The use of virtual wallets running on communication devices has gained increased attention in the last few years as an alternative to carrying around physical payment cards. Many virtual wallet applications allow users to complete transactions using one-time payment credentials, for example tokens, using his/her communication device. Many large banks and payment providers have already implemented support for one-time payment credentials associated with the user's primary account number (PAN).
However, current virtual wallet application solutions interface directly with issuers of the user's payment cards. Since, typically, a user may have more than one payment card they wish to enroll and use with the virtual wallet application, the virtual wallet application needs to have the capability to interface with a large amount of issuers or merchants and understand specific protocols when requesting the one-time payment credentials. This is an inefficient implementation because it creates unnecessary processing expense and complexity for the virtual wallet application and the communication device.
Embodiments of the invention address this and other problems, individually and collectively.
In some embodiments of the invention, systems and methods facilitating mobile payment transactions using temporary payment credential data are provided. Embodiments of the invention are directed to a mobile platform that functions as a “switch” in between a payment device (e.g., communication device) and one or more third party computers that can provide the payment credentials. Currently, when a user wishes to initiate a transaction that uses temporary payment credentials, the payment device communicates directly with a third party computer to obtain the temporary payment credential. This is not efficient, because the payment device requires a line of communication with many different third parties and needs to understand each third party's unique credential algorithm.
One embodiment of the invention is directed to a method. The method includes receiving a credential request message requesting a temporary credential associated with a payment account, and then determining, by a server computer, using a routing table and data associated with the payment card, a third-party computer associated with the payment account. The method also includes transmitting the credential request message to the third-party computer, and receiving, by the server computer, the temporary credential from the third-party computer. The method also includes determining, by the server computer, the communication device associated with the requested temporary credential and transmitting, by the server computer, the temporary credential to the communication device.
One embodiment of the invention is directed to another method. The method includes receiving, from a communication device, a credential request message requesting a temporary credential associated with a predetermined amount, and then transmitting, by a server computer, an authorization hold request message. The method also includes receiving an authorization hold response message, and providing, by the server computer, the temporary credential to the communication device.
Other embodiments of the invention are directed to communication devices, servers, and systems that are configured to perform the above-described methods.
These and other embodiments of the invention are described in further detail below.
Embodiments are directed at systems, methods, and devices for facilitating a payment transaction using a one-time credential. A mobile platform server can act as a “switch” for routing requests for registration and requests for one-time payment credentials to appropriate third-party entities. These third-party entities can include, but is not limited to, issuers and merchants. The mobile platform server can access a routing table to determine the appropriate third-party based on information received from a communication device that is making the request. Accordingly, the communication devices do not need to be able to communicate with a vast amount of different third-parties and understand their various encoding algorithms or third-party specific communication formatting in order to make the request.
Prior to discussing embodiments of the invention, descriptions of some terms may be helpful in understanding embodiments of the invention.
“Authentication” is a process by which the credential of an endpoint (including but not limited to applications, people, devices, processes, and systems) can be verified to ensure that the endpoint is who they are declared to be.
An “original” transaction may include any transaction including an authorization provided by an issuer or an authorization provided on-behalf-of an issuer.
A “substitute” transaction may be any transaction that is associated with an original transaction and that takes place after the original transaction, including repeat, refunds, reversals or exceptions (chargebacks, re-presentments, etc.).
An “end-user” may include any application, device, consumer, or system that is configured to interact with a requestor for tokenization/de-tokenization/token management services. For example, an end-user may include a consumer, a merchant, a mobile device, or any other suitable entity that may be associated with a requestor in the network token system.
A “consumer” may include an individual or a user that may be associated with one or more personal accounts and/or consumer devices. The consumer may also be referred to as a cardholder, accountholder, or user.
A “card-on-file (COF)” holder may include any entity that stores account details (e.g., card details, payment account identifiers, PANs, etc.) for use in transactions. For example, a COF entity may store payment information on file for various types of periodic payments such as monthly utility payments, periodic shopping transactions, or any other periodic or future transaction. Because payment credentials and/or associated tokens are stored at an entity for a future transaction, the transactions initiated by a COF entity include card-not-present (CNP) transactions. Another type of card-not-present (CNP) transaction includes e-commerce or electronic commerce transactions that are initiated between remote parties (e.g., a consumer device and a merchant web server computer).
An “authorization request message” may be an electronic message that is sent to a payment processing network and/or an issuer of a payment account to request authorization for a transaction. An authorization request message is an example of a transaction message. An authorization request message according to some embodiments may comply with ISO 8583, which is a standard for systems that exchange electronic transaction information associated with a payment made by a consumer using a payment device or a payment account. In some embodiments of the invention, an authorization request message may include a payment token (e.g., a substitute or pseudo account number), an expiration date, a token presentment mode, a token requestor identifier, an application cryptogram, and an assurance level data. The payment token may include a payment token issuer identifier that may be a substitute for a real issuer identifier for an issuer. For example, the real issuer identifier may be part of a BIN range associated with the issuer. An authorization request message may also comprise additional data elements corresponding to “identification information” including, by way of example only: a service code, a CW (card verification value), a dCVV (dynamic card verification value), an expiration date, etc. An authorization request message may also comprise “transaction information,” such as any information associated with a current transaction, such as the transaction amount, merchant identifier, merchant location, etc., as well as any other information that may be utilized in determining whether to identify and/or authorize a transaction.
An “authorization response message” may be an electronic message reply to an authorization request message generated by an issuing financial institution or a payment processing network. The authorization response message may include an authorization code, which may be a code that a credit card issuing bank returns in response to an authorization request message in an electronic message (either directly or through the payment processing network) to the merchant's access device (e.g. POS terminal) that indicates approval of the transaction. The code may serve as proof of authorization. As noted above, in some embodiments, a payment processing network may generate or forward the authorization response message to the merchant.
An “authorization hold request message” may be similar to an authorization request message except that instead of including a transaction amount for authorization of the transaction, the authorization hold request message may include a hold amount to place a hold on the user's payment account.
An “authorization hold response message” may be similar to an authorization response message but instead may be an electronic message reply to an authorization hold request message.
A “server computer” may typically be a powerful computer or cluster of computers. For example, the server computer can be a large mainframe, a minicomputer cluster, or a group of servers functioning as a unit. The server computer may be associated with an entity such as a payment processing network, a wallet provider, a merchant, an authentication cloud, an acquirer or an issuer.
An “access device” can include a device that allows for communication with a remote computer, and can include a device that enables a customer makes a payment to a merchant in exchange for goods or services. An access device can include hardware, software, or a combination thereof. Example of access devices include point-of-sale (POS) terminals, mobile phones, laptop or desktop computers, etc.
A “virtual wallet” or “digital wallet” refers to an electronic device that allows an individual to make electronic commerce transactions. This can include purchasing items on-line with a computer or using a communication device (e.g., smartphone) to purchase an item at a physical store. The “virtual wallet” or “digital wallet” can consist of the system (the electronic infrastructure), the application (the software that operates on top), and the device (the individual portion). An individual's bank account can also be linked to the virtual wallet. The individual may also have their driver's license, health card, loyalty card(s), and other ID documents stored within the virtual wallet.
A “virtual wallet provider” or “digital wallet provider” may include any suitable entity that provides a virtual wallet service or digital wallet service. A virtual wallet provider may provide software applications that store account numbers, account numbers including unique identifiers, or representations of the account numbers (e.g., tokens), on behalf of an account holder to facilitate payments at more than one unrelated merchant, perform person-to-person payments, or load financial value into the virtual wallet.
“Contactless” or “wireless” can include any communication method or protocol, including proprietary protocols, in which data is exchanged between two devices without the need for the two devices to be physically coupled. For example, “contactless” or “wireless” can include radio frequency (RF), infrared, laser, or any other communication means, and the use of any protocols, such as proprietary protocols, with such communication means.
A “third-party” can include any party involved in a transaction that is not a first party such as a consumer and a second party such as a merchant. Third parties may include, without limitation, issuers, acquirers, digital wallet providers, coupon providers, shipping providers, etc.
A “temporary credential” may include data that is temporary and can allow access to a particular resource. Examples of temporary credentials include offers that have limited duration, payment tokens of limited duration, verification values of limited duration, etc. Credentials may last or be effective for a predetermined time or duration when they are temporary. For example, a credential may only be used one time, and may be ineffective after that use. In another example, a credential may be used multiple times, but may only be used during a specified time period (e.g., one day).
An “offer” or a “discount” or a “coupon” may include any incentive or reward from a third-party, such as a merchant, issuer, digital wallet provider, payment service provider, shipping provider, or other entity associated with a transaction. The offer or discount or coupon may apply to a particular transaction based on the specifics of the transaction and/or the account being used in the transaction.
A “token” may include a substitute identifier for some information. For example, a payment token may include an identifier for a payment account that is a substitute for an account identifier, such as a primary account number (PAN). For instance, a token may include a series of alphanumeric characters that may be used as a substitute for an original account identifier. For example, a token “4900 0000 0000 0001” may be used in place of a PAN “4147 0900 0000 1234.” In some embodiments, a token may be “format preserving” and may have a numeric format that conforms to the account identifiers used in existing payment processing networks (e.g., ISO 8583 financial transaction message format). In some embodiments, a token may be used in place of a PAN to initiate, authorize, settle or resolve a payment transaction. The token may also be used to represent the original credential in other systems where the original credential would typically be provided. In some embodiments, a token value may be generated such that the recovery of the original PAN or other account identifier from the token value may not be computationally derived. Further, in some embodiments, the token format may be configured to allow the entity receiving the token to identify it as a token and recognize the entity that issued the token. A token may be a type of “temporary credential.”
The system 100 may include a communication device 110, an access device 120, a merchant computer 125, an acquirer computer 130, a payment processing network computer 140, an issuer computer 150, and a server computer 300. In some implementations, different entities in
The communication device 110 may be associated with a payment account of a user. In some implementations, the communication device 110 may be a mobile device such as a mobile phone, a tablet, a PDA, a notebook, a key fob or any suitable mobile device. For example, the communication device 110 may include a virtual wallet or a payment application that may be associated with one or more payment accounts of the user. In some implementations, the communication device 110 may be capable of communicating with the access device 120 using a short range communication technology such as NFC. For example, the communication device 110 may interact with the access device 120 by tapping or waving the consumer device 110 in proximity of the access device 120. In some implementations, the communication device 110 may be a payment card such as a credit card, debit card, prepaid card, loyalty card, gift card, etc.
The access device 120 may be an access point to a transaction processing system that may comprise the acquirer computer 130, the payment processing network computer 140, and the issuer computer 150. In some implementations, the access device 120 may be associated with or operated by the merchant computer 125. For example, the access device 120 may be a point of sale device that may include a contactless reader, an electronic cash register, a display device, etc. In some implementations, the access device 120 may be configured to transmit information pertaining to one or more purchased items at a merchant 125 to an acquirer 130 or payment processing network 140. In some implementations, the access device 120 may be a personal computer that may be used by the user to initiate a transaction with the merchant computer 125 (e.g., an online transaction).
The merchant computer 125 may be associated with a merchant. In some embodiments, the merchant computer 125 may be associated with a card-on-file (COF) merchant. For example, the card-on-file merchant may store consumer account information on file (e.g., at a merchant database) for future payment purposes such as various types of periodic payments (e.g., monthly utilities payments). In some implementations, a consumer may register with one or more merchants for card-on-file services. The merchant computer 125 may be configured to generate an authorization request for a transaction initiated by the user using the access device 120.
The acquirer computer 130 may represent a traditional acquirer/acquirer processor. The acquirer is typically a system for an entity (e.g., a bank) that has a business relationship with a particular merchant, a wallet provider or another entity. The acquirer computer 130 may be communicatively coupled to the merchant computer 125 and the payment processing network 140 and may issue and manage a financial account for the merchant. The acquirer computer 130 may be configured to route the authorization request for a transaction to the issuer computer 150 via the payment processing network computer 140 and route an authorization response received via the payment processing network computer 140 to the merchant computer 125.
The payment processing network computer 140 may be configured to provide authorization services, and clearing and settlement services for payment transactions. The payment processing network computer 140 may include data processing subsystems, wired or wireless networks, including the internet. An example of the payment processing network computer 140 includes VisaNet™, operated by Visa®. Payment processing networks such as VisaNet™ are able to process credit card transactions, debit card transactions, and other types of commercial transactions. VisaNet™, in particular includes a Visa Integrated Payments (VIP) system which processes authorization requests and a Base II system which performs clearing and settlement services. The payment processing network computer 140 may include a server computer. In some implementations, the payment processing network computer 140 may forward an authorization request received from the acquirer computer 130 to the issuer computer 150 via a communication channel. The payment processing network computer 140 may further forward an authorization response message received from the issuer computer 150 to the acquirer computer 130.
The issuer computer 150 may represent an account issuer and/or an issuer processor. Typically, the issuer computer 150 may be associated with a business entity (e.g., a bank) that may have issued an account and/or payment card (e.g., credit account, debit account, etc.) for payment transactions. In some implementations, the business entity (bank) associated with the issuer computer 150 may also function as an acquirer (e.g., the acquirer computer 130).
Processor 210 may be any suitable processor operable to carry out instructions on the communication device 110. The processor 210 is coupled to other units of the communication device 110 including camera 220, display 230, input device 240, speaker 250, memory 260, secure element 280, antenna 282, short range communication interface 284, and computer-readable medium 270.
Camera 220 may be configured to capture one or more images via a lens located on the body of communication device 110. The captured images may be still images or video images. The camera 220 may include a CMOS image sensor to capture the images. Various applications (e.g., mobile application 272) running on processor 210 may have access to camera 220 to capture images. It can be appreciated that camera 220 can continuously capture images without the images actually being stored within communication device 110. Captured images may also be referred to as image frames. In some embodiments, the camera 220 may be operable to capture an image of a QR code displayed on the access device 120.
Display 230 may be any device that displays information to a user. Examples may include an LCD screen, CRT monitor, or seven-segment display.
Input device 240 may be any device that accepts input from a user. Examples may include a keyboard, keypad, mouse, or microphone. In the case of a microphone, the microphone may be any device that converts sound to an electric signal. In some embodiments, the microphone may be used to capture one or more voice segments from a user.
Speaker 250 may be any device that outputs sound to a user. Examples may include a built-in speaker or any other device that produces sound in response to an electrical audio signal. In some embodiments, speaker 250 may be used to request the user for a voice sample for purposes of authentication.
Memory 260 may be any magnetic, electronic, or optical memory. It can be appreciated that memory 260 may include any number of memory modules. An example of memory 260 may be dynamic random access memory (DRAM).
Computer-readable medium 270 may be any magnetic, electronic, optical, or other computer-readable storage medium. Computer-readable storage medium 270 includes mobile application 272. Computer-readable storage medium 270 may comprise any combination of volatile and/or non-volatile memory such as, for example, buffer memory, RAM, DRAM, ROM, flash, or any other suitable memory device, alone or in combination with other data storage devices.
Mobile application 272 can be any application executable by processor 210 on the communication device 110. In some embodiments, the mobile application 272 can be a secure application for facilitating payment transactions using the communication device 110. For example, the mobile application 272 can be a digital wallet application. The mobile application 272 can interface with the secure element 280 to obtain the financial credentials 281 associated with the user. The mobile application 272 may contain, but is not limited to, the following core pieces: (1) a payment library including code for enabling payments including selecting and presenting the secure element 280 to the access device 120; (2) a proxy applet managed by a service provider that manages secure communications between the secure element 280 and a trusted service manager to execute account provisioning and account management commands; and (3) a contactless gateway library that includes code for enabling secure communication between the secure element 280 and a payment processor's contactless gateway.
The antenna 282 can allow the communication device to communicate with the server computer 300.
The short range communication interface 284 may be a contact or contactless interface. It may allow the communication device 110 to communicate with an access device (POS terminal) at a merchant. The short range communication interface 284 may include electrical contacts for contact based communication, or may include a contactless element. Suitable contactless elements may include RF ID devices that allow the communication device 110 to communicate with an access device using RF signals.
The input/output (I/O) interface 310 is configured to allow the server computer 300 to receive and transmit data, from any of the entities shown in
Memory 320 may be any magnetic, electronic, or optical memory. It can be appreciated that memory 320 may include any number of memory modules, that may comprise any suitable volatile or non-volatile memory devices. An example of memory 320 may be dynamic random access memory (DRAM).
Processor 330 may be any suitable processor operable to carry out instructions on the server computer 300. The processor 330 is coupled to other units of the server computer 300 including input/output interface 310, memory 320, and computer-readable medium 340.
Computer-readable medium 340 may be any magnetic, electronic, optical, or other computer-readable storage medium. Computer-readable storage medium 340 includes communication device interface module 342, third-party determination module 344, third-party interface module 346, and QR code module 348. Computer-readable storage medium 340 may comprise any combination of volatile and/or non-volatile memory such as, for example, buffer memory, RAM, DRAM, ROM, flash, or any other suitable memory device, alone or in combination with other data storage devices.
Communication device interface module 342, can comprise code that when executed by the processor, can cause the processor 330 in the server computer 300 to send and receive communications between the communication device 110 (
Third-party determination module 344, can comprise code that when executed by the processor 330, can cause the server computer 300 to determine an appropriate third-party for a registration or one-time payment credential request received by the communication device interface module 342 from the communication device 110 (
Third-party interface module 346, can comprise code that when executed by the processor 330, can cause the server computer 300 to facilitate the request for the one-time payment credential after third-party determination module 344 determines the appropriate third-party. The third-party interface module 346 may understand each third party's unique credential algorithm in order to facilitate the request. After facilitating the request, the third-party interface module 346 may receive the one-time payment credential from the third-party and the communication device interface module 342 may relay the one-time payment credential to the communication device 110 (
QR code module 348, can comprise code that when executed by the processor 330, can cause the server computer 300 to read and interpret a QR code generated by, for example, the access device 120 (
It can be appreciated that the server computer 300 may also herein be referred to as a mobile platform server computer. In some cases, the server computer 300 may be a gateway for the communication device 110 and/or may be operated by a mobile network operator (MNO).
At step s2, upon adding a payment card (or account data associated with a payment card) to the downloaded application on the communication device 110, the communication device 110 may communicate a consumer authentication message to the issuer 150. The consumer authentication message may include online banking credentials (e.g., a username and password) associated with the payment card so that the issuer 150 can authenticate the consumer 410.
At step s3, after receiving the consumer authentication message, the issuer 150 may communicate a consumer authentication response message to the communication device 110. The consumer authentication response message may be sent to the communication device 110 when the issuer 150 determines that the user 410 is an authenticated user of the payment card and the received online banking credentials associated with the payment card are verified. The online banking credentials may be verified against a database on a computer residing within the issuer 150.
At step s4, upon receiving the consumer authentication response from the issuer 150, the communication device 110 registers with the mobile platform server computer 300. The communication device 110 may transmit payment card details to the mobile platform server computer 300 for registration. The mobile platform server computer 300 may then map the payment card details to the issuer 150 in a mapping or routing table, for example, the routing table database 350 (
At step s5, upon the mobile platform server computer 300 registering the user's 410 payment card and its associated details with the issuer 150, the mobile platform server computer 300 may communicate an indication of successful registration to the consumer device 110. The consumer device 110 may display an indication of successful registration with the mobile platform server computer 300 to the user 410. For example, the communication device 110 may display, on its display device, the following pop-up notification: “Your payment card ending in 1532 has been successfully registered with the mobile platform.”
In other embodiments, instead of the mobile communication device 110 providing the payment card details to the server computer 100, the issuer 150 may provide the payment card credentials and any information about the mobile communication device 110 to the server computer 300 directly, without passing through the mobile communication device 110.
At step s1, the user 410 may open and login to an application (e.g., digital wallet application) on his/her communication device 110. The application may store payment card details for a plurality of payment cards. The payment cards may include, but are not limited to, credit cards, debit cards, store cards, prepaid cards, etc. The payment cards may be virtual instead of real cards. The user may select a prepaid card stored within the digital wallet application, for example, at a merchant. The user may then initiate a payment transaction at that merchant.
At step s2, the communication device 110 communicates with the mobile platform server computer 300 and requests a unique one-time payment credential to use for the payment transaction. It can be appreciated that the user may have previously enrolled with the mobile platform server computer as described above with respect to
At step s3, after receiving the request for a unique one-time payment credential from the communication device 110, the mobile platform server computer routes the request to an appropriate issuer based on the mapping or routing table described above. The mapping or routing table within the routing table database 350 (
In an example, if the user 410 indicates that he/she wishes to use a particular credit card with an account number ending in 5262, the mobile platform server computer 300 may route the request for the one-time payment credential to the first issuer processor 510 associated with the first issuer 150. It can be appreciated that the first issuer 150 may be the issuer for the credit card ending in 5262. Further, it can also be appreciated that the data sent for the one-time payment credential request routed by the mobile platform server computer 300 to the first issuer processor 510 may be formatted such that it conforms to the requirements and encoding scheme of the first issuer processor 510. For example, the request may be formatted to adhere to a particular or unique message format used by the issuer processor 510. As such, the digital wallet application running on the communication device 110 may not be required to have information about the unique data requirements for each of the plurality of issuers. Rather, the application running on the communication device 110 may simply need to communicate with only the mobile platform server computer 300 in order to request a one-time payment credential from the issuer.
In another example, if the user 410 indicates that he/she wishes to use a particular debit card ending in 5821, the mobile platform server computer 300 may route the request for the one-time payment credential to the second issuer processor 511 associated with the second issuer 151. The second issuer 151 may be the issuer for the debit card with an account number ending in 5821. Further, it can also be appreciated that the data sent for the one-time payment credential request routed by the mobile platform server computer 300 to the issuer processor 511 may be formatted such that it conforms to the requirements of the issuer processor 511.
At step s4, the mobile platform server computer 300 may receive a response, from the issuer processor, to the one-time payment credential request. Using the examples above, in the case of the 5262 credit card, the mobile platform server computer 300 may receive a response from the first issuer processor 510. In the case of the 5821 debit card, the mobile platform server computer 300 may receive a response from the second issuer processor 511. The response may include the one-time payment credential associated with the payment card. An example of the one-time payment credential is a generated payment token. In some embodiments, the one-time payment credential may be a coupon associated with the issuer or a merchant, described in further detail below. It can be appreciated that the one-time payment credential is unique to the payment transaction and any subsequent payment transactions may require a request for a new one-time payment credential.
At step s3.1, the mobile platform server computer 300 may communicate with a third-party coupon provider 520 (or computer operated by it) to determine whether the user 410 is eligible for any discounts. The mobile platform server computer 300 may transmit the payment card details to the coupon provider 520 for this determination. For example, if the user is using a store card with a loyalty program, the mobile platform server computer 300 may communicate with a third-party coupon provider 520 associated with the merchant for which the store card is issued. The mobile platform server computer 300 may store information about a plurality of third parties to this extent. The coupon provider 520 may also be associated with the issuer and may facilitate a loyalty program for the issuer. In a similar fashion, the coupon provider 520 may indicate whether the user 410 is eligible for any promotions through the issuer 150.
At step 4.1, the coupon provider 520 may respond to the inquiry by the mobile platform server computer 300 with the appropriate coupon/promotion information. The mobile platform server computer 300 may embed this coupon/promotion information to the payment credential response described with respect to step s5, below.
At step s5, the mobile platform server computer 300 may transmit the received one-time payment credential (possibly encoded with coupon/promotion data) to the communication device 110. In some embodiments, the mobile platform server computer 300 may process or otherwise alter the one-time payment credential prior to transmitting the one-time payment credential to the communication device 110. In some embodiments, the communication device 110 may generate a QR code using the data associated with the one-time payment credential. The QR code may be used in conjunction with an access device (e.g., a POS terminal) to complete the payment transaction. After the payment transaction is completed, the communication device 110 and the mobile platform server computer 300 may delete any data associated with the received one-time payment credential.
Once the one-time payment credential such as a payment token is obtained by the communication device 110, it may be used in any suitable manner. For example, referring back to
The issuer 150 may then approve of the transaction if there are sufficient funds or credit in the consumer's account, and may then generate an authorization response message. This message may then be transmitted back to the access device 120 via the acquirer 130 and the payment processing network 140. In some cases, the issuer 150 may substitute the payment token for the real account number in the authorization response message.
At the end of the day or at some other predetermined time interval, a clearing and settlement process can occur between the acquirer 130 and the issuer 150 via the payment processing network 140.
In other embodiments, the payment processing network 140 may be the provider of the temporary credential or payment token instead of the issuer 150. In such cases, the payment processing network 140 remove the temporary credential or payment token from the authorization request message and may substitute the real account number for the temporary credential or payment token before forwarding an authorization request message to the issuer 150 or forwarding an authorization response message to the merchant 125.
At step s1, the user 410 may open and login to an application (e.g., digital wallet application) on his/her communication device 110. The digital wallet application may store payment card details for a plurality of payment cards. The payment cards may include, but are not limited to, credit cards, debit cards, store cards, prepaid cards, etc. The user 410 may select an option within the application to pay using a QR code. The communication device 110 may then request a one-time payment credential from the mobile platform server computer 300.
At step s2, in response to the request for the one-time payment credential, the mobile platform server computer 300 may respond to the communication device 110 with the one-time payment credential. In this example, the one-time payment credential may be credential data that can be used to generate a QR code. The mobile platform server computer 300 may determine this data from stored information about the issuer of the payment card and the payment card details themselves. Thus, the communication device 110 need not communicate directly with the issuer 150 in order to obtain the one-time payment credential used to generate the QR code 610. It can be appreciated that a separate bank identification number (BIN) may be used as part of the one-time payment credential.
At step s3, the application on the communication device 110 may render or generate a QR code 610 from the data received in the one-time payment credential sent by the mobile platform server computer 300. Upon generating the QR code 610, the application may display the generated QR code 610 on the display of the communication device 110.
At step s4, the user 410 may scan the generated QR code 610 at an access device, such as a POS terminal. The user 410 may scan the QR code 610 by holding the display of the communication device 110 at a scanner of the access device at the merchant 125. Upon scanning the QR 610, the access device may transmit data obtained from scanning the QR code 610 to the mobile platform server computer 300. The data scanned from the QR code 610 may include the user's payment card details. The data may also include data associated with the user 410 of the payment card. In some embodiments, the access device at the merchant 125 may keep an “always-on” connection, via communication channel, with the mobile platform server computer 300.
At step s5, the mobile platform server computer 300 may translate the data from the scanned QR code 610 that was received from the access device to registered payment card data. The registered payment card data may include a primary account number (PAN) of the payment card. The registered payment card data may also include other details about the payment card that may be pertinent to the payment transaction. Upon translating the data from the QR code 610 to the payment card details, the mobile platform server computer 300 may transmit the registered payment card details to a payment gateway 640. In some embodiments, the payment gateway 640 may reside within the payment processing network 140, while in other embodiments the payment gateway 640 may reside external to the payment processing network 140.
At step s6, the payment gateway 640 may transmit a standard authorization request message that includes the payment card details to an acquirer 130. The acquirer 130 may be associated with the merchant 125. At step s7, the authorization request message is forwarded by the acquirer 130 to the payment processing network 140. At step s8, the payment processing network 140 may forward the authorization request message to the issuer 150. In some embodiments, the payment processing network 140 may perform a risk analysis on the payment transaction based on data received in the authorization request message prior to forwarding the authorization request message to the issuer 150.
At step s9, the issuer 410 may perform risk analysis on the payment transaction based on data received in the authorization request message. The issuer 150 may then generate an authorization response message indicating either that the payment transaction is approved or denied. The authorization response message is transmitted from the issuer 150 to the payment processing network 140. At step s10, the payment processing network forwards the authorization response message to the acquirer 130. At step s11, the acquirer may forward the authorization response message to the payment gateway 640. At step s12, the payment gateway 640 may provide notification to the mobile platform server computer 300 that the payment transaction has either been approved or denied. At step s13, the mobile platform server computer 300 may notify the access device at the merchant 125 whether the payment transaction has either been approved or denied. If the payment transaction has been authorized, the access device may indicate that the payment transaction is approved and the merchant 125 may allow the user 410 to complete checkout. Otherwise, the access device may indicate that the payment transaction is denied and the merchant 125 may prevent the user 410 from completing checkout. In some embodiments, the access device may provide a receipt for checkout to the user 410 and may obtain a signature from the user 410.
At the end of the day, or any other suitable time interval, a clearing and settlement process, as described above, may take place between the acquirer and the issuer.
The embodiments described with respect to
At step s1, the user 410 may open and login to an application (e.g., digital wallet application) on his/her communication device 110. The application may store payment card details for a plurality of payment cards. The payment cards may include, but are not limited to, credit cards, debit cards, store cards, prepaid cards, etc. The user may select an option within the application to pay using a QR code 610. The communication device 110 may then request a one-time payment credential from the mobile platform server computer 300.
At step s2, in response to the request for the one-time payment credential, the mobile platform server computer 300 may transmit an authorization hold request to the issuer 150. The authorization hold request may be a request to the issuer 150 of the payment card to place a hold for a predetermined amount on the user's 410 payment card account. The predefined amount may be a nominal amount, a predetermined value (e.g. $50), or the amount for the payment transaction initiated by the user 410. In some embodiments, the issuer 150 or payment processing network 140 may determine the appropriate hold amount. The mobile platform server computer 300 may determine the appropriate issuer 150 for the payment transaction from the payment card details received in the one-time payment credential request. Thus, the communication device 110 need not communicate directly with the issuer 150.
The benefit of sending the hold request to the issuer 150 by the server computer 300 is that an amount may be reserved for the issued temporary payment credential on the payment account associated with the real account number. For example, if an account has $500 in credit available, and if the temporary credential that is requested is for $100, then the a hold may be placed on the account so that the user is unable to spend more than $400 using the real account number. This ensures that the issued payment credential is valid.
At step s3, in response to receiving the authorization hold request, the issuer 150 may transmit an authorization hold response to the mobile platform server computer 300. The authorization hold response may indicate that a hold on funds for the appropriate amount has been placed on the user's 410 payment card account.
At step s4, the mobile platform server computer 300 may respond to the communication device 110 with the one-time payment credential. In this example, the one-time payment credential may be credential data that can be used to generate a QR code. The mobile platform server computer 300 may determine this data from stored information about the issuer of the payment card and the payment card details themselves. Thus, the communication device 110 need not communicate directly with the issuer 150 in order to obtain the one-time payment credential used to generate the QR code 610. It can be appreciated that the mobile platform server computer 300 may be assigned a unique BIN. In some embodiments, the mobile platform server computer may serve as an “issuer processor” for issuing the one-time payment credentials. In some embodiments, the mobile platform server computer 300 may be integrated with the issuer processor 150.
At step s5, the application on the communication device 110 may render or generate a QR code 610 from the data received in the one-time payment credential sent by the mobile platform server computer 300. Upon generating the QR code 610, the application may display the generated QR code 610 on the display of the communication device 110.
At step s6, the user 410 may scan the generated QR code 610 at an access device at the merchant 125, such as a POS terminal. The user 610 may scan the QR code 610 by holding the display of the communication device 110 at a scanner of the access device. Upon scanning the QR code 610, the access device may transmit data obtained from scanning the QR code 610 to the acquirer 130 in the form of a standard authorization request message using the one-time payment credential. In this embodiment, since the authorization request message includes the one-time payment credential, the authorization request message may not include the PAN. The data in the authorization request message may also include data associated with the user 410 of the payment card and merchant data. The acquirer 130 may be associated with the merchant 125.
At step s7, the authorization request message is forwarded by the acquirer 130 to the payment processing network 150. At step s8, the payment processing network 150 forward the authorization request message to the mobile platform server computer 300. In some embodiments, the payment processing network 150 may perform a risk analysis on the payment transaction based on data received in the authorization request message prior to forwarding the authorization request message to the mobile platform server computer 300.
At step s9, the mobile platform server computer 300 may perform risk analysis on the payment transaction based on data received in the authorization request message. The mobile platform server computer 300 may then generate an authorization response message indicating either that the payment transaction is approved or denied. The authorization response message is transmitted from the mobile platform server computer 300 to the payment processing network 150. In this sense, the mobile platform server computer 300 may act on behalf of the issuer 150. As noted above, the mobile platform server computer 300 previously sent a hold request so that it can determine if the requested transaction amount is greater than the previously requested hold amount. If it is more than the requested hold amount, then the transaction may be denied. If it is less than the requested hold amount, then the transaction may be approved.
At step s10, the payment processing network forwards the authorization response message to the acquirer 130. At step s11, the acquirer 130 may forward the authorization response message to the access device at the merchant 125. The authorization response message may indicate to the access device at the merchant 125 whether the payment transaction has either been approved or denied. If the payment transaction has been authorized, the access device may indicate that the payment transaction is approved and the merchant 125 may allow the user 410 to complete checkout. Otherwise, the access device may indicate that the payment transaction is denied and the merchant 125 may prevent the user 410 from completing checkout. In some embodiments, the access device may provide a receipt for checkout to the user 410 and may obtain a signature from the user 410.
After the authorization request message is sent by the server computer 300 to the merchant 125, the issuer 150 may be notified of the approved transaction amount. Further, in some cases, the previously requested account hold may be automatically released if the payment credential is a one-time credential.
At the end of the day, or any other suitable time interval, a clearing and settlement process, as described above, may take place between the acquirer 130 and the issuer 150, using a payment processing network.
At step s1, the user 410 may open and login to an application (e.g., digital wallet application) on his/her communication device 110. The application may store payment card details for a plurality of payment cards. The payment cards may include, but are not limited to, credit cards, debit cards, store cards, prepaid cards, etc. The user may select an option within the application to pay using a QR code 610. The communication device 110 may then request a one-time payment credential from the mobile platform server computer 300.
At step s2, in response to the request for the one-time payment credential, the mobile platform server computer 130 may transmit an authorization hold request to the issuer 150. The authorization hold request may be a request to the issuer 150 of the payment card to place a hold for a predetermined amount on the user's 410 payment card account. The predefined amount may be a nominal amount, a predetermined value (e.g. $50), or the amount for the payment transaction initiated by the user 410. In some embodiments, the issuer 150 or PPN 140 may determine the appropriate hold amount. The mobile platform server computer 300 may determine the appropriate issuer 150 for the payment transaction from the payment card details received in the one-time payment credential request. Thus, the communication device 110 need not communicate directly with the issuer 150.
At step s3, in response to receiving the authorization hold request, the issuer 150 may transmit an authorization hold response to the mobile platform server computer 300. The authorization hold response may indicate that a hold on funds for the appropriate amount has been placed on the user's 410 payment card account.
At step s4, the mobile platform server computer 300 may respond to the communication device 110 with the one-time payment credential. In this example, the one-time payment credential may be credential data that can be used to generate a QR code. The mobile platform server computer 300 may determine this data from stored information about the issuer of the payment card and the payment card details themselves. Thus, the communication device 110 need not communicate directly with the issuer 150 in order to obtain the one-time payment credential used to generate the QR code 610. It can be appreciated that the mobile platform server computer 300 may be assigned a unique BIN. In some embodiments, the mobile platform server computer may serve as an “issuer processor” for issuing the one-time payment credentials. In some embodiments, the mobile platform server computer 300 may be integrated with the issuer processor 151.
In some embodiments, the one-time payment credential may be a token that is only authorized for a predetermined the value. The predetermined value could be the hold amount sent in the authorization hold request message. In some embodiments, the predetermined value could also be greater than the hold amount sent in the authorization hold request message.
At step s5, the application on the communication device 110 may render or generate a QR code 610 from the data received in the one-time payment credential sent by the mobile platform server computer 300. Upon generating the QR code 610, the application may display the generated QR code 610 on the display of the communication device 110.
At step s6, the user 410 may scan the generated QR code 610 at an access device, such as a POS terminal. The user 410 may scan the QR code 610 by holding the display of the communication device 110 at a scanner of the access device. Upon scanning the QR code 610, the access device may transmit data obtained from scanning the QR code 610 to the acquirer 130 in the form of a standard authorization request message using the one-time payment credential. In this embodiment, since the authorization request message includes the one-time payment credential, the authorization request message may not include the PAN. The data in the authorization request message may also include data associated with the user 410 of the payment card and merchant data. The acquirer 130 may be associated with the merchant 125.
At step s7, the authorization request message is forwarded by the acquirer 130 to the payment processing network 140. At step s8, the payment processing network 140 may forward the authorization request message to the mobile platform server computer 300. In some embodiments, the payment processing network 140 may perform a risk analysis on the payment transaction based on data received in the authorization request message prior to forwarding the authorization request message to the mobile platform server computer 300.
At step s9, the mobile platform server computer 300 may perform risk analysis on the payment transaction based on data received in the authorization request message. The mobile platform server computer 300 may then generate an authorization response message indicating either that the payment transaction is approved or denied. The authorization response message is transmitted from the mobile platform server computer 300 to the payment processing network 150. In this sense, the mobile platform server computer 300 may act on behalf of the issuer 150.
At step s10, the payment processing network forwards the authorization response message to the acquirer 130. At step s11, the acquirer 130 may forward the authorization response message to access device at the merchant 125. The authorization response message may indicate to the access device at the merchant 125 whether the payment transaction has either been approved or denied. If the payment transaction has been authorized, the access device may indicate that the payment transaction is approved and the merchant 125 may allow the user 410 to complete checkout. Otherwise, the access device may indicate that the payment transaction is denied and the merchant 125 may prevent the user 410 from completing checkout. In some embodiments, the access device may obtain a signature from the user 410.
At step s12, upon completing the payment transaction, the access device at the merchant 125 may electronically deliver a receipt to the mobile platform server computer 300 and to the communication device 110 (step s13). The receipt may include details pertaining to the payment transaction and may also indicate that a QR code 610 was used to imitate the payment transaction. As such, the receipt may not include the PAN of the payment card used for the transaction.
After the authorization request message is sent by the server computer 300 to the merchant 125, the issuer 150 may be notified of the approved transaction amount. Further, in some cases, the previously requested account hold may be automatically released if the payment credential is a one-time credential.
At the end of the day, or any other suitable time interval, a clearing and settlement process, as described above, may take place between the acquirer 130 and the issuer 150, using a payment processing network.
At step s1, the user 410 may open and login to an application (e.g., digital wallet application) on his/her communication device 110. The application may store payment card details for a plurality of payment cards. The payment cards may include, but are not limited to, credit cards, debit cards, store cards, prepaid cards, etc. The user may select an option within the application to pay using a QR code 610. The communication device 110 may then request a one-time payment credential from the mobile platform server computer 300.
At step s2, the mobile platform server computer 300 may forward the one-time payment credential request to the issuer 150. The mobile platform server computer 300 may determine the appropriate issuer 150 for the payment transaction from the payment card details received in the one-time payment credential request. Thus, the communication device 110 need not communicate directly with the issuer 150.
At step s3, in response to receiving the one-time payment credential request, the issuer 150 may transmit a one-time payment credential response to the mobile platform server computer 300. The one-time payment credential response may indicate a one-time payment credential to be used for the payment transaction. For example, the one-time payment credential response may be a payment token. In some embodiments, the one-time payment credential may also include a special offer from the issuer 150. For example, if the issuer employs a rewards program and the user 410 is eligible for a reward, the one-time payment credential may include this reward. For example, the one-time payment credential may indicate to the mobile platform server computer 300 that the user is eligible for a $5 discount on the payment transaction.
At step s4, the mobile platform server computer 300 may respond to the communication device 110 with the one-time payment credential. In this example, the one-time payment credential may be credential data that can be used to generate a QR code 610. The mobile platform server computer 300 may determine this data from stored information about the issuer of the payment card and the payment card details themselves. Thus, the communication device 110 need not communicate directly with the issuer 300 in order to obtain the one-time payment credential used to generate the QR code 610. It can be appreciated that the mobile platform server computer 300 may be assigned a unique BIN in some embodiments. In some embodiments, the mobile platform server computer may serve as an “issuer processor” for issuing the one-time payment credentials. In some embodiments, the mobile platform server computer 300 may be integrated with the issuer processor 151.
At step s5, the application on the communication device 110 may render or generate a QR code 610 from the data received in the one-time payment credential sent by the mobile platform server computer 300. Upon generating the QR code 610, the application may display the generated QR code 610 on the display of the communication device 110.
At step s6, the user 110 may scan the generated QR code 610 at an access device, such as a POS terminal. The user 110 may scan the QR code 610 by holding the display of the communication device 110 at a scanner of the access device. Upon scanning the QR code 610, the access device may transmit data obtained from scanning the QR code 610 to the acquirer 130 in the form of a standard authorization request message using the one-time payment credential. In this embodiment, since the authorization request message includes the one-time payment credential, the authorization request message may not include the PAN. The data in the authorization request message may also include data associated with the user 410 of the payment card and merchant data. The acquirer 130 may be associated with the merchant 125.
At step s7, the authorization request message is forwarded by the acquirer 130 to the payment processing network 140. At step s8, the payment processing network 140 may forward the authorization request message to the issuer 150. In some embodiments, the payment processing network 130 may perform a risk analysis on the payment transaction based on data received in the authorization request message prior to forwarding the authorization request message to the mobile platform server computer 300. At the issuer 150, the issuer 150 may determine the real account number associated with the payment credential, and may process the transaction using the real account number.
At step s9, the issuer computer 300 may generate an authorization response message indicating either that the payment transaction is approved or denied. The authorization response message is transmitted from the issuer 150 to the payment processing network 140.
At step s10, the payment processing network forwards the authorization response message to the acquirer 130. At step s11, the acquirer 130 may forward the authorization response message to the access device at the merchant 125. The authorization response message may indicate to the access device at the merchant 125 whether the payment transaction has either been approved or denied. If the payment transaction has been authorized, the access device may indicate that the payment transaction is approved and the merchant 125, via the access device, may allow the user 410 to complete checkout. Otherwise, the access device may indicate that the payment transaction is denied and the merchant 125 may prevent the user 410 from completing checkout. In some embodiments, the access device may provide a receipt for checkout to the user 410 and may obtain a signature from the user 410.
At the end of the day, or any other suitable time interval, a clearing and settlement process, as described above, may take place between the acquirer 130 and the issuer 150, using a payment processing network.
The routing table 1000 shows various entries for a device identifier 1010, issuer identifier 1020, a primary account number 1040, and a count of a number of issued one-time credentials 1030 associated with a particular device identifier. The device identifier 1010 may be a unique identifier associated with a communication device 110 (
The routing table 1000 may be queried by the server computer 300 upon receiving a request for a one-time payment credential. More specifically, the third-party determination module 344 (
In some embodiments, the routing table 1000 may also contain information about a merchant for when the digital wallet application on the communication device 110 sends a request for a one-time credential for a coupon associated with the merchant, as described above.
In block 1110, a credential request message requesting a temporary credential associated with a payment account is received by a server computer. The credential request may be received from a communication device. The request for the temporary credential could be a request for a payment token that is a substitute for a payment account number of a payment account associated with a user of the communication device. For example, in
In block 1120, the server computer may determine, using a routing table and data associated with the payment account, a third-party computer associated with the payment account. The third-party computer may be an issuer computer or a merchant computer. For example, in
In block 1130, the server computer may transmit the credential request message to the third-party computer. The credential request message may be a request for the credential requested from the communication device in block 1110. The credential request may be formatted in the form of an authorization request message. For example, in
In block 1140, the temporary credential is received, by the server computer, from the third-party computer. For example, in
In block 1150, the communication device associated with the requested temporary credential is determined. For example, in
In block 1160, upon determining the communication device associated with the temporary credential, the temporary credential may be transmitted to the communication device. For example, in
In some embodiments, the communication device is a phone that is capable of communicating with a point-of-sale (POS) terminal using an radio frequency (RF) communication channel.
In block 1111, a server computer may receive a credential request message from a communication device requesting a temporary credential associated with a predetermined amount. For example, in
In block 1121, an authorization request message may be transmitted. For example, in
In block 1131, an authorization hold response message may be received. For example, in
In block 1141, the temporary credential may be provided to the communication device. For example, in
The various participants and elements described herein with reference to
Examples of such subsystems or components are shown in
Any of the software components or functions described in this application, may be implemented as software code to be executed by a processor using any suitable computer language such as, for example, Java, C++ or Perl using, for example, conventional or object-oriented techniques. The software code may be stored as a series of instructions, or commands on a computer readable medium, such as a random access memory (RAM), a read only memory (ROM), a magnetic medium such as a hard-drive or a floppy disk, or an optical medium such as a CD-ROM. Any such computer readable medium may reside on or within a single computational apparatus, and may be present on or within different computational apparatuses within a system or network.
The above description is illustrative and is not restrictive. Many variations of the invention will become apparent to those skilled in the art upon review of the disclosure. The scope of the invention should, therefore, be determined not with reference to the above description, but instead should be determined with reference to the pending claims along with their full scope or equivalents.
One or more features from any embodiment may be combined with one or more features of any other embodiment without departing from the scope of the invention.
A recitation of “a”, “an” or “the” is intended to mean “one or more” unless specifically indicated to the contrary.
All patents, patent applications, publications, and descriptions mentioned above are herein incorporated by reference in their entirety for all purposes. None is admitted to be prior art.
This application is a non-provisional application of and claims the benefit of priority to U.S. Provisional Application No. 61/913,826, filed on Dec. 9, 2013, which is herein incorporated by reference in its entirety for all purposes.
Number | Date | Country | |
---|---|---|---|
61913826 | Dec 2013 | US |