US20100125516A1 - Methods and systems for secure mobile device initiated payments - Google Patents
Methods and systems for secure mobile device initiated payments Download PDFInfo
- Publication number
- US20100125516A1 US20100125516A1 US12/475,718 US47571809A US2010125516A1 US 20100125516 A1 US20100125516 A1 US 20100125516A1 US 47571809 A US47571809 A US 47571809A US 2010125516 A1 US2010125516 A1 US 2010125516A1
- Authority
- US
- United States
- Prior art keywords
- vpan
- transaction
- payment
- dynamic code
- mobile device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/327—Short range or proximity payments by means of M-devices
- G06Q20/3274—Short range or proximity payments by means of M-devices using a pictured code, e.g. barcode or QR-code, being displayed on the M-device
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/20—Point-of-sale [POS] network systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/20—Point-of-sale [POS] network systems
- G06Q20/204—Point-of-sale [POS] network systems comprising interface for record bearing medium or carrier for electronic funds transfer or payment credit
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/326—Payment applications installed on the mobile devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/326—Payment applications installed on the mobile devices
- G06Q20/3263—Payment applications installed on the mobile devices characterised by activation or deactivation of payment capabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
Definitions
- Mobile telephones and other mobile communications devices are carried by millions of consumers. There have been a number of attempts to integrate payment applications with these mobile devices. Some of these attempts require substantial changes to either existing payment authorization systems and existing point of transaction devices (or both), making it difficult to achieve widespread adoption of mobile payments. It would be desirable to provide a mobile payment system which uses existing point of transaction devices and existing payment authorization systems. It would further be desirable to provide mobile payment transactions which are secure and in which the cardholder's presence may be confirmed.
- FIG. 1 is a block diagram depicting a payment system configured pursuant to some embodiments.
- FIG. 2 is a flow diagram depicting a cardholder registration process pursuant to some embodiments.
- FIG. 3 is a flow diagram depicting a transaction process pursuant to some embodiments.
- FIG. 4 is a block diagram depicting a payment provider device configured pursuant to some embodiments.
- FIG. 5 is a tabular view of a portion of a VPAN database in accordance with some embodiments of the present invention.
- Embodiments of the present invention relate to systems, methods, processes, computer program code, and means for using mobile devices to conduct payment transactions over a network.
- the mobile device can be used to conduct payment transactions involving credit, debit, stored value or other payment accounts.
- systems, methods, processes, computer program code and means for conducting a transaction include receiving a request to authorize a purchase transaction, the request including a static virtual payment account number (“VPAN”), an expiry date, and a dynamic code generated by a mobile device, the request further including a transaction amount and a transaction date, identifying, based on the static VPAN, a payment card account number, verifying that the dynamic code matches an expected value of the dynamic code, and transmitting an updated authorization request message to an issuer associated with the payment card account number for authorization analysis.
- an authorization response message is received from the issuer, and an updated authorization response message is forwarded to a merchant, the updated authorization response message including the static VPAN.
- the term “cardholder” is used to refer to an individual who has been issued a payment account that may be used to conduct payment transactions.
- the payment account may be a debit or credit account which is accessible by a debit card or a credit card (or other device).
- issuer is used to refer to a financial institution that has issued a payment account to a cardholders
- an issuer may be a bank that issues a credit card account to a cardholder, and provides the cardholder with a credit card to access the account.
- the term “primary account number” is used to refer to a number of digits (or characters) which identity a payment account issued by an issuer.
- PAN primary account number
- the PAN may be a sixteen-digit string that identifies both the issuer (based on the first 5 digits of the string) and the payment account number at the issuer.
- the PAN is used to route and process transactions that involve the payment card and the payment account.
- a payment network is used to refer to one or more networks that are used to process a payment transaction.
- a payment network may be the BankNet® processing network operated by MasterCard International Incorporated.
- MasterCard International Incorporated Those skilled in the art will appreciate that other networks may also be used to facilitate the authorization, clearing and settlement of payment transactions conducted using the present invention.
- mobile device is used to refer to a handheld or portable device carried or used by a cardholder.
- a “mobile device” is a device that has a payment application stored, loaded or otherwise installed in or on the device such that the cardholder may conduct payment transactions involving a payment account pursuant to embodiments of the present invention.
- Other terms will be introduced throughout the specification to illustrate features of some embodiments.
- mobile devices such as mobile telephones
- a payment application which stores at least one static virtual payment account number (or “VPAN”).
- the VPAN account has its own virtual expiry date.
- An authorized user of the payment application may access the VPAN and use it to make a purchase transaction (e.g., at a physical merchant location or an electronic commerce location).
- the authorized user provides the VPAN, along with its expiry date, and a dynamic code (generated by the payment application) to the merchant and the merchant routes the VPAN, expiry date, dynamic code, and other transaction information to a payment provider (e.g., using existing payment authorization systems).
- the payment provider uses the VPAN to look-up an actual PAN associated with a payment account of the customer, and confirms the validity of the dynamic code.
- a second authorization request message is then created with the actual PAN and the transaction information.
- the second authorization request is routed to the issuer of the customer's payment account for authorization. If the transaction is authorized, the authorization response is returned to the payment provider.
- the payment provider replaces the actual PAN with the VPAN and returns the authorization response to the merchant so that the transaction can be completed.
- FIG. 1 is a block diagram of a system 100 pursuant to some embodiments.
- a payment account holder or customer may have or use a mobile device 102 (such as a mobile telephone or the like).
- the mobile device 102 has a display screen 104 and a data entry device 106 (such as a keypad or touch screen).
- the customer may use the mobile device 102 to conduct a purchase transaction with a merchant 108 .
- the merchant 108 may be a physical storefront or electronic commerce merchant.
- a customer may purchase products or services from the merchant 108 by interacting with a payment application (installed in or on the mobile device 102 ) to cause the generation of a static VPAN on the mobile device 102 .
- the payment application also generates an expiration date associated with the static VPAN.
- the payment application also generates a dynamic account validation code.
- the dynamic account validation code has the same format as existing dynamic card validation codes found on physical payment cards.
- the VPAN, the expiration date, and the dynamic account validation code are provided to a clerk operating a point of sale terminal, who keys in the information as if it were being copied from a normal payment card.
- the customer may cause the payment application in the mobile device to display a VPAN, expiration date and dynamic account validation code on a display device of the mobile device 102 .
- the customer may read the information from the display device and then key in that data into a Web page on a computer to complete the ecommerce transaction.
- the customer may read the information from the display device of the mobile device 102 and orally convey the information to a call center operator or key the information in through a telephone keypad.
- FIG. 1 the communication or provision of this VPAN to the merchant (whether it be at a physical point of sale, in an ecommerce transaction, or in a telephone transaction) is shown as transaction message number “ 1 ”.
- the payment application on the mobile device 102 In addition to generating (or providing) the VPAN, the payment application on the mobile device 102 , in one preferred embodiment, prompts the user for a password to open up, launch, or otherwise access the payment application on the mobile device. This provides evidence that the account holder of the VPAN was present during the transaction. If the user's password is verified, the payment application on the mobile device operates to generate (or otherwise provide) an expiry date and a multi digit dynamic number (hereinafter a “dynamic code”). In some embodiments, the dynamic code is a three or four digit code that may be used in place of a “CVV” or “CVC” code (a code generally used in payment card systems and used to verify that a cardholder was in possession of a payment card during a transaction).
- CVV chemical vapor code
- the dynamic code is generated in the payment application of the mobile device 102 based on a secret key stored in the payment application (e.g., by an issuer of a payment account held by the cardholder) when the payment application and the VPAN are loaded into the mobile device 102 .
- the dynamic code is, in some embodiments, generated based on the secret key and the value of a transaction counter. For example, each payment application may have a transaction counter that increments each time the payment application is used to conduct a transaction using a VPAN.
- the data elements are displayed on a display device 104 of the mobile device 102 and the customer provides the data elements to the merchant 108 .
- the dynamic code is not generated in the payment application of the mobile device 102 but is taken from a pre-populated list of dynamic codes stored in the payment application (e.g., by an issuer of a payment account held by the cardholder) when the payment application and the VPAN are loaded into the mobile device 102 .
- the merchant 108 enters the data elements (including the VPAN, the expiry date and the dynamic code) into a point of transaction terminal (e.g., such as a POS terminal) and causes the creation of an authorization request message in the format required by the payment networks used by the merchant systems.
- the authorization request message is transmitted (at message “ 2 ” in FIG. 1 ) from the merchant 108 to a payment provider 110 .
- the authorization request message may include, for example, the VPAN, the expiry date, and the dynamic code generated by the mobile device 102 as well as the transaction details associated with the current purchase transaction.
- the authorization request message is transmitted through a network 120 (such as a payment association network, e.g., the BankNet® network operated by MasterCard International Incorporated).
- a network 120 such as a payment association network, e.g., the BankNet® network operated by MasterCard International Incorporated.
- the authorization request message is routed to a payment provider 110 such as a server device or system operated to manage and administer transactions involving embodiments of the present invention.
- the authorization request message is routed through the network 120 based on data in the VPAN. For example, each VPAN may have a four or five leading digits which serve to identify the payment provider 110 as the “issuer” of the VPAN.
- an authorization request involving a payment card is typically transmitted to the payment card issuer for authorization.
- authorization requests involving VPANs are routed, instead, to a payment provider 110 .
- the payment provider 110 upon receiving the authorization request, uses the VPAN in the authorization request to look-up a data record (such as the data record illustrated as 150 ) which includes details associated with the VPAN, including, for example, information from an associated physical payment card with the physical payment card's expiry date and physical card's static card verification code and a value (or range of values) identifying an expected counter value.
- the expected counter value may be used to confirm the likely validity of the dynamic value generated by the mobile device 102 .
- An example of a database that could store a data record 150 is shown and discussed below at FIG. 5 .
- the payment provider 110 may not know the exact value of the counter in each mobile device 102 , the payment provider 110 may generate a series of expected dynamic values based on the general range of counter values the payment provider expects from a particular mobile device. For example, if a mobile device 102 has engaged in 10 prior transactions using VPANs, the payment provider 110 may generate a range of expected dynamic values using ten counter values from 10 and 20. The resulting ten expected dynamic values are then compared to the received dynamic value. If the dynamic value received from the mobile device 102 is equal to one of the ten expected dynamic values, the transaction may continue. If the dynamic value received from the mobile device 102 is not equal to one of the ten expected dynamic values, then the transaction may be declined (e.g., by returning a denial response in message “ 5 ”).
- the payment provider 110 continues processing the transaction by creating an updated authorization request in which the VPAN is replaced with the PAN of the payment card registered for that VPAN by the customer plus the expiry date of the real physical card.
- a CVC or other static values associated with the customer's physical payment card is also included in the updated authorization request.
- the updated authorization request is then routed, via the network 120 , to the issuer of the customer's physical payment card.
- the issuer 112 upon receipt of the updated authorization request, performs normal authorization processing to determine if the payment transaction can be authorized.
- An authorization response is then returned to the payment provider (e.g., at message “ 4 ”).
- the payment provider then creates an updated authorization response message by replacing the PAN of the customer's physical payment card with the VPAN previously received.
- the updated authorization response is then returned to the merchant 108 to complete the transaction.
- mobile devices and their processing power
- An important aspect of some embodiments of the present invention is that the keyed in card verification code is dynamic and is checked by payment provider 110 , not by issuer 112 of the physical card.
- payment card issuers are not required to deploy or implement new processes to validate or support the dynamic card codes, nor are they required to implement new systems to track or generate VPANs. Further, embodiments ensure that merchants are not made aware of the actual payment card information, as they are only exposed to the VPAN information.
- a cardholder prior to conducting a transaction using a VPAN, a cardholder must first register a payment card with the payment provider 110 , and install (or activate) a payment application on a mobile device.
- a process 200 is shown.
- Process 200 may be performed by a cardholder to activate a payment application on a mobile device (or to install and activate a payment application onto a mobile device) and to register a payment card with payment provider 110 .
- Process 200 begins at 202 where the cardholder contacts the payment provider 110 (or an agent of the payment provider). The cardholder may contact the payment provider 110 from a mobile device that has (or will have) the payment application installed thereon, or the cardholder may contact the payment provider 110 from a computer over the Internet or the like.
- processing continues at 204 where the cardholder is walked through a menu of options to create a mobile transaction account. For example, the cardholder may be prompted for personal information to verify the cardholder's identity, and may be prompted for information needed to create the mobile transaction account.
- Processing continues at 206 where the cardholder is prompted to identify one or more payment card accounts to be associated with the mobile transaction account.
- the payment card account(s) will be used to complete transactions processing using the system.
- the mobile phone application with the VPAN and other data is transmitted to the cardholder's mobile device using over the air (“OTA”) techniques.
- the VPAN is packaged in a payment application and delivered and installed on the cardholder's mobile device.
- Processing at 208 may also include the generation and delivery of a shared secret key for use by the payment application in generating a dynamic code value as described above.
- the cardholder may use the mobile device to complete transactions pursuant to the present invention.
- Process 300 may be performed by a payment processor such as the payment processor 110 of FIG. 1 .
- process 300 may be performed in response to authorization requests received by the payment processor 110 involving transactions at merchants where a VPAN was provided by a cardholder.
- Processing begins at 302 where an authorization request involving a VPAN is received.
- an initial determination may be made whether the transaction date is prior to the expiry date of the VPAN. If not, processing may continue at 316 where an authorization denial may be created. If the transaction date is prior to the expiry date, processing continues at 306 where a mapping or look-up is performed (using the VPAN) to retrieve data associated with the VPAN (e.g., such as the data shown as item 150 of FIG. 1 ). Processing continues at 308 where a series of expected dynamic verification numbers are computed. At 310 , a determination is made whether the dynamic code received in the authorization request is within the series of computed (or expected) codes.
- processing may be denied and processing may continue at 316 where an authorization response denying the transaction is generated. If the determination at 310 indicates that the dynamic code received in the authorization request is within the series of computed (or expected) codes, processing continues at 312 where an updated authorization request is created using the transaction data (received at 302 ) and the payment card information retrieved at 306 . The updated authorization request is transmitted to the issuer and a response is received and returned to the merchant at 314 .
- FIG. 4 illustrates payment provider device 400 that might be descriptive, for example, of the payment provider device 110 illustrated in FIG. 1 in accordance with an exemplary embodiment of the invention.
- the payment provider device 400 comprises a processor 410 , such as one or more INTEL® Pentium® processors, coupled to a communication device 420 configured to communicate via a communication network (not shown in FIG. 4 ).
- the communication device 420 may be used to communicate, for example, with one or more merchants, acquirers, issuers, and cardholders.
- the processor 410 is also in communication with an input device 440 .
- the input device 440 may comprise, for example, a keyboard, a mouse, or computer media reader. Such an input device 440 may be used, for example, to enter information about cardholders participating in the system or to perform administrative actions associated with the management and administration of the payment provider device 400 .
- the processor 410 is also in communication with an output device 450 .
- the output device 450 may comprise, for example, a display screen or printer. Such an output device 450 may be used, for example, to provide reports and/or display information associate with cardholder registrations and the usage or administration of cardholder data.
- the processor 410 is also in communication with a storage device 430 .
- the storage device 430 may comprise any appropriate information storage device, including combinations of magnetic storage devices (e.g., magnetic tape and hard disk drives), optical storage devices, and/or semiconductor memory devices such as Random Access Memory (RAM) devices and Read Only Memory (ROM) devices.
- RAM Random Access Memory
- ROM Read Only Memory
- the storage device 430 stores a program 415 for controlling the processor 410 .
- the processor 410 performs instructions of the program 415 , and thereby operates in accordance any embodiments of the present invention described herein.
- the processor 410 may receive, via the communication device 420 , a request from a cardholder to register a payment card and to activate a payment application on a mobile device (e.g., such as a registration request in accordance with the process of FIG. 2 ).
- the processor 410 may receive, via the communication device 420 , a transaction authorization request from a merchant or an acquirer (e.g., such as an authorization request process in accordance with the process of FIG. 3 ).
- the processor 410 may also transmit and receive (via the communication device 420 ) an authorization request, and an authorization response to and from an issuer (such as the issuer 112 of FIG. 1 ).
- the processor 410 may also operate with the program to retrieve data from a storage device (e.g., to retrieve data associated with a static VPAN received from a merchant) and to compute a series of expected dynamic verification numbers associated with the static VPAN to determine whether a transaction should be declined or whether an authorization request should be created and transmitted to an issuer. Moreover, the processor 410 may match this information using one or more rules or formulas.
- a storage device e.g., to retrieve data associated with a static VPAN received from a merchant
- the processor 410 may match this information using one or more rules or formulas.
- information may be “received” by or “transmitted” to, for example: (i) the payment provider device 400 from merchant devices, acquirers, mobile devices, issuer devices, payment network devices; or (ii) a software application or module within the payment provider device 400 from another software application, module, or any other source.
- the storage device 430 also stores one or more VPAN databases 500 (described with respect to FIG. 5 ). Examples of a VPAN database that may be used in connection with the payment provider device 400 will now be described in detail with respect to FIG. 5 .
- the illustrations and accompanying descriptions of the databases presented herein are exemplary, and any number of other database arrangements could be employed besides those suggested by the figures.
- FIG. 5 is a tabular view of VPAN database 500 in accordance with some embodiments of the present invention.
- the table includes entries identifying VPANs that have been issued or assigned by the payment provider 110 .
- the table also defines fields 502 , 504 , 506 , 508 , 510 for each of the VPAN entries.
- the fields specify: a VPAN 502 , a PAN 504 , a static card verification code 506 , a counter 508 , and a VPAN expiry date 510 .
- the information in the database 500 may be created and updated based on information received from cardholders, mobile devices operated by cardholders, merchants and issuers.
- the VPAN 502 may be, for example, an alphanumeric code (typically, in current systems, a sixteen digit numeric code) assigned by the payment provider to a cardholder for the cardholder's use in making certain transactions pursuant to embodiments of the present invention.
- VPANs issued or assigned by a payment provider are formatted in accordance with a payment network's formatting rules.
- VPANs are 16 digit numeric codes in which the first 6 digits are used to identify the VPAN as a VPAN to be routed to a payment provider 110 for processing. For example, as illustrated in FIG.
- the first six digits of each of the VPANs have identical formats: “5555-55”.
- Such a convention may be used to ensure that transactions involving a VPAN are routed to the payment provider 110 for processing.
- routing, numbering, and formatting conventions may be used so long as a payment network may reliably identify transactions involving a VPAN as such.
- each VPAN 502 is associated with a PAN 504 . That is, each VPAN 502 is associated with an actual payment account number that has been issued to a cardholders
- Each VPAN 502 is also associated with the static card verification code 506 from the payment account.
- the static card verification code 506 may be the MasterCard CVC number printed on the back face of a MasterCard credit or debit card.
- the PAN 504 and the static card verification code 506 are obtained from a cardholder when the cardholder registers to use a payment card in a system of the present invention (e.g., using a registration process such as the process 200 of FIG. 2 ).
- Other static card verification codes may also be used (e.g., such as the codes used by other payment card brands).
- Each VPAN 502 is also associated with one or more counters 508 .
- the counter may, for example, increment each time a VPAN 502 is used in a transaction.
- the counter 508 is used to confirm the likely validity of a dynamic value generated by a payment application in a mobile device when and transmitted from a mobile device to a merchant and then from the merchant to the payment provider 110 in an authorization request.
- a secret key shared by the payment provider 110 and a mobile device 102 (and stored, for example, in a payment application installed in the mobile device 102 ) may also be stored in the database of FIG. 5 .
- the shared secret key may be used to encrypt a dynamic value transmitted from the mobile device.
- the payment provider 110 may use the shared secret key, in conjunction with the counter 508 , to decrypt the dynamic value from the mobile device 102 to ascertain the authenticity of the transaction request.
- Each VPAN 502 is also associated with a VPAN expiry date 510 .
- the VPAN expiry date 510 may be set when the VPAN 502 is originally issued or assigned to a cardholder, and limits the period in which the VPAN 502 may be used in transactions.
- Payment provider 110 may consult the VPAN expiry date 510 as described above in conjunction with FIG. 3 to determine whether to deny an authorization request (or to allow further authorization processing to proceed).
Abstract
Systems, methods, processes, computer program code and means for conducting a transaction include receiving a request to authorize a purchase transaction, the request including a static virtual payment account number (“VPAN”), an expiry date, and a dynamic code generated by a mobile device, the request further including a transaction amount and a transaction date, identifying, based on the static VPAN, a payment card account number, verifying that the dynamic code matches an expected value of the dynamic code, and transmitting an updated authorization request message to an issuer associated with the payment card account number for authorization analysis.
Description
- This application claims the benefit of and priority to U.S. Provisional Patent Application Ser. No. 61/114,593, filed Nov. 14, 2008, which is incorporated herein by reference for all purposes.
- Mobile telephones and other mobile communications devices (such as personal digital assistants) are carried by millions of consumers. There have been a number of attempts to integrate payment applications with these mobile devices. Some of these attempts require substantial changes to either existing payment authorization systems and existing point of transaction devices (or both), making it difficult to achieve widespread adoption of mobile payments. It would be desirable to provide a mobile payment system which uses existing point of transaction devices and existing payment authorization systems. It would further be desirable to provide mobile payment transactions which are secure and in which the cardholder's presence may be confirmed.
-
FIG. 1 is a block diagram depicting a payment system configured pursuant to some embodiments. -
FIG. 2 is a flow diagram depicting a cardholder registration process pursuant to some embodiments. -
FIG. 3 is a flow diagram depicting a transaction process pursuant to some embodiments. -
FIG. 4 is a block diagram depicting a payment provider device configured pursuant to some embodiments. -
FIG. 5 is a tabular view of a portion of a VPAN database in accordance with some embodiments of the present invention. - Embodiments of the present invention relate to systems, methods, processes, computer program code, and means for using mobile devices to conduct payment transactions over a network. In some embodiments, the mobile device can be used to conduct payment transactions involving credit, debit, stored value or other payment accounts. Pursuant to some embodiments, systems, methods, processes, computer program code and means for conducting a transaction include receiving a request to authorize a purchase transaction, the request including a static virtual payment account number (“VPAN”), an expiry date, and a dynamic code generated by a mobile device, the request further including a transaction amount and a transaction date, identifying, based on the static VPAN, a payment card account number, verifying that the dynamic code matches an expected value of the dynamic code, and transmitting an updated authorization request message to an issuer associated with the payment card account number for authorization analysis. In some embodiments, an authorization response message is received from the issuer, and an updated authorization response message is forwarded to a merchant, the updated authorization response message including the static VPAN.
- For clarity and ease of exposition, a number of terms are used herein. For example, the term “cardholder” is used to refer to an individual who has been issued a payment account that may be used to conduct payment transactions. For example, in some embodiments, the payment account may be a debit or credit account which is accessible by a debit card or a credit card (or other device). As used herein, the term “issuer” is used to refer to a financial institution that has issued a payment account to a cardholders For example, an issuer may be a bank that issues a credit card account to a cardholder, and provides the cardholder with a credit card to access the account.
- As used herein, the term “primary account number” (or “PAN”) is used to refer to a number of digits (or characters) which identity a payment account issued by an issuer. For example, in embodiments where a payment account is a credit card account which is issued by a financial institution pursuant to the MasterCard International Incorporated rules, the PAN may be a sixteen-digit string that identifies both the issuer (based on the first 5 digits of the string) and the payment account number at the issuer. The PAN is used to route and process transactions that involve the payment card and the payment account. Those skilled in the art will appreciate that other primary account number schemes and formats may be used in conjunction with embodiments of the present invention.
- As used herein, the term “payment network” is used to refer to one or more networks that are used to process a payment transaction. For example, a payment network may be the BankNet® processing network operated by MasterCard International Incorporated. Those skilled in the art will appreciate that other networks may also be used to facilitate the authorization, clearing and settlement of payment transactions conducted using the present invention.
- The term “mobile device” is used to refer to a handheld or portable device carried or used by a cardholder. In the context of embodiments of the present invention, a “mobile device” is a device that has a payment application stored, loaded or otherwise installed in or on the device such that the cardholder may conduct payment transactions involving a payment account pursuant to embodiments of the present invention. Other terms will be introduced throughout the specification to illustrate features of some embodiments.
- Pursuant to some embodiments, mobile devices (such as mobile telephones) are provided with (or updated to include) a payment application which stores at least one static virtual payment account number (or “VPAN”). The VPAN account has its own virtual expiry date. An authorized user of the payment application may access the VPAN and use it to make a purchase transaction (e.g., at a physical merchant location or an electronic commerce location). The authorized user provides the VPAN, along with its expiry date, and a dynamic code (generated by the payment application) to the merchant and the merchant routes the VPAN, expiry date, dynamic code, and other transaction information to a payment provider (e.g., using existing payment authorization systems).
- The payment provider uses the VPAN to look-up an actual PAN associated with a payment account of the customer, and confirms the validity of the dynamic code. A second authorization request message is then created with the actual PAN and the transaction information. The second authorization request is routed to the issuer of the customer's payment account for authorization. If the transaction is authorized, the authorization response is returned to the payment provider. The payment provider replaces the actual PAN with the VPAN and returns the authorization response to the merchant so that the transaction can be completed.
- Features of some embodiments of the present invention will be described by reference to
FIG. 1 , which is a block diagram of asystem 100 pursuant to some embodiments. As shown, a payment account holder or customer (hereafter, the “customer”) may have or use a mobile device 102 (such as a mobile telephone or the like). Themobile device 102 has adisplay screen 104 and a data entry device 106 (such as a keypad or touch screen). Pursuant to embodiments of the present invention, the customer may use themobile device 102 to conduct a purchase transaction with amerchant 108. Themerchant 108 may be a physical storefront or electronic commerce merchant. - In a typical example transaction, a customer may purchase products or services from the
merchant 108 by interacting with a payment application (installed in or on the mobile device 102) to cause the generation of a static VPAN on themobile device 102. In some embodiments, the payment application also generates an expiration date associated with the static VPAN. In some embodiments, the payment application also generates a dynamic account validation code. In some embodiments, the dynamic account validation code has the same format as existing dynamic card validation codes found on physical payment cards. The VPAN, the expiration date, and the dynamic account validation code are provided to a clerk operating a point of sale terminal, who keys in the information as if it were being copied from a normal payment card. - In some embodiments, such as embodiments operable in electronic commerce environments, the customer may cause the payment application in the mobile device to display a VPAN, expiration date and dynamic account validation code on a display device of the
mobile device 102. The customer may read the information from the display device and then key in that data into a Web page on a computer to complete the ecommerce transaction. In some embodiments, such as embodiments involving telephone transactions, the customer may read the information from the display device of themobile device 102 and orally convey the information to a call center operator or key the information in through a telephone keypad. InFIG. 1 , the communication or provision of this VPAN to the merchant (whether it be at a physical point of sale, in an ecommerce transaction, or in a telephone transaction) is shown as transaction message number “1”. - In addition to generating (or providing) the VPAN, the payment application on the
mobile device 102, in one preferred embodiment, prompts the user for a password to open up, launch, or otherwise access the payment application on the mobile device. This provides evidence that the account holder of the VPAN was present during the transaction. If the user's password is verified, the payment application on the mobile device operates to generate (or otherwise provide) an expiry date and a multi digit dynamic number (hereinafter a “dynamic code”). In some embodiments, the dynamic code is a three or four digit code that may be used in place of a “CVV” or “CVC” code (a code generally used in payment card systems and used to verify that a cardholder was in possession of a payment card during a transaction). - In some embodiments, the dynamic code is generated in the payment application of the
mobile device 102 based on a secret key stored in the payment application (e.g., by an issuer of a payment account held by the cardholder) when the payment application and the VPAN are loaded into themobile device 102. The dynamic code is, in some embodiments, generated based on the secret key and the value of a transaction counter. For example, each payment application may have a transaction counter that increments each time the payment application is used to conduct a transaction using a VPAN. Once the payment application has retrieved or generated the VPAN, the expiry date, and the dynamic code for the transaction, the data elements are displayed on adisplay device 104 of themobile device 102 and the customer provides the data elements to themerchant 108. - In some embodiments, the dynamic code is not generated in the payment application of the
mobile device 102 but is taken from a pre-populated list of dynamic codes stored in the payment application (e.g., by an issuer of a payment account held by the cardholder) when the payment application and the VPAN are loaded into themobile device 102. - The
merchant 108 enters the data elements (including the VPAN, the expiry date and the dynamic code) into a point of transaction terminal (e.g., such as a POS terminal) and causes the creation of an authorization request message in the format required by the payment networks used by the merchant systems. The authorization request message is transmitted (at message “2” inFIG. 1 ) from themerchant 108 to apayment provider 110. The authorization request message may include, for example, the VPAN, the expiry date, and the dynamic code generated by themobile device 102 as well as the transaction details associated with the current purchase transaction. - The authorization request message is transmitted through a network 120 (such as a payment association network, e.g., the BankNet® network operated by MasterCard International Incorporated). Pursuant to some embodiments, the authorization request message is routed to a
payment provider 110 such as a server device or system operated to manage and administer transactions involving embodiments of the present invention. In some embodiments, the authorization request message is routed through thenetwork 120 based on data in the VPAN. For example, each VPAN may have a four or five leading digits which serve to identify thepayment provider 110 as the “issuer” of the VPAN. Those skilled in the art will appreciate that an authorization request involving a payment card is typically transmitted to the payment card issuer for authorization. In embodiments of the present invention, authorization requests involving VPANs are routed, instead, to apayment provider 110. - The
payment provider 110, upon receiving the authorization request, uses the VPAN in the authorization request to look-up a data record (such as the data record illustrated as 150) which includes details associated with the VPAN, including, for example, information from an associated physical payment card with the physical payment card's expiry date and physical card's static card verification code and a value (or range of values) identifying an expected counter value. The expected counter value may be used to confirm the likely validity of the dynamic value generated by themobile device 102. An example of a database that could store a data record 150 is shown and discussed below atFIG. 5 . - Because the
payment provider 110 may not know the exact value of the counter in eachmobile device 102, thepayment provider 110 may generate a series of expected dynamic values based on the general range of counter values the payment provider expects from a particular mobile device. For example, if amobile device 102 has engaged in 10 prior transactions using VPANs, thepayment provider 110 may generate a range of expected dynamic values using ten counter values from 10 and 20. The resulting ten expected dynamic values are then compared to the received dynamic value. If the dynamic value received from themobile device 102 is equal to one of the ten expected dynamic values, the transaction may continue. If the dynamic value received from themobile device 102 is not equal to one of the ten expected dynamic values, then the transaction may be declined (e.g., by returning a denial response in message “5”). - If the dynamic value received from the
mobile device 102 is equal to one of the expected dynamic values, thepayment provider 110 continues processing the transaction by creating an updated authorization request in which the VPAN is replaced with the PAN of the payment card registered for that VPAN by the customer plus the expiry date of the real physical card. In some embodiments, a CVC or other static values associated with the customer's physical payment card is also included in the updated authorization request. The updated authorization request is then routed, via thenetwork 120, to the issuer of the customer's physical payment card. Theissuer 112, upon receipt of the updated authorization request, performs normal authorization processing to determine if the payment transaction can be authorized. An authorization response is then returned to the payment provider (e.g., at message “4”). - The payment provider then creates an updated authorization response message by replacing the PAN of the customer's physical payment card with the VPAN previously received. The updated authorization response is then returned to the
merchant 108 to complete the transaction. In this manner, mobile devices (and their processing power) may be used to generate and simply display, to the merchant clerk (for face to face transactions) or to the customer (for ecommerce transactions) the three primary pieces of payment data (a PAN, an expiry date, and a card verification code that is the same format as normal) that are used in existing payment card networks and to initiate key entered payment transactions involving payment cards. An important aspect of some embodiments of the present invention is that the keyed in card verification code is dynamic and is checked bypayment provider 110, not byissuer 112 of the physical card. In this manner, payment card issuers are not required to deploy or implement new processes to validate or support the dynamic card codes, nor are they required to implement new systems to track or generate VPANs. Further, embodiments ensure that merchants are not made aware of the actual payment card information, as they are only exposed to the VPAN information. - Pursuant to some embodiments, prior to conducting a transaction using a VPAN, a cardholder must first register a payment card with the
payment provider 110, and install (or activate) a payment application on a mobile device. One process for registration and activation is shown inFIG. 2 , where aprocess 200 is shown.Process 200 may be performed by a cardholder to activate a payment application on a mobile device (or to install and activate a payment application onto a mobile device) and to register a payment card withpayment provider 110.Process 200 begins at 202 where the cardholder contacts the payment provider 110 (or an agent of the payment provider). The cardholder may contact thepayment provider 110 from a mobile device that has (or will have) the payment application installed thereon, or the cardholder may contact thepayment provider 110 from a computer over the Internet or the like. - Once the cardholder contacts the payment provider, processing continues at 204 where the cardholder is walked through a menu of options to create a mobile transaction account. For example, the cardholder may be prompted for personal information to verify the cardholder's identity, and may be prompted for information needed to create the mobile transaction account.
- Processing continues at 206 where the cardholder is prompted to identify one or more payment card accounts to be associated with the mobile transaction account. The payment card account(s) will be used to complete transactions processing using the system.
- Processing continues at 208 where the
payment provider 110 creates a VPAN and a VPAN record (e.g., such as shown in item 150 ofFIG. 1 ) and delivers the VPAN to the cardholder's mobile device. In some embodiments, the mobile phone application with the VPAN and other data is transmitted to the cardholder's mobile device using over the air (“OTA”) techniques. In some embodiments, the VPAN is packaged in a payment application and delivered and installed on the cardholder's mobile device. Processing at 208 may also include the generation and delivery of a shared secret key for use by the payment application in generating a dynamic code value as described above. Once the VPAN and payment application have been installed on the mobile device, the cardholder may use the mobile device to complete transactions pursuant to the present invention. - Reference is now made to
FIG. 3 , where aprocess 300 for conducting a mobile transaction pursuant to some embodiments is described.Process 300 may be performed by a payment processor such as thepayment processor 110 ofFIG. 1 . For example,process 300 may be performed in response to authorization requests received by thepayment processor 110 involving transactions at merchants where a VPAN was provided by a cardholder. - Processing begins at 302 where an authorization request involving a VPAN is received. At 304, an initial determination may be made whether the transaction date is prior to the expiry date of the VPAN. If not, processing may continue at 316 where an authorization denial may be created. If the transaction date is prior to the expiry date, processing continues at 306 where a mapping or look-up is performed (using the VPAN) to retrieve data associated with the VPAN (e.g., such as the data shown as item 150 of
FIG. 1 ). Processing continues at 308 where a series of expected dynamic verification numbers are computed. At 310, a determination is made whether the dynamic code received in the authorization request is within the series of computed (or expected) codes. If not, the transaction may be denied and processing may continue at 316 where an authorization response denying the transaction is generated. If the determination at 310 indicates that the dynamic code received in the authorization request is within the series of computed (or expected) codes, processing continues at 312 where an updated authorization request is created using the transaction data (received at 302) and the payment card information retrieved at 306. The updated authorization request is transmitted to the issuer and a response is received and returned to the merchant at 314. -
FIG. 4 illustratespayment provider device 400 that might be descriptive, for example, of thepayment provider device 110 illustrated inFIG. 1 in accordance with an exemplary embodiment of the invention. Thepayment provider device 400 comprises aprocessor 410, such as one or more INTEL® Pentium® processors, coupled to acommunication device 420 configured to communicate via a communication network (not shown inFIG. 4 ). Thecommunication device 420 may be used to communicate, for example, with one or more merchants, acquirers, issuers, and cardholders. - The
processor 410 is also in communication with aninput device 440. Theinput device 440 may comprise, for example, a keyboard, a mouse, or computer media reader. Such aninput device 440 may be used, for example, to enter information about cardholders participating in the system or to perform administrative actions associated with the management and administration of thepayment provider device 400. Theprocessor 410 is also in communication with anoutput device 450. Theoutput device 450 may comprise, for example, a display screen or printer. Such anoutput device 450 may be used, for example, to provide reports and/or display information associate with cardholder registrations and the usage or administration of cardholder data. - The
processor 410 is also in communication with astorage device 430. Thestorage device 430 may comprise any appropriate information storage device, including combinations of magnetic storage devices (e.g., magnetic tape and hard disk drives), optical storage devices, and/or semiconductor memory devices such as Random Access Memory (RAM) devices and Read Only Memory (ROM) devices. - The
storage device 430 stores aprogram 415 for controlling theprocessor 410. Theprocessor 410 performs instructions of theprogram 415, and thereby operates in accordance any embodiments of the present invention described herein. For example, theprocessor 410 may receive, via thecommunication device 420, a request from a cardholder to register a payment card and to activate a payment application on a mobile device (e.g., such as a registration request in accordance with the process ofFIG. 2 ). As another example, theprocessor 410 may receive, via thecommunication device 420, a transaction authorization request from a merchant or an acquirer (e.g., such as an authorization request process in accordance with the process ofFIG. 3 ). As another example, theprocessor 410 may also transmit and receive (via the communication device 420) an authorization request, and an authorization response to and from an issuer (such as theissuer 112 ofFIG. 1 ). - The
processor 410 may also operate with the program to retrieve data from a storage device (e.g., to retrieve data associated with a static VPAN received from a merchant) and to compute a series of expected dynamic verification numbers associated with the static VPAN to determine whether a transaction should be declined or whether an authorization request should be created and transmitted to an issuer. Moreover, theprocessor 410 may match this information using one or more rules or formulas. - As used herein, information may be “received” by or “transmitted” to, for example: (i) the
payment provider device 400 from merchant devices, acquirers, mobile devices, issuer devices, payment network devices; or (ii) a software application or module within thepayment provider device 400 from another software application, module, or any other source. - As shown in
FIG. 4 , thestorage device 430 also stores one or more VPAN databases 500 (described with respect toFIG. 5 ). Examples of a VPAN database that may be used in connection with thepayment provider device 400 will now be described in detail with respect toFIG. 5 . The illustrations and accompanying descriptions of the databases presented herein are exemplary, and any number of other database arrangements could be employed besides those suggested by the figures. -
FIG. 5 is a tabular view ofVPAN database 500 in accordance with some embodiments of the present invention. The table includes entries identifying VPANs that have been issued or assigned by thepayment provider 110. The table also definesfields VPAN 502, aPAN 504, a staticcard verification code 506, acounter 508, and aVPAN expiry date 510. The information in thedatabase 500 may be created and updated based on information received from cardholders, mobile devices operated by cardholders, merchants and issuers. - The
VPAN 502 may be, for example, an alphanumeric code (typically, in current systems, a sixteen digit numeric code) assigned by the payment provider to a cardholder for the cardholder's use in making certain transactions pursuant to embodiments of the present invention. In some embodiments, VPANs issued or assigned by a payment provider are formatted in accordance with a payment network's formatting rules. As a specific example, for VPANs processed over the payment network operated by MasterCard International Incorporated, VPANs are 16 digit numeric codes in which the first 6 digits are used to identify the VPAN as a VPAN to be routed to apayment provider 110 for processing. For example, as illustrated inFIG. 5 , the first six digits of each of the VPANs have identical formats: “5555-55”. Such a convention may be used to ensure that transactions involving a VPAN are routed to thepayment provider 110 for processing. Those skilled in the art will appreciate that other routing, numbering, and formatting conventions may be used so long as a payment network may reliably identify transactions involving a VPAN as such. - As shown in
FIG. 5 , eachVPAN 502 is associated with aPAN 504. That is, eachVPAN 502 is associated with an actual payment account number that has been issued to a cardholders EachVPAN 502 is also associated with the staticcard verification code 506 from the payment account. For example, in the case of a MasterCard payment card, the staticcard verification code 506 may be the MasterCard CVC number printed on the back face of a MasterCard credit or debit card. Pursuant to some embodiments, thePAN 504 and the staticcard verification code 506 are obtained from a cardholder when the cardholder registers to use a payment card in a system of the present invention (e.g., using a registration process such as theprocess 200 ofFIG. 2 ). Other static card verification codes may also be used (e.g., such as the codes used by other payment card brands). - Each
VPAN 502 is also associated with one ormore counters 508. The counter may, for example, increment each time aVPAN 502 is used in a transaction. As discussed above in conjunction withFIG. 1 , thecounter 508 is used to confirm the likely validity of a dynamic value generated by a payment application in a mobile device when and transmitted from a mobile device to a merchant and then from the merchant to thepayment provider 110 in an authorization request. In some embodiments (not shown inFIG. 5 ), a secret key shared by thepayment provider 110 and a mobile device 102 (and stored, for example, in a payment application installed in the mobile device 102) may also be stored in the database ofFIG. 5 . The shared secret key may be used to encrypt a dynamic value transmitted from the mobile device. Thepayment provider 110 may use the shared secret key, in conjunction with thecounter 508, to decrypt the dynamic value from themobile device 102 to ascertain the authenticity of the transaction request. EachVPAN 502 is also associated with aVPAN expiry date 510. TheVPAN expiry date 510 may be set when theVPAN 502 is originally issued or assigned to a cardholder, and limits the period in which theVPAN 502 may be used in transactions.Payment provider 110 may consult theVPAN expiry date 510 as described above in conjunction withFIG. 3 to determine whether to deny an authorization request (or to allow further authorization processing to proceed). - The above descriptions of processes herein should not be considered to imply a fixed order for performing the process steps. Rather, the process steps may be performed in any order that is practicable, including simultaneous performance of at least some steps.
- Although the present invention has been described in connection with specific exemplary embodiments, it should be understood that various changes, substitutions, and alterations apparent to those skilled in the art can be made to the disclosed embodiments without departing from the spirit and scope of the invention as set forth in the appended claims.
Claims (19)
1. A method for conducting a transaction, comprising:
receiving a request to authorize a purchase transaction involving a purchase from a merchant, said request including a static virtual payment account number (VPAN), an expiry date, and a dynamic code generated by a mobile device, said request further including a transaction amount and a transaction date;
identifying, based on said static VPAN, a payment card account number;
verifying that said dynamic code matches an expected value of said dynamic code; and
transmitting an updated authorization request message to an issuer for authorization processing based on said payment card account number.
2. The method of claim 1 , further comprising:
receiving an authorization response message from said issuer; and
forwarding an updated authorization response message to said merchant, said updated authorization response message including said static VPAN.
3. The method of claim 1 , wherein verifying that said dynamic code matches an expected value comprises:
generating at least a first expected value based on a transaction counter value and a shared secret key.
4. The method of claim 1 , wherein said dynamic code is selected from among a pre-populated list of dynamic codes based on a value of a transaction counter.
5. The method of claim 1 , wherein verifying that said dynamic code matches an expected value comprises:
generating a series of expected values based on a series of expected transaction counter values and a shared secret key.
6. A payment provider apparatus, comprising:
a processor;
a communication device coupled to said processor and adapted to communicate with at least one of an issuer, and a merchant device over a processing network;
a storage device in communication with said processor and storing instructions adapted to be executed by said processor to:
receive, from said merchant device, a request to authorize a purchase transaction involving a purchase, said request including a static virtual payment account number (VPAN), an expiry date, and a dynamic code generated by a mobile device, said request further including a transaction amount and a transaction date;
identify, based on said static VPAN, a payment card account number;
verify that said dynamic code matches an expected value of said dynamic code; and
transmit an updated authorization request message to said issuer for authorization processing based on said payment card account number.
7. The apparatus of claim 6 , wherein said storage device further storing instructions adapted to be executed by said processor to:
receive, from said issuer, an authorization response message; and
forward, to said merchant device, an updated authorization response message, said updated authorization response message including said static VPAN.
8. The apparatus of claim 6 , wherein said instructions to verify that said dynamic code matches an expected value further comprises instructions adapted to be executed by said processor to:
generate at least a first expected value based on a transaction counter value and a shared secret key.
9. The apparatus of claim 6 , wherein the dynamic code generated by said mobile device is generated by selecting a dynamic code from among a list of available dynamic codes, said selection based on the value of a transaction counter in said mobile device.
10. The apparatus of claim 6 , wherein said instructions to verify that said dynamic code matches an expected value further comprises instructions adapted to be executed by said processor to:
generate a series of expected values based on a series of expected transaction counter values and a shared secret key.
11. The apparatus of claim 6 , wherein said storage device stores at least a database containing said static VPAN.
12. The apparatus of claim 11 , wherein said database further stores at least one of (i) a physical PAN, (ii) a counter, (iii) and an expiration date of said VPAN.
13. A computer-readable medium storing instructions adapted to be executed by a processor to perform a method of processing payment transactions, said method comprising:
receiving a request to authorize a purchase transaction involving a purchase from a merchant, said request including a static virtual payment account number (VPAN), an expiry date, and a dynamic code generated by a mobile device, said request further including a transaction amount and a transaction date;
identifying, based on said static VPAN, a payment card account number;
verifying that said dynamic code matches an expected value of said dynamic code; and
transmitting an updated authorization request message to an issuer for authorization processing based on said payment card account number.
14. The computer-readable medium of claim 13 , wherein the method of processing payment transactions further comprising:
receiving, from said issuer, an authorization response message; and
forwarding, to said merchant device, an updated authorization response message, said updated authorization response message including said static VPAN.
15. The computer-readable medium of claim 13 , wherein said verifying that said dynamic code matches an expected value further comprises:
generating at least a first expected value based on a transaction counter value and a shared secret key.
16. The computer-readable medium of claim 13 , wherein the dynamic code generated by said mobile device is generated by selecting a dynamic code from among a list of available dynamic codes, said selection based on the value of a transaction counter in said mobile device.
17. The computer-readable medium of claim 13 , wherein said verifying that said dynamic code matches an expected value further comprises:
generating a series of expected values based on a series of expected transaction counter values and a shared secret key.
18. The computer-readable medium of claim 13 , wherein said storage device stores at least a database containing said static VPAN.
19. The computer-readable medium of claim 18 , wherein said database further stores at least one of (i) a physical PAN, (ii) a counter, (iii) and an expiration date of said VPAN.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/475,718 US20100125516A1 (en) | 2008-11-14 | 2009-06-01 | Methods and systems for secure mobile device initiated payments |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11459308P | 2008-11-14 | 2008-11-14 | |
US12/475,718 US20100125516A1 (en) | 2008-11-14 | 2009-06-01 | Methods and systems for secure mobile device initiated payments |
Publications (1)
Publication Number | Publication Date |
---|---|
US20100125516A1 true US20100125516A1 (en) | 2010-05-20 |
Family
ID=42172733
Family Applications (4)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/475,718 Abandoned US20100125516A1 (en) | 2008-11-14 | 2009-06-01 | Methods and systems for secure mobile device initiated payments |
US12/475,735 Active 2032-11-10 US9881297B2 (en) | 2008-11-14 | 2009-06-01 | Methods and systems for secure mobile device initiated payments using generated image data |
US15/850,703 Active 2030-01-15 US10565580B2 (en) | 2008-11-14 | 2017-12-21 | Methods and systems for secure mobile device initiated payment using generated image data |
US16/734,794 Active 2030-03-24 US11615396B2 (en) | 2008-11-14 | 2020-01-06 | Methods and systems for secure mobile device initiated payment using generated image data |
Family Applications After (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/475,735 Active 2032-11-10 US9881297B2 (en) | 2008-11-14 | 2009-06-01 | Methods and systems for secure mobile device initiated payments using generated image data |
US15/850,703 Active 2030-01-15 US10565580B2 (en) | 2008-11-14 | 2017-12-21 | Methods and systems for secure mobile device initiated payment using generated image data |
US16/734,794 Active 2030-03-24 US11615396B2 (en) | 2008-11-14 | 2020-01-06 | Methods and systems for secure mobile device initiated payment using generated image data |
Country Status (1)
Country | Link |
---|---|
US (4) | US20100125516A1 (en) |
Cited By (42)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100088237A1 (en) * | 2008-10-04 | 2010-04-08 | Wankmueller John R | Methods and systems for using physical payment cards in secure e-commerce transactions |
US20110066513A1 (en) * | 2009-08-24 | 2011-03-17 | Afone | Method and system for secure mobile payment |
US20110099079A1 (en) * | 2009-10-27 | 2011-04-28 | At&T Mobility Ii Llc | Secure Mobile-Based Financial Transactions |
US20120136796A1 (en) * | 2010-09-21 | 2012-05-31 | Ayman Hammad | Device Enrollment System and Method |
US20130043305A1 (en) * | 2011-07-18 | 2013-02-21 | Tiger T. G. Zhou | Methods and systems for receiving compensation for using mobile payment services |
US8534564B2 (en) | 2009-05-15 | 2013-09-17 | Ayman Hammad | Integration of verification tokens with mobile communication devices |
US20140067675A1 (en) * | 2012-09-06 | 2014-03-06 | American Express Travel Related Services Company, Inc. | Authentication using dynamic codes |
US20140136355A1 (en) * | 2012-11-12 | 2014-05-15 | KT Corpotation | Security in mobile payment service |
US20140172605A1 (en) * | 2011-05-24 | 2014-06-19 | China Uni onpay Co., Ltd. | Safety closed-loop payment system and method |
US20140195386A1 (en) * | 2011-09-19 | 2014-07-10 | Tencent Technology (Shenzhen) Company Limited | Processing method and processing system for order data in network payment system |
CN104603809A (en) * | 2012-04-16 | 2015-05-06 | 盐技术股份有限公司 | Systems and methods for facilitating a transaction using a virtual card on a mobile device |
WO2015152948A1 (en) * | 2014-03-29 | 2015-10-08 | Nuspay International Incorporated | Systems and methods of generating and processing payment transaction using alternate channels and payments mode |
US20150294304A1 (en) * | 2014-04-15 | 2015-10-15 | Cellco Partnership D/B/A Verizon Wireless | Secure payment methods, system, and devices |
US20150332273A1 (en) * | 2014-05-19 | 2015-11-19 | American Express Travel Related Services Company, Inc. | Authentication via biometric passphrase |
US9372971B2 (en) | 2009-05-15 | 2016-06-21 | Visa International Service Association | Integration of verification tokens with portable computing devices |
US9424413B2 (en) | 2010-02-24 | 2016-08-23 | Visa International Service Association | Integration of payment capability into secure elements of computers |
US9582801B2 (en) | 2009-05-15 | 2017-02-28 | Visa International Service Association | Secure communication of payment information to merchants using a verification token |
US9715681B2 (en) | 2009-04-28 | 2017-07-25 | Visa International Service Association | Verification of portable consumer devices |
US9775029B2 (en) | 2014-08-22 | 2017-09-26 | Visa International Service Association | Embedding cloud-based functionalities in a communication device |
US9792611B2 (en) | 2009-05-15 | 2017-10-17 | Visa International Service Association | Secure authentication system and method |
US9881297B2 (en) | 2008-11-14 | 2018-01-30 | Mastercard International Incorporated | Methods and systems for secure mobile device initiated payments using generated image data |
US9904919B2 (en) | 2009-05-15 | 2018-02-27 | Visa International Service Association | Verification of portable consumer devices |
US9972005B2 (en) | 2013-12-19 | 2018-05-15 | Visa International Service Association | Cloud-based transactions methods and systems |
CN108229957A (en) * | 2016-12-21 | 2018-06-29 | 株式会社韩国智能交通卡 | The generation of dynamic virtual card and discarded method |
EP3257005A4 (en) * | 2015-02-11 | 2018-07-04 | Mastercard International Incorporated | Online form fill for tokenized credentials |
US10187363B2 (en) | 2014-12-31 | 2019-01-22 | Visa International Service Association | Hybrid integration of software development kit with secure execution environment |
US10255591B2 (en) | 2009-12-18 | 2019-04-09 | Visa International Service Association | Payment channel returning limited use proxy dynamic value |
CN109690593A (en) * | 2016-06-29 | 2019-04-26 | 平方股份有限公司 | Pre- trading processing technology |
US10282724B2 (en) | 2012-03-06 | 2019-05-07 | Visa International Service Association | Security system incorporating mobile device |
US20200134610A1 (en) * | 2017-08-09 | 2020-04-30 | SSenStone Inc. | Method and program for outputting virtual code generated from payment card, and payment card for generating virtual code |
US10652743B2 (en) | 2017-12-21 | 2020-05-12 | The Chamberlain Group, Inc. | Security system for a moveable barrier operator |
US10846694B2 (en) | 2014-05-21 | 2020-11-24 | Visa International Service Association | Offline authentication |
US10846683B2 (en) | 2009-05-15 | 2020-11-24 | Visa International Service Association | Integration of verification tokens with mobile communication devices |
US10862924B2 (en) | 2005-06-30 | 2020-12-08 | The Chamberlain Group, Inc. | Method and apparatus to facilitate message transmission and reception using different transmission characteristics |
USRE48433E1 (en) | 2005-01-27 | 2021-02-09 | The Chamberlain Group, Inc. | Method and apparatus to facilitate transmission of an encrypted rolling code |
US10944559B2 (en) | 2005-01-27 | 2021-03-09 | The Chamberlain Group, Inc. | Transmission of data including conversion of ternary data to binary data |
US10997810B2 (en) | 2019-05-16 | 2021-05-04 | The Chamberlain Group, Inc. | In-vehicle transmitter training |
US11017386B2 (en) | 2013-12-19 | 2021-05-25 | Visa International Service Association | Cloud-based transactions with magnetic secure transmission |
US11074773B1 (en) | 2018-06-27 | 2021-07-27 | The Chamberlain Group, Inc. | Network-based control of movable barrier operators for autonomous vehicles |
US11423717B2 (en) | 2018-08-01 | 2022-08-23 | The Chamberlain Group Llc | Movable barrier operator and transmitter pairing over a network |
US11605078B1 (en) * | 2018-12-18 | 2023-03-14 | United Services Automobile Association (Usaa) | Dynamic code payment card verification with cross-channel authentication |
US11816644B2 (en) * | 2019-12-17 | 2023-11-14 | Mastercard International Incorporated | Systems and methods for real time data rich cross border payment transactions |
Families Citing this family (97)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6666377B1 (en) * | 2000-07-18 | 2003-12-23 | Scott C. Harris | Bar code data entry device |
US20130018782A1 (en) * | 2011-07-18 | 2013-01-17 | Tiger T G Zhou | Methods and systems for facilitating mobile device payments using codes and cashback business model |
US9367841B2 (en) * | 2011-07-18 | 2016-06-14 | Tiger T G Zhou | Facilitating mobile device payments using product code scanning |
US20170221087A1 (en) * | 2002-10-01 | 2017-08-03 | Zhou Tian Xing | Systems and methods for providing compensation, rebate, cashback, and reward for using mobile and wearable payment services, digital currency, nfc touch payments, mobile digital card barcode payments, and multimedia haptic capture buying |
US20130026232A1 (en) * | 2011-07-18 | 2013-01-31 | Tiger T G Zhou | Methods and systems for preventing card payment fraud and receiving payments using codes and mobile devices |
US9208505B1 (en) * | 2002-10-01 | 2015-12-08 | Tiger T G Zhou | Systems and methods for providing compensation, rebate, cashback, and reward for using mobile and wearable payment services |
US9824349B2 (en) * | 2002-10-01 | 2017-11-21 | World Award Academy | Facilitating mobile device payments using product code scanning |
US8002175B2 (en) * | 2004-12-31 | 2011-08-23 | Veritec, Inc. | System and method for utilizing a highly secure two-dimensional matrix code on a mobile communications display |
US9747598B2 (en) | 2007-10-02 | 2017-08-29 | Iii Holdings 1, Llc | Dynamic security code push |
CN101425894B (en) * | 2007-10-30 | 2012-03-21 | 阿里巴巴集团控股有限公司 | Service implementing system and method |
WO2011032263A1 (en) * | 2009-09-17 | 2011-03-24 | Meir Weis | Mobile payment system with two-point authentication |
US9324066B2 (en) * | 2009-12-21 | 2016-04-26 | Verizon Patent And Licensing Inc. | Method and system for providing virtual credit card services |
US11030598B2 (en) | 2010-03-02 | 2021-06-08 | Lightspeed Commerce Usa Inc. | System and method for remote management of sale transaction data |
US9317844B2 (en) * | 2010-03-02 | 2016-04-19 | Shopkeep.Com, Inc. | System and method for remote management of sale transaction data |
US10699261B2 (en) | 2010-03-02 | 2020-06-30 | Shopkeep Inc. | System and method for remote management of sale transaction data |
US9965755B2 (en) | 2011-02-28 | 2018-05-08 | Shopkeep.Com, Inc. | System and method for remote management of sale transaction data |
US10735304B2 (en) | 2011-02-28 | 2020-08-04 | Shopkeep Inc. | System and method for remote management of sale transaction data |
US8645280B2 (en) * | 2010-06-04 | 2014-02-04 | Craig McKenzie | Electronic credit card with fraud protection |
WO2012058326A1 (en) | 2010-10-26 | 2012-05-03 | Modopayments, Llc | System and method for managing merchant-consumer interactions |
US11144916B2 (en) * | 2010-10-28 | 2021-10-12 | Ncr Corporation | Techniques for conducting single or limited use purchases via a mobile device |
US8464324B2 (en) | 2010-12-06 | 2013-06-11 | Mobilesphere Holdings LLC | System and method for identity verification on a computer |
US20120191556A1 (en) * | 2011-01-21 | 2012-07-26 | American Express Travel Related Services Company, Inc. | Systems and methods for virtual mobile transaction |
US9123040B2 (en) | 2011-01-21 | 2015-09-01 | Iii Holdings 1, Llc | Systems and methods for encoded alias based transactions |
US20120203695A1 (en) * | 2011-02-09 | 2012-08-09 | American Express Travel Related Services Company, Inc. | Systems and methods for facilitating secure transactions |
CN109118199A (en) | 2011-02-16 | 2019-01-01 | 维萨国际服务协会 | Snap mobile payment device, method and system |
US8317086B2 (en) | 2011-02-16 | 2012-11-27 | International Business Machines Corporation | Communication of transaction data within a self-checkout environment |
US10586227B2 (en) * | 2011-02-16 | 2020-03-10 | Visa International Service Association | Snap mobile payment apparatuses, methods and systems |
SG193510A1 (en) | 2011-02-22 | 2013-10-30 | Visa Int Service Ass | Universal electronic payment apparatuses, methods and systems |
US10108946B2 (en) * | 2011-04-14 | 2018-10-23 | Handle Financial, Inc. | Payment processing with dynamic barcodes |
US20120278188A1 (en) * | 2011-04-28 | 2012-11-01 | Digimo Ltd. | Carrying out an alternative payment via a user equipment over a wireless network at a point of sale without altering the point of sale |
US8413891B2 (en) * | 2011-06-02 | 2013-04-09 | Talaris Holdings Limited | System and method for facilitating banking transactions |
EP2718887A1 (en) * | 2011-06-10 | 2014-04-16 | Swedbank AB | Electronic transactions |
WO2013006725A2 (en) | 2011-07-05 | 2013-01-10 | Visa International Service Association | Electronic wallet checkout platform apparatuses, methods and systems |
US8788881B2 (en) * | 2011-08-17 | 2014-07-22 | Lookout, Inc. | System and method for mobile device push communications |
US10825001B2 (en) | 2011-08-18 | 2020-11-03 | Visa International Service Association | Multi-directional wallet connector apparatuses, methods and systems |
US10242358B2 (en) | 2011-08-18 | 2019-03-26 | Visa International Service Association | Remote decoupled application persistent state apparatuses, methods and systems |
US9710807B2 (en) | 2011-08-18 | 2017-07-18 | Visa International Service Association | Third-party value added wallet features and interfaces apparatuses, methods and systems |
US20130050743A1 (en) * | 2011-08-31 | 2013-02-28 | Forrest Lane Steely | System and Method of Print Job Retrieval from the Cloud |
US10297105B2 (en) * | 2011-09-09 | 2019-05-21 | Igt | Redemption of virtual tickets using a portable electronic device |
US10223730B2 (en) | 2011-09-23 | 2019-03-05 | Visa International Service Association | E-wallet store injection search apparatuses, methods and systems |
US20130097034A1 (en) * | 2011-10-12 | 2013-04-18 | First Data Corporation | Systems and Methods for Facilitating Point of Sale Transactions |
AU2013214801B2 (en) | 2012-02-02 | 2018-06-21 | Visa International Service Association | Multi-source, multi-dimensional, cross-entity, multimedia database platform apparatuses, methods and systems |
CA2865936A1 (en) * | 2012-03-19 | 2013-09-26 | Royal Canadian Mint/Monnaie Royale Canadienne | Using bar-codes in an asset storage and transfer system |
USD746851S1 (en) | 2012-03-29 | 2016-01-05 | Shopkeep.Com, Inc. | Point of sale device display screen or portion thereof with graphical user interface |
HK1160574A2 (en) * | 2012-04-13 | 2012-07-13 | King Hei Francis Kwong | Secure electronic payment system and process |
AT513187B1 (en) * | 2012-07-17 | 2014-05-15 | Bluesource Mobile Solutions Gmbh | Installation for reading an identification code from a loyalty program |
GB201212878D0 (en) | 2012-07-20 | 2012-09-05 | Pike Justin | Authentication method and system |
IN2015KN00466A (en) * | 2012-08-03 | 2015-07-17 | Vasco Data Security Int Gmbh | |
US8925805B2 (en) * | 2012-08-15 | 2015-01-06 | Bank Of America Corporation | Pre-set readable indicia to facilitate payment during a transaction with a merchant when there is limited network connectivity |
US10229412B1 (en) | 2012-09-13 | 2019-03-12 | Square, Inc. | Using card present transaction data to generate payment transaction account |
KR101451214B1 (en) * | 2012-09-14 | 2014-10-15 | 주식회사 엘지씨엔에스 | Payment method, server performing the same, storage media storing the same and system performing the same |
US20160155112A1 (en) * | 2012-10-10 | 2016-06-02 | Mastercard International Incorporated | Barcode-triggered payment method and system |
US10607213B2 (en) * | 2012-12-04 | 2020-03-31 | Mastercard International Incorporated | Method and system of providing financial transactions for the visually impaired |
US11120414B1 (en) | 2012-12-04 | 2021-09-14 | Square, Inc. | Systems and methods for facilitating transactions between payers and merchants |
US20170076273A1 (en) * | 2013-02-06 | 2017-03-16 | Zhou Tian Xing | Systems and methods for providing compensation, rebate, cashback, and reward for using mobile and wearable payment services |
US20140279554A1 (en) * | 2013-03-12 | 2014-09-18 | Seth Priebatsch | Distributed authenticity verification for consumer payment transactions |
US9953317B2 (en) | 2013-03-13 | 2018-04-24 | Shopkeep.Com, Inc. | Method and system for secure key rotation |
US9324068B2 (en) | 2013-05-16 | 2016-04-26 | Avant-Garde Ip Llc | System, method and article of manufacture to facilitate a financial transaction without unlocking a mobile device |
US10217103B2 (en) * | 2013-05-16 | 2019-02-26 | Avant-Garde Ip Llc | System, method and article of manufacture to facilitate a financial transaction without unlocking a mobile device |
US10019710B2 (en) | 2013-05-16 | 2018-07-10 | Avant-Garde Ip Llc | System, method and article of manufacture to facilitate a financial transaction without unlocking a mobile device |
EP2816515A1 (en) * | 2013-06-18 | 2014-12-24 | Crane Payment Solutions GmbH | Method and system for paying for products on a vending machine with a mobile terminal |
US20150046336A1 (en) * | 2013-08-09 | 2015-02-12 | Mastercard International Incorporated | System and method of using a secondary screen on a mobile device as a secure and convenient transacting mechanism |
US9805366B1 (en) | 2013-09-16 | 2017-10-31 | Square, Inc. | Associating payment information from a payment transaction with a user account |
WO2015042311A1 (en) * | 2013-09-18 | 2015-03-26 | Visa International Service Association | Systems and methods for managing mobile account holder verification methods |
US9953311B2 (en) | 2013-09-25 | 2018-04-24 | Visa International Service Association | Systems and methods for incorporating QR codes |
EP3667592A1 (en) * | 2013-10-04 | 2020-06-17 | Modopayments, LLC | System and method for managing merchant-consumer interactions |
US9223965B2 (en) * | 2013-12-10 | 2015-12-29 | International Business Machines Corporation | Secure generation and management of a virtual card on a mobile device |
US9235692B2 (en) | 2013-12-13 | 2016-01-12 | International Business Machines Corporation | Secure application debugging |
US20150199671A1 (en) * | 2014-01-13 | 2015-07-16 | Fidelity National E-Banking Services, Inc. | Systems and methods for processing cardless transactions |
US9635108B2 (en) | 2014-01-25 | 2017-04-25 | Q Technologies Inc. | Systems and methods for content sharing using uniquely generated idenifiers |
US9721248B2 (en) | 2014-03-04 | 2017-08-01 | Bank Of America Corporation | ATM token cash withdrawal |
US9251330B2 (en) | 2014-04-09 | 2016-02-02 | International Business Machines Corporation | Secure management of a smart card |
US9912795B2 (en) | 2014-05-16 | 2018-03-06 | Avant-Garde Ip Llc | Dynamically replaceable lock screen wallpaper |
US10475026B2 (en) | 2014-05-16 | 2019-11-12 | International Business Machines Corporation | Secure management of transactions using a smart/virtual card |
US9256870B1 (en) | 2014-12-02 | 2016-02-09 | Mastercard International Incorporated | Methods and systems for updating expiry information of an account |
US11620654B2 (en) * | 2014-12-04 | 2023-04-04 | Mastercard International Incorporated | Methods and apparatus for conducting secure magnetic stripe card transactions with a proximity payment device |
US11037139B1 (en) * | 2015-03-19 | 2021-06-15 | Wells Fargo Bank, N.A. | Systems and methods for smart card mobile device authentication |
US11188919B1 (en) | 2015-03-27 | 2021-11-30 | Wells Fargo Bank, N.A. | Systems and methods for contactless smart card authentication |
US9690968B2 (en) * | 2015-05-17 | 2017-06-27 | William A. Wadley | Authenticated scannable code system |
CN111833043A (en) * | 2015-05-25 | 2020-10-27 | 创新先进技术有限公司 | Information interaction method, equipment and server |
GB201520741D0 (en) | 2015-05-27 | 2016-01-06 | Mypinpad Ltd And Licentia Group Ltd | Authentication methods and systems |
US11113688B1 (en) | 2016-04-22 | 2021-09-07 | Wells Fargo Bank, N.A. | Systems and methods for mobile wallet provisioning |
US10460367B2 (en) | 2016-04-29 | 2019-10-29 | Bank Of America Corporation | System for user authentication based on linking a randomly generated number to the user and a physical item |
US10268635B2 (en) | 2016-06-17 | 2019-04-23 | Bank Of America Corporation | System for data rotation through tokenization |
US10438198B1 (en) * | 2017-05-19 | 2019-10-08 | Wells Fargo Bank, N.A. | Derived unique token per transaction |
CN107451501B (en) * | 2017-07-03 | 2020-03-06 | 阿里巴巴集团控股有限公司 | Method and device for realizing dynamic graphic coding |
US20190066089A1 (en) * | 2017-08-25 | 2019-02-28 | Mastercard International Incorporated | Secure transactions using digital barcodes |
EP3502993A1 (en) * | 2017-12-22 | 2019-06-26 | Mastercard International Incorporated | A method and system for conducting a transaction |
CN111831185A (en) * | 2018-02-12 | 2020-10-27 | 创新先进技术有限公司 | Application identification code display method and device |
CN109035636A (en) * | 2018-06-04 | 2018-12-18 | 阿里巴巴集团控股有限公司 | A kind of Cash collecting equipment, a kind of cashing method and device |
CN109389386B (en) * | 2018-09-13 | 2020-09-29 | 阿里巴巴集团控股有限公司 | Code scanning control method, device and system |
US11082578B2 (en) * | 2018-09-24 | 2021-08-03 | Dosl, Llc | Image capture and transfer system |
US11212090B1 (en) | 2019-02-27 | 2021-12-28 | Wells Fargo Bank, N.A. | Derived unique random key per transaction |
EP4022490A4 (en) * | 2019-08-30 | 2022-10-19 | Visa International Service Association | Method, system, and computer program product for securely rendering sensitive data |
US11928666B1 (en) | 2019-09-18 | 2024-03-12 | Wells Fargo Bank, N.A. | Systems and methods for passwordless login via a contactless card |
US10825017B1 (en) | 2020-04-20 | 2020-11-03 | Capital One Services, Llc | Authorizing a payment with a multi-function transaction card |
US11423392B1 (en) | 2020-12-01 | 2022-08-23 | Wells Fargo Bank, N.A. | Systems and methods for information verification using a contactless card |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5883810A (en) * | 1997-09-24 | 1999-03-16 | Microsoft Corporation | Electronic online commerce card with transactionproxy number for online transactions |
US6237095B1 (en) * | 1995-09-29 | 2001-05-22 | Dallas Semiconductor Corporation | Apparatus for transfer of secure information between a data carrying module and an electronic device |
US20020120584A1 (en) * | 2000-04-11 | 2002-08-29 | Hogan Edward J. | Method and system for conducting secure payments over a computer network without a pseudo or proxy account number |
US7039809B1 (en) * | 1998-11-12 | 2006-05-02 | Mastercard International Incorporated | Asymmetric encrypted pin |
US20090192904A1 (en) * | 2008-01-24 | 2009-07-30 | Barbara Patterson | System and Method for Conducting Transactions with a Financial Presentation Device Linked to Multiple Accounts |
US20100094735A1 (en) * | 2006-11-15 | 2010-04-15 | Charles Reynolds | Methods and systems for automated payments |
Family Cites Families (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001344545A (en) * | 2000-03-29 | 2001-12-14 | Ibm Japan Ltd | Processing system, server, processing terminal, communication terminal, processing method, data managing method, processing performing method and program |
WO2001088782A1 (en) * | 2000-05-19 | 2001-11-22 | E-Mark Systems Inc. | Electronic settlement system, settlement device and terminal |
JP4442841B2 (en) * | 2000-06-19 | 2010-03-31 | コバレントマテリアル株式会社 | Low pressure epitaxial growth apparatus and method for controlling the apparatus |
EP1231578A3 (en) * | 2001-02-01 | 2004-03-10 | Siemens Aktiengesellschaft | Method and system for implementing cashless payment transactions |
AU2003240003A1 (en) * | 2002-06-13 | 2003-12-31 | Itag, Inc. | Unified electronic transaction fulfillment |
GB0229765D0 (en) * | 2002-12-20 | 2003-01-29 | Radicall Projects Ltd | Payment system |
US20050245271A1 (en) * | 2004-04-28 | 2005-11-03 | Sarosh Vesuna | System and method using location-aware devices to provide content-rich mobile services in a wireless network |
US20080091616A1 (en) * | 2004-12-15 | 2008-04-17 | Erich Helwin | Communication System And Method Using Visual Interfaces For Mobile Transactions |
KR20060003849A (en) * | 2005-12-27 | 2006-01-11 | 위준상 | Method and system for price adjustment using barcode for collection of money |
US8004426B2 (en) * | 2008-10-14 | 2011-08-23 | Verizon Patent And Licensing Inc. | Systems and methods for recording parking space information |
US20100125516A1 (en) | 2008-11-14 | 2010-05-20 | Wankmueller John R | Methods and systems for secure mobile device initiated payments |
-
2009
- 2009-06-01 US US12/475,718 patent/US20100125516A1/en not_active Abandoned
- 2009-06-01 US US12/475,735 patent/US9881297B2/en active Active
-
2017
- 2017-12-21 US US15/850,703 patent/US10565580B2/en active Active
-
2020
- 2020-01-06 US US16/734,794 patent/US11615396B2/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6237095B1 (en) * | 1995-09-29 | 2001-05-22 | Dallas Semiconductor Corporation | Apparatus for transfer of secure information between a data carrying module and an electronic device |
US5883810A (en) * | 1997-09-24 | 1999-03-16 | Microsoft Corporation | Electronic online commerce card with transactionproxy number for online transactions |
US7039809B1 (en) * | 1998-11-12 | 2006-05-02 | Mastercard International Incorporated | Asymmetric encrypted pin |
US20020120584A1 (en) * | 2000-04-11 | 2002-08-29 | Hogan Edward J. | Method and system for conducting secure payments over a computer network without a pseudo or proxy account number |
US7177848B2 (en) * | 2000-04-11 | 2007-02-13 | Mastercard International Incorporated | Method and system for conducting secure payments over a computer network without a pseudo or proxy account number |
US20100094735A1 (en) * | 2006-11-15 | 2010-04-15 | Charles Reynolds | Methods and systems for automated payments |
US20090192904A1 (en) * | 2008-01-24 | 2009-07-30 | Barbara Patterson | System and Method for Conducting Transactions with a Financial Presentation Device Linked to Multiple Accounts |
Non-Patent Citations (3)
Title |
---|
Curry US Patent no 6237095 * |
Hogan PGPub Document no 20020120584 * |
Wankmueller US Patent no 7039809 * |
Cited By (88)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
USRE48433E1 (en) | 2005-01-27 | 2021-02-09 | The Chamberlain Group, Inc. | Method and apparatus to facilitate transmission of an encrypted rolling code |
US10944559B2 (en) | 2005-01-27 | 2021-03-09 | The Chamberlain Group, Inc. | Transmission of data including conversion of ternary data to binary data |
US11799648B2 (en) | 2005-01-27 | 2023-10-24 | The Chamberlain Group Llc | Method and apparatus to facilitate transmission of an encrypted rolling code |
US10862924B2 (en) | 2005-06-30 | 2020-12-08 | The Chamberlain Group, Inc. | Method and apparatus to facilitate message transmission and reception using different transmission characteristics |
US10108956B2 (en) * | 2008-10-04 | 2018-10-23 | Mastercard International Incorporated | Methods and systems for using physical payment cards in secure E-commerce transactions |
US20190102776A1 (en) * | 2008-10-04 | 2019-04-04 | Mastercard International Incorporated | Methods and systems for using physical payment cards in secure e-commerce transactions |
US20100088237A1 (en) * | 2008-10-04 | 2010-04-08 | Wankmueller John R | Methods and systems for using physical payment cards in secure e-commerce transactions |
US10949840B2 (en) * | 2008-10-04 | 2021-03-16 | Mastercard International Incorporated | Methods and systems for using physical payment cards in secure e-commerce transactions |
US8965811B2 (en) * | 2008-10-04 | 2015-02-24 | Mastercard International Incorporated | Methods and systems for using physical payment cards in secure E-commerce transactions |
US11615396B2 (en) | 2008-11-14 | 2023-03-28 | Mastercard International Incorporated | Methods and systems for secure mobile device initiated payment using generated image data |
US9881297B2 (en) | 2008-11-14 | 2018-01-30 | Mastercard International Incorporated | Methods and systems for secure mobile device initiated payments using generated image data |
US10565580B2 (en) | 2008-11-14 | 2020-02-18 | Mastercard International Incorporated | Methods and systems for secure mobile device initiated payment using generated image data |
US10572864B2 (en) | 2009-04-28 | 2020-02-25 | Visa International Service Association | Verification of portable consumer devices |
US9715681B2 (en) | 2009-04-28 | 2017-07-25 | Visa International Service Association | Verification of portable consumer devices |
US10997573B2 (en) | 2009-04-28 | 2021-05-04 | Visa International Service Association | Verification of portable consumer devices |
US9904919B2 (en) | 2009-05-15 | 2018-02-27 | Visa International Service Association | Verification of portable consumer devices |
US9792611B2 (en) | 2009-05-15 | 2017-10-17 | Visa International Service Association | Secure authentication system and method |
US10049360B2 (en) | 2009-05-15 | 2018-08-14 | Visa International Service Association | Secure communication of payment information to merchants using a verification token |
US10043186B2 (en) | 2009-05-15 | 2018-08-07 | Visa International Service Association | Secure authentication system and method |
US10846683B2 (en) | 2009-05-15 | 2020-11-24 | Visa International Service Association | Integration of verification tokens with mobile communication devices |
US10009177B2 (en) | 2009-05-15 | 2018-06-26 | Visa International Service Association | Integration of verification tokens with mobile communication devices |
US10387871B2 (en) | 2009-05-15 | 2019-08-20 | Visa International Service Association | Integration of verification tokens with mobile communication devices |
US9317848B2 (en) | 2009-05-15 | 2016-04-19 | Visa International Service Association | Integration of verification tokens with mobile communication devices |
US9372971B2 (en) | 2009-05-15 | 2016-06-21 | Visa International Service Association | Integration of verification tokens with portable computing devices |
US8534564B2 (en) | 2009-05-15 | 2013-09-17 | Ayman Hammad | Integration of verification tokens with mobile communication devices |
US11574312B2 (en) | 2009-05-15 | 2023-02-07 | Visa International Service Association | Secure authentication system and method |
US9582801B2 (en) | 2009-05-15 | 2017-02-28 | Visa International Service Association | Secure communication of payment information to merchants using a verification token |
US20110066513A1 (en) * | 2009-08-24 | 2011-03-17 | Afone | Method and system for secure mobile payment |
US9037492B2 (en) * | 2009-10-27 | 2015-05-19 | At&T Mobility Ii Llc | Secure mobile-based financial transactions |
US8374916B2 (en) * | 2009-10-27 | 2013-02-12 | At&T Mobility Ii Llc | Secure mobile-based financial transactions |
US20110099079A1 (en) * | 2009-10-27 | 2011-04-28 | At&T Mobility Ii Llc | Secure Mobile-Based Financial Transactions |
US20150242838A1 (en) * | 2009-10-27 | 2015-08-27 | At&T Mobility Ii Llc | Secure Mobile-Based Financial Transactions |
US8732022B2 (en) * | 2009-10-27 | 2014-05-20 | At&T Mobility Ii Llc | Secure mobile-based financial transactions |
US9519899B2 (en) * | 2009-10-27 | 2016-12-13 | At&T Mobility Ii Llc | Secure mobile-based financial transactions |
US20130091062A1 (en) * | 2009-10-27 | 2013-04-11 | At&T Mobility Ii Llc | Secure Mobile-Based Financial Transactions |
US20140258133A1 (en) * | 2009-10-27 | 2014-09-11 | At&T Mobility Ii Llc | Secure Mobile-Based Financial Transactions |
US10255591B2 (en) | 2009-12-18 | 2019-04-09 | Visa International Service Association | Payment channel returning limited use proxy dynamic value |
US9589268B2 (en) | 2010-02-24 | 2017-03-07 | Visa International Service Association | Integration of payment capability into secure elements of computers |
US9424413B2 (en) | 2010-02-24 | 2016-08-23 | Visa International Service Association | Integration of payment capability into secure elements of computers |
US10657528B2 (en) | 2010-02-24 | 2020-05-19 | Visa International Service Association | Integration of payment capability into secure elements of computers |
US11880815B2 (en) | 2010-09-21 | 2024-01-23 | Visa International Service Association | Device enrollment system and method |
US20120136796A1 (en) * | 2010-09-21 | 2012-05-31 | Ayman Hammad | Device Enrollment System and Method |
US11410142B2 (en) * | 2010-09-21 | 2022-08-09 | Visa International Service Association | Device enrollment system and method |
US20140172605A1 (en) * | 2011-05-24 | 2014-06-19 | China Uni onpay Co., Ltd. | Safety closed-loop payment system and method |
US20130043305A1 (en) * | 2011-07-18 | 2013-02-21 | Tiger T. G. Zhou | Methods and systems for receiving compensation for using mobile payment services |
US20140195386A1 (en) * | 2011-09-19 | 2014-07-10 | Tencent Technology (Shenzhen) Company Limited | Processing method and processing system for order data in network payment system |
US10282724B2 (en) | 2012-03-06 | 2019-05-07 | Visa International Service Association | Security system incorporating mobile device |
US11836706B2 (en) * | 2012-04-16 | 2023-12-05 | Sticky.Io, Inc. | Systems and methods for facilitating a transaction using a virtual card on a mobile device |
CN104603809A (en) * | 2012-04-16 | 2015-05-06 | 盐技术股份有限公司 | Systems and methods for facilitating a transaction using a virtual card on a mobile device |
US20150134540A1 (en) * | 2012-04-16 | 2015-05-14 | Salt Technology, Inc. | Systems and methods for facilitating a transaction using a virtual card on a mobile device |
US20140067675A1 (en) * | 2012-09-06 | 2014-03-06 | American Express Travel Related Services Company, Inc. | Authentication using dynamic codes |
US20140136355A1 (en) * | 2012-11-12 | 2014-05-15 | KT Corpotation | Security in mobile payment service |
US9805361B2 (en) * | 2012-11-12 | 2017-10-31 | Kt Corporation | Security in mobile payment service |
US10402814B2 (en) | 2013-12-19 | 2019-09-03 | Visa International Service Association | Cloud-based transactions methods and systems |
US10664824B2 (en) | 2013-12-19 | 2020-05-26 | Visa International Service Association | Cloud-based transactions methods and systems |
US11017386B2 (en) | 2013-12-19 | 2021-05-25 | Visa International Service Association | Cloud-based transactions with magnetic secure transmission |
US11875344B2 (en) | 2013-12-19 | 2024-01-16 | Visa International Service Association | Cloud-based transactions with magnetic secure transmission |
US9972005B2 (en) | 2013-12-19 | 2018-05-15 | Visa International Service Association | Cloud-based transactions methods and systems |
US10909522B2 (en) | 2013-12-19 | 2021-02-02 | Visa International Service Association | Cloud-based transactions methods and systems |
US11164176B2 (en) | 2013-12-19 | 2021-11-02 | Visa International Service Association | Limited-use keys and cryptograms |
WO2015152948A1 (en) * | 2014-03-29 | 2015-10-08 | Nuspay International Incorporated | Systems and methods of generating and processing payment transaction using alternate channels and payments mode |
US20150294304A1 (en) * | 2014-04-15 | 2015-10-15 | Cellco Partnership D/B/A Verizon Wireless | Secure payment methods, system, and devices |
US11282081B2 (en) * | 2014-05-19 | 2022-03-22 | American Express Travel Related Services Company, Inc. | Authentication via biometric passphrase |
US20150332273A1 (en) * | 2014-05-19 | 2015-11-19 | American Express Travel Related Services Company, Inc. | Authentication via biometric passphrase |
US10438204B2 (en) * | 2014-05-19 | 2019-10-08 | American Express Travel Related Services Copmany, Inc. | Authentication via biometric passphrase |
US11842350B2 (en) | 2014-05-21 | 2023-12-12 | Visa International Service Association | Offline authentication |
US10846694B2 (en) | 2014-05-21 | 2020-11-24 | Visa International Service Association | Offline authentication |
US9775029B2 (en) | 2014-08-22 | 2017-09-26 | Visa International Service Association | Embedding cloud-based functionalities in a communication device |
US11036873B2 (en) | 2014-08-22 | 2021-06-15 | Visa International Service Association | Embedding cloud-based functionalities in a communication device |
US11783061B2 (en) | 2014-08-22 | 2023-10-10 | Visa International Service Association | Embedding cloud-based functionalities in a communication device |
US11240219B2 (en) | 2014-12-31 | 2022-02-01 | Visa International Service Association | Hybrid integration of software development kit with secure execution environment |
US10187363B2 (en) | 2014-12-31 | 2019-01-22 | Visa International Service Association | Hybrid integration of software development kit with secure execution environment |
US10511583B2 (en) | 2014-12-31 | 2019-12-17 | Visa International Service Association | Hybrid integration of software development kit with secure execution environment |
EP3257005A4 (en) * | 2015-02-11 | 2018-07-04 | Mastercard International Incorporated | Online form fill for tokenized credentials |
CN109690593A (en) * | 2016-06-29 | 2019-04-26 | 平方股份有限公司 | Pre- trading processing technology |
CN108229957A (en) * | 2016-12-21 | 2018-06-29 | 株式会社韩国智能交通卡 | The generation of dynamic virtual card and discarded method |
US20200134610A1 (en) * | 2017-08-09 | 2020-04-30 | SSenStone Inc. | Method and program for outputting virtual code generated from payment card, and payment card for generating virtual code |
US11778464B2 (en) | 2017-12-21 | 2023-10-03 | The Chamberlain Group Llc | Security system for a moveable barrier operator |
US11122430B2 (en) | 2017-12-21 | 2021-09-14 | The Chamberlain Group, Inc. | Security system for a moveable barrier operator |
US10652743B2 (en) | 2017-12-21 | 2020-05-12 | The Chamberlain Group, Inc. | Security system for a moveable barrier operator |
US11763616B1 (en) | 2018-06-27 | 2023-09-19 | The Chamberlain Group Llc | Network-based control of movable barrier operators for autonomous vehicles |
US11074773B1 (en) | 2018-06-27 | 2021-07-27 | The Chamberlain Group, Inc. | Network-based control of movable barrier operators for autonomous vehicles |
US11423717B2 (en) | 2018-08-01 | 2022-08-23 | The Chamberlain Group Llc | Movable barrier operator and transmitter pairing over a network |
US11869289B2 (en) | 2018-08-01 | 2024-01-09 | The Chamberlain Group Llc | Movable barrier operator and transmitter pairing over a network |
US11605078B1 (en) * | 2018-12-18 | 2023-03-14 | United Services Automobile Association (Usaa) | Dynamic code payment card verification with cross-channel authentication |
US11462067B2 (en) | 2019-05-16 | 2022-10-04 | The Chamberlain Group Llc | In-vehicle transmitter training |
US10997810B2 (en) | 2019-05-16 | 2021-05-04 | The Chamberlain Group, Inc. | In-vehicle transmitter training |
US11816644B2 (en) * | 2019-12-17 | 2023-11-14 | Mastercard International Incorporated | Systems and methods for real time data rich cross border payment transactions |
Also Published As
Publication number | Publication date |
---|---|
US10565580B2 (en) | 2020-02-18 |
US11615396B2 (en) | 2023-03-28 |
US20200143358A1 (en) | 2020-05-07 |
US20100125509A1 (en) | 2010-05-20 |
US9881297B2 (en) | 2018-01-30 |
US20180114213A1 (en) | 2018-04-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11615396B2 (en) | Methods and systems for secure mobile device initiated payment using generated image data | |
US11398910B2 (en) | Token provisioning utilizing a secure authentication system | |
US10748147B2 (en) | Adaptive authentication options | |
US11329822B2 (en) | Unique token authentication verification value | |
US11410142B2 (en) | Device enrollment system and method | |
US20180240115A1 (en) | Methods and systems for payments assurance | |
US11250391B2 (en) | Token check offline | |
Herzberg | Payments and banking with mobile personal devices | |
US8281991B2 (en) | Transaction secured in an untrusted environment | |
US10354321B2 (en) | Processing transactions with an extended application ID and dynamic cryptograms | |
AU2012294451A1 (en) | Payment device with integrated chip | |
WO2005089228A2 (en) | Internet debit system | |
US20130211937A1 (en) | Using credit card/bank rails to access a user's account at a pos | |
CN116405238A (en) | Efficient token providing system and method | |
US10628881B2 (en) | Processing transactions with an extended application ID and dynamic cryptograms | |
CN112514346B (en) | Real-time interactive processing system and method | |
US20230368190A1 (en) | Virtual terminal | |
GB2620370A (en) | Securely and efficiently using tokenised VCNs on electronic devices, and in e-commerce platforms |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: MASTERCARD INTERNATIONAL, INC.,NEW YORK Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:WANKMUELLER, JOHN R.;SMITH, PAUL;SIGNING DATES FROM 20090527 TO 20090601;REEL/FRAME:022759/0486 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |