Configurable payment tokens

US 9,727,858 B2
Filed: 12/17/2015
Issued: 08/08/2017
Est. Priority Date: 07/26/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a payment processor computer, via a graphical user interface on a computer operated by a user, a user-configured token format from the user;

after receiving the user-configured token format, storing, by the payment processor computer, the user-configured token format received from the user computer in a database;

after the user-configured token format is stored, receiving, by the payment processor computer, a payment account number from a customer during a first transaction with the user;

generating or receiving, by the payment processor computer, an authorization request message comprising the payment account number for a transaction conducted with a merchant;

sending, by the payment processor computer, the authorization request message comprising the payment account number to an issuer computer associated with the payment account number;

receiving, by the payment processor computer, an authorization response message comprising the payment account number and an authorization from the issuer computer;

determining whether the authorization response message contains the authorization;

after receiving the authorization response message from the issuer computer, retrieving, by the payment processor computer, the user-configured token format from the database;

generating, by the payment processor computer, a token associated with the payment account number using the retrieved user-configured token format only upondetermining that the authorization response message contains the authorization, the token including a set of characters, wherein the token conforms to the user-configured token format, and wherein the token is not generated if the authorization response message does not contain the authorization; and

sending, by the payment processor computer, the token associated with the payment account number to the merchant, wherein the token is thereafter stored by the merchant.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems are disclosed for the generation and use of merchant-customizable token formats that define tokens that represent credit card and other payment numbers in online transactions. The tokens, which are used instead of the card numbers themselves for security, can be specified by the token format to have a certain number of characters, have certain fields reserved for major card identifiers, use encryption and/or randomization, be alphanumeric, and have other formatting. The customized tokens can be used with legacy equipment that uses longer or shorter card numbers than the standard sixteen-digit payment card number format and can be less likely to be recognized as related to card numbers by identify thieves.

Citations

20 Claims

1. A method comprising:
- receiving, by a payment processor computer, via a graphical user interface on a computer operated by a user, a user-configured token format from the user;
  
  after receiving the user-configured token format, storing, by the payment processor computer, the user-configured token format received from the user computer in a database;
  
  after the user-configured token format is stored, receiving, by the payment processor computer, a payment account number from a customer during a first transaction with the user;
  
  generating or receiving, by the payment processor computer, an authorization request message comprising the payment account number for a transaction conducted with a merchant;
  
  sending, by the payment processor computer, the authorization request message comprising the payment account number to an issuer computer associated with the payment account number;
  
  receiving, by the payment processor computer, an authorization response message comprising the payment account number and an authorization from the issuer computer;
  
  determining whether the authorization response message contains the authorization;
  
  after receiving the authorization response message from the issuer computer, retrieving, by the payment processor computer, the user-configured token format from the database;
  
  generating, by the payment processor computer, a token associated with the payment account number using the retrieved user-configured token format only upondetermining that the authorization response message contains the authorization, the token including a set of characters, wherein the token conforms to the user-configured token format, and wherein the token is not generated if the authorization response message does not contain the authorization; and
  
  sending, by the payment processor computer, the token associated with the payment account number to the merchant, wherein the token is thereafter stored by the merchant.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1 wherein the user-configured token format specifies a total number of characters for the tokens to be generated.
  - 3. The method of claim 1 wherein the generating the token includes:
    - encrypting a portion of the payment account number; and
      
      building the token using the encrypted portion of the payment account number.
  - 4. The method of claim 1 wherein the user-configured token format specifies one or more characters indicating a particular payment network.
  - 5. The method of claim 1 wherein the user-configured token format specifies that only letters are in the tokens to be generated.
  - 6. The method of claim 1 wherein the user-configured token format specifies that only numbers are in the tokens to be generated.
  - 7. The method of claim 1 wherein the payment account number identifies an account associated with a card selected from the group consisting of a credit card, debit card, and prepaid card.
  - 8. The method of claim 1 wherein the merchant is the user characters include only those specified by the American Standard Code for Information Exchange (ASCII).
  - 9. The method of claim 1 wherein the generated token is not mod 10 compliant.
  - 10. The method of claim 1 wherein the user-configured token format further specifies a position where a portion of the token is generated using a random number generator.
  - 11. The method of claim 1 further comprising:
    - receiving the token at the payment processor computer;
      
      determining, by the payment processor computer, the payment account number associated with the token;
      
      generating, by the payment processor computer, a second authorization request message comprising the payment account number;
      
      sending, by the payment processor computer, the second authorization request message comprising the payment account number to the issuer computer;
      
      receiving, by the payment processor computer, a second authorization response message comprising the payment account number from the issuer computer; and
      
      sending, by the payment processor computer, a payment authorization message.
  - 12. The method of claim 1 wherein before the user-configured token format is received, the user selects parameters for creating the user-configured token format and the graphical user interface displays a preview of an example token that has the user-configured token format.
  - 13. The method of claim 1 wherein generating, by the payment processor computer, the token associated with the payment account number also comprises using a random number generator to generate a portion of the token.
  - 14. The method of claim 1 wherein the graphical user interface is configured to allow the user to specify the length of characters and character set used to generate tokens using the token format, wherein the user-configured token format specifies the length and characters of the tokens to be generated.
  - 15. The method of claim 2 wherein the specified total number of characters for the token is different than a number of total characters of the payment account number.
  - 16. The method of claim 13 wherein the portion of the token generated using the random number generator has no mathematical relation to the payment account number.
  - 17. The method of claim 14 wherein the graphical user interface is further configured to allow the user to specify whether the tokens to be generated are generated by using only numbers, only letters, or only numbers and letters.
  - 18. The method of claim 17 wherein the graphical user interface is further configured to allow the user to keep the last four digits of the payment account number in subsequently generated tokens or not keep the last four digits of the payment account number in subsequently generated tokens.

19. A payment processing computer comprising:
- a processor; and
  
  a non-transitory computer readable medium storing instructions, which when executed causes the processor to perform a method comprisingreceiving via a graphical user interface on a computer operated by a user, a user-configured token format from the user,after receiving the user-configured token format, storing the user-configured token format received from the user computer in a database,after the user-configured token format is stored, receiving a payment account number,generating or receiving an authorization request message comprising the payment account number,sending the authorization request message comprising the payment account number to an issuer computer associated with the payment account number,receiving an authorization response message comprising the payment account number and an authorization from the issuer computer for a transaction conducted with a merchant;
  
  determining whether the authorization response message contains the authorization;
  
  after receiving the authorization response message from the issuer computer, retrieving the user-configured token format from the database,generating a token associated with the payment account number using the retrieved user-configured token format only upon determining that the authorization response message contains the authorization, the token including a set of characters, wherein the token conforms to the user-configured token format, wherein the token is not generated if the authorization response message does not contain the authorization, andsending, by the payment processor computer, the token associated with the payment account number to the merchant, wherein the token is thereafter stored by the merchant.
- View Dependent Claims (20)
- - 20. The payment processing computer of claim 19 wherein the graphical user interface is configured to allow the user to specify the length of characters and character set used to generate tokens using the token format, wherein the user-configured token format specifies the length and characters of the tokens to be generated.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa USA, Inc. (Visa, Inc.)
Original Assignee
Visa USA, Inc. (Visa, Inc.)
Inventors
Anderson, Lisa, Cushley, Seamus, Downey, Fergal
Primary Examiner(s)
AGWUMEZIE, CHINEDU CHARLES

Application Number

US14/973,289
Publication Number

US 20160104153A1
Time in Patent Office

600 Days
Field of Search

705 78
US Class Current
CPC Class Codes

G06Q 20/12   specially adapted for elect...

G06Q 20/227   characterised in that multi...

G06Q 20/3672   initialising or reloading t...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/385   using an alias or single-us...

G06Q 20/40   Authorisation, e.g. identif...

Configurable payment tokens

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Configurable payment tokens

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links