Transmission of sensitive customer information during electronic-based transactions
First Claim
1. A method implemented by a payment gateway for processing electronic transactions comprising the steps of:
- receiving a first request to initiate an electronic transaction from a merchant server;
in response to receipt of the first request, generating a token-ID by the payment gateway that is unique to the electronic transaction and transmitting a first message to the merchant server that includes the token-ID, the token-ID uniquely identifying a transaction and at the initial generation of the token-ID is not associated with any particular cardholder;
after the generating and transmitting of the token-ID, receiving a communication from an electronic device of a cardholder where the communication includes the cardholder'"'"'s credit card account number and the token-ID, said communication received by the payment gateway from the electronic device of the cardholder without said communication being accessible to the merchant server and without said communication being transmitted through the merchant server;
storing a record that includes the token-ID and the cardholder'"'"'s credit card account number;
after receipt by the payment gateway of the communication from the electronic device of a cardholder, receiving a second request from the merchant server for payment of a specified amount, where the second request includes the token-ID;
identifying said record based on the token-ID and determining the associated credit card account number of the cardholder stored with said record to be debited for the requested payment;
determining if the cardholder'"'"'s credit card account was successfully debited for the requested payment;
transmitting a second message to the merchant server that specifies if the requested payment transaction was successfully completed;
whereby improved security for the cardholder'"'"'s credit card account number is achieved since the cardholder'"'"'s credit card account number is never transmitted via the merchant server during an electronic transaction.
4 Assignments
0 Petitions
Accused Products
Abstract
An exemplary method is implemented by a payment gateway for processing electronic transactions. A token-ID that is unique to each transaction is generated, and on receiving a request to initiate an electronic transaction from a merchant server, a first message is transmitted to the merchant server that includes a first token-ID. A communication is received from an electronic device of a cardholder that contains information about the cardholder'"'"'s credit card account and the first token-ID. A record is stored that includes the first token-ID and information enabling the credit card account of the cardholder to be identified. On receiving a second request, that includes the first token-ID, from the merchant server for payment of a specified amount, the credit card account of the cardholder to be debited for the requested payment is identified based on the token-ID. A determination is made if the cardholder'"'"'s credit card account was successfully debited for the requested payment, and a second message is transmitted to the merchant server that specifies if the requested payment transaction was successfully completed.
-
Citations
12 Claims
-
1. A method implemented by a payment gateway for processing electronic transactions comprising the steps of:
-
receiving a first request to initiate an electronic transaction from a merchant server; in response to receipt of the first request, generating a token-ID by the payment gateway that is unique to the electronic transaction and transmitting a first message to the merchant server that includes the token-ID, the token-ID uniquely identifying a transaction and at the initial generation of the token-ID is not associated with any particular cardholder; after the generating and transmitting of the token-ID, receiving a communication from an electronic device of a cardholder where the communication includes the cardholder'"'"'s credit card account number and the token-ID, said communication received by the payment gateway from the electronic device of the cardholder without said communication being accessible to the merchant server and without said communication being transmitted through the merchant server; storing a record that includes the token-ID and the cardholder'"'"'s credit card account number; after receipt by the payment gateway of the communication from the electronic device of a cardholder, receiving a second request from the merchant server for payment of a specified amount, where the second request includes the token-ID; identifying said record based on the token-ID and determining the associated credit card account number of the cardholder stored with said record to be debited for the requested payment; determining if the cardholder'"'"'s credit card account was successfully debited for the requested payment; transmitting a second message to the merchant server that specifies if the requested payment transaction was successfully completed; whereby improved security for the cardholder'"'"'s credit card account number is achieved since the cardholder'"'"'s credit card account number is never transmitted via the merchant server during an electronic transaction. - View Dependent Claims (2, 3, 4)
-
-
5. A payment gateway that processes electronic transactions comprising:
-
an input/output device of a processing unit receives a first request to initiate electronic transaction from a merchant server; the processing unit generates and transmits, in response to receipt of the first request, a first message to the merchant server that includes a token-ID that is unique to the first requested electronic transaction, the token-ID uniquely identifying a transaction and at the initial generation of the token-ID is not associated with any particular cardholder; the input/output device of the processing unit, after the generating and transmitting of the token-ID, receives a communication from an electronic device of a cardholder where the communication includes the cardholder'"'"'s credit card account number and the token-ID, said received communication from the electronic device of the cardholder being inaccessible to the merchant server and without said communication being transmitted through the merchant server; a memory in the processing unit stores a record that includes the token-ID and the cardholder'"'"'s credit card account number; the input/output device of the processing unit, after receipt of the communication from the electronic device of a cardholder, receives a second request from the merchant server for payment of a specified amount, where the second request includes the token-ID; the processing unit identifies said record based on the token-ID and determines the associated credit card account number of the cardholder to be debited for the requested payment; the processing unit determines if the cardholder'"'"'s credit card account was successfully debited for the requested payment; the processing unit transmits a second message via the input/output device to the merchant server that specifies if the requested payment transaction was successfully completed, whereby improved security for the cardholder'"'"'s credit card information is achieved since the cardholder'"'"'s credit card information is never transmitted via the merchant server during an electronic transaction. - View Dependent Claims (6, 7, 8)
-
-
9. An article, comprising:
one or more computer-readable signal-bearing tangible media medium containing computer-readable information for execution by a payment gateway; computer-readable medium in the one or more media for computer-readable medium enabling receipt of a first request to initiate electronic transaction from a merchant server; computer-readable medium in the one or more media for enabling the generation and transmission, in response to receipt of the first request, of a first message to the merchant server that includes a token-ID unique to the first requested electronic transaction, the token-ID uniquely identifying a transaction and at the initial generation of the token-ID is not associated with any particular cardholder; computer-readable medium in the one or more media for enabling, after the generating and transmitting of the token-ID, receipt of a communication from an electronic device of a cardholder where the communication includes the cardholder'"'"'s credit card account number and the token-ID, said communication received by the payment gateway from the electronic device of the cardholder without said communication being accessible to the merchant server and without said communication being transmitted through the merchant server; computer-readable medium in the one or more media for enabling storage of a record that includes the token-ID and the cardholder'"'"'s credit card account number; computer-readable medium in the one or more media for enabling, after receipt of the communication from the electronic device of a cardholder, receipt of a second request from the merchant server for payment of a specified amount, where the second request includes the token-ID; computer-readable medium in the one or more media for enabling identification of the record based on the token-ID and determining the associated credit card account number of the cardholder to be debited; computer-readable medium in the one or more media for enabling a determination if the cardholder'"'"'s credit card account was successfully debited for the requested payment; computer-readable medium in the one or more media for enabling transmission of a second message to the merchant server that specifies if the requested payment transaction was successfully completed whereby improved security for the cardholder'"'"'s credit card information is achieved since the cardholder'"'"'s credit card information is not transmitted via the merchant server during an electronic transaction. - View Dependent Claims (10, 11, 12)
Specification