Secure payment card transactions
First Claim
1. A method of adding security to a point-of-sale (POS) server which communicates over a network with one or more POS terminals, each POS terminal including a payment card reader, the POS server including a POS server application installed thereon configured to communicate with the one or more POS terminals over a non-secure channel to process payment card transactions, the method comprising:
- installing a server security application on the POS server, the server security application configured to cause the POS server to at least;
receive payment data from the one or more POS terminals over a secure channel, the payment data comprising actual card data obtained from the payment card reader;
access false card data comprising a sequence of digits that are chosen to fail a Luhn test, such that the false card data comprises an invalid payment card number;
provide the false card data to the POS terminal, the false card data configured to be processed as if it were the actual card data;
receive a first authorization request from the POS terminal over the non-secure channel, the first authorization request comprising the false card data instead of the actual card data; and
transmit a second authorization request to a remote server, the second authorization request comprising at least the actual card data.
4 Assignments
0 Petitions
Accused Products
Abstract
Payment card transactions at a point of sale (POS) are secured in certain embodiments by intercepting, with a POS security layer installed on a POS terminal, payment data from the POS terminal, transmitting the payment data from the POS security layer to a server security application installed on a POS server, and providing false payment data from the POS security layer to a POS terminal application installed on the POS terminal. The false payment data in various embodiments is processed as if it were the payment data, such that the POS terminal transmits an authorization request to the POS server using the false payment data. In addition, the authorization request may be transmitted from the POS server to a payment gateway.
-
Citations
50 Claims
-
1. A method of adding security to a point-of-sale (POS) server which communicates over a network with one or more POS terminals, each POS terminal including a payment card reader, the POS server including a POS server application installed thereon configured to communicate with the one or more POS terminals over a non-secure channel to process payment card transactions, the method comprising:
installing a server security application on the POS server, the server security application configured to cause the POS server to at least; receive payment data from the one or more POS terminals over a secure channel, the payment data comprising actual card data obtained from the payment card reader; access false card data comprising a sequence of digits that are chosen to fail a Luhn test, such that the false card data comprises an invalid payment card number; provide the false card data to the POS terminal, the false card data configured to be processed as if it were the actual card data; receive a first authorization request from the POS terminal over the non-secure channel, the first authorization request comprising the false card data instead of the actual card data; and transmit a second authorization request to a remote server, the second authorization request comprising at least the actual card data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
10. A computer-readable medium having stored thereon a server security application that is configured to be installed on a point-of-sale (POS) server that runs a POS server application and that communicates with a POS terminal over a network, the server security application comprising executable instructions that cause the POS server to at least:
-
receive payment data from the POS terminal, the payment data comprising actual card data from a payment card; provide false card data to the POS terminal, the false card data comprising an invalid payment card number; receive a first authorization request from the POS terminal, the first authorization request comprising the false card data instead of the actual card data, the false card data configured to be processed as if it were the actual card data; and transmit a second authorization request, the second authorization request comprising at least the actual card data. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method for securing payment card transactions at a point of sale (POS), the method comprising:
-
receiving, at a POS server, payment data from a POS terminal, the payment data comprising actual payment data from a payment medium, the actual payment data being encrypted; returning false payment data to the POS terminal in response to receiving the actual payment data, the false payment data comprising an invalid payment card number; and receiving, at the POS server, a first authorization request from the POS terminal, the first authorization request comprising the false payment data instead of the actual payment data, the false payment data configured to be processed as if it were the actual payment data; wherein said receiving the payment data, said returning the false payment data, and said receiving the first authorization request are implemented by one or more processors of the POS server. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
-
42. A method for securing payment card transactions at a payment gateway, the method comprising:
by a payment gateway server comprising computer hardware; receiving, an authorization request from a point-of-sale (POS) server, the authorization request comprising combined payment data and false card data, the payment data comprising encrypted actual card data from a payment card, the false payment data comprising an invalid payment card number, the false payment data configured to be processed as if it were the payment data; extracting the payment data from the combined payment data and false payment data; transmitting an authorization request to an authorizing entity, the authorization request comprising the payment data; receiving a response to the authorization request from the authorizing entity; and transmitting the response and the false payment data to the POS server, wherein the false payment data uniquely identifies the payment card. - View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50)
Specification