POS device 104 then automatically sends the card information, including the BIN of “541500,” the serial number of “9876543210,” and any available routing information, and the transaction amount of “$215.99” to the acquirer system 106. The acquirer system 106 may be associated with an acquirer with whom Benjamin's Shoes has contracted to provide payment card processing, for example.
At 408, the acquirer system 106 determines which card issuer issued the mobile card 102. Referring to the illustrative example, processing at 408 occurs as the acquirer system 106 examines the card information to determine that the mobile card 106 was issued by the card issuer MasterCard. This determination may be made, for example, by examining any available routing information corresponding to MasterCard that is included in the card information, or by examining a code corresponding to MasterCard that is embedded in the serial number of “9876543210.”
At 410, the acquirer system 106 sends the card information and the transaction amount to the card issuer system 108. Referring to the illustrative example, processing at 408 occurs as the acquirer system 106 sends the card information of the mobile card 102 and the transaction amount of “$215.99” to the card issuer system 108 associated with the card issuer MasterCard. In this case, the card issuer system 108 may be referred to as a MasterCard Directory Server.
At 412, the card issuer system 108 determines which mobile network is associated with the card information 302. Referring to the illustrative example, processing at 412 occurs as the card issuer system 108 examines the BIN of “541500” to determine that the mobile card 106 is associated with the mobile network AT&T. This information may be determined, for example, by a code corresponding to AT&T that is embedded in the BIN of “541500.”
At 414, the card issuer system 108 sends the card information of the mobile card 102 and the transaction amount to the mobile network system 110. Referring to the illustrative example, processing at 412 occurs as the card issuer system 108 sends the card information 302 and the transaction amount of “$215.99” to the mobile network system 110 associated with the mobile network AT&T. The mobile network system 110 may be operated by a service manager of the mobile network AT&T. In this instance, the service manager may properly be referred to as a MasterCard Interface Processor (MIP).
At 416, the mobile network system 110 determines which mobile phone number and which mobile wallet account number is associated with the card information 302. Referring to the illustrative example, processing at 416 occurs as the mobile network system 110 locates the data record 300 using the card information 302 received from the card issuer system 108. Once the data record 300 is located using the card information 302, the mobile network system 110 can determine that the mobile phone having a mobile phone number of “XXX-622-7747” and the mobile wallet account having an account number of “5412 34XX XXXX 8894” are associated with the mobile card information 302.
At 418, the mobile network system 110 determines whether the mobile wallet account associated with the mobile card 102 has sufficient funds to cover a transaction amount of the POS transaction. Referring to the illustrative example, processing at 418 occurs as the mobile network system 110 queries a processor of the MasterCard credit card account having an account number of “5412 34XX XXXX 8894” to determine whether the available funds of the account are greater than or equal to the transaction amount of “$215.99” that was received from the mobile network system 110. If there are insufficient funds available to cover the POS transaction, the transaction may be declined. If there are sufficient funds available, however, the method 400 will proceed to 420.
Although 416 and 418 have been described in connection with the verification of sufficient funds prior to allowing a transaction to be authorized, other embodiments may dispense with this sufficient funds verification for all transactions. Alternatively, some embodiments may dispense with this sufficient funds verification for transactions having transaction amounts below a particular threshold transaction amount, with only transactions amounts at or above the particular threshold amount requiring the sufficient funds verification. The particular threshold amount could be $200, for example. Alternatively, some embodiments may dispense with this sufficient funds verification for transactions on mobile cards in which a backup mobile wallet account is established to handle any transactions where the primary mobile wallet account 114 is subsequently found to have insufficient funds to cover a transaction.
At 420, the mobile network system 110 sends a transaction request to the mobile phone 112. Referring to the illustrative example, processing at 420 occurs as the mobile network system 110 sends a transaction request to the mobile phone 112 requesting that John Doe use his mobile phone 112 to authorize the transaction. For example,
At 422, the mobile network system 110 receives a transaction authorization from the mobile phone 112. Referring to the illustrative example, processing at 422 occurs as the mobile network system 110 receives a transaction authorization from the mobile phone 112 as a result of John Doe selecting the “YES” button 506 on his mobile phone 112 at 420.
Although 420 and 422 have been described in connection with a simple yes/no authorization request, other embodiments may include an additional layer of security, such as requiring that a user also enter a PIN number in order to authorize the transaction. The PIN number may be stored in the data record 300 at the time that the mobile card 102 is activated, for example. The PIN may help prevent authorization of a transaction where both the mobile card 102 and the mobile phone 112 have been lost or stolen together. The PIN number requirement may be conditioned on the transaction amount, with only amounts above a particular threshold amount requiring the correct entering of the PIN number. Alternatively, the PIN number may be required on all transaction authorizations. The particular threshold amount could be $500, for example, or might vary depending as a percentage of the amount of available funds, such as where the transaction amount is above 50% of available funds.
At 424, 426, and 428, the transaction authorization is sent back along the system 100. In particular, the transaction authorization is sent from the mobile network system 110 to the card issuer system 108 at 424, from the card issuer system 108 to the acquirer system 106 at 426, and from the acquirer system 106 to the POS device 104 at 428. Referring to the illustrative example, processing at 424, 426, and 428 occurs as the transaction authorization received from John Doe at the mobile phone 112 is sent back along the system 100 from the mobile network system 110, to the card issuer system 108, to the acquirer system 106, and finally to the POS device 104.
At 430, the transaction authorization is displayed at the POS device 104. Referring to the illustrative example, processing at 430 occurs as the transaction authorization is received at the POS device 104 and then a corresponding message is displayed on the POS device 104. Upon display of the transaction authorization message, the cashier at Benjamin's Shoes may finalize the transaction by printing a paper receipt of the transaction and give the paper receipt to John Doe, and then handing the men's shoes to John Doe and allowing John Doe to leave the store with his new shoes.
Finally, at 432, the mobile network system 110 may send a receipt of the transaction authorization to the mobile phone 112. Referring to the illustrative example, processing at 432 occurs as the transaction authorization is received at the mobile network system 110 from John Doe, or alternatively after receiving confirmation from the POS device 104 that the transaction was finalized, and a digital receipt is sent from the mobile network system 110 to the mobile phone 112 so that the user John Doe will have a digital receipt of his purchase at Benjamin's Shoes. An example digital receipt 508 is presented example displace of the mobile phone 112 of
It is noted that subsequent to the POS transaction disclosed in the method 400, a settlement will occur where the funds from the mobile wallet account 114 will actually be paid through traditional channels to the merchant who operates the POS device 104.
In this manner, embodiments allow a user to authorize a transaction using a mobile phone after having presented a mobile card as payment for the transaction. In the event that the mobile card is lost or stolen, an unauthorized user of the mobile card will be unable to authorize a transaction using the mobile card unless the unauthorized user also has access to the mobile phone associated with the mobile card. Further, since the account number of the mobile wallet account associated with the mobile card is not displayed on the mobile card, the mobile card can only be used in combination with the mobile phone. Finally, the embodiments disclosed herein allow a user to associate a variety of types of accounts with the mobile card.
Although embodiments have been described in connection with POS transactions, other embodiments may include use of the system 100 in connection with the secure deliver of a virtual primary account number (PAN), CVC 2 code, and expiration date associated with the mobile card 102 that enables a user to present traditional payment card information at a brick-and-mortar merchant or on an eCommerce website on the Internet, for example. Thus, by generating and securing delivering this virtual information to a user, the user can use the mobile phone 112 and the mobile wallet account 114 to process a transaction in a similar manner as when using the mobile card 102.
Finally, it is noted that timeouts on POS transactions may need to be increased above current levels in order to implement the embodiments disclosed herein. For example, in order to allow time for the user to authorize a POS transaction using a mobile phone as disclosed herein, current timeouts on these transactions of ten seconds may need to be increased to timeouts of twenty seconds or higher.
Although the present invention has been described in connection with specific exemplary embodiments, it should be understood that various changes, substitutions, and alterations apparent to those skilled in the art can be made to the disclosed embodiments without departing from the scope of the invention as set forth in the appended claims.
