AUTHENTICATION OF CARD-NOT-PRESENT TRANSACTIONS

US 20110153496A1
Filed: 12/18/2009
Published: 06/23/2011
Est. Priority Date: 12/18/2009
Status: Active Grant

First Claim

Patent Images

1. A method of processing a card-not-present transaction, the method comprising:

receiving at a payment processor system a request for a card-not-present transaction involving an enrolled consumer, the request including information identifying the enrolled consumer but wherein the information identifying the enrolled consumer is not sufficient for conducting a financial transaction;

reading with the payment processor system a record of information related to the enrolled consumer;

authenticating the enrolled consumer with the payment processor system based at least in part on the information of the request identifying the enrolled consumer and the record of information related to the enrolled consumer;

in response to authenticating the enrolled consumer, generating with the payment processor system a set of single-use payment information, the set of single-use payment information including at least a one-time password and a dynamic Primary Account Number (PAN), wherein the dynamic PAN is valid for a single transaction and does not reveal a true PAN of the enrolled consumer; and

providing the single-use payment information from the payment processor system to the enrolled consumer.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and machine-readable media are disclosed for processing a card-not-present transaction. According to one embodiment, processing a card-not-present transaction can comprise receiving a request for a card-not-present transaction involving an enrolled consumer. The request can include information identifying the enrolled consumer. A record of information related to the enrolled consumer can be read and the enrolled consumer can be authenticated based at least in part on the information of the request and the record of information related to the enrolled consumer. In response to authenticating the enrolled consumer, a set of single-use payment information can be generated which can include a one-time password and a dynamic Primary Account Number (PAN) which is valid for a single transaction. The single-use payment information can be provided to the enrolled consumer or the merchant to complete the transaction in place of the true PAN.

212 Citations

38 Claims

1. A method of processing a card-not-present transaction, the method comprising:
- receiving at a payment processor system a request for a card-not-present transaction involving an enrolled consumer, the request including information identifying the enrolled consumer but wherein the information identifying the enrolled consumer is not sufficient for conducting a financial transaction;
  
  reading with the payment processor system a record of information related to the enrolled consumer;
  
  authenticating the enrolled consumer with the payment processor system based at least in part on the information of the request identifying the enrolled consumer and the record of information related to the enrolled consumer;
  
  in response to authenticating the enrolled consumer, generating with the payment processor system a set of single-use payment information, the set of single-use payment information including at least a one-time password and a dynamic Primary Account Number (PAN), wherein the dynamic PAN is valid for a single transaction and does not reveal a true PAN of the enrolled consumer; and
  
  providing the single-use payment information from the payment processor system to the enrolled consumer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, further comprising:
    - receiving at the payment processor system from a merchant system a request to process payment of the card-not-present transaction, the request including the dynamic PAN and cardholder verification information;
      
      authenticating the request to process payment of the card-not-present transaction with the payment processor system based on the dynamic PAN and cardholder verification information from the request to process payment of the card-not-present transaction;
      
      in response to authenticating the request to process payment of the card-not-present transaction, determining with the payment processor system the true PAN for the enrolled consumer; and
      
      processing payment of the card-not-present transaction with the payment processor system using the true PAN for the enrolled consumer.
  - 3. The method of claim 2, wherein the cardholder verification information comprises the one-time password.
  - 4. The method of claim 2, wherein the cardholder verification information comprises the one time password combined with a Personal Identification Number (PIN) of the enrolled consumer.
  - 5. The method of claim 1, wherein receiving the request for the card-not-present transaction comprises receiving the request from a client device of the enrolled consumer.
  - 6. The method of claim 1, wherein receiving the request for the card-not-present transaction comprises receiving the request from a mobile device of the enrolled consumer.
  - 7. The method of claim 1, wherein receiving the request for the card-not-present transaction comprises receiving the request from a merchant system of a merchant involved in the transaction.
  - 8. The method of claim 1, wherein the information identifying the enrolled consumer comprises a phone number of the enrolled consumer.
  - 9. The method of claim 1, wherein the information identifying the enrolled consumer comprises an email address of the enrolled consumer.
  - 10. The method of claim 1, wherein the information identifying the enrolled consumer comprises a last four digits of the true PAN.
  - 11. The method of claim 1, wherein the record of information related to the consumer includes the true PAN and information selected from a group consisting of a phone number of the enrolled consumer and an email address of the enrolled consumer.
  - 12. The method of claim 11, wherein providing the single-use payment information from the payment processor to the enrolled consumer comprises sending an email message to the email address of the enrolled consumer.
  - 13. The method of claim 11, wherein the phone number of the enrolled consumer comprises a phone number of a mobile phone and wherein providing the single-use payment information from the payment processor to the enrolled consumer comprises sending a Short Message Service (SMS) message to the phone number of the enrolled consumer.
  - 14. The method of claim 11, wherein providing the single-use payment information from the payment processor comprises providing a portion of the single-use payment information to the merchant system while providing another portion of the single-use payment information to the enrolled consumer.
  - 15. The method of claim 11, wherein providing the single-use payment information from the payment processor comprises providing the single-use payment information to a client device or a mobile device of the enrolled consumer.
  - 16. The method of claim 11, wherein providing the single-use payment information from the payment processor comprises providing the single-use payment information directly to the merchant system.
  - 17. The method of claim 2, wherein generating the dynamic PAN is based on the true PAN but does not reveal the true PAN.
  - 18. The method of claim 17, wherein the dynamic PAN retains a portion of the true PAN for routing of the request to process payment of the card-not-present transaction to the payment processor system via a payment network.
  - 19. The method of claim 17, wherein the dynamic PAN retains the right-most 4 digits of the true PAN as receipt digits.

20. A method of conducting a card-not-present transaction, the method comprising:
- initiating with a client system of a consumer enrolled with a service of a payment processor system a card-not-present transaction with a merchant system;
  
  receiving at the client system from the payment processor system a set of single-use payment information, the set of single-use payment information including at least a one-time password and a dynamic Primary Account Number (PAN), wherein the dynamic PAN is valid for a single transaction and does not reveal a true PAN of the enrolled consumer; and
  
  providing with the client system to the merchant system the dynamic PAN and cardholder verification information to affect payment of the card-not-present transaction.
- View Dependent Claims (21, 22, 23, 24, 25)
- - 21. The method of claim 20, wherein initiating the card-not-present transaction comprises providing with the client system to the payment processor system information identifying the enrolled consumer.
  - 22. The method of claim 20, wherein receiving the set of single-use payment information comprises receiving an email message.
  - 23. The method of claim 20, wherein receiving the single-use payment information comprises receiving the single-use payment information in an application or applet in the client device or the enrolled consumer'"'"'s mobile device.
  - 24. The method of claim 20, wherein receiving the set of single-use payment information comprises receiving a Short Message Service (SMS) message.
  - 25. The method of claim 20, wherein the cardholder verification information comprises the one time password combined with a Personal Identification Number (PIN) of the enrolled consumer.

26. A system comprising:
- a merchant system providing an e-commerce website;
  
  a client device adapted to access the e-commerce website; and
  
  a payment processor system communicatively coupled with the merchant system and the client device, wherein the payment processor system maintains enrollment information for a user of the client device,wherein the client device initiates a card-not-present transaction with the merchant system through the e-commerce website and requests a set of single-use payment information from the payment processor system,wherein the payment processor system receives the request for the card-not-present transaction, the request including information identifying the user of the client device but wherein the information identifying the user of the client device is not sufficient for conducting a financial transaction, reads the enrollment information for the user of the client device, authenticates the user of the client device based at least in part on the information of the request identifying the user of the client device and the enrollment information for the user of the client device, and in response to authenticating the user of the client device, generates the set of single-use payment information, the set of single-use payment information including at least a one-time password and a dynamic Primary Account Number (PAN), wherein the dynamic PAN is valid for a single transaction and does not reveal a true PAN of the user of the client device, and provides the single-use payment information to the user of the client device,wherein the client device providing to the merchant system the dynamic PAN and cardholder verification information to affect payment of the card-not-present transaction,wherein the merchant system receives the dynamic PAN and cardholder verification information and sends a request to process payment of the card-not-present transaction to the payment processor system, the request including the dynamic PAN and cardholder verification information, andwherein the payment processor system receives the request to process payment of the card-not-present transaction from a merchant system, authenticates the request to process payment of the card-not-present transaction based on the dynamic PAN and cardholder verification information from the request to process payment of the card-not-present transaction, and in response to authenticating the request to process payment of the card-not-present transaction, determines the true PAN for the user of the client device from the enrollment information for the user of the client device and processes payment of the card-not-present transaction using the true PAN for the user of the client device.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
- - 27. The system of claim 26, wherein the cardholder verification information comprises the one-time password.
  - 28. The system of claim 26, wherein the cardholder verification information comprises the one time password combined with a Personal Identification Number (PIN) of the user of the client device.
  - 29. The system of claim 26, wherein the payment processor system receives the request for the card-not-present transaction from the client device.
  - 30. The system of claim 26, wherein the payment processor system receives the request for the card-not-present transaction from a mobile device of the enrolled consumer.
  - 31. The system of claim 26, wherein the payment processor system receives the request for the card-not-present transaction from the merchant system.
  - 32. The system of claim 26, wherein the information identifying the user of the client device comprises one or more of a phone number, an email address, and a last four digits of the true PAN.
  - 33. The system of claim 26, wherein the enrollment information for the user of the client device includes the true PAN and information selected from a group consisting of a phone number and an email address.
  - 34. The system of claim 33, wherein providing the single-use payment information to the enrolled consumer comprises sending an email message including the single-use payment information from the payment processor system to the email address.
  - 35. The system of claim 33, further comprising a mobile phone, wherein the phone number of the enrolled information comprises a phone number of the mobile phone and wherein providing the single-use payment information f to the enrolled consumer comprises sending a Short Message Service (SMS) message including the single-use payment information from the payment processor system to the mobile phone.
  - 36. The system of claim 33, wherein providing the single-use payment information from the payment processor comprises providing a portion of the single-use payment information to the merchant system while providing another portion of the single-use payment information to the enrolled consumer.
  - 37. The system of claim 33, wherein providing the single-use payment information from the payment processor comprises providing the single-use payment information to a client device or a mobile device of the enrolled consumer.
  - 38. The system of claim 33, wherein providing the single-use payment information from the payment processor comprises providing the single-use payment information directly to the merchant system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
First Data Corporation (Fiserv Incorporated)
Original Assignee
First Data Corporation (Fiserv Incorporated)
Inventors
Royyuru, Vijay K.

Granted Patent

US 10,049,356 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/44
CPC Class Codes

G06Q 20/12   specially adapted for elect...

G06Q 20/385   using an alias or single-us...

G06Q 20/40   Authorisation, e.g. identif...

H04L 63/08   for authentication of entit...

AUTHENTICATION OF CARD-NOT-PRESENT TRANSACTIONS

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

212 Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

AUTHENTICATION OF CARD-NOT-PRESENT TRANSACTIONS

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

212 Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links