WO2009111795A1 - Apparatus and method for conducting secure transactions using a credit card - Google Patents

Apparatus and method for conducting secure transactions using a credit card Download PDF

Info

Publication number
WO2009111795A1
WO2009111795A1 PCT/US2009/036564 US2009036564W WO2009111795A1 WO 2009111795 A1 WO2009111795 A1 WO 2009111795A1 US 2009036564 W US2009036564 W US 2009036564W WO 2009111795 A1 WO2009111795 A1 WO 2009111795A1
Authority
WO
WIPO (PCT)
Prior art keywords
card
information
credit card
credit
pin
Prior art date
Application number
PCT/US2009/036564
Other languages
French (fr)
Inventor
Kenneth G. Mages
Original Assignee
Homeatm Epayment Solutions
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Homeatm Epayment Solutions filed Critical Homeatm Epayment Solutions
Publication of WO2009111795A1 publication Critical patent/WO2009111795A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/22Payment schemes or models
    • G06Q20/24Credit schemes, i.e. "pay after"
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1025Identification of user by a PIN code
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/12Card verification

Definitions

  • the present invention relates to electronic transactions and, more particularly, to authenticated secure credit card electronic transactions.
  • Transactions for various goods and services are predominantly conducted using electronic payment systems instead of conventional currency. Consumers complete such transactions using various types of payments, such as credit cards and check cards.
  • a merchant, or service provider retrieves information from the card and transmits the information electronically to the institution issuing the credit card or bank card to obtain approval for the transaction. If sufficient funds exist in the consumer's checking account, or the credit card limit has not been reached, the transaction is approved and funds are deducted from the user's account.
  • the issuing entity charges the merchant a transaction fee, which varies depending on the condition of the transaction. For example, different fees are charged for check card transactions depending on the physical presence of the card. Differences exist between transactions using credit cards and check cards. In addition, the fees for credit card purchases also differ depending on whether the card is physically present. This physical presence corresponds to the situation where the customer physically produces the credit card to the merchant for verification of signature and identification. When purchases are made electronically at a virtual merchant location (e.g., website), there is no verification of the card or consumer identification. Consequently, it provides an avenue for hackers to potential utilize unauthorized information. Merchants and credit card issuers suffer significant losses as a result of these unauthorized transactions. The fees charged for transactions are, in part, a reflection of these losses.
  • a system for registering a credit card in order to conduct secured transactions.
  • the system includes a verified transaction card (such as a bank ATM card) having a Personal Identification Number (PIN), thereby linking it to a user's identity, as well as one or more credit cards that will be registered based on the verified transaction card.
  • a secure transaction terminal is used for retrieving information stored on the transaction card and the credit cards. Furthermore, the secure transaction terminal can includes an input portion in order to input, display, and review information.
  • a communication device is provided for transmitting and receiving information across one or more networks, and an authentication server is provided for maintaining information associated with registered credit cards. In order to register the credit cards, information is retrieved from the verified transaction card using the secure transaction terminal.
  • the PIN associated with the verified transaction card is then input by the user.
  • Information from each of the credit cards is associated with the entity which issues the verified transaction card, and associated with the PIN. All of this information is subsequently stored on the authentication server, so that the PIN must be input in order to authenticate transactions with the credit card.
  • a computer system containing appropriate hardware and software can be used to retrieve information from the credit card and the verified transaction card.
  • the computer system can also be used to transmit/receive information across the network.
  • the computer system can be used with other secure data entry systems and methods in order to provide a safe platform for inputting information.
  • a method for registering a credit card to conduct secure transactions.
  • the method comprises the steps of: retrieving information from a bank card associated with a user bank account; inputting a PIN associated with the bank card; validating the user's identification based, in part, on the bank card and PIN; associating one or more credit cards with the validated user identification; and storing information regarding the one or more credit cards.
  • a method of conducting secure transactions comprises the steps of: selecting an item for purchase; retrieving credit card information for purchasing the selected item using a secure transaction terminal; inputting a PIN having a predetermined association with the credit card using the secure transaction terminal; transmitting the credit card information and PlN to an authentication server for verification; transmitting transaction information regarding the purchase to an issuer of the credit card, if the credit card information and PIN are successfully verified by the authentication server; and notifying a merchant providing the item for purchase, if the credit card information and PIN cannot be verified by the authentication server.
  • the level of security required to complete the transaction can be increased.
  • the need to verify a consumer's identification or signature can be reduced and/or eliminated.
  • Fig. 1 is a block diagram illustrating an arrangement for conducting secure credit card transactions according to an exemplary embodiment of the present invention
  • Fig. 2 is a flowchart illustrating the steps performed when conducting secure credit card transactions according to one embodiment of the present invention.
  • Fig. 3 is a flowchart illustrating the process of registering a credit card for secure transactions.
  • a procedure is here, and generally, conceived to be a self-consistent sequence of steps leading to a desired result. These steps are those requiring physical manipulations of physical quantities. Usually, though not necessarily, these quantities take the form of electrical, magnetic, and/or optical signals capable of being stored, transferred, combined, compared and otherwise manipulated. It proves convenient at times, principally for reasons of common usage, to refer to these signals as bits, values, elements, symbols, characters, terms, numbers, or the like. It should be noted, however, that all of these and similar terms are to be associated with the appropriate physical quantities and are merely convenient labels applied to these quantities.
  • the manipulations performed are often referred to in terms, such as adding or comparing, which are commonly associated with mental operations performed by a human operator. No such capability of a human operator is necessary, or desirable in most cases, in any of the operations described herein which form part of the present invention; the operations are preferably machine operations, although the operations may also be manual in alternative embodiments.
  • Useful machines for performing the operation of the present invention include general purpose digital computers or similar devices.
  • the present invention also relates to apparatus for performing these operations.
  • This apparatus may be specially constructed for the required purpose or it may include a general purpose computer as selectively activated or reconfigured by a computer program stored in the computer.
  • the procedures presented herein are not inherently related to a particular computer or other apparatus.
  • Various general purpose machines may be used with programs written in accordance with the teachings herein, or it may prove more convenient to construct more specialized apparatus to perform the required method steps. The required structure for a variety of these machines will appear from the description given.
  • the secure transaction system 100 includes a merchant or service provider 114, an authentication server 120, and a credit issuing entity (i.e., credit card issuer) 122.
  • a consumer i.e., user
  • a consumer 110 is able to physically visit the merchant and shop for various items.
  • the consumer 110 can also conduct various transactions at a merchant's virtual storefront using a network, such as the internet.
  • the consumer (or user) 110 would utilize a computer 124 (or any appropriate network enabled device such as a mobile phone, PDA, etc.).
  • the computer 124 can include common peripherals such as, but not limited to, a display 126, keyboard 128, and mouse 130. [0030]
  • Some merchants can also have both a physical store location 114 and a virtual store front that is accessible over the internet.
  • consumers 110 have the option of purchasing items and services at the merchant's physical location 114, or using the computer 124 to access the merchant's website and subsequently receiving any items via appropriate shipping methods.
  • the consumer 110 will typically browse the aisles of the merchant 114, or pages of the merchant's website using the computer 124, to shop for various items.
  • the consumer can select one or more products and/or services to be purchased and proceed to the register or check out location of the merchant 114 (e.g., point of sale).
  • the consumer 110 often has the option to purchase products or services using different forms of payment, including cash, check, credit card, etc.
  • a consumer (or user) 110 can perform this transaction using a credit card while maintaining a high level of security.
  • the consumer 110 presents an appropriate credit card 118 for payment.
  • the credit card 118 is swiped through a secure transaction terminal 116 so that the information stored on its magnetic strip can be retrieved.
  • a secure transaction terminal 116 the manner in which the information from the credit card 118 is read will vary. For example, some secure transaction terminals require that the credit card be swiped across an opening to read the magnetic information, while others can require insertion of the card into a recessed area.
  • the consumer 110 is subsequently required to authenticate the transaction by entering a Personal Identification Number (PIN) associated with the credit card 118 using a key pad on the secure transaction terminal.
  • PIN Personal Identification Number
  • the PIN entered is used to authenticate the user's identity and the credit card based on a pre-established relationship with the user's bank account. Accordingly, prior to commencing the transaction, it is necessary for the consumer 110 to take appropriate steps to register and establish a link to the credit card 118. Alternatively, or optionally, the consumer 110 can establish this link at the checkout location or point of sale (POS). While the illustrated embodiment of the invention discusses registration of a credit card, it should be noted that any type of financial transaction card can be used.
  • the consumer 110 is required to produce a conventional ATM card (not shown) which has been issued by a bank wherein the consumer holds a checking and/or savings account.
  • the ATM card is linked to the consumer's identification, and incorporates a four- digit PIN to provide security. Under normal transactions, the consumer 110 would insert the ATM card into an appropriate ATM and input their four-digit PIN. The combination of ATM card and four-digit PIN confirms the user's identity and allows the transaction to proceed. It should be noted that the consumer's identity is already verified through conventional banking procedures. More particularly, prior to being issued the ATM card, the consumer 110 is required to physically visit the bank and produce identification necessary to establish their identity before an account will be opened. Once the user's identity has been verified and the account opened, the bank will separately supply a four-digit PIN to be used in conjunction with the ATM card when conducting transactions at an ATM. [0035]
  • the consumer's bank account, ATM card, and PIN are used to authenticate the consumer's identity.
  • the user's identity is confirmed.
  • the user 110 is allowed to associate one or more credit cards 118 with their identity for conducting secure transactions.
  • Each credit card 118 would be swiped so that information can be retrieved and associated with the bank account and stored at the authentication server 120.
  • the credit card 118 has been registered. Any secure transactions subsequently conducted by the consumer 110 using a registered credit card 118 would further require input of the user's four digit PIN in order to confirm their identity.
  • the combination of the registered credit card 118 and four-digit PIN confirms the consumer's identity and reduces (or eliminates) the need to request identification or signature verification at the merchant's check out.
  • a conventional ATM card requires creation of an account with a financial institution and physical (i.e., in person) verification of the account holder's identity. This can be accomplished, for example by the account holder visiting the financial institution and presenting appropriate documents (e.g., license, passport, etc.) to verify their identity.
  • appropriate documents e.g., license, passport, etc.
  • other electronic transaction cards requiring verification of the card holder's identification prior to issuance can be used in place of the ATM card.
  • the consumer 110 can perform such transactions over the internet using a computer 124.
  • the present invention is particularly beneficial in such situations, because the merchant 114 is unable to physically request picture identification or signature verification from the consumer 110. This results in a high level of risk that the credit card 118 could have been fraudulently obtained and used to conduct the transaction.
  • the consumer 110 can provide information from the credit card 118 together with the four-digit PIN through the computer 124 in order to authenticate their identification and complete the transaction.
  • the consumer 1 10 Once the consumer 1 10 has supplied the credit card information (by swiping through the secure transaction terminal 1 16 or inputting the account information using the computer) and four-digit PIN, it is sent to the authentication server 120 over a secure communication channel 140.
  • a secure communication channel 140 Such a channel can be in the form of a direct connection line, a virtual private network, the internet, etc., as long as appropriate security and encryption measures are taken.
  • the authentication server 120 stores all the credit card and bank account information for the consumers 110. Once the merchant 114 transmits the credit card information and PIN to the authentication server 120, it is able to confirm the user's identity and determine whether the transaction should be allowed to proceed.
  • the authentication server 120 can establish a communication link 142 with the credit card issuer 122 (e.g.
  • the authentication server can contact the merchant 114 and indicate that the credit card 118 is registered.
  • the merchant 114 would subsequently establish a communication link 144 with the credit card issuer 122 in order to supply the transaction information.
  • the credit card issuer 122 determines if sufficient funds (or credit) are available, and indicates whether the transaction should be allowed to proceed. This indication can be provided in various ways.
  • the credit card issuer 122 can respond to the authentication server 120, indicating that the credit card 118 has sufficient funds to complete the transaction.
  • the credit card issuer 122 can supply this indication to the merchant 114 directly by using the transaction information. Once the merchant 114 receives the credit card authorization, the transaction can be accepted or denied.
  • Fig. 2 is a flowchart illustrating the steps performed in conducting secure credit card transactions in accordance with one or more embodiments of the present invention.
  • the consumer is free to shop at either the merchant location or at a virtual location on the internet.
  • the consumer would identify one or more products and/or services that they would like to purchase. This is represented by step S200 wherein the user selects these items.
  • the user selects a credit card as the method of payment.
  • consumers can pay for such transactions using various means, including cash, check, credit cards, retail store cards, etc.
  • the user attempts to purchase the item they are given an opportunity to select a credit card as the payment type.
  • step S212 the user is asked for the status of the credit card. Specifically, the merchant inquires whether the credit card is registered for secure transactions or not. If the credit card is not registered, the consumer is given an opportunity to complete the registration process. This is illustrated by directing the user to break point "1", which will be discussed below with respect to Fig. 3. As can be appreciated, the process can optionally be allowed to proceed without prompting the consumer. [0039]
  • the consumer is asked to swipe their credit card in order to pay for the transaction at step S214.
  • the consumer enters the four-digit PIN associated with the credit card.
  • the four-digit PIN and credit card information are transmitted to the authentication server via the network.
  • the authentication server validates that credit card at step S220. More particularly, the authentication server confirms whether or not the consumer's credit card has been previously registered and authorized to conduct secure transactions. As previously discussed, such validation can also eliminate the need for the merchant to request identification and/or signature verification to approve the transaction. If the authentication server successfully validates the credit card, then information concerning the transaction is transmitted to the credit card issuer at step S222. Alternatively, the transaction server can notify the merchant, who would in turn contact the credit card issuer. [0040]
  • step S224 the vendor is notified at step S224.
  • the merchant can optionally provide the consumer with an opportunity to perform an unsecured purchase according to conventional means. If the consumer does not wish to make an unsecured purchase, then the process ends. If the consumer agrees to conduct the unsecured purchase, then the credit card information is obtained at step S238. Control subsequently returns to step S222 where the transaction information is supplied to the credit card company.
  • step S230 the credit card company determines whether or not sufficient funds exist on the consumer's credit card account. If sufficient funds exist, then the transaction is authorized at step S232. Alternatively, if sufficient funds do not exist, then the transaction is declined at step S234. The process ends at step S236 with successful purchase of the product and/or service.
  • Fig. 3 is a flowchart illustrating the process of registering a credit card for secure transactions.
  • the location to which the consumer is directed can vary. If the consumer is present at a physical merchant location, the registration location can correspond to a separate office and/or area where the registration process can take place. Further, in a mall type (e.g., shopping plaza) setting, the registration location can correspond to a kiosk having the necessary hardware (e.g., communication access and secure transaction terminal) for performing the process.
  • the transaction is being conducted online, the consumer's PC can be directed to a different webpage wherein the information would be collected. Typically, the consumer would be directed to the authentication server so that information can be verified and stored for subsequent transactions.
  • the consumer would be required to swipe their ATM card at step S312. If using a computer, the consumer would simply enter the account and other necessary information from the ATM card using an appropriate input device.
  • the consumer enters the four-digit PIN corresponding to the ATM card.
  • the authentication server attempts to validate the consumer's identification based on the ATM card and PIN. This is the same type of authentication performed when the consumer uses any conventional ATM to withdraw cash from an existing checking and/or savings account. If the authentication server cannot to validate the credit card, then the merchant is alerted at step S318.
  • the registration process would end. [0043]
  • the authentication server If the authentication server is capable of validating the consumer's identification, then the user swipes a credit card at step S322.
  • the authentication server associates the swiped credit card with the user account at step S324 so that the credit card is now registered to perform secure transactions.
  • the consumer is asked if additional credit cards should be registered. If so, then control returns to step S322. Otherwise, control returns to the purchase transaction shown in Fig. 2 at break point "2".
  • a conventional computer system would typically include a bus or other communication mechanism for communicating information, and a processor coupled with bus for processing information.
  • the computer system also includes a main memory, such as a random access memory (RAM) or other dynamic storage device, coupled to the bus for storing information and instructions to be executed by the processor.
  • the main memory also may be used for storing temporary variables or other intermediate information during execution of instructions the processor.
  • the computer system further includes a read only memory (ROM) or other static storage device coupled to the bus for storing static information and instructions for the processor.
  • ROM read only memory
  • a storage device such as a magnetic disk or optical disk, is provided and coupled to the bus for storing information and instructions.
  • the computer system may be coupled via the bus to a display, such as a cathode ray tube (CRT) or liquid crystal display (LCD), for displaying information to a computer user.
  • a display such as a cathode ray tube (CRT) or liquid crystal display (LCD)
  • An input device can be coupled to the bus for communicating information and command selections to the processor.
  • cursor control such as a mouse, a trackball, or cursor direction keys for communicating direction information and command selections to the processor and for controlling cursor movement on the display.
  • This input device typically has two degrees of freedom in two axes, a first axis (e.g., x) and a second axis (e.g., y), that allows the device to specify positions in a plane.
  • the computer system provides the necessary interface and operates in response to the processor executing one or more sequences of one or more instructions contained in the main memory.
  • Such instructions may be read into the main memory from another computer-readable medium, such as storage device.
  • Execution of the sequences of instructions contained in the main memory causes the processor to perform the process steps described herein.
  • processors in a multi-processing arrangement may also be employed to execute the sequences of instructions contained in the main memory.
  • hard-wired circuitry may be used in place of or in combination with software instructions to implement the invention.
  • embodiments of the invention are not limited to any specific combination of hardware circuitry and software.
  • Non-volatile media include, for example, optical or magnetic disks, such as the aforementioned storage device.
  • Volatile media include dynamic memory, such as the main memory.
  • Transmission media include coaxial cables, copper wire and fiber optics, including the wires that comprise the bus. Transmission media can also take the form of acoustic or light waves, such as those generated during radio frequency (RF) and infrared (IR) data communications, wireless frequencies used to send/receive information using satellite and terrestrial devices, etc.
  • RF radio frequency
  • IR infrared
  • Computer-readable media include, for example, a floppy disk, a flexible disk, hard disk, magnetic tape, any other magnetic medium, a CD-ROM, DVD, any other optical medium, punch cards, paper tape, any other physical medium with patterns of holes, a RAM, a PROM, and EPROM, a FLASH-EPROM, any other memory chip or cartridge, a carrier wave as described hereinafter, or any other medium from which a computer can read.
  • Various forms of computer readable media may be involved in carrying one or more sequences of one or more instructions to the processor for execution.
  • the instructions may initially be borne on a magnetic disk of a remote computer.
  • the remote computer can load the instructions into its dynamic memory and send the instructions over a telephone line using a modem.
  • a modem local to the computer system can receive the data on the telephone line and use an infrared transmitter to convert the data to an infrared signal.
  • An infrared detector coupled to the bus can receive the data carried in the infrared signal and place the data on the bus.
  • the bus carries the data to the main memory, from which the processor retrieves and executes the instructions.
  • the instructions received by the main memory may optionally be stored on the storage device either before or after execution by the processor.
  • the computer system also includes a communication interface coupled to the bus.
  • the communication interface provides a two-way data communication coupling to a network link that is connected to a local network.
  • the communication interface may be a local area network (LAN) card to provide a data communication connection to a compatible LAN.
  • LAN local area network
  • Wireless links may also be implemented.
  • the communication interface sends and receives electrical, electromagnetic or optical signals that carry digital data streams representing various types of information.
  • the network link typically provides data communication through one or more networks to other data devices.
  • the network link may provide a connection through the local network to a host computer or to data equipment operated by an Internet Service Provider (ISP).
  • ISP Internet Service Provider
  • the ISP in turn provides data communication services through the internet.
  • the local network and internet both use electrical, electromagnetic or optical signals that carry digital data streams.
  • the signals through the various networks and the signals on the network link and through the communication interface, which carry the digital data to and from the computer system, are exemplary forms of carrier waves transporting the information.

Abstract

A method and system are disclosed for conducting secure transactions using a credit card. A credit card is registered by associating it with a user's bank account and personal identification number (PIN). During a transaction, the credit card is used in a normal fashion. The user is further required to provide the PIN used to register the credit card. This information is validated prior to being sent to the credit card issuer. If the information cannot be validated, then the transaction cannot occur and no information is transmitted to the credit card issuer.

Description

APPARATUS AND METHOD FOR CONDUCTING SECURE TRANSACTIONS USING A CREDIT CARD
BACKGROUND OF THE INVENTION
Technical Field [0001]
The present invention relates to electronic transactions and, more particularly, to authenticated secure credit card electronic transactions.
Description of the Related Art
[0002]
Transactions for various goods and services are predominantly conducted using electronic payment systems instead of conventional currency. Consumers complete such transactions using various types of payments, such as credit cards and check cards. A merchant, or service provider, retrieves information from the card and transmits the information electronically to the institution issuing the credit card or bank card to obtain approval for the transaction. If sufficient funds exist in the consumer's checking account, or the credit card limit has not been reached, the transaction is approved and funds are deducted from the user's account.
[0003]
While electronic transactions are popular and convenient ways for making purchases, they can be vulnerable to fraud and/or theft. Hackers have developed numerous techniques to gain access to user account information. Once the account information is obtained, the hacker is able to conduct electronic transactions and charge the costs to the user's credit card or checking account. The institutions issuing the credit cards and check cards continually implement various types of fraud protection to minimize a hacker's ability to fraudulently purchase goods using an unauthorized card. This protection, however, is often limited to indemnifying the user's account for a certain level of liability and tracking the hacker. [0004]
When a credit card or check card is used for electronic purchases, the issuing entity charges the merchant a transaction fee, which varies depending on the condition of the transaction. For example, different fees are charged for check card transactions depending on the physical presence of the card. Differences exist between transactions using credit cards and check cards. In addition, the fees for credit card purchases also differ depending on whether the card is physically present. This physical presence corresponds to the situation where the customer physically produces the credit card to the merchant for verification of signature and identification. When purchases are made electronically at a virtual merchant location (e.g., website), there is no verification of the card or consumer identification. Consequently, it provides an avenue for hackers to potential utilize unauthorized information. Merchants and credit card issuers suffer significant losses as a result of these unauthorized transactions. The fees charged for transactions are, in part, a reflection of these losses.
[0005]
Various techniques have been developed, and continue to be developed, in an attempt to prevent such theft by hackers. Some of these techniques are implemented directly by the credit card issuer, while merchants have also initiated their own security precautions. Additionally, many consumers subscribe to services that monitor activity on various accounts.
[0006]
These techniques are all beneficial in helping to reduce the amount of fraud occurring. However, they cannot completely eliminate credit card fraud because hackers continually develop new methods of circumventing security measures. Until such fraud can be completely eliminated, additional security measures can always be utilized to provide a further level of deterrence. [0007]
Accordingly, there exists a need for continuing to increase the level of security associated credit card transactions.
[0008]
There also exists a need for a credit card transaction system that reduces the need to verify identification at the point of sale.
SUMMARY OF THE INVENTION
[0009]
It is therefore one feature and advantage of the present invention to address at least some of the shortcomings of the prior art in conducting credit card transactions.
[0010]
It is another optional feature and advantage of the present invention to provide a system capable of facilitating secure credit card transactions.
[0011]
It is yet another optional feature and advantage of the present invention to provide a system capable of reducing the need to verify identification at the point of sale during credit card transactions.
[0012]
The foregoing, and various other needs, are addressed, at least in part, by the present invention, wherein a credit card is registered and associated with a consumer based on an existing bank account.
[0013]
According to one embodiment of the invention, a system is provided for registering a credit card in order to conduct secured transactions. The system includes a verified transaction card (such as a bank ATM card) having a Personal Identification Number (PIN), thereby linking it to a user's identity, as well as one or more credit cards that will be registered based on the verified transaction card. A secure transaction terminal is used for retrieving information stored on the transaction card and the credit cards. Furthermore, the secure transaction terminal can includes an input portion in order to input, display, and review information. A communication device is provided for transmitting and receiving information across one or more networks, and an authentication server is provided for maintaining information associated with registered credit cards. In order to register the credit cards, information is retrieved from the verified transaction card using the secure transaction terminal. The PIN associated with the verified transaction card is then input by the user. Information from each of the credit cards is associated with the entity which issues the verified transaction card, and associated with the PIN. All of this information is subsequently stored on the authentication server, so that the PIN must be input in order to authenticate transactions with the credit card. [0014]
According to one or more optional features of the invention, a computer system containing appropriate hardware and software can be used to retrieve information from the credit card and the verified transaction card. The computer system can also be used to transmit/receive information across the network. Furthermore, the computer system can be used with other secure data entry systems and methods in order to provide a safe platform for inputting information.
[0015]
According to another embodiment of the invention a method is provided for registering a credit card to conduct secure transactions. The method comprises the steps of: retrieving information from a bank card associated with a user bank account; inputting a PIN associated with the bank card; validating the user's identification based, in part, on the bank card and PIN; associating one or more credit cards with the validated user identification; and storing information regarding the one or more credit cards. [0016]
According to another embodiment of the invention, a method of conducting secure transactions comprises the steps of: selecting an item for purchase; retrieving credit card information for purchasing the selected item using a secure transaction terminal; inputting a PIN having a predetermined association with the credit card using the secure transaction terminal; transmitting the credit card information and PlN to an authentication server for verification; transmitting transaction information regarding the purchase to an issuer of the credit card, if the credit card information and PIN are successfully verified by the authentication server; and notifying a merchant providing the item for purchase, if the credit card information and PIN cannot be verified by the authentication server. According to such a method, the level of security required to complete the transaction can be increased. Furthermore, the need to verify a consumer's identification or signature can be reduced and/or eliminated.
[0017]
There has thus been outlined, rather broadly, the more important features of the invention and several, but not all, embodiments in order that the detailed description thereof that follows may be better understood, and in order that the present contribution to the art may be better appreciated. There are, of course, additional features of the invention that will be described hereinafter and which will form the subject matter of the claims appended hereto.
[0018]
In this respect, before explaining at least one embodiment of the invention in detail, it is to be understood that the invention is not limited in its application to the details of construction and to the arrangements of the components set forth in the following description or illustrated in the drawings. The invention is capable of other embodiments and of being practiced and carried out in various ways. Also, it is to be understood that the phraseology and terminology employed herein are for the purpose of description and should not be regarded as limiting.
[0019]
As such, those skilled in the art will appreciate that the conception, upon which this disclosure is based, may readily be utilized as a basis for the designing of other structures, methods and systems for carrying out the several purposes of the present invention. It is important, therefore, that the claims be regarded as including such equivalent constructions insofar as they do not depart from the spirit and scope of the present invention.
[0020]
Further, the purpose of the foregoing abstract is to enable the U.S. Patent and Trademark Office and the public generally, and especially the scientists, engineers and practitioners in the art who are not familiar with patent or legal terms or phraseology, to determine quickly from a cursory inspection the nature and essence of the technical disclosure of the application. The abstract is neither intended to define the invention of the application, which is measured by the claims, nor is it intended to be limiting as to the scope of the invention in any way.
[0021]
These, together with other objects of the invention, along with the various features of novelty which characterize the invention, are pointed out with particularity in the claims annexed to and forming a part of this disclosure. For a better understanding of the invention, its operating advantages and the specific objects attained by its uses, reference should be had to the accompanying drawings and descriptive matter in which there is illustrated preferred embodiments of the invention. BRIEF DESCRIPTION OF THE DRAWINGS
[0022]
Fig. 1 is a block diagram illustrating an arrangement for conducting secure credit card transactions according to an exemplary embodiment of the present invention;
Fig. 2 is a flowchart illustrating the steps performed when conducting secure credit card transactions according to one embodiment of the present invention; and
Fig. 3 is a flowchart illustrating the process of registering a credit card for secure transactions.
DETAILED DESCRIPTION OF THE INVENTION
[0023]
Reference now will be made in detail to the presently preferred embodiments of the invention. Such embodiments are provided by way of explanation of the invention, which is not intended to be limited thereto. In fact, those of ordinary skill in the art may appreciate upon reading the present specification and viewing the present drawings that various modifications and variations can be made.
[0024]
For example, features illustrated or described as part of one embodiment can be used on other embodiments to yield a still further embodiment. Additionally, certain features may be interchanged with similar devices or features not mentioned yet which perform the same or similar functions. It is therefore intended that such modifications and variations are included within the totality of the present invention.
[0025]
The detailed descriptions which follow may be presented in terms of program procedures executed on a computer or network of computers. These procedural descriptions and representations are the means used by those skilled in the art to most effectively convey the substance of their work to others skilled in the art.
[0026]
A procedure is here, and generally, conceived to be a self-consistent sequence of steps leading to a desired result. These steps are those requiring physical manipulations of physical quantities. Usually, though not necessarily, these quantities take the form of electrical, magnetic, and/or optical signals capable of being stored, transferred, combined, compared and otherwise manipulated. It proves convenient at times, principally for reasons of common usage, to refer to these signals as bits, values, elements, symbols, characters, terms, numbers, or the like. It should be noted, however, that all of these and similar terms are to be associated with the appropriate physical quantities and are merely convenient labels applied to these quantities.
[0027]
Further, the manipulations performed are often referred to in terms, such as adding or comparing, which are commonly associated with mental operations performed by a human operator. No such capability of a human operator is necessary, or desirable in most cases, in any of the operations described herein which form part of the present invention; the operations are preferably machine operations, although the operations may also be manual in alternative embodiments. Useful machines for performing the operation of the present invention include general purpose digital computers or similar devices.
[0028]
The present invention also relates to apparatus for performing these operations. This apparatus may be specially constructed for the required purpose or it may include a general purpose computer as selectively activated or reconfigured by a computer program stored in the computer. The procedures presented herein are not inherently related to a particular computer or other apparatus. Various general purpose machines may be used with programs written in accordance with the teachings herein, or it may prove more convenient to construct more specialized apparatus to perform the required method steps. The required structure for a variety of these machines will appear from the description given.
[0029]
Turning now to Figure 1 , a system is shown for conducting secure transactions using a credit card, in accordance with at least one embodiment of the present invention. The secure transaction system 100 includes a merchant or service provider 114, an authentication server 120, and a credit issuing entity (i.e., credit card issuer) 122. A consumer (i.e., user) 110 is able to physically visit the merchant and shop for various items. Depending on the specific embodiment of the invention, the consumer 110 can also conduct various transactions at a merchant's virtual storefront using a network, such as the internet. According to such embodiments, the consumer (or user) 110 would utilize a computer 124 (or any appropriate network enabled device such as a mobile phone, PDA, etc.). The computer 124 can include common peripherals such as, but not limited to, a display 126, keyboard 128, and mouse 130. [0030]
Some merchants can also have both a physical store location 114 and a virtual store front that is accessible over the internet. Thus, consumers 110 have the option of purchasing items and services at the merchant's physical location 114, or using the computer 124 to access the merchant's website and subsequently receiving any items via appropriate shipping methods. [0031]
The consumer 110 will typically browse the aisles of the merchant 114, or pages of the merchant's website using the computer 124, to shop for various items. The consumer can select one or more products and/or services to be purchased and proceed to the register or check out location of the merchant 114 (e.g., point of sale). The consumer 110 often has the option to purchase products or services using different forms of payment, including cash, check, credit card, etc. According to the present invention, a consumer (or user) 110 can perform this transaction using a credit card while maintaining a high level of security.
[0032]
More particularly, during the transaction process, the consumer 110 presents an appropriate credit card 118 for payment. The credit card 118 is swiped through a secure transaction terminal 116 so that the information stored on its magnetic strip can be retrieved. Depending on the specific type of secure transaction terminal 116 being used, the manner in which the information from the credit card 118 is read will vary. For example, some secure transaction terminals require that the credit card be swiped across an opening to read the magnetic information, while others can require insertion of the card into a recessed area. [0033]
The consumer 110 is subsequently required to authenticate the transaction by entering a Personal Identification Number (PIN) associated with the credit card 118 using a key pad on the secure transaction terminal. According to the present invention, the PIN entered is used to authenticate the user's identity and the credit card based on a pre-established relationship with the user's bank account. Accordingly, prior to commencing the transaction, it is necessary for the consumer 110 to take appropriate steps to register and establish a link to the credit card 118. Alternatively, or optionally, the consumer 110 can establish this link at the checkout location or point of sale (POS). While the illustrated embodiment of the invention discusses registration of a credit card, it should be noted that any type of financial transaction card can be used. For example, a store issued charge card, generic currency charge card, chain store charge card, currency transaction card, etc. In this regard, those skilled in the art will appreciate that the credit card 118 being discussed is intended to be one example, and that the invention is not so limited. [0034]
During the registration process, the consumer 110 is required to produce a conventional ATM card (not shown) which has been issued by a bank wherein the consumer holds a checking and/or savings account. The ATM card is linked to the consumer's identification, and incorporates a four- digit PIN to provide security. Under normal transactions, the consumer 110 would insert the ATM card into an appropriate ATM and input their four-digit PIN. The combination of ATM card and four-digit PIN confirms the user's identity and allows the transaction to proceed. It should be noted that the consumer's identity is already verified through conventional banking procedures. More particularly, prior to being issued the ATM card, the consumer 110 is required to physically visit the bank and produce identification necessary to establish their identity before an account will be opened. Once the user's identity has been verified and the account opened, the bank will separately supply a four-digit PIN to be used in conjunction with the ATM card when conducting transactions at an ATM. [0035]
According to the present invention, the consumer's bank account, ATM card, and PIN are used to authenticate the consumer's identity. By physically producing the ATM card and supplying the proper four-digit PIN, the user's identity is confirmed. At this point, the user 110 is allowed to associate one or more credit cards 118 with their identity for conducting secure transactions. Each credit card 118 would be swiped so that information can be retrieved and associated with the bank account and stored at the authentication server 120. At this point, the credit card 118 has been registered. Any secure transactions subsequently conducted by the consumer 110 using a registered credit card 118 would further require input of the user's four digit PIN in order to confirm their identity. According to the present invention, the combination of the registered credit card 118 and four-digit PIN confirms the consumer's identity and reduces (or eliminates) the need to request identification or signature verification at the merchant's check out. As can be appreciated by those skilled in the art, a conventional ATM card requires creation of an account with a financial institution and physical (i.e., in person) verification of the account holder's identity. This can be accomplished, for example by the account holder visiting the financial institution and presenting appropriate documents (e.g., license, passport, etc.) to verify their identity. However, other electronic transaction cards requiring verification of the card holder's identification prior to issuance can be used in place of the ATM card. [0036]
As previously discussed, it is possible for the consumer 110 to perform such transactions over the internet using a computer 124. The present invention is particularly beneficial in such situations, because the merchant 114 is unable to physically request picture identification or signature verification from the consumer 110. This results in a high level of risk that the credit card 118 could have been fraudulently obtained and used to conduct the transaction. By registering the credit card 118, the consumer 110 can provide information from the credit card 118 together with the four-digit PIN through the computer 124 in order to authenticate their identification and complete the transaction. [0037]
Once the consumer 1 10 has supplied the credit card information (by swiping through the secure transaction terminal 1 16 or inputting the account information using the computer) and four-digit PIN, it is sent to the authentication server 120 over a secure communication channel 140. Such a channel can be in the form of a direct connection line, a virtual private network, the internet, etc., as long as appropriate security and encryption measures are taken. The authentication server 120 stores all the credit card and bank account information for the consumers 110. Once the merchant 114 transmits the credit card information and PIN to the authentication server 120, it is able to confirm the user's identity and determine whether the transaction should be allowed to proceed. The authentication server 120 can establish a communication link 142 with the credit card issuer 122 (e.g. Visa, MasterCard, American Express, Discover, etc.) to supply information related to the transaction. Alternatively, the authentication server can contact the merchant 114 and indicate that the credit card 118 is registered. The merchant 114 would subsequently establish a communication link 144 with the credit card issuer 122 in order to supply the transaction information. The credit card issuer 122 determines if sufficient funds (or credit) are available, and indicates whether the transaction should be allowed to proceed. This indication can be provided in various ways. For example, the credit card issuer 122 can respond to the authentication server 120, indicating that the credit card 118 has sufficient funds to complete the transaction. Alternatively, the credit card issuer 122 can supply this indication to the merchant 114 directly by using the transaction information. Once the merchant 114 receives the credit card authorization, the transaction can be accepted or denied. [0038]
Fig. 2 is a flowchart illustrating the steps performed in conducting secure credit card transactions in accordance with one or more embodiments of the present invention. As previously discussed, the consumer is free to shop at either the merchant location or at a virtual location on the internet. During the shopping process, the consumer would identify one or more products and/or services that they would like to purchase. This is represented by step S200 wherein the user selects these items. At step S210, the user selects a credit card as the method of payment. As is known, consumers can pay for such transactions using various means, including cash, check, credit cards, retail store cards, etc. Thus, when the user attempts to purchase the item, they are given an opportunity to select a credit card as the payment type. According to the illustrated embodiment, at step S212, the user is asked for the status of the credit card. Specifically, the merchant inquires whether the credit card is registered for secure transactions or not. If the credit card is not registered, the consumer is given an opportunity to complete the registration process. This is illustrated by directing the user to break point "1", which will be discussed below with respect to Fig. 3. As can be appreciated, the process can optionally be allowed to proceed without prompting the consumer. [0039]
The consumer is asked to swipe their credit card in order to pay for the transaction at step S214. At step S216, the consumer enters the four-digit PIN associated with the credit card. At step S218, the four-digit PIN and credit card information are transmitted to the authentication server via the network. The authentication server validates that credit card at step S220. More particularly, the authentication server confirms whether or not the consumer's credit card has been previously registered and authorized to conduct secure transactions. As previously discussed, such validation can also eliminate the need for the merchant to request identification and/or signature verification to approve the transaction. If the authentication server successfully validates the credit card, then information concerning the transaction is transmitted to the credit card issuer at step S222. Alternatively, the transaction server can notify the merchant, who would in turn contact the credit card issuer. [0040]
If the authentication server is unable to validate the credit card, then the vendor is notified at step S224. At step S226, the merchant can optionally provide the consumer with an opportunity to perform an unsecured purchase according to conventional means. If the consumer does not wish to make an unsecured purchase, then the process ends. If the consumer agrees to conduct the unsecured purchase, then the credit card information is obtained at step S238. Control subsequently returns to step S222 where the transaction information is supplied to the credit card company. At step S230, the credit card company determines whether or not sufficient funds exist on the consumer's credit card account. If sufficient funds exist, then the transaction is authorized at step S232. Alternatively, if sufficient funds do not exist, then the transaction is declined at step S234. The process ends at step S236 with successful purchase of the product and/or service. [0041]
Fig. 3 is a flowchart illustrating the process of registering a credit card for secure transactions. At step S310 where the consumer is directed to the registration location. Depending on the specific embodiment of the invention, the location to which the consumer is directed can vary. If the consumer is present at a physical merchant location, the registration location can correspond to a separate office and/or area where the registration process can take place. Further, in a mall type (e.g., shopping plaza) setting, the registration location can correspond to a kiosk having the necessary hardware (e.g., communication access and secure transaction terminal) for performing the process. If the transaction is being conducted online, the consumer's PC can be directed to a different webpage wherein the information would be collected. Typically, the consumer would be directed to the authentication server so that information can be verified and stored for subsequent transactions. Furthermore, it is possible for the consumer to simply register the credit card without purchasing an item. In this regard, the credit card is simply registered and the process ends. [0042]
Regardless of the specific implementation of the registration location, the consumer would be required to swipe their ATM card at step S312. If using a computer, the consumer would simply enter the account and other necessary information from the ATM card using an appropriate input device. At step S314, the consumer enters the four-digit PIN corresponding to the ATM card. At step S316, the authentication server attempts to validate the consumer's identification based on the ATM card and PIN. This is the same type of authentication performed when the consumer uses any conventional ATM to withdraw cash from an existing checking and/or savings account. If the authentication server cannot to validate the credit card, then the merchant is alerted at step S318. At step S320, the registration process would end. [0043]
If the authentication server is capable of validating the consumer's identification, then the user swipes a credit card at step S322. The authentication server associates the swiped credit card with the user account at step S324 so that the credit card is now registered to perform secure transactions. At step S326, the consumer is asked if additional credit cards should be registered. If so, then control returns to step S322. Otherwise, control returns to the purchase transaction shown in Fig. 2 at break point "2". [0044]
As can be appreciated by those skilled in the art, the instant invention can be practiced on various hardware platforms and computer systems. A conventional computer system would typically include a bus or other communication mechanism for communicating information, and a processor coupled with bus for processing information. The computer system also includes a main memory, such as a random access memory (RAM) or other dynamic storage device, coupled to the bus for storing information and instructions to be executed by the processor. The main memory also may be used for storing temporary variables or other intermediate information during execution of instructions the processor. The computer system further includes a read only memory (ROM) or other static storage device coupled to the bus for storing static information and instructions for the processor. A storage device, such as a magnetic disk or optical disk, is provided and coupled to the bus for storing information and instructions.
[0045]
The computer system may be coupled via the bus to a display, such as a cathode ray tube (CRT) or liquid crystal display (LCD), for displaying information to a computer user. An input device, including alphanumeric and other keys, can be coupled to the bus for communicating information and command selections to the processor. Another type of user input device is cursor control, such as a mouse, a trackball, or cursor direction keys for communicating direction information and command selections to the processor and for controlling cursor movement on the display. This input device typically has two degrees of freedom in two axes, a first axis (e.g., x) and a second axis (e.g., y), that allows the device to specify positions in a plane.
[0046]
According to the present invention, the computer system provides the necessary interface and operates in response to the processor executing one or more sequences of one or more instructions contained in the main memory. Such instructions may be read into the main memory from another computer-readable medium, such as storage device. Execution of the sequences of instructions contained in the main memory causes the processor to perform the process steps described herein. One or more processors in a multi-processing arrangement may also be employed to execute the sequences of instructions contained in the main memory. In alternative embodiments, hard-wired circuitry may be used in place of or in combination with software instructions to implement the invention. Thus, embodiments of the invention are not limited to any specific combination of hardware circuitry and software.
[0047]
The term "computer-readable medium" as used herein refers to any medium that participates in providing instructions to the processor for execution. Such a medium may take many forms, including but not limited to, solid state drives, FLASH media, non-volatile media, volatile media, and transmission media. Non-volatile media include, for example, optical or magnetic disks, such as the aforementioned storage device. Volatile media include dynamic memory, such as the main memory. Transmission media include coaxial cables, copper wire and fiber optics, including the wires that comprise the bus. Transmission media can also take the form of acoustic or light waves, such as those generated during radio frequency (RF) and infrared (IR) data communications, wireless frequencies used to send/receive information using satellite and terrestrial devices, etc. Common forms of computer-readable media include, for example, a floppy disk, a flexible disk, hard disk, magnetic tape, any other magnetic medium, a CD-ROM, DVD, any other optical medium, punch cards, paper tape, any other physical medium with patterns of holes, a RAM, a PROM, and EPROM, a FLASH-EPROM, any other memory chip or cartridge, a carrier wave as described hereinafter, or any other medium from which a computer can read.
[0048]
Various forms of computer readable media may be involved in carrying one or more sequences of one or more instructions to the processor for execution. For example, the instructions may initially be borne on a magnetic disk of a remote computer. The remote computer can load the instructions into its dynamic memory and send the instructions over a telephone line using a modem. A modem local to the computer system can receive the data on the telephone line and use an infrared transmitter to convert the data to an infrared signal. An infrared detector coupled to the bus can receive the data carried in the infrared signal and place the data on the bus. The bus carries the data to the main memory, from which the processor retrieves and executes the instructions. The instructions received by the main memory may optionally be stored on the storage device either before or after execution by the processor.
[0049]
The computer system also includes a communication interface coupled to the bus. The communication interface provides a two-way data communication coupling to a network link that is connected to a local network. As an example, the communication interface may be a local area network (LAN) card to provide a data communication connection to a compatible LAN. Wireless links may also be implemented. In any such implementation, the communication interface sends and receives electrical, electromagnetic or optical signals that carry digital data streams representing various types of information.
[0050]
The network link typically provides data communication through one or more networks to other data devices. For example, the network link may provide a connection through the local network to a host computer or to data equipment operated by an Internet Service Provider (ISP). The ISP in turn provides data communication services through the internet. The local network and internet both use electrical, electromagnetic or optical signals that carry digital data streams. The signals through the various networks and the signals on the network link and through the communication interface, which carry the digital data to and from the computer system, are exemplary forms of carrier waves transporting the information.
[0051]
The many features and advantages of the invention are apparent from the detailed specification, and thus, it is intended by the appended claims to cover all such features and advantages of the invention which fall within the true spirit and scope of the invention. Further, since numerous modifications and variations will readily occur to those skilled in the art, it is not desired to limit the invention to the exact construction and operation illustrated and described, and accordingly, all suitable modifications and equivalents may be resorted to, falling within the scope of the invention.

Claims

What is claimed is:
1. A system for registering a credit card for conducting secured transactions, comprising: a verified transaction card having a Personal Identification Number (PIN) associated therewith and linked a user identity; one or more credit cards for registration based on the verified transaction card; a secure transaction terminal for retrieving information stored on the transaction card and the one or more credit cards, and including an input portion for entering and displaying information; a communication device for transmitting and receiving information across one or more networks; and an authentication server for maintaining information associated with registered credit cards; wherein: information is retrieved from the verified transaction card by the secure transaction terminal and the PIN associated with the verified transaction card is input by the user, information is retrieved from the one or more credit cards by the secure transaction terminal, and information from each of the one or more credit cards is associated with an entity issuing the verified transaction card, associated with the PIN, and stored on the authentication server.
2. The system for registering a credit card according to claim 1 , wherein the verified transaction card is issued by a banking entity.
3. The system for registering a credit card according to claim 1 , wherein the input portion and communication device are components of a computer system that is in communication with the secure transaction terminal.
4. A system for registering a credit card for conducting secured transactions, comprising: a verified transaction card having a Personal Identification Number (PIN) associated therewith and linked a user identity; one or more credit cards for registration based on the verified transaction card; and a computer system configured to retrieve information stored on the transaction card and the one or more credit cards, and transmit and receive information across one or more networks; wherein the one or more credit cards are registered by: inputting information corresponding to the verified transaction card together with the PIN associated with the verified transaction card, inputting information corresponding to the one or more credit cards, associating the information from the one or more credit cards are with both an entity issuing the verified transaction card and the PIN, and transmitting associated data indicative of the registered credit cards to a secure location.
5. The system for registering a credit card according to claim 1 , wherein the secure location comprises an authentication server for maintaining information associated with registered credit cards;
6. A method of registering a credit card for conducting secure transactions comprising the steps of: retrieving information from a bank card associated with a user bank account; inputting a PIN associated with the bank card; validating the user's identification based, in part, on the bank card and PIN; associating one or more credit cards with the validated user identification; and storing information regarding the one or more credit cards.
7. A method of conducting secure transactions comprising the steps of: selecting an item for purchase; retrieving credit card information for purchasing the selected item using a secure transaction terminal; inputting a PIN having a predetermined association with the credit card using the secure transaction terminal; transmitting the credit card information and PIN to an authentication server for verification; transmitting transaction information regarding the purchase to an issuer of the credit card, if the credit card information and PIN are successfully verified by the authentication server; and notifying a merchant providing the item for purchase if the credit card information and PIN cannot be verified by the authentication server.
8. The method according to claim 7, wherein the step of retrieving credit card information further comprises the steps of: determining if the credit card is registered for secure transactions; and registering the credit card prior to proceeding with the transaction, if it has not been previously registered.
9. The method according to claim 8, wherein the step of registering comprises the steps of: retrieving information from a verified transaction card associated with a user of the credit card; inputting a PIN associated with the verified transaction card; validating the user's identification based, in part, on the verified transaction card and PIN; associating the credit card with the validated user identification; and storing information regarding the credit card on the authentication server.
PCT/US2009/036564 2008-03-07 2009-03-09 Apparatus and method for conducting secure transactions using a credit card WO2009111795A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US3476608P 2008-03-07 2008-03-07
US61/034,766 2008-03-07

Publications (1)

Publication Number Publication Date
WO2009111795A1 true WO2009111795A1 (en) 2009-09-11

Family

ID=41056388

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2009/036564 WO2009111795A1 (en) 2008-03-07 2009-03-09 Apparatus and method for conducting secure transactions using a credit card

Country Status (1)

Country Link
WO (1) WO2009111795A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120136733A1 (en) * 2010-11-30 2012-05-31 Ncr Corporation Techniques for secure credit card transactions
WO2015161235A1 (en) * 2014-04-17 2015-10-22 Ruffer James F Secure electronic payment system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5677955A (en) * 1995-04-07 1997-10-14 Financial Services Technology Consortium Electronic funds transfer instruments
US5883810A (en) * 1997-09-24 1999-03-16 Microsoft Corporation Electronic online commerce card with transactionproxy number for online transactions
US6749114B2 (en) * 2001-05-15 2004-06-15 Inadam Corporation Universal authorization card system and method for using same

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5677955A (en) * 1995-04-07 1997-10-14 Financial Services Technology Consortium Electronic funds transfer instruments
US5883810A (en) * 1997-09-24 1999-03-16 Microsoft Corporation Electronic online commerce card with transactionproxy number for online transactions
US6749114B2 (en) * 2001-05-15 2004-06-15 Inadam Corporation Universal authorization card system and method for using same

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120136733A1 (en) * 2010-11-30 2012-05-31 Ncr Corporation Techniques for secure credit card transactions
WO2015161235A1 (en) * 2014-04-17 2015-10-22 Ruffer James F Secure electronic payment system

Similar Documents

Publication Publication Date Title
US10748147B2 (en) Adaptive authentication options
KR100731905B1 (en) Payment apparatus and method
US10282724B2 (en) Security system incorporating mobile device
US20020038287A1 (en) EMV card-based identification, authentication, and access control for remote access
US20140101055A1 (en) Systems, methods, and computer program products for managing remote transactions
NZ531142A (en) Virtual credit card terminal and method of transaction
US20100211503A1 (en) Double Verified Transaction Device and Method
US8099363B1 (en) Methods and systems for processing card-not-present financial transactions as card-present financial transactions
US20060167823A1 (en) Secure wireless commerce
JP2006039729A (en) Transaction system, transaction device and settlement system
JP2013505487A (en) Asset value storage and transfer system for electronic wallets
US20180308076A1 (en) Electronic financial processing system using personal atm terminal and method for processing thereof
US20180165679A1 (en) Method and system for transaction authentication
EP4020360A1 (en) Secure contactless credential exchange
WO2009111795A1 (en) Apparatus and method for conducting secure transactions using a credit card
US11568383B2 (en) Method and apparatus for a payment network
KR20160010042A (en) Method, server and computer-readable recording medium for payment using realtime account transfer, account collection
US20130290178A1 (en) System and method for effecting payment to a beneficiary including a real-time authorization of the payment
KR20050020422A (en) Method and System for Providing a Settlement Service Using a Mobile Phone
US11961079B2 (en) Proof-of-age verification in mobile payments
JP2002032572A (en) Authentication system, authentication method and settlement system
US20220005047A1 (en) Proof-of-age verification in mobile payments
US20210264412A1 (en) System and method for securing financial transactions
US11250410B2 (en) Computer implemented method and a payment terminal for executing card present transaction dynamically from remote environment
DAVITULIANI et al. CASH AT E-COMMERCE: METHOD FOR DISBURSING CASH TO A CARDHOLDER USING AN E-COMMERCE PLATFORM

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09717734

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: EPO FORM 1205A DATED 28.03.2011

122 Ep: pct application non-entry in european phase

Ref document number: 09717734

Country of ref document: EP

Kind code of ref document: A1