Method and system for secure mobile payment transactions

US 9,361,611 B2
Filed: 03/27/2015
Issued: 06/07/2016
Est. Priority Date: 02/20/2008
Status: Active Grant

First Claim

Patent Images

1. A method for processing a secure mobile payment transaction conducted at a location operated by a merchant comprising the steps of:

in association with a registration event that is completed prior to the secure payment transaction, receiving, at a web server of a secure payment service computing device from a consumer, an issuer primary account number (PAN), the issuer PAN stored in a settings database of the secure payment service computing device and associated with the consumer, the secure payment service computing device comprising;

a transaction gateway for receiving and processing payment transactions,the web server having a network interface for receiving and processing messages received from Internet sources in connection with the registration event,a messaging server having a network interface for communicating with a mobile device of the consumer, andthe settings database for storing settings from one or more of a merchant, an issuer, a payment network, a payment acquirer, and a gateway;

receiving at the web server of the secure payment service computing device from a consumer in connection with the registration event, one or more of a mobile PIN and one or more mobile device identifiers, the one or more of the mobile PIN and the one or more mobile device identifiers stored in the settings database of the secure payment computing device and associated with the issuer PAN;

in connection with a secure mobile payment transaction conducted after the registration event, receiving payment data at the transaction gateway of the secure payment service computing device, the payment data received from a computing device at the location operated by the merchant, the payment data comprising a mobile PAN which is associated with the issuer PAN;

analyzing the payment data with the transaction gateway of the secure payment service computing device to identify the payment data as comprising the mobile PAN;

upon identifying the payment data as comprising the mobile PAN, the secure payment service computing device;

communicating an approval request to a mobile device of the consumer, the mobile device associated with one of the one or more mobile device identifiers and operable to receive one or more of the mobile PIN and the a biometric factor of the consumer, the approval request transmitted using the messaging server of the secure payment computing device;

receiving an approval response in the form of a token from the mobile device of the consumer, the approval response received by the messaging server of the secure payment computing device, the token transmitted from the registered mobile device as an indication that the consumer has approved the payment transaction with one of the mobile PIN or the biometric factor of the consumer, the token transmitted in lieu of transmitting the one of the mobile PIN or the biometric factor;

after receiving the approval response from the consumer'"'"'s mobile device, the transaction gateway of the secure payment service computing device replacing the mobile PAN with the issuer PAN and transmitting the payment data and the issuer PAN to a payment network for processing; and

after transmitting the payment data and the issuer PAN to the payment network for processing, the secure payment service computing device transmitting a payment confirmation to the merchant.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for facilitating the widespread use of the PIN-Debit payment method for Internet “eCommerce” and mobile payments sales which requires little or no change for the cardholders, merchants, debit networks and card issuers based primarily on the introduction of a layer of middleware and wherein the Debit Networks and Issuing Banks may customize the implementation of the services based on individual strategy and cardholder preferences.

Citations

20 Claims

1. A method for processing a secure mobile payment transaction conducted at a location operated by a merchant comprising the steps of:
- in association with a registration event that is completed prior to the secure payment transaction, receiving, at a web server of a secure payment service computing device from a consumer, an issuer primary account number (PAN), the issuer PAN stored in a settings database of the secure payment service computing device and associated with the consumer, the secure payment service computing device comprising;
  
  a transaction gateway for receiving and processing payment transactions,the web server having a network interface for receiving and processing messages received from Internet sources in connection with the registration event,a messaging server having a network interface for communicating with a mobile device of the consumer, andthe settings database for storing settings from one or more of a merchant, an issuer, a payment network, a payment acquirer, and a gateway;
  
  receiving at the web server of the secure payment service computing device from a consumer in connection with the registration event, one or more of a mobile PIN and one or more mobile device identifiers, the one or more of the mobile PIN and the one or more mobile device identifiers stored in the settings database of the secure payment computing device and associated with the issuer PAN;
  
  in connection with a secure mobile payment transaction conducted after the registration event, receiving payment data at the transaction gateway of the secure payment service computing device, the payment data received from a computing device at the location operated by the merchant, the payment data comprising a mobile PAN which is associated with the issuer PAN;
  
  analyzing the payment data with the transaction gateway of the secure payment service computing device to identify the payment data as comprising the mobile PAN;
  
  upon identifying the payment data as comprising the mobile PAN, the secure payment service computing device;
  
  communicating an approval request to a mobile device of the consumer, the mobile device associated with one of the one or more mobile device identifiers and operable to receive one or more of the mobile PIN and the a biometric factor of the consumer, the approval request transmitted using the messaging server of the secure payment computing device;
  
  receiving an approval response in the form of a token from the mobile device of the consumer, the approval response received by the messaging server of the secure payment computing device, the token transmitted from the registered mobile device as an indication that the consumer has approved the payment transaction with one of the mobile PIN or the biometric factor of the consumer, the token transmitted in lieu of transmitting the one of the mobile PIN or the biometric factor;
  
  after receiving the approval response from the consumer'"'"'s mobile device, the transaction gateway of the secure payment service computing device replacing the mobile PAN with the issuer PAN and transmitting the payment data and the issuer PAN to a payment network for processing; and
  
  after transmitting the payment data and the issuer PAN to the payment network for processing, the secure payment service computing device transmitting a payment confirmation to the merchant.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the location is one of an ecommerce site or a retail point of sale.
  - 3. The method of claim 1, wherein the issuer PAN is one of a credit card, a debit card, a gift card, or an alternate payment method.
  - 4. The method of claim 1, wherein the payment network is one of a debit network, a credit card network, or an alternative payment network.
  - 5. The method of claim 1, wherein the mobile PAN is received at the computing device at the location operated by the merchant via one of a contactless transmission, a transmission via contact, or a manual entry of the mobile PAN.
  - 6. The method of claim 1, wherein the computing device at the location operated by the merchant is one of a POS device, a mobile telephone, or a hosting computer.
  - 7. The method of claim 1, wherein the computing device at the location operated by the merchant is configured to detect the mobile PAN using Near Field Communication (NFC), RFID or other wireless based communications.

8. A system for processing a secure payment transaction, the system comprising:
- a rule database, the rule database comprising configuration settings whereby the configuration settings are used to determine the criteria to be used to authorize the secure payment transaction;
  
  a secure payment service computing device comprising;
  
  a transaction gateway for receiving and processing payment transactions,a web server having a network interface for receiving and processing messages received from Internet sources in connection with a registration event,a database server operable for controlling inquiries and updates to the rule database,a messaging server having a network interface for communicating with a mobile telephone of a consumer, andthe secure payment service computing device in communication with the rule database and with one or more payment networks, the secure payment service computing device comprising computer-readable instructions that when executed by one or more processors are configured to;
  
  receive the configuration settings from one or more of the consumer, an issuer entity, a payment network, and a merchant, the configuration settings requiring a mobile approval for registered payment accounts, the configuration setting received by the web server of the secure payment computing device;
  
  store the configuration settings in the rule database and update the database server to reflect the stored configuration settings;
  
  receive, by the web server of the secure payment service computing device from the consumer in connection with a registration event that is completed prior to the secure payment transaction, a payment account identifier, the payment account identifier stored in the rule database and associated with the configuration settings;
  
  in connection with the secure payment transaction, which is initiated after the registration event, receive mobile payment data at the transaction gateway of the secure payment service computing device, the mobile payment data received from a point-of-sale device of the merchant, the mobile payment data comprising a mobile payment account identifier, the mobile payment account identifier transmitted from the mobile telephone of the consumer to the point-of-sale device using one of NFC or RFID;
  
  analyzing the mobile payment data with the secure payment service computing device to identify the mobile payment data as requiring a mobile approval;
  
  upon identifying the mobile payment data as requiring a mobile approval, the secure payment service computing device further configured to;
  
  communicate an approval request message to the mobile telephone of the consumer, the approval request message transmitted from the messaging server of the secure payment service computing device;
  
  receive at the messaging server an approval response message from the mobile telephone, the approval response message comprising a token;
  
  after receiving the approval response message from the consumer'"'"'s mobile telephone, substituting the consumer'"'"'s registered payment account identifier for the mobile account number, and transmitting the mobile payment data to the payment network for processing; and
  
  after receiving an approval response from the payment network, transmitting a payment confirmation to the merchant.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 9. The system of claim 8, wherein the payment data received from the merchant is received from one of a retail point of sale, a mobile telephone, or an ecommerce site.
  - 10. The system of claim 8, wherein the payment account identifier is associated with one of a credit card, a debit card, a gift card, or an alternative payment account.
  - 11. The system of claim 8, wherein the payment network is one of a debit network, a credit card network, or an alternative payment network.
  - 12. The system of claim 8, wherein the approval response message is initiated by entry into the consumer'"'"'s mobile telephone of a mobile PIN or biometric factor of the consumer which is one of a finger print, a voice print, or a geometric facial scan.
  - 13. The system of claim 8, wherein the criteria for approving a payment transaction include one or more of merchant white lists, merchant black lists, transaction velocity, and location based restrictions.
  - 14. The system of claim 8, wherein the secure mobile payment transaction is declined based on a velocity of transactions received from a specified IP address.
  - 15. The system of claim 8, wherein the secure payment service computing device generates a mobile PIN using a proprietary algorithm and based on requirements and settings stored in the rule database;
    - wherein the mobile PIN is provided to the consumer for subsequent use; and
      
      the mobile PIN is associated with the payment account identifier and restricted to use for eCommerce and mobile wallet purchases.
  - 16. The system of claim 8, further comprising a PIN repository operable to store one or more of a physical PIN, an alternate PIN, or a partial PIN related to the payment account identifier.
  - 17. The system of claim 16, wherein the alternate PIN is a pre-established PIN that has been registered with the issuer for use only in eCommerce transactions.
  - 18. The system of claim 15, wherein one of an alternate PIN or a partial physical PIN may be inserted into an ISO 8583 transaction encrypted PIN block replacing the mobile PIN prior to routing the secure payment transaction to the payment network.
  - 19. The system of claim 16, wherein the physical PIN may be added to the secure payment transaction as an additional data element and without replacing the mobile PIN.
  - 20. The system of claim 8, wherein the secure payment service computing device validates the secure payment transaction comprising the mobile payment data against the configuration settings received from one or more of the consumer, the issuer entity, the merchant, and the payment network;
    - wherein all consumer preferences are invoked;
      
      wherein an account associated with the payment account identifier can be configured to automatically approve or cancel purchases based on characteristics and combinations of the characteristics; and
      
      wherein the characteristics comprise one or more of approved merchants, prohibited merchants, and transaction amount.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Stripe, Inc.
Original Assignee
Collective Dynamics LLC
Inventors
Bacastow, Steven V.
Primary Examiner(s)
Hayles, Ashford S

Application Number

US14/671,505
Publication Number

US 20150206123A1
Time in Patent Office

438 Days
Field of Search

705/28, 705/65
US Class Current

1/1
CPC Class Codes

G06Q 20/027   involving a payment switch ...

G06Q 20/102   Bill distribution or payments

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/203   Inventory monitoring

G06Q 20/204   comprising interface for re...

G06Q 20/26   Debit schemes, e.g. "pay now"

G06Q 20/322   Aspects of commerce using m...

G06Q 20/327   Short range or proximity pa...

G06Q 20/356   Aspects of software for car...

G06Q 20/36   using electronic wallets or...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4012   Verifying personal identifi...

G06Q 20/425   using two different network...

Method and system for secure mobile payment transactions

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for secure mobile payment transactions

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links