CN108475374A - Payment device with multiple modes for conducting financial transactions - Google Patents

Abstract

The present invention provides a payment card, and a system and method for securely managing financial transactions using the payment card. In one embodiment, the payment card includes a first component incorporated into the plastic substrate, wherein the first component is configured to provide details of a first alternate account associated with a valid credential of a cardholder. The payment card further includes at least one additional component incorporated into the plastic substrate. Each additional component is configured to provide details of at least one additional alternate account associated with the cardholder's valid credentials. Each alternative account includes details that are different from the details of each other alternative account. And, providing the at least one alternate account to the merchant for use in conducting a financial transaction with the merchant.

Description

Payment device with multiple modes for conducting financial transactions

Cross References to Related Applications

This application claims the benefit of US Provisional Application No. 62/282,991, filed August 17, 2015, the entire contents of which are incorporated herein by reference.

technical field

The present invention relates generally to financial services, and more particularly to payment devices and systems for processing financial transactions.

Background technique

Plastic payment cards, such as credit cards, were introduced in the United States in the late 1940s as the way banks most trusted customers to pay for meals and travel when they weren't carrying large amounts of cash. Since then, hundreds of millions of payment cards have been issued by thousands of banks.

However, the security of traditional payment card systems is threatened by several illegal practices. Identity theft, impersonation, fraud, unauthorized access to accounts, and other illegal activities threaten the entire system. Traditional payment cards and the networks used to authorize and process card transactions are vulnerable to widespread exploitation by identity thieves and other criminals. A major form of payment account fraud is the unauthorized use of payment account details when conducting electronic commerce. Another major form of payment account fraud is the creation of counterfeit cards and use on a merchant's point-of-sale (POS) device. These forms of fraud are themselves caused by the way the payment cards themselves are manufactured. Specifically, credit card numbers and other payment account details printed or embossed on traditional plastic cards can be easily copied or stolen. In addition, the magnetic stripe of a credit card can also be forged. In fact, the costs of payment card fraud to banks, merchants, and consumers are growing rapidly. The industry loses nearly $20 billion annually to payment card fraud.

To prevent counterfeiting and misappropriation scams, which are a major source of financial risk for banks and payment brands, major card issuing networks have adopted new technologies to ensure that only legitimate cards are used at physical points of sale. The technologies, developed by the payment card industry and card issuing network Consolidated Enterprise (EMVCo), add tamper-resistant computer microchips with confidential storage and computing power to plastic cards. EMVCo is the payments industry consortium named after EuroPay, MasterCard and Visa (EuroPay, MasterCard and Visa were the original founders of the group), but now also includes AmericanExpress, Discover, JCB and Union Pay as equity partners.

This microchip securely stores the information and programs needed to generate a unique cryptographic signature when a transaction is made at a merchant POS device. The calculation process is safely and confidentially executed inside the embedded microchip at the time of each transaction, and the result is sent to the card issuing bank along with the payment account data through the existing payment network, where the same information stored in the card is used to verify the result authenticating. The stored information will not be made public by the issuer, nor can it be extracted from the microchip by any practical means. The microchip-embedded card then provides a one-time code for every card transaction performed at the physical point of sale. If all merchants use this new mechanism, the risk of counterfeiting cards through misappropriation of account data is largely eliminated.

Another way for card issuers to prevent fraud is to offer cards with near field communication (NFC) components. Cards with an NFC component allow the user to swipe or present the card within approximately 10cm of an NFC reader.

However, microchip-embedded cards (also known as EMV cards or smart cards) and NFC-enabled cards must also work in environments where the new standard has not yet become commonplace. Many merchants have yet to adopt EMV-enabled terminals that can activate microchip cards and read PINs, or NFC readers that can read wireless communication signals. To ensure payment cards are accepted globally, card issuers include a traditional magnetic stripe on the back of the card.

Additionally, to enable electronic and telephone commerce, the issuer has the payment account number printed on the card and/or embossed on the plastic. In this way, not only can financial transactions be performed using microchips or NFC components, but also magnetic stripes can be used in financial transactions by using POS swiping operations or account numbers can be used in telephone or Internet transactions. The method used to communicate account information from the card to the merchant terminal is called a schema. In other words, the microchip card can be used in at least four different modes of financial transactions including, for example, a magnetic stripe mode, various modes using EMV chips, an NFC mode, and a manual card number entry mode. Microchips can implement other modes as well, which is why there may be more than four different modes of financial transactions.

If a thief comes across one of the newer EMV or NFC payment cards and takes control of the card, even for a brief moment, they can easily steal payment account sensitive data without having to worry about the embedded chip and NFC components. This can be achieved by reading the payment data from the magnetic strip, thereby counterfeiting the card. Thieves can also steal data for use in fraudulent e-commerce by taking a photo of the card and capturing the card number. It should be noted that neither magnetic stripe data nor printed data is protected by digital security measures such as passwords. The stolen data is then used in less secure retail stores that do not have EMV systems, or the thieves go online to conduct e-commerce transactions.

Therefore, there is a need for more secure payment cards. In order to prevent the above-mentioned problems, and at the same time to improve consumer satisfaction and improve the management and control experience of payment cards, the present invention introduces several innovative elements for the authorization and processing of payment cards, financial networks and financial transactions.

Contents of the invention

The present disclosure describes payment cards, systems, and methods for securely managing financial transactions using payment cards. A payment card may take the form of, for example, a plastic payment card, a virtual card, a portable business device, one or more components embedded in a mobile device, an application running on a mobile device or computer, and other forms of payment credentials. According to one embodiment, a payment card includes a first component incorporated into the plastic substrate, the first component configured to provide details of a first alternate account associated with the cardholder's primary financial account.

The payment card may also include additional components incorporated into the plastic substrate. The additional component is configured to provide details of additional alternative accounts associated with the cardholder's valid credentials. The first alternative account includes details that are different from those of the second alternative account, and from all additional alternative accounts. At least one of the first, second, or additional alternative accounts is provided to the merchant for conducting financial transactions with the merchant.

According to another embodiment, the account linking device comprises at least one network interface configured to communicate with a plurality of merchant terminals via a first network and with a financial institution via a secure network. The account linking device also includes a transaction authentication module configured to, based on the first set of details obtained by the first merchant terminal for a first alternate account associated with a payment card owned by the cardholder, provide a transaction for one of the plurality of merchant terminals. The first commercial terminal authenticates the first financial transaction. The transaction verification module is further configured to authenticate an additional financial transaction for an additional merchant terminal of the plurality of merchant terminals based on another set of different details obtained by the additional merchant terminal for the additional alternative account associated with the payment card owned by the cardholder.

According to yet another embodiment, a system for providing security for payment cards is provided. The system includes a first merchant terminal and additional merchant terminals respectively connected to a network. The first merchant terminal is configured to obtain details of the first alternative account from a first set of information associated with a payment card owned by the cardholder. The additional merchant terminal is configured to obtain details of the additional alternative account from a further set of information associated with the payment card. The system also includes an account linking device connected to the network. The account linking device is configured to receive details of the first alternative account and the additional alternative account from the first merchant terminal and the additional merchant terminal, respectively. The account association device is also configured to associate the first alternate account and the additional alternate accounts with valid credentials belonging to the cardholder. Additionally, the account linking device manages financial transactions between the financial institution with which the cardholder maintains valid credentials and the first and additional merchant terminals. The first set of information is different from the other sets of information.

Various implementations described in this disclosure may include additional systems, methods, features, and advantages that may not necessarily be explicitly disclosed herein, but would be appreciated by those of ordinary skill in the art upon review of the following The detailed description and drawings will be apparent later. It is intended that all such systems, methods, features and advantages be included within this disclosure, and be protected by the following claims.

Description of drawings

Features and components shown in the following figures are to emphasize the general principles of the invention and are not necessarily drawn to scale. Corresponding features and components have been assigned matching reference numerals throughout the drawings for consistency and clarity.

Figure 1 is a block diagram showing a payment card system according to various embodiments of the present invention;

2A and 2B are diagrams showing a front view and a rear view, respectively, of a first payment card according to various embodiments of the present invention;

3A and 3B are diagrams showing a front view and a rear view, respectively, of a second payment card according to various embodiments of the present invention;

FIG. 4 is a block diagram showing the account association device shown in FIG. 1 according to various embodiments of the present invention;

FIG. 5 is a block diagram showing the user account module shown in FIG. 4 according to various embodiments of the present invention.

Detailed ways

The present invention relates to payment devices, hereinafter referred to as payment cards, such as plastic payment cards, virtual cards, wearable business devices, components embedded in mobile devices, applications running on mobile devices or computers, and other payment credentials. The invention also relates to systems and methods for conducting financial transactions using payment devices. The present invention may include commercially viable computing services, mobile applications, and websites, and may be implemented in conjunction with financial institutions using the payment cards or other payment devices described herein. The present invention introduces several innovative elements that can be used with existing card and valid credential issuers to prevent various forms of fraud. As used herein, the term "valid credential" means a valid funds disposition instrument, which may be, but is not limited to, a credit card, charge card, direct deposit account, savings account, checking account, loyalty card, gift card, or other card or device .

The present invention includes a multimodal payment device that can be used in different modes for different types of financial transactions. For example, the payment cards described herein may include multiple modes for completing transactions. Some of the modes may include: those involving microchips embedded in cards, those involving near field communication (NFC) components, those involving magnetic stripes, entering card numbers and card security verification values (CVV) in online transactions those modes, and/or other modes. The invention includes a novel fraud reduction feature, a mobile phone application and a corresponding website for controlling the novel fraud reduction feature. Additionally, computing services can be used in authorization and processing networks that serve online and retail merchants.

Current payment card issuance practice is to include the cardholder's unique primary account number (PAN) details directly corresponding to the cardholder's actual valid credentials in all the different modes of the payment card (i.e. including magstripe, EMV chip, NFC, etc.). However, by using an alternate account number or token in place of the primary account number (PAN), as described in the present invention, an account linking device can be interposed between the merchant and the issuing bank to increase the security of the transaction, or as part of the payment processing process. Part of the account-linked device can be invoked by the issuing bank. The payment device system described here securely replaces cardholder PAN details in the network prior to transaction authorization and processing. This prevents disclosure of the cardholder's PAN details to the merchant.

The present invention uses multiple different sets of anonymous and unpredictable alternative account details for each payment device. In an example using an actual payment card, one set of alternate account details could be associated with one or more patterns of the EMV chip, another set of alternate account details could be associated with another pattern of the EMV chip, yet another set of alternate account details Can be associated with the NFC component, yet another set of alternate account details for use on the magnetic stripe, yet another set of alternate account details for use in e-commerce, and yet another set for manual entry. Using different sets of alternate account details prevents cross-modal payment fraud.

The current practice is that the PAN contained in the EMV chip is the same as the PAN contained in the magnetic stripe and printed on the card. In this way, financial transactions can be accepted in the presence of any one of the multiple modes, which provides the conditions for cross-modal fraud. For example, thieves may intercept EMV card details and create fake magnetic stripe cards. As another example, thieves may use card data readers to steal both EMV and magnetic stripe account details and then conduct unauthorized e-commerce transactions. However, the invention is not limited to employing the same PAN for all modes. Instead, the present invention employs multiple sets of different alternate account details corresponding to multiple valid credentials, where each alternate account can be associated with a different schema. In this way, cross-modal payment fraud is prevented.

It should be noted that the payment devices described herein may be implemented as credit cards, debit cards, virtual cards, wearable devices, Internet of Things (IoT) devices, components and/or applications embedded in mobile devices, and/or other financial documents. In other embodiments, the payment devices described herein are applicable to non-payment devices used in payment environments other than commercial environments. For example, non-payment devices (e.g., loyalty cards, mobile devices, and other non-financial credentials) may be adapted for other functions as proxy credentials in place of electronic authentication identification (e.g., for health insurance use, for driver's license use etc.), to gain access to secure points, to provide photographic identification of cardholders, and for other purposes. Further, the valid credentials associated with the alternative account details may be payment credentials and/or non-payment credentials, such as loyalty vouchers, medical insurance credentials, and other financial or non-financial credentials.

The block diagram of FIG. 1 shows an embodiment of a payment card system 10 in which a financial institution 28 issues payment cards, such as credit or debit cards, for customers. In other embodiments, customers may use other types of proxy credentials other than payment cards, such as mobile devices. According to the embodiment of FIG. 1 , payment card system 10 includes a public network 12, one or more user devices 14, one or more merchant terminals 16, one or more wireless communication antennas 18, one or more mobile devices 20, and Account linking device 24 .

The term "merchant terminal" is used to describe a physical terminal, website, or other device used to provide functionality with a merchant initiating payments. Merchant terminals can be embedded in POS devices and can be "virtual" as in e-commerce website processing. Additionally, the merchant terminal may be a back office device not involving the card, customer, merchant or merchandise, such as when recurring payments are initiated due to a service. "Merchant terminal" may represent POS devices, merchant online systems, and other mechanisms owned/controlled by the merchant for conducting various modes of purchase. A merchant terminal may include any merchant system used in different payment modes employing one or more technologies (eg, EMV chip, magnetic stripe, NFC, e-commerce, etc.).

Network 12 may include a wide area network, the Internet, a private network, and/or other publicly accessible networks. Additionally, network 12 may include local area networks associated with different merchants. Network 12 may also communicate with one or more cellular networks connected to antenna 18 .

User equipment 14, merchant terminal 16, and antenna 18 may be connected to network 12 through one or more wired or wireless connections to enable electronic communication between the various components. Wireless communication antennas 18 may include one or more cellular towers, orbiting satellites, or other wireless communication hubs for communicating with mobile devices 20 .

The account association device 24 may be a server, a network server, software running on the server, a hardware device, or any intermediate computing device or device suitable for providing various transaction services. The account linking device 24 is also connected to a secure network 26 which is also connected to one or more financial institutions 28 and one or more databases 30 through wired or wireless connections. The secure network 26 may be a private network, a local area network, a virtual private network (VPN), or a highly encrypted public network. Account linking device 24 may be configured to store information in database 30 for pointing one or more alternate accounts to real accounts held by a cardholder or customer of financial institution 28 .

In a purchasing operation, a customer who has been issued a payment card can use the payment card to pay for goods or services. The payment card may be presented to the merchant at one of the merchant terminals 16 . It should be noted that multiple merchant terminals 16 may be associated with the same merchant to obtain account information through different modes. In fact, multiple merchant terminals 16 may be associated with a single device used by the merchant to obtain information on a single POS device. Accordingly, the POS device may obtain information from the payment card by a first mode using a chip embedded in the card, or by another mode involving the use of an NFC component or a magnetic strip on the card. In other transactions such as online transactions or telephone transactions, the card number printed and/or embossed on the card may be entered electronically or by a merchant order representative.

According to other embodiments, instead, the payment card system 10 may be configured as a system for performing non-payment activities. Instead of performing various functions related to financial accounts as disclosed herein, the non-payment system may also process other types of credentials for business entities that are not financial institutions.

The account linking facility 24 uses the database 30 to link any alternative account data values with the cardholder's valid credential details. Any alternative account data values and valid credential details may be provided by the cardholder when registering for services provided by the account linking device 24 . In one embodiment, the cardholder can use a mobile application on one of the mobile devices 20 or use a web service provided by the user device 14 (which can be a conventional computer or web browser) through the account linking device 24 to access the account at any time. Change the valid credential details linked to the alternate account. Account associating facility 24 associates the plurality of valid credentials with the plurality of alternate accounts. Valid documents can be financial or non-financial documents. In one embodiment, account linking facility 24 associates valid credentials from issuing financial institution 28 with multiple alternate accounts. In one embodiment, account linking facility 24 associates valid credentials from issuing financial institution 28 and other financial or non-financial institutions with multiple alternate accounts.

The account linking device 24 is arranged in the payment card system 10 such that the account linking device 24 receives a notification presented by the merchant through one of the merchant terminals 16 requiring authorization of one of the plurality of alternate accounts representing each card. All Transactions. The account association device 24 associates a plurality of alternative accounts with one or more customer valid credentials using a customizable rule engine that applies one or more Facts are sensitive. Current transaction data may include, but is not limited to, merchant category codes, merchant IDs, transaction volumes, alternate account numbers, service codes, and card security codes, for example.

Account linking facility 24 may also access data through database 30 including, but not limited to, prior transactions presented for a particular alternate account, prior transactions presented for another alternate account associated with the same cardholder, transactions for the same merchant Or a previous transaction presented at the same merchant location, the geographic location of the cardholder's primary mobile phone when the transaction was presented. The geographic location may be determined by, for example, Global Positioning System (GPS), short-range radio signals (such as Wi-Fi ^™ , Bluetooth ^™ , Bluetooth low energy beacons, Zigbee ^™ , Z-wave ^™, or combinations thereof), and other location Sensitive factors to determine. An alternate account that can be associated with a valid credential has no balance or established credit on its own and cannot be used to settle any transactions.

Payment card system 10 may be used to provide security for the use of payment cards. The payment card system 10 may include a first merchant terminal 16 connected to the public network 12, wherein the first merchant terminal 16 is configured to obtain details of the first alternative account from a first set of information associated with the payment card owned by the cardholder. The payment card system 10 may include a second merchant terminal 16 connected to the public network 12, wherein the second merchant terminal 16 is configured to obtain details of the second alternative account from a second set of information associated with the payment card. In this embodiment, the payment card system 10 also includes an account linking device 24 connected to a public network. The account linking device 24 is configured to receive details of the first and second alternative accounts from the first and second merchant terminals 16, respectively. The account linking device 24 is further configured to link the first and second alternate accounts with valid credentials belonging to the cardholder. The account linking device 24 also manages financial transactions between a financial institution 28 from which the cardholder obtains a valid credential and the first and second merchant terminals 16 . Furthermore, it should be noted that the first set of information is preferably different from the second set of information.

The payment card system 10 may also include a third merchant terminal 16 connected to the public network 12, wherein the third merchant terminal 16 may be configured to retrieve a third set of information associated with the payment card, and preferably a different third set information to obtain details of the third alternative account. In some embodiments, the first set of information is obtained from a microchip on the payment card, the second set of information is obtained from an NFC component embedded in the payment card, the third set of information is obtained from a magnetic stripe on the payment card, and the fourth set of information Obtained from the card number printed and/or embossed on the payment card. Several other sets of information can also be obtained from other different modes now known or later developed. The first set of information, the second set of information, the third set of information, the fourth set of information, and other sets of information may be generated by the financial institution. Some of these sets of information may be manually entered.

Alternative embodiments include a payment card system 10 in which the payment card does not have a printed and/or embossed account number. Likewise, payment cards may not have a magnetic stripe, or one of the other modes. In this case, the cardholder can use only the magnetic stripe and/or NFC component, or the pattern reserved on the card, when using the payment card at the merchant terminal.

A different set of account details can also be communicated to the cardholder for online or telephone transactions. The set of different account details may be sent to the cardholder via computer (eg user device 14 ) and/or via mobile device 20 by post, email or SMS.

In some embodiments, a mobile device 20 associated with a cardholder may be incorporated into the system 10 . One of the merchant terminals 16 may be an online merchant device configured to conduct online transactions, and the mobile device 20 may be configured to store and retrieve a dynamic verification value (d-CVV) generated from the account link device 24 or to calculate a dynamic verification value that dynamically The verification value is sent to or manually entered into the online merchant device. In some cases, one or more merchant terminals 16 may be embedded in a point-of-sale (POS) device.

The user device 14 associated with the cardholder is configured such that the cardholder can manage alternate accounts and valid credentials through the account linking device 24 . Account linking device 24 is configured to enable the cardholder to enter registration information, monitor activity on alternate accounts, enable or disable one or more modes of transactions with the payment card, report loss or theft of the payment card, and provide information related to Information related to various valid credentials. For example, account association device 24 may provide a website that includes one or more web pages that enable cardholders to navigate to the website using user device 14 .

Figures 2A and 2B illustrate a first payment card 36 according to various embodiments of the invention. FIG. 2A shows the front 38 of the payment card 36 and FIG. 2B shows the back 40 of the payment card 36 . Payment card 36 may include financial institution 28 name 42 , microchip 44 , card number 46 , customer name 48 and expiration date 50 located on front 38 of payment card 36 . In some embodiments, the card number 46 may be embossed on the payment card 36 . Additionally, the back of the payment card 36 may include a magnetic stripe 52 , a signature box 54 , and a card verification value (CVV) 56 . The payment card 36 may further include an NFC component that may be embedded under the surface of the payment card 36 for enabling contactless transactions.

In one embodiment, the payment card 36 may be a plastic EMV microchip card issued by the card issuing bank according to the issuance rules established for one of several global branded payment card networks. The payment card 36 includes preconfiguration and personalization so that it can be used at any EMV enabled merchant POS.

However, the account details contained in the microchip 44 are not those of the primary cardholder, but are arbitrary values generated by the card issuer. The account details herein may be referred to as "alternative account details". Alternative account details are used as a substitute for valid credentials but are not used to identify any particular customer. Instead, alternate account details relate to alternate accounts that are generated by the card issuing bank but are not associated with any particular valid credential.

In the embodiment of FIG. 2, the microchip 44 and magnetic strip 52 contain different payment account numbers, expiration dates, and other token account details for two different alternate accounts. Simply put, microchip 44 and magnetic stripe 52 appear to represent entirely different payment accounts. A transaction at an EMV enabled merchant with the microchip 44 will contain different account details than a transaction at the merchant using the magnetic stripe 52 on the same card 36 . Likewise, NFC transactions can use different payment account details than when EMV mode and magstripe mode are enabled.

In one embodiment, the financial institution 28 provides the customer with alternate account details for e-commerce or telecommerce transactions such that the details are different from the alternate account details for the microchip 44 or magnetic stripe 52 . It should be understood that facsimile, email and other forms of electronic and telephone communication may also be used. It should also be understood that, for transactions by mail, alternative account details may be recorded on the mail order. The e-commerce alternate account details may not be printed or embossed on the payment card 36, but are provided separately to the customer, or may be printed or embossed on the payment card, depending on the embodiment.

Figures 3A and 3B illustrate a second type of payment card 60 according to various embodiments of the invention. FIG. 3A shows the front 62 of the payment card 60 and FIG. 3B shows the back 64 of the payment card 60 . The payment card 60 may include the financial institution's name 66 and a microchip 68 on the front of the payment card 60 . It should be noted that the payment card 60 does not have the card number and customer name that would normally appear on a traditional payment card. The back 64 of the payment card 60 may be blank or may simply include the name and address of the financial institution. The back 64 therefore lacks the traditional magnetic stripe and CVV code. Payment card 60 does not have a pre-printed card number, embossed account data, expiration date data, cardholder name, or other account data. By making the card anonymous and not including a human readable account number, routine theft of account data from the front and back of the card is prevented.

Currently, Visa ^(TM) and MasterCard ^(TM) include rules for credit and debit cards requiring the cardholder's name and account number to be displayed on the card. Therefore, the embodiment of Figure 3 does not comply with these current rules. However, the payment card 60 described in the present invention can be carried openly without risk of loss or theft because the cardholder name and account number cannot be obtained by visual inspection. For online, mail order, telephone, and other similar transactions, individual cards or electronic files can be securely stored at the cardholder's home.

In some embodiments, payment cards 36, 60 may be made from a plastic substrate. The first component (eg microchip 44) may be incorporated inside the plastic substrate of the card shown in Figs. 2 and 3 . The first component may be configured to provide details of a first alternative account associated with the cardholder's valid credentials. The payment card 36 of FIG. 2 may also include additional components incorporated into the plastic substrate. These additional components are configured to provide details of additional alternative accounts associated with the cardholder's valid credentials. The first alternative account includes different details from those of the second alternative account and from all additional alternative accounts. At least one of the first alternative account, the second alternative account, or the additional alternative account is provided (eg, using merchant terminal 16 ) to the merchant for conducting financial transactions with the merchant.

The merchant is configured to communicate details of the at least one alternate account to the account linking device 24 via the network 12 . The account linking facility 24 is configured to link at least one of the alternate accounts with one of the cardholder's valid credentials, wherein the account linking facility 24 is further configured to manage the financial institution 28 and the merchant account associated with the cardholder's primary financial account. A financial transaction between associated merchant terminals 16 .

According to some embodiments, payment card 36 of FIG. 2 may further include additional components (eg, card number 46 ) incorporated into the plastic substrate. The card number can be printed and/or embossed on the plastic substrate. In alternative embodiments, a payment card such as payment card 60 may not have at least one of a printed or embossed card number, a magnetic stripe, and/or other patterns.

The first substitute account, the second substitute account, and the additional substitute account may be read by a point-of-sale (POS) device (eg, merchant terminal 16) from the first component, the second component, and the additional component. To conduct a financial transaction, some embodiments may include the use of a mobile device 20 associated with the cardholder.

FIG. 4 is a block diagram illustrating an embodiment of the account linking device 24 shown in FIG. 1 . In the embodiment of FIG. 4 , the account association device 24 includes a security module 74 , one or more web pages 76 , a user account module 78 , one or more web interfaces 80 , and a transaction authentication module 82 . The one or more network interfaces 80 are configured to enable communications over the first public network 12 and also enable communications over the secure network 26 . The user account module 78 allows the user or customer to perform many different actions regarding the financial account and regarding how the payment card 36, 60 is used. The user account module 78 is described in more detail below with reference to FIG. 5 .

Security module 74 may include a random number generator for generating a temporary dynamic card verification value (d-CVV). d-CVV can be sent to mobile devices. Additionally, the security module 74 may include an encryption engine for encrypting data transmitted over the public network 12 . Account linking device 24 may be configured as a web server that allows one or more users to access information from a web page 76 and allows secure connections to be established for the transfer of sensitive information such as customer information, card numbers, and the like. The transaction authentication module 82 is configured to authenticate financial transactions using the payment cards 36,60.

In one embodiment, the token account details are protected by encryption using a key, which may be provided by the security module 74 . In one embodiment, the key is derived from a customer-created password. In another embodiment, the key may instead depend on other data including, but not limited to, the identity of the mobile device 20, the cardholder's identity number known to the security module 74 of the account linking device 24, the The country in which the service is registered, a passkey controlled by the cardholder's biometric authentication (such as fingerprint, iris scan, face or voice recognition), or a biorhythm pattern matched to one or more body rhythms that These include, but are not limited to, pulse rate, epidermal conductance, iris size, eye blink rate, encephalography, electrocardiography, and other factors that alone or in combination are considered individual biomarkers.

Common plastic cards may only have a three or four digit CVV printed on the front or back of the card. E-commerce sites now routinely ask for this value to ensure that the customer is holding the card themselves. But because the CVV is a short number printed on the card, it is easily stolen along with the card account data. Thus, using a dynamic CVV (d-CVV) at the time of a transaction that can be generated by the security module 74 for only one transaction prevents this form of theft. In some embodiments, instead of using a d-CVV generated for only one transaction, the d-CVV can be applied to multiple transactions associated with a particular merchant or can be used multiple times based on other criteria, such as a range of days, The days of the week, the area code of the merchant, the type of purchase, and more. According to some embodiments, a mobile application running on the mobile device 20 associated with the cardholder may be configured to obtain the d-CVV as needed. Alternatively, a website provided by account linking device 24 may be used when mobile device 20 is unavailable. Thus, in this case, the account-linked device can generate d-CVV.

In addition to use during financial transactions, the system 10 may alternatively be applied for non-payment purposes. For example, system 10 may be used to replace some form of identifier with a token or substitute identifier. Such identifiers may include social security numbers (in the United States), public health identification numbers, loyalty programs, and other forms of account numbers where the use of real numbers may present a risk of compromise, identity theft, or other fraud.

Account linking device 24 may also be used to provide restricted transactional access to protected record sets, such as medical record requests, lab results, credit checks, licenses to practice, business licenses, and use of government or business-issued identification account numbers other forms of relying party investigations.

The payment card system 10 can also be used for some non-payment transactions, including driver's licenses, border control documents, building and resource access cards, and gift cards. In this embodiment, the payment card 30, 60 uses one or more modes for payment transactions while using one or more modes for non-payment purposes, through separate alternative accounts for different modes .

In some embodiments, account linking device 24 may include at least one network interface 80 configured to communicate with a plurality of merchant terminals over first public network 12 and with financial institution 28 over secure network 26 . For example, the financial institution 28 may be a bank that issues payment cards 36, 60 for cardholders. The account linking device 24 may also include a transaction authentication module 82 configured to: obtain the first merchant terminal of the first alternate account associated with the payment card 36, 60 held by the cardholder based on the first merchant terminal. A set of details for authenticating a first financial transaction at a first merchant terminal of the plurality of merchant terminals 16 . The transaction authentication module 82 may be further configured to authenticate a plurality of merchant terminals based on a different second set of details obtained for a second merchant terminal of a second alternate account associated with a payment card 36, 60 held by the cardholder. The second financial transaction at the second merchant terminal in 16 is authenticated.

The transaction authentication module 82 may be further configured to determine whether the alternate account corresponds to the cardholder's valid credentials. The transaction authentication module 82 may also be further configured to determine whether the received alternate account details correspond to expected alternate account details for the payment card model being used. The transaction authentication module 82 is further configured to manage financial transactions between the financial institution 28 and the first and second merchant terminals 16 . The transaction authentication module 82 is further configured to, based on the additional group details obtained by the additional merchant terminals of the additional alternate accounts associated with the primary account of the payment card 36, 60 held by the cardholder, authenticate the merchant terminals 16 in the plurality of merchant terminals 16. The additional financial transaction of the additional merchant terminal is authenticated. A first set of details can be obtained from the microchip 44 on the payment card 36, 60, a second set of details can be obtained from the magnetic The card number 46 is obtained.

The network interface 80 may be further configured to communicate over the network 12 with a remote device (eg, user device 14 or mobile device 20 ) associated with the cardholder. The network interface 80 may be further configured to receive instructions from the remote device 14, 20 to enable the cardholder to manage a master account associated with the payment card 36, 60, wherein managing the master account includes at least one of the following: entering registration information 86, monitoring 94 Activity on the master account, enabling and disabling 90 one or more modes of transactions with the payment card, reporting 92 a lost or stolen payment card, and providing 88 information about the first and second alternate accounts.

FIG. 5 is a block diagram illustrating an embodiment of the user account module 78 shown in FIG. 4 . In this embodiment, the user account module 78 includes a registration module 86 , a provisioning module 88 , an enabling module 90 , a reporting module 92 , and a monitoring module 94 . The user may access the user account module 78 using a mobile application running on the cardholder's mobile device or by visiting a website provided by the account linking device 24 using the cardholder's user device 14 .

The user account module 78 enables the cardholder to establish and manage rules that are enforced by the account linking device 24 on behalf of the cardholder. Such rules may be sensitive to one or more facts known to the cardholder customer including, but not limited to, payment value, merchant ID, local time and date encoded in the transaction message, distance from the merchant's registered location at the time of the transaction, The geographic distance of the customer's mobile device, the local currency of the transaction, the country in which the transaction occurred, the country of the merchant, whether the transaction is presented as a magnetic stripe transaction, an EMV transaction or an e-commerce, phone or mail order transaction, and the cardholder Authentication methods such as, but not limited to, one or more of the following: entering a personal identification number (PIN) code into a merchant POS terminal, signing a receipt, entering a password into a mobile device, and fingerprint or other biometric methods.

The registration module 86 may be configured to enable the cardholder to register additional alternative accounts and additional valid credentials. The enablement module 90 may be used to enable the cardholder prior to authentication to enable or disable certain modes or types of transactions, or to enable or disable specific transactions themselves, according to various uses the cardholder foresees based on various criteria. The enabling module 90 is operable to enable the cardholder to specify from which valid credential payment should be deducted under various possible circumstances and criteria. Reporting module 92 enables users to report payment cards 36, 60 as lost or stolen. One embodiment of the reporting module 92 enables the account linking facility 24 to manually or automatically report relevant information to the user or financial institution 28, including reporting of potentially fraudulent activity across alternate account details and/or payment cards. The monitoring module 94 allows the user to view previous transactions to monitor all card activity.

The pre-configuration module 88 allows the user to individually distinguish between different sets of alternate account details. Traditional card issuance systems assume that certain data elements are shared between the microchip, magnetic stripe, and printed/embossed card number. However, in contrast to traditional card issuance systems, the preconfiguration module 88 allows each of these and other elements to be preconfigured using separate data elements. The provisioning module 88 is configured to respectively identify these different sets of alternative account details stored in a common preconfiguration data file communicated during the preconfiguration step of the card.

If a cardholder's payment card 36, 60 is lost or stolen, the cardholder may experience unauthorized use of their payment card. However, while in some countries thieves can use the NFC feature to purchase items below a certain spend value (eg, $100), typically thieves cannot use the EMV feature without the cardholder's PIN code, where the cardholder The PIN code may be entered during the preconfiguration process using the preconfiguration module 88 . Additionally, stolen cards cannot be used for electronic or telephone commerce since the account details are different for the individual transaction models.

The preconfiguration module 88 may further include receiving cardholder identification information not printed on the payment card 36 , 60 . According to some embodiments, the pre-configuration module 88 may enact cardholder usage rules by requiring the cardholder's mobile device 20 and a transaction using the payment card 36, 60 to be present at the same time. Additionally, the mobile application of the mobile device 20 can be used to immediately block transactions from stolen cards reported by the reporting module 92 as having been stolen. The user account module 78 may configure its rules to block magstripe transactions unless the cardholder unlocks them each time using the mobile application on the mobile device 20 . The latter method can effectively prevent the use of counterfeit magnetic stripe cards. The user account module 78 may also configure its rules to block transactions from any and all of the different modes, or block transactions that fall within certain criteria, unless the cardholder unlocks them each time.

In one embodiment, a mobile application is available on the cardholder's primary mobile device 20 . The mobile application can be used by the cardholder to register an alternate account or valid credential in the user association device 24, control the provisioning or association between the valid credential and one or more alternate account details pre-provisioned to the payment card. The mobile app also enables users to enable or disable authorization for transactions that occur through any alternate account pre-configured to the plastic payment card, report a payment card as lost or stolen, and report a payment card as sensitive or high-value or high-value An additional authentication factor for venture transactions.

The mobile device 20 may also store in memory alternative account details that may be associated with "card presented" and "no card presented" transactions. These alternate account details may be stored in memory and recalled by the customer by entering a password and/or another authentication factor into the mobile device 20 . As a means of interacting with the e-commerce site, the mobile application securely holds the e-commerce alternative account details and displays them to the user based on proper authentication through passwords, biometrics and/or other factors. In another embodiment, the alternate account details are transmitted by the account linking device 24 and received by the mobile device 20, and then recalled by the customer by the customer entering a password and/or another authentication factor into the mobile device 20.

The embodiments described herein represent many possible implementations and examples, and are not intended to limit the invention to certain specific implementations. Rather, various modifications to these embodiments will be apparent to those skilled in the art. Any such modifications are intended to be within the spirit and scope of the invention.

Claims (26)

1. a kind of Payment Card, including：

The first component being merged into plastic-substrates, the first component are configured to provide for associated with effective voucher of holder First substitute account details；With

It is merged at least one of plastic-substrates additional component, each at least one additional component is matched It is set to and at least one additional details for substituting account associated with effective voucher of the holder is provided；

Wherein, the details that account includes different from each other replacement details of account are each substituted；And

Wherein, at least one replacement account is supplied to businessman for carrying out financial transaction with the businessman.

2. Payment Card according to claim 1, wherein the businessman is configured to will be in the replacement account via network At least one details for substituting account send account associate device to, wherein the account associate device is configured to the replacement At least one of account is associated with effective voucher of the holder, and the wherein described account associate device is additionally configured to It manages between financial institution associated with effective voucher of the holder and merchant terminal associated with the businessman Financial transaction.

3. Payment Card according to claim 1, wherein the first component be merged into the plastic-substrates or on One kind in microchip, near-field communication NFC device and magnetic stripe, and at least one additional component is the microchip, NFC Another kind in equipment and magnetic stripe.

4. Payment Card according to claim 3, wherein an additional component at least one additional component includes The card number of printing or embossment on the plastic base.

5. Payment Card according to claim 1, wherein the Payment Card does not have the account number and magnetic stripe of the printing or embossment At least one of.

6. Payment Card according to claim 1, wherein mobile device associated with the holder is for completing finance Transaction.

7. Payment Card according to claim 1, wherein the details for substituting account are by merchant terminal from the component It reads.

8. a kind of account associate device, including：

At least one network interface is configured to communicate with multiple merchant terminals via network and via network and financial institution Communication；With

Transaction authentication module is configured to the replacement associated with the Payment Card that holder possesses obtained by merchant terminal One group of details of account are the merchant terminal certification financial transaction in the multiple merchant terminal；

Wherein, the transaction authentication module is further configured to based on by adding possessing with the holder for merchant terminal acquisition The associated additional different details of another set for substituting account of the Payment Card, be attached in the multiple merchant terminal Merchant terminal certification additional financial is added to merchandise.

9. account associate device according to claim 8, wherein the transaction authentication module, which is additionally configured to determine, substitutes account Whether family corresponds to the expection account of the pattern for the transaction, and refuses if necessary, handles or suspend The transaction.

10. account associate device according to claim 8, wherein the financial institution is to described in holder granting Payment Card, and the wherein described transaction authentication module is further configured to manage the financial institution and the first merchant terminal and the Financial transaction between two merchant terminals and additional merchant terminal, and processing has for what is specified in user account module Imitate the payment of voucher.

11. account associate device according to claim 8, wherein the transaction authentication module is further configured to be based on By add the additional replacement account associated with the Payment Card that the holder possesses that merchant terminal obtains other one The different details of group are the additional merchant terminal certification additional financial transaction in the multiple merchant terminal.

12. account associate device according to claim 11, wherein from microchip, the near-field communication on the Payment Card NFC device and magnetic stripe obtain first group, second group and third group details, and the card of printing or embossment from the Payment Card It number obtains the 4th group of details, and obtains other several groups of details by obtainable other patterns.

13. account associate device according to claim 11, wherein in first merchant terminal and the second merchant terminal It is at least one be point of sale POS terminal.

14. account associate device according to claim 8, wherein the network interface is additionally configured to via first network It is communicated with the remote equipment for being associated with the holder.

15. account associate device according to claim 14, wherein the network interface is additionally configured to remotely set from described It is standby to receive instruction so that the holder manage effective voucher associated with the Payment Card, wherein managing effective voucher Including：The one of the transaction that input log-on message, activity, enabling and the disabling for monitoring effective voucher are carried out with the Payment Card Kind or various modes, the report Payment Card lost or be stolen, and pair with the associated multiple replacements of the Payment Card The related information of account is pre-configured.

16. account associate device according to claim 8, further includes one or more webpages of website, the webpage makes The details can be managed using user equipment or navigate to the website by obtaining the holder.

17. a kind of system for providing safety for Payment Card, the system comprises：

It is connected to the first merchant terminal of network, first merchant terminal is configured to from related to the Payment Card that holder possesses The first details for substituting account are obtained in first group information of connection；

It is connected to the second merchant terminal of the network, second merchant terminal is configured to from associated with the Payment Card The second details for substituting account are obtained in second group information；

Be connected to the additional merchant terminal of network, the additional merchant terminal be configured to from it is associated with the Payment Card in addition The additional details for substituting account are obtained in several group informations；With

It is connected to the account associate device of the network, the account associate device is configured to respectively from first merchant terminal Described first is received with subsequent merchant terminal and substitutes account and the subsequent details for substituting account, and the account associate device is also It is configured to substitute account by described first and subsequent replacement account is associated with effective voucher of the holder is belonged to；

Wherein, the account associate device manages the holder and preserves the financial institution of effective voucher and first quotient Financial transaction between family's terminal and subsequent merchant terminal；With

Wherein, first group information is different from follow-up several group informations.

18. system according to claim 17 further includes the additional merchant terminal for being connected to the network, the additional quotient Family's terminal is configured to obtain the additional details for substituting account from addition several group informations associated with the Payment Card.

19. system according to claim 18, wherein described first group, second group and third group information are from the payment What magnetic stripe, microchip on card and near-field communication NFC device obtained, and the 4th group information be from Payment Card printing or What the card number of embossment obtained.

20. system according to claim 17, wherein the Payment Card is without in the account number and magnetic stripe of printing or embossment It is at least one.

21. system according to claim 17 further includes mobile device associated with the holder.

22. system according to claim 21, wherein the mobile device calculates, stores or receive dynamic card verification value D-CVV, to verify transaction.

23. system according to claim 22, wherein first merchant terminal, the second merchant terminal and additional businessman At least one of terminal is arranged to carry out online merchants' equipment of online transaction, and the wherein described mobile device or user By being manually entered or the d-CVV is transmitted to online merchants' equipment by other methods.

24. system according to claim 17, wherein at least one in first merchant terminal and the second merchant terminal It is a to be embedded in the POS terminal of entity point of sale.

25. system according to claim 17, further includes user equipment associated with the holder, the user sets It is standby that the holder is enable to manage effective voucher via the account associate device, and the wherein described account association is set It is standby to be configured to enable the holder to input log-on message, the activity of monitoring effective voucher and by they and various replacements Account is associated, enables and disables one or more patterns of the transaction carried out with the Payment Card, reported the Payment Card It loses or stolen, and pair information related with the first replacement account and the second replacement account is pre-configured.

26. system according to claim 25, wherein the account associate device offer includes one or more webpages Website, the webpage enable the holder to navigate to the website using the user apparatus.