WO2001084509A2 - Secure payment method and apparatus - Google Patents
Secure payment method and apparatus Download PDFInfo
- Publication number
- WO2001084509A2 WO2001084509A2 PCT/GB2001/001880 GB0101880W WO0184509A2 WO 2001084509 A2 WO2001084509 A2 WO 2001084509A2 GB 0101880 W GB0101880 W GB 0101880W WO 0184509 A2 WO0184509 A2 WO 0184509A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- credit card
- card number
- limited use
- use credit
- user
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/04—Payment circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/12—Payment architectures specially adapted for electronic shopping systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/22—Payment schemes or models
- G06Q20/24—Credit schemes, i.e. "pay after"
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/351—Virtual cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/385—Payment protocols; Details thereof using an alias or single-use codes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
Definitions
- the present invention generally relates to a method and apparatus for making secure payments for goods and/or services.
- the present invention relates to a method and apparatus for making secure payments for goods and/or services using a credit card number which is generated by a customer and which can only be used for a limited time and/or for a limited number of transactions.
- WO99/49424 discloses one of a number of similar a credit card systems in which a central processing system holds a pool of limited use credit card numbers that can be assigned to a customer. Initially a customer must register by giving their credit card number to be used for payment. This information is stored limited use credit card numbers are issued against the real credit card number. Thus once a user has registered, they can request a new limited use credit card number at any time by logging in. A limited use credit card or just the number can then be issued. Thus the limited use credit card can be used for transactions and the real credit card number is not exposed to the Internet.
- the present invention provides a system and method for securely paying for good or services.
- Apparatus in the possession of a customer is used to generate a limited use credit card number.
- the limited use credit card number and customer identification information is sent to a validation apparatus over a communications network.
- the generated limited use credit card number is validated using the customer identification information, and if the generated limited use credit card number is determined to be valid, it is stored for payment for goods or services at the validation apparatus.
- the customer uses the limited use credit card number for paying for goods or services.
- the purchase is then authorised by comparing the credit card number used for the purchase with the limited use credit card number stored at the validation apparatus.
- this aspect of the present invention requires a customer to know something i.e. the customer identification information such as a username (or user ID) and password (or Personal Identification Number - PIN) and to have possession of an apparatus for the generation of the limited use credit card number since the validation process for the limited use credit card number requires both sets of information.
- the customer identification information such as a username (or user ID) and password (or Personal Identification Number - PIN)
- the validation process for the limited use credit card number requires both sets of information.
- this provides a higher level of security since a fraudster cannot acquire a limited use credit card simply by obtaining the user identification information.
- the generated number is dual purpose and comprises a valid credit card number that can be processed using the conventional credit card authorisation system and includes user authentication code for the authentication of the user during the validation process.
- the present invention also benefits from the use of limited use credit card numbers in the format of a conventional credit card number.
- the limited use credit card numbers can be handled by the credit card networks in the usual way and finally referred to the validation apparatus for transaction authorisation.
- Credit card numbers have a predefined format that allows them to be handled within the conventional transaction authorisation system.
- the format comprises a prefix of numbers termed a bank identification number (BIN) used to identify the bank to be used for authorising the transaction i.e. where to route the authorisation request, and a suffix number termed the Look-up number (LUN).
- BIN bank identification number
- LUN Look-up number
- the limited use credit card number comprises at least a prefix of standard form added to the beginning of the generated number.
- the limited use credit card number in this invention can be of limited use in that it has a limited lifetime and/or it can only be used for a limited number of transactions e.g. a single transaction.
- the term 'limited use credit card number' is intended to cover any type of number used for accessing debit or credit facilities, such as a debit card number, a credit card number, a charge card number or an ATM card number.
- the limited use credit card number is generated at the apparatus used by the customer by encrypting apparatus identification information (e.g. a serial number for the apparatus of the software module loaded on the apparatus) using a key. Also in a preferred embodiment of the invention the limited use credit card number is generated by also encrypting time information (e.g. a time window such as a 2 minute window during which the encryption process takes place.
- the limited use credit card number can contain information on the apparatus user for generation of the limited use credit card number and/or the time of generation of the limited use credit card number. This information significantly increases security since it provides a more secure validation process.
- the limited use credit card had a limited lifetime and can thus be termed a dynamic credit card number.
- the limited use credit card number is sent straight to the validation apparatus after generation at the customer's apparatus for validation.
- a customer can prevalidate any number of limited use credit card numbers for later purchases. These limited use credit card numbers can then be used later for purchases in a conventional manner.
- the apparatus used by the customer can write the limited use credit card number to a conventional carrier medium such as a magnetic card for use by the customer in the conventional manner, or it can simply output e.g. display the number for use by the customer over a communications network such as the Internet or telephone network.
- a communications network such as the Internet or telephone network.
- the validation server can check to determine whether the time of generation of the limited use credit card number is too long ago for the authorisation of the transaction using the limited use credit card number.
- the limited use credit card number is generated and validated at the time of purchase.
- a customer wishing to purchase goods or services contacts the merchant they are referred to a secure payment apparatus for the input of the limited use credit card number generated at the customer owned machine and user identification information such as user ID or username and password or PIN.
- user identification information such as user ID or username and password or PIN.
- the time of request for the purchase is determined by the secure payment apparatus and this, together with the input limited use credit card number and user identification information is then passes to the validation apparatus for the validation of the limited use credit card number by reference to the user identification information.
- the validation apparatus for the validation of the limited use credit card number by reference to the user identification information.
- merchant identification information e.g. a merchant certificate or ID
- the limited use credit card number generated by the customer's apparatus receives the merchant identification information (either automatically or it is manually input by the customer) and this is used to generate the limited use credit card number.
- transaction information is transmitted by the merchant to the secure payment server and the secure payment server passes this together with the other information to the validation server for use in the authorisation of the transaction via the conventional authorisation route.
- the limited use credit card number can be generated by the customer's apparatus to include user identification information as well as information identifying the customer's apparatus and the time information. This further enhances security.
- the validation apparatus of this aspect of the present invention can be implemented by any suitable specialist hardware or programmed hardware.
- the present invention thus encompasses any suitably programmed apparatus and the program code provided to the apparatus.
- the present invention can therefore be embodied as computer program code provided on a suitable carrier medium such as a transient carrier medium e.g. an electrical, optical, microwave or radio frequency signal (a signal carrying the program code over a network such as the internet is a specific example), or a storage medium such as a floppy disk, CD ROM, magnetic tape device or a programmable read only memory device.
- a suitable carrier medium such as a transient carrier medium e.g. an electrical, optical, microwave or radio frequency signal (a signal carrying the program code over a network such as the internet is a specific example), or a storage medium such as a floppy disk, CD ROM, magnetic tape device or a programmable read only memory device.
- the present invention provides apparatus and a method for generating a limited use credit card number in which apparatus identification information for identifying the apparatus, and an encryption key are stored. Time identification information is generated and encrypted together with the apparatus identification information using the encryption key to generate a multiple digit number. The generated number is then used to form a limited use credit card number containing at least apart of the encrypted number and the generated limited use credit card number is output.
- the limited use credit card number is generated by fitting the multiple digit number between a number of standard prefix and suffix digits.
- the fitting can be achieved by truncating the multiple digit number.
- the multiple digit number can be generated by encrypting user identification information input by a user e.g. a user ID, username, password and/or PIN.
- the user in order for the limited use credit card number to be generated, the user must input user identification information such as a username and password or PIN. This is compared with user identification information stored within the apparatus to determine if it is valid and if so to generate the limited use credit card number.
- user identification information such as a username and password or PIN.
- the limited use credit card number is output on a display to allow a user to get the number validated by sending if over a communications network to a validation apparatus.
- the apparatus includes a communications interface to allow the generated limited use credit card number to be automatically transmitted to the validation apparatus.
- the present invention can be implemented by any suitable specialist hardware or programmed hardware.
- the present invention encompasses any suitably programmed apparatus and the program code provided to the apparatus.
- the present invention can therefore be embodied as computer program code provided on a suitable carrier medium such as a transient carrier medium e.g. an electrical, optical, microwave or radio frequency signal (a signal carrying the program code over a network such as the internet is a specific example), or a storage medium such as a floppy disk, CD ROM, magnetic tape device or a programmable read only memory device.
- the apparatus can comprise any suitable device carried by a user such as a mobile telephone, a personal digital assistant or a small computer e.g. a laptop, notebook or sub notebook computer.
- the apparatus can also comprise a conventional programmable computer with a suitable program module loaded on it to generate the limited use credit card number.
- the apparatus can comprise a dedicated device such as a smart card with a display device.
- the apparatus has a telecommunications interface e.g. a mobile telephone or a computer having a modem of other Internet connection e.g. a local area network connection
- the apparatus is able to automatically send the generated limited use credit card number to the validation apparatus.
- Figure 1 is a schematic diagram illustrating the principles of a first embodiment of the present invention
- Figure 2 is a schematic diagram of a system for implementing the first embodiment of the present invention
- Figure 3 is a schematic diagram of a limited use credit card number generator apparatus for use in the first embodiment of the present invention
- Figure 4 is a schematic diagram of an encryption algorithm used in the limited use number generator apparatus in the first embodiment of the present invention
- Figure 5 is a schematic diagram of a validation apparatus for use in the first embodiment of the present invention
- Figure 6 is a schematic diagram of an alternative limited use credit card number generator apparatus for use in the first embodiment of the present invention
- Figure 7 is a flow diagram illustrating the method carried out by the limited use credit card number generator apparatus in the first embodiment of the present invention
- Figure 8 is a flow diagram illustrating the validation method carried out by the validation apparatus in the first embodiment of the present invention
- Figure 9 is a flow diagram illustrating the transaction authorisation method carried out by the validation apparatus in the first embodiment of the present invention
- Figure 10 is a schematic diagram illustrating the principles of a second embodiment of the present invention
- Figure 11 is a schematic diagram of a system for implementing the second embodiment of the present invention.
- Figure 12 is a picture of a first screen display provided to a customer selecting to purchase a book over the Internet from a merchant using the system of the second embodiment of the present invention
- Figure 13 is a picture of the next screen display provided to the customer to allow the customer to enter delivery details using the system of the second embodiment of the present invention
- Figure 14 is a picture of the next screen display provided to a customer to allow the customer to select the method of payment using the system of the second embodiment of the present invention
- Figure 15 is a picture of the next screen display provided to a customer to allow the customer to enter their user identification information and limited use credit card number using the system of the second embodiment of the present invention
- Figure 16 is a picture of the next screen display provided to a customer informing them that their limited use credit card number is being validated and the transaction authorised using the system of the second embodiment of the present invention
- Figure 17 is a picture of the next screen display provided to a customer to inform them that the transaction has been successfully authorised and the order has been processed using the system of the second embodiment of the present invention
- Figure 18 is a schematic diagram of a limited use credit card number generator apparatus for use in the second embodiment of the present invention.
- Figure 19 is a schematic diagram of the merchant apparatus for use in the second embodiment of the present invention.
- Figure 20 is a schematic diagram of the secure payment apparatus for use in the second embodiment of the present invention.
- Figure 21 is a schematic diagram of a validation apparatus for use in the second embodiment of the present invention.
- Figure 22 is a flow diagram illustrating the method carried out by the user operating the limited use credit card number generator apparatus in accordance with the second embodiment of the present invention.
- Figure 23 is a flow diagram illustrating the method carried out by the merchant apparatus in accordance with the second embodiment of the present invention.
- Figure 24 is a flow diagram illustrating the method carried out by the secure payment apparatus in accordance with the second embodiment of the present invention.
- Figure 25 is a flow diagram illustrating the validation method carried out by the validation apparatus in the second embodiment of the present invention.
- FIG 26 is a schematic diagram of an alternative encryption algorithm for use in the limited use number generator apparatus in either of the embodiments of the present invention.
- a first embodiment of the present invention will now be described with reference to figures 1 to 9 of the drawings.
- FIG. 1 is a diagram illustrating schematically the principles of the first embodiment of the present invention.
- a cardholder 1 is a person who has a conventional credit or debit card i.e. an account with a funding institution such as a bank. However, the cardholder 1 does not wish to expose their card number to potential fraud and thus wishes to obtain a limited use credit card number.
- the cardholder In order to benefit from the inventive system, the cardholder must initially register for the service. The registration process will require the cardholder 1 to enter personal details including their credit or debit card number so that a data record is created in the validation server for the cardholder.
- the user can also select or be issued with a user ID and PIN. This registration process can be performed in any conventional way such as over the telephone or by mail to avoid having to send credit card details over an insecure network such as the Internet.
- a limited use credit card generator This can comprise a dedicated hardware device such as a smart card (with a display or without a display but useable with a card reader, envelope device with a display, or a computer), a multipurpose device such as a mobile telephone handset or a personal digital assistant (e.g. a Palm (trademark)), or program code for loading on a suitable programmable device such as a general purpose computer, a personal digital assistant or a mobile telephone handset.
- the program code can be provided to the cardholder 1 in any conventional manner such as on a storage medium such as a floppy disk, CD ROM, magnetic tape device, or a solid-state memory device, or as a signal e.g. by downloading the program code from a server over the Internet.
- a cardholder When a cardholder wishes to make a purchase using the service, they must initially obtain a limited use credit card number. If the limited use credit card is limited to a single use i.e. a single transaction, they may obtain a number of limited use credit card numbers. In order to obtain a limited use credit card number, the cardholder must use the device or program code to generate the limited use credit card number. The cardholder must also input user identification information such as a username and password or PIN. The limited use credit card number generating apparatus used by the cardholder will then automatically send (1) the generated limited use credit card number and the entered user identification information over a communications network 4 to a validation apparatus comprising a validation server computer 3.
- a validation apparatus comprising a validation server computer 3.
- the validation server 3 will then perform a validation process using the received user identification info ⁇ nation and limited use credit card number and will return (2) a response to the cardholder's apparatus indicating the outcome of the validation process. If the received outcome indicates that the limited user credit card number has been validated, the cardholder can then store this number for later use. A cardholder could thus perform this process a number of times to obtain a number of limited use credit card numbers. Since the generation process takes the time of generation into account (as will be described in more detail hereinafter), the number generated each time will be different so long as there is a period between the generation processes. This is because the generation process uses time as time frames as will become clearer later.
- the apparatus used by the cardholder 1 it is possible for the apparatus used by the cardholder 1 to include a card-issuing device to enable the cardholder to be provided with a temporary physical credit card. This will enable the cardholder to make a purchase from the merchant 2 using the temporary credit card in a conventional manner.
- the preferred method is however simply the issuance of the number to allow the cardholder 1 to send (3) the number to the merchant 2 for the purchase of goods or services.
- the credit card number can be sent to the merchant using any communications channel such as a telephone or using the Internet to access the web site of the merchant.
- the credit card number is a limited use number, the risk to the cardholder 1 of fraudulent use of the card number is greatly reduced. Thus even if the number is fraudulently obtained as a result of its exposure over the Internet, the number can only be used for a limited number of transactions, preferably a single transaction, and/or the number is only valid for a limited period of time. Further, because of the generation method and the validation process, it is very difficult for a fraudster to successfully generate fraudulent valid limited use credit card numbers.
- the merchant Once the merchant has received the limited use credit card number as a method of payment for goods or services, they need not be aware that it is a limited use credit card number because it has the same format as a conventional credit card number. They therefore treat the number as a conventional credit card number and send it (4) to an acquirer 5 in the conventional manner for the authorisation of the over the credit card authorisation network 6.
- the prefix digits in the number (the bank identification number - BIN) identify the issuer 7 responsible for the authorisation process.
- the limited use credit card number is generated with prefix digits to route (5) the number during the authorisation process to a financial institution (issuer 7) in cooperating with the operator of the validation server 3 to provide the service.
- the issuer 7 will then send (6) the limited use credit card number to the validation server 7.
- the validation server 7 will perform a validation process by looking up a conventional credit card number corresponding to the limited use credit card number and return (7) a conventional credit card number to the issuer 7 if this is available. Since the number received by the validation server 3 from the issuer 7 is a limited use credit card number, once the number has been used i.e. used to return a conventional credit card number for authorising a transaction, it must be flagged accordingly. For instance, in the preferred embodiment the number is a single use number, and thus it is deleted or marked appropriately to prevent it being useable again. If no conventional credit card number is returned to the issuer 7, the authorisation will fail.
- a conventional credit card number is returned it is used to authorise the transaction in the conventional manner i.e. by performing the conventional credit checks.
- the result of the validation by the issuer 7 will be sent (8) back over the network 6 to the acquirer 5 which will in turn pass (9) the result to the merchant 2.
- the merchant will then either refuse to process the transaction if the transaction payment has not been authorised, or process the transaction in the conventional manner. In either case, the cardholder 1 will be informed (10) of the outcome of their transaction request.
- the network 4 can comprise any communications network. If the device used by the cardholder lfor the generation of the limited use credit card number has a telecommunications capability, the network comprises a telecommunication network. If the device used by the cardholder 1 for the generation of the limited use credit card number has an Internet connection e.g. via a modem and a telecommunications network or via a local area network, the network 4 comprises the Internet. Also in this embodiment the means by which the limited use credit card number is given to the merchant 2 by the cardholder 1 can comprise any conventional known method such as by physically handing over a temporary credit card, mail order, telephone ordering, or e-commerce over the Internet. This embodiment of the present invention is particularly suited for providing security where the limited use credit card number is given over a communication medium and is thus exposed to potential fraudsters.
- FIG 2 is a schematic diagram of a specific implementation of the system of the first embodiment of the present invention.
- the system is implemented over the Internet 11 as the communications network for communication between a customers computer 10 for the generation and transmission of the limited use credit card number to the validation server 12 connected to the Internet 1 1.
- This embodiment provides the customer operating the customer's computer 12 with the ability to purchase goods using e-commerce.
- a merchant's computer 13 is connected to the Internet 11 and hosts a web site providing the e-commerce facility.
- the merchant's computer 13 is provided with a conventional means of validating credit card transactions via an acquirer 5 over the network 6 to the issuer 7 co-operating with the validation server 12 as described hereinabove generally with reference to figure 1.
- the computer 13 is referred to as the merchant's computer, it need not be operated by the merchant. It can simply be operated on their behalf to host the e- commerce web site.
- FIG 3 is a schematic diagram of the functional units of the customer's computer 10 in the embodiment of figure 2.
- the computer 10 in this embodiment comprises a conventional general purpose computer onto which a conventional web browser 30 is loaded such as Netscape (trademark) or Internet Explorer (trademark).
- a payment module 20 is loaded into the computer 10.
- the payment module can take the form of a web browser plug-in module. The loading process will take place as a result of the registration process after which the plug-in module is made available to the customer. This can be achieved by, for example, downloading the code over the Internet from a code providing server to the computer 10.
- the payment module 20 comprises code for performing a number of functions.
- the diagram of figure 3 illustrates the code as separate functional units, but in practice, the code can be arranged in any convenient form and need not be written as distinct modules.
- a user interface module 21 is provided to provide a display with which the user can interact. This can take the form of a window on the computer display.
- the display allows a user to enter their user ID and personal identification number (PIN) that are stored temporarily in the use ID and PIN store 22.
- PIN personal identification number
- a number generator 24 is controlled to generate a limited user credit card number by obtaining a current time frame e.g. the current 2 minute window from a timer 25, the serial number for the payment module from the serial number store 26, and an encryption key from the key store 27.
- An Internet communications module 23 is provided to automatically send the generated limited use credit card number, the user ID and PIN over the Internet to the validation server 12.
- the Internet communications module 23 therefore has the capability of making an Internet Protocol (IP) connection over the Internet 1 1 using preset address and communication parameters.
- IP Internet Protocol
- the user interface module 21 is arranged to display the generated limited use credit card number to the user and to display the result of the communication to the validation server 12 i.e. to display an indication of the outcome of the validation process.
- step SI When a user wishes to obtain a limited use credit card number they enter their user ID and PIN using the user interface (step SI).
- the current time window (time stamp 40) e.g. a 2 minute time window is obtained and the serial number 41 for the software module are summed in the summer 42.
- the sum is input to an encrypter 44 together with a 56-bit key to be used as the seed for the encryption process (step S2).
- the generated 16 digit number (45) is selectively truncated to form an 11 digit number and a standard prefix of four digits is added by a number generator 46.
- the prefix comprises a bank identification number (BIN) reserved by the issuer 7 specifically for the limited use credit card number service. Also a suffix digit comprising a Look-up number (LUN) is added to the number to form a 16 digit number that has the format of a credit card number (step S3).
- the Internet communications module 23 then transmits the generated limited use credit card number, the user ID and PIN to the validation server 12 for validation of the generated limited use credit card number.
- the outcome of the validation process is received from the validation server 12 and this is displayed to the user (step S5). In this way the user is informed whether or not the number generated is valid for use in a transaction and avoids the use of invalid limited use credit card numbers for transactions.
- the encryption process used in this embodiment preferably comprises a complex 3-DES algorithm.
- Such algorithms are discussed in the following references, the disclosures of which are incorporated herein by reference:
- the operation of the validation server 12 will now be described with reference to the schematic diagram of figure 5 and the flow diagram of figure 8.
- the validation server 12 is loaded with a conventional web server 50 acting as an interface to the Internet 11.
- a validation application 60 is loaded for communicating with the web server 12 to implement the validation function and to perform the transaction authorisation function with the issuer 7.
- the validation application 60 is illustrated as comprising separate functional modules, but in practice, the code can be arranged in any convenient form and need not be written as distinct modules.
- a number receiver 61 and a user ID and PIN receiver 62 receive the generated limited use credit card number and the user ID and PIN respectively (step S6).
- the use ID and Pin are used to look-up user IDs and PINs in a customers database 64 (step S7) and a user validator 69 determines if a match can be found. If the user ID and PIN is not valid (step S8), a response sender 69a returns a response to the user's computer to inform them that they have failed to validly input their user details (step S9). If the user ID and PIN are determined to be valid (step S8), a number generator 67 generates a credit card number using the serial number for the user's software module and the encryption key for the user which are retrieved from the customers database 64. A timer 66 also generates a current time frame e.g.
- step S10 The generation process is the same as that described with respect to figures 3, 4 and 7.
- This generated number is then compared with the received generated number from the user in a comparator 63 (step SI 1). For the generated numbers to match, the time frame of generation must be the same. Thus this ensures that the validation process must take place in the same time frame as the user generation of the number.
- the response sender 69a sends a response to the customer's computer 10 to inform the customer that the generated number is not valid (step SI 3). If the numbers match, the limited use credit card number is entered into the customers database 64 and the response sender 69a returns a response to the customer's computer to inform the customer that the number has been successfully validated (step SI 2).
- the customers database 64 contains customers records, each containing a customer's personal details, their credit card or debit card number for the account to be used for payment and against which limited use credit card numbers are to be issued, their user ID and PIN, and any limited use credit card number issued for the customer.
- a customer 1 is thus able to enter into a transaction with a merchant 2 for goods or services using a generated and validated limited use credit card number.
- the merchant will treat the limited use credit card number as any conventional credit card number: they need not know that the number is a limited use credit card number.
- the number will thus be sent via the conventional credit card transaction authorisation network 6 to the issuer 7 identified by the BIN in the number.
- the issuer 7 will identify from the BIN that the number is a limited use credit card number and it will thus pass this on to the validation server 12.
- the issuer interface 68 (in figure 5) allows the validation server 12 to receive a request for the validation of a limited use credit card number from the issuer 7 (step SI 4).
- the validation interface 68 looks-up the number in the customers database 64 (step SI 5) to determine if the number can be found. If the number is in not the customers database 64 (step SI 6), the issuers interface 68 returns an invalid signal to the issuer 7 (step S 18).
- the issuer 7 can then refuse to authorise the transaction in the conventional manner.
- the issuers database can retrieve the customer's conventional credit card number against which the limited use credit card has been issued and send this to the issuer 7 (step SI 7).
- the issuer 7 can then use the credit card number to carry out the authorisation process in the conventional manner e.g. by determining whether the customer has sufficient credit in their account for the transaction or whether there is some other bar on the authorising of transactions for the customer.
- FIG 6 is a diagram of an alternative limited use credit card number generator apparatus for use in the first embodiment of the present invention.
- This alternative number generating device 70 comprises a separate device having a user interface module 71 comprising a display and a keypad to allow a user to enter their user ID and PIN.
- a user ID and Pin store 72 is provided to temporarily store the user ID and PIN input by a user using the user interface module 71.
- a number generator 74 When the user inputs their user ID and PIN, a number generator 74 generates a limited use credit card number in a manner described hereinabove with regard to figures 3, 4, and 7 using the current time frame obtained from a timer 75, the devices serial number obtained from a serial number store 76 and an encryption key obtained from a key store 77.
- the generated number is output to the user via the user interface module 71 and sent over a communications network via a communications module 73 to a validation apparatus for validation of the generated number.
- a response from the validation apparatus is received by the communications module 73 and sent to the user interface module 71 for output to the user.
- the device of figure 6 can comprise any stand-alone device having suitable dedicated hardware or programmed hardware to perform the functions of the modules. Although in figure 6 the modules are illustrated as separate units, they can comprises any arrangement or combination of software and hardware for performing the functions.
- FIG. 10 is a schematic diagram illustrating the principles of this embodiment of the present invention.
- a cardholder 1 has a device for generating a limited use credit card number.
- This device can comprise any suitable hardware or software combination.
- the functionality can be programmed into a mobile telephone, a personal digital assistant or a computer.
- the device could alternatively comprise a dedicated device such as a smart card having a display and a keypad or another such similar device.
- a cardholder 100 must first register for the service to obtain the number generating device or software. This requires a cardholder 100 to provide personal information including a credit or debit card account details (including a conventional credit card number) against which the limited use credit card numbers are to be issued. The cardholder 100 will select or be issued with a user ID and PIN to be used in the validation of limited use credit card numbers.
- the number generating device comprises a suitably programmed device
- the software for the device can be provided at the end of the registration process as a software download over a network e.g. the Internet.
- the software download will include a serial number for the software and an encryption key to be used in the encryption process for the generation of the limited use credit card number.
- a cardholder 100 When a cardholder 100 wishes to purchase goods or services using a limited use credit card number, they contact (1) the merchant 200. This contact can be via any convention means of communication e.g. by telephone, in person, or via the Internet. The cardholder 100 will select to pay for the goods or services using a limited use credit card number. The merchant 200 will then refer (2) the transaction to a secure payment server 300 to authorise the transaction.
- the secure payment server 300 receives details on the transaction and obtains the cardholders user identification information (user ID and PIN) as well as a limited use credit card number generated by the cardholder 100 for the transaction.
- the limited use credit card number can be generated by any suitable apparatus and need not be a part of a communication system. The number can be generated and then manually sent to the secure payment server 300.
- the generated number has the format of a standard credit card number e.g. 15 or 16 digits with the prefix 4 digits comprising the bank identification number (BIN) for the issuer 7 and a suffix digit comprising the Look-up number (LUN).
- BIN bank identification number
- LUN Look-up number
- the secure payment server 300 generates a time stamp indicating the time frame in which the request for payment using the limited use credit card number was made.
- the time stamp, the transaction information, the user identification information, and the input limited use credit card number are passed (3) by the secure payment server 300 to a validation server 400 over a secure communications link.
- the generated limited use credit card number is validated against the received user identification information using the received time stamp. In this way not only can the user can be validated, but also the time of generation of the limited use credit card number by the cardholder can be compared with the time of use of the limited use credit card number. The use must then be within a predetermined period of the generation of the limited use credit card number for the validation process to be successful.
- the cardholder to only generate the limited use credit card number a short time before it is to be used e.g. within a 2 minute window. This significantly decreases the likelihood of the limited use credit card number falling into a fraudster's hands and being valid.
- the validation process is successful, the limited use credit card number is stored in a database against the cardholder's real credit card number in a record for the cardholder. The result of the validation process is returned (4) to the secure payment server 300. If the result is a successful validation of the limited use credit card, the secure payment server 300 generates (5) a conventional request for authorisation of the transaction via the acquirer 5 over (6) the network 6 to the issuer 7. The limited use credit card number is sent to the issuer identified by the BIN in the number.
- the issuer 7 identifies that the number is a limited use credit card number from the BIN and passes (7) the number to the validation server 400.
- the validation server 400 looks-up the limited use credit card number in the database held by the validation server 400 for cardholders and determined whether there is a match. If so the validation server 400 responds by sending the real credit card number for the cardholder to the issuer 7.
- the issuer 7 then performs the conventional credit card validation process and returns (9) the result of the authorisation process over the network 6 to the acquirer 5 that in turn passes the authorisation result to the secure payment server 300.
- the secure payment server 300 will then return (11) the result to the merchant for appropriate processing of the transaction.
- the cardholder 100 is then informed (12) of the result of the transaction.
- this process provides for the need for the generation of the limited use credit card to be within a time window of the use of the limited use credit card number for a transaction.
- This increase security since if a fraudster were to get hold of a limited use credit card number it has a very short valid lifetime and thus the likelihood of the fraudster being able to validly use the number is small.
- the secure payment server 300 is provided as the server accessible by merchants 200 and because it is accessible over the Internet it does not hold any sensitive information.
- the validation server 400 contains the sensitive information comprising cardholder records which include personal information, real credit card numbers and user identification information used for the validation of the limited use credit card numbers. This is kept secure by keeping it off the public Internet and providing only a secure connection between it and the secure payment server 300.
- FIG 11 is a schematic diagram of a specific implementation of the system of the second embodiment of the present invention.
- the system is implemented over the Internet 800 as the communications network for communication between a customers computer 110 for the generation and transmission of the limited use credit card number to the validation server 410 connected to the Internet 800.
- This embodiment provides the customer operating the customer's computer 110 with the ability to purchase goods using e-commerce.
- a merchant's computer 210 is connected to the Internet 800 and hosts a web site providing the e-commerce facility.
- the merchant's computer 210 is provided with a web page that is capable of referring the customer's computer 110 to a secure payment server 310 when a customer wishes to pay for goods or services offered on the merchant's web site using a limited use credit card number.
- the secure payment server 310 is provided with the means for carrying out a conventional request to the acquirer 5 for the validation of the limited use credit card once it has been validated by the validation server 410.
- the validation server 410 is provided with means for receiving and responding to authorisation requests from the issuer 7.
- the computers 110, 210, 310 and 410 can comprise any suitably programmed general-purpose computers.
- the limited use credit card number generating apparatus unlike the first embodiment of the present invention, it is not necessary for the limited use credit card number generating apparatus to have a communications interface for the communication of the limited use credit card number and user identification information to the validation server. Instead, the limited use credit card number can be generated using any suitable device and output to the customer to allow them to input the generated limited use credit card number and user identification information to the secure payment server 310 for the validation of the number and the authorisation of the transaction.
- Figure 18 is a diagram of a number generating device 111 in accordance with this embodiment of the present invention.
- Figure 22 is a flow diagram illustrating the operation of the device. The device can comprise dedicated hardware or programmable hardware.
- the device can thus be provided as software operated within a programmable device such as a mobile telephone, personal digital assistant, or general-purpose computer.
- the device 1 1 1 comprises several functional modules that are shown separately for illustration. The functionality can instead be provided by any suitable hardware or software configuration.
- a user interface module 112 is provided to allow a user to request the generation of a limited use credit card number. This may require a user to input a user ID and PIN or password to activate the generation process (step S20).
- a number generator 113 is provided to receive a current time frame from a timer 114, a serial number for the device from a serial number store 115 and an encryption key from a key store 116 and to generate a number (step S21).
- the generated number is truncated and a prefix BIN and a suffix LUN are added to the number to form the limited use credit card number (step S22).
- the length of the BIN is variable and can be for example 4 or 6 digits depending upon the format used by the issuing bank.
- the number generation process in this embodiment is the same as in the previous embodiment and described with reference to figures 3 and 4.
- the generated number is sent to the customer interface module for output e.g. display to the customer to allow the customer to enter it and their user ID and PIN on the web page generated by the secure payment server 310 (step S23)
- FIG 19 schematically illustrates the functional structure of the merchant's computer 210.
- the computer is loaded with program code comprising a web server 21 1 which refers to stored web pages 212, and a merchant application 213 which refers to stored shopping data 214 for providing the e-commerce web site which can be accessed by a customer using the customer's computer 110 loaded with a web browser such as Internet Explorer (trademark) or Netscape (trademark).
- the merchant's computer 210 is also provided with a merchant ID store for storing merchant identification information which is used for further validation of the transaction.
- the computer is termed the merchant's computer, it need not be operated by a merchant.
- the computer need only host the merchant's web site and can be under any third party control.
- Figure 23 is a flow diagram illustrating the operation of the merchant's computer.
- a customer uses the e-commerce web site, such as that illustrated in the screen display of figure 12, the customer selects goods, which in this case comprises a book, (step S24).
- a web page is then displayed allowing the customer to enter their delivery details as illustrated in figure 13 (step S25).
- a web page is then displayed allowing the customer to select to pay by means of the limited use credit card number as illustrated in figure 14 (step S26).
- the web browser loaded on the customer's computer receives a redirection instruction to redirect it to load a web page from the secure payment browser 310 (step S27).
- the page displayed is illustrated in figure 15.
- step S28 Data giving information on the transaction e.g. amount of the transaction, merchant identification information and information on the goods or services is passed to the secure payment server 310 with the redirection request using conventional the conventional HTTP protocol (step S28). Processing is then carried out by the secure payment server 310 as will be described in more detail hereinafter in order to validate and to authorise the transaction.
- the merchant's computer 210 thus awaits a response from the secure payment server 310 (step S29). If the response is to fail to validate or to authorise the transaction (step S29b) a display is generated to inform the customer that the transaction has not been authorised and they should choose another method of payment. If the response is that the transaction has been authorised (step S29a), the transaction is processed and a web page is displayed to the user as illustrated in figure 17 to indicate that the transaction has been successfully processed and an order number has been assigned to the order.
- FIG 20 schematically illustrates the functional structure of the secure payment server 310.
- the server is loaded with program code comprising a web server 311 referring to stored web page data 312, and a payment application 313 for controlling the validation and authorisation process.
- the payment application 313 uses a timer 314 to obtain a current time frame for sending, together with the input user identification information and limited use credit card number and the transaction information received from the merchant's computer to the validation server 410.
- the operation of the secure payment server 310 will now be described with reference to the flow diagram of figure 24.
- the transaction information is included in the request and is temporarily held by the secure payment server 310 (step S30).
- a web page is generated and sent to the customer's computer 110 as illustrated in figure 15 and the customer enters their limited use credit card number (termed Cast Iron number in the display of figure 15) user ID and PIN (step S31).
- the payment application uses the timer 314 to determine the current time window e.g.
- step S31 a 2 minute frame
- step S33 the determined time frame
- the input user ID, PIN and limited use credit card number and the transaction information are transmitted over a secure link (an IPSEC) to the validation server 410 (step S33).
- the secure payment server 310 then awaits a validation response from the validation server 410 (step S34) and the web page illustrated in figure 16 is sent to the customer's computer.
- step S35 If the response is that the limited use credit card number of the user identification information is invalid, an authorisation refusal is transmitted to the merchant's computer (step S35) and the web browser in the customer's computer 110 is redirected to a web page hosted by the merchant's computer 210 to display a notice to the customer that the authorisation has been refused and the customer should choose an alternative payment method (step S40b). If the response from the validation server is valid, a conventional credit card transaction authorisation request is sent to the acquirer 5 (step S36) and a response is awaited (step S37).
- step S39 If the response is that the transaction is not authorised, an authorisation refusal is transmitted to the merchant's computer (step S39) and the web browser in the customer's computer 110 is redirected to a web page hosted by the merchant's computer 210 to display a notice to the customer that the authorisation has been refused and the customer should choose an alternative payment method (step S40b). If the response is that the transaction is authorised, the authorisation is transmitted to the merchant's computer 210 (step S38) ) and the web browser in the customer's computer 110 is redirected to a web page hosted by the merchant's computer 210 to process the transaction (step S40a).
- FIG 21 is a schematic diagram of the validation server 410 in the second embodiment of the present invention.
- the validation server 12 is loaded with a conventional web server 41 1 acting as an interface to the Internet 800.
- a validation application 412 is loaded for communicating with the web server 411 to implement the validation function and to perform the transaction authorisation function with the issuer 7.
- the validation application 412 is illustrated as comprising separate functional modules, but in practice, the code can be arranged in any convenient form and need not be written as distinct modules.
- a data receiver 413 receives the generated limited use credit card number, the user ID and PIN, the time window, and the transaction data from the secure payment server 310 (step S41).
- the user ID and Pin are used to look-up user IDs and PINs in a customers database 415 (step S42) and a user validator 419a determines if a match can be found. If the user ID and PIN is not valid (step S43), a response sender 419b returns a response to the secure payment server 310 to inform that the validation process has failed (step S44).
- a number generator 417 If the user ID and PIN are determined to be valid (step S43), a number generator 417 generates a credit card number using the serial number for the customer's software module, the encryption key for the customer which are retrieved from the customers database 415, and the received time window (step S45). The generation process is the same as that described with respect to figures 3, 4 and 7. This generated number is then compared with the received generated number from the secure payment server 310 in a comparator 414 (step S46). For the generated numbers to match, the time frame of generation must be the same. Thus this ensures that the validation process must take place in the same time frame as the user generation of the number.
- the response sender 419b sends a response to the secure payment server 310 to inform that the generated number is not valid (step S48). If the numbers match, the limited use credit card number is entered into the customers database 415 and the response sender 419b returns a response to the secure payment server 310 to inform that the number has been successfully validated (step S47).
- the customers database 415 contains customers records, each containing a customer's personal details, their credit card or debit card number for the account to be used for payment and against which limited use credit card numbers are to be issued, their user ID and PIN, and any limited use credit card number issued for the customer. Also transaction information for customer transactions is stored.
- the validation server 410 is also provided with an issuer's interface 418 to allow for the issuer to use the validation server 410 in the transaction authorisation process.
- the process carried out by the validation server 410 for the authorisation of the transaction requested by the secure payment server 310 is the same as that for the first embodiment described with reference to figure 9.
- Figure 26 illustrates an alternative number generation algorithm in accordance with a modification of the second embodiment of the present invention.
- this algorithm instead of just using a time stamp 80, a serial number 85 and an encryption key 86, also the users PIN 81 and the merchant's identification information in the form of a secure hash 82 is used.
- the time stamp 80, the PIN 81 and the merchant's hash are summed together using a summer 83 and the resulting summation is input to a triple DES encryption algorithm together with the serial number 85 and the encryption key 86.
- the output digital number 87 is then truncated and a BIN and LUN added to form the limited use credit card number.
- This technique has the added security advantage of including information on both parties to the transaction, information on the number generating device, and time information.
- the customer must be given the merchant's secure hash as part of the transaction process to enable them to generate the limited use credit card number.
- the validation server will then require the user ID, PIN, merchant secure hash, and the time stamp from the secure payment server to enable the validation process to be carried out.
- the process is illustrated as being implemented over the Internet, the present invention is applicable to any means of communication, including computer communications, telecommunications and physical communications.
- Any type of computer communications network can be used including the Internet, Intranets, Extranets, local area networks, and wireless networks including the wireless communications protocol (WAP).
- WAP wireless communications protocol
- the limited number generating apparatus can comprise any suitable hardware or programmable device such as a mobile telephone, a personal digital assistant (PDA), a general-purpose computer, or a dedicated hardware device such as a smart card with a display and a keypad.
- a mobile telephone such as a mobile telephone, a personal digital assistant (PDA), a general-purpose computer, or a dedicated hardware device such as a smart card with a display and a keypad.
- PDA personal digital assistant
- a dedicated hardware device such as a smart card with a display and a keypad.
- the limited use credit card number can be in any format that permits it to be processed as a conventional credit, debit, or charge card number in a conventional transaction authorisation system.
- the present invention thus includes program code carried by a suitable carrier medium for controlling a programmable apparatus to implement the present invention.
- the carrier medium can include any physical medium such as a storage medium e.g. a floppy disk, a CD ROM, a solid state memory device or a magnetic tape device; or a transient medium such as an electrical, optical, microwave or radio frequency signal.
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2001250540A AU2001250540A1 (en) | 2000-04-28 | 2001-04-27 | Secure payment method and apparatus |
EP01923857A EP1279149A2 (en) | 2000-04-28 | 2001-04-27 | Secure payment method and apparatus |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB0010422A GB0010422D0 (en) | 2000-04-28 | 2000-04-28 | Payment apparatus and method |
GB0010422.4 | 2000-04-28 | ||
GB0104956.8 | 2001-02-28 | ||
GB0104956A GB2361790A (en) | 2000-04-28 | 2001-02-28 | Making secure payments using a limited use credit card number |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2001084509A2 true WO2001084509A2 (en) | 2001-11-08 |
WO2001084509A3 WO2001084509A3 (en) | 2002-05-16 |
Family
ID=26244194
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/GB2001/001880 WO2001084509A2 (en) | 2000-04-28 | 2001-04-27 | Secure payment method and apparatus |
Country Status (4)
Country | Link |
---|---|
US (1) | US20010047335A1 (en) |
EP (1) | EP1279149A2 (en) |
AU (1) | AU2001250540A1 (en) |
WO (1) | WO2001084509A2 (en) |
Cited By (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1329859A1 (en) * | 2002-01-17 | 2003-07-23 | Siemens Aktiengesellschaft | Method of realising payments in communication networks |
WO2003065255A1 (en) * | 2002-01-31 | 2003-08-07 | Servicios Para Medios De Pago, S.A. | Reversible method of generating mutated payment cards using a mathematical algorithm |
EP1546969A2 (en) * | 2002-09-30 | 2005-06-29 | Scott Sampson | Electronic payment validation using transaction authorization tokens |
US6915279B2 (en) | 2001-03-09 | 2005-07-05 | Mastercard International Incorporated | System and method for conducting secure payment transactions |
US6990470B2 (en) | 2000-04-11 | 2006-01-24 | Mastercard International Incorporated | Method and system for conducting secure payments over a computer network |
US7177848B2 (en) | 2000-04-11 | 2007-02-13 | Mastercard International Incorporated | Method and system for conducting secure payments over a computer network without a pseudo or proxy account number |
US7379919B2 (en) | 2000-04-11 | 2008-05-27 | Mastercard International Incorporated | Method and system for conducting secure payments over a computer network |
US7774370B2 (en) | 2002-09-30 | 2010-08-10 | Sampson Scott E | Controlling the validity status of communicated messages |
US8051172B2 (en) | 2002-09-30 | 2011-11-01 | Sampson Scott E | Methods for managing the exchange of communication tokens |
EP2681701A2 (en) * | 2011-03-04 | 2014-01-08 | Visa International Service Association | Integration of payment capability into secure elements of computers |
US9317848B2 (en) | 2009-05-15 | 2016-04-19 | Visa International Service Association | Integration of verification tokens with mobile communication devices |
US9372971B2 (en) | 2009-05-15 | 2016-06-21 | Visa International Service Association | Integration of verification tokens with portable computing devices |
US9582801B2 (en) | 2009-05-15 | 2017-02-28 | Visa International Service Association | Secure communication of payment information to merchants using a verification token |
US9672515B2 (en) | 2000-03-15 | 2017-06-06 | Mastercard International Incorporated | Method and system for secure payments over a computer network |
US9715681B2 (en) | 2009-04-28 | 2017-07-25 | Visa International Service Association | Verification of portable consumer devices |
US9792611B2 (en) | 2009-05-15 | 2017-10-17 | Visa International Service Association | Secure authentication system and method |
US9904919B2 (en) | 2009-05-15 | 2018-02-27 | Visa International Service Association | Verification of portable consumer devices |
EP3404601A1 (en) * | 2010-01-19 | 2018-11-21 | Visa International Service Association | Token based transaction authentication |
US10282724B2 (en) | 2012-03-06 | 2019-05-07 | Visa International Service Association | Security system incorporating mobile device |
US10846683B2 (en) | 2009-05-15 | 2020-11-24 | Visa International Service Association | Integration of verification tokens with mobile communication devices |
US20210357922A1 (en) * | 2017-10-05 | 2021-11-18 | Mastercard International Incorporated | Systems and Methods for Use in Authenticating Users in Connection With Network Transactions |
WO2022125040A1 (en) * | 2020-12-09 | 2022-06-16 | Oezarslan Ahmet Tahsin | Payment system and method with shopping identification number |
Families Citing this family (164)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6131811A (en) | 1998-05-29 | 2000-10-17 | E-Micro Corporation | Wallet consolidator |
US6805288B2 (en) * | 2000-05-15 | 2004-10-19 | Larry Routhenstein | Method for generating customer secure card numbers subject to use restrictions by an electronic card |
WO2002048846A2 (en) * | 2000-12-14 | 2002-06-20 | Quizid Technologies Limited | An authentication system |
US7444676B1 (en) * | 2001-08-29 | 2008-10-28 | Nader Asghari-Kamrani | Direct authentication and authorization system and method for trusted network of financial institutions |
US7195154B2 (en) * | 2001-09-21 | 2007-03-27 | Privasys, Inc. | Method for generating customer secure card numbers |
US7917444B1 (en) * | 2001-10-29 | 2011-03-29 | Mcafee, Inc. | Secure single-use transaction numbers |
US6901387B2 (en) | 2001-12-07 | 2005-05-31 | General Electric Capital Financial | Electronic purchasing method and apparatus for performing the same |
US7577585B2 (en) * | 2001-12-07 | 2009-08-18 | American Express Travel Related Services Company, Inc. | Method and system for completing transactions involving partial shipments |
US7805376B2 (en) * | 2002-06-14 | 2010-09-28 | American Express Travel Related Services Company, Inc. | Methods and apparatus for facilitating a transaction |
US20030195842A1 (en) * | 2002-04-15 | 2003-10-16 | Kenneth Reece | Method and device for making secure transactions |
GB0210692D0 (en) | 2002-05-10 | 2002-06-19 | Assendon Ltd | Smart card token for remote authentication |
JP2004054897A (en) * | 2002-05-29 | 2004-02-19 | Toshiba Tec Corp | Card authentication server apparatus and card authentication program |
US9710804B2 (en) * | 2012-10-07 | 2017-07-18 | Andrew H B Zhou | Virtual payment cards issued by banks for mobile and wearable devices |
US7162640B2 (en) * | 2003-03-11 | 2007-01-09 | Microsoft Corporation | System and method for protecting identity information |
US7413112B2 (en) * | 2004-03-16 | 2008-08-19 | American Express Travel Related Services Company, Inc. | Method and system for manual authorization |
US7472827B2 (en) * | 2004-05-17 | 2009-01-06 | American Express Travel Related Services Company, Inc. | Limited use PIN system and method |
CA2625808A1 (en) * | 2004-11-15 | 2006-05-18 | Runtime Ab | Apparatus and method for secure credit card processing infrastructure |
US8321686B2 (en) * | 2005-02-07 | 2012-11-27 | Sandisk Technologies Inc. | Secure memory card with life cycle phases |
US8108691B2 (en) | 2005-02-07 | 2012-01-31 | Sandisk Technologies Inc. | Methods used in a secure memory card with life cycle phases |
US8423788B2 (en) * | 2005-02-07 | 2013-04-16 | Sandisk Technologies Inc. | Secure memory card with life cycle phases |
US8684267B2 (en) | 2005-03-26 | 2014-04-01 | Privasys | Method for broadcasting a magnetic stripe data packet from an electronic smart card |
KR20070119051A (en) | 2005-03-26 | 2007-12-18 | 프라이베이시스, 인크. | Electronic financial transaction cards and methods |
US8226001B1 (en) | 2010-06-23 | 2012-07-24 | Fiteq, Inc. | Method for broadcasting a magnetic stripe data packet from an electronic smart card |
WO2006116772A2 (en) | 2005-04-27 | 2006-11-02 | Privasys, Inc. | Electronic cards and methods for making same |
US7793851B2 (en) | 2005-05-09 | 2010-09-14 | Dynamics Inc. | Dynamic credit card with magnetic stripe and embedded encoder and methods for using the same to provide a copy-proof credit card |
US7743409B2 (en) | 2005-07-08 | 2010-06-22 | Sandisk Corporation | Methods used in a mass storage device with automated credentials loading |
US7536540B2 (en) | 2005-09-14 | 2009-05-19 | Sandisk Corporation | Method of hardware driver integrity check of memory card controller firmware |
US8230487B2 (en) | 2005-12-21 | 2012-07-24 | International Business Machines Corporation | Method and system for controlling access to a secondary system |
CN100462988C (en) * | 2006-06-29 | 2009-02-18 | 北京飞天诚信科技有限公司 | Method for setting customer flag information |
WO2008039942A1 (en) * | 2006-09-27 | 2008-04-03 | Electronic Commerce Protection Corporation | Mechanism for fraud-resistant consumer transactions |
US8201217B1 (en) * | 2006-10-03 | 2012-06-12 | Stamps.Com Inc. | Systems and methods for single sign-in for multiple accounts |
US8046823B1 (en) | 2006-10-03 | 2011-10-25 | Stamps.Com Inc. | Secure application bridge server |
US7606766B2 (en) * | 2006-12-21 | 2009-10-20 | American Express Travel Related Services Company, Inc. | Computer system and computer-implemented method for selecting invoice settlement options |
BRPI0806457A2 (en) * | 2007-01-09 | 2011-09-06 | Visa Usa Inc | Method mobile phone and system |
SE531960C2 (en) * | 2007-01-26 | 2009-09-15 | Smartrefill I Helsingborg Ab | Method of securely executing a payment transaction |
US20080217396A1 (en) * | 2007-03-06 | 2008-09-11 | Securecard Technologies, Inc. | Device and method for conducting secure economic transactions |
NZ563415A (en) * | 2007-11-14 | 2009-07-31 | Bank Of New Zealand | User authentication system and method |
US8020775B2 (en) | 2007-12-24 | 2011-09-20 | Dynamics Inc. | Payment cards and devices with enhanced magnetic emulators |
US8090650B2 (en) * | 2008-07-24 | 2012-01-03 | At&T Intellectual Property I, L.P. | Secure payment service and system for interactive voice response (IVR) systems |
US8196813B2 (en) * | 2008-12-03 | 2012-06-12 | Ebay Inc. | System and method to allow access to a value holding account |
US8579203B1 (en) | 2008-12-19 | 2013-11-12 | Dynamics Inc. | Electronic magnetic recorded media emulators in magnetic card devices |
US8931703B1 (en) | 2009-03-16 | 2015-01-13 | Dynamics Inc. | Payment cards and devices for displaying barcodes |
US10176419B1 (en) | 2009-04-06 | 2019-01-08 | Dynamics Inc. | Cards and assemblies with user interfaces |
US9329619B1 (en) | 2009-04-06 | 2016-05-03 | Dynamics Inc. | Cards with power management |
US8622309B1 (en) | 2009-04-06 | 2014-01-07 | Dynamics Inc. | Payment cards and devices with budgets, parental controls, and virtual accounts |
US8393545B1 (en) | 2009-06-23 | 2013-03-12 | Dynamics Inc. | Cards deployed with inactivated products for activation |
US8511574B1 (en) | 2009-08-17 | 2013-08-20 | Dynamics Inc. | Advanced loyalty applications for powered cards and devices |
US9306666B1 (en) | 2009-10-08 | 2016-04-05 | Dynamics Inc. | Programming protocols for powered cards and devices |
US8727219B1 (en) | 2009-10-12 | 2014-05-20 | Dynamics Inc. | Magnetic stripe track signal having multiple communications channels |
US8523059B1 (en) | 2009-10-20 | 2013-09-03 | Dynamics Inc. | Advanced payment options for powered cards and devices |
US8393546B1 (en) | 2009-10-25 | 2013-03-12 | Dynamics Inc. | Games, prizes, and entertainment for powered cards and devices |
US20110195748A1 (en) * | 2010-02-09 | 2011-08-11 | Jonathan Main | Enhanced security feature for payment-enabled mobile telephone |
US8602312B2 (en) | 2010-02-16 | 2013-12-10 | Dynamics Inc. | Systems and methods for drive circuits for dynamic magnetic stripe communications devices |
US8348172B1 (en) | 2010-03-02 | 2013-01-08 | Dynamics Inc. | Systems and methods for detection mechanisms for magnetic cards and devices |
US10693263B1 (en) | 2010-03-16 | 2020-06-23 | Dynamics Inc. | Systems and methods for audio connectors for powered cards and devices |
US10504105B2 (en) | 2010-05-18 | 2019-12-10 | Dynamics Inc. | Systems and methods for cards and devices operable to communicate to touch sensitive displays |
US8317103B1 (en) | 2010-06-23 | 2012-11-27 | FiTeq | Method for broadcasting a magnetic stripe data packet from an electronic smart card |
USD687094S1 (en) | 2010-07-02 | 2013-07-30 | Dynamics Inc. | Multiple button interactive electronic card with light sources |
USD652448S1 (en) | 2010-07-02 | 2012-01-17 | Dynamics Inc. | Multiple button interactive electronic card |
USD652867S1 (en) | 2010-07-02 | 2012-01-24 | Dynamics Inc. | Multiple button interactive electronic card |
USD652449S1 (en) | 2010-07-02 | 2012-01-17 | Dynamics Inc. | Multiple button interactive electronic card |
USD674013S1 (en) | 2010-07-02 | 2013-01-08 | Dynamics Inc. | Multiple button interactive electronic card with light sources |
USD652075S1 (en) | 2010-07-02 | 2012-01-10 | Dynamics Inc. | Multiple button interactive electronic card |
USD672389S1 (en) | 2010-07-02 | 2012-12-11 | Dynamics Inc. | Multiple button interactive electronic card with light sources |
USD670759S1 (en) | 2010-07-02 | 2012-11-13 | Dynamics Inc. | Multiple button interactive electronic card with light sources |
USD651237S1 (en) | 2010-07-09 | 2011-12-27 | Dynamics Inc. | Interactive electronic card with display |
USD652450S1 (en) | 2010-07-09 | 2012-01-17 | Dynamics Inc. | Multiple button interactive electronic card |
USD653288S1 (en) | 2010-07-09 | 2012-01-31 | Dynamics Inc. | Multiple button interactive electronic card |
USD652076S1 (en) | 2010-07-09 | 2012-01-10 | Dynamics Inc. | Multiple button interactive electronic card with display |
USD643063S1 (en) | 2010-07-09 | 2011-08-09 | Dynamics Inc. | Interactive electronic card with display |
USD651644S1 (en) | 2010-07-09 | 2012-01-03 | Dynamics Inc. | Interactive electronic card with display |
USD792511S1 (en) | 2010-07-09 | 2017-07-18 | Dynamics Inc. | Display with font |
USD666241S1 (en) | 2010-07-09 | 2012-08-28 | Dynamics Inc. | Multiple button interactive electronic card with light source |
USD651238S1 (en) | 2010-07-09 | 2011-12-27 | Dynamics Inc. | Interactive electronic card with display |
USD665447S1 (en) | 2010-07-09 | 2012-08-14 | Dynamics Inc. | Multiple button interactive electronic card with light source and display |
USD792513S1 (en) | 2010-07-09 | 2017-07-18 | Dynamics Inc. | Display with font |
USD665022S1 (en) | 2010-07-09 | 2012-08-07 | Dynamics Inc. | Multiple button interactive electronic card with light source |
USD792512S1 (en) | 2010-07-09 | 2017-07-18 | Dynamics Inc. | Display with font |
US8322623B1 (en) | 2010-07-26 | 2012-12-04 | Dynamics Inc. | Systems and methods for advanced card printing |
US9818125B2 (en) | 2011-02-16 | 2017-11-14 | Dynamics Inc. | Systems and methods for information exchange mechanisms for powered cards and devices |
US9053398B1 (en) | 2010-08-12 | 2015-06-09 | Dynamics Inc. | Passive detection mechanisms for magnetic cards and devices |
US10055614B1 (en) | 2010-08-12 | 2018-08-21 | Dynamics Inc. | Systems and methods for advanced detection mechanisms for magnetic cards and devices |
US10022884B1 (en) | 2010-10-15 | 2018-07-17 | Dynamics Inc. | Systems and methods for alignment techniques for magnetic cards and devices |
US8561894B1 (en) | 2010-10-20 | 2013-10-22 | Dynamics Inc. | Powered cards and devices designed, programmed, and deployed from a kiosk |
US9646240B1 (en) | 2010-11-05 | 2017-05-09 | Dynamics Inc. | Locking features for powered cards and devices |
US11295394B2 (en) | 2010-12-07 | 2022-04-05 | Groupon, Inc. | Method and system for credit card holder identification |
US8567679B1 (en) | 2011-01-23 | 2013-10-29 | Dynamics Inc. | Cards and devices with embedded holograms |
US10095970B1 (en) | 2011-01-31 | 2018-10-09 | Dynamics Inc. | Cards including anti-skimming devices |
US9836680B1 (en) | 2011-03-03 | 2017-12-05 | Dynamics Inc. | Systems and methods for advanced communication mechanisms for magnetic cards and devices |
US11514451B2 (en) * | 2011-03-15 | 2022-11-29 | Capital One Services, Llc | Systems and methods for performing financial transactions using active authentication |
US8485446B1 (en) | 2011-03-28 | 2013-07-16 | Dynamics Inc. | Shielded magnetic stripe for magnetic cards and devices |
EP2707847A4 (en) | 2011-05-10 | 2015-04-01 | Dynamics Inc | Systems, devices, and methods for mobile payment acceptance, mobile authorizations, mobile wallets, and contactless communication mechanisms |
USD676904S1 (en) | 2011-05-12 | 2013-02-26 | Dynamics Inc. | Interactive display card |
USD670331S1 (en) | 2011-05-12 | 2012-11-06 | Dynamics Inc. | Interactive display card |
USD670332S1 (en) | 2011-05-12 | 2012-11-06 | Dynamics Inc. | Interactive card |
USD670329S1 (en) | 2011-05-12 | 2012-11-06 | Dynamics Inc. | Interactive display card |
USD670330S1 (en) | 2011-05-12 | 2012-11-06 | Dynamics Inc. | Interactive card |
US8628022B1 (en) | 2011-05-23 | 2014-01-14 | Dynamics Inc. | Systems and methods for sensor mechanisms for magnetic cards and devices |
US9600808B1 (en) | 2011-06-24 | 2017-03-21 | Epic One Texas, Llc | Secure payment card, method and system |
US8827153B1 (en) | 2011-07-18 | 2014-09-09 | Dynamics Inc. | Systems and methods for waveform generation for dynamic magnetic stripe communications devices |
EP2740094A4 (en) | 2011-09-06 | 2015-03-25 | Mastercard International Inc | Apparatus, method, and computer program product for data cleansing and/or biller scrubbing |
US11551046B1 (en) | 2011-10-19 | 2023-01-10 | Dynamics Inc. | Stacked dynamic magnetic stripe commmunications device for magnetic cards and devices |
US11409971B1 (en) | 2011-10-23 | 2022-08-09 | Dynamics Inc. | Programming and test modes for powered cards and devices |
US9619741B1 (en) | 2011-11-21 | 2017-04-11 | Dynamics Inc. | Systems and methods for synchronization mechanisms for magnetic cards and devices |
US8960545B1 (en) | 2011-11-21 | 2015-02-24 | Dynamics Inc. | Data modification for magnetic cards and devices |
KR101236544B1 (en) * | 2012-01-12 | 2013-03-15 | 주식회사 엘지씨엔에스 | Payment method and payment gateway, mobile terminal and time certificate issuing server associated with the same |
US9064194B1 (en) | 2012-02-03 | 2015-06-23 | Dynamics Inc. | Systems and methods for spike suppression for dynamic magnetic stripe communications devices |
US9710745B1 (en) | 2012-02-09 | 2017-07-18 | Dynamics Inc. | Systems and methods for automated assembly of dynamic magnetic stripe communications devices |
US10404615B2 (en) | 2012-02-14 | 2019-09-03 | Airwatch, Llc | Controlling distribution of resources on a network |
US8888009B1 (en) | 2012-02-14 | 2014-11-18 | Dynamics Inc. | Systems and methods for extended stripe mechanisms for magnetic cards and devices |
US20140157354A1 (en) * | 2012-02-14 | 2014-06-05 | SkySocket, LLC | Securing Access to Resources on a Network |
US10257194B2 (en) | 2012-02-14 | 2019-04-09 | Airwatch Llc | Distribution of variably secure resources in a networked environment |
US9705813B2 (en) | 2012-02-14 | 2017-07-11 | Airwatch, Llc | Controlling distribution of resources on a network |
US9680763B2 (en) | 2012-02-14 | 2017-06-13 | Airwatch, Llc | Controlling distribution of resources in a network |
US9916992B2 (en) | 2012-02-20 | 2018-03-13 | Dynamics Inc. | Systems and methods for flexible components for powered cards and devices |
US9734669B1 (en) | 2012-04-02 | 2017-08-15 | Dynamics Inc. | Cards, devices, systems, and methods for advanced payment game of skill and game of chance functionality |
US11418483B1 (en) | 2012-04-19 | 2022-08-16 | Dynamics Inc. | Cards, devices, systems, and methods for zone-based network management |
US9033218B1 (en) | 2012-05-15 | 2015-05-19 | Dynamics Inc. | Cards, devices, systems, methods and dynamic security codes |
US9064195B2 (en) | 2012-06-29 | 2015-06-23 | Dynamics Inc. | Multiple layer card circuit boards |
USD688744S1 (en) | 2012-08-27 | 2013-08-27 | Dynamics Inc. | Interactive electronic card with display and button |
USD687095S1 (en) | 2012-08-27 | 2013-07-30 | Dynamics Inc. | Interactive electronic card with buttons |
USD729869S1 (en) | 2012-08-27 | 2015-05-19 | Dynamics Inc. | Interactive electronic card with display and button |
USD676487S1 (en) | 2012-08-27 | 2013-02-19 | Dynamics Inc. | Interactive electronic card with display and buttons |
USD695636S1 (en) | 2012-08-27 | 2013-12-17 | Dynamics Inc. | Interactive electronic card with display and buttons |
USD687490S1 (en) | 2012-08-27 | 2013-08-06 | Dynamics Inc. | Interactive electronic card with display and button |
USD673606S1 (en) | 2012-08-27 | 2013-01-01 | Dynamics Inc. | Interactive electronic card with display and buttons |
USD729870S1 (en) | 2012-08-27 | 2015-05-19 | Dynamics Inc. | Interactive electronic card with display and button |
USD675256S1 (en) | 2012-08-27 | 2013-01-29 | Dynamics Inc. | Interactive electronic card with display and button |
USD730438S1 (en) | 2012-08-27 | 2015-05-26 | Dynamics Inc. | Interactive electronic card with display and button |
USD729871S1 (en) | 2012-08-27 | 2015-05-19 | Dynamics Inc. | Interactive electronic card with display and buttons |
USD694322S1 (en) | 2012-08-27 | 2013-11-26 | Dynamics Inc. | Interactive electronic card with display buttons |
USD730439S1 (en) | 2012-08-27 | 2015-05-26 | Dynamics Inc. | Interactive electronic card with buttons |
USD687489S1 (en) | 2012-08-27 | 2013-08-06 | Dynamics Inc. | Interactive electronic card with buttons |
USD687488S1 (en) | 2012-08-27 | 2013-08-06 | Dynamics Inc. | Interactive electronic card with buttons |
USD687487S1 (en) | 2012-08-27 | 2013-08-06 | Dynamics Inc. | Interactive electronic card with display and button |
USD828870S1 (en) | 2012-08-27 | 2018-09-18 | Dynamics Inc. | Display card |
USD687887S1 (en) | 2012-08-27 | 2013-08-13 | Dynamics Inc. | Interactive electronic card with buttons |
USD692053S1 (en) | 2012-08-27 | 2013-10-22 | Dynamics Inc. | Interactive electronic card with display and button |
US11126997B1 (en) | 2012-10-02 | 2021-09-21 | Dynamics Inc. | Cards, devices, systems, and methods for a fulfillment system |
US9010647B2 (en) | 2012-10-29 | 2015-04-21 | Dynamics Inc. | Multiple sensor detector systems and detection methods of magnetic cards and devices |
US9659246B1 (en) | 2012-11-05 | 2017-05-23 | Dynamics Inc. | Dynamic magnetic stripe communications device with beveled magnetic material for magnetic cards and devices |
US9010644B1 (en) | 2012-11-30 | 2015-04-21 | Dynamics Inc. | Dynamic magnetic stripe communications device with stepped magnetic material for magnetic cards and devices |
US10949627B2 (en) | 2012-12-20 | 2021-03-16 | Dynamics Inc. | Systems and methods for non-time smearing detection mechanisms for magnetic cards and devices |
USD765174S1 (en) | 2013-03-04 | 2016-08-30 | Dynamics Inc. | Interactive electronic card with button |
USD751640S1 (en) | 2013-03-04 | 2016-03-15 | Dynamics Inc. | Interactive electronic card with display and button |
USD750168S1 (en) | 2013-03-04 | 2016-02-23 | Dynamics Inc. | Interactive electronic card with display and button |
USD750167S1 (en) | 2013-03-04 | 2016-02-23 | Dynamics Inc. | Interactive electronic card with buttons |
USD765173S1 (en) | 2013-03-04 | 2016-08-30 | Dynamics Inc. | Interactive electronic card with display and button |
USD764584S1 (en) | 2013-03-04 | 2016-08-23 | Dynamics Inc. | Interactive electronic card with buttons |
USD750166S1 (en) | 2013-03-04 | 2016-02-23 | Dynamics Inc. | Interactive electronic card with display and buttons |
USD751639S1 (en) | 2013-03-04 | 2016-03-15 | Dynamics Inc. | Interactive electronic card with display and button |
USD777252S1 (en) | 2013-03-04 | 2017-01-24 | Dynamics Inc. | Interactive electronic card with buttons |
US20140280955A1 (en) | 2013-03-14 | 2014-09-18 | Sky Socket, Llc | Controlling Electronically Communicated Resources |
CA2913008A1 (en) * | 2013-05-23 | 2014-11-27 | Sureshwara Incorporated | A system for authorizing electronic transactions and a method thereof |
WO2015015332A1 (en) * | 2013-07-30 | 2015-02-05 | Byrkat Eliyahu Security Card Guard Ltd. | Charge card validation |
USD767024S1 (en) | 2013-09-10 | 2016-09-20 | Dynamics Inc. | Interactive electronic card with contact connector |
USD737373S1 (en) | 2013-09-10 | 2015-08-25 | Dynamics Inc. | Interactive electronic card with contact connector |
DE102014000644A1 (en) * | 2014-01-17 | 2015-07-23 | Giesecke & Devrient Gmbh | Procedure for authorizing a transaction |
US10108891B1 (en) | 2014-03-21 | 2018-10-23 | Dynamics Inc. | Exchange coupled amorphous ribbons for electronic stripes |
KR101624266B1 (en) * | 2015-04-03 | 2016-05-26 | 비씨카드(주) | Token authentication method and token authentication using verification value generated based on current time |
US10032049B2 (en) | 2016-02-23 | 2018-07-24 | Dynamics Inc. | Magnetic cards and devices for motorized readers |
WO2017181185A1 (en) * | 2016-04-15 | 2017-10-19 | Visa International Service Association | System and method for secure web payments |
KR102005554B1 (en) * | 2018-08-09 | 2019-07-30 | 주식회사 센스톤 | Method and system for providing financial transaction using empty card |
US11580558B2 (en) * | 2020-02-07 | 2023-02-14 | Focus Universal Inc. | Dynamic anti-counterfeit system and method |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4720860A (en) * | 1984-11-30 | 1988-01-19 | Security Dynamics Technologies, Inc. | Method and apparatus for positively identifying an individual |
US5477038A (en) * | 1993-10-25 | 1995-12-19 | Visa International | Method and apparatus for distributing currency |
US5478994A (en) * | 1994-07-13 | 1995-12-26 | Rahman; Sam | Secure credit card which prevents unauthorized transactions |
US5606614A (en) * | 1993-10-15 | 1997-02-25 | British Telecommunications Public Limited Company | Personal identification systems |
US5627355A (en) * | 1994-07-13 | 1997-05-06 | Rahman; Sam | Transaction device, equipment and method for protecting account numbers and their associated personal identification numbers |
WO2000010140A1 (en) * | 1998-08-17 | 2000-02-24 | Shem Ur Jonathan | Method for preventing unauthorized use of credit cards in remote payments and an optional supplemental-code card for use therein |
-
2001
- 2001-03-15 US US09/809,362 patent/US20010047335A1/en not_active Abandoned
- 2001-04-27 EP EP01923857A patent/EP1279149A2/en not_active Withdrawn
- 2001-04-27 AU AU2001250540A patent/AU2001250540A1/en not_active Abandoned
- 2001-04-27 WO PCT/GB2001/001880 patent/WO2001084509A2/en not_active Application Discontinuation
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4720860A (en) * | 1984-11-30 | 1988-01-19 | Security Dynamics Technologies, Inc. | Method and apparatus for positively identifying an individual |
US5606614A (en) * | 1993-10-15 | 1997-02-25 | British Telecommunications Public Limited Company | Personal identification systems |
US5477038A (en) * | 1993-10-25 | 1995-12-19 | Visa International | Method and apparatus for distributing currency |
US5478994A (en) * | 1994-07-13 | 1995-12-26 | Rahman; Sam | Secure credit card which prevents unauthorized transactions |
US5627355A (en) * | 1994-07-13 | 1997-05-06 | Rahman; Sam | Transaction device, equipment and method for protecting account numbers and their associated personal identification numbers |
WO2000010140A1 (en) * | 1998-08-17 | 2000-02-24 | Shem Ur Jonathan | Method for preventing unauthorized use of credit cards in remote payments and an optional supplemental-code card for use therein |
Cited By (36)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9672515B2 (en) | 2000-03-15 | 2017-06-06 | Mastercard International Incorporated | Method and system for secure payments over a computer network |
US7379919B2 (en) | 2000-04-11 | 2008-05-27 | Mastercard International Incorporated | Method and system for conducting secure payments over a computer network |
US6990470B2 (en) | 2000-04-11 | 2006-01-24 | Mastercard International Incorporated | Method and system for conducting secure payments over a computer network |
US7177848B2 (en) | 2000-04-11 | 2007-02-13 | Mastercard International Incorporated | Method and system for conducting secure payments over a computer network without a pseudo or proxy account number |
US6915279B2 (en) | 2001-03-09 | 2005-07-05 | Mastercard International Incorporated | System and method for conducting secure payment transactions |
EP1329859A1 (en) * | 2002-01-17 | 2003-07-23 | Siemens Aktiengesellschaft | Method of realising payments in communication networks |
WO2003065255A1 (en) * | 2002-01-31 | 2003-08-07 | Servicios Para Medios De Pago, S.A. | Reversible method of generating mutated payment cards using a mathematical algorithm |
US7035831B2 (en) | 2002-01-31 | 2006-04-25 | Servicios Para Medios De Pago, S.A. | Reversible generation process of altered payment card by means of a mathematical algorithm |
US7774370B2 (en) | 2002-09-30 | 2010-08-10 | Sampson Scott E | Controlling the validity status of communicated messages |
EP1546969A2 (en) * | 2002-09-30 | 2005-06-29 | Scott Sampson | Electronic payment validation using transaction authorization tokens |
US8051172B2 (en) | 2002-09-30 | 2011-11-01 | Sampson Scott E | Methods for managing the exchange of communication tokens |
EP1546969A4 (en) * | 2002-09-30 | 2008-04-23 | Scott Sampson | Electronic payment validation using transaction authorization tokens |
US10997573B2 (en) | 2009-04-28 | 2021-05-04 | Visa International Service Association | Verification of portable consumer devices |
US10572864B2 (en) | 2009-04-28 | 2020-02-25 | Visa International Service Association | Verification of portable consumer devices |
US9715681B2 (en) | 2009-04-28 | 2017-07-25 | Visa International Service Association | Verification of portable consumer devices |
US10387871B2 (en) | 2009-05-15 | 2019-08-20 | Visa International Service Association | Integration of verification tokens with mobile communication devices |
US10009177B2 (en) | 2009-05-15 | 2018-06-26 | Visa International Service Association | Integration of verification tokens with mobile communication devices |
US9582801B2 (en) | 2009-05-15 | 2017-02-28 | Visa International Service Association | Secure communication of payment information to merchants using a verification token |
US9317848B2 (en) | 2009-05-15 | 2016-04-19 | Visa International Service Association | Integration of verification tokens with mobile communication devices |
US9372971B2 (en) | 2009-05-15 | 2016-06-21 | Visa International Service Association | Integration of verification tokens with portable computing devices |
US9792611B2 (en) | 2009-05-15 | 2017-10-17 | Visa International Service Association | Secure authentication system and method |
US9904919B2 (en) | 2009-05-15 | 2018-02-27 | Visa International Service Association | Verification of portable consumer devices |
US10846683B2 (en) | 2009-05-15 | 2020-11-24 | Visa International Service Association | Integration of verification tokens with mobile communication devices |
US10043186B2 (en) | 2009-05-15 | 2018-08-07 | Visa International Service Association | Secure authentication system and method |
US10049360B2 (en) | 2009-05-15 | 2018-08-14 | Visa International Service Association | Secure communication of payment information to merchants using a verification token |
US11574312B2 (en) | 2009-05-15 | 2023-02-07 | Visa International Service Association | Secure authentication system and method |
EP3404601A1 (en) * | 2010-01-19 | 2018-11-21 | Visa International Service Association | Token based transaction authentication |
US9424413B2 (en) | 2010-02-24 | 2016-08-23 | Visa International Service Association | Integration of payment capability into secure elements of computers |
US9589268B2 (en) | 2010-02-24 | 2017-03-07 | Visa International Service Association | Integration of payment capability into secure elements of computers |
US10657528B2 (en) | 2010-02-24 | 2020-05-19 | Visa International Service Association | Integration of payment capability into secure elements of computers |
EP2681701A2 (en) * | 2011-03-04 | 2014-01-08 | Visa International Service Association | Integration of payment capability into secure elements of computers |
EP2681701A4 (en) * | 2011-03-04 | 2014-08-20 | Visa Int Service Ass | Integration of payment capability into secure elements of computers |
US10282724B2 (en) | 2012-03-06 | 2019-05-07 | Visa International Service Association | Security system incorporating mobile device |
US20210357922A1 (en) * | 2017-10-05 | 2021-11-18 | Mastercard International Incorporated | Systems and Methods for Use in Authenticating Users in Connection With Network Transactions |
US11810107B2 (en) * | 2017-10-05 | 2023-11-07 | Mastercard International Incorporated | Systems and methods for use in authenticating users in connection with network transactions |
WO2022125040A1 (en) * | 2020-12-09 | 2022-06-16 | Oezarslan Ahmet Tahsin | Payment system and method with shopping identification number |
Also Published As
Publication number | Publication date |
---|---|
US20010047335A1 (en) | 2001-11-29 |
AU2001250540A1 (en) | 2001-11-12 |
WO2001084509A3 (en) | 2002-05-16 |
EP1279149A2 (en) | 2003-01-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20010047335A1 (en) | Secure payment method and apparatus | |
GB2361790A (en) | Making secure payments using a limited use credit card number | |
US10579977B1 (en) | Method and system for controlling certificate based open payment transactions | |
JP5638046B2 (en) | Method and system for authorizing purchases made on a computer network | |
AU741873C (en) | Electronic transaction | |
US7379920B2 (en) | System and method for facilitating electronic financial transactions using a mobile telecommunication device | |
KR100641824B1 (en) | A payment information input method and mobile commerce system using symmetric cipher system | |
US20030069792A1 (en) | System and method for effecting secure online payment using a client payment card | |
US20020161708A1 (en) | Method and apparatus for performing a cashless payment transaction | |
US20040070566A1 (en) | Card present network transactions | |
JP2004527861A (en) | Method for conducting secure cashless payment transactions and cashless payment system | |
US20030120592A1 (en) | Method of performing a transaction | |
WO2001003083A1 (en) | System and method for performing secure electronic transactions over an open communication network | |
GB2387253A (en) | Secure credit and debit card transactions | |
JP2001517841A (en) | Electronic payment system | |
WO2009014502A2 (en) | Method and system for safety and simple paying with mobile terminal | |
WO2014013071A1 (en) | Method of performing a mobile transaction and system for performing a mobile transaction | |
EP1746535A1 (en) | Secure transaction string | |
GB2366432A (en) | Secure electronic payment system | |
AU781671B2 (en) | An improved method and system for conducting secure payments over a computer network | |
JP2011044151A (en) | Method and system for safe payment by portable terminal | |
US20020164031A1 (en) | Devices | |
JP4903346B2 (en) | Improved method and system for processing secure payments across computer networks without pseudo or proxy account numbers | |
WO2021142356A1 (en) | System and method for token processing | |
AU2002349173B2 (en) | System and method for facilitating electronic financial transactions using a mobile telecommunication device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
AK | Designated states |
Kind code of ref document: A3 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A3 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2001923857 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 2001923857 Country of ref document: EP |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 2001923857 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: JP |