AUTHENTICATION OF CARD-NOT-PRESENT TRANSACTIONS

US 20180322493A1
Filed: 07/16/2018
Published: 11/08/2018
Est. Priority Date: 12/18/2009
Status: Active Grant

First Claim

Patent Images

1. A method of processing a card-not-present transaction, wherein the transaction is processed with a primary account number and cardholder verification information, the method comprising:

receiving, by a payment processor system, a request for a card-not-present transaction by a consumer, the request including information identifying the consumer;

authenticating the consumer, by the payment processor system, based at least in part on the information identifying the consumer;

in response to authenticating the consumer, generating, by the payment processor system, a set of single-use payment information, the set of single-use payment information including at least both a one-time password and a separate dynamic Primary Account Number (PAN), wherein the dynamic PAN is valid for a single transaction and does not reveal a true PAN of the enrolled consumer;

providing single-use payment information from the payment processor system to a merchant and to the consumer, including providing a portion of the set of single-use payment information directly to a merchant system while providing another portion of the set of single-use payment information to the consumer for the consumer to provide to the merchant, with the one-time password for use in place of true cardholder verification information and the dynamic PAN for use in place of a true PAN and;

receiving, by the payment processor system, both the one-time password and the separate dynamic PAN as provided to the merchant and the consumer, in order to process the card-not-present transaction, including;

receiving, by the payment processor system, from the merchant system a request to process payment of the card-not-present transaction, the request including the dynamic PAN in place of a true PAN and the one-time password in place of true cardholder verification information;

authenticating the request to process payment of the card-not-present transaction, by the payment processor system, based on the dynamic PAN and the one-time password from the request to process payment of the card-not-present transaction;

in response to authenticating the request to process payment of the card-not-present transaction, determining, by the payment processor system, the true PAN for the consumer; and

processing payment of the card-not-present transaction, by the payment processor system, using the true PAN for the consumer.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and machine-readable media are disclosed for processing a card-not-present transaction. According to one embodiment, processing a card-not-present transaction can comprise receiving a request for a card-not-present transaction involving an enrolled consumer. The request can include information identifying the enrolled consumer. A record of information related to the enrolled consumer can be read and the enrolled consumer can be authenticated based at least in part on the information of the request and the record of information related to the enrolled consumer. In response to authenticating the enrolled consumer, a set of single-use payment information can be generated which can include a one-time password and a dynamic Primary Account Number (PAN) which is valid for a single transaction. The single-use payment information can be provided to the enrolled consumer or the merchant to complete the transaction in place of the true PAN.

Citations

20 Claims

1. A method of processing a card-not-present transaction, wherein the transaction is processed with a primary account number and cardholder verification information, the method comprising:
- receiving, by a payment processor system, a request for a card-not-present transaction by a consumer, the request including information identifying the consumer;
  
  authenticating the consumer, by the payment processor system, based at least in part on the information identifying the consumer;
  
  in response to authenticating the consumer, generating, by the payment processor system, a set of single-use payment information, the set of single-use payment information including at least both a one-time password and a separate dynamic Primary Account Number (PAN), wherein the dynamic PAN is valid for a single transaction and does not reveal a true PAN of the enrolled consumer;
  
  providing single-use payment information from the payment processor system to a merchant and to the consumer, including providing a portion of the set of single-use payment information directly to a merchant system while providing another portion of the set of single-use payment information to the consumer for the consumer to provide to the merchant, with the one-time password for use in place of true cardholder verification information and the dynamic PAN for use in place of a true PAN and;
  
  receiving, by the payment processor system, both the one-time password and the separate dynamic PAN as provided to the merchant and the consumer, in order to process the card-not-present transaction, including;
  
  receiving, by the payment processor system, from the merchant system a request to process payment of the card-not-present transaction, the request including the dynamic PAN in place of a true PAN and the one-time password in place of true cardholder verification information;
  
  authenticating the request to process payment of the card-not-present transaction, by the payment processor system, based on the dynamic PAN and the one-time password from the request to process payment of the card-not-present transaction;
  
  in response to authenticating the request to process payment of the card-not-present transaction, determining, by the payment processor system, the true PAN for the consumer; and
  
  processing payment of the card-not-present transaction, by the payment processor system, using the true PAN for the consumer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein the portion of the set of single-use payment information provided directly to the merchant system comprises the dynamic PAN and wherein the another portion of the set of single-use payment information provided to the consumer comprises the one-time password.
  - 3. The method of claim 1, wherein the consumer is the enrolled consumer for which a record of information related to the enrolled consumer is registered, wherein the payment processor reads the record of information related to the enrolled consumer, and wherein authenticating the consumer is further based on the record of information related to the enrolled consumer.
  - 4. The method of claim 3, wherein the record of information related to the enrolled consumer includes the true PAN and information selected from a group consisting of a phone number of the enrolled consumer and an email address of the enrolled consumer.
  - 5. The method of claim 4, wherein providing the set of single-use payment information from the payment processor to the consumer comprises sending an email message to the email address of the enrolled consumer.
  - 6. The method of claim 4, wherein the phone number of the enrolled consumer comprises a phone number of a mobile phone and wherein providing the set of single-use payment information from the payment processor to the consumer comprises sending a Short Message Service (SMS) message to the phone number of the enrolled consumer.
  - 7. The method of claim 1, wherein receiving the request for the card-not-present transaction comprises receiving the request from a client device of the consumer.
  - 8. The method of claim 1, wherein receiving the request for the card-not-present transaction comprises receiving the request from a mobile device of the consumer.
  - 9. The method of claim 1, wherein receiving the request for the card-not-present transaction comprises receiving the request from the merchant system of a merchant involved in the transaction.
  - 10. The method of claim 1, wherein the information identifying the consumer comprises a phone number of the consumer.
  - 11. The method of claim 1, wherein the information identifying the consumer comprises an email address of the consumer.
  - 12. The method of claim 1, wherein the information identifying the consumer comprises a last four digits of the true PAN.
  - 13. The method of claim 1, wherein providing the set of single-use payment information from the payment processor to the consumer comprises providing the set of single-use payment information to a client device or a mobile device of the consumer.
  - 14. The method of claim 1, wherein the dynamic PAN retains a portion of the true PAN for routing of the request to process payment of the card-not-present transaction to the payment processor system via a payment network.
  - 15. The method of claim 1, wherein the dynamic PAN retains the right-most 4 digits of the true PAN.

16. A system for conducting a card-not-present transaction, wherein the transaction is processed with a primary account number and cardholder verification information, comprising:
- a merchant system configured to provide an e-commerce website;
  
  a client device adapted to access the e-commerce website; and
  
  a payment processor system communicatively coupled with the merchant system and the client device, wherein the payment processor system maintains enrollment information for a user of the client device,wherein the client device initiates a card-not-present transaction with the merchant system through the e-commerce website and requests a set of single-use payment information from the payment processor system,wherein the payment processor system receives the request for the card-not-present transaction, the request including information identifying the user of the client device, authenticates the user of the client device based at least in part on the information of the request identifying the user of the client device, and in response to authenticating the user of the client device, generates the set of single-use payment information, the set of single-use payment information including at least both a one-time password for use in place of true cardholder verification information and a separate dynamic Primary Account Number (PAN) for use in place of a true PAN, wherein the dynamic PAN is valid for a single transaction and does not reveal a true PAN of the user of the client device, and wherein the payment processor system provides single-use payment information to a merchant and to the user, including providing a portion of the set of single-use payment information directly to the merchant system while providing another portion of the set of single-use payment information to the user for the user to provide to the merchant,wherein the merchant system receives the dynamic PAN and one-time password and sends a request to process payment of the card-not-present transaction to the payment processor system, the request including the dynamic PAN and one-time password, andwherein the payment processor system receives the request to process payment of the card-not-present transaction from a merchant system, including the dynamic PAN and the one-time password, authenticates the request to process payment of the card-not-present transaction based on the dynamic PAN and the one-time password from the request to process payment of the card-not-present transaction, and in response to authenticating the request to process payment of the card-not-present transaction, determines the true PAN for the user of the client device and processes payment of the card-not-present transaction using the true PAN for the user of the client device.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, wherein the portion of the set of single use payment information provided directly to the merchant system comprises the dynamic PAN and wherein the another portion of the set of single use payment information provided to the user comprises the one-time password.
  - 18. The system of claim 16, wherein the information identifying the user of the client device comprises one or more of a phone number, an email address, and a last four digits of the true PAN.
  - 19. The system of claim 16, wherein the user of the client device is an enrolled consumer for which a record of information related to the enrolled consumer is registered, wherein the payment processor reads the record of information related to the enrolled consumer, and wherein authenticating the user of the client device is further based on the record of information related to the enrolled consumer.
  - 20. The system of claim 16, wherein the record of information related to the enrolled consumer includes the true PAN and information selected from a group consisting of a phone number and an email address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
First Data Corporation (Fiserv Incorporated)
Original Assignee
First Data Corporation (Fiserv Incorporated)
Inventors
Royyuru, Vijay K.

Granted Patent

US 10,643,207 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06Q 20/12   specially adapted for elect...

G06Q 20/385   using an alias or single-us...

G06Q 20/40   Authorisation, e.g. identif...

H04L 63/08   for authentication of entit...

AUTHENTICATION OF CARD-NOT-PRESENT TRANSACTIONS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

AUTHENTICATION OF CARD-NOT-PRESENT TRANSACTIONS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links