[go: up one dir, main page]

GB2469029A - Internet payment card verification using mobile location - Google Patents

Internet payment card verification using mobile location Download PDF

Info

Publication number
GB2469029A
GB2469029A GB0905398A GB0905398A GB2469029A GB 2469029 A GB2469029 A GB 2469029A GB 0905398 A GB0905398 A GB 0905398A GB 0905398 A GB0905398 A GB 0905398A GB 2469029 A GB2469029 A GB 2469029A
Authority
GB
United Kingdom
Prior art keywords
card
location
mobile telephone
server
transaction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0905398A
Other versions
GB0905398D0 (en
Inventor
David Redpath
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
X122 Co
Original Assignee
X122 Co
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by X122 Co filed Critical X122 Co
Priority to GB0905398A priority Critical patent/GB2469029A/en
Publication of GB0905398D0 publication Critical patent/GB0905398D0/en
Publication of GB2469029A publication Critical patent/GB2469029A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3224Transactions dependent on location of M-devices
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A card issuer sever 7 is arranged: to store details relating to issued payment cards 1 together with a plurality of mobile telephone numbers associated with respective card holders 2 of the payment cards 1. An online retailer 6 requests authorisation for a transaction on the payment card 1. If the request for authorisation was received in a predetermined period of the notification the mobile telephone number of the card holder associated with the received card details, an enquiry regarding the location of a mobile telephone 3 associated with that mobile number is sent to a mobile telephone network 10; in order to authorise or decline the transaction depending, at least in part, on information relating to the location of the card holders mobile telephone received from the telephone network 10. A card issuer server in accordance with the present invention can use the location of card holders telephone to provide an indication of whether the card holder is at the notified location. In this manner a card obtained unlawfully cannot be used to perform an online transaction, unless the location of the card holders mobile phone is also known. The card holder may access the system using a password protected web portal.

Description

Verification of a Payment Card Transaction over the Internet The present invention relates to a system and method for verification of a payment card transaction made over the Internet.
For the purposes of this specification, a payment card is defined as any card used for the payments of goods or services, or for the recordal of other transaction types and includes credit and debit cards.
Transactions conducted by means of a payment card have, in the past, commonly been made by a retailer or merchant taking an imprint of a card holders card on a payment slip and obtaining the card holder's signature on the imprinted payment slip, on which the transaction amount was also recorded. Such systems have been replaced by electronic card readers, which originally used a magnetic strip on the card to obtain details relating to the card. To reduce fraudulent use of the payment cards, in some countries all debit and credit cards are now of the "chip and PIN" cards, where the card has an electronic chip on which data is stored. A card holder first enters his card into the card reader, which card reader then requires the card holder to enter his personal identification number (PIN) into the card reader in order to conduct a transaction.
In systems where a card reader is employed, the card reader can connect during the transaction to an acquirer server, typically at the bank of the retailer, which in turn contacts a server of the card issuer, for example a bank, or a card scheme used by the card issuer, for example MasterCard TM or VISA TMto obtain authorisation for the transaction, prior to completing the transaction.
Unfortunately, transactions made over the Internet do not benefit from the increased security provided by "Chip and PIN" and it is an object of the present invention to provide a more secure system of performing transactions with a payment card over the Internet.
According to a first aspect of the present invention, there is provided a card issuer sever arranged: to store details relating to issued payment cards together with a plurality of mobile telephone numbers associated with respective card holders of the payment cards; to be accessed by a card holder and to receive from the card holder notification of the location of a computer where the card holder intends to make an online transaction from; to receive details relating to a payment card from an online retailer requesting authorisation for a transaction on said payment card; to determine if the request for authorisation was received in a predetermined period from said notification; if it was, to identify the mobile telephone number of the card holder associated with the received card details; to issue an enquiry regarding the location of a mobile telephone associated with that mobile number to a mobile telephone network; and to authorise or decline the transaction depending, at least in part, on information relating to the location of the card holders mobile telephone received from the telephone network.
A card issuer server in accordance with the present invention can use the location of card holders telephone to provide an indication of whether the card holder is at the notified location. In this manner card details obtained unlawfully cannot be used to perform an online transaction, unless the location of the card holders mobile phone is also known.
Furthermore the card holder, in first providing the necessary notification, has to contact the card issuer, which will typically be his bank. This will normally be through secure means such as his online banking login, which is protected by a password which should only be known to the card holder. Thus a secure means is provided only permitting online transactions to be performed by a person who knows the current location of a mobile telephone of the card holder and who has access to the server of the card issuer.
The notification of the location may be in any form that identifies the location, for example a map reference, postal code or any identifier that identifies the location to the card issuer server.
In one embodiment, the card issuer server is arranged to provide the notified location to the mobile telephone network and receive a response advising whether the mobile telephone is at the said location. This avoids the need for the telephone network to divulge the location of the mobile telephone. Alternatively, the card issuer server may be arranged to request the location of mobile telephone associated with the card holder and then compare the location received from the telephone network with the notified location received from the card holder. This requires the mobile telephone network to divulge the location of the mobile telephone to the card issuer server, but then enables the card issuer server (which is responsible for authorising the transaction) to set parameters by which it considers the card holder's mobile telephone to be at the notified location.
According to a second aspect of the present invention there is provided: a system for verification of payment card transaction over the Internet, the system comprising a card issuer server in accordance with the first aspect of the invention described above; a server associated with an online retailer; an acquirer server and a card location server, wherein: the retailer server is arranged to transmit card details to the acquirer server; the acquirer server is arranged to identify from the card details the payment card issuer, to contact the card issuer server and provide the card issuer server with card details; the card issuer server is arranged to issue an enquiry regarding the location of the mobile telephone by transmitting the notified location to the card location server; and the card location server is arranged to issue an enquiry to the appropriate telephone network and make a comparison of the notified location and the location of the card holders mobile telephone supplied in response to the enquiry, establish if the locations are the same and communicate this to the card issuer server.
For the purposes of this specification, the card issuer server' may not be a single entity but is a term used to describe a computer or computer system associated with the card issuer or acting under the instructions of the card issuer, and may be at an establishment of a company contracted by the card issuers to provide card location services.
Similarly, what is termed the acquirer server' for the purposes of this specification need not be a single server but may be a computer system of the acquirer or a computer system over which the acquirer has some control, possibly by contracting services to a third party such as a party administering a card scheme. All the connections referred to may be by way of one or more intermediaries.
The card issuer server may be arranged to receive the notification from the card holder via a password protected web portal and this could be by his normal Internet banking login.
According to a third aspect of the invention, there is provided a method of verifying a payment card transaction comprising receiving from the card holder notification of the location of a computer from where he intends to perform an online transaction, determining on receipt of a request for authorisation of a transaction from an online retailer whether said notification has been received within a predetermined period prior to the request for the authorisation and, if it has, determining if the card holder's mobile telephone is at the notified location.
The present invention will now be described by way of example only, with reference to the accompanying figure, which figure schematically illustrates one possible configuration of components of a system for verification of a payment card transaction, in accordance with the present invention.
Referring to the figure, a system for verification of a payment card transaction over the Internet comprises a payment card 1 issued to a card holder 2 having a mobile telephone 3.
The card holder 2 has access to a computer 4, which may for example be at his home or his office, which can connect over the internet 5 with the server 6 of an online retailer. The computer 4 can also connect over the Internet to a web portal (not shown), used for online banking to a server 7 of the card issuer, which may be the card holder's bank.
The online retailer server 6 is also connected to the card issuer server 7 via a server 8 of an acquirer, which will typically be a bank providing card transaction services to the online retailer.
The acquirer server 8 may connect to any number of card issuer servers, but only one card issuer server 7 is illustrated, which is associated with payment card 1 of card holder 2. The card issuer server 7 is connected to a card location server 9. The servers 8 and 9 could be one of the same server or could be implemented by two servers, as shown, at separate locations. The card location server 9 may be managed by a separate company contracted to the card issuer to provide card location services and such services may be provided to more than one card issuer.
The card issuer server 7 has a data store 7a storing payment card details with the associated mobile telephone numbers of card holders of the respective cards.
The card location server 9 is connected to a mobile telephone network 10. The mobile telephone network 10 provides location based services for mobile telephones on the network and thus knows, or can determine, the location of mobile telephones using the network and can determine the location of the mobile telephone 3 of the card holder 2.
Prior to conducting an online transaction, the card holder 2 connects to the card issuer server 7 via the Internet 5, using a password protected online banking service and notifies the card issuer server 7 of the location of terminal 4, from which he intends to make an online transaction. The location data may be in any convenient format, for example map coordinates, a postal area or any identifier from which the card issuer server 7 can identify the location of the computer 4.
When the card holder 2 subsequently makes an online transaction, the online server 6 seeks authorisation, via acquirer server 8, from the card issuer server 7. The card issuer server 7 ascertains if notification of an intended transaction has been received in a predetermined period prior to the authorisation request. If notification has been received from the card holder then the card issuer server 7, with which card 3 is associated, identifies in the data store 7a the mobile telephone number of the mobile telephone 3 of the card holder 2. The card issuer server 7 provides this information to the card location server 9 which then contacts the appropriate mobile telephone network 10. The card location server may provide the location of the computer 4 and enquire of the mobile telephone system, whether mobile telephone 3 is at the same location, or alternatively it may request the location of mobile telephone 3 which it then compares with the location of the computer 4 provided by the card holder 2. Tn either case, the card location server 9 provides the card issuer server with information relating to the location of the mobile telephone, sufficient to enable the card issuer server to determine whether or not the mobile telephone 3 of card holder 2 is at the same location as computer 4. The card issuer server 7 uses this information together other criteria for autho rising the transaction via the acquirer server 8.
The invention has been described above by way of example only and it will be appreciated that the location and position of the various servers has been illustrated schematically for the purposes of explanation of the invention. It also will be apparent that a large number of alternative arrangements may be possible which fall within the scope of the appended claims.

Claims (11)

  1. Claims 1. A card issuer sever arranged: to store details relating to issued payment cards together with a plurality of mobile telephone numbers associated with respective card holders of the payment cards; to be accessed by a card holder and to receive from the card holder notification of the location of a computer where the card holder intends to make an online transaction from; to receive details relating to a payment card from an online retailer requesting authorisation for a transaction on said payment card; to determine if the request for authorisation was received in a predetermined period from said notification; if it was, to identify the mobile telephone number of the card holder associated with the received card details; to issue an enquiry regarding the location of a mobile telephone associated with that mobile number to a mobile telephone network; and to authorise or decline the transaction depending, at least in part, on information relating to the location of the card holders mobile telephone received from the telephone network.
  2. 2. A system as claimed in Claim 1, wherein the card issuer server is arranged to be accessed by the card holder via a password protected web portal.
  3. 3. A card issuer server as claimed in Claim 1 or 2, wherein the card issuer server is arranged to provide the notification location to the mobile telephone network and receive a response advising whether the mobile telephone is at the said location.
  4. 4. A card issuer server as claimed in Claim 1 or 2, wherein the card issuer server is arranged to request the location of the mobile telephone associated with the card holder and compares the location received from the telephone network with the notification location.
  5. 5. A system for verification of payment card transaction over the Internet, the system comprising: a card issuer server as claimed in any one of Claims 1 to 4; a server associated with an online retailer; an acquirer server and a card location server, wherein: the retailer server is arranged to transmit card details to the acquirer server; the acquirer server is arranged to identify from the card details the payment card issuer, to contact the card issuer server and provide the card issuer server with card details; the card issuer server is arranged to issue an enquiry regarding the location of the mobile telephone by transmitting the notified location to the card location server; and the card location server is arranged to issue an enquiry to the appropriate telephone network and make a comparison of the notified location and the location of the card holders mobile telephone supplied in response to the enquiry, establish if the locations are the same and communicate this to the card issuer server.
  6. 6. A system as claimed in Claim 5, wherein a common card location server is arranged to respond to enquiries from of a plurality of different card issuer servers.
  7. 7. A method of verifying a payment card transaction comprising receiving from the card holder notification of the location of a computer from where he intends to perform an online transaction, determining on receipt of a request for authorisation of a transaction from an online retailer whether said notification has been received within a predetermined period prior to the request for the authorisation and, if it has, determining if the card holder's mobile telephone is at the notified location.
  8. 8. A method as claimed in Claim 7, comprising transmitting the location of the payment card reader to a mobile telephone network and receiving a response from the mobile telephone network advising whether or not the card holder's mobile telephone is at the said location.
  9. 9. A method as claimed in Claim 7, comprising requesting the location of the card holder's mobile telephone from the telephone network and comparing this location with the location of the payment card reader.
  10. 10. A verification system for a payment card transaction, substantially as hereinbefore described, with reference to and/or as illustrated in one or more of the accompanying drawings.
  11. 11. A method of verifying a payment card transaction substantially as hereinbefore described with reference to and/or as illustrated in, one or more of the accompanying figures.
GB0905398A 2009-03-30 2009-03-30 Internet payment card verification using mobile location Withdrawn GB2469029A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB0905398A GB2469029A (en) 2009-03-30 2009-03-30 Internet payment card verification using mobile location

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0905398A GB2469029A (en) 2009-03-30 2009-03-30 Internet payment card verification using mobile location

Publications (2)

Publication Number Publication Date
GB0905398D0 GB0905398D0 (en) 2009-05-13
GB2469029A true GB2469029A (en) 2010-10-06

Family

ID=40671912

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0905398A Withdrawn GB2469029A (en) 2009-03-30 2009-03-30 Internet payment card verification using mobile location

Country Status (1)

Country Link
GB (1) GB2469029A (en)

Also Published As

Publication number Publication date
GB0905398D0 (en) 2009-05-13

Similar Documents

Publication Publication Date Title
US20210073821A1 (en) Proxy device for representing multiple credentials
AU2016255769C1 (en) Tokenization capable authentication framework
AU2007261072B2 (en) Consumer authentication system and method
EP1487176A1 (en) A method of paying from an account by a customer having a mobile user terminal, and a customer authenticating network
US20090150248A1 (en) System for enhancing payment security, method thereof and payment center
US20150310421A1 (en) Electronic payment transactions without POS terminals
US20110010289A1 (en) Method And System For Controlling Risk Using Static Payment Data And An Intelligent Payment Device
US11157895B2 (en) Payment devices having multiple modes of conducting financial transactions
TW200306483A (en) System and method for secure credit and debit card transactions
US20150227920A1 (en) Management of identities in a transaction infrastructure
US20240073022A1 (en) Virtual access credential interaction system and method
EP3440803B1 (en) Tokenization of co-network accounts
US20240078304A1 (en) Mobile user authentication system and method
EP1334440A1 (en) A computerized method and system for a secure on-line transaction using cardholder authentication
GB2469025A (en) Verification of a payment card transaction
US20250272372A1 (en) Remote creation of virtual credential bound to physical location
CN108475374B (en) Payment devices with multiple modes for conducting financial transactions
US20020073315A1 (en) Placing a cryptogram on the magnetic stripe of a personal transaction card
US20250038981A1 (en) Efficient use of tokens in authentication system
GB2469029A (en) Internet payment card verification using mobile location
EP3347866A1 (en) Proxy device for representing multiple credentials
CN117043801A (en) Digital label including interactive request

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)