Patent Grant
11593798
A payment is a monetary or financial transaction (or simply transaction) that moves money from a source account to a destination account. For a non-limiting example, one common form of payment is credit card payment. A point of sale (POS) or point of purchase (POP) is the time and place of an in-person (vs. online) purchase where a retail payment transaction is completed between a merchant and a customer who makes a payment in exchange for goods or services from the merchant. A POS payment terminal or device is a payment transaction device associated with the merchant, wherein the POS payment terminal accepts a credit card, a debit card, or an EMV® chip card, such as Master, Visa, American Express, or Discover card from the customer and provides information of the card to the card issuer (e.g., credit card company) to process the transaction.
There are various types of POS payment terminals on the market and they all have one thing in common—they need to be certified upfront by the card issuers providing electronic payment processing services to the merchants to make sure that the POS payment terminals can function correctly and comply with the requirements set by the card issuers. The certification process is a rigorous underwriting process including full upfront review of the merchant via testing of the entire chain of electronic payment processing from the POS payment terminal through an acquirer to the card issuer. The certification process typically requires the merchant to first apply for certification of its POS payment terminal by an authorized third party, which handles the certification based on the rules set by EMVCo, a global organization that manages, maintains and enhances the global EMV® standard. Such certification process is often time-consuming. As the number of individual retailers (vs. traditional retail chain stores) are increasing rapidly, they would prefer their POS payment terminals to be activated (“on-board”) and available to use instantly instead of waiting for the lengthy certification. Although some companies (e.g., Square) have offered their own proprietary POS payment terminals such as card readers to merchants for instant on-board usage, these terminals are limited to their own types only and still need to be certified. It is thus desirable to be able to instantly activate various kinds of existing POS payment terminals on the market without certification while still maintaining secured electronic payment processing via the POS payment terminals.
The foregoing examples of the related art and limitations related therewith are intended to be illustrative and not exclusive. Other limitations of the related art will become apparent upon a reading of the specification and a study of the drawings.
Aspects of the present disclosure are best understood from the following detailed description when read with the accompanying figures. It is noted that, in accordance with the standard practice in the industry, various features are not drawn to scale. In fact, the dimensions of the various features may be arbitrarily increased or reduced for clarity of discussion.
The following disclosure provides many different embodiments, or examples, for implementing different features of the subject matter. Specific examples of components and arrangements are described below to simplify the present disclosure. These are, of course, merely examples and are not intended to be limiting. In addition, the present disclosure may repeat reference numerals and/or letters in the various examples. This repetition is for the purpose of simplicity and clarity and does not in itself dictate a relationship between the various embodiments and/or configurations discussed.
A new approach is proposed that contemplates systems and methods to support instant merchant activation for secured in-person payment at a point of sale (POS) of a merchant. When a customer initiates an in-person payment request at a payment initiation device associated with the merchant, the payment initiation device is configured to collect both sensitive and non-sensitive portions of electronic payment transaction data for the request and encrypt the sensitive data portion for secured transmission. Upon receiving the electronic payment transaction data, a payment gateway in the payment transaction process is configured to relay the data to a payment processor for approval by an issuer and transmit only the non-sensitive portion of the data to a payment service engine for risk analysis if the payment request is approved by the issuer. The payment service engine is configured to determine if the payment request is at high risk based on risk analysis of the non-sensitive portion of the data received and notify the payment initiation device and/or the merchant accordingly.
By assessing the risk of each payment transaction without accessing sensitive financial information of the customer, the proposed approach enables instant activation of the merchant without weakening the security of the electronic payment transaction process. Under the proposed approach, the merchant can accept payment from its clients immediately via any type of POS payment device available on the market instantly while eliminating the lengthy certification process. In the meantime, since the sensitive financial data is encrypted and transmitted over the entire payment transaction process between the POS payment device and the payment processor following the conventional payment processing model, the security and integrity of the electronic payment transaction process is not weakened or compromised.
In the example of
In the example of
In the example of
In some embodiments, upon receiving the payment request initiated by a customer, the payment initiation device 102 is configured to collect the electronic payment transaction data from the customer's financial instrument and/or the payment request. Here, the payment transaction data for the payment request can be collected by one of accepting card information manually entered by the customer, reading data stored on a magnetic stripe of a card swiped at the payment initiation device 102, reading data stored on a chip of a chip card inserted into the payment initiation device 102, and transmitting data from an NFC chip on a mobile communication device when tapped by the customer.
In some embodiments, the collected payment transaction data includes a sensitive data portion and a non-sensitive data portion. Here, the non-sensitive data portion includes information that can be used to identify the customer, including but not limited to one or more of name and/or billing address of the customer, non-sensitive part of a unique identifier/number of the financial instrument, e.g., the 1st 6 digits of a credit card (also known as the Issuer BIN) and last 4 digits of the credit card number, type of the financial instrument, brand of the financial instrument, e.g., Master, Visa, American Express, or Discover card, and how the payment transaction data of the financial instrument is collected. In some embodiments, the non-sensitive data portion of the payment transaction data further includes details of the payment request, e.g., the amount being requested for approval and a list of the products and/or services purchased, shipping address, and/or details of the merchant, e.g., merchant name or id, and information of the payment initiation device 102, e.g., device id and location. The sensitive data portion of the payment transaction data, on the other hand, includes confidential financial information of the financial instrument, including one or more of full (16 digits) card number, CVV code, expiration date, and other sensitive data stored on the financial instrument. If obtained by an unauthorized third party, the sensitive data portion may be used to initiate another payment request without the customer's knowledge or consent and thus needs to be securely guarded.
In some embodiments, the payment initiation device 102 is configured to encrypt the sensitive data portion using one or more keys provided by and shared only with the payment processor 106, wherein the encrypted sensitive data portion can only be decrypted by the payment processor 106. Note that only certified payment initiation devices 102 (e.g., certified POS terminals) may encrypt the data using the keys, wherein the payment initiation device 102 is injected with the keys either before the merchant receives the payment initiation device 102 or through an initial activation process. The payment initiation device 102 is then configured to transmit the payment request with both the non-sensitive data portion and the encrypted sensitive data portion of the electronic payment transaction data to the payment processor 106 for payment processing through the payment gateway 104.
In the example of
In the example of
Once the payment gateway 104 receives the confirmation from the payment processor 106 that the payment request has been approved by the issuer, the payment gateway 104 is then configured to transmit only the non-sensitive data portion of the electronic payment transaction data to the payment service engine 108 for risk analysis to determine if the payment request should be processed or not by invoking an Application Program Interface (API) call to the payment service engine 108. Here, the non-sensitive data portion includes details about the transaction, the financial instrument, the customer, the merchant, etc. as discussed above, as well as the response returned by the payment processor 106 for risk analysis. Note that the payment gateway 104 does not have access to and thus does not send the sensitive data portion that includes sensitive data of the financial instrument, such as the full card number, to the payment service engine 108.
In the example of
If the payment request is approved by the payment service engine 108, e.g., it is not at high risk and should be processed, the payment gateway 104 returns a successful response to the payment initiation device 102. If, on the other hand, the payment request is declined by the payment service engine 108, e.g., it is at high risk, the payment gateway 104 then returns a declined response to the payment initiation device 102 and also cancels the previously approved payment transaction with the payment processor 106. Upon receiving the response from the payment gateway 104, the payment initiation device 102 displays the appropriate result, e.g., payment approved or declined, accordingly to the customer and/or the merchant. The payment initiation device 102 or the payment service engine 108 will then settle the transaction amount of the payment request with the bank of the merchant.
In the example of
One embodiment may be implemented using a conventional general purpose or a specialized digital computer or microprocessor(s) programmed according to the teachings of the present disclosure, as will be apparent to those skilled in the computer art. Appropriate software coding can readily be prepared by skilled programmers based on the teachings of the present disclosure, as will be apparent to those skilled in the software art. The invention may also be implemented by the preparation of integrated circuits or by interconnecting an appropriate network of conventional component circuits, as will be readily apparent to those skilled in the art.
One embodiment includes a computer program product which is a machine readable medium (media) having instructions stored thereon/in which can be used to program one or more hosts to perform any of the features presented herein. The machine readable medium can include, but is not limited to, one or more types of disks including floppy disks, optical discs, DVD, CD-ROMs, micro drive, and magneto-optical disks, ROMs, RAMs, EPROMs, EEPROMs, DRAMs, VRAMs, flash memory devices, magnetic or optical cards, nanosystems (including molecular memory ICs), or any type of media or device suitable for storing instructions and/or data. Stored on any one of the computer readable medium (media), the present invention includes software for controlling both the hardware of the general purpose/specialized computer or microprocessor, and for enabling the computer or microprocessor to interact with a human viewer or other mechanism utilizing the results of the present invention. Such software may include, but is not limited to, device drivers, operating systems, execution environments/containers, and applications.
The foregoing description of various embodiments of the claimed subject matter has been provided for the purposes of illustration and description. It is not intended to be exhaustive or to limit the claimed subject matter to the precise forms disclosed. Many modifications and variations will be apparent to the practitioner skilled in the art. Particularly, while the concept “component” is used in the embodiments of the systems and methods described above, it will be evident that such concept can be interchangeably used with equivalent concepts such as, class, method, type, interface, module, object model, and other suitable concepts. Embodiments were chosen and described in order to best describe the principles of the invention and its practical application, thereby enabling others skilled in the relevant art to understand the claimed subject matter, the various embodiments and with various modifications that are suited to the particular use contemplated.
This application is a U.S. national stage application under § 371 of International Patent Application No. PCT/US17/56674, filed Oct. 13, 2017, which claims the benefit of U.S. Provisional Patent Application No. 62/540,514, filed Aug. 2, 2017, and entitled “Instant Merchant Activation for Secured In-Person Payments,” the entireties of each are expressly incorporated herein in its entirety by reference.
| Filing Document | Filing Date | Country | Kind |
|---|---|---|---|
| PCT/US2017/056674 | 10/13/2017 | WO |
| Publishing Document | Publishing Date | Country | Kind |
|---|---|---|---|
| WO2019/027488 | 2/7/2019 | WO | A |
| Number | Name | Date | Kind |
|---|---|---|---|
| 5826245 | Sandberg-Diment | Oct 1998 | A |
| 6212635 | Reardon | Apr 2001 | B1 |
| 6477578 | Mhoon | Nov 2002 | B1 |
| 7107242 | Vasil | Sep 2006 | B1 |
| 7185805 | McShirley | Mar 2007 | B1 |
| 7472825 | Fitch | Jan 2009 | B2 |
| 7653590 | Kroon | Jan 2010 | B1 |
| 7657482 | Shirey | Feb 2010 | B1 |
| 8020763 | Kowalchyk | Sep 2011 | B1 |
| 8458069 | Adjaoute | Jun 2013 | B2 |
| 8740067 | Chinoy | Jun 2014 | B1 |
| 9367844 | Hu | Jun 2016 | B1 |
| 9552573 | Kulpati | Jan 2017 | B2 |
| 9600651 | Ryan | Mar 2017 | B1 |
| 9846866 | Royyuru | Dec 2017 | B2 |
| 10097663 | Ferenczi | Oct 2018 | B1 |
| 10325263 | Canfield | Jun 2019 | B2 |
| 10380565 | Prasad | Aug 2019 | B1 |
| 10762076 | Eide | Sep 2020 | B1 |
| 20020116337 | Peled | Aug 2002 | A1 |
| 20030014356 | Browne | Jan 2003 | A1 |
| 20030050880 | Degen | Mar 2003 | A1 |
| 20030055783 | Cataline | Mar 2003 | A1 |
| 20030074298 | Daum | Apr 2003 | A1 |
| 20030154393 | Young | Aug 2003 | A1 |
| 20030182194 | Choey | Sep 2003 | A1 |
| 20040002903 | Stolfo | Jan 2004 | A1 |
| 20040181679 | Dettinger | Sep 2004 | A1 |
| 20040215560 | Amalraj | Oct 2004 | A1 |
| 20040230527 | Hansen | Nov 2004 | A1 |
| 20050080716 | Belyi et al. | Apr 2005 | A1 |
| 20050149552 | Chan | Jul 2005 | A1 |
| 20060100957 | Buttler et al. | May 2006 | A1 |
| 20060226216 | Keithley | Oct 2006 | A1 |
| 20070033135 | Wokaty, Jr. | Feb 2007 | A1 |
| 20070100751 | Carver | May 2007 | A1 |
| 20070106580 | Yang | May 2007 | A1 |
| 20070143230 | Narainsamy | Jun 2007 | A1 |
| 20070250441 | Paulsen | Oct 2007 | A1 |
| 20070255653 | Tumminaro | Nov 2007 | A1 |
| 20070282742 | Schrupp | Dec 2007 | A1 |
| 20080010215 | Rackley, III | Jan 2008 | A1 |
| 20080313081 | Wee | Dec 2008 | A1 |
| 20090204510 | Hwang | Aug 2009 | A1 |
| 20090327107 | Lal | Dec 2009 | A1 |
| 20100318468 | Carr | Jun 2010 | A1 |
| 20100180127 | Li | Jul 2010 | A1 |
| 20100274678 | Rolf | Oct 2010 | A1 |
| 20110238564 | Lim et al. | Mar 2011 | A1 |
| 20110137751 | Stein | Jun 2011 | A1 |
| 20110238510 | Rowen | Sep 2011 | A1 |
| 20120023567 | Hammad | Jan 2012 | A1 |
| 20120054101 | Duggal | Mar 2012 | A1 |
| 20120259782 | Hammad | Oct 2012 | A1 |
| 20120284187 | Hammad | Nov 2012 | A1 |
| 20120296725 | Dessert et al. | Nov 2012 | A1 |
| 20130013512 | Cloud | Jan 2013 | A1 |
| 20130054461 | Gupta | Feb 2013 | A1 |
| 20130212008 | Edwards et al. | Feb 2013 | A1 |
| 20130132281 | Ankolekar | May 2013 | A1 |
| 20130304637 | McCabe | Nov 2013 | A1 |
| 20140046786 | Mazaheri | Feb 2014 | A1 |
| 20140164243 | Aabye | Jun 2014 | A1 |
| 20140337138 | Chitalia | Nov 2014 | A1 |
| 20140365366 | Spinella | Dec 2014 | A1 |
| 20150012436 | Poole | Jan 2015 | A1 |
| 20150161597 | Subramanian | Jun 2015 | A1 |
| 20160063470 | Berrio | Mar 2016 | A1 |
| 20160171499 | Meredith | Jun 2016 | A1 |
| 20160180343 | Poon | Jun 2016 | A1 |
| 20160283918 | Weinflash | Sep 2016 | A1 |
| 20160335639 | Merz | Nov 2016 | A1 |
| 20160358179 | Canfield | Dec 2016 | A1 |
| 20170228733 | Jordan et al. | Feb 2017 | A1 |
| 20170171200 | Bao | Jun 2017 | A1 |
| 20170200142 | Pappano | Jul 2017 | A1 |
| 20170262851 | Canfield | Sep 2017 | A1 |
| 20170270527 | Rampton | Sep 2017 | A1 |
| 20170270528 | Prakash | Sep 2017 | A1 |
| 20170270557 | Maenpaa | Sep 2017 | A1 |
| 20170272253 | Lavender | Sep 2017 | A1 |
| 20170352026 | Musil | Dec 2017 | A1 |
| 20180006821 | Kinagi | Jan 2018 | A1 |
| 20180068395 | Gupta | Mar 2018 | A1 |
| 20180234426 | Huang | Aug 2018 | A1 |
| 20180324197 | Zettel, II | Nov 2018 | A1 |
| 20190026826 | Chebrole | Jan 2019 | A1 |
| 20190042149 | Kesler et al. | Feb 2019 | A1 |
| 20190087805 | Hayes | Mar 2019 | A1 |
| 20190087822 | Vasu | Mar 2019 | A1 |
| 20190333089 | Fordyce, III | Oct 2019 | A1 |
| 20210117968 | Bhasin | Apr 2021 | A1 |
| 20210174361 | Potireddy | Jun 2021 | A1 |
| 20210398127 | LePage | Dec 2021 | A1 |
| Number | Date | Country |
|---|---|---|
| 20100001888 | Jan 2010 | KR |
| 20160043472 | Apr 2016 | KR |
| Entry |
|---|
| Sekhar et al (Secure Lightweight Mobile Payment Protocol Using Symmetric Key Techniques) (Year: 2012). |
| PCT International Search Report and Written Opinion dated May 29, 2018 in International Application No. PCT/US2017/056674, 13 pages. |
| Number | Date | Country | |
|---|---|---|---|
| 20210174361 A1 | Jun 2021 | US |
| Number | Date | Country | |
|---|---|---|---|
| 62540514 | Aug 2017 | US |
