Method and system for securing card payment transactions using a mobile communication device
First Claim
1. A method for managing card services including performing a transaction with a payment card and a mobile communications device, wherein the method comprises:
- registering the payment card with an issuer of the card by providing a number or address of the mobile communications device to an issuer of the payment card, wherein the issuer associates the payment card with the number or address of the mobile communications device;
subsequent to the registering, receiving a communication from an owner of the payment card that selects whether the payment card is in a one-time-authorization mode or a normal authorization mode, whereby the owner of the payment card selects whether or not a next transaction using the payment card will be in one-time-authorization mode;
receiving a notification from a point of sales terminal located at a point of sales indicating that the next transaction has been initiated, wherein the notification is received by a point of sales system;
within the point of sales system, determining whether the payment card is in the one-time-authorization mode or the normal authorization mode;
in response to determining that the payment card is in the normal authorization mode, requiring input of a static multi-use personal identification number (PIN) at the point of sales terminal, and authorizing the next transaction if a static multi-use personal identification number (PIN) entered as a first input to the point of sales terminal is valid; and
in response to determining that the payment card is in the one-time-authorization mode, setting a timer and sending a message associated with the particular card transaction to a user of the particular mobile communications device via the particular mobile communications device, wherein the message contains a one-time-use personal identification number (PIN) for use in the next transaction, requiring input of the one-time use personal identification number (PIN) at the point of sales terminal before the timer has expired in order to authorize the particular card transaction, receiving the one-time-use personal identification number (PIN) from the user at the point of sales, entering the one-time-use personal identification number (PIN) as a second input to the point of sales terminal, wherein the point of sales system receives the one-time-use personal identification number (PIN) and authorizes the particular card transaction only if the one-time-use personal identification number (PIN) is received from the point of sales terminal before the timer has expired.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for securing card payment transactions using a mobile communication device provides improved security in card payment transactions such as credit and debit card transactions. Upon receipt of a transaction at the card issuer or other service provider, a message is sent to a mobile communication device that has been uniquely associated with the card. The message may be an interactive message requiring response by the card owner for authorization, or may communicate a one-time-use personal identification number (PIN) with required PIN return via the point-of-sales system or the mobile communications device. In each transaction, the card issuer or service provider confirms that the communication was received and the transaction authorized by the card owner, further ensuring the authorized use of the card. The PIN and/or interactive message response period may be voided after a short time, further improving security of the transaction.
-
Citations
1 Claim
-
1. A method for managing card services including performing a transaction with a payment card and a mobile communications device, wherein the method comprises:
-
registering the payment card with an issuer of the card by providing a number or address of the mobile communications device to an issuer of the payment card, wherein the issuer associates the payment card with the number or address of the mobile communications device; subsequent to the registering, receiving a communication from an owner of the payment card that selects whether the payment card is in a one-time-authorization mode or a normal authorization mode, whereby the owner of the payment card selects whether or not a next transaction using the payment card will be in one-time-authorization mode; receiving a notification from a point of sales terminal located at a point of sales indicating that the next transaction has been initiated, wherein the notification is received by a point of sales system; within the point of sales system, determining whether the payment card is in the one-time-authorization mode or the normal authorization mode; in response to determining that the payment card is in the normal authorization mode, requiring input of a static multi-use personal identification number (PIN) at the point of sales terminal, and authorizing the next transaction if a static multi-use personal identification number (PIN) entered as a first input to the point of sales terminal is valid; and in response to determining that the payment card is in the one-time-authorization mode, setting a timer and sending a message associated with the particular card transaction to a user of the particular mobile communications device via the particular mobile communications device, wherein the message contains a one-time-use personal identification number (PIN) for use in the next transaction, requiring input of the one-time use personal identification number (PIN) at the point of sales terminal before the timer has expired in order to authorize the particular card transaction, receiving the one-time-use personal identification number (PIN) from the user at the point of sales, entering the one-time-use personal identification number (PIN) as a second input to the point of sales terminal, wherein the point of sales system receives the one-time-use personal identification number (PIN) and authorizes the particular card transaction only if the one-time-use personal identification number (PIN) is received from the point of sales terminal before the timer has expired.
-
Specification