Configurable payment tokens
First Claim
1. A method comprising:
- receiving, by a payment processor computer, via a graphical user interface on a computer operated by a user, a user-configured token format from the user;
after receiving the user-configured token format, storing, by the payment processor computer, the user-configured token format received from the user computer in a database;
after the user-configured token format is stored, receiving, by the payment processor computer, a payment account number from a customer during a first transaction with the user;
generating or receiving, by the payment processor computer, an authorization request message comprising the payment account number for a transaction conducted with a merchant;
sending, by the payment processor computer, the authorization request message comprising the payment account number to an issuer computer associated with the payment account number;
receiving, by the payment processor computer, an authorization response message comprising the payment account number and an authorization from the issuer computer;
determining whether the authorization response message contains the authorization;
after receiving the authorization response message from the issuer computer, retrieving, by the payment processor computer, the user-configured token format from the database;
generating, by the payment processor computer, a token associated with the payment account number using the retrieved user-configured token format only upondetermining that the authorization response message contains the authorization, the token including a set of characters, wherein the token conforms to the user-configured token format, and wherein the token is not generated if the authorization response message does not contain the authorization; and
sending, by the payment processor computer, the token associated with the payment account number to the merchant, wherein the token is thereafter stored by the merchant.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems are disclosed for the generation and use of merchant-customizable token formats that define tokens that represent credit card and other payment numbers in online transactions. The tokens, which are used instead of the card numbers themselves for security, can be specified by the token format to have a certain number of characters, have certain fields reserved for major card identifiers, use encryption and/or randomization, be alphanumeric, and have other formatting. The customized tokens can be used with legacy equipment that uses longer or shorter card numbers than the standard sixteen-digit payment card number format and can be less likely to be recognized as related to card numbers by identify thieves.
-
Citations
20 Claims
-
1. A method comprising:
-
receiving, by a payment processor computer, via a graphical user interface on a computer operated by a user, a user-configured token format from the user; after receiving the user-configured token format, storing, by the payment processor computer, the user-configured token format received from the user computer in a database; after the user-configured token format is stored, receiving, by the payment processor computer, a payment account number from a customer during a first transaction with the user; generating or receiving, by the payment processor computer, an authorization request message comprising the payment account number for a transaction conducted with a merchant; sending, by the payment processor computer, the authorization request message comprising the payment account number to an issuer computer associated with the payment account number; receiving, by the payment processor computer, an authorization response message comprising the payment account number and an authorization from the issuer computer; determining whether the authorization response message contains the authorization; after receiving the authorization response message from the issuer computer, retrieving, by the payment processor computer, the user-configured token format from the database; generating, by the payment processor computer, a token associated with the payment account number using the retrieved user-configured token format only upon determining that the authorization response message contains the authorization, the token including a set of characters, wherein the token conforms to the user-configured token format, and wherein the token is not generated if the authorization response message does not contain the authorization; and sending, by the payment processor computer, the token associated with the payment account number to the merchant, wherein the token is thereafter stored by the merchant. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A payment processing computer comprising:
-
a processor; and a non-transitory computer readable medium storing instructions, which when executed causes the processor to perform a method comprising receiving via a graphical user interface on a computer operated by a user, a user-configured token format from the user, after receiving the user-configured token format, storing the user-configured token format received from the user computer in a database, after the user-configured token format is stored, receiving a payment account number, generating or receiving an authorization request message comprising the payment account number, sending the authorization request message comprising the payment account number to an issuer computer associated with the payment account number, receiving an authorization response message comprising the payment account number and an authorization from the issuer computer for a transaction conducted with a merchant; determining whether the authorization response message contains the authorization; after receiving the authorization response message from the issuer computer, retrieving the user-configured token format from the database, generating a token associated with the payment account number using the retrieved user-configured token format only upon determining that the authorization response message contains the authorization, the token including a set of characters, wherein the token conforms to the user-configured token format, wherein the token is not generated if the authorization response message does not contain the authorization, and sending, by the payment processor computer, the token associated with the payment account number to the merchant, wherein the token is thereafter stored by the merchant. - View Dependent Claims (20)
-
Specification