System and method using authorization and direct credit messaging

Information

  • Patent Grant
  • 11017402
  • Patent Number
    11,017,402
  • Date Filed
    Monday, April 3, 2017
    7 years ago
  • Date Issued
    Tuesday, May 25, 2021
    3 years ago
  • Inventors
  • Original Assignees
  • Examiners
    • McAtee; Patrick
    • Martinez-Hernandez; Edgar R
    Agents
    • Kilpatrick Townsend & Stockton LLP
Abstract
A merchant computer generates a token including a “pay-me” merchant account identifier and transaction data for a transaction conducted by a consumer. The merchant token can be obtained by a mobile communication device and transmitted to a payment processing network along with a device identifier for the mobile communication device and an authentication token provided by the consumer. The payment processing network can authenticate the device using the authentication token, retrieve a consumer account number based on the device identifier, and complete the transaction by pushing money into the merchant “pay-me” account from the consumer account.
Description
BACKGROUND

In a typical electronic payment transaction, a consumer provides an account number to a merchant to conduct a financial transaction and the merchant requests a payment processing network to debit (i.e., “pull”) money from the consumer's account to the merchant's account. For example, in a transaction, a merchant can generate an authorization request message using the consumer account information and transaction information and can send it to an issuer for authorization. If the transaction is authorized by the issuer, money for the transaction may be transferred to the merchant account from the consumer's account at the issuer. However, in such transactions, the consumer's account information could be compromised (e.g., by unscrupulous merchants, merchant employees, identity thieves, etc.). Better ways to secure consumer account information would be desirable.


Embodiments of the invention address these and other problems, individually and collectively.


BRIEF SUMMARY

In embodiments of the invention, a merchant computer can generate a token including a “pay-me” merchant account identifier and transaction data for a transaction conducted by a consumer. The merchant token can be obtained by a mobile communication device and transmitted to a payment processing network along with a device identifier for the mobile communication device and an authentication token provided by the consumer. The payment processing network can authenticate the mobile communication device using the authentication token, retrieve a consumer account number based on the mobile communication device identifier, and complete the transaction by pushing money into the merchant “pay-me” account from the consumer account.


One embodiment of the invention is directed to a method comprising receiving, by a mobile communication device, a merchant token from an access device for a transaction. The merchant token comprises a merchant account identifier (e.g., for a merchant credit only account), and transaction data. The method further comprises receiving, by the mobile communication device, an authentication token from a consumer operating the mobile communication device, and generating, by the mobile communication device, a transaction request message comprising the merchant token and the authentication token. The method further includes sending, by the mobile communication device, the transaction request message to a server computer, and receiving a confirmation message that the transaction has been processed.


Another embodiment of the invention is directed to a mobile communication device that is configured to perform the above-described method.


Another embodiment of the invention is directed to a method. The method comprises receiving, by a server computer, a transaction request message comprising a merchant token comprising a merchant account identifier, transaction data comprising a transaction amount, and a mobile communication device identifier or a consumer account identifier. The method also includes generating, by the server computer, an authorization request message comprising the transaction amount and the consumer account identifier, and sending, by the server computer, the authorization request message comprising the consumer account identifier to an issuer computer operated by an issuer that issued the consumer account identifier. The method also includes receiving, by the server computer, an authorization response message from the issuer computer comprising the consumer account identifier, and replacing, by the server computer, the consumer account identifier with the merchant account identifier to create a modified authorization response message. The method also includes sending, by the server computer, the modified authorization response message to the merchant.


Another embodiment of the invention is directed to a server computer that is configured to perform the above-described method.


These and other embodiments are described in further detail below.





BRIEF DESCRIPTION OF THE DRAWINGS


FIG. 1 illustrates a transaction processing system in one embodiment of the present invention.



FIG. 2 illustrates some components of an access device in one embodiment of the invention.



FIG. 3 illustrates some components of a merchant computer in one embodiment of the invention.



FIG. 4A illustrates some components of a mobile communication device in one embodiment of the invention.



FIG. 4B illustrates components of a computer readable medium for a mobile communication device in one embodiment of the invention.



FIG. 5 illustrates some components of a server computer in one embodiment of the invention.



FIG. 6 illustrates exemplary screen shots of a mobile phone and an access device displaying a QR™ code including a merchant token in one embodiment of the invention.



FIG. 7A illustrates an exemplary screen shot of a mobile phone to register an authentication token in one embodiment of the invention.



FIG. 7B illustrates an exemplary screen shot of a mobile phone to submit a transaction request in one embodiment of the invention.



FIG. 8 illustrates a computer apparatus in one embodiment of the invention.





DETAILED DESCRIPTION

Embodiments of the invention are directed to methods and systems for processing transactions using a merchant generated “pay-me” token (i.e., account identifier) to complete a transaction through a “push” type of transaction.


Typical payment transactions include a consumer providing a merchant an account identifier and the merchant “pulling” money from the consumer's account. However, these transactions can be unsecure because the consumer gives their account identifier as well as authentication credentials to the entity they wish to pay. However, embodiments of the present invention may complete a transaction using a push transaction mechanism where a merchant can provide an account identifier to a consumer and the consumer can “push” money from their account to the merchant's account associated with the merchant account identifier.


For example, in one embodiment, a consumer may desire to purchase goods or services from a merchant and may approach a merchant point-of-sale terminal to pay for the goods or services. The merchant may scan the products into a merchant computer and may generate a pay-me token (e.g., a merchant token) that may be sent to an access device. The pay-me token may be in the form of a machine readable code, for example, a QR™ code, and may comprise a merchant account identifier as well as transaction data (e.g., transaction amount, product codes, etc.). The access device may display the QR™ code to the consumer. The consumer may scan the QR™ code from the access device with their phone or other portable device. The consumer may then authenticate the transaction by providing an authentication token to the phone (e.g., by stating a requested word or statement or via other means). The phone may then submit a transaction request including the merchant token, a device identifier (e.g., phone number), and the authentication token to a payment processing network for transaction processing. The payment processing network may then determine the consumer's account using the phone number, may authenticate the consumer using the authentication token, and may transfer money from the consumer's account to the merchant account associated with the merchant account identifier. Accordingly, a transaction may be processed without the consumer's account information being transferred to the merchant or otherwise sent over a communications network.


Accordingly, push payment transactions provide better security for consumers because the consumer's account information is not passed to a wide number of entities (some of which may have malicious or fraudulent intent) and the consumer's account information is only passed within a secure payment channel. Additionally, consumers are provided with additional transaction processing options including the use of a mobile communication device. Furthermore, the push payments are more secure and convenient for merchants because the merchants do not have to store sensitive consumer account information.


Prior to discussing embodiments of the invention, it may be helpful to describe some terms that are used in this application.


A “mobile communication device” may include any suitable wireless device. For example, the mobile communication device may be a smart phone with the capability to connect to a telecommunications network. A mobile communication device may include a device identifier. For example, the device identifier may be a phone number, a digital wallet identifier, a serial number, a SIM card number or any other identifier that can identify the mobile communication device. In some embodiments, the mobile communication device can have the capability to scan a machine readable code such as a QR™ code on a display. In some embodiments, the mobile communication device can have the capability to communicate with a POS terminal using a short range communication technology such as Near Field Communication (NFC).


A “consumer” may be an individual such as a person. The terms “consumer” and “user” may be used interchangeably in this specification.


A “consumer account number” may be an account number associated with a consumer. For example, a consumer account number may be a payment account number such as a primary account number, e.g., credit, debit, loyalty or prepaid account number. The consumer account number may be issued by an issuer such as a bank. In some embodiments, a consumer account number may be associated with a device identifier (e.g., a mobile phone number of a consumer).


A “merchant token” may include any suitable information associated with a merchant. In some embodiments, a merchant token may include a merchant account identifier, for example, a financial account number associated with a merchant. In some embodiments, a merchant token may also include an expiration date along with a merchant account number. In some embodiments, a merchant token may also include transaction data, for example, a transaction amount, a timestamp, a location of the transaction, product codes, etc. In some embodiments, a merchant token may also include a merchant identifier. In some embodiments, the merchant token may be represented in the form of a machine readable code such as a QR™ code, a bar code, etc.


A “merchant account identifier” may include an identifier for an account associated with a merchant. In some embodiments, a merchant account identifier may include an account number and an expiration date. For example, the account number may be associated with a credit or deposit only bank account of the merchant. In some embodiments, the merchant bank account may be associated with an acquirer/issuer. It may also be in the form of a traditional PAN (primary account number) so that it may be routed in an ISO message in a normal credit or debit card transaction. A traditional PAN typically has sixteen characters and the first six characters form the BIN or bank identification number. However, the BIN of the PAN of a merchant account identifier would be a merchant identification number rather than a bank identification number. The merchant account identifier may be static or dynamic. In some embodiments, the merchant account identifier is dynamic. The dynamic merchant account identifier may be used as both a transaction ID to identify the particular transaction being conducted (e.g., to match the authorization of the transaction to the transaction details) as well as a way to route the authorization response to the correct merchant.


An “access device” may include a device that may be configured to interact with a consumer mobile device. In some embodiments, the access device may be any suitable device for communicating with a merchant computer or a payment processing network, and for interacting with a user computer apparatus, and/or a user mobile communication device. In some embodiments, an access device may be configured to display a machine readable code such as a QR™ code generated by another device such as a merchant computer or a backend server. An access device may generally be located in any suitable location, such as at the location of a merchant.


An access device may be in any suitable form. Some non-limiting examples of access devices include point-of-sale (POS) devices, cellular phones, PDAs, personal computers (PCs), tablet PCs, hand-held specialized readers, set-top boxes, electronic cash registers (ECRs), automated teller machines (ATMs), virtual cash registers (VCRs), kiosks, security systems, access systems, websites, and the like. An access device may use any suitable contact or contactless mode of operation to send or receive data from, or associated with, a payment device and/or a user mobile device. In some embodiments, where an access device may comprise a POS terminal, any suitable POS terminal may be used and may include a reader, a processor, and a computer-readable medium. A reader may include any suitable contact or contactless mode of operation. For example, exemplary readers can include radio frequency (RF) antennas, optical scanners, bar code readers, or magnetic stripe readers to interact with a payment device and/or mobile device.


A “merchant account” may refer to an account associated with a merchant. In some embodiments, the merchant account may be a credit only account or deposit only account. For example, the merchant account may only allow deposits into the account but may not allow withdrawals from the account. In some embodiments, the merchant account may be associated with an acquirer, for example, the acquirer may manage the merchant account.


“Transaction data” may include data related to a transaction. For example, in some embodiments, the transaction data may include one or more of a transaction amount, a timestamp (e.g., date and time) of the transaction, a location of the transaction, number of items, item details, product code (e.g., SKU numbers), etc. In some embodiments, transaction data may be determined by a merchant computer after scanning the goods or products the consumer may desire to purchase.


An “authentication token” may include any suitable information that can authenticate a consumer. In some embodiments, the authentication token may be provided by the consumer to authenticate for a transaction using a mobile communication device, e.g., to validate if the consumer is the authorized user of the mobile communication device. In some embodiments, an authentication token may include a biometric identifier associated with the consumer such as voice, fingerprints, iris, face, signature, hand geometry, etc. In some embodiments, the consumer may register one or more authentication tokens with a server computer that may store these authentication tokens to authenticate the consumer for future transactions.


A “transaction request message” may include a message for a transaction request. In some embodiments, a transaction request message may be provided by a mobile communication device to a server computer to process a transaction request. In some embodiments, a transaction request message may include a merchant token, a mobile communication device identifier or consumer account number (which may be a real account number or a pseudo PAN, which is a PAN that is linked to the real account number but is not the real account number), and an authentication token. For example, a merchant token may include a merchant account identifier, a mobile communication device identifier may include a phone number and an authentication token may include a voice input of a consumer initiating the transaction request.


An “authorization request message” may be an electronic message that is sent to a payment processing network and/or an issuer of a payment card to request authorization for a transaction. An authorization request message according to some embodiments may comply with ISO 8583, which is a standard for systems that exchange electronic transaction information associated with a payment made by a consumer using a payment device or payment account. The authorization request message may include an issuer account identifier that may be associated with a payment device or payment account. An authorization request message may also comprise additional data elements corresponding to “identification information” including, by way of example only: a service code, a CVV (card verification value), a dCVV (dynamic card verification value), an expiration date, etc. An authorization request message may also comprise “transaction information,” such as any information associated with a current transaction, such as the transaction amount, merchant identifier, merchant location, etc., as well as any other information that may be utilized in determining whether to identify and/or authorize a transaction.


A “server computer” can be a powerful computer or a cluster of computers. For example, the server computer can be a large mainframe, a minicomputer cluster, or a group of servers functioning as a unit. In one example, the server computer may be a database server coupled to a Web server.


An “authorization response message” may be an electronic message reply to an authorization request message generated by an issuing financial institution or a payment processing network. The authorization response message may include, by way of example only, one or more of the following status indicators: Approval—transaction was approved; Decline—transaction was not approved; or Call Center—response pending more information, merchant must call the toll-free authorization phone number. The authorization response message may also include an authorization code, which may be a code that a credit card issuing bank returns in response to an authorization request message in an electronic message (either directly or through the payment processing network) to the merchant's access device (e.g. POS equipment) that indicates approval of the transaction. The code may serve as proof of authorization. As noted above, in some embodiments, a payment processing network may generate or forward the authorization response message to the merchant.



FIG. 1 shows a transaction processing system in one embodiment of the present invention.


A transaction processing system 100 may include a consumer 102, a mobile communication device 104, an access device 106, a merchant computer 108, an acquirer computer 110, a payment processing network computer 112, an issuer computer 114 and a telecommunications network 116.


The consumer 102 may operate the mobile communication device 104 to initiate a transaction at the access device 106. The access device 106 may be associated with or operated by the merchant computer 108. The mobile communication device 104 may be configured to communicate with the payment processing network computer 112 through the telecommunications network 116. The telecommunications network 116 may include any suitable network that is capable of transmitting information between two entities and may be capable of using any suitable communications protocol (e.g., cellular network, TCP/IP, etc.)


In some embodiments of the invention, the consumer 102 may register one or more authentication tokens in an authentication payment program associated with a payment processing network. For example, the consumer 102 may provide one or more biometric samples such as voice, fingerprints, iris, face, signature, hand geometry, etc. to the payment processing network computer 112 by operating the mobile communication device 104. For example, the mobile communication device 104 may be a smart phone with the capability to connect to the telecommunications network 116. The mobile communication device 104 can comprise one or more input interfaces (e.g., a microphone, camera, touch screen, etc.) to allow the consumer 102 to input information for enrolling the authentication tokens.


The mobile communication device 104 may be a mobile phone, a tablet, a notebook, a PDA, a laptop, a netbook, a key fob, etc. In some embodiments, a device identifier may be associated with the mobile communication device 104. For example, the device identifier may be a phone number, a digital wallet identifier, a serial number, a SIM card number or any other identifier that can identify the mobile communication device 104. The mobile communication device 104 may be capable of reading a machine readable code such as a QR™ code displayed by the access device 106. For example, the consumer 102 may scan a QR™ code associated with a transaction displayed on a display of the access device 106 using a camera or a scanning device on the mobile communication device 104. The QR™ code may include a merchant token, e.g., a pay-me token generated by the merchant computer 108. The mobile communication device 104 may also allow the consumer 102 to provide an authentication token for authentication. The mobile communication device 104 may also be capable of generating a transaction request message including the merchant token, the authentication token provided by the consumer 102 and the device identifier. FIG. 6 illustrates an exemplary QR™ code 602 captured by the mobile device 104 from the access device 106. The QR™ code 602 may include a merchant token 604.


Referring back to FIG. 1, the access device 106 may be an access point to a transaction processing system that comprises the payment processing network computer 112 and the issuer computer 114. In some embodiments, the access device 106 may be configured to display a token generated by the merchant computer 108 in a format that may be read by the mobile communication device 104 including machine readable codes such as a QR™ code, a bar code, or any other information transfer mechanism. For example, the merchant token may include a merchant account identifier (e.g., a bank account number) associated with a merchant account that may be used for a transaction and transaction data associated with the transaction. In some embodiments, the merchant account associated with the merchant account identifier may be a credit only or a deposit only account. For example, the merchant account may not allow withdrawals from the account and may only allow deposits into the account. As shown in FIG. 6, the access device 106 displays the QR™ code 602 that includes the merchant token 604 on a display 606.


Referring back to FIG. 1, the merchant computer 108 may be configured to generate a merchant token. In some embodiments, the merchant token may comprise a merchant account identifier and transaction data. For example, the merchant account identifier may correspond to a merchant bank account associated with the acquirer computer 110. In some embodiments, the acquirer computer 110 and the issuer computer 114 may be associated with the same financial entity, e.g., a bank. The merchant computer 108 may be configured to communicate with the acquirer computer 110 via any suitable communication network such as TCP/IP. The merchant computer 108 may provide the merchant token to the access device 106 that may be coupled to the merchant computer 108. In some embodiments, the merchant token may be in the form of a machine readable code such as a QR™ code or a bar code. In some embodiments, the merchant computer 108 and the access device 106 may be integrated as a POS device that can generate a merchant token and display the merchant token on a display screen of the POS device as a machine readable code. In some embodiments, a merchant token may be referred to as a “pay-me” token.


The merchant generated “pay-me” token may include both a static or dynamic merchant account identifier as well as dynamic transaction information. The static merchant or dynamic merchant account identifier may identify a merchant “pay-me” account at an issuer that may be used for credit transactions. For example, the merchant account identifier may be used to identify or be associated with a merchant credit account at an issuer that can only be used to transfer money to the account. Generally, credit only merchant accounts do not have security risks that may be associated with the debit accounts (which allow debit transactions) and may be published widely. Accordingly, the merchant account identifier provided by the merchant token is not secure information that must be protected from malicious third parties (as money can only be transferred to the account).


The acquirer computer 110 may be associated with an acquirer. The acquirer may issue and manage a financial account for the merchant, e.g. associated with a merchant account identifier. The acquirer computer 110 may be communicatively coupled to the merchant computer 108 and the payment processing network computer 112. In some embodiments, the acquirer computer 110 may receive an authorization response message from the payment processing network computer 112 for a transaction and may forward it to the merchant computer 108 to confirm processing of the transaction.


The payment processing network computer 112 may be associated with a payment processing network. A payment processing network may include data processing subsystems, networks, and operations used to support and deliver authorization services, exception file services, and clearing and settlement services. An exemplary payment processing network may include VisaNet™. Payment processing networks such as VisaNet™ are able to process credit card transactions, debit card transactions, and other types of commercial transactions. VisaNet™, in particular includes a Visa Integrated Payments (VIP) system which processes authorization requests and a Base II system which performs clearing and settlement services. Furthermore, the payment processing network may use any suitable wired or wireless telecommunications network, including the Internet.


In some embodiments, the payment processing network computer 112 may store authentication tokens for a plurality of consumers in an authentication token database (not shown), e.g. via a registration process. For example, one or more authentication tokens for each consumer may be stored in the authentication token database based on a device identifier and/or an account identifier (e.g., a primary account number (PAN)) associated with the consumer during an enrollment or registration process. In some embodiments, the payment processing network computer 112 may determine a consumer account from a consumer account database (not shown) based on the device identifier. In some embodiments, the payment processing network computer 112 may determine a merchant account to which the money may be pushed from the consumer account based on a merchant account identifier received in a transaction request message.


The issuer computer 114 may be associated with an issuer. An issuer can be any bank that can issue and maintain a financial account for a user, e.g., consumer 102. Some systems can perform both issuer and acquirer functions. When a transaction involves a payment account associated with the issuer computer 114, the issuer computer 114 may verify the account and respond with an authorization response message to the acquirer computer 110 via the payment processing network 112 that may forward it to the access device 106. The authorization response message may include an identifier to describe whether the transaction was approved or declined. The access device 106 may communicate to the consumer 102 about the outcome of the authorization based on the authorization response message.


An exemplary flow for completing a payment transaction, according to embodiments of the present invention is discussed with reference to FIG. 1. Before the transaction begins, the consumer 102 may select goods or services to purchase at a merchant location.


At step 1, the merchant may scan the goods or otherwise determine the subject of a transaction. After finalizing the products for the transaction, the merchant computer 108 may generate a pay-me token (or merchant token). In some embodiments, the machine readable code may include a merchant account identifier that has also been generated by the merchant, a transaction amount, and any other transaction details (e.g., a timestamp, number of items, line item details, product codes, etc.). The merchant account identifier may be static or dynamic in nature, and may also be in the form of a conventional credit or debit card PAN (primary account number). In some embodiments, if it is dynamic, then many dynamic merchant account identifiers could map directly to one deposit only real merchant account identifier for an account at the acquirer. A lookup table or an algorithm could be used to provide this mapping.


The merchant computer 108 may provide the merchant token to the access device 106 to interact with the consumer's mobile communication device 104. For example, the access device 106 may display the machine readable code that includes the merchant token. In some embodiments, the access device 106 may be capable of sending the merchant token through short-range communication technology (e.g., NFC elements, etc.), or the merchant token may be provided to the mobile communication device 104 through any other suitable method.


In other embodiments, the merchant computer 108 is not necessary and the access device 106 may generate the merchant token instead of the merchant computer 108.


Further, in some embodiments, if the merchant account identifier is generated on a per transaction or otherwise periodic basis, the merchant account identifier may also be transmitted to the acquirer computer 110 so that the acquirer is aware that this merchant account identifier has been created by the merchant. In this way, the acquirer will recognize any subsequently transmitted authorization response message coming from the payment processing network computer 112, even though a corresponding authorization request message comprising the merchant account identifier was never created or transmitted.


At step 2, the consumer 102 may read or receive the merchant token at their mobile communication device 104 from the access device 106. For example, the consumer 102 may scan the machine readable code, or other displayed object with their mobile communication device 104 to obtain the merchant token from the access device 106. Alternatively, the consumer 102 may wave their mobile communication device 104 close to the access device 106 to receive the merchant token via a short range communication technology such as NFC. Any other suitable form of communication between the mobile communication device 104 and the access device 106 may be used for transfer of the merchant token to the mobile communication device 104.


At step 3, the mobile communication device 104 may decode the machine readable code received from the access device 106 and display the transaction details to the consumer 102. The mobile communication device 104 may prompt the consumer 102 for authorization to submit the transaction for processing. For example, the mobile communication device 104 may prompt the consumer 102 to provide an authentication token. The consumer 102 may then provide authorization by providing an authentication token. The authentication token may be in the form of a biometric identifier such as voice, fingerprint, iris, facial expression, hand geometry, etc., a passcode, a password, a personal identification number (PIN), etc.


In some embodiments, the consumer 102 can authorize the transaction by stating a requested word or statement (e.g., a password, a PIN or a pre-determined word or statement) using their voice. In some embodiments, the mobile communication device 104 may prompt the consumer 102 to read a word, an alphanumeric string or a statement displayed by the mobile communication device 104. For example, the consumer 102 may speak into the mobile communication device 104, and the mobile communication device 104 can transmit a sample of the user's voice or a digital artifact of the user's voice to the payment processing network computer 112. The voice sample provided by the consumer 102 may be used for signing or approving the transaction. This may help ensure that the mobile communication device 104 was not stolen or that the account is not being used by a malicious third party. Voice authentication technology or speaker verification technology may be used to validate that the consumer 102 is the authorized user to initiate the transaction using the mobile communication device 104. Furthermore, the voice recording could be saved as a proof that the consumer 102 approved or initiated the transaction. Alternatively, or additionally, the consumer 102 may provide a password, a passcode or a PIN using a keypad or a touch screen interface of the mobile communication device 104.


At step 4, a transaction request message may be generated by the mobile communication device 104 and may be sent to the payment processing network computer 112 through the telecommunications network 116. The mobile communication device 104 may generate a transaction request message comprising the merchant token, a device identifier or consumer primary account number, and an authentication token. In some embodiments, the device identifier and/or the authentication token need not be present in the transaction request message. For example, the authentication token may be provided to the payment processing network computer 112 at a later time or or not at all. Once the transaction request message is generated, the mobile communication device 104 may then send the transaction request message to the payment processing network computer 112 for processing.


In other embodiments, the transaction request message can be sent to another server computer such as the acquirer computer or the issuer computer, and similar processing can be performed.


In some embodiments, before sending the transaction request message, the consumer 102 may further be prompted for confirmation that they would like to initiate a transaction. For example, the consumer 102 can press a submit button or otherwise interact with the mobile communication device 104 to indicate that the transaction details are correct and the transaction can be initiated.


The payment processing network computer 112 may receive the transaction request message from the mobile communication device 104 and may begin processing the transaction. In some embodiments, the payment processing network computer 112 may verify that the authentication token is associated with the device identifier. For example, based on the device identifier, the payment processing network computer 112 may retrieve one or more authentication samples stored in an authentication database for comparison. In some embodiments, authentication of the consumer 102 can be based on both a match score indicating how closely the captured voice sample matches to previously stored voice samples of the consumer 102 (called “a model of the user's voice”), and/or a pass or fail response indicating whether the voice sample is an accurate reproduction of the word string.


The consumer's voice sample can be authenticated in any suitable manner. In an embodiment, the systems and methods can use voice biometric techniques, specifically a variation of a conventional prompted text independent speaker verification system. Certain embodiments allow the use of a captured voice sample attempting to reproduce a word string having a random element to authenticate the consumer 102.


After determining that the consumer 102 is associated with the mobile communication device 104 that is enrolled in the system, the payment processing network computer 112 may determine an issuer and a consumer account associated with the device identifier if the device identifier is present in the transaction request message and the consumer account identifier is not in the transaction request message. The payment processing network computer 112 may determine a merchant pay-me account associated with the merchant account identifier and may start the process of transferring funds equal to the transaction amount to the merchant pay-me account from the consumer account.


At step 5, the payment processing network computer 112 may generate and send an authorization request message to the issuer computer 114 operated by the issuer of the consumer's account and may obtain authorization for the transaction. The authorization request message may contain the consumer's account identifier and the amount of the transaction.


At step 6, the issuer computer 114 may determine whether the transaction should be authorized and may generate an authorization response message that can comprise an indication of a transaction decision. The payment processing network computer 112 then can receive an authorization response message comprising the consumer account identifier from the issuer computer 114.


At step 7, the payment processing network computer 112 may substitute the merchant account identifier in the authorization response message to form a modified authorization response message. The modified authorization response message (or other confirmation message) may be sent to the merchant computer 108 and the access device 106, and optionally the mobile communication device 104 to inform the parties as to whether the transaction is approved or declined. The authorization response message may include the merchant identifier so that the authorization response message is routed to the proper merchant. Data in the authorization response message (e.g., a transaction ID, a timestamp, a dynamic merchant account identifier, etc.) may be used by the merchant to match the response to the transaction data for the transaction.


At the end of the day, the transaction can be cleared and settled between the acquirer computer 110 and the issuer computer 114 by the payment processing network 112. Funds may be transferred from the issuer computer to the merchant computer 108 during the settlement process. In a clearing process, clearing messages are sent between the acquirer computer 110, the payment processing network 12, and the issuer computer 114 to facilitate settlement. In some cases, AFT (account funding transaction) or OCT (original credit transaction) messages may be used to debit and credit the appropriate accounts.



FIG. 2 illustrates some components of an access device according to one embodiment of the invention.


The access device 106 may include a processor 200 coupled to a network interface 202, a memory 204, a reader 206, input elements 208, output devices 210 and a computer readable medium 212. The access device 106 may be an independent device, coupled to the merchant computer 108 or may be part of a POS terminal.


The computer readable medium 212 may comprise instructions or code, executable by the processor 200. The instructions may include instructions for displaying a machine readable code that includes a merchant token for a transaction. The computer readable medium 212 may be in the form of a memory that stores data and could be internal to the access device 106 or hosted remotely (i.e., cloud) and accessed wirelessly by the access device 106. The computer readable medium 212 may include a merchant computer interface module 214 and a machine readable code interface module 216.


The network interface 202 may be configured to enable the access device 106 to communicate with other entities (e.g., mobile communication device 104) using one or more communications networks.


The memory 204 may be internal to the access device 106 or hosted remotely (i.e., cloud) and accessed wirelessly by the access device 106. The memory 204 may be a combination of volatile and non-volatile memory. In some embodiments, the memory 204 may be used to store merchant tokens received from the merchant computer 108.


The reader 206 may include radio frequency (RF) antennas, magnetic stripe readers or any other suitable mechanism to interact with the mobile communications device 104. In some embodiments, the access device 106 may transfer a machine readable code using the RF antenna (e.g., based on short range communication technology) to a scanning device.


The input elements 208 may include a keypad, a touch screen, a microphone or any suitable element to provide information to the access device 106.


The output devices 210 may include a display screen, a speaker, a printer, etc. For example, the access device 106 can display a machine readable code on the display screen that the consumer 102 can scan using the mobile communication device 104. In some embodiments, a touch screen may be used as a display screen. The printer may be used to print a receipt for the transaction.


The merchant computer interface module 214 may be software that can cause the processor 200 in the access device 106 to exchange data with the merchant computer 108. For example, the merchant computer interface module 214 may include software that can allow the processor 200 in the access device 106 to receive a merchant token in the form of a machine readable code from the merchant computer 108. In some embodiments, the merchant computer interface module 214 may include software that causes the processor 200 in the access device 106 to receive a merchant token from the merchant computer 108 and to generate a machine readable code for access by the mobile communication device 104.


The machine readable code interface module 216 may include code that is executable by the processor 200 to cause the access device 106 to provide the machine readable code so that it can be accessed by the mobile communication device 104. In some embodiments, the machine readable code may be in the form of a QR™ code, a bar code or any suitable form to represent the merchant token that can be displayed on a display screen of the access device 106. For example, the machine readable code may be of any shape or size, may include any image, alpha-numeric characters, color, etc. In some embodiments, the machine readable code may be provided to the mobile communication device 104 by the access device 106 using radio waves (e.g., based on NFC).



FIG. 3 illustrates some components of a merchant computer in one embodiment of the invention.


The merchant computer 108 may include a processor 300 coupled to a network interface 304, a memory 304 and a computer readable medium 306. The computer readable medium 306 may comprise code executable by the processor 300 for implementing methods using embodiments of the invention. The computer readable medium 306 may be in the form of a memory that stores data and could be internal to the merchant computer 108 or hosted remotely. The computer readable medium 306 may include a transaction data module 308 and a merchant token generator module 310.


The network interface 302 may be configured to enable the merchant computer 108 communicate with other entities (e.g., acquirer computer 110) using one or more communications networks.


The memory 304 may be internal to the merchant computer 108 or hosted remotely (i.e., cloud) and accessed wirelessly by the merchant computer 108. In some embodiments, the memory 304 may be used to store merchant inventory, merchant account information, etc.


The transaction data module 308 may determine transaction data associated with a transaction. For example, when a consumer brings items to a POS terminal for check out, transaction data related to the items for purchase may be entered in to the merchant computer 108 (e.g., by scanning a barcode or a SKU on the item). The transaction data may include a transaction amount, line item details, a timestamp, total number of items purchased, product codes, etc. Transaction data may be stored in a database (not shown) accessible to the merchant computer 108.


The merchant token generator module 310 may generate a pay-me token using the transaction data and a merchant account identifier. The merchant account identifier may be associated with a bank account of the merchant. In some embodiments, the merchant account identifier may be stored in the memory 304 or may be provided by the merchant. For example, the merchant computer 108 may be coupled to the access device 106 and/or an electronic cash register that can include input elements (e.g., keypad or touch screen) that can allow the merchant to manually enter a merchant account number. The merchant account identifier may be of certain length (e.g., up to 17 digits long) and it may or may not be encrypted. The bank account of the merchant may be associated with an acquirer that operates the acquirer computer 110. In some embodiments, the bank account may be deposit or credit only account, e.g., money cannot be withdrawn but can only be deposited into the account. In some embodiments, the merchant generated data may also include a merchant identifier that can identify a merchant, a merchant category, and any other relevant merchant information that may be necessary for processing of the transaction.



FIG. 4A illustrates some components of the mobile communication device 104 in one embodiment of the invention.


The mobile communication device 104 may include a processor 400 or processing elements that may be configured to execute instructions or code in order to implement methods, processes or operations. The processor 400 may be communicatively coupled to a computer readable medium 402, a contactless element 420, a memory 418, a secure element 416, a speaker 414, a display 412, a camera unit 410, a microphone 408, an antenna 406, and a GPS unit 404.


The computer readable medium (CRM) 402 may comprise code executable by the processor 400 for implementing methods using embodiments of the invention. The CRM 402 may be in the form of a memory that stores data and could be internal to the mobile communication device 104 or hosted remotely (i.e., cloud) and accessed wirelessly by the mobile communication device 104. In some embodiments, the CRM 402 may include non-volatile, non-writable storage area (e.g., Flash ROM) where the firmware/operating system may reside. Non-volatile memory is memory that can retain the stored information even when not powered. Examples of non-volatile memory include read-only memory (see ROM), flash memory, most types of magnetic computer storage devices (e.g. hard disks, floppy discs and magnetic tape), optical discs, etc.


The contactless element 420 may typically be implemented in the form of a semiconductor chip (or other data storage element) with an associated wireless data transfer element such as an antenna. The contactless element 420 may be configured to exchange data and/or control instructions based on a short range communications capability, such as RFID, Bluetooth™, infra-red or any other suitable near fields communications (NFC) capability. In some embodiments of the invention, the mobile communication device 104 may receive a merchant token from the access device 106 via radio waves using the antenna 406 and the contactless element 420 when the consumer 102 starts the payment process using the mobile communication device 104.


The memory 418 may be internal to the mobile communication device 104 or hosted remotely (i.e., cloud) and accessed wirelessly by the mobile communication device 104. In some embodiments, the memory 418 may be configured as a volatile run-time memory and/or a cache. Volatile memory is memory that requires power to maintain the stored information (e.g., SRAM, DRAM, etc.). In some embodiments, the memory 418 may be used to store merchant tokens received from the access device 106 (e.g., in the form of a machine readable code).


The secure element 416 may be implemented as a separate secure smart card chip, in a SIM/UICC (Subscriber Identity Module/Universal Integrated Circuit Board), embedded in the mobile communication device 104, or in a removable card (e.g., Secure Digital card). The secure element 416 may be configured to securely store applications (e.g., a payment or wallet application), data (e.g., Personal Identification Information (e.g., consumer name, address, phone number, date-of-birth, etc.), Personal Account Information (account number, expiration date, CVV, dCVV, etc.), cryptographic keys, etc.) and provide for secure execution of applications. In some embodiments, the secure element 416 may also store a device identifier associated with the mobile communication device 104. For example, the device identifier may be a phone number (e.g., a 10 digit number including the area code), a serial number or a SIM card number. Although a secure element 416 is shown, in some embodiments, a secure element 416 is not needed and data that would otherwise be stored in the secure element may be stored in the cloud.


The display 412 may allow a user to view text, numbers, multimedia, and other information. In some embodiments, a graphical user interface may be provided on the display 412 for the consumer 102 to initiate a registration process to register one or more authentication tokens at a server computer or to initiate a transaction. In some embodiments, the display 412 may include a touch screen interface for the consumer 102 to interact with the mobile communication device 104 using the touch screen. In some embodiments, the consumer 102 may use a keypad (not shown) instead of as an alternative to the touch screen interface to enter data into the mobile communication device 104 (e.g., to provide a password or a PIN).


The camera unit 410 may be utilized by the consumer 102 to scan a machine readable code such as a QR® code. For example, the consumer 102 may scan a QR® code that can include a merchant token. The QR® code may be displayed on a display screen of the access device 106 where the consumer 102 may be performing a transaction. In some embodiments, instead of the camera unit 410, the machine readable code may be scanned by a scanning device coupled to the mobile communication device 104.


The GPS unit 404 may be utilized to determine a location of the mobile communication device 404. It will be understood that other methods of determining location such as network based positioning (e.g., using the antenna 406 coupled to the mobile communication device 104) or a hybrid positioning system may be used. Some other non-limiting examples to determine the location of the mobile communication device 104 may include handset based, SIM-based or WiFi based device tracking. In some embodiments, location of the mobile communication device 104 may be included in the transaction request message transmitted to the payment processing network computer 112. For example, a location of the mobile communication device 104 may be used to authenticate the transaction along with the authentication token.


The speaker 414 and microphone 408 may be configured to allow the consumer 102 hear and transmit voice respectively through the mobile communication device 104. For example, the consumer 102 can speak into the microphone 408 to record a voice sample that may be used to register the consumer's voice as an authentication token or to authenticate the consumer by comparing the voice sample with a previously stored authentication token stored in an authentication token database.



FIG. 4B illustrates components of the computer readable medium 402 in one embodiment of the invention.


The computer readable medium 402 may include a registration module 402A, a merchant token receiver module 402B, an authentication token module 402C and a transaction request generator module 402D.


The registration module 402A may include computer code that can cause the processor 400 to enable a consumer to register one or more authentication tokens with a server computer (e.g., in a payment processing network). For example, the consumer 102 may log in to a website and upload one or more authentication token samples to register. FIG. 7A shows an exemplary screen shot of the mobile communication device 104 that can be used for registering an authentication token.


As shown in FIG. 7A, a webpage 702 may display prompts for the consumer 102 to register an authentication token using the mobile communication device 104. For example, the consumer 102 can record a voice sample by speaking into the microphone 408 of the mobile communication device 104. Alternatively or additionally, the consumer 102 can provide a fingerprint sample using the touch screen interface of the display 412 of the mobile communication device 104 or an external fingerprint scanner device (not shown) coupled to the mobile communication device 104. Alternatively or additionally, the consumer 102 can take their picture using the camera unit 410 on the mobile communication device 104. Alternatively or additionally, the consumer 102 can provide a password or a PIN using a keypad or a touch screen of the mobile communication device 104. In some embodiments, the webpage 702 may be hosted by a server computer associated with the payment processing network computer 112 or another entity. The one or more authentication tokens provided by the consumer 102 may be stored in an authentication database (e.g., in a payment processing network). The consumer 102 can register one or more authentication tokens with the payment processing network prior to conducting a transaction.


Referring back to FIG. 4B, the merchant token receiver module 402B may comprise code that can cause the processor 400 in the mobile communication device 104 to receive a merchant token. For example, the merchant token may be obtained by decoding a machine readable code captured from the access device 106, e.g., by scanning a QR™ code displayed on the access device 106. In some embodiments, the merchant token may be obtained from the access device 106 using a short range communication medium (e.g. NFC). The merchant token may include a merchant account identifier and transaction data.


The authentication token module 402C may comprise code that may cause the processor 400 in the mobile communication device 104 to prompt the consumer 102 to provide an authentication token to authenticate for the transaction. For example, after the consumer 102 has captured the merchant consumable token from the access device 106, a web page may prompt the consumer 102 to provide an authentication token before the transaction can be initiated. FIG. 7B shows an exemplary screen shot of the mobile communication device 104 for initiating a transaction.


As shown in FIG. 7B, a webpage 704 may prompt the consumer 102 to provide an authentication token (706). In some embodiments, the consumer 102 may be prompted to provide an authentication token to authenticate themselves before they can submit the transaction (708). For example, as discussed previously, the authentication token may be in the form of a biometric sample such as voice, fingerprint, iris, facial expression, hand geometry, etc., a passcode, a password, a personal identification number (PIN), etc. After providing the authentication token, the consumer 102 may select the submit transaction button to initiate the transaction. In some embodiments, transaction details (not shown) may be presented to the consumer 102 for the consumer 102 to verify the transaction details before selecting the submit transaction button.


Referring back to FIG. 4B, after the consumer 102 provides the authentication token to initiate the transaction, a transaction request message may be generated by the transaction request generator module 402D. In some embodiments, the transaction request message may include a merchant token (e.g., obtained by the merchant token receiver module 402B), an authentication token (e.g., obtained by the authentication token module 402C) and a device identifier of the mobile communication device 104. The transaction request message may be transmitted by the mobile communication device 104 to the payment processing network computer 112 via the telecommunications network 116. The mobile communication device 104 may receive a confirmation message (e.g., an SMS message or e-mail message) that the payment has been processed or after the transaction has been authorized.



FIG. 5 illustrates some components of a server computer 500 in one embodiment of the invention. The server computer 500 may be associated with the payment processing network computer 112, the acquirer computer 110, the issuer computer 114 or any other suitable entity.


The server computer 500 may include a processor 502 coupled to a network interface 504, an authentication token database 506, a merchant account database 508, a consumer account database 510 and a computer readable medium 512. The computer readable medium 512 may comprise code executable by the processor 502 for implementing methods using embodiments of the invention. The computer readable medium 512 may be in the form of a memory that stores data and could be internal to server computer 500 or hosted remotely. The computer readable medium 512 may include a registration module 512A, a transaction request decoder module 512B, a merchant account identifier module 512C, a consumer account identifier module 512D, an authentication module 512E and an authorization and settlement module 512F.


The network interface 504 may be configured to enable the server computer 500 communicate with other entities (e.g., acquirer computer 110, issuer computer 114, mobile communication device 104) using one or more communications networks.


The authentication token database 506 may be configured to store authentication tokens for consumers. For example, for consumer 102, the authentication token database 506 may store one or more of voice, fingerprint, iris, facial expression, hand geometry, etc. sample, a passcode, a password, a personal identification number (PIN), etc. In some embodiments, the authentication tokens may be stored in the authentication token database 506 at the time of the user registration. In some embodiments, the authentication tokens in the authentication token database 506 may be linked to the respective device identifiers and/or consumer account identifiers.


The merchant account database 508 may be configured to store information associated with a plurality of merchant accounts such as merchant account numbers, expiration dates, account types (e.g., deposit only, regular checking or savings account, etc.), merchant identifiers, merchant names, merchant addresses, etc. Each merchant account in the merchant account database 508 may be associated with a respective merchant account identifier.


The consumer account database 510 may be configured to store information associated with a plurality of consumer accounts such as consumer account numbers, expiration dates, consumer names, consumer phone numbers, consumer addresses, etc. Each consumer account in the consumer account database 510 may be associated with a respective device identifier.


In some embodiments, the authentication token database 506 and the consumer account database 510 may be linked and may be accessed using a device identifier to retrieve a consumer account and stored authentication tokens based on the device identifier.


The registration module 512A may include code that can cause the processor 502 in the server computer 500 to register one or more consumers. In some embodiments, the registration module 512A may allow the consumer 102 to register one or more authentication tokens that may be used to authenticate a transaction conducted by the consumer 102. For example, as discussed with reference to FIG. 7A, the consumer 102 may be directed to the webpage 702 to register the authentication token. The registered authentication tokens may be stored in the authentication token database 506.


The transaction request decoder module 512B and an associated processor may be configured to receive the transaction request message transmitted by the mobile communication device 104 and to decode the transaction request message. The transaction request message may include a merchant token, a device identifier of the mobile communication device 104 and an authentication token. The merchant token may include a merchant account identifier and transaction data (e.g., a transaction amount and other transaction related information). For example, as discussed with reference to FIG. 7B, a transaction request message may be generated by the mobile communication device when the consumer 102 provides an authentication token and submits a transaction initiation request using the merchant token.


The merchant account identifier module 512C may be configured to identify a merchant account based on the merchant account identifier provided in the transaction request message. For example, the merchant account identifier module 512B may retrieve information associated with the merchant account from the merchant account database 508. In some embodiments, the merchant account may be a credit only merchant account from which money cannot be withdrawn.


The consumer account identifier module 512D may comprise code executable by the processor 502 in the server computer 500 so that the server computer 500 can identify a consumer account and an issuer based on the device identifier obtained from the transaction request message. For example, the consumer account identifier module 512D may determine information associated with the consumer account based on the device identifier obtained from the transaction request message.


The authentication module 512E may comprise code, executable by the processor 502, to cause the server computer 500 to authenticate the consumer 102 by comparing the authentication token provided by the consumer 102 with the authentication token stored in the authentication token database 506. In some embodiments, the authentication module 512E may retrieve one or more authentications tokens from the authentication token database 506 based on the device identifier obtained from the transaction request message to verify that the authentication token provided by the consumer 102 is associated with the device identifier. For example, in some embodiments, authentication of the consumer 102 can be based on both a match score indicating how closely the captured voice samples match to previously stored voice samples of the consumer 102 (called “a model of the user's voice”) in the authentication token database 506, and/or a pass or fail response indicating whether the voice sample is an accurate reproduction of the word string.


The consumer's voice sample can be authenticated in any suitable manner. In one embodiment, the systems and methods can use voice biometric techniques, specifically a variation of a conventional prompted text independent speaker verification system. Certain embodiments can allow the use of a captured voice sample attempting to reproduce a word string having a random element to authenticate the consumer 102.


The authorization and settlement module 512F may comprise code, executable by the processor 502, to facilitate authorization and settlement processes. It can cause the server computer 500 to transfer money from the consumer account identified using the device identifier to the merchant account identified using the merchant account identifier for the amount equal to the transaction amount included in the merchant token. In some embodiments, a confirmation message that the payment has been processed may be sent to the mobile communication device 104. Accordingly, a transaction may be processed without the consumer's account information being transferred to the merchant or otherwise sent over a communications network. The authorization and settlement module 512F may also include code that can cause the processor 502 in the server computer 500 to generate an authorization request message to get authorization from the issuer associated with the consumer account. The authorization request message may be transmitted to the issuer computer 114 using a suitable communication medium. The authorization and settlement module 512F may also comprise code that can cause the processor 502 to receive an authorization response message from the issuer computer 114 and to forward the authorization response message to the merchant computer 108 via the acquirer computer 110 and also to the mobile communication device 104 indicating whether the transaction was approved or declined. At the end of the day, the transaction may be cleared and settled between the acquirer computer 110 and the issuer computer 114 by the authorization and settlement module 512F.


As noted above, in embodiments of the invention, push payment transactions may provide better security for consumers because the consumer's account information is not passed to a wide number of entities (some of which may have malicious or fraudulent intent) and the consumer's account information is only passed within a secure payment channel. Additionally, consumers are provided with additional transaction processing options including the use of a mobile communication device. Furthermore, the push payments are more secure and convenient for merchants because the merchants do not have to store sensitive consumer account information.


It is noted that other embodiments are also possible. For example, embodiments of the invention could be operated by an issuer, acquirer, or any other entity within a transaction processing system.


Furthermore, although the example above focuses on a retail purchase transaction, embodiments of the invention may be implemented for e-commerce transactions as well. In such transactions, the user's computer may be used as the access device and a merchant could include a bar code or QR™ code on a website so that a user does not have to key in their account number, password, etc. The e-commerce embodiment further provides convenience for a consumer (i.e., user) as they do not have to input their financial information into a website checkout procedure.


The various participants and elements in FIG. 1 may operate one or more computer apparatuses (e.g., a server computer) to facilitate the functions described herein. Any of the elements in FIG. 1 may use any suitable number of subsystems to facilitate the functions described herein. Examples of such subsystems or components are shown in FIG. 8. The subsystems shown in FIG. 8 are interconnected via a system bus 10. Additional subsystems such as a printer 30, keyboard 18, fixed disk 20 (or other memory comprising computer readable media), monitor 12, which is coupled to display adapter 14, and others are shown. Peripherals and input/output (I/O) devices, which couple to I/O controller 24 (which can be a processor or other suitable controller), can be connected to the computer system by any number of means known in the art, such as serial port 16. For example, serial port 16 or external interface 22 can be used to connect the computer apparatus to a wide area network such as the Internet, a mouse input device, or a scanner. The interconnection via system bus allows the central processor 28 to communicate with each subsystem and to control the execution of instructions from system memory 26 or the fixed disk 20, as well as the exchange of information between subsystems. The system memory 26 and/or the fixed disk 20 may embody a computer readable medium.


Specific details regarding some of the above-described aspects are provided below. The specific details of the specific aspects may be combined in any suitable manner without departing from the spirit and scope of embodiments of the invention.


Storage media and computer readable media for containing code, or portions of code, may include any appropriate media known or used in the art, including storage media and communication media, such as but not limited to volatile and non-volatile, removable and non-removable media implemented in any method or technology for storage and/or transmission of information such as computer readable instructions, data structures, program modules, or other data, including RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disk (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, data signals, data transmissions, or any other medium which may be used to store or transmit the desired information and which may be accessed by the computer. Based on the disclosure and teachings provided herein, a person of ordinary skill in the art may appreciate other ways and/or methods to implement the various embodiments.


It should be understood that the present invention as described above may be implemented in the form of control logic using computer software in a modular or integrated manner. Based on the disclosure and teachings provided herein, a person of ordinary skill in the art may know and appreciate other ways and/or methods to implement the present invention using hardware and a combination of hardware and software


Any of the software components or functions described in this application, may be implemented as software code to be executed by a processor using any suitable computer language such as, for example, Java, C++ or Perl using, for example, conventional or object-oriented techniques. The software code may be stored as a series of instructions, or commands on a computer readable medium, such as a random access memory (RAM), a read only memory (ROM), a magnetic medium such as a hard-drive or a floppy disk, or an optical medium such as a CD-ROM. Any such computer readable medium may reside on or within a single computational apparatus, and may be present on or within different computational apparatuses within a system or network.


The above description is illustrative and is not restrictive. Many variations of the invention may become apparent to those skilled in the art upon review of the disclosure. The scope of the invention should, therefore, be determined not with reference to the above description, but instead should be determined with reference to the pending claims along with their full scope or equivalents.


One or more features from any embodiment may be combined with one or more features of any other embodiment without departing from the scope of the invention.


A recitation of “a”, “an” or “the” is intended to mean “one or more” unless specifically indicated to the contrary.

Claims
  • 1. A method comprising: receiving, by a server computer and from a mobile communication device, a transaction request message comprising a merchant account identifier, transaction data comprising a transaction amount, and a mobile communication device identifier associated with the mobile communication device, the merchant account identifier being dynamic and changing with each transaction, and the merchant account identifier being mapped to a real merchant account identifier maintained by an acquirer associated with an acquirer computer on behalf of a merchant;receiving, by the server computer and from the mobile communication device, an authentication token;authenticating, by the server computer, the mobile communication device based at least in part on comparing the authentication token to a stored authentication token, the stored authentication token maintained in an authentication token database in communication with the server computer, the stored authentication token determined based on the mobile communication device identifier;identifying, by the server computer, a consumer account identifier based at least in part on the mobile communication device identifier and authenticating the mobile communication device;sending, by the server computer, an authorization request message comprising the consumer account identifier to an issuer computer operated by an issuer that issued the consumer account identifier;receiving, by the server computer, an authorization response message from the issuer computer comprising the consumer account identifier;generating, by the server computer, a modified authorization response message by replacing the consumer account identifier with the merchant account identifier;after generating the modified authorization response message by the server computer: initiating an original credit transaction (OCT) message to credit an account associated with the merchant account identifier; androuting, by the server computer, the modified authorization response message to the mobile communication device.
  • 2. The method of claim 1 further comprising: generating, by the server computer, the authorization request message comprising the transaction amount and the consumer account identifier.
  • 3. The method of claim 1, wherein the transaction request message further comprises the authentication token.
  • 4. The method of claim 1, wherein the transaction request message is received from the mobile communication device after the mobile communication device interacts with a merchant associated with a merchant device identifier.
  • 5. The method of claim 1, wherein initiating an OCT message comprises generating the OCT message and transmitting the OCT message to an acquirer computer associated with the merchant associated with the merchant account identifier.
  • 6. The method of claim 1, wherein the authorization request message further comprises a CVV and an expiration date.
  • 7. The method of claim 1, wherein the server computer is in a payment processing network that is configured to process credit and debit card transactions.
  • 8. A server computer comprising: a processor; anda computer readable medium, the computer readable medium comprising code, executable by the processor, for implementing a method comprising:receiving, by the server computer and from a mobile communication device, a transaction request message comprising a merchant account identifier, transaction data comprising a transaction amount, and a mobile communication device identifier associated with the mobile communication device, the merchant account identifier being dynamic and changing with each transaction, and the merchant account identifier being mapped to a real merchant account identifier maintained by an acquirer associated with an acquirer computer on behalf of a merchant;receiving, by the server computer and from the mobile communication device, an authentication token;authenticating, by the server computer, the mobile communication device based at least in part on comparing the authentication token to a stored authentication token, the stored authentication token maintained in an authentication token database in communication with the server computer, the stored authentication token determined based at least in part on the mobile communication device identifier;identifying, by the server computer, a consumer account identifier based at least in part on the mobile communication device identifier and authenticating the mobile communication device;sending, by the server computer, an authorization request message comprising the consumer account identifier to an issuer computer operated by an issuer that issued the consumer account identifier,receiving, by the server computer, an authorization response message from the issuer computer comprising the consumer account identifier,generating, by the server computer, a modified authorization response message by replacing the consumer account identifier with the merchant account identifier; after generating the modified authorization response message by the server computer: initiating an original credit transaction (OCT) message to credit an account associated with the merchant account identifier; androuting, by the server computer, the modified authorization response message to the mobile communication device.
  • 9. The server computer of claim 8, wherein the method further comprises: generating, by the server computer, the authorization request message comprising the transaction amount and the consumer account identifier.
  • 10. The server computer of claim 8, wherein the transaction request message further comprises the authentication token.
  • 11. The server computer of claim 8, wherein the transaction request message is received from the mobile communication device after the mobile communication device interacts with a merchant associated with a merchant device identifier.
  • 12. The server computer of claim 8, wherein initiating an OCT message comprises generating the OCT message and transmitting the OCT message to an acquirer computer associated with the merchant associated with the merchant account identifier.
  • 13. The server computer of claim 8, wherein the authorization request message further comprises a CVV and an expiration date.
  • 14. The server computer of claim 8, wherein the server computer is in a payment processing network that is configured to process credit and debit card transactions.
CROSS-REFERENCES TO RELATED APPLICATIONS

This application is a divisional application of U.S. patent Ser. No. 14/305,930, filed on Jun. 16, 2014, which is a non-provisional application of and claims the benefit of priority of U.S. Provisional Application No. 61/835,793, filed on Jun. 17, 2013, which are herein incorporated by reference in its entirety for all purposes.

US Referenced Citations (580)
Number Name Date Kind
5613012 Hoffman Mar 1997 A
5781438 Lee Jul 1998 A
5883810 Franklin Mar 1999 A
5953710 Fleming Sep 1999 A
5956699 Wong Sep 1999 A
6000832 Franklin Dec 1999 A
6014635 Harris Jan 2000 A
6044360 Picciallo Mar 2000 A
6163771 Walker Dec 2000 A
6182894 Hackett et al. Feb 2001 B1
6192142 Pare, Jr. Feb 2001 B1
6227447 Campisano May 2001 B1
6236981 Hill May 2001 B1
6267292 Walker Jul 2001 B1
6327578 Linehan Dec 2001 B1
6341724 Campisano Jan 2002 B2
6385596 Wiser May 2002 B1
6422462 Cohen Jul 2002 B1
6425523 Shem Ur Jul 2002 B1
6592044 Wong Jul 2003 B1
6636833 Flitcroft Oct 2003 B1
6636883 Zebrowski, Jr. Oct 2003 B1
6748367 Lee Jun 2004 B1
6805287 Bishop Oct 2004 B2
6879965 Fung Apr 2005 B2
6891953 DeMello May 2005 B1
6901387 Wells May 2005 B2
6931382 Laage Aug 2005 B2
6938019 Uzo Aug 2005 B1
6941285 Sarcanin Sep 2005 B2
6980670 Hoffman Dec 2005 B1
6990470 Hogan Jan 2006 B2
6991157 Bishop Jan 2006 B2
7051929 Li May 2006 B2
7069249 Stolfo Jun 2006 B2
7103575 Linehan Sep 2006 B1
7103576 Mann, III Sep 2006 B2
7113930 Eccles Sep 2006 B2
7136835 Flitcroft Nov 2006 B1
7177835 Walker Feb 2007 B1
7177848 Hogan Feb 2007 B2
7194437 Britto Mar 2007 B1
7209561 Shankar et al. Apr 2007 B1
7264154 Harris Sep 2007 B2
7287692 Patel Oct 2007 B1
7292999 Hobson Nov 2007 B2
7350230 Forrest Mar 2008 B2
7353382 Labrou Apr 2008 B2
7379919 Hogan May 2008 B2
RE40444 Linehan Jul 2008 E
7415443 Hobson Aug 2008 B2
7444676 Asghari-Kamrani Oct 2008 B1
7469151 Khan Dec 2008 B2
7548889 Bhambri Jun 2009 B2
7567934 Flitcroft Jul 2009 B2
7567936 Peckover Jul 2009 B1
7571139 Giordano Aug 2009 B1
7571142 Flitcroft Aug 2009 B1
7580898 Brown Aug 2009 B2
7584153 Brown Sep 2009 B2
7593896 Flitcroft Sep 2009 B1
7603382 Halt, Jr. Oct 2009 B2
7606560 Labrou Oct 2009 B2
7627531 Breck Dec 2009 B2
7627895 Gifford Dec 2009 B2
7650314 Saunders Jan 2010 B1
7664701 Phillips et al. Feb 2010 B2
7685037 Reiners Mar 2010 B2
7702578 Fung Apr 2010 B2
7707120 Dominguez Apr 2010 B2
7712655 Wong May 2010 B2
7729984 Nappi Jun 2010 B1
7734527 Uzo Jun 2010 B2
7753265 Harris Jul 2010 B2
7757298 Shuster Jul 2010 B2
7770789 Oder, II Aug 2010 B2
7784684 Labrou et al. Aug 2010 B2
7784685 Hopkins, III Aug 2010 B1
7793851 Mullen Sep 2010 B2
7801826 Labrou Sep 2010 B2
7805376 Smith Sep 2010 B2
7805378 Berardi Sep 2010 B2
7818264 Hammad Oct 2010 B2
7828220 Mullen Nov 2010 B2
7835960 Breck Nov 2010 B2
7841523 Oder, II Nov 2010 B2
7841539 Hewton Nov 2010 B2
7844550 Walker Nov 2010 B2
7848980 Carlson Dec 2010 B2
7849020 Johnson Dec 2010 B2
7853529 Walker Dec 2010 B1
7853995 Chow Dec 2010 B2
7865414 Fung Jan 2011 B2
7873579 Hobson Jan 2011 B2
7873580 Hobson Jan 2011 B2
7890393 Talbert Feb 2011 B2
7891563 Oder, II Feb 2011 B2
7896238 Fein Mar 2011 B2
7908216 Davis et al. Mar 2011 B1
7908645 Varghese Mar 2011 B2
7922082 Muscato Apr 2011 B2
7931195 Mullen Apr 2011 B2
7937324 Patterson May 2011 B2
7938318 Fein May 2011 B2
7954705 Mullen Jun 2011 B2
7959076 Hopkins, III Jun 2011 B1
7996288 Stolfo Aug 2011 B1
8025223 Saunders Sep 2011 B2
8046256 Chien Oct 2011 B2
8060448 Jones Nov 2011 B2
8060449 Zhu Nov 2011 B1
8074877 Mullen Dec 2011 B2
8074879 Harris Dec 2011 B2
8082210 Hansen Dec 2011 B2
8083137 Tannenbaum Dec 2011 B2
8095113 Kean Jan 2012 B2
8104679 Brown Jan 2012 B2
RE43157 Bishop Feb 2012 E
8109436 Hopkins, III Feb 2012 B1
8121942 Carlson Feb 2012 B2
8121956 Carlson Feb 2012 B2
8126449 Beenau Feb 2012 B2
8131745 Hoffman Mar 2012 B1
8171525 Pelly May 2012 B1
8175973 Davis et al. May 2012 B2
8190523 Patterson May 2012 B2
8196813 Vadhri Jun 2012 B2
8205791 Randazza Jun 2012 B2
8219489 Patterson Jul 2012 B2
8219490 Hammad et al. Jul 2012 B2
8224702 Mengerink Jul 2012 B2
8225385 Chow Jul 2012 B2
8229852 Carlson Jul 2012 B2
8249957 Mullen Aug 2012 B2
8265993 Chien Sep 2012 B2
8275995 Jobmann Sep 2012 B2
8280777 Mengerink Oct 2012 B2
8281991 Wentker et al. Oct 2012 B2
8306846 Tavares Nov 2012 B2
8328095 Oder, II Dec 2012 B2
8332323 Stals et al. Dec 2012 B2
8336088 Raj et al. Dec 2012 B2
8346666 Lindelsee et al. Jan 2013 B2
8346672 Weiner Jan 2013 B1
8376225 Hopkins, III Feb 2013 B1
8380177 Laracey Feb 2013 B2
8387873 Saunders Mar 2013 B2
8401539 Beenau Mar 2013 B2
8401898 Chien Mar 2013 B2
8402555 Grecia Mar 2013 B2
8403211 Brooks Mar 2013 B2
8412623 Moon Apr 2013 B2
8412837 Emigh Apr 2013 B1
8417642 Oren Apr 2013 B2
8447699 Batada May 2013 B2
8452666 Patel May 2013 B2
8453223 Svigals May 2013 B2
8453925 Fisher Jun 2013 B2
8458487 Palgon Jun 2013 B1
8473415 Siegel Jun 2013 B2
8484134 Hobson Jul 2013 B2
8485437 Mullen Jul 2013 B2
8494959 Hathaway Jul 2013 B2
8498908 Mengerink Jul 2013 B2
8504475 Brand et al. Aug 2013 B2
8504478 Saunders Aug 2013 B2
8510816 Quach Aug 2013 B2
8433116 Davis et al. Sep 2013 B2
8533860 Grecia Sep 2013 B1
8538845 Liberty Sep 2013 B2
8555079 Shablygin Oct 2013 B2
8566168 Bierbaum Oct 2013 B1
8567670 Stanfield Oct 2013 B2
8571939 Lindsey Oct 2013 B2
8577336 Mechaley, Jr. Nov 2013 B2
8577803 Chatterjee Nov 2013 B2
8577813 Weiss Nov 2013 B2
8578176 Mattsson Nov 2013 B2
8583494 Fisher Nov 2013 B2
8584251 Mcguire Nov 2013 B2
8589237 Fisher Nov 2013 B2
8589271 Evans Nov 2013 B2
8589291 Carlson Nov 2013 B2
8595098 Starai Nov 2013 B2
8595812 Bomar Nov 2013 B2
8595850 Spies Nov 2013 B2
8606638 Dragt Dec 2013 B2
8606700 Carlson Dec 2013 B2
8606720 Baker Dec 2013 B1
8615468 Varadarajan Dec 2013 B2
8620754 Fisher Dec 2013 B2
8635157 Smith Jan 2014 B2
8646059 Von Behren Feb 2014 B1
8651374 Brabson Feb 2014 B2
8656180 Shablygin Feb 2014 B2
8682802 Kannanari Mar 2014 B1
8751391 Freund Jun 2014 B2
8751793 Ginter Jun 2014 B2
8762263 Gauthier et al. Jun 2014 B2
8793186 Patterson Jul 2014 B2
8838982 Carlson et al. Sep 2014 B2
8856539 Weiss Oct 2014 B2
8887308 Grecia Nov 2014 B2
9065643 Hurry et al. Jun 2015 B2
9070129 Sheets et al. Jun 2015 B2
9100826 Weiss Aug 2015 B2
9160741 Wentker et al. Oct 2015 B2
9229964 Stevelinck Jan 2016 B2
9245267 Singh Jan 2016 B2
9249241 Dai et al. Feb 2016 B2
9256871 Anderson et al. Feb 2016 B2
9280765 Hammad Mar 2016 B2
9342832 Basu May 2016 B2
9530137 Weiss Dec 2016 B2
9721283 Tanaka Aug 2017 B2
20010029485 Brody Oct 2001 A1
20010034720 Armes Oct 2001 A1
20010054003 Chien Dec 2001 A1
20020007320 Hogan Jan 2002 A1
20020016749 Borecki Feb 2002 A1
20020029193 Ranjan Mar 2002 A1
20020035548 Hogan Mar 2002 A1
20020073045 Rubin Jun 2002 A1
20020077978 O'Leary Jun 2002 A1
20020116341 Hogan Aug 2002 A1
20020133467 Hobson Sep 2002 A1
20020147913 Lun Yip Oct 2002 A1
20030028481 Flitcroft Feb 2003 A1
20030130955 Hawthorne Jul 2003 A1
20030191709 Elston Oct 2003 A1
20030191945 Keech Oct 2003 A1
20040010462 Moon Jan 2004 A1
20040050928 Bishop Mar 2004 A1
20040059682 Hasumi Mar 2004 A1
20040093281 Silverstein May 2004 A1
20040139008 Mascavage Jul 2004 A1
20040143532 Lee Jul 2004 A1
20040158532 Breck Aug 2004 A1
20040210449 Breck Oct 2004 A1
20040210498 Freund Oct 2004 A1
20040232225 Bishop Nov 2004 A1
20040260646 Berardi Dec 2004 A1
20050027543 Labrou Feb 2005 A1
20050037735 Coutts Feb 2005 A1
20050080730 Sorrentino Apr 2005 A1
20050108178 York May 2005 A1
20050199709 Linlor Sep 2005 A1
20050246293 Ong Nov 2005 A1
20050269401 Spitzer Dec 2005 A1
20050269402 Spitzer Dec 2005 A1
20060080243 Kemper Apr 2006 A1
20060235795 Johnson Oct 2006 A1
20060237528 Bishop Oct 2006 A1
20060278704 Saunders Dec 2006 A1
20070107044 Yuen May 2007 A1
20070129955 Dalmia Jun 2007 A1
20070136193 Starr Jun 2007 A1
20070136211 Brown Jun 2007 A1
20070170247 Friedman Jul 2007 A1
20070179885 Bird Aug 2007 A1
20070208671 Brown Sep 2007 A1
20070245414 Chan Oct 2007 A1
20070255662 Tumminaro Nov 2007 A1
20070288377 Shaked Dec 2007 A1
20070291995 Rivera Dec 2007 A1
20080005037 Hammad Jan 2008 A1
20080015988 Brown Jan 2008 A1
20080029607 Mullen Feb 2008 A1
20080035738 Mullen Feb 2008 A1
20080052226 Agarwal Feb 2008 A1
20080054068 Mullen Mar 2008 A1
20080054079 Mullen Mar 2008 A1
20080054081 Mullen Mar 2008 A1
20080065554 Hogan Mar 2008 A1
20080065555 Mullen Mar 2008 A1
20080126251 Wassingbo May 2008 A1
20080201264 Brown Aug 2008 A1
20080201265 Hewton Aug 2008 A1
20080228646 Myers Sep 2008 A1
20080243702 Hart Oct 2008 A1
20080245855 Fein Oct 2008 A1
20080245861 Fein Oct 2008 A1
20080283591 Oder, II Nov 2008 A1
20080302869 Mullen Dec 2008 A1
20080302876 Mullen Dec 2008 A1
20080313264 Pestoni Dec 2008 A1
20090006262 Brown Jan 2009 A1
20090010488 Matsuoka Jan 2009 A1
20090037333 Flitcroft Feb 2009 A1
20090037388 Cooper Feb 2009 A1
20090043702 Bennett Feb 2009 A1
20090048971 Hathaway Feb 2009 A1
20090106112 Dalmia Apr 2009 A1
20090106160 Skowronek Apr 2009 A1
20090134217 Flitcroft May 2009 A1
20090157555 Biffle Jun 2009 A1
20090159673 Mullen Jun 2009 A1
20090159700 Mullen Jun 2009 A1
20090159707 Mullen Jun 2009 A1
20090164354 Ledbetter Jun 2009 A1
20090173782 Muscato Jul 2009 A1
20090200371 Kean Aug 2009 A1
20090234760 Walter Sep 2009 A1
20090248583 Chhabra Oct 2009 A1
20090276347 Kargman Nov 2009 A1
20090281948 Carlson Nov 2009 A1
20090294527 Brabson Dec 2009 A1
20090307139 Mardikar Dec 2009 A1
20090308921 Mullen Dec 2009 A1
20090327131 Beenau Dec 2009 A1
20100008535 Abulafia Jan 2010 A1
20100088237 Wankmueller Apr 2010 A1
20100094755 Kloster Apr 2010 A1
20100106644 Annan Apr 2010 A1
20100120408 Beenau May 2010 A1
20100133334 Vadhri Jun 2010 A1
20100138347 Chen Jun 2010 A1
20100145860 Pelegero Jun 2010 A1
20100161433 White Jun 2010 A1
20100174556 Wilkins Jul 2010 A1
20100185545 Royyuru Jul 2010 A1
20100211505 Saunders Aug 2010 A1
20100223186 Hogan Sep 2010 A1
20100228668 Hogan Sep 2010 A1
20100235284 Moore Sep 2010 A1
20100258620 Torreyson Oct 2010 A1
20100291904 Musfeldt Nov 2010 A1
20100299267 Faith et al. Nov 2010 A1
20100306076 Taveau Dec 2010 A1
20100325041 Berardi Dec 2010 A1
20110010292 Giordano Jan 2011 A1
20110016047 Wu Jan 2011 A1
20110016320 Bergsten Jan 2011 A1
20110040640 Erikson Feb 2011 A1
20110047076 Carlson et al. Feb 2011 A1
20110083018 Kesanupalli Apr 2011 A1
20110087596 Dorsey Apr 2011 A1
20110093397 Carlson Apr 2011 A1
20110125597 Oder, II May 2011 A1
20110153437 Archer Jun 2011 A1
20110153498 Makhotin et al. Jun 2011 A1
20110154466 Harper Jun 2011 A1
20110161233 Tieken Jun 2011 A1
20110166992 Dessert Jul 2011 A1
20110178925 Lindelsee Jul 2011 A1
20110178926 Lindelsee et al. Jul 2011 A1
20110191244 Dai Aug 2011 A1
20110213711 Skinner Sep 2011 A1
20110238511 Park Sep 2011 A1
20110238573 Varadarajan Sep 2011 A1
20110246317 Coppinger Oct 2011 A1
20110251892 Laracey Oct 2011 A1
20110258111 Raj et al. Oct 2011 A1
20110270751 Csinger Nov 2011 A1
20110272471 Mullen Nov 2011 A1
20110272478 Mullen Nov 2011 A1
20110276380 Mullen Nov 2011 A1
20110276381 Mullen Nov 2011 A1
20110276424 Mullen Nov 2011 A1
20110276425 Mullen Nov 2011 A1
20110288874 Hinkamp Nov 2011 A1
20110295745 White Dec 2011 A1
20110302081 Saunders Dec 2011 A1
20120023567 Hammad Jan 2012 A1
20120028609 Hruska Feb 2012 A1
20120030047 Fuentes et al. Feb 2012 A1
20120035998 Chien Feb 2012 A1
20120041881 Basu Feb 2012 A1
20120047237 Arvidsson Feb 2012 A1
20120066078 Kingston Mar 2012 A1
20120072350 Goldthwaite Mar 2012 A1
20120078735 Bauer Mar 2012 A1
20120078798 Downing Mar 2012 A1
20120078799 Jackson Mar 2012 A1
20120095852 Bauer Apr 2012 A1
20120095865 Doherty Apr 2012 A1
20120101833 Pitroda Apr 2012 A1
20120116902 Cardina May 2012 A1
20120123882 Carlson May 2012 A1
20120123940 Killian May 2012 A1
20120129514 Beenau May 2012 A1
20120143767 Abadir Jun 2012 A1
20120143772 Abadir Jun 2012 A1
20120158580 Eram Jun 2012 A1
20120158593 Garfinkle Jun 2012 A1
20120173431 Ritchie Jul 2012 A1
20120185386 Salama Jul 2012 A1
20120197807 Schlesser Aug 2012 A1
20120203664 Torossian Aug 2012 A1
20120203666 Torossian Aug 2012 A1
20120215688 Musser Aug 2012 A1
20120215696 Salonen Aug 2012 A1
20120221421 Hammad Aug 2012 A1
20120221468 Kumnick Aug 2012 A1
20120226580 Raghavan Sep 2012 A1
20120226582 Hammad Sep 2012 A1
20120231844 Coppinger Sep 2012 A1
20120233004 Bercaw Sep 2012 A1
20120246070 Vadhri Sep 2012 A1
20120246071 Jain Sep 2012 A1
20120246079 Wilson et al. Sep 2012 A1
20120265631 Cronic Oct 2012 A1
20120271770 Harris Oct 2012 A1
20120297446 Webb Nov 2012 A1
20120300932 Cambridge Nov 2012 A1
20120303503 Cambridge Nov 2012 A1
20120303961 Kean Nov 2012 A1
20120304273 Bailey Nov 2012 A1
20120310725 Chien Dec 2012 A1
20120310831 Harris Dec 2012 A1
20120316992 Oborne Dec 2012 A1
20120317035 Royyuru Dec 2012 A1
20120317036 Bower Dec 2012 A1
20130017784 Fisher Jan 2013 A1
20130018757 Anderson et al. Jan 2013 A1
20130019098 Gupta Jan 2013 A1
20130024377 Stong Jan 2013 A1
20130031006 Mccullagh et al. Jan 2013 A1
20130054337 Brendell Feb 2013 A1
20130054466 Muscato Feb 2013 A1
20130054474 Yeager Feb 2013 A1
20130073365 McCarthy Mar 2013 A1
20130081122 Svigals Mar 2013 A1
20130091028 Oder, II Apr 2013 A1
20130110658 Lyman May 2013 A1
20130111599 Gargiulo May 2013 A1
20130117185 Collison May 2013 A1
20130124290 Fisher May 2013 A1
20130124291 Fisher May 2013 A1
20130124364 Mittal May 2013 A1
20130124422 Hubert May 2013 A1
20130138525 Bercaw May 2013 A1
20130144888 Faith Jun 2013 A1
20130145148 Shablygin Jun 2013 A1
20130145172 Shablygin Jun 2013 A1
20130159178 Colon Jun 2013 A1
20130159184 Thaw Jun 2013 A1
20130166402 Parento Jun 2013 A1
20130166456 Zhang Jun 2013 A1
20130173736 Krzeminski Jul 2013 A1
20130185202 Goldthwaite Jul 2013 A1
20130191286 Cronic Jul 2013 A1
20130191289 Cronic Jul 2013 A1
20130198071 Jurss Aug 2013 A1
20130198080 Anderson et al. Aug 2013 A1
20130200146 Moghadam Aug 2013 A1
20130204787 Dubois Aug 2013 A1
20130204793 Kerridge Aug 2013 A1
20130212007 Mattsson Aug 2013 A1
20130212017 Bangia Aug 2013 A1
20130212019 Mattsson Aug 2013 A1
20130212024 Mattsson Aug 2013 A1
20130212026 Powell et al. Aug 2013 A1
20130212666 Mattsson Aug 2013 A1
20130218698 Moon Aug 2013 A1
20130218769 Pourfallah et al. Aug 2013 A1
20130226799 Raj Aug 2013 A1
20130226813 Voltz Aug 2013 A1
20130246199 Carlson Sep 2013 A1
20130246202 Tobin Sep 2013 A1
20130246203 Laracey Sep 2013 A1
20130246258 Dessert Sep 2013 A1
20130246259 Dessert Sep 2013 A1
20130246261 Purves et al. Sep 2013 A1
20130246267 Tobin Sep 2013 A1
20130254028 Salci Sep 2013 A1
20130254052 Royyuru Sep 2013 A1
20130254102 Royyuru Sep 2013 A1
20130254117 Von Mueller Sep 2013 A1
20130262296 Thomas Oct 2013 A1
20130262302 Lettow Oct 2013 A1
20130262315 Hruska Oct 2013 A1
20130262316 Hruska Oct 2013 A1
20130262317 Collinge Oct 2013 A1
20130275300 Killian Oct 2013 A1
20130275307 Khan Oct 2013 A1
20130275308 Paraskeva Oct 2013 A1
20130282502 Jooste Oct 2013 A1
20130282575 Mullen Oct 2013 A1
20130282588 Hruska Oct 2013 A1
20130297501 Monk et al. Nov 2013 A1
20130297504 Nwokolo Nov 2013 A1
20130297508 Belamant Nov 2013 A1
20130304648 O'Connell Nov 2013 A1
20130304649 Cronic Nov 2013 A1
20130308778 Fosmark Nov 2013 A1
20130311313 Laracey Nov 2013 A1
20130311382 Fosmark Nov 2013 A1
20130317982 Mengerink Nov 2013 A1
20130332344 Weber Dec 2013 A1
20130339253 Sincai Dec 2013 A1
20130346314 Mogollon Dec 2013 A1
20140007213 Sanin Jan 2014 A1
20140013106 Redpath Jan 2014 A1
20140013114 Redpath Jan 2014 A1
20140013452 Aissi et al. Jan 2014 A1
20140019352 Shrivastava Jan 2014 A1
20140025581 Calman Jan 2014 A1
20140025582 Maevsky Jan 2014 A1
20140025585 Calman Jan 2014 A1
20140025958 Calman Jan 2014 A1
20140032417 Mattsson Jan 2014 A1
20140032418 Weber Jan 2014 A1
20140040137 Carlson Feb 2014 A1
20140040139 Brudnicki Feb 2014 A1
20140040144 Plomske Feb 2014 A1
20140040145 Ozvat Feb 2014 A1
20140040148 Ozvat Feb 2014 A1
20140040628 Fort Feb 2014 A1
20140041018 Bomar Feb 2014 A1
20140046853 Spies Feb 2014 A1
20140047551 Nagasundaram et al. Feb 2014 A1
20140052532 Tsai Feb 2014 A1
20140052620 Rogers Feb 2014 A1
20140052637 Jooste Feb 2014 A1
20140068706 Aissi Mar 2014 A1
20140074637 Hammad Mar 2014 A1
20140108172 Weber et al. Apr 2014 A1
20140114857 Griggs et al. Apr 2014 A1
20140143137 Carlson May 2014 A1
20140164243 Aabye et al. Jun 2014 A1
20140188586 Carpenter et al. Jul 2014 A1
20140294701 Dai et al. Oct 2014 A1
20140297534 Patterson Oct 2014 A1
20140310183 Weber Oct 2014 A1
20140330721 Wang Nov 2014 A1
20140330722 Laxminarayanan et al. Nov 2014 A1
20140331265 Mozell et al. Nov 2014 A1
20140337236 Wong et al. Nov 2014 A1
20140344153 Raj et al. Nov 2014 A1
20150019443 Sheets et al. Jan 2015 A1
20150032625 Dill Jan 2015 A1
20150032626 Dill Jan 2015 A1
20150032627 Dill Jan 2015 A1
20150046338 Laxminarayanan Feb 2015 A1
20150046339 Wong et al. Feb 2015 A1
20150052064 Karpenko et al. Feb 2015 A1
20150088756 Makhotin et al. Mar 2015 A1
20150106239 Gaddam et al. Apr 2015 A1
20150112870 Nagasundaram et al. Apr 2015 A1
20150112871 Kumnick Apr 2015 A1
20150120472 Aabye et al. Apr 2015 A1
20150127529 Makhotin et al. May 2015 A1
20150127547 Powell et al. May 2015 A1
20150140960 Powell et al. May 2015 A1
20150142544 Tietzen May 2015 A1
20150142673 Nelsen et al. May 2015 A1
20150161597 Subramanian et al. Jun 2015 A1
20150178724 Ngo et al. Jun 2015 A1
20150180836 Wong et al. Jun 2015 A1
20150186864 Jones et al. Jul 2015 A1
20150193222 Pirzadeh et al. Jul 2015 A1
20150195133 Sheets et al. Jul 2015 A1
20150199679 Palanisamy et al. Jul 2015 A1
20150199689 Kumnick et al. Jul 2015 A1
20150220917 Aabye et al. Aug 2015 A1
20150269566 Gaddam et al. Sep 2015 A1
20150312038 Palanisamy Oct 2015 A1
20150319158 Kumnick Nov 2015 A1
20150332262 Lingappa Nov 2015 A1
20150356560 Shastry et al. Dec 2015 A1
20160028550 Gaddam et al. Jan 2016 A1
20160042263 Gaddam et al. Feb 2016 A1
20160065370 Le Saint et al. Mar 2016 A1
20160092696 Guglani et al. Mar 2016 A1
20160092872 Prakash et al. Mar 2016 A1
20160103675 Aabye et al. Apr 2016 A1
20160119296 Laxminarayanan et al. Apr 2016 A1
20160140545 Flurscheim et al. May 2016 A1
20160148197 Dimmick May 2016 A1
20160148212 Dimmick May 2016 A1
20160171479 Prakash et al. Jun 2016 A1
20160173483 Wong et al. Jun 2016 A1
20160210628 McGuire Jul 2016 A1
20160218875 Le Saint et al. Jul 2016 A1
20160224976 Basu Aug 2016 A1
20170046696 Powell et al. Feb 2017 A1
20170103387 Weber Apr 2017 A1
20170220818 Nagasundaram et al. Aug 2017 A1
20170228723 Taylor Aug 2017 A1
Foreign Referenced Citations (15)
Number Date Country
2156397 Feb 2010 EP
2001035304 May 2001 WO
2001035304 May 2001 WO
2004042536 May 2004 WO
2006113834 Oct 2006 WO
2009032523 Mar 2009 WO
2010078522 Jul 2010 WO
2012068078 May 2012 WO
2012098556 Jul 2012 WO
2012142370 Oct 2012 WO
2012167941 Dec 2012 WO
2013048538 Apr 2013 WO
2013056104 Apr 2013 WO
2013119914 Aug 2013 WO
2013179271 Dec 2013 WO
Non-Patent Literature Citations (38)
Entry
“Using a Mobile Device to Enhance Customer Trust in the Security of Remote Transactions”; Thair Al-Dala'in, Suhuai Luo and Peter Summons; ‘NPL—Using a Mobile Device to Enhance Customer Trust.pdf’ (Year: 2008).
“A Complete Secure Customer Centric Anonymous Payment in a Digital EcoSystem”; Vorugunti Chandra Sekhar and Mrudula S; ‘A Complete Secure Customer Centric Anonymous Payment in a Digital EcoSystem.pdf’ (Year: 2012).
Chipman, et al., U.S. Appl. No. 15/265,282 (Unpublished), Self-Cleaning Token Vault, filed Sep. 14, 2016.
Lopez, et al., U.S. Appl. No. 15/462,658 (Unpublished), Replacing Token on a Multi-Token User Device, filed Mar. 17, 2017.
Petition for Inter Partes Review of U.S. Pat. No. 8,533,860 Challenging Claims 1-30 Under 35 U.S.C. § 312 and 37 C.F.R. § 42.104, filed Feb. 17, 2016, Before the USPTO Patent Trial and Appeal Board, IPR 2016-00600, 65 pages.
Wang, U.S. Appl. No. 62/000,288 (unpublished), Payment System Canonical Address Format filed May 19, 2014.
Sharma et al., U.S. Appl. No. 62/003,717 (unpublished), Mobile Merchant Application filed May 28, 2014.
Kalgi et al., U.S. Appl. No. 62/024,426, (unpublished) Secure Transactions Using Mobile Devices filed Jul. 14, 2014.
Prakash et al., U.S. Appl. No. 62/037,033 (unpublished), Sharing Payment Token filed Aug. 13, 2014.
Hoverson et al., U.S. Appl. No. 62/038,174 (unpublished), Customized Payment Gateway filed Aug. 15, 2014.
Wang, U.S. Appl. No. 62/042,050 (unpublished), Payment Device Authentication and Authorization System filed Aug. 26, 2014.
Gaddam et al., U.S. Appl. No. 62/053,736 (unpublished), Completing Transactions Without a User Payment Device filed Sep. 22, 2014.
Patterson, U.S. Appl. No. 62/054,346 (unpublished), Mirrored Token Vault filed Sep. 23, 2014.
Dimmick, U.S. Appl. No. 14/952,514 (unpublished), Systems Communications With Non-Sensitive Identifiers filed Nov. 25, 2015.
Dimmick, U.S. Appl. No. 14/952,444 (unpublished), Tokenization Request via Access Device filed Nov. 25, 2015.
Prakash et al., U.S. Appl. No. 14/955,716 (unpublished), Provisioning Platform for Machine-To-Machine Devices filed Dec. 1, 2015.
Wong et al., U.S. Appl. No. 14/966,948 (unpublished), Automated Access Data Provisioning filed Dec. 11, 2015.
Stubbs et al., U.S. Appl. No. 62/103,522 (unpublished), Methods and Systems for Wallet Provider Provisioning filed Jan. 14, 2015.
McGuire, U.S. Appl. No. 14/600,523 (unpublished), Secure Payment Processing Using Authorization Request filed Jan. 20, 2015.
Flurscheim et al., U.S. Appl. No. 15/004,705 (unpublished), Cloud-Based Transactions With Magnetic Secure Transmission filed Jan. 22, 2016.
Flurscheim et al., U.S. Appl. No. 62/108,403 (unpublished), Wearables With NFC HCE filed Jan. 27, 2015.
Sabba et al., U.S. Appl. No. 15/011,366 (unpublished), Token Check Offline filed Jan. 29, 2016.
Patterson, U.S. Appl. No. 15/019,157 (unpublished), Token Processing Utilizing Multiple Authorizations filed Feb. 9, 2016.
Cash et al., U.S. Appl. No. 15/041,495 (unpublished), Peer Forward Authorization of Digital Requests filed Feb. 11, 2016.
Le Saint et al., , U.S. Appl. No. 15/008,388 (unpublished), Methods for Secure Credential Provisioning filed Jan. 27, 2016.
Kinagi, U.S. Appl. No. 62/117,291 (unpublished), Token and Cryptogram Using Transaction Specific Information filed Feb. 17, 2015.
Galland et al. U.S. Appl. No. 62/128,709 (unpublished), Tokenizing Transaction Amounts filed Mar. 5, 2015.
Rangarajan et al., U.S. Appl. No. 61/751,763 (unpublished), Payments Bridge filed Jan. 11, 2013.
Li, U.S. Appl. No. 61/894,749 (unpublished), Methods and Systems for Authentication and Issuance of Tokens in a Secure Environment filed Oct. 23, 2013.
Aissi et al., U.S. Appl. No. 61/738,832 (unpublished), Management of Sensitive Data filed Dec. 18, 2012.
Wong et al., U.S. Appl. No. 61/879,362 (unpublished), Systems and Methods for Managing Mobile Cardholder Verification Methods filed Sep. 18, 2013.
Powell, U.S. Appl. No. 61/892,407 (unpublished), Issuer Over-The-Air Update Method and System filed Oct. 17, 2013.
Powell, U.S. Appl. No. 61/926,236 (unpublished), Methods and Systems for Provisioning Mobile Devices With Payment Credentials and Payment Token Identifiers filed Jan. 10, 2014.
Valcourt et al., “Investigating mobile payment: supporting technologies, methods, and use”; file ' Investigating mobile payment—supporting technologies methods and use.pdf ; Jan. 1, 2005 (Year: 2005).
Non-Final Office Action, dated Jan. 2, 2019, in U.S. Appl. No. 14/305,930, 47 pages.
Non-Final Office Action, dated Jun. 26, 2017, in U.S. Appl. No. 14/305,930, 25 pages.
Final Office Action, dated Dec. 28, 2017, in U.S. Appl. No. 14/305,930, 32 pages.
U.S. Appl. No. 14/305,930 , “Final Office Action”, dated Jul. 10, 2019, 39 pages.
Related Publications (1)
Number Date Country
20170206524 A1 Jul 2017 US
Provisional Applications (1)
Number Date Country
61835793 Jun 2013 US
Divisions (1)
Number Date Country
Parent 14305930 Jun 2014 US
Child 15477879 US