WO2008070951A1 - Method and system for real time online debit transactions - Google Patents

Method and system for real time online debit transactions Download PDF

Info

Publication number
WO2008070951A1
WO2008070951A1 PCT/CA2006/002047 CA2006002047W WO2008070951A1 WO 2008070951 A1 WO2008070951 A1 WO 2008070951A1 CA 2006002047 W CA2006002047 W CA 2006002047W WO 2008070951 A1 WO2008070951 A1 WO 2008070951A1
Authority
WO
WIPO (PCT)
Prior art keywords
payee
payor
pan
pin
transaction
Prior art date
Application number
PCT/CA2006/002047
Other languages
French (fr)
Inventor
Joseph Peter Bajan
Original Assignee
E.E. System Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by E.E. System Corporation filed Critical E.E. System Corporation
Priority to PCT/CA2006/002047 priority Critical patent/WO2008070951A1/en
Publication of WO2008070951A1 publication Critical patent/WO2008070951A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/10Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems

Definitions

  • the invention relates to the field of online transactions and more particularly to a system for the transfer of funds on payment for goods or services using the Internet.
  • POS Point of Sale
  • the merchant swipes the customer's debit card, which captures the customer's card number (Primary Account Number (PAN)) and enters the amount of the transaction.
  • PAN Primary Account Number
  • the customer enters a secret Personal Identification Number (PIN) on a PIN pad, which encrypts the number and sends it with the PAN, the encryption key and the transaction amount to the bank for approval.
  • PIN Personal Identification Number
  • the bank decrypts the PIN, checks the PAN against the PIN and debits the customer's account by the amount of the transaction if the funds are available and sends a message back to the merchant approving or denying the transaction.
  • a second type of debit card is the signature debit card which is swiped at the merchant location and signed by the purchaser but no PIN number is entered.
  • the system puts the transaction through the credit card system, but the amount of the transaction gets debited a few days later to the user's bank account and not the credit card account.
  • the merchant pays the same commission as for a credit card transaction.
  • United States patent application publication No. US 2001/0039535 discloses a method for a shopper to provide confidential payment information such as bank debit card numbers, PIN numbers, expiration dates, and similar data to a trusted third party ("TTP").
  • TTP trusted third party
  • An online payment method which permits users to make realtime debit card payments over the Internet.
  • the payor and payee pre-register with the system by sending their PAN, encrypted PIN and encryption key to the system database using a debit card reader, and then enter user names and secret IDs to be associated with the PAN and encrypted PIN numbers and encryption keys.
  • the payor enters its user name and ID which is sent to the system along with the transaction amount and the payee user name.
  • the system then sends out a standard POS transaction in that amount using the stored PAN, encrypted PIN and encryption key. If approved, it sends out a credit POS transaction to the payee in the same way.
  • the present invention provides a method for online debit payments initiated by the payor.
  • Customer registers with the central system by swiping a bank debit card and entering his PIN number on a physical PIN pad, as if it were a POS transaction.
  • the captured PAN and encrypted PIN and encryption key are sent to a database maintained by the system.
  • the customer enters a user name (such as an email address) and a second secret ID number, different from the PIN which are associated with the stored PAN and encrypted PIN and encryption key.
  • a merchant registers with the system in the same way so the system has a PAN and an encrypted PIN and encryption key for its bank account associated with a merchant username such as an email address and a second secret ID number.
  • the merchant through the system serves up a page with the merchant and transaction details such as the transaction value already entered and invites the customer to enter his or her user name.
  • the customer enters his/her user name and second secret ID number which are sent to the system server.
  • the system validates the customer user name and secret ID, validates the merchant user name and retrieves the customer's PAN and encrypted PIN and encryption key and forms and sends a standard debit POS transaction to the bank in the appropriate amount. If approved, it takes the merchant's PAN and encrypted PIN and encryption key and sends a second POS transaction crediting the merchant account. It then sends a receipt to the merchant once the transaction is completed.
  • the system works because, in the United States, the same encrypted PIN number and encryption key can be used indefinitely for debit POS transactions other than duplicate transactions.
  • the system server decrypts the customer's PIN using the decryption key provided by the POS system and stores the decrypted PIN in a database. Since storage of a decrypted PIN in a database is a security risk, the PIN should be re-encrypted with a recoverable and usable key or otherwise stored to reduce the security risk.
  • the server encrypts the PIN to form part of the POS debit transaction as if it were a POS terminal.
  • the server may be operated by a Trusted Third Party.
  • FIG. 1 is a schematic diagram illustrating part of the registration procedure for the invention
  • FIG. 2 is a schematic diagram illustrating a further part of the registration procedure for the invention.
  • FIG. 3 is a schematic diagram illustrating an account-to-account payment procedure using the invention
  • FIG. 4 is a schematic diagram illustrating an on-line merchant payment procedure using the invention
  • FIG. 5 is a schematic diagram illustrating a pre-authorized debit using the invention.
  • Fig. 6 is a flowchart illustrating the method of the invention. Description
  • a customer registers with the system by swiping his or her bank debit card 10 through the system's standard POS debit card reader 12 which is connected to and communicates with a personal computer having the associated software required for the system.
  • the card reader 12 captures the customer's card number (Primary Account Number or PAN) from the Track 2 Data on magnetic stripe 16 or a storage chip.
  • PAN Primary Account Number
  • the customer enters his or her secret Personal Identification Number (PIN) on the physical PIN pad 14 as if it were a POS transaction.
  • the debit card reader 12 encrypts the PIN number and sends it with the PAN and the encryption key via the Internet 21 to the system's server 18, where they are stored on associated database 20 maintained by the system.
  • the customer accesses the system's web site using an internet browser, and logs into the registration page 22, enters the customer's PAN number at 24 and enters a user name (such as an email address) at 26 and a second secret ID number, the "Net PIN" , at 28, different from the PIN, and re-enters the Net PIN at 30.
  • the customer clicks on a button 32 to send the registration information to the system's server 18 where it is stored in database 20 in association with the customer's stored PAN and encrypted PIN.
  • the system takes the PAN card number and compares it to the PAN card number from the first step, takes the new user name and associates it with the PAN card number, takes the new secret Net PIN supplied and associates it with the user name. After the system has successfully completed the above it informs the customer that registration has been successful by displaying a message on screen and sending the same message to the e-mail address supplied.
  • server 18 decrypts the customer's PIN using the decryption key provided to the system by the POS system and stores the decrypted PIN in database 20 in association with the PAN (further secured for storage as necessary). Each time the customer authorizes a debit transaction as described below through the system, the server 18 encrypts the PIN to form part of the POS debit transaction as if it were a POS terminal.
  • the server 18 may be operated by a Trusted Third Party.
  • the customer can be prompted to set limiters on transfers out of his/her account, such as the maximum amount which is permitted to be transferred per transaction or per time period.
  • limiters on transfers out of his/her account, such as the maximum amount which is permitted to be transferred per transaction or per time period.
  • a user which is a company, only certain people may be authorized to pay out funds.
  • a merchant who wishes to permit its customers to use the system for online debit card payments also registers with the system using its bank debit card in the same way so the system has a PAN and an encrypted PIN for its bank account associated with a merchant username, such as an email address, and a second secret ID number.
  • FIG. 3 The method of carrying out a single account-to-account transaction using the system is illustrated in Fig. 3.
  • a user who wishes to transfer funds to another registered party logs onto the appropriate web page 34 served up by the system's server 18 or his/her banking page which then transfers the information to the system's server 18.
  • the user enters his or her unique user name, preferably his/her email address, at 36, enters his/her secret
  • Net PIN number at 38 enters the unique identifier, such as the email address, of the intended recipient of the funds at 40, enters the value of transaction at 42, enters payment related information such as invoice number at 44 and any associated message at 46.
  • the customer clicks on a button 48 to send the transfer information to the system's server 18.
  • the system validates sender's unique identifier and Net PIN, validates the recipient's unique identifier, retrieves the sender's PAN and encrypted PIN from database 20 and combines it with the other required information along with the value of transaction to form a standard debit POS transaction. It then feeds the standard POS transaction into the POS system to receive approval or denial.
  • the system works, except for duplicate transactions, because in the United States the same encrypted PIN number can be used indefinitely for debit POS transactions.
  • approval server 18 Upon approval server 18 then takes recipient's PAN, and encrypted PIN from data base and puts it together with other required information such as the transaction value to form a standard credit POS transaction. It then displays a confirmation of receipt of the transaction on the sender's screen and sends a further copy of the transaction to both sender and recipient via e-mail.
  • the receipt can contain related information such as invoice number and associated messaging.
  • the server 18 encrypts the PIN to form part of the POS debit transaction as if it were a POS terminal.
  • the server 18 may be operated by a Trusted Third Party.
  • the method of carrying out multiple account-to-account transactions is as follows.
  • the customer uploads a file with two or more payments to be made to the system's server 18 or his/her bank which then forwards the payment instructions to the system's server 18.
  • the uploaded file contains all the payment instructions as in the single account-to-account transaction described above.
  • This uploaded file may contain the sender's user name and Net PIN, or the server 18 or his/her bank may serve up a page requesting the sender's user name and Net PIN.
  • the system validates the sender's user name and Net PIN and may require the sender to submit two sets of user names and Net PINS as in the case of dual signature requirements for company cheques.
  • the system validates each and every recipi- ent's username, validates the limiters placed on transfer(s) from this account and to which payee(s), takes the sender's PAN and encrypted PIN from database 20 and combines them with the other required information along with the total value of all the transactions to form a standard debit POS transaction. If the total value of all the transactions is greater than the maximum value allowed under a single POS transaction, the server 18 can break down the total value of the transactions into units less than the total allowed value such that the sum of the units equals the total value of the original. The server 18 then feeds the standard POS transaction(s) into the POS system to receive approval or denial. Upon approval it then takes recipients' PAN, encrypted PIN from database 20 and puts it together with the other required information such as the transaction value to form a standard credit POS transaction(s).
  • the server 18 when the server forms the POS transaction, the server 18 encrypts the PIN to form part of the POS debit transaction as if it were a POS terminal.
  • the server 18 may be operated by a Trusted Third Party.
  • Fig. 4 The method of using the system for a customer to make an online debit payment at the web page of a registered merchant is illustrated in Fig. 4.
  • a customer may order a product or service and choose the systems' online debit payment as a payment option. If the customer selects online debit payment as a payment option, the merchant serves up the payment page 50 or instructs its Financial Institution (FI) to serve up the payment page 50, which contains the merchant user name, value of the transaction 56 and any related and required other data.
  • FI Financial Institution
  • the customer enters his or her user name (e-mail address) at 52, and his/her secret Net PIN at 54.
  • the customer clicks on a button 58 to send the information to the system's server 18.
  • the system then validates customer's user name and Net PIN, validates the merchant's user name, which was communicated from the merchant web site on selection of the debit payment option, retrieves the customer's PAN and encrypted PIN from database 20 and combines it with the other required information along with the value of transaction to form a standard debit POS transaction. It then feeds the standard POS transaction into the POS system to receive approval or denial. After server 18 receives the approval or denial it passes the information back to the merchant so it may continue with the order process as it elects. Upon approval server 18 then takes merchant's PAN, encrypted PIN from data base and puts it together with other re- quired information such as the transaction value to form a standard credit
  • the POS transaction It then displays a receipt of transaction on screen and sends a further copy of the transaction to both sender and recipient via e- mail.
  • the receipt can contain related information such as invoice number and associated messaging.
  • the server 18 encrypts the PIN to form part of the POS debit transaction as if it were a POS terminal.
  • the server 18 may be operated by a Trusted Third Party.
  • the merchant can elect to receive its funds at the time of each and every transaction or aggregate the transactions for a set period of time, such as at the end of each day, or aggregate the transactions until a minimum or maximum value is reached before receiving its funds and have one bulk credit done at that time. Reporting under the aggregation method can be done at the time of the transaction and/or at the time of successful payment of funds to the merchant.
  • PADRT PADRT
  • Fig. 5 The methods described above have a common factor in that the payment is always initiated by the payor 60, namely someone wanting to make a payment, which is known as a "credit push".
  • Business such as utilities or loan companies (payees 62) have a need to pull down the funds from time to time in fixed or variable amounts.
  • Pre- Pre-
  • Payee 60 and Payor 62 who have both registered with the system, enter into contractual arrangements, in the form of contract 64 which allow the payee to pull down the funds from time to time. Payor can place limiters on the type and/or amounts, dates and other limitations on pre-authorized transfer(s). Payee reports to the system's server 18 that this payee 60 and payor 62 have agreed to use the PADRT service. The server 18 logs the appropriate payor(s) information into the database 20 with the required information to execute a PADRT transaction.
  • the server When a payment request is sent by the Payee to the server 18, the server is provided the user name and Net PIN of the Payee, the user name of the Payor and the transaction value and related information.
  • the system server 18 validates the payee (recipient) user name, Net PIN and that this payee is permitted to use the PADRT method.
  • Server 18 validates payor(s) user name, validates that this payor and payee are in contractual agreement to use the PADRT method, validates the limiters placed on transfer(s) from this payor to this payee, takes payor' s PAN, encrypted PIN from database 20 and combines them with the other required information to form a standard debit POS transaction, feeds the standard debit POS transaction(s) into the POS system to receive approval or denial.
  • Payee's PAN encrypted PIN from data base and puts it together with the other required information such as the transaction value to form a standard credit POS transaction(s).
  • the payee can elect to receive it's funds at the time of each and every transaction or aggregate the transactions for a set period of time or aggregate the transactions till a minimum/maximum value is reached before receiving it's funds.
  • Server 18 may inform the payee of each and every requested transaction at the time of the transaction or it my report back at some requested point in the future.
  • the system first enters into a contractual relationship with a physical merchant having a POS terminal (PINpad).
  • PINpad POS terminal
  • a potential customer at the POS terminal (PINpad) is asked if they would like to sign up for the online debit payment service during or before a standard POS transaction was to be uploaded for approval.
  • PINpad POS terminal
  • the POS system after approval of the standard POS transaction would forward a copy of the PAN, encrypted
  • the system first enters into a contractual relationship with a physical merchant having a POS terminal (PINpad).
  • PINpad POS terminal
  • FI Financial Institution
  • a potential customer is offered the online debit service sign up through his/her online banking page.
  • the FI forwards the customer's PAN and encrypted PIN in the required format to the server 18.
  • the FI may also forward the customer's other required information such as e-mail address and online banking shared secret in some other agreed upon format. This would eliminate the need for the second step in the registration process.
  • the system first enters into a contractual relationship with a physical merchant having a
  • POS terminal PINpad
  • the system enters into a contractual relationship with a card issuing Financial Institution (FI).
  • FI Financial Institution
  • a potential customer is offered the online debit service sign up thru an ATM.
  • the FI would forward the customer's PAN and encrypted PIN in the required format to the server 18.
  • the FI may also forward the customer's other required information such as e-mail address and online banking shared secret in some other agreed upon format. This again eliminates the need for the second step in the registration process.
  • the system first enters into a contractual relationship with a physical merchant having a POS terminal (PINpad).
  • PINpad POS terminal
  • FI Financial Institution
  • a potential customer is offered the online debit service sign up at the time of opening a new bank account.
  • the FI forwards the customer's PAN and encrypted PIN in the required format to the server 18.
  • the FI may also forward the customer's other required information such as e-mail address and online banking shared secret in some other agreed upon format. This again eliminates the need for the second step in the registration process.
  • the system enters into a contractual relationship with a card issuing Financial Institution (FI).
  • FI Financial Institution
  • the FI forwards some or all of its customers who subscribe to online banking and have related PIN based debit cards the required information in the agreed upon format such as required to be able to use the online debit service.
  • the FI may also forward the customer's other required informa- tion such as e-mail address and online banking PIN number in some other agreed upon format. This eliminates the need for the previously described registration process.
  • a customer who has completed the first registration step logs onto his internet banking site and carries out the first step of registration through the banking site.
  • the banking site then communicates with the server 18.
  • the registration process is then other wise the same except that all communication is done through the customer's internet banking site. While a number of exemplary aspects and embodiments have been discussed above, those of skill in the art will recognize certain modifications, permutations, additions and sub-combinations thereof.

Abstract

An online payment method is disclosed which permits users to make realtime debit card payments over the Internet. The payor and payee pre-register with the system by sending their PAN, encrypted PIN and encryption key to the system database using a debit card reader, and then enter user names and secret IDs to be associated with the PAN and PIN numbers. When an online transaction is made the payor enters its user name and ID which is sent to the system along with the transaction amount and the payee user name. The system sends out a standard POS transaction using the stored PAN, encrypted PIN and encryption key. If approved it sends out a credit POS transaction to the payee in the same way.

Description

METHOD AND SYSTEM FOR REAL TIME ONLINE DEBIT TRANSACTIONS
Technical Field
[0001] The invention relates to the field of online transactions and more particularly to a system for the transfer of funds on payment for goods or services using the Internet.
Background
[0002] In the existing Point of Sale (POS) PIN debit card system, the merchant swipes the customer's debit card, which captures the customer's card number (Primary Account Number (PAN)) and enters the amount of the transaction. The customer enters a secret Personal Identification Number (PIN) on a PIN pad, which encrypts the number and sends it with the PAN, the encryption key and the transaction amount to the bank for approval. Typically a different encryption key is used for each transaction. The bank decrypts the PIN, checks the PAN against the PIN and debits the customer's account by the amount of the transaction if the funds are available and sends a message back to the merchant approving or denying the transaction.
[0003] A second type of debit card is the signature debit card which is swiped at the merchant location and signed by the purchaser but no PIN number is entered. The system puts the transaction through the credit card system, but the amount of the transaction gets debited a few days later to the user's bank account and not the credit card account. The merchant pays the same commission as for a credit card transaction.
[0004] Currently on-line transactions are done by credit card but not PIN debit cards since the POS debit card equipment is not applicable for on-line merchants. However using credit cards for on-line sales causes the on-line merchant to incur the costs of the credit card commissions.
[0005] Various systems have been developed to facilitate on-line payments, such as electronic purses or wallets, but none of these have achieved wide acceptance due to a number of factors, including cumbersome procedures, unreasonable costs and unfair assignment of risk. Generally they involve setting up a trusted third party account. For example, United States patent application publication No. US 2002/0016749 discloses a system in which a user registers for an electronic cheque book service, acting as trusted third party in on-line transactions with merchants. The service maintains databases of IDs and passwords for both merchants and customers. United States patent application publication No. US 2003/0200184 Al, discloses a mobile account authentication service in which the customer enrolls with a trusted service which records PIN, PAN and other relevant data including passwords. The trusted service authenticates the customer's identity when he deals with on-line merchants in order to transact purchases.
[0006] United States patent application publication No. US 2001/0039535 discloses a method for a shopper to provide confidential payment information such as bank debit card numbers, PIN numbers, expiration dates, and similar data to a trusted third party ("TTP"). When the shopper conducts a transaction on an internet website, the TTP facilitates payment to the merchant without the user having access to the shopper's confidential information.
[0007] None of the existing systems provide a method whereby users can make PIN debit card transactions for online payments over the Internet as they would make credit card payments. In the following description, "debit card" will refer to PIN debit cards.
[0008] The foregoing examples of the related art and limitations related thereto are intended to be illustrative and not exclusive. Other limitations of the related art will become apparent to those of skill in the art upon a reading of the specification and a study of the drawings.
Summary [0009] The following embodiments and aspects thereof are described and illustrated in conjunction with systems, tools and methods which are meant to be exemplary and illustrative, not limiting in scope. In various embodiments, one or more of the above-described problems have been reduced or eliminated, while other embodiments are directed to other improvements.
[00010] An online payment method is disclosed which permits users to make realtime debit card payments over the Internet. The payor and payee pre- register with the system by sending their PAN, encrypted PIN and encryption key to the system database using a debit card reader, and then enter user names and secret IDs to be associated with the PAN and encrypted PIN numbers and encryption keys. When an online transaction is made the payor enters its user name and ID which is sent to the system along with the transaction amount and the payee user name. The system then sends out a standard POS transaction in that amount using the stored PAN, encrypted PIN and encryption key. If approved, it sends out a credit POS transaction to the payee in the same way.
The present invention provides a method for online debit payments initiated by the payor. 1) Customer registers with the central system by swiping a bank debit card and entering his PIN number on a physical PIN pad, as if it were a POS transaction. The captured PAN and encrypted PIN and encryption key are sent to a database maintained by the system. The customer enters a user name (such as an email address) and a second secret ID number, different from the PIN which are associated with the stored PAN and encrypted PIN and encryption key. 2) A merchant registers with the system in the same way so the system has a PAN and an encrypted PIN and encryption key for its bank account associated with a merchant username such as an email address and a second secret ID number. 3) For a customer to make an online debit payment at the merchant's web page, the merchant through the system serves up a page with the merchant and transaction details such as the transaction value already entered and invites the customer to enter his or her user name. The customer enters his/her user name and second secret ID number which are sent to the system server. The system validates the customer user name and secret ID, validates the merchant user name and retrieves the customer's PAN and encrypted PIN and encryption key and forms and sends a standard debit POS transaction to the bank in the appropriate amount. If approved, it takes the merchant's PAN and encrypted PIN and encryption key and sends a second POS transaction crediting the merchant account. It then sends a receipt to the merchant once the transaction is completed. The system works because, in the United States, the same encrypted PIN number and encryption key can be used indefinitely for debit POS transactions other than duplicate transactions. - A -
[00012] As a second variant to avoid rejection of duplicate transactions, on registration the system server decrypts the customer's PIN using the decryption key provided by the POS system and stores the decrypted PIN in a database. Since storage of a decrypted PIN in a database is a security risk, the PIN should be re-encrypted with a recoverable and usable key or otherwise stored to reduce the security risk. Each time the customer authorizes a debit transaction through the system, the server encrypts the PIN to form part of the POS debit transaction as if it were a POS terminal. The server may be operated by a Trusted Third Party.
[00013] In addition to the exemplary aspects and embodiments described above, further aspects and embodiments will become apparent by reference to the drawings and by study of the following detailed descriptions.
Brief Description of Drawings
[00014] Exemplary embodiments are illustrated in referenced figures of the drawings. It is intended that the embodiments and figures disclosed herein are to be considered illustrative rather than restrictive.
[00015] Fig. 1 is a schematic diagram illustrating part of the registration procedure for the invention;
[00016] Fig. 2 is a schematic diagram illustrating a further part of the registration procedure for the invention;
[00017] Fig. 3 is a schematic diagram illustrating an account-to-account payment procedure using the invention;
[00018] Fig. 4 is a schematic diagram illustrating an on-line merchant payment procedure using the invention;
[00019] Fig. 5 is a schematic diagram illustrating a pre-authorized debit using the invention; and
[00020] Fig. 6 is a flowchart illustrating the method of the invention. Description
[00021] Throughout the following description specific details are set forth in order to provide a more thorough understanding to persons skilled in the art. However, well known elements may not have been shown or described in detail to avoid unnecessarily obscuring the disclosure. Accordingly, the description and drawings are to be regarded in an illustrative, rather than a restrictive, sense.
[00022] With reference to Fig. 1, a customer registers with the system by swiping his or her bank debit card 10 through the system's standard POS debit card reader 12 which is connected to and communicates with a personal computer having the associated software required for the system. The card reader 12 captures the customer's card number (Primary Account Number or PAN) from the Track 2 Data on magnetic stripe 16 or a storage chip. The customer enters his or her secret Personal Identification Number (PIN) on the physical PIN pad 14 as if it were a POS transaction. The debit card reader 12 encrypts the PIN number and sends it with the PAN and the encryption key via the Internet 21 to the system's server 18, where they are stored on associated database 20 maintained by the system.
[00023] As the second step in registration, the customer accesses the system's web site using an internet browser, and logs into the registration page 22, enters the customer's PAN number at 24 and enters a user name (such as an email address) at 26 and a second secret ID number, the "Net PIN" , at 28, different from the PIN, and re-enters the Net PIN at 30. The customer then clicks on a button 32 to send the registration information to the system's server 18 where it is stored in database 20 in association with the customer's stored PAN and encrypted PIN. The system takes the PAN card number and compares it to the PAN card number from the first step, takes the new user name and associates it with the PAN card number, takes the new secret Net PIN supplied and associates it with the user name. After the system has successfully completed the above it informs the customer that registration has been successful by displaying a message on screen and sending the same message to the e-mail address supplied.
[00024] As a second variant of the system, to avoid rejection of duplicate transactions, on registration, server 18 decrypts the customer's PIN using the decryption key provided to the system by the POS system and stores the decrypted PIN in database 20 in association with the PAN (further secured for storage as necessary). Each time the customer authorizes a debit transaction as described below through the system, the server 18 encrypts the PIN to form part of the POS debit transaction as if it were a POS terminal. The server 18 may be operated by a Trusted Third Party.
[00025] As a further optional step in the registration process, the customer can be prompted to set limiters on transfers out of his/her account, such as the maximum amount which is permitted to be transferred per transaction or per time period. In the case of a user which is a company, only certain people may be authorized to pay out funds.
[00026] Once two or more customers of the system are registered, it is possible to transfer money from one bank account to another in real time. The transaction becomes real time because the Point of Sale (POS) Electronic Funds Transfer (EFT) system carries out the actual transfer.
[00027] A merchant who wishes to permit its customers to use the system for online debit card payments also registers with the system using its bank debit card in the same way so the system has a PAN and an encrypted PIN for its bank account associated with a merchant username, such as an email address, and a second secret ID number.
[00028] The method of carrying out a single account-to-account transaction using the system is illustrated in Fig. 3. A user who wishes to transfer funds to another registered party logs onto the appropriate web page 34 served up by the system's server 18 or his/her banking page which then transfers the information to the system's server 18. The user enters his or her unique user name, preferably his/her email address, at 36, enters his/her secret
Net PIN number at 38, enters the unique identifier, such as the email address, of the intended recipient of the funds at 40, enters the value of transaction at 42, enters payment related information such as invoice number at 44 and any associated message at 46. The customer then clicks on a button 48 to send the transfer information to the system's server 18.
The system validates sender's unique identifier and Net PIN, validates the recipient's unique identifier, retrieves the sender's PAN and encrypted PIN from database 20 and combines it with the other required information along with the value of transaction to form a standard debit POS transaction. It then feeds the standard POS transaction into the POS system to receive approval or denial. The system works, except for duplicate transactions, because in the United States the same encrypted PIN number can be used indefinitely for debit POS transactions.
[00029] Upon approval server 18 then takes recipient's PAN, and encrypted PIN from data base and puts it together with other required information such as the transaction value to form a standard credit POS transaction. It then displays a confirmation of receipt of the transaction on the sender's screen and sends a further copy of the transaction to both sender and recipient via e-mail. The receipt can contain related information such as invoice number and associated messaging.
[00030] In the second variant of the system to avoid rejection of duplicate transactions, where on registration server 18 has stored the decrypted customer PIN using the decryption key provided by the POS system (further secured for storage as necessary), each time the customer authorizes a debit trans- action through the system, the server 18 encrypts the PIN to form part of the POS debit transaction as if it were a POS terminal. The server 18 may be operated by a Trusted Third Party.
[00031] The method of carrying out multiple account-to-account transactions is as follows. The customer uploads a file with two or more payments to be made to the system's server 18 or his/her bank which then forwards the payment instructions to the system's server 18. The uploaded file contains all the payment instructions as in the single account-to-account transaction described above. This uploaded file may contain the sender's user name and Net PIN, or the server 18 or his/her bank may serve up a page requesting the sender's user name and Net PIN. The system validates the sender's user name and Net PIN and may require the sender to submit two sets of user names and Net PINS as in the case of dual signature requirements for company cheques. The system validates each and every recipi- ent's username, validates the limiters placed on transfer(s) from this account and to which payee(s), takes the sender's PAN and encrypted PIN from database 20 and combines them with the other required information along with the total value of all the transactions to form a standard debit POS transaction. If the total value of all the transactions is greater than the maximum value allowed under a single POS transaction, the server 18 can break down the total value of the transactions into units less than the total allowed value such that the sum of the units equals the total value of the original. The server 18 then feeds the standard POS transaction(s) into the POS system to receive approval or denial. Upon approval it then takes recipients' PAN, encrypted PIN from database 20 and puts it together with the other required information such as the transaction value to form a standard credit POS transaction(s).
[00032] In the second variant of the system to avoid rejection of duplicate transactions, where on registration server 18 has stored the decrypted customer PIN using the decryption key provided by the POS system (further secured for storage as necessary), when the server forms the POS transaction, the server 18 encrypts the PIN to form part of the POS debit transaction as if it were a POS terminal. The server 18 may be operated by a Trusted Third Party.
[00033] The method of using the system for a customer to make an online debit payment at the web page of a registered merchant is illustrated in Fig. 4. At the web merchant's site a customer may order a product or service and choose the systems' online debit payment as a payment option. If the customer selects online debit payment as a payment option, the merchant serves up the payment page 50 or instructs its Financial Institution (FI) to serve up the payment page 50, which contains the merchant user name, value of the transaction 56 and any related and required other data. The customer enters his or her user name (e-mail address) at 52, and his/her secret Net PIN at 54. The customer then clicks on a button 58 to send the information to the system's server 18. The system then validates customer's user name and Net PIN, validates the merchant's user name, which was communicated from the merchant web site on selection of the debit payment option, retrieves the customer's PAN and encrypted PIN from database 20 and combines it with the other required information along with the value of transaction to form a standard debit POS transaction. It then feeds the standard POS transaction into the POS system to receive approval or denial. After server 18 receives the approval or denial it passes the information back to the merchant so it may continue with the order process as it elects. Upon approval server 18 then takes merchant's PAN, encrypted PIN from data base and puts it together with other re- quired information such as the transaction value to form a standard credit
POS transaction. It then displays a receipt of transaction on screen and sends a further copy of the transaction to both sender and recipient via e- mail. The receipt can contain related information such as invoice number and associated messaging.
[00034] Again in the second variant of the system to avoid rejection of duplicate transactions, where on registration server 18 has stored the decrypted customer PIN using the decryption key provided by the POS system (further secured for storage as necessary), each time the customer autho- rizes a debit transaction through the system, the server 18 encrypts the PIN to form part of the POS debit transaction as if it were a POS terminal. The server 18 may be operated by a Trusted Third Party.
[00035] The merchant can elect to receive its funds at the time of each and every transaction or aggregate the transactions for a set period of time, such as at the end of each day, or aggregate the transactions until a minimum or maximum value is reached before receiving its funds and have one bulk credit done at that time. Reporting under the aggregation method can be done at the time of the transaction and/or at the time of successful payment of funds to the merchant.
[00036] The method of carrying out a Pre-Authorized Debit in Real Time
(PADRT) using the system is illustrated in Fig. 5. The methods described above have a common factor in that the payment is always initiated by the payor 60, namely someone wanting to make a payment, which is known as a "credit push". Business such as utilities or loan companies (payees 62) have a need to pull down the funds from time to time in fixed or variable amounts. By having simple contractual arrangements between the payee 62 and the customer (payor) 60 it is possible to use the present invention for pulling down payments in real time, referred to as Pre-
Authorized Debit in Real Time (PADRT). [00037] First the Payee 60 and Payor 62, who have both registered with the system, enter into contractual arrangements, in the form of contract 64 which allow the payee to pull down the funds from time to time. Payor can place limiters on the type and/or amounts, dates and other limitations on pre-authorized transfer(s). Payee reports to the system's server 18 that this payee 60 and payor 62 have agreed to use the PADRT service. The server 18 logs the appropriate payor(s) information into the database 20 with the required information to execute a PADRT transaction.
[00038] When a payment request is sent by the Payee to the server 18, the server is provided the user name and Net PIN of the Payee, the user name of the Payor and the transaction value and related information. The system server 18 validates the payee (recipient) user name, Net PIN and that this payee is permitted to use the PADRT method. Server 18 validates payor(s) user name, validates that this payor and payee are in contractual agreement to use the PADRT method, validates the limiters placed on transfer(s) from this payor to this payee, takes payor' s PAN, encrypted PIN from database 20 and combines them with the other required information to form a standard debit POS transaction, feeds the standard debit POS transaction(s) into the POS system to receive approval or denial.
Upon approval it then takes payee's PAN, encrypted PIN from data base and puts it together with the other required information such as the transaction value to form a standard credit POS transaction(s). The payee can elect to receive it's funds at the time of each and every transaction or aggregate the transactions for a set period of time or aggregate the transactions till a minimum/maximum value is reached before receiving it's funds. Server 18 may inform the payee of each and every requested transaction at the time of the transaction or it my report back at some requested point in the future.
[00039] Once again in the second variant of the system to avoid rejection of duplicate transactions, where on registration server 18 has stored the decrypted customer PIN using the decryption key provided by the POS system (further secured for storage as necessary), each time the customer authorizes a debit transaction through the system, the server 18 encrypts the PIN to form part of the POS debit transaction as if it were a POS terminal. The server 18 may be operated by a Trusted Third Party. [00040] A number of variants on the registration process described above are possible. For the initial registration step, as an alternative, the system first enters into a contractual relationship with a physical merchant having a POS terminal (PINpad). A potential customer at the POS terminal
(PINpad) is asked if they would like to sign up for the new online debit payment service during or before a standard POS transaction is uploaded for approval. Upon agreement a copy of the standard POS transaction is passed on to the server 18.
[00041] As another alternative for the initial registration step, the system first enters into a contractual relationship with a physical merchant having a POS terminal (PINpad). The system enters into a contractual relationship with a physical merchant and the POS network. A potential customer at the POS terminal (PINpad) is asked if they would like to sign up for the online debit payment service during or before a standard POS transaction was to be uploaded for approval. Upon agreement the standard POS transaction would be modified to indicate agreement and then passed on to the POS system for processing. The POS system after approval of the standard POS transaction would forward a copy of the PAN, encrypted
PIN and related data to the server 18.
[00042] As another alternative for the registration process, the system first enters into a contractual relationship with a physical merchant having a POS terminal (PINpad). The system enters into a contractual relationship with a card issuing Financial Institution (FI) 66. A potential customer is offered the online debit service sign up through his/her online banking page. Upon agreement, the FI forwards the customer's PAN and encrypted PIN in the required format to the server 18. The FI may also forward the customer's other required information such as e-mail address and online banking shared secret in some other agreed upon format. This would eliminate the need for the second step in the registration process.
[00043] As another alternative for the initial registration step, the system first enters into a contractual relationship with a physical merchant having a
POS terminal (PINpad). The system enters into a contractual relationship with a card issuing Financial Institution (FI). A potential customer is offered the online debit service sign up thru an ATM. Upon agreement the FI would forward the customer's PAN and encrypted PIN in the required format to the server 18. The FI may also forward the customer's other required information such as e-mail address and online banking shared secret in some other agreed upon format. This again eliminates the need for the second step in the registration process.
[00044] As another alternative for the initial registration step, the system first enters into a contractual relationship with a physical merchant having a POS terminal (PINpad). The system enters into a contractual relationship with a card issuing Financial Institution (FI). A potential customer is offered the online debit service sign up at the time of opening a new bank account. Upon agreement, the FI forwards the customer's PAN and encrypted PIN in the required format to the server 18. The FI may also forward the customer's other required information such as e-mail address and online banking shared secret in some other agreed upon format. This again eliminates the need for the second step in the registration process.
[00045] As another alternative for the initial registration step, the system enters into a contractual relationship with a card issuing Financial Institution (FI).
The FI forwards some or all of its customers who subscribe to online banking and have related PIN based debit cards the required information in the agreed upon format such as required to be able to use the online debit service. The FI may also forward the customer's other required informa- tion such as e-mail address and online banking PIN number in some other agreed upon format. This eliminates the need for the previously described registration process.
[00046] As a variant on the second step of the registration process, a customer who has completed the first registration step logs onto his internet banking site and carries out the first step of registration through the banking site. The banking site then communicates with the server 18. The registration process is then other wise the same except that all communication is done through the customer's internet banking site. While a number of exemplary aspects and embodiments have been discussed above, those of skill in the art will recognize certain modifications, permutations, additions and sub-combinations thereof.

Claims

WHAT IS CLAIMED IS:
1. A method for online debit payments to a payee by a payor using a central payment system and a bank debit card having associated PAN and PIN numbers, the method comprising: a) said payor registering with said central payment system by: i) entering said payor' s PAN number; ii) entering said payor' s PIN number; iii) encrypting said payor' s PIN number with an encryption key and communicating said PAN number and encrypted PIN number and encryption key to a database maintained by the system and storing said PAN number and encrypted PIN number and encryption key; iv) said payor entering a user name and a secret ID number, different from said payor' s PIN number, which are associated with the stored PAN and encrypted PIN numbers and encryption key; b) said payee registering with said central payment system by: i) storing said payee's PAN number; ii) said payee entering a payee PIN number; iii) encrypting said payee's PIN number and communicating said payee's PAN number and encrypted payee PIN number and encryption key to a database maintained by the system, and storing said payee's PAN number and encrypted payee PIN number and encryption key ; iv) said payee entering a user name and a secret ID number, different from the payee PIN number, which are associated with the stored payee's PAN and encrypted payee PIN number; c) said payor making an online debit payment by: i) displaying to said payor a payment web page with the amount of said online debit payment transaction; ii) said payor entering said payor' s user name and secret ID number; iii) communicating said payor' s user name and secret ID number, the amount of said online debit payment transaction and said payee's user name to the system server; iv) said system validating said payor's user name and secret ID number, validating said payee's user name and retrieving said payee's PAN and encrypted PIN numbers and encryption key and sending a debit POS transaction to the bank in the amount of said online debit payment transaction; v) if said POS transaction is approved, retrieving said payee's PAN and encrypted PIN numbers and encryption key and sending a second POS transaction crediting said payee's account.
2. The method of claim 1 wherein said payor enters said amount of said transaction and said payee's user name on said web page prior to communicating said payor's user name and secret ID number, the amount of said online debit payment transaction and said payee's user name to the system server.
3. The method of claim 1 wherein said amount of said transaction and said payee's user name are served up to said payor with said web page.
4. The method of claim 3 wherein said web page is served up to said payor's internet browser by said payee's server.
5. The method of claim 3 wherein said web page is served up to said payor's internet browser by said payee's financial institution's server.
6. The method of claim 1 wherein said online transaction is carried out at the web site of said payee, said payor selects a debit payment option for carrying out said online transaction prior to being served up said web page by said payee.
7. The method of claim 6 wherein said payee's user name is communicated to said system server upon selection of said debit payment option.
8. The method of claim 1 wherein said payor's PAN number is entered by reading said PAN number from a bank debit card by a card reader.
9. The method of claim 1 wherein said payor's PIN number is entered by entering said PIN number on a physical PIN pad.
10. The method of claim 1 comprising the further step of said sending a receipt to said payee after said second POS transaction has completed.
11. The method of claim 1 wherein said payor's PIN number is decrypted and stored at said system server, and re-encrypted with each POS transaction.
12. The method of claim 1 wherein said payor enters a plurality of payments to a plurality of payees on a single payment web page.
13. The method of claim 9 wherein said payor's PAN number is entered from said debit card by a debit card reader, and said PIN number is encrypted by said PIN pad using said encryption key.
14. A system for online debit payments to a payee by a payor using a central system server and database and a bank debit card having associated PAN and PIN numbers and a debit card reader adapted to read PAN and PIN numbers from debit cards, encrypt same using an encryption key and communicating with said central system server, wherein said payor and payee have access to the internet, the system comprising: a) means associated with said system server for receiving from a debit card reader and storing in said database said payor's PAN number, said payor's encrypted PIN number and encryption key; b) means associated with said system server for receiving from said payor via the internet a user name and a secret ID number, different from said payor's PIN number, which are associated with said stored PAN and encrypted PIN numbers and encryption key; c) means associated with said system server for receiving from a debit card reader and storing in said database said payee's PAN number, said payee's encrypted PIN number and encryption key; d) means associated with said system server for receiving from said payee via the internet a user name and a secret ID number, different from said payee's PIN number, which are associated with said stored payee's PAN and encrypted PIN numbers and encryption key; e) means associated with said system server for, when said payor elects to make an online debit payment, i) displaying to said payor a payment web page with the amount of said online debit payment transaction; ii) permitting said payor to enter said payor' s user name and secret ID number; iii) communicating said payor1 s user name and secret ID number, the amount of said online debit payment transaction and said payee's user name to the system server; iv) said system validating said payor's user name and secret ID number, validating said payee's user name and retrieving said payee's PAN and en- crypted PIN numbers and encryption key and sending a debit POS transaction to the bank in the amount of said online debit payment transaction; and v) if said POS transaction is approved, retrieving said payee's PAN and encrypted PIN numbers and encryption key and sending a second POS transaction crediting said payee's account.
PCT/CA2006/002047 2006-12-13 2006-12-13 Method and system for real time online debit transactions WO2008070951A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CA2006/002047 WO2008070951A1 (en) 2006-12-13 2006-12-13 Method and system for real time online debit transactions

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CA2006/002047 WO2008070951A1 (en) 2006-12-13 2006-12-13 Method and system for real time online debit transactions

Publications (1)

Publication Number Publication Date
WO2008070951A1 true WO2008070951A1 (en) 2008-06-19

Family

ID=39511176

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CA2006/002047 WO2008070951A1 (en) 2006-12-13 2006-12-13 Method and system for real time online debit transactions

Country Status (1)

Country Link
WO (1) WO2008070951A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010023415A1 (en) * 1998-06-18 2001-09-20 Keil Dean S. System and method for debit account transactions
US20050085931A1 (en) * 2000-08-31 2005-04-21 Tandy Willeby Online ATM transaction with digital certificate
CA2503740A1 (en) * 2005-03-11 2006-09-11 Dushyant Sharma Electronic payment system for financial institutions and companies to receive online payments
WO2006128215A1 (en) * 2005-05-31 2006-12-07 Salt Group Pty Ltd Method and system for secure authorisation of transactions
WO2006135264A1 (en) * 2005-06-17 2006-12-21 Eftol International Limited Online payment system for merchants

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010023415A1 (en) * 1998-06-18 2001-09-20 Keil Dean S. System and method for debit account transactions
US20050085931A1 (en) * 2000-08-31 2005-04-21 Tandy Willeby Online ATM transaction with digital certificate
CA2503740A1 (en) * 2005-03-11 2006-09-11 Dushyant Sharma Electronic payment system for financial institutions and companies to receive online payments
WO2006128215A1 (en) * 2005-05-31 2006-12-07 Salt Group Pty Ltd Method and system for secure authorisation of transactions
WO2006135264A1 (en) * 2005-06-17 2006-12-21 Eftol International Limited Online payment system for merchants

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
"Interac Association: A Backgrounder", June 2006 (2006-06-01), Retrieved from the Internet <URL:http://www.interac.org> *
"Interac Online", 10 August 2005 (2005-08-10), Retrieved from the Internet <URL:http://www.interaconline.com> *
"OnDebit online real time payments", 28 March 2004 (2004-03-28), Retrieved from the Internet <URL:http://www.ondebit.com> *
"Online Banking, Banking Accounts & Packages", 17 November 2006 (2006-11-17), Retrieved from the Internet <URL:http://www.rbcrovalbank.com> *

Similar Documents

Publication Publication Date Title
US8041646B2 (en) Method and system for real time online debit transactions
US10579977B1 (en) Method and system for controlling certificate based open payment transactions
US11880815B2 (en) Device enrollment system and method
US7922082B2 (en) Dynamic card validation value
Neuman et al. Requirements for network payment: The netcheque perspective
US7280981B2 (en) Method and system for facilitating payment transactions using access devices
US7734527B2 (en) Method and apparatus for making secure electronic payments
US7127606B2 (en) Account-based digital signature (ABDS) system
US8229855B2 (en) Method and system for facilitating payment transactions using access devices
US7827101B2 (en) Payment system clearing for transactions
US7933842B2 (en) Client facilitation of online card present transaction
US20090327133A1 (en) Secure mechanism and system for processing financial transactions
US20010051902A1 (en) Method for performing secure internet transactions
US20010034720A1 (en) System for facilitating a transaction
MX2014013530A (en) Systems and methods for real-time account access.
Weber Chablis-Market analysis of Digital payment systems
WO2008070951A1 (en) Method and system for real time online debit transactions
Pilioura Electronic payment systems on open computer networks: a survey
WO2001084454A1 (en) Secure electronic payment method for fraud reduction and reduced transaction costs
JP2002352172A (en) Method and device for electronic commercial transaction
Spring Electronic Payment Systems
Weber ÁÆËÌÁÌÍÌ ÍÊ ÁÆ ÇÊÅ ÌÁÃ

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 06840474

Country of ref document: EP

Kind code of ref document: A1

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06840474

Country of ref document: EP

Kind code of ref document: A1

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)