Transmission of sensitive customer information during electronic-based transactions

US 8,595,098 B2
Filed: 03/18/2009
Issued: 11/26/2013
Est. Priority Date: 03/18/2009
Status: Active Grant

First Claim

Patent Images

1. A method implemented by a payment gateway for processing electronic transactions comprising the steps of:

receiving a first request to initiate an electronic transaction from a merchant server;

in response to receipt of the first request, generating a token-ID by the payment gateway that is unique to the electronic transaction and transmitting a first message to the merchant server that includes the token-ID, the token-ID uniquely identifying a transaction and at the initial generation of the token-ID is not associated with any particular cardholder;

after the generating and transmitting of the token-ID, receiving a communication from an electronic device of a cardholder where the communication includes the cardholder'"'"'s credit card account number and the token-ID, said communication received by the payment gateway from the electronic device of the cardholder without said communication being accessible to the merchant server and without said communication being transmitted through the merchant server;

storing a record that includes the token-ID and the cardholder'"'"'s credit card account number;

after receipt by the payment gateway of the communication from the electronic device of a cardholder, receiving a second request from the merchant server for payment of a specified amount, where the second request includes the token-ID;

identifying said record based on the token-ID and determining the associated credit card account number of the cardholder stored with said record to be debited for the requested payment;

determining if the cardholder'"'"'s credit card account was successfully debited for the requested payment;

transmitting a second message to the merchant server that specifies if the requested payment transaction was successfully completed;

whereby improved security for the cardholder'"'"'s credit card account number is achieved since the cardholder'"'"'s credit card account number is never transmitted via the merchant server during an electronic transaction.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An exemplary method is implemented by a payment gateway for processing electronic transactions. A token-ID that is unique to each transaction is generated, and on receiving a request to initiate an electronic transaction from a merchant server, a first message is transmitted to the merchant server that includes a first token-ID. A communication is received from an electronic device of a cardholder that contains information about the cardholder'"'"'s credit card account and the first token-ID. A record is stored that includes the first token-ID and information enabling the credit card account of the cardholder to be identified. On receiving a second request, that includes the first token-ID, from the merchant server for payment of a specified amount, the credit card account of the cardholder to be debited for the requested payment is identified based on the token-ID. A determination is made if the cardholder'"'"'s credit card account was successfully debited for the requested payment, and a second message is transmitted to the merchant server that specifies if the requested payment transaction was successfully completed.

Citations

12 Claims

1. A method implemented by a payment gateway for processing electronic transactions comprising the steps of:
- receiving a first request to initiate an electronic transaction from a merchant server;
  
  in response to receipt of the first request, generating a token-ID by the payment gateway that is unique to the electronic transaction and transmitting a first message to the merchant server that includes the token-ID, the token-ID uniquely identifying a transaction and at the initial generation of the token-ID is not associated with any particular cardholder;
  
  after the generating and transmitting of the token-ID, receiving a communication from an electronic device of a cardholder where the communication includes the cardholder'"'"'s credit card account number and the token-ID, said communication received by the payment gateway from the electronic device of the cardholder without said communication being accessible to the merchant server and without said communication being transmitted through the merchant server;
  
  storing a record that includes the token-ID and the cardholder'"'"'s credit card account number;
  
  after receipt by the payment gateway of the communication from the electronic device of a cardholder, receiving a second request from the merchant server for payment of a specified amount, where the second request includes the token-ID;
  
  identifying said record based on the token-ID and determining the associated credit card account number of the cardholder stored with said record to be debited for the requested payment;
  
  determining if the cardholder'"'"'s credit card account was successfully debited for the requested payment;
  
  transmitting a second message to the merchant server that specifies if the requested payment transaction was successfully completed;
  
  whereby improved security for the cardholder'"'"'s credit card account number is achieved since the cardholder'"'"'s credit card account number is never transmitted via the merchant server during an electronic transaction.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1 wherein the first message transmitted to the merchant server also includes a form URL, where the form URL provides a form to be transmitted by the merchant server to the electronic device of the cardholder, the form identifying credit card account information of the cardholder to be input by the cardholder.
  - 3. The method of claim 1 wherein the first request contains no identification of the cardholder and no information about the transaction.
  - 4. The method of claim 1 wherein the cardholder'"'"'s credit card account is not processed for the payment of the transaction until the receipt of a second request from the merchant server.

5. A payment gateway that processes electronic transactions comprising:
- an input/output device of a processing unit receives a first request to initiate electronic transaction from a merchant server;
  
  the processing unit generates and transmits, in response to receipt of the first request, a first message to the merchant server that includes a token-ID that is unique to the first requested electronic transaction, the token-ID uniquely identifying a transaction and at the initial generation of the token-ID is not associated with any particular cardholder;
  
  the input/output device of the processing unit, after the generating and transmitting of the token-ID, receives a communication from an electronic device of a cardholder where the communication includes the cardholder'"'"'s credit card account number and the token-ID, said received communication from the electronic device of the cardholder being inaccessible to the merchant server and without said communication being transmitted through the merchant server;
  
  a memory in the processing unit stores a record that includes the token-ID and the cardholder'"'"'s credit card account number;
  
  the input/output device of the processing unit, after receipt of the communication from the electronic device of a cardholder, receives a second request from the merchant server for payment of a specified amount, where the second request includes the token-ID;
  
  the processing unit identifies said record based on the token-ID and determines the associated credit card account number of the cardholder to be debited for the requested payment;
  
  the processing unit determines if the cardholder'"'"'s credit card account was successfully debited for the requested payment;
  
  the processing unit transmits a second message via the input/output device to the merchant server that specifies if the requested payment transaction was successfully completed,whereby improved security for the cardholder'"'"'s credit card information is achieved since the cardholder'"'"'s credit card information is never transmitted via the merchant server during an electronic transaction.
- View Dependent Claims (6, 7, 8)
- - 6. The payment gateway of claim 5 wherein the first message transmitted to the merchant server also includes a form URL, where the form URL provides a form to be transmitted by the merchant server to the electronic device of the cardholder, the form identifying credit card account information of the cardholder.
  - 7. The payment gateway of claim 5 wherein the first request contains no identification of the cardholder and no information about the transaction.
  - 8. The payment gateway of claim 7 wherein the processing unit does not process the cardholder'"'"'s credit card account for the payment of the transaction until the receipt of a second request from the merchant server.

9. An article, comprising:
- one or more computer-readable signal-bearing tangible media medium containing computer-readable information for execution by a payment gateway;
  
  computer-readable medium in the one or more media for computer-readable medium enabling receipt of a first request to initiate electronic transaction from a merchant server;
  
  computer-readable medium in the one or more media for enabling the generation and transmission, in response to receipt of the first request, of a first message to the merchant server that includes a token-ID unique to the first requested electronic transaction, the token-ID uniquely identifying a transaction and at the initial generation of the token-ID is not associated with any particular cardholder;
  
  computer-readable medium in the one or more media for enabling, after the generating and transmitting of the token-ID, receipt of a communication from an electronic device of a cardholder where the communication includes the cardholder'"'"'s credit card account number and the token-ID, said communication received by the payment gateway from the electronic device of the cardholder without said communication being accessible to the merchant server and without said communication being transmitted through the merchant server;
  
  computer-readable medium in the one or more media for enabling storage of a record that includes the token-ID and the cardholder'"'"'s credit card account number;
  
  computer-readable medium in the one or more media for enabling, after receipt of the communication from the electronic device of a cardholder, receipt of a second request from the merchant server for payment of a specified amount, where the second request includes the token-ID;
  
  computer-readable medium in the one or more media for enabling identification of the record based on the token-ID and determining the associated credit card account number of the cardholder to be debited;
  
  computer-readable medium in the one or more media for enabling a determination if the cardholder'"'"'s credit card account was successfully debited for the requested payment;
  
  computer-readable medium in the one or more media for enabling transmission of a second message to the merchant server that specifies if the requested payment transaction was successfully completedwhereby improved security for the cardholder'"'"'s credit card information is achieved since the cardholder'"'"'s credit card information is not transmitted via the merchant server during an electronic transaction.
- View Dependent Claims (10, 11, 12)
- - 10. The article of claim 9 wherein the first message transmitted to the merchant server also includes a form URL, where the form URL provides a form to be transmitted by the merchant server to the electronic device of the cardholder, the form identifying credit card account information of the cardholder.
  - 11. The article of claim 9 wherein the first request contains no identification of the cardholder and no information about the transaction.
  - 12. The article of claim 9 wherein the cardholder'"'"'s credit card account is not processed for the payment of the transaction until the receipt of a second request from the merchant server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Network Merchants, LLC
Original Assignee
Network Merchants, Inc.
Inventors
Starai, Nicholas J., Schmidgall, Matthew M.
Primary Examiner(s)
Ebersman, Bruce I
Assistant Examiner(s)
ANDERSON, JOHN A

Application Number

US12/381,959
Publication Number

US 20100241565A1
Time in Patent Office

1,714 Days
Field of Search

705/35
US Class Current

705/35
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/04   Payment circuits

G06Q 20/385   using an alias or single-us...

G06Q 20/40   Authorisation, e.g. identif...

Transmission of sensitive customer information during electronic-based transactions

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Transmission of sensitive customer information during electronic-based transactions

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links