AUTHENTICATION OF CARD-NOT-PRESENT TRANSACTIONS
First Claim
1. A method of processing a card-not-present transaction, wherein the transaction is processed with a primary account number and cardholder verification information, the method comprising:
- receiving, by a payment processor system, a request for a card-not-present transaction by a consumer, the request including information identifying the consumer;
authenticating the consumer, by the payment processor system, based at least in part on the information identifying the consumer;
in response to authenticating the consumer, generating, by the payment processor system, a set of single-use payment information, the set of single-use payment information including at least both a one-time password and a separate dynamic Primary Account Number (PAN), wherein the dynamic PAN is valid for a single transaction and does not reveal a true PAN of the enrolled consumer;
providing single-use payment information from the payment processor system to a merchant and to the consumer, including providing a portion of the set of single-use payment information directly to a merchant system while providing another portion of the set of single-use payment information to the consumer for the consumer to provide to the merchant, with the one-time password for use in place of true cardholder verification information and the dynamic PAN for use in place of a true PAN and;
receiving, by the payment processor system, both the one-time password and the separate dynamic PAN as provided to the merchant and the consumer, in order to process the card-not-present transaction, including;
receiving, by the payment processor system, from the merchant system a request to process payment of the card-not-present transaction, the request including the dynamic PAN in place of a true PAN and the one-time password in place of true cardholder verification information;
authenticating the request to process payment of the card-not-present transaction, by the payment processor system, based on the dynamic PAN and the one-time password from the request to process payment of the card-not-present transaction;
in response to authenticating the request to process payment of the card-not-present transaction, determining, by the payment processor system, the true PAN for the consumer; and
processing payment of the card-not-present transaction, by the payment processor system, using the true PAN for the consumer.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, systems, and machine-readable media are disclosed for processing a card-not-present transaction. According to one embodiment, processing a card-not-present transaction can comprise receiving a request for a card-not-present transaction involving an enrolled consumer. The request can include information identifying the enrolled consumer. A record of information related to the enrolled consumer can be read and the enrolled consumer can be authenticated based at least in part on the information of the request and the record of information related to the enrolled consumer. In response to authenticating the enrolled consumer, a set of single-use payment information can be generated which can include a one-time password and a dynamic Primary Account Number (PAN) which is valid for a single transaction. The single-use payment information can be provided to the enrolled consumer or the merchant to complete the transaction in place of the true PAN.
-
Citations
20 Claims
-
1. A method of processing a card-not-present transaction, wherein the transaction is processed with a primary account number and cardholder verification information, the method comprising:
-
receiving, by a payment processor system, a request for a card-not-present transaction by a consumer, the request including information identifying the consumer; authenticating the consumer, by the payment processor system, based at least in part on the information identifying the consumer; in response to authenticating the consumer, generating, by the payment processor system, a set of single-use payment information, the set of single-use payment information including at least both a one-time password and a separate dynamic Primary Account Number (PAN), wherein the dynamic PAN is valid for a single transaction and does not reveal a true PAN of the enrolled consumer; providing single-use payment information from the payment processor system to a merchant and to the consumer, including providing a portion of the set of single-use payment information directly to a merchant system while providing another portion of the set of single-use payment information to the consumer for the consumer to provide to the merchant, with the one-time password for use in place of true cardholder verification information and the dynamic PAN for use in place of a true PAN and; receiving, by the payment processor system, both the one-time password and the separate dynamic PAN as provided to the merchant and the consumer, in order to process the card-not-present transaction, including; receiving, by the payment processor system, from the merchant system a request to process payment of the card-not-present transaction, the request including the dynamic PAN in place of a true PAN and the one-time password in place of true cardholder verification information; authenticating the request to process payment of the card-not-present transaction, by the payment processor system, based on the dynamic PAN and the one-time password from the request to process payment of the card-not-present transaction; in response to authenticating the request to process payment of the card-not-present transaction, determining, by the payment processor system, the true PAN for the consumer; and processing payment of the card-not-present transaction, by the payment processor system, using the true PAN for the consumer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A system for conducting a card-not-present transaction, wherein the transaction is processed with a primary account number and cardholder verification information, comprising:
-
a merchant system configured to provide an e-commerce website; a client device adapted to access the e-commerce website; and a payment processor system communicatively coupled with the merchant system and the client device, wherein the payment processor system maintains enrollment information for a user of the client device, wherein the client device initiates a card-not-present transaction with the merchant system through the e-commerce website and requests a set of single-use payment information from the payment processor system, wherein the payment processor system receives the request for the card-not-present transaction, the request including information identifying the user of the client device, authenticates the user of the client device based at least in part on the information of the request identifying the user of the client device, and in response to authenticating the user of the client device, generates the set of single-use payment information, the set of single-use payment information including at least both a one-time password for use in place of true cardholder verification information and a separate dynamic Primary Account Number (PAN) for use in place of a true PAN, wherein the dynamic PAN is valid for a single transaction and does not reveal a true PAN of the user of the client device, and wherein the payment processor system provides single-use payment information to a merchant and to the user, including providing a portion of the set of single-use payment information directly to the merchant system while providing another portion of the set of single-use payment information to the user for the user to provide to the merchant, wherein the merchant system receives the dynamic PAN and one-time password and sends a request to process payment of the card-not-present transaction to the payment processor system, the request including the dynamic PAN and one-time password, and wherein the payment processor system receives the request to process payment of the card-not-present transaction from a merchant system, including the dynamic PAN and the one-time password, authenticates the request to process payment of the card-not-present transaction based on the dynamic PAN and the one-time password from the request to process payment of the card-not-present transaction, and in response to authenticating the request to process payment of the card-not-present transaction, determines the true PAN for the user of the client device and processes payment of the card-not-present transaction using the true PAN for the user of the client device. - View Dependent Claims (17, 18, 19, 20)
-
Specification