Method and system for performing two factor authentication in mail order and telephone order transactions
First Claim
Patent Images
1. An authentication method comprising:
- inputting, by a merchant, into a merchant system;
a mail order or telephone order (MOTO) purchase order; and
information pertaining to a transaction card of a cardholder that includes a card number for the transaction card and authentication information provided by the cardholder, wherein data for the MOTO purchase order and the information pertaining to the cardholder'"'"'s transaction card were both received via mail or telephone;
transmitting, from the merchant system, a verify enrollment request to an authentication server, the verify enrollment request comprising the card number for the transaction card and an indicator indicating;
that the verify enrollment request pertains to a MOTO transaction; and
that the authentication information provided by the cardholder will not be directly transmitted by the cardholder;
receiving, at the merchant system, a verify enrollment response from the authentication server, wherein the verify enrollment response indicates whether authentication is available for the transaction card at least on the basis of the card number of the transaction card; and
operative if authentication is available for the transaction card;
receiving, at the merchant system, an authentication prompt from the authentication server, wherein the authentication prompt does not include or request sensitive cardholder information, wherein the sensitive cardholder information consists of a personal assurance message or a password;
entering, at the merchant system, the authentication information provided by the cardholder into the authentication prompt, wherein the authentication information is generated by the transaction card;
transmitting, from the merchant system, an authentication request to the authentication server, wherein the authentication request includes the authentication information provided by the cardholder;
andreceiving, at the merchant system, an authentication response from the authentication server, the authentication response indicating whether the cardholder is authenticated.
1 Assignment
0 Petitions
Accused Products
Abstract
The method for authenticating a mail order or telephone order transaction according to the present invention includes receiving authentication information from a cardholder, providing authentication information to an issuer, and determining whether the authentication information is valid. If the authentication information is valid, the issuer informs the merchant that the transaction is valid. In an embodiment, the issuer may not supply a personal assurance message and/or other confidential cardholder information previously supplied by the cardholder in response to the authentication information.
266 Citations
23 Claims
-
1. An authentication method comprising:
-
inputting, by a merchant, into a merchant system; a mail order or telephone order (MOTO) purchase order; and information pertaining to a transaction card of a cardholder that includes a card number for the transaction card and authentication information provided by the cardholder, wherein data for the MOTO purchase order and the information pertaining to the cardholder'"'"'s transaction card were both received via mail or telephone; transmitting, from the merchant system, a verify enrollment request to an authentication server, the verify enrollment request comprising the card number for the transaction card and an indicator indicating; that the verify enrollment request pertains to a MOTO transaction; and that the authentication information provided by the cardholder will not be directly transmitted by the cardholder; receiving, at the merchant system, a verify enrollment response from the authentication server, wherein the verify enrollment response indicates whether authentication is available for the transaction card at least on the basis of the card number of the transaction card; and operative if authentication is available for the transaction card; receiving, at the merchant system, an authentication prompt from the authentication server, wherein the authentication prompt does not include or request sensitive cardholder information, wherein the sensitive cardholder information consists of a personal assurance message or a password; entering, at the merchant system, the authentication information provided by the cardholder into the authentication prompt, wherein the authentication information is generated by the transaction card; transmitting, from the merchant system, an authentication request to the authentication server, wherein the authentication request includes the authentication information provided by the cardholder; and receiving, at the merchant system, an authentication response from the authentication server, the authentication response indicating whether the cardholder is authenticated. - View Dependent Claims (2, 3, 4, 5, 6, 19, 20, 21)
-
-
7. An authentication method comprising:
-
authenticating a transaction card for use in conducting a mail order or telephone order (MOTO) transaction by; receiving, at a network device in communication with a merchant system, a verify enrollment request from the merchant system, the verify enrollment request comprising a card number for the transaction card of a cardholder and an indicator indicating; that the verify enrollment request pertains to the MOTO transaction; and that authentication information provided by the cardholder will not be directly transmitted by the cardholder; transmitting, from the network device, a verify enrollment response to the merchant system, the verify enrollment response indicating whether authentication is available at least on a basis of the card number for the transaction card; and authenticating the cardholder to conduct the MOTO transaction by; operative if authentication is available for the transaction card; receiving, at the network device, an authentication request from the merchant system; transmitting, from the network device, an authentication prompt to the merchant system, wherein the authentication prompt does not include or request sensitive cardholder information, wherein the sensitive cardholder information consists of a personal assurance message or a password; receiving, at the network device, the authentication information provided by the card holder and entered, by the merchant, at the merchant system into the authentication prompt, wherein the authentication information is dynamically generated by the transaction card; and transmitting, from the network device, an authentication response to the merchant system, the authentication response indicating whether the cardholder is authenticated. - View Dependent Claims (8, 9, 10, 11, 12, 22)
-
-
13. A method for performing authentication in an online payment transaction using a transaction card of a cardholder in a payment network that includes a merchant system and an authentication server, the method comprising:
-
inputting into the merchant system; a mail order or telephone order (MOTO) purchase order; and information pertaining to the transaction card of the cardholder that includes a card number for the transaction card, wherein data for the MOTO purchase order and the information pertaining to the cardholder'"'"'s transaction card were both received via mail or telephone; transmitting, from the merchant system for delivery to the authentication server, a verify enrollment request to the authentication server, the verify enrollment request including the card number for the transaction card and an indicator indicating that the verify enrollment request pertains to a MOTO transaction; receiving, at the merchant system, a verify enrollment response from the authentication server, wherein the verify enrollment response indicates whether authentication is available for the transaction card at least on the basis of the card number of the transaction card; and operative if authentication is available for the transaction card; transmitting an authentication request from the merchant system for delivery to the authentication server; receiving an authentication prompt at the merchant system from the authentication server, wherein the authentication prompt does not include or request sensitive cardholder information, wherein the sensitive cardholder information consists of a personal assurance message or a password; transmitting, from the merchant system for delivery to the cardholder in response to the authentication prompt, a redirection of the cardholder to an issuer of the transaction card to receive authentication information for an authentication of the cardholder; receiving, at the merchant system from the issuer, the authentication information received by the issuer from the cardholder; transmitting, from the merchant system, an authentication request to the authentication server; receiving, at the merchant system, an authentication response from the authentication server, the authentication response indicating whether the cardholder is authenticated; and operative if the cardholder is authenticated; transmitting, from the merchant system, an authorization request and an indicator indicating that the authorization request pertains to an electronic commerce transaction to the payment network; and receiving, at the merchant system, an authorization response from the payment network, wherein the authorization response indicates whether an account connected to the transaction card is authorized. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
23. A method for performing authentication in an online payment transaction using a transaction card of a cardholder in a payment network that includes a merchant system and an authentication server, the method comprising:
-
inputting into the merchant system; a mail order or telephone order (MOTO) purchase order; and information pertaining to the transaction card of the cardholder that includes a card number for the transaction card, wherein data for the MOTO purchase order and the information pertaining to the cardholder'"'"'s transaction card were both received via mail or telephone; transmitting, from the merchant system for delivery to the authentication server, a verify enrollment request to the authentication server, the verify enrollment request including the card number for the transaction card and an indicator indicating that the verify enrollment request pertains to a MOTO transaction; receiving, at the merchant system, a verify enrollment response from the authentication server, wherein the verify enrollment response indicates whether authentication is available for the transaction card at least on the basis of the card number of the transaction card; and operative if authentication is available for the transaction card; transmitting an authentication request from the merchant system for delivery to the authentication server; receiving an authentication prompt at the merchant system from the authentication server, wherein the authentication prompt does not include or request sensitive cardholder information, wherein the sensitive cardholder information consists of a personal assurance message or a password; transmitting, from the merchant system for delivery to the cardholder in response to the authentication prompt, a redirection of the cardholder to an issuer of the transaction card to receive authentication information for an authentication of the cardholder; receiving, at the merchant system from the issuer, the authentication information received by the issuer from the cardholder; transmitting, from the merchant system, an authentication request to the authentication server; receiving, at the merchant system, an authentication response from the authentication server, the authentication response indicating whether the cardholder is authenticated; and operative if the cardholder is authenticated; transmitting, from the merchant system, an authorization request and an indicator indicating that the authorization request pertains to an electronic commerce transaction to the payment network; and receiving, at the merchant system, an authorization response from the payment network, wherein the authorization response indicates whether an account connected to the transaction card is authorized, wherein functionality that enables the issuer to track a location of the cardholder is disabled for the MOTO transaction.
-
Specification