Method and system for performing two factor authentication in mail order and telephone order transactions

US 8,453,925 B2
Filed: 03/02/2007
Issued: 06/04/2013
Est. Priority Date: 03/02/2006
Status: Active Grant

First Claim

Patent Images

1. An authentication method comprising:

inputting, by a merchant, into a merchant system;

a mail order or telephone order (MOTO) purchase order; and

information pertaining to a transaction card of a cardholder that includes a card number for the transaction card and authentication information provided by the cardholder, wherein data for the MOTO purchase order and the information pertaining to the cardholder'"'"'s transaction card were both received via mail or telephone;

transmitting, from the merchant system, a verify enrollment request to an authentication server, the verify enrollment request comprising the card number for the transaction card and an indicator indicating;

that the verify enrollment request pertains to a MOTO transaction; and

that the authentication information provided by the cardholder will not be directly transmitted by the cardholder;

receiving, at the merchant system, a verify enrollment response from the authentication server, wherein the verify enrollment response indicates whether authentication is available for the transaction card at least on the basis of the card number of the transaction card; and

operative if authentication is available for the transaction card;

receiving, at the merchant system, an authentication prompt from the authentication server, wherein the authentication prompt does not include or request sensitive cardholder information, wherein the sensitive cardholder information consists of a personal assurance message or a password;

entering, at the merchant system, the authentication information provided by the cardholder into the authentication prompt, wherein the authentication information is generated by the transaction card;

transmitting, from the merchant system, an authentication request to the authentication server, wherein the authentication request includes the authentication information provided by the cardholder;

andreceiving, at the merchant system, an authentication response from the authentication server, the authentication response indicating whether the cardholder is authenticated.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The method for authenticating a mail order or telephone order transaction according to the present invention includes receiving authentication information from a cardholder, providing authentication information to an issuer, and determining whether the authentication information is valid. If the authentication information is valid, the issuer informs the merchant that the transaction is valid. In an embodiment, the issuer may not supply a personal assurance message and/or other confidential cardholder information previously supplied by the cardholder in response to the authentication information.

266 Citations

23 Claims

1. An authentication method comprising:
- inputting, by a merchant, into a merchant system;
  
  a mail order or telephone order (MOTO) purchase order; and
  
  information pertaining to a transaction card of a cardholder that includes a card number for the transaction card and authentication information provided by the cardholder, wherein data for the MOTO purchase order and the information pertaining to the cardholder'"'"'s transaction card were both received via mail or telephone;
  
  transmitting, from the merchant system, a verify enrollment request to an authentication server, the verify enrollment request comprising the card number for the transaction card and an indicator indicating;
  
  that the verify enrollment request pertains to a MOTO transaction; and
  
  that the authentication information provided by the cardholder will not be directly transmitted by the cardholder;
  
  receiving, at the merchant system, a verify enrollment response from the authentication server, wherein the verify enrollment response indicates whether authentication is available for the transaction card at least on the basis of the card number of the transaction card; and
  
  operative if authentication is available for the transaction card;
  
  receiving, at the merchant system, an authentication prompt from the authentication server, wherein the authentication prompt does not include or request sensitive cardholder information, wherein the sensitive cardholder information consists of a personal assurance message or a password;
  
  entering, at the merchant system, the authentication information provided by the cardholder into the authentication prompt, wherein the authentication information is generated by the transaction card;
  
  transmitting, from the merchant system, an authentication request to the authentication server, wherein the authentication request includes the authentication information provided by the cardholder;
  
  andreceiving, at the merchant system, an authentication response from the authentication server, the authentication response indicating whether the cardholder is authenticated.
- View Dependent Claims (2, 3, 4, 5, 6, 19, 20, 21)
- - 2. The method as defined in claim 1, wherein the authentication response is digitally signed by the authentication server.
  - 3. The method as defined in claim 2, further comprising validating the authentication response signature.
  - 4. The method as defined in claim 1, wherein the transaction card uses biometrics to generate the authentication information.
  - 5. The method as defined in claim 1, wherein the authentication information comprises a dynamic passcode.
  - 6. The method as defined in claim 1, wherein the transaction is not authorized if the cardholder is not authenticated.
  - 19. The method as defined in claim 1, wherein the verify enrollment response indicates that authentication is available if the card number of the transaction card is within a predetermined range.
  - 20. The method as defined in claim 19, wherein the verify enrollment response indicates that authentication is denied if the card number is not within the predetermined range.
  - 21. The method as defined in claim 3, wherein validation of the authentication response signature enables the merchant system to authorize the MOTO transaction with an acquirer system.

7. An authentication method comprising:
- authenticating a transaction card for use in conducting a mail order or telephone order (MOTO) transaction by;
  
  receiving, at a network device in communication with a merchant system, a verify enrollment request from the merchant system, the verify enrollment request comprising a card number for the transaction card of a cardholder and an indicator indicating;
  
  that the verify enrollment request pertains to the MOTO transaction; and
  
  that authentication information provided by the cardholder will not be directly transmitted by the cardholder;
  
  transmitting, from the network device, a verify enrollment response to the merchant system, the verify enrollment response indicating whether authentication is available at least on a basis of the card number for the transaction card;
  
  andauthenticating the cardholder to conduct the MOTO transaction by;
  
  operative if authentication is available for the transaction card;
  
  receiving, at the network device, an authentication request from the merchant system;
  
  transmitting, from the network device, an authentication prompt to the merchant system, wherein the authentication prompt does not include or request sensitive cardholder information, wherein the sensitive cardholder information consists of a personal assurance message or a password;
  
  receiving, at the network device, the authentication information provided by the card holder and entered, by the merchant, at the merchant system into the authentication prompt, wherein the authentication information is dynamically generated by the transaction card; and
  
  transmitting, from the network device, an authentication response to the merchant system, the authentication response indicating whether the cardholder is authenticated.
- View Dependent Claims (8, 9, 10, 11, 12, 22)
- - 8. The method as defined in claim 7, wherein the authentication response is digitally signed.
  - 9. The method as defined in claim 7, wherein the transaction card uses biometrics to dynamically generate the authentication information.
  - 10. The method as defined in claim 8, wherein the authentication information comprises a dynamic passcode.
  - 11. The method as defined in claim 7, wherein the transaction is authorized.
  - 12. The method as defined in claim 7, wherein the transaction is not authorized if the cardholder is not authenticated.
  - 22. The method as defined in claim 7, wherein functionality that enables the cardholder to generate authentication information to verify the cardholder for future transactions is disabled for the MOTO transaction.

13. A method for performing authentication in an online payment transaction using a transaction card of a cardholder in a payment network that includes a merchant system and an authentication server, the method comprising:
- inputting into the merchant system;
  
  a mail order or telephone order (MOTO) purchase order; and
  
  information pertaining to the transaction card of the cardholder that includes a card number for the transaction card, wherein data for the MOTO purchase order and the information pertaining to the cardholder'"'"'s transaction card were both received via mail or telephone;
  
  transmitting, from the merchant system for delivery to the authentication server, a verify enrollment request to the authentication server, the verify enrollment request including the card number for the transaction card and an indicator indicating that the verify enrollment request pertains to a MOTO transaction;
  
  receiving, at the merchant system, a verify enrollment response from the authentication server, wherein the verify enrollment response indicates whether authentication is available for the transaction card at least on the basis of the card number of the transaction card; and
  
  operative if authentication is available for the transaction card;
  
  transmitting an authentication request from the merchant system for delivery to the authentication server;
  
  receiving an authentication prompt at the merchant system from the authentication server, wherein the authentication prompt does not include or request sensitive cardholder information, wherein the sensitive cardholder information consists of a personal assurance message or a password;
  
  transmitting, from the merchant system for delivery to the cardholder in response to the authentication prompt, a redirection of the cardholder to an issuer of the transaction card to receive authentication information for an authentication of the cardholder;
  
  receiving, at the merchant system from the issuer, the authentication information received by the issuer from the cardholder;
  
  transmitting, from the merchant system, an authentication request to the authentication server;
  
  receiving, at the merchant system, an authentication response from the authentication server, the authentication response indicating whether the cardholder is authenticated;
  
  andoperative if the cardholder is authenticated;
  
  transmitting, from the merchant system, an authorization request and an indicator indicating that the authorization request pertains to an electronic commerce transaction to the payment network; and
  
  receiving, at the merchant system, an authorization response from the payment network, wherein the authorization response indicates whether an account connected to the transaction card is authorized.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The method as defined in claim 13, wherein the authentication request includes the card number.
  - 15. The method as defined in claim 13, wherein the transaction card uses biometrics to dynamically generate the authentication information.
  - 16. The method as defined in claim 13, wherein the authentication information comprises a dynamic passcode.
  - 17. The method as defined in claim 13, wherein when the online payment transaction is authorized as indicated by the authorization response, the authorization request is transmitted from the merchant system to an acquirer for a merchant corresponding to the merchant system.
  - 18. The method as defined in claim 13, wherein the transaction is not authorized if the cardholder is not authenticated.

23. A method for performing authentication in an online payment transaction using a transaction card of a cardholder in a payment network that includes a merchant system and an authentication server, the method comprising:
- inputting into the merchant system;
  
  a mail order or telephone order (MOTO) purchase order; and
  
  information pertaining to the transaction card of the cardholder that includes a card number for the transaction card, wherein data for the MOTO purchase order and the information pertaining to the cardholder'"'"'s transaction card were both received via mail or telephone;
  
  transmitting, from the merchant system for delivery to the authentication server, a verify enrollment request to the authentication server, the verify enrollment request including the card number for the transaction card and an indicator indicating that the verify enrollment request pertains to a MOTO transaction;
  
  receiving, at the merchant system, a verify enrollment response from the authentication server, wherein the verify enrollment response indicates whether authentication is available for the transaction card at least on the basis of the card number of the transaction card; and
  
  operative if authentication is available for the transaction card;
  
  transmitting an authentication request from the merchant system for delivery to the authentication server;
  
  receiving an authentication prompt at the merchant system from the authentication server, wherein the authentication prompt does not include or request sensitive cardholder information, wherein the sensitive cardholder information consists of a personal assurance message or a password;
  
  transmitting, from the merchant system for delivery to the cardholder in response to the authentication prompt, a redirection of the cardholder to an issuer of the transaction card to receive authentication information for an authentication of the cardholder;
  
  receiving, at the merchant system from the issuer, the authentication information received by the issuer from the cardholder;
  
  transmitting, from the merchant system, an authentication request to the authentication server;
  
  receiving, at the merchant system, an authentication response from the authentication server, the authentication response indicating whether the cardholder is authenticated;
  
  andoperative if the cardholder is authenticated;
  
  transmitting, from the merchant system, an authorization request and an indicator indicating that the authorization request pertains to an electronic commerce transaction to the payment network; and
  
  receiving, at the merchant system, an authorization response from the payment network, wherein the authorization response indicates whether an account connected to the transaction card is authorized,wherein functionality that enables the issuer to track a location of the cardholder is disabled for the MOTO transaction.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Fisher, Douglas, Dominguez, Benedicto H., Lee, Timothy Mu-Chu
Primary Examiner(s)
Lee, Michael G
Assistant Examiner(s)
Mikels, Matthew

Application Number

US11/681,704
Publication Number

US 20070257103A1
Time in Patent Office

2,286 Days
Field of Search

235/380, 705/44, 705/35, 705/39, 705/67, 705/74, 705/75
US Class Current

235/380
CPC Class Codes

G06K 5/00   Methods or arrangements for...

G06Q 20/24   Credit schemes, i.e. "pay a...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/382   insuring higher security of...

G06Q 20/388   using mutual authentication...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4014   Identity check for transact...

G06Q 30/06   Buying, selling or leasing ...

G07F 7/1008   Active credit-cards provide...

Method and system for performing two factor authentication in mail order and telephone order transactions

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

266 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for performing two factor authentication in mail order and telephone order transactions

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

266 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links