System for structured encryption of payment card track data
First Claim
1. A method for securing data conveyed over a communications network between a point-of-sale system that receives track data from payment cards and a payment gateway that performs payment card authorization operations, comprising:
- with processing circuitry at the point-of-sale system, obtaining track data from a payment card;
with the processing circuitry at the point-of-sale system, removing selected primary account number digits from a primary account number in the track data;
with the processing circuitry at the point-of sale system, forming compressed primary account number data by compressing the removed primary account number digits; and
with the processing circuitry at the point-of sale system, inserting the compressed primary account number data into a discretionary field of the track data creating a modified discretionary field;
with the processing circuitry, following insertion of the compressed primary account number data into the discretionary field creating the modified discretionary field, encrypting the modified discretionary field;
with the processing circuitry, determining how many of the selected primary account number digits were removed from the primary account number in the track data; and
with the processing circuitry, inserting information into the primary account number digits in the track data that represents how many of the selected primary account number digits were removed.
12 Assignments
0 Petitions
Accused Products
Abstract
A system may include a point-of-sale system that gathers payment card track data from a payment card and a payment card gateway that processes the track data to authorize purchase transactions. The point-of-sale system may remove sensitive data such as a portion of a primary account number from the track data and may compress the removed data. The compressed version of the data may be appended to a discretionary field in the track data. The discretionary field may be encrypted following insertion of the compressed data. Track data that has been modified in this way may be conveyed to the payment gateway for processing.
24 Citations
17 Claims
-
1. A method for securing data conveyed over a communications network between a point-of-sale system that receives track data from payment cards and a payment gateway that performs payment card authorization operations, comprising:
-
with processing circuitry at the point-of-sale system, obtaining track data from a payment card; with the processing circuitry at the point-of-sale system, removing selected primary account number digits from a primary account number in the track data; with the processing circuitry at the point-of sale system, forming compressed primary account number data by compressing the removed primary account number digits; and with the processing circuitry at the point-of sale system, inserting the compressed primary account number data into a discretionary field of the track data creating a modified discretionary field; with the processing circuitry, following insertion of the compressed primary account number data into the discretionary field creating the modified discretionary field, encrypting the modified discretionary field; with the processing circuitry, determining how many of the selected primary account number digits were removed from the primary account number in the track data; and with the processing circuitry, inserting information into the primary account number digits in the track data that represents how many of the selected primary account number digits were removed. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for securing data conveyed over a communications network between a point-of-sale system that receives track data from payment cards and a payment gateway that performs payment card authorization operations, wherein the track data includes personal account number data and a discretionary field, the method comprising:
-
with processing circuitry at the point-of-sale system, removing selected track data from the track data and producing compressed track data by compressing the selected track data, wherein the selected track data has a length and wherein the compressed track data has a length that is shorter than the length of the selected track data; with the processing circuitry, inserting the compressed track data into the discretionary field; with the processing circuitry, following insertion of the compressed track data into the discretionary field, encrypting the discretionary field; with the processing circuitry, determining how much of the selected track data was removed from the track data; and with the processing circuitry, inserting information into the track data that represents how much of the selected track data was removed. - View Dependent Claims (13, 14, 15)
-
-
16. A method for processing payment card track data at a point-of-sale system, the method comprising:
-
with processing circuitry at the point-of-sale system, removing a part of the payment card track data, wherein the removed part of the payment card track data has a number of digits; with the processing circuitry, generating a compressed part of the payment card track data by losslessly compressing the removed part of the payment card track data so that the payment card track data shrinks from a first length to a second length that is shorter than the first length; and with the processing circuitry, inserting the compressed part of the payment card track data into a discretionary field in the payment card track data; with the processing circuitry, encrypting the discretionary field after the compressed part of the payment card track data has been inserted into the discretionary field; with the processing circuitry, determining the number of digits of the removed part of the payment card track data; and with the processing circuitry, inserting information into the payment card track data that represents the number of digits in the removed part of the payment card track data. - View Dependent Claims (17)
-
Specification