Processing of payment card transactions and, more particularly, processing of payment card transactions in an integrated payment environment, with semi-integrated features.
The authorization of a payment card transaction, such as a credit, debit, gift, or electronic benefit card transaction, for example, typically requires multiple steps involving multiple financial institutions, including payment gateways, payment processors, card brands, and issuing banks. Several approaches to processing card transactions at merchant locations, including merchant websites, are known, such as non-integrated and integrated approaches. The processing of card transactions at merchant locations can also use a semi-integrated approach. Payment cards may also be referred to as tender.
In the non-integrated environment 100 of
The PIN pad 106 forwards the card information and transaction information (including the total cost of goods and/or item data, for example) to a payment processor 108, which stores transaction data to provide daily, weekly, and/or monthly, summary reports to merchants 102, for example. The payment processor 108 also validates aspects of the data received from the PIN pad 106, as is known in the art.
After validation, the payment processor 108 routes the card data and transaction information to a card brand 112 of the card, such as Visa or MasterCard, for example, via the network 110. The card brand 112 verifies the card number and expiration date, approves or denies the transaction, and performs other operations known in the art. The single card brand 112 shown in
If the card data is verified and approved by the card brand 112, the card data and transaction data are routed by the card brand to the issuing bank 114 that issued the card, via the network 110. The issuing bank 114 checks credit limits and performs other operations known in the art. The single issuing bank 114 shown in
If the payment processor 108, card brand 112, or issuing bank 114 do not verify the card data or authorize the transaction, a denial message is returned along the same chain to the PIN pad 106. The PIN pad 106 will not then accept the card payment, and an alternative form of payment may be requested.
The POS 104 totals items for purchase, as discussed above. The total is provided to the PIN pad 106, which requests payment (tender) from the customer. In this example, card data collected by the PIN pad 106 is provided to the POS 104, which provides the card data to the merchant gateway 122, via the network 110.
The merchant gateway 122 may apply rules specific to the respective merchant 102 concerning whether to accept a tender, for example, and/or applies analytics to the card data and transaction data, for example. Analytics may include the analysis of purchasing date at a merchant location, on a storewide and/or individual basis. Analytics may be used to enhance payment rules engines and/or provide targeted advertisements, offers, and other information to customers, for example. If the card data/transaction data pass the rules of the merchant gateway 122, the merchant gateway forwards the card and transaction data to the payment processor 108, via the network 110, for processing by subsequent components in the environment 120, as described above.
The integrated payments environment 120 provides merchants with increased operational efficiency by ensuring that the POS 104 is always in-sync with the PIN pad 106. In many cases, however, the hardware and software of the POS 104 are not as “security hardened” as the PIN pads 106 alone. Sensitive cardholder data passing through the POS 104 device may therefore be at some risk, and the fully integrated approach has led to large payment card data breaches.
The card data is only provided to the payment gateway 108, which may be highly secure. Point-to-point encryption between the PIN pad 106 and the payment gateway 132 may be built-in. Because sensitive payment data never touches the POS 104, potential points of compromise are reduced and the POS 104 need not conform to PCI compliance rules. This reduces the compliance burden for the merchant 102.
Software on the PIN pad 106 drives the in-store user experience, and the connection with the payment gateway 132 enables a range of value-added services, such as analytics, loyalty rewards, etc., as is known in the art. The payment gateway 108 analyzes the card data and transaction data provides payment gateway services to merchants and other parties in
It would be advantageous to be able to support an integrated payment environment to provide managed device features without the additional work needed to build an interface to the semi-integrated payment gateway. Many merchants are interesting in the value-added features that may be offered by a semi-integrated payment environment, which does not provide sensitive card data to the POS, remotely manages in-store devices, provides faster EMV transaction times, and/or encryption, for example.
In accordance with an embodiment of the invention, systems and methods for providing a managed integrated payment environment including both a merchant gateway and a service gateway, are disclosed. Card data, in one example, is passed to a POS for approval via the merchant gateway, while a PIN pad communicates with the service gateway to provide additional services. Payment flow is decoupled from management functions.
Embodiments of the invention support a merchant who would prefer not to route transaction traffic via the service gateway for whatever reason, and/or to support a merchant who desires on-device/device management features without the complexity of the integration required for a semi-integrated solution, by decoupling the payment flow from device management functions.
In accordance with an embodiment of the invention, a method of performing a payment transaction is disclosed comprising receiving transaction data from a point-of-sale terminal, by a PIN pad terminal. Tender is received from a customer, by the PIN pad terminal. The PIN pad terminal sends tender data based on the received tender and transaction data to a service gateway, which collects metadata from the tender data and the transaction data. Tender data is also sent by the PIN pad terminal to the point-of-sale terminal, which sends the tender data and the transaction data to a merchant gateway for approval or denial of the tender data.
In one example, the PIN pad terminal encrypts tender data and sends the encrypted tender data to the point-of-service terminal. In another example, the service gateway encrypts the received tender data, sends the encrypted tender data to the PIN pad terminal, and the PIN pad terminal sends the encrypted tender data to the point-of-service terminal.
The Pin pad terminal may derive a bank identification number (“BIN”) from the tender data, search a BIN file correlating bank identification numbers with card brands and issuing banks that is stored in memory of the PIN pad terminal for the bank identification number, and associate the bank identification number with the tender data and transaction data. The PIN pad terminal then sends the associated BIN, tender data, and transaction data to the point-of-sale terminal. Updates to the BIN file may be provided to the PIN pad terminal from the service gateway. The service gateway may also provide software updates and/or configuration management tools to the PIN pad terminal
In accordance with another embodiment of the invention, a PIN pad terminal is disclosed comprising at least one processing device and memory. The at least one processing device is configured to receive transaction data from a point-of-sale terminal and receive tender from a customer. The at least one processing device is further configured to send tender data based on the received tender and the transaction data to a service gateway, which collects metadata from the tender data and the transaction data. The at least one processing device is further configured to send the tender data to the point-of-sale terminal. The point-of-sale terminal sends the tender data and transaction data to a merchant gateway for approval or denial of the tender data.
The at least one processing device may be configured to encrypt tender data prior to sending it to the PIN pad terminal. In another example, the service gateway encrypts the tender data received from the PIN pad terminal and sends it back to the PIN pad terminal, which sends the encrypted tender data to the point-of-service terminal.
The at least one processing device may be configured to derive a BIN from the tender data, search a BIN file correlating BINs with card brands and issuing banks that is stored in memory of the PIN pad terminal, for the BIN, and associate the BIN with the tender data and transaction data. The at least one processing device is further configured to send the associated BIN, tender information, and transaction data to the point-of-sale terminal. Updates to the BIN file may be provided to the PIN pad terminal from the service gateway. The service gateway may provide software updates and/or configuration management tools from the service gateway. An interface for translating messages from the point-of-sale terminal for at least one processing device may be stored in the memory of the PIN pad terminal.
In accordance with another embodiment of the invention, a system for processing payment transactions comprises a service gateway, a merchant gateway separate from the service gateway, and a PIN pad terminal. The system further comprises a point-of-service terminal configured to total at least one item for purchase by a customer and send transaction data to the PIN pad terminal, including the purchase total. The PIN pad terminal is configured to receive the transaction data from the point-of-sale terminal, receive tender from a customer, send tender data based on the received tender and the transaction data to the service gateway, via a network, and send the tender data to the point-of-sale terminal. The point-of-sale terminal is further configured to send the tender data and the transaction data to the merchant gateway, via a network, for approval or denial of the tender data. The service gateway collects metadata from the tender data and the transaction data.
b show a flowchart of an example of a method for processing card transactions, by the managed integrated card payment environment of
In one example, a payment application (“App”) running on the PIN pad 204 supports an integrated communication with the POS 202 and provides payment card information to the POS in order to settle a transaction. The POS 202 then assumes responsibility for processing payment by providing transaction data and card data to a merchant gateway 208. The merchant gateway 208 forwards the transaction data and card data to the payment processor 108 via the network 110, to obtain approval or denial of a transaction, in the manner described above. An approval or denial of a respective transaction is returned to the merchant gateway 208 via the network 110, as discussed above. The merchant gateway 208 provides an approval or denial message to the POS 204, via the network 110.
If the transaction is denied, then the POS 204 informs the PIN pad 206, which then typically asks for new tender. If new tender is provided, such as a different card, then the PIN pad 206 provides the card data to the POS 202, which provides the card data and other transaction information to the merchant gateway 208, and the process is repeated.
In accordance with an embodiment of the invention, the service gateway 210 is also connected to the PIN pad 206 via the network 110. The PIN pad 206 may be connected to the network 110 over the merchant's interne connection, for example. The service gateway 210 collects metadata from the transaction data and card data to provide analytics and other services/features, manages PIN pads, including provisioning of new PIN pads, and/or manages PIN pad configurations, for example, as desired by a respective merchant. The PIN pad 204 and the service gateway 206 do not perform payments processing.
A payment application (“payment App”) 224 is stored in the memory 222 of the PIN pad 206. The payment App 224 controls operation of the processor 220 of the PIN pad 206, including providing card data collected from a card and transaction data received from the POS 204, and providing the data to the service gateway 210. The card data and transaction data may be encrypted prior to being sent to the service gateway 210. The payment App 224 also provides card data the POS 204. The card data provided to the POS 204 is also be encrypted by the payment App 224, as discussed below. The payment App 224 may also provide a personalized checkout experience to a customer including the identification of relevant loyalty offers/discounts through interaction with the service gateway 210. Such offers/discounts may be applied by the PIN pad 206 and an adjusted total is then provided to the POS 204, for example. Alternatively, the service gateway 210 applies an offer and a modified purchase total to the PIN pad 206, which informs the POS 204 of the updated purchase total. In another example, the PIN pad 206 provides the offer from the service gateway 210 to the POS 204, which modifies the purchase total in light of the offer and informs the PIN pad 206 of the modified total. The PIN pad 206 notifies the service gateway 210 of the purchase total.
The payment App 224 may be downloaded to the PIN pad 206 of the merchant 202 by the service gateway 210 after the merchant registers with the service gateway, for example. The PIN pad terminals 130 may be a Verifone MX915 or Verifone MX925, available from Verifone Holdings, Inc., San Jose California, or an Ingenico iSC250 or Ingenico iSC480, available from Ingenico Solutions, Rowlands Castle, England, for example.
The POS terminals may be a SurePOS ACE, available from Toshiba Global Commerce Solutions, Durham, N.C.; a LOC Store Management Suite, available from DCR, Point of Sales Systems, Nashville, Tenn.; or a RORC Point-Of-Sale, available from Quality Business Systems, Sacramento, California, for example. Suitable POSs are also available from NCR, Duluth, Georgia; IT Retail, Riverside, California; Microsoft Dynamics, Redmond Washington, for example.
The secure card data environment (“SCDE”) 238 processes sensitive information, such as card and transaction data, as is also described in U.S. patent application Ser. No. 15/788,729. The SCDE 238 comprises at least one processing device 244, volatile memory 246, such as random access memory (“RAM”), and a secure database 248. As above, the processing device 280 may be a computer or microprocessor, for example.
In one example, to provide extra security for the encrypted data stored in the secure database 248, only the processing device 244 can access the secure database 248, and only the applications server 236 can access the processing device 244. To further protect decrypted sensitive information, such information may only be stored in RAM 290 or other volatile memory and may be deleted after use. The processing device 244 may use the RAM 246 or other such memory (not shown) while performing calculations and other functions, as described below. The secure handling of card data is discussed in more detail in U.S. patent application Ser. No. 15/788,729.
b show a flowchart 250 of an example of a method for processing card transactions, by the managed integrated payment environment of
The transaction process starts in Step 252, when a customer brings one or more items for purchase to a POS, such as the POS 204 of
If the customer purchases a second item, the cost of the second item is added to the ticket by the POS 204 and an AddItem request message is sent to the PIN pad 206, in Step 256. The PIN pad 206 adds the transaction data to its ticket in response to the request, and sends a confirmation response, in Step 258.
If the second item is the last item, then the POS 204 totals the prices of the two items generates and sends a CashierTotal request message to the PIN pad 206, in Step 260. The PIN pad 206 updates its ticket to include the new total in response to the request and sends an acknowledgment response to the POS 204, in Step 262. If the second item is not the last item, then Step 256 is repeated until all items have been processed by the POS 104 and added to the ticket.
In Step 264, a RequestTender request is sent by the POS 204 to the PIN pad 206, including a request for tender and the amount of the purchase totaled by the POS.
In response to the RequestTender request message, the PIN pad 206 prompts the customer for tender, receives the tender, and confirms receipt of the RequestTender request message, in Step 266. The PIN pad 206 receives the tender in the form of a credit, debit, gift card, or electronic benefit card, for example, and reads data from the card. The read data includes the card number. The read data may also include an expiration date, CVV (security) code, and/or EMV data/tags and cryptograms from a smart card, for example. If the customer is using a phone App as tender, the PIN pad 206 would receive a QR code sent by the phone, which may include the card number, CVV, etc., as is known in the art. The PIN pad 206 may also search the BIN file 226 stored in the memory 222, as shown in
In accordance with an embodiment of the invention, the PIN pad 206 sends the tender data or information and the transaction data on the ticket to the service gateway 210, in Step 268. The tender data and transaction data may be sent to the service gateway in an encrypted HTTPS envelope, as is known in the art. The service gateway 210 collects transaction metadata in Step 370 for use in one or more manners discussed herein. The service gateway 210 does not, however, forward the card and transaction data to the payment processor 108 for further validation and approval, as in the non-integrated payment processing environment in 100 of
After Step 270, the process continues in
After sending the RequestTender request message to the PIN pad 206 in Step 264, the POS 204 periodically sends a QueryTender request message to the PIN pad, in Step 274. When the PIN pad 206 receives confirmation from the service gateway 210 that the tender passes the fraud/security check, if performed, the PIN pad 206 may encrypt the tender data, in Step 275 (if the service gateway 210 has not encrypted or is not configured to encrypt the tender data).
The PIN pad 206 forms a modified ticket including the optionally encrypted tender information and forwards the modified ticket to the POS 204 in an AddTender request message, in Step 276. The POS 204 responds to the AddTender request message in Step 278.
After receiving the tender information in Step 278, the POS 204 may consult stored rules, in Step 280. The rules may relate to security requirements of the merchant 202, such as not accepting known fraudulent cards and applying card preferences, such as not accepting American Express and/or international cards, for example. If the rules are passed, then the modified ticket is accepted by the POS 204 and sent to the merchant gateway 208, in Step 282. If any rule is not passed, then the POS 204 may reject the modified ticket and send another RequestTender message to the PIN pad 206 to cause the PIN pad to request a different tender. Steps 266-282 are then repeated.
The POS 204 then decrypts the tender, or sends the modified ticket to the merchant gateway 208 including the encrypted card data, in Step 282.
The merchant gateway 208 receives the modified ticket, decrypts the tender data, if necessary, and processes the payment by sending the modified ticket to the payment processor 108 for validation, in Step 284. If validated, the service gateway 210 sends the validated, modified ticket to the card brand 112 for authentication and approval. If authenticated and approved, the card brand 112 sends the modified ticket to the issuing bank 114 for further authentication and approval, as discussed above. If the authenticated by the issuing bank 114, the modified ticket is returned to the merchant gateway 208, via these same institutions and the network 110, as discussed above. The modified ticket is sent from one party to the next via the network in an encrypted HTTPS envelope, for example.
The merchant gateway 208 returns the modified ticket to the POS 204 with approval or denial codes, as provided by the payment processor 108, card brand 110, and/or issuing bank 114. The new ticket is received by the POS 204, in Step 286. If approved, the POS 204 closes the ticket and the transfer is completed. If the ticket is denied, the POS 204 sends another RequestTender message to the PIN pad 208, as in Step 264. The PIN pad 208 would then prompt the customer for a new tender, in Step 266, and the process continues as discussed above.
As discussed above with respect to Step 272 of
In one example, a respective party may require additional verification of the identity of the customer associated with the card and request that a phone number or identification be provided, for example. In another example, a party may place a limit on a transaction amount that can be charged to a respective card. Such restrictions may be provided in one more lists and/or tables maintained by the service gateway 210 in the transactions database 242 or other such storage, in association with the party requesting the restriction, for example. The service gateway 210 may maintain files for each party, which may be stored in the transaction database 242. Maintaining and updating such lists and tables for each of the parties involved in the transaction, and performing such checks would be a significant burden to the merchant gateway 208.
When the service gateway 210 receives the card data and transaction data from the PIN pad 206, the processing device 240 checks each file to determine whether the card data indicates that the card or the combination of card data and transaction data should not be processed. If the card number is not found on a list of fraudulent card numbers and there are no limitations on transaction amounts, then the processing device 240 informs the Pin pad 206 to continue processing the transaction with the received tender, in Step 272. If the card is found to be fraudulent or the transaction amount exceeds a limit, for example, the Pin pad 206 is instructed to request new tender for all or part of the transaction amount, in Step 272.
Using the managed, integrated payment approach allows for improvements to the PIN pad App 224 and kernel software to be utilized by the merchant 202, for processing smart payment cards including an integrated circuit. In this example, the merchant 202 can use an EMV Kernel to improve card read times and provide a good customer experience, while maintaining the integrated payments model. An improved EMV Kernel is described in U.S. patent application Ser. No. 15/699,090 (U.S. Patent Publication No. 2018/0068303), which was filed on Sept. 8, 2017, is assigned to the assignee of the present application, and is incorporated by reference herein. In one example of a managed integrated payment environment 200 in accordance with an embodiment of the invention, where the PIN pad 206 includes an EMV Kernel for faster processing of smart cards, the PIN pad 206 can send a message to the POS 204 to request a cryptogram and issue scripts from the merchant gateway 208, if a full online transaction is determined to be required by the PIN pad 206, as described in in U.S. patent application Ser. No. 15/699,090. In response to the message, the POS 204 sends the purchase or transaction total to the merchant gateway 208, which requests the cryptogram and issue scripts, from the issuing bank 114. The cryptogram and issuing scripts, if any, are returned to the merchant gateway 114, which sends them to the POS 204. The POS 204 sends them to the PIN pad 206, which continues the process described in in U.S. patent application Ser. No. 15/699,090. The POS 204 may also perform other aspects of the fast smart card processing described in U.S. patent application Ser. No. 15/699,090.
In the traditional integrated environment 120 of
In accordance with an embodiment of the invention, the BIN file 226 is stored in the memory 222 of the PIN pad 204, as shown in
In one example, when the PIN pad 206 receives tender in Step 266 of the process of
Provisioning the BIN file 226 remotely to the PIN pad 206 could increase flexibility around card identification, facilitate encouragement of particular cards and discourage use of others, and allow a merchant 102 to customize payments, for example.
In accordance with an embodiment of the invention, the service gateway 210 provides device and configuration management tools to fully manage and configure PIN pads 206 at a merchant location. Examples of such device and configuration management tools include the user experience, such as fonts, logos, color, etc., displayed to a customer by the PIN pad, feature configuration (cashback amount, transaction signature threshold, supported tender types, etc.), and remote software updates, for example.
Software updates may be provided by the service gateway 210 via the network 110 and the merchant's network or the merchant's connection, such as the merchant's internet connection, to the network 110. In such a configuration it is important to ensure that configuration settings of the payment App 224 of the PIN pad 206 align with configurations on the POS 204. Examples of configuration settings include thresholds, such as signature thresholds, maximum cash back amount, maximum sale amount, maximum refund amount, tax rate, etc.
The service gateway 210 may perform analytics and customer identification as a result of the integration between the PIN pad 206 and the service gateway 210, in accordance with an embodiment of the invention. A unique account for each “user” who presents a payment card by using the card as a customer identifier along with associated information such as transaction history, email address, etc., may be created when a customer presents their card to the PIN pad 206 in Step 266 of
Customer analytics may also be provided from the service gateway 210 to the merchant 202, described in U.S. Patent Publication No. 2014/0222668 A1, for example, which was filed on Apr. 11, 2014, and is incorporated by reference herein.
To adhere to PA-DSS requirements (and security best practices), it is critical that card data leaving the PIN pad 206 be encrypted. The processing device 230 of the PIN pad 206 may pursue one or more of the following encryption options, under the control of the payment App 224 or other software, in accordance with an embodiment of the invention.
In one example, the payment App 224 of the PIN pad 206 may implement an existing encryption product already natively supported by the PIN pad 206, such as Verishield on a Verifone PIN pad, available from Verifone, Inc., San Jose, California, for example. Externally generated keys may be used to encrypt the card data using format preserving encryption. The encryption keys maybe either be injected on the PIN pad 206 or remotely deployed to the service gateway 210 via an agreed-upon method. The PIN pad 206 then encrypts the card data based on the encryption key, in Step 275 of
The service gateway 210 may also generate symmetric keys, rotate them into the PIN pad 206, and share them with the merchant gateway 208. This would provide an equivalent level of security to interfacing with a third-party security product such as Verishield, available from Verifone, Inc., San Jose California, for example. Keys in this example are controlled by the service gateway 210 and are provided to the PIN pad 206 for use by the payment App 224 or another such App.
The service gateway 210 may also generate asymmetric keys and either import a public key from the merchant gateway 208 via the network 110 or export the private key to the merchant gateway 208. In this example, the merchant gateway 208 is configured to modify the POS 206 to use such keys for encryption and decryption operations. Alternatively, a side channel from the service gateway 210 to the POS 204 may be used to provide the keys. The PIN pad 206 then encrypts card data based on the public or private key, in Step 275 of
In addition, private keys may be generated and encrypted by a cloud based key management system (KMS) or hardened security module (HSM), such as the Amazon KMS or HSM, as described in U.S. patent application Ser. No. 15/788,729, which was filed on Oct. 19, 2017, is assigned to the assignee of the present application and is incorporated by reference herein. The encrypted private keys may be exported to the merchant gateway 208, for example. Multi-region key backup may also be provided, as described in U.S. patent application Ser. No. 15/788,729. As above, the PIN pad 206 encrypts card data based on a public key, in Step 275 of
Embodiments of the he managed integrated payment environment 200 depend on the POS 204 being able to exchange messages with the PIN pad 206 using a predefined protocol. In accordance with an embodiment of the invention, the PIN pad 206 includes a PIN pad Interface 302 stored in the memory 222 of the PIN pad 206, as shown in
A Synchronization Mailbox 304 of the Interface 302 serves as an exchange interface between the Interface 302 and the payment App 224. The Interface 302 allows custom commands from the POS 204 to be satisfied through the use of the Synchronization Mailbox 304 by the Interface 302. A separately-defined user interface layer 306, which is controlled by the payment App 224, is also shown. The user-interface layer 306 is provided to receive data input by a customer through an input device, such as a magnetic stripe reader, EMV chip reader, and/or a keypad, and convey it to the payment App 224.
The Interface 302 also includes a protocol parser (not shown), which provides the Interface 302 with a first set of rules and logic to translate a POS request. The protocol parser may contain a set of APIs that enables the Interface 302 to translate an incoming request between the POS 204 and payment App 224, for example. The Interface 302 may be configured with a series of protocol parsers dedicated to respective request types. When the Interface 302 is presented with a request from the POS 204, it identifies the correct protocol parser needed to respond to the request appropriately, based on the type of request.
The Interface 302 also includes an Intent Map (not shown), which allows the Interface 302 to map the information or action desired by the POS 204, also referred to as POS intent, based on the native POS intent, to the expected response to the request. For example, a form request for a phone number desires a phone number in response, and prompting a customer cash back desires obtaining a cash back amount.
The Intent Map maps specific POS requests to the information desired by the POS 206 in response to that request. In this example, the Intent Map interprets each POS request and translates the request into a form/request type understood by the payment App 224. As a result, there is a unique Intent Map per PIN pad 206 that the Interface 302 runs on, which will be specific to the supported features on the respective PIN pad. If the payment App 224 has collected the desired information or data element, it is be stored in the Synchronization Mailbox 304.
In a traditional PIN pad 106, the payment App is responsible for interacting with the POS 204, as is known in the art. Below is an example of a transaction flow:
The Interface 302 uses the intent map to map the extracted form type to the response needed to satisfy the POS 204. This mapping may be based on known protocols of merchants and/or payment/terminal interactions, for example. The extracted form type and response needed are sent to the PIN pad payment App 224, in Step 358.
Meanwhile, the customer is interacting with the PIN pad 206 through the user interface layer controlled by the payment App 224. As the payment App 224 proceeds through its user interface flow, it may capture a phone number, e.g., after the customer is prompted for an email, in Step 362. The payment App 224 manages its own user experience design (UX) and interaction with the customer out-of-band with the POS 204. For example, the payment App 224 may prompt the customer to enter an email address prior to a phone number, even though the POS 204 is only configured to prompt for a phone number.
The payment App 224 places the received data element in the Synchronization Mailbox, in Step 364. The Interface 302 polls the Synchronization Mailbox to see if a data element, such as the phone number, or other requested information, is present, in Step 368. It is noted that the Interface may repeatedly poll the Synchronization box throughout the process 350, until one data element is found.
When the Interface 302 finds the desired data element (a phone number, for example), in Step 370, the data element is returned to the POS 204 in Step 372 to satisfy the initial request made in Step 352. The data element is received by the Interface 302 in Step 374.
If the Interface 302 does not find the desired data element in Step 372, the Interface provides a default response that will satisfy the POS 204, in Step 376, which is received in Step 378.
This process repeats for any other requests made by the POS 204.
At some point in the transaction, the POS 204 requests that the PIN pad 206 request card information (tender) to obtain payment for the transaction for the customer. The tender is returned to the POS 204 after the customer presents a card to the PIN pad 206 and after the appropriate card data is placed in the Synchronization Mailbox by the App. The Interface 302 repeats Steps 354-372 until the credit card information is provided to the POS 204 by the PIN pad 206 in Step 276 of
It will be appreciated by those skilled in the art that changes may be made to the embodiments described herein, without departing from the spirit and scope of the inventions, which are defined by the following claims.
The present application claims the benefit of U.S. Provisional Patent Application No. 62/514,519, which was filed on Jun. 2, 2017, is assigned to the assignee of the present application, and is incorporated by reference herein. The present application also claims the benefit of U.S. patent application Ser. No. 15/699,090, which was filed on Sep. 8, 2017 and claims the benefit of U.S. Provisional Patent Application No. 62/385,165, which was filed on Sep. 8, 2016, both of which are assigned to the assignee of the present application and are incorporated by reference herein.
Number | Name | Date | Kind |
---|---|---|---|
4403220 | Donovan | Sep 1983 | A |
5396558 | Ishiguro et al. | Mar 1995 | A |
5529138 | Shaw et al. | Jun 1996 | A |
5629524 | Stettner et al. | May 1997 | A |
5649118 | Carlisle et al. | Jul 1997 | A |
5696577 | Stettner et al. | Dec 1997 | A |
6133989 | Stettner et al. | Oct 2000 | A |
6362482 | Stettner et al. | Mar 2002 | B1 |
6414746 | Stettner et al. | Jul 2002 | B1 |
6993503 | Heissenbuttel et al. | Jan 2006 | B1 |
7061372 | Gunderson et al. | Jun 2006 | B2 |
8418689 | Davenport | Apr 2013 | B1 |
8478689 | Veselka | Jul 2013 | B1 |
8762268 | Wall et al. | Jun 2014 | B2 |
8910868 | Wade et al. | Dec 2014 | B1 |
9679290 | Hazel et al. | Jun 2017 | B2 |
9753462 | Gilliland et al. | Sep 2017 | B2 |
10366378 | Han et al. | Jul 2019 | B1 |
10372138 | Gilliland et al. | Aug 2019 | B2 |
20010024171 | Nishimura | Sep 2001 | A1 |
20020003473 | Makita et al. | Jan 2002 | A1 |
20020036907 | Kobayashi et al. | Mar 2002 | A1 |
20020086907 | Standke et al. | Jul 2002 | A1 |
20020111919 | Weller et al. | Aug 2002 | A1 |
20020117340 | Stettner | Aug 2002 | A1 |
20020140923 | Schellmann | Oct 2002 | A1 |
20040004707 | Deflumere | Jan 2004 | A1 |
20040181453 | Ray | Sep 2004 | A1 |
20050033688 | Peart et al. | Feb 2005 | A1 |
20050068517 | Evans et al. | Mar 2005 | A1 |
20050159974 | Moss et al. | Jul 2005 | A1 |
20050188360 | de Jong | Aug 2005 | A1 |
20050222958 | Hasegawa et al. | Oct 2005 | A1 |
20060049255 | Von et al. | Mar 2006 | A1 |
20060179232 | Bell et al. | Aug 2006 | A1 |
20060179323 | Nei | Aug 2006 | A1 |
20080091944 | Von et al. | Apr 2008 | A1 |
20080109372 | Bykov et al. | May 2008 | A1 |
20080133136 | Breed et al. | Jun 2008 | A1 |
20080165006 | Phillips | Jul 2008 | A1 |
20090006262 | Brown et al. | Jan 2009 | A1 |
20090228159 | Flowers et al. | Sep 2009 | A1 |
20100051685 | Royyuru et al. | Mar 2010 | A1 |
20100108758 | Smets et al. | May 2010 | A1 |
20100131413 | Kranzley et al. | May 2010 | A1 |
20100191418 | Mimeault et al. | Jul 2010 | A1 |
20100208244 | Earhart et al. | Aug 2010 | A1 |
20100332727 | Kapil | Dec 2010 | A1 |
20110188113 | Dede et al. | Aug 2011 | A1 |
20110264499 | Abendroth et al. | Oct 2011 | A1 |
20120011070 | Ward et al. | Jan 2012 | A1 |
20120072347 | Conway | Mar 2012 | A1 |
20120249999 | Stettner et al. | Oct 2012 | A1 |
20120290420 | Close | Nov 2012 | A1 |
20130185167 | Mestréet al. | Jul 2013 | A1 |
20130304642 | Campos | Nov 2013 | A1 |
20140012701 | Wall et al. | Jan 2014 | A1 |
20140156535 | Jabbour | Jun 2014 | A1 |
20140188646 | Itwaru | Jul 2014 | A1 |
20140207575 | Freed-Finnegan et al. | Jul 2014 | A1 |
20140222668 | Wall et al. | Aug 2014 | A1 |
20140297434 | Singhal | Oct 2014 | A1 |
20150058145 | Luciani | Feb 2015 | A1 |
20150073926 | Royyuru et al. | Mar 2015 | A1 |
20150154634 | Chiu et al. | Jun 2015 | A1 |
20150178708 | Reutov | Jun 2015 | A1 |
20150186864 | Jones et al. | Jul 2015 | A1 |
20150324792 | Guise et al. | Nov 2015 | A1 |
20160117659 | Bedier | Apr 2016 | A1 |
20170076288 | Awasthi | Mar 2017 | A1 |
20170091797 | Nodera | Mar 2017 | A1 |
20170186007 | Lam | Jun 2017 | A1 |
20170278085 | Anderson et al. | Sep 2017 | A1 |
20170286663 | Hurry et al. | Oct 2017 | A1 |
20180005226 | Terra et al. | Jan 2018 | A1 |
20180068138 | Palermo | Mar 2018 | A1 |
20180068303 | Wall et al. | Mar 2018 | A1 |
20180109508 | Wall et al. | Apr 2018 | A1 |
20180167204 | Wall et al. | Jun 2018 | A1 |
20180357634 | Shin | Dec 2018 | A1 |
20190066105 | Banks Larsen et al. | Feb 2019 | A1 |
20190156337 | Alandt et al. | May 2019 | A1 |
20190156338 | Salama et al. | May 2019 | A1 |
Number | Date | Country |
---|---|---|
10037217 | Feb 2002 | DE |
2010-529932 | Sep 2010 | JP |
10-2004-0000143 | Jan 2004 | KR |
10-2004-0001438 | Jan 2004 | KR |
10-2008-0094663 | Oct 2008 | KR |
10-2012-0035315 | Apr 2012 | KR |
2008154736 | Dec 2008 | WO |
Entry |
---|
Answer to reset, Wikipedia, retrieved from https://en.wikipedia.org/wiki/Answer_to_reset, Apr. 30, 2023, 7 pages. |
Australian Office Action and Search Report on the Patentability of Application No. 2020257022 dated Oct. 13, 2021, 6 pages. |
Canadian Office Action for Application No. 3035666 dated Apr. 28, 2020, 4 pages. |
Decision to grant received for European Application No. 11838671.3, mailed on Feb. 11, 2021, 2 pages. |
EMV Integrated Circuit Card Specifications for Payment Systems, Book 2 Security and Key Management, Version 4.3, Nov. 2011, https://www.emvco.com/wp-content/uploads/2017/05/EMV_v4.3_Book_2_Security_and_Key_Management_20120607061923900.pdf. |
EMV; Integrated Circuit Card—Specifications for Payment Systems; Book 1; Application Independent ICC to Terminal Interface Requirements; Version 4.3; November 201, 189 pages. |
EMVCo, “A Guide to EMV Chip Technology”, Version 2.0, Nov. 2014, 36 pages. |
European Search Report and Search Opinion received for European Application No. 11838671.3, mailed on Mar. 11, 2015, 7 pages. |
Fabian Meier, “Whitepaper ax eft Kernel EMV Level 2 Kernel—a Software Module for EFTPOS Terminals,” Abrantix AG, 2009, Mar. 20, 2009 Version v1.0. |
Intention to grant received for European Application No. 11838671.3, mailed on Oct. 1, 2020, 6 pages. |
Intention to grant received for European Patent Application No. 17849587.5, mailed on Jan. 25, 2023, 6 pages. |
Intention to grant received for European Patent Application No. 17849587.5, mailed on Jun. 5, 2023, 6 pages. |
International Preliminary Report on Patentability received for PCT Patent Application No. PCT/US17/50633, mailed on Mar. 21, 2019, 13 pages. |
International Preliminary Report on Patentability received for PCT Patent Application No. PCT/US2011/058773, mailed on May 16, 2013, 6 pages. |
International Preliminary Report on Patentability received for PCT Patent Application No. PCT/US21/26133, mailed on Dec. 29, 2022, 7 pages. |
International Search Report and Written Opinion received for PCT Patent Application No. PCT/US17/50633, mailed on Nov. 29, 2017, 14 pages. |
International Search Report and Written Opinion received for PCT Patent Application No. PCT/US2011/058773, mailed on Jun. 29, 2012, 8 pages. |
International Search Report and Written Opinion received for PCT Patent Application No. PCT/US21/26133, mailed on Jul. 30, 2021, 8 pages. |
Mastercard, “Secure Payment Technologies Demystified”, Sep. 2015 (Year: 2015). |
Office Action received for European Application No. 11838671.3, mailed on Apr. 17, 2018, 4 pages. |
Office Action received for European Application No. 11838671.3, mailed on Feb. 27, 2020, 4 pages. |
Office Action received for European Application No. 11838671.3, mailed on Mar. 9, 2017, 4 pages. |
Office Action received for Korean Patent Application No. 10-2013-7014299, mailed on Aug. 30, 2017, 2 pages of English Translation only. |
Office Action received for Korean Patent Application No. 10-2013-7014299, mailed on Jul. 22, 2017, 16 pages (9 pages of English Translation and 7 pages of Original Document). |
Rankl et al: “Smart card handbook, fourth edition” Jul. 19, 2010, pp. ch1-ch2 XP055411264. |
Rankl, W., et al., “Smart Card Handbook, ” Third Edition, Wiley, Apr. 2, 2004, XP055302027. |
Srini V P., “A vision for supporting autonomous navigation in urban environments,” Computer, IEEE, US, vol. 39, No. 12, Dec. 1, 2006, pp. 68-77. |
Supplementary European Search Report and Search Opinion received for European Application No. 17849587.5, mailed on Feb. 25, 2020, 7 pages. |
AU Examination Report in appl. No. 2022203463 mailed May 26, 2023. |
Decision to grant a European patent received for European Application No. 17849587.5, mailed on Oct. 12, 2023, 2 pages. |
Office Action received for Australian Patent Application No. 2022203463, mailed on Jan. 8, 2024, 4 pages. |
European Search Report and Search Opinion received for EP Patent Application No. 23207568.9, mailed on Jan. 16, 2024, 12 pages. |
Office Action received for Canadian Patent Application No. 3173110, mailed on Nov. 22, 2023, 5 pages. |
Examination Report received for Australian Patent Application No. 2022203463, mailed on May 8, 2024, 4 pages. |
Request for the Submission of an Opinion received for Korean Patent Application No. 10-2013-7014299, mailed on Feb. 22, 2017, 16 pages (9 pages of English Translation and 7 pages of Original Document). |
Supplementary European Search Report and Search Opinion received for European Application No. 21825084.3, mailed on May 28, 2024, 9 pages. |
Number | Date | Country | |
---|---|---|---|
20220398584 A1 | Dec 2022 | US |
Number | Date | Country | |
---|---|---|---|
62514519 | Jun 2017 | US | |
62385165 | Sep 2016 | US |
Number | Date | Country | |
---|---|---|---|
Parent | 15997416 | Jun 2018 | US |
Child | 17891707 | US |
Number | Date | Country | |
---|---|---|---|
Parent | 15699090 | Sep 2017 | US |
Child | 15997416 | US |