The method of confirmation of order and payment in electronic commerce
With the increasing popularity of the Internet and World Wide Web, it has become common for merchants to set up their Web sites for marketing and selling goods.
One of the problems encountered by online merchants is the secure way of payment, accepted by their customers. Existing solutions are technically demanding or leaving easy way to fraud.
The presented invention addresses these problems. This invention relates to safe method of order confirmation and payment in electronic commerce. At the present time, one of the biggest problems is to provide a secure method of payment done by a customer. In most Web-based transactions the customer needs to provide a merchant with his payment card identification numbers, which, when seized by third parties, can be used to fraud customer's money in non authorized transactions. Due to this fact, a research work is still in progress to eliminate this information leakage and to provide a better security to customers.
There is known method of secure payment in electronic commerce, as described in USA patent no. 6029150. where individuals can have their accounts at an agent's system; the agent's system deals with both merchant's online shop and customers. In this method, a customer places an order in online shop, takes encoded information about ordered goods and amount of money to pay and sends these information to the agent's system together with demanded details about online shop and special, individual code, given to the customer when setting
his account at the agent's system. The agent's system sends, by an email, single information in encoded way, containing a special secret password, as set with the customer at the moment of setting up of customer's account. This confirmation as sent by agent's system contains also new secret password to confirm next transaction. The customer forwards such encoded information to the merchant, confirming this way, that the payment will be done by the agent. Basing on this confirmation, the merchant sends goods to the customer.
The above presented invention uses intensive work when sending, quoting and forwarding email, to be done by the customer. This work can increase a human-related mistakes and can be difficult for individuals not skilled enough to use their computers in such a way. Such a method can discourage potential customers. The dynamically changed secret password is a good way of confirming authentication of the customer in the agent's system, but has some flaws - if someone seizes such the email, he can use the new secret password to confirm another transaction before the real customer will attempt to use it. On the other hand, when customer, by accident, forgets the most recent password or is unable to recall it, the new transactions is impossible to get confirmed without personal contact with representatives of the agent. Practically, when focusing on security details, a lot of work is to be done by the customer; he has to order goods, get the encoded soods' list and their value, forward it to the asent's system quoting also valid transaction password, wait for the asent's confirmation and forward it asain to the merchant.
Since the delivery address (customer's address) is not predefined, combining this fact with possible secret password leakage, it can lead to fraud. The merchant needs to trust the agent about money transfers. This system utilizes email as signle information transmission method, which opens another way to fraud customer's money, be'cause it is common that there is more than one person using computer at home - all other person can have access to the customer's email account. For an example, children can order some goods just by acting the same way as the real customer would do.
The present invention meets following demands:
- there is no need to transfer personal information by the customer, especially - no need to use his card numbers over Internet
- there is a good way to authorize the customer when confirming transaction
- the payment is done by a bank itself right from the customer's account, as the new bank's service, where possible
According to this invention, the method of confirming of an order and a payment request in electronic commerce comprising of setting an individual customer's account at agent's system, using a special password and a list of ordered good at the moment of order, which are sent to the agent together with a transaction confirmation. This method is basing on principle that agent, when registering new customers, provides the customer with customer's unique code and an agreement for further cooperation; the customer, when issuing an order on merchant's Web site, provides only his customer's code and, some way, the list of ordered goods; the merchant sends the customer's code and total value for goods to the agent's system; the agent sends a transaction confirmation request to the customer, comprising of, among others, special one-time only generated password assigned to this particular transaction (all parts of confirmation request are being sent using at least two different information transmission method); the customer quotes that password in his reply mail to the agent, which builds the valid transaction confirmation. The agents sends an order of money transfer to the bank; the bank sends money at provided merchant's account and confirms this payment to the agent. The agent sends the payment confirmation together with customer's delivery address to the merchant which sends goods to the customer.
The information needed to confirm the transaction is divided to. at least, two parts. It is important to send every part of such information using different way of transmission (email. SMS. pager, fax. etc.).
According to this invention, to confirm the transaction the customer needs to send an reply information to the agent's system, quoting missing parts of the password from different media, for an example a phone SMS system. There is no easy way to fraud the customer without having full access to his email box and, as in this example - mobile phone at the same time. The predefined delivery address (customer's home address by default) makes fraud even more difficult to carry out. Dynamically random generated password for single transaction by agent's system provides good security level when combined with dividing method of sending it to the customer. Different media to send parts of the password does not eliminate non authorized persons at all but seriously made the fraud task far more difficult to do.
Following is an example of transaction done using the method as described in this invention.
The customer places an order on merchant's Web site by selecting goods and providing only his individual code as given by the agent's system when setting up customer's account. The merchant sends the amount of money (as the expected payment for ordered goods) and the customer's code to the agent's system. The agent sends by email a confirmation request to the customer with first part of the code and, by SMS - the second part of the code needed to confirm this transaction. The customer confirms his will to do this transaction by sending back an reply email with quoted both part of secure code (as collected from the agent's email and SMS message). The customer has some predefined time to do it - it depends on conditions set during setting up the customer's account in the agent's system. The agent, after the reception of valid transaction confirmation attempts to order money transfer from customer's bank to merchant's account, provided there is enough money on the customer's bank account and other predefined conditions (maximum payment per day etc.) are also met. If there is no possibility to do such money transfer, the transaction is canceled and both merchant and customer are informed about it. Otherwise, monev transfer is executed, the aεent sends customer's delivery address to the merchant, the
merchant sends goods to the customer after the reception of the payment.