Payment transaction processing using out of band authentication
First Claim
1. A transaction processor, comprising:
- an electronic processor;
a memory coupled to the electronic processor; and
a set of instructions stored in the memory which, when executed by the electronic processor cause the payment transaction processor toreceive a request to authorize a payment transaction initiated by a consumer using a merchant'"'"'s web-site, the payment transaction initiated by the consumer using a first device coupled to a first communications channel;
enable a consumer to download an application to a second device, the application providing the second device with the ability to access a digital certificate associated with the consumer;
process the received request to authorize the transaction to determine a payment account associated with the consumer;
determine, based on the payment account, data that may be used to contact the consumer on the second device;
send a request to the consumer to approve the transaction by sending the request to the second device over a second communications channel; and
in response to the request sent to the consumer to approve the transaction, receive a message from the consumer generated by the second device and provided over the second communications channel, the message approving or denying the transaction and including the digital certificate associated with the consumer, the certificate serving to authenticate the consumer.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems, apparatuses, and methods for increasing the security of electronic payment transactions, such as eCommerce transactions conducted over the Internet. A transaction approval or authorization mechanism uses an out of band process to provide authentication or identification data that has previously been registered by a user and associated with the user'"'"'s payment device or account. The out of band authentication data may be provided in response to a message sent to a user'"'"'s mobile phone, where the message is generated in response to entering the user'"'"'s phone number into a form that is provided when the user engages in an electronic payment transaction using a desktop computer. The data may include a digital signature and associated digital certificate that is used to authenticate the user.
128 Citations
20 Claims
-
1. A transaction processor, comprising:
-
an electronic processor; a memory coupled to the electronic processor; and a set of instructions stored in the memory which, when executed by the electronic processor cause the payment transaction processor to receive a request to authorize a payment transaction initiated by a consumer using a merchant'"'"'s web-site, the payment transaction initiated by the consumer using a first device coupled to a first communications channel; enable a consumer to download an application to a second device, the application providing the second device with the ability to access a digital certificate associated with the consumer; process the received request to authorize the transaction to determine a payment account associated with the consumer; determine, based on the payment account, data that may be used to contact the consumer on the second device; send a request to the consumer to approve the transaction by sending the request to the second device over a second communications channel; and in response to the request sent to the consumer to approve the transaction, receive a message from the consumer generated by the second device and provided over the second communications channel, the message approving or denying the transaction and including the digital certificate associated with the consumer, the certificate serving to authenticate the consumer. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of processing an electronic payment transaction, comprising:
-
registering a user by associating contact data for the user with the user'"'"'s payment account, the contact data corresponding to an identifier for a first device coupled to a first communications channel; enabling the user to download an application to the first device, the application providing the first device with the ability to access a digital certificate associated with the user; receiving a request to authorize an electronic payment transaction initiated by the user using a second device coupled to a second communications channel; generating a message requesting that the user approve the electronic payment transaction; sending the payment transaction approval message to the user over the first communications channel using the contact data; and in response to the payment transaction approval message, receiving a message from the user approving or denying the payment transaction, the message including the digital certificate associated with the user, the certificate serving to authenticate the user. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A method of processing an electronic payment transaction, comprising:
-
enabling a user to download an application to a first device coupled to a first communications channel, the application providing the first device with the ability to access a digital certificate associated with the user; receiving a request to authorize the electronic payment transaction, wherein the electronic payment transaction is initiated by the user at a merchant'"'"'s web-site using a second device coupled to a second communications channel; sending a request for authentication data to the user over the second communications channel, the request for authentication data received by the user on the second device; receiving a response to the request for authentication data from the user over the second communications channel; processing the response to determine a payment account associated with the user; using the determined payment account as a source of payment for the electronic payment transaction; generating a transaction approval message for the electronic payment transaction; sending the transaction approval message to the first device over the first communications channel; and receiving a response to the transaction approval message from the first device, the response including the digital certificate associated with the user, the certificate serving to authenticate the user. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification