ONLINE PAYER AUTHENTICATION SERVICE
0 Assignments
0 Petitions
Accused Products
Abstract
A payment authentication service authenticates the identity of a payer during online transactions. The authentication service of the present invention allows a card issuer to verify a cardholder'"'"'s identity using a variety of authentication methods, such as the use of passwords. Also, the only system participant requiring a certificate is the issuing financial institution. One embodiment of the invention for authenticating the identity of a cardholder during an online transaction involves querying an access control server to determine if a cardholder is enrolled in the payment authentication service, requests a password from the cardholder, verifies the password, and notifies a merchant whether the cardholder'"'"'s authenticity has been verified. In another aspect of the invention, a chip card and the authentication service independently generate cryptograms that must match in order for the service to verify that the correct chip card is being used by the cardholder.
155 Citations
19 Claims
-
1-2. -2. (canceled)
-
3. In an online transaction system including an account holder, a merchant, and an authentication service, a method for authenticating the merchant that the account holder is authorized to use a payment instrument as part of an online transaction, wherein the method comprises:
-
receiving a request to verify that the account holder is authorized to use the payment instrument; determining whether the account holder has access to a secret code, wherein the secret code is sent by the account holder only to a third party, wherein the third party can be the authentication service, and wherein access to the secret code verifies authority to use the payment instrument; and transmitting to the merchant an authorization message including whether the account holder is authorized to use the payment instrument, wherein the transmitting step is responsive to a determination of whether the account holder has access to the secret code. - View Dependent Claims (4, 5, 6, 7, 8, 9, 10)
-
-
11. A software program product for authenticating to a merchant that an account holder is authorized to use a payment instrument as part of an online transaction, the software executing the steps of:
-
receiving a request to verify that the account holder is authorized to use the payment instrument; determining whether the account holder has access to a secret code, wherein the secret code is sent by the account holder only to a third party, wherein the third party can be an authentication service, and wherein access to the secret code verifies authority to use the payment instrument, and transmitting to the merchant an authorization message including whether the account holder is authorized to use the payment instrument, wherein the transmitting step is responsive to the determination of whether the account holder has access to the secret code. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A payment authentication system including a merchant and an account holder desiring to use a payment instrument as part of an online transaction with the merchant during the online transaction comprising:
-
an authentication service coupled to the merchant, for performing an online transaction, comprising the steps of; receiving a request to verify that the account holder is authorized to use the payment instrument; determining whether the account holder has access to a secret code, wherein the secret code is sent by the account holder only to a third party, wherein the third party can be an authentication service, and wherein access to the secret code verifies authority to use the payment instrument; and transmitting to the merchant an authorization message including whether the account holder is authorized to use the payment instrument, wherein the transmitting step is responsive to the determination of whether the account holder has access to the secret code. - View Dependent Claims (18, 19)
-
Specification