Internet site authentication with payments authorization data

US 9,972,013 B2
Filed: 08/15/2013
Issued: 05/15/2018
Est. Priority Date: 08/15/2013
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a server;

an electronic storage device having a database that comprises information regarding whether a merchant website is registered with a payment card network;

a communication network for allowing access to the server by the payment card network;

a payment cardholder computer device of a user, the payment cardholder computer device comprises a processor configured for communication with the communication network, wherein the processor is configured to perform operations of;

accessing the merchant website to initiate a non-fictitious shopping browser session for a real transaction;

initiating a proxy browser session at the merchant website automatically upon accessing of the merchant website;

adding a random item to a shopping cart of the merchant website automatically as part of the proxy browser session;

automatically commencing a fictitious proxy checkout from the proxy browser session to initiate an authorization request by the payment card network;

receiving, in the shopping browser session, a result of the authorization request, wherein the result is whether the merchant website is authorized by the payment card network; and

notifying the user of the result by displaying a visual cue on the payment cardholder computer device wherein, if the result is a notice that the merchant website is a phishing website that is not connected to the payment card network, the processor further performs operations of;

preventing the user from inputting information in the shopping session, thereby preventing a phishing; and

wherein, if the result is that the merchant website is an authorized website that is connected to the payment card network, the system authorizes a real transaction through the shopping browser session.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for identification by a payment cardholder of phishing and/or deceptive Websites is provided. The system includes an electronic storage device having a database of merchant or financial institution Website registration with a payment card network information stored therein. The system includes an access path for allowing access to the merchant or financial institution Website registration with a payment card network information. The system includes a processor for assembling the merchant or financial institution Website registration with a payment card network information in the database, and for communicating the assembled merchant or financial institution Website registration with a payment card network information to a payment cardholder that has been granted access to the database.

49 Citations

View as Search Results

21 Claims

1. A system comprising:
- a server;
  
  an electronic storage device having a database that comprises information regarding whether a merchant website is registered with a payment card network;
  
  a communication network for allowing access to the server by the payment card network;
  
  a payment cardholder computer device of a user, the payment cardholder computer device comprises a processor configured for communication with the communication network, wherein the processor is configured to perform operations of;
  
  accessing the merchant website to initiate a non-fictitious shopping browser session for a real transaction;
  
  initiating a proxy browser session at the merchant website automatically upon accessing of the merchant website;
  
  adding a random item to a shopping cart of the merchant website automatically as part of the proxy browser session;
  
  automatically commencing a fictitious proxy checkout from the proxy browser session to initiate an authorization request by the payment card network;
  
  receiving, in the shopping browser session, a result of the authorization request, wherein the result is whether the merchant website is authorized by the payment card network; and
  
  notifying the user of the result by displaying a visual cue on the payment cardholder computer device wherein, if the result is a notice that the merchant website is a phishing website that is not connected to the payment card network, the processor further performs operations of;
  
  preventing the user from inputting information in the shopping session, thereby preventing a phishing; and
  
  wherein, if the result is that the merchant website is an authorized website that is connected to the payment card network, the system authorizes a real transaction through the shopping browser session.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system of claim 1, wherein the information comprises a white list of merchant Websites registered with a payment card network and a black list of merchant Websites not registered with a payment card network.
  - 3. The system of claim 1, wherein the server is a Domain Name System (DNS) server.
  - 4. The system of claim 1, wherein the communication network is an intranet or Internet.
  - 5. The system of claim 1, wherein the fictitious checkout comprises using a fictitious card number, payment cardholder name, and payment cardholder address.
  - 6. The system of claim 5, wherein the fictitious card number is for a one-time use and comprises a string of sixteen numbers.
  - 7. The system of claim 1, wherein the authorization request is routed from the proxy session to an acquirer, to a payment card network, and then to an issuer.
  - 8. The system of claim 1, wherein the result of the authorization request is routed from an issuer to the payment card network, to an acquirer, and then to the shopping session.
  - 9. The system of claim 1, wherein the proxy session is initiated by a web browser, a web browser plug-in, or a web browser add-in.
  - 10. The system of claim 1, wherein the result is a confirmation that the merchant website is connected to the payment card network and not a phishing website.
  - 11. The system of claim 1, wherein the item is selected at random from an inventory available on the merchant website.

12. A system comprising:
- a server and electronic storage device having a database that comprises information regarding whether a financial institution website is registered with a payment card network;
  
  a communication network for allowing access to the server by the payment card network; and
  
  a payment cardholder computer device comprising a processor that is configured for communication with the communication network, wherein the processor performs operations of;
  
  accessing the financial institution website to initiate a non-fictitious shopping browser session for a real transaction;
  
  initiating a proxy browser session at the financial institution website upon accessing the financial institution website;
  
  adding an item to a shopping cart of the financial institution website automatically as part of the proxy browser session;
  
  automatically commencing a fictitious proxy checkout to initiate authorization request by the payment card network from the proxy browser session, wherein the fictitious proxy checkout is not completed;
  
  receiving, in the non-fictitious shopping session, a result of the authorization request, wherein the result is whether the merchant website is authorized by the payment card network;
  
  notifying the user of the result by displaying a visual cue on the payment cardholder computer device;
  
  wherein, if the result is a notice that the merchant website is a phishing website that is not connected to the payment card network, the processor further performs operations of;
  
  preventing the user from inputting information in the shopping session, thereby preventing a phishing; and
  
  wherein, if the result is that the merchant website is an authorized website that is connected to the payment card network, the system authorizes a real transaction through the non-fictitious shopping browser session.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 13. The system of claim 12, wherein the information comprises a white list of financial institution Websites registered with a payment card network and a black list of financial institution Websites not registered with a payment card network.
  - 14. The system of claim 12, wherein the server is a Domain Name System (DNS) server.
  - 15. The system of claim 12, wherein the communication network is an intranet or Internet.
  - 16. The system of claim 12, wherein the fictitious checkout comprises using a fictitious card number, payment cardholder name, and payment cardholder address.
  - 17. The system of claim 16, wherein the fictitious card number is for a one-time use and comprises a string of sixteen numbers.
  - 18. The system of claim 12, wherein the fictitious checkout creates an authorization request that is routed from the proxy session to an acquirer, to a payment card network, and then to an issuer.
  - 19. The system of claim 12, wherein the result of the authorization request is routed from an issuer, to the payment card network, to an acquirer, and then to the shopping session.
  - 20. The system of claim 12, wherein the proxy session is initiated by a web browser, a web browser plug-in, or a web browser add-in.
  - 21. The system of claim 12, wherein the result is a confirmation that the financial institution website is connected to the payment card network and not a phishing website.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Original Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Inventors
Howe, Justin X.
Primary Examiner(s)
Apple, Kirsten

Application Number

US13/967,632
Publication Number

US 20150052053A1
Time in Patent Office

1,734 Days
Field of Search

705 35, 705 38
US Class Current
CPC Class Codes

G06Q 20/40 Authorisation, e.g. identif...

G06Q 20/409 Device specific authenticat...

Internet site authentication with payments authorization data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

49 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Internet site authentication with payments authorization data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links