Secure networked transaction system
First Claim
1. A method of approving an online transaction between a user computer and a merchant computer interconnected over a computer network, in conjunction with a payment card associated with the user computer, comprising the steps of:
- a) transmitting a transaction request from the user computer to the merchant computer;
b) transmitting a verification request from the merchant computer to a verification computer, the verification request comprising a first data string associated with the payment card;
c) storing the verification request at the verification computer in association with a transaction identifier and a verification data string;
d) transmitting the transaction identifier and the verification data string from the verification computer to the merchant computer;
e) storing at the merchant computer (i) the verification data string as an expected verification data string, and (ii) the transaction identifier;
f) transmitting from the merchant computer to the user computer the transaction identifier;
g) the user computer transmitting to the verification computer (i) the transaction identifier, and (ii) a second data string associated with the payment card;
h) the verification computer using the transaction identifier received from the user computer to retrieve the verification request previously stored by the verification computer with that received transaction identifier;
i) the verification computer performing a verification step by using the first data string associated with the payment card retrieved from storage and the second data string associated with the payment card received from the user computer to verify if the transaction should be approved;
j) upon successful verification that the transaction should be approved, the verification computer transmitting a verification approval message to the user computer, the verification approval message comprising the transaction identifier and the verification data string associated therewith as a confirmation verification data string;
k) the user computer transmitting the verification approval message to the merchant computer;
l) the merchant computer using the transaction identifier in the verification approval message to retrieve an expected verification data string previously stored;
m) the merchant computer comparing the expected verification data string with the confirmation verification data string from the verification approval message; and
n) the merchant computer indicating that the transaction has been approved if the comparison is positive.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and system for approval by a verification computer of an online transaction between a user computer and a merchant computer over the Internet. The user computer transmits a transaction request to the merchant computer, which may include a product to be purchased and the payment amount. The merchant computer transmits to the verification computer a verification request including a first data string associated with the payment card (such as a debit card account number or a portion thereof) and the payment amount. The verification request is stored at the verification computer with a transaction identifier and a verification data string, which are also transmitted to the merchant computer. The merchant computer stores the verification data string as an expected verification data string and the transaction identifier, transmits the transaction identifier to the user computer, and the user computer transmits the transaction identifier to the verification computer. This may be accomplished by the merchant computer redirecting the web browser of the user computer to the verification computer. The user computer also transmits a second data string associated with the payment card (such as the PIN for the debit card) after being requested by the verification computer. The verification computer uses the transaction identifier received via the user computer to retrieve the verification request previously stored with that received transaction identifier, and then it performs a verification step by using the first data string associated with the payment card retrieved from storage and the second data string associated with the payment card received from the user computer to verify if the transaction should be approved, e.g. by determining if an account associated with the payment card is sufficient to cover the payment amount in the verification request. The verification computer will, upon successful verification that the transaction should be approved, transmit a verification approval message to the user computer, which includes the transaction identifier and the verification data string associated therewith as a confirmation verification data string, and the user computer transmits the verification approval message to the merchant computer. This may also be accomplished by the verification computer redirecting the web browser of the user computer to the merchant computer with the appropriate data. The merchant computer uses the transaction identifier in the verification approval message to retrieve an expected verification data string it had previously stored. The merchant computer then compares the expected verification data string with the confirmation verification data string from the verification approval message and indicates that the transaction has been approved if the comparison is positive.
46 Citations
2 Claims
-
1. A method of approving an online transaction between a user computer and a merchant computer interconnected over a computer network, in conjunction with a payment card associated with the user computer, comprising the steps of:
-
a) transmitting a transaction request from the user computer to the merchant computer;
b) transmitting a verification request from the merchant computer to a verification computer, the verification request comprising a first data string associated with the payment card;
c) storing the verification request at the verification computer in association with a transaction identifier and a verification data string;
d) transmitting the transaction identifier and the verification data string from the verification computer to the merchant computer;
e) storing at the merchant computer (i) the verification data string as an expected verification data string, and (ii) the transaction identifier;
f) transmitting from the merchant computer to the user computer the transaction identifier;
g) the user computer transmitting to the verification computer (i) the transaction identifier, and (ii) a second data string associated with the payment card;
h) the verification computer using the transaction identifier received from the user computer to retrieve the verification request previously stored by the verification computer with that received transaction identifier;
i) the verification computer performing a verification step by using the first data string associated with the payment card retrieved from storage and the second data string associated with the payment card received from the user computer to verify if the transaction should be approved;
j) upon successful verification that the transaction should be approved, the verification computer transmitting a verification approval message to the user computer, the verification approval message comprising the transaction identifier and the verification data string associated therewith as a confirmation verification data string;
k) the user computer transmitting the verification approval message to the merchant computer;
l) the merchant computer using the transaction identifier in the verification approval message to retrieve an expected verification data string previously stored;
m) the merchant computer comparing the expected verification data string with the confirmation verification data string from the verification approval message; and
n) the merchant computer indicating that the transaction has been approved if the comparison is positive.
-
-
2-113. -113. (canceled)
Specification