[go: up one dir, main page]

GB2504925A - Data entry during non-contact payment transactions - Google Patents

Data entry during non-contact payment transactions Download PDF

Info

Publication number
GB2504925A
GB2504925A GB1212545.6A GB201212545A GB2504925A GB 2504925 A GB2504925 A GB 2504925A GB 201212545 A GB201212545 A GB 201212545A GB 2504925 A GB2504925 A GB 2504925A
Authority
GB
United Kingdom
Prior art keywords
computing device
user
application
data entry
user computing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB1212545.6A
Other versions
GB201212545D0 (en
Inventor
Tom Godber
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Masabi Ltd
Original Assignee
Masabi Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Masabi Ltd filed Critical Masabi Ltd
Priority to GB1212545.6A priority Critical patent/GB2504925A/en
Publication of GB201212545D0 publication Critical patent/GB201212545D0/en
Priority to PCT/GB2013/051846 priority patent/WO2014009736A1/en
Publication of GB2504925A publication Critical patent/GB2504925A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/326Payment applications installed on the mobile devices
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3278RFID or NFC payments by means of M-devices

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

A method of data entry on a user computing device comprises the following elements. An application on the user computing device (2) presents a data entry form (25) to a user. The data entry form (25) has one or more fields for completion. An RFID reader on the user computing device, i.e. phone, then reads data relating to at least one of the one or more fields from an RFID chip of a user token (1). The application completes the at least one of the one or more fields of the data entry form from the data received from the RFID chip of the user token. In some embodiments, the user token may be a bank, payment or credit card, and upon close contact of the mobile phone and bank card, the card details are auto-filled within the empty fields of the form.

Description

DATA ENTRY
Field of the Invention
The invention relates to data entry, particularly data entry to complete forms at a computing device. Embodiments of the invention relate particularly to automated mobile phone payment card details entry using NFC and RFID-enabled Contactless EMV Cards.
Background of the Invention
As mobile phones become more powerful, they are starting to be used for mCommerce -purchasing of goods and services through native and web applications accessed through the handset. Payment for these goods and services may be taken through the user's phone bill, or by debiting a payment card such as those offered by Visa, Mastercard and American Express.
In recent years payment cards have begun to be fitted with RFID-based antennas allowing the card to wirelessly communicate with suitable readers. Some mobile phones have also begun to be fitted with suitable radio chips and antennas, termed NFC.
Certain types of transaction, typically of low monetary value, are carried out directly by these contactless chips with no need for significant user input. For a more complex or more high valued transaction, user information is generally required. This may require significant data entry, which slows the process and leads to risk of user error. As an alternative, fields may be automatically filled (for example from information stored by the browser), but this increases the risk to the user data concerned and will also generally rely on an initial user data entry step.
Summary of the Invention
In a first aspect, the invention provides a method of data entry on a user computing device comprising: an application on the user computing device presenting a data entry form to a user, the data entry form having one or more fields for completion; an REID reader on the user computing device reading data relating to at least one of the one or more fields from an RFI D chip of a user token; and the application populating at least one of the one or more fields of the data entry form from the data received from the RFI D chip of the user token.
This approach is highly advantageous, as it provides the user with direct control of the step of entering data into the application, while ensuring that data entry is both rapid and accurate by use of the user token.
In a preferred embodiment, the user computing device is a mobile telephone. The one or more fields for completion may comprise payment card parameter fields, and the user token may be a payment card. In a particularly preferred arrangement, the payment card is an EMV payment card, and the user computing device comprises an NFC enabled RFID reader.
This provides the user with an extremely convenient and effective approach to providing payment details in mCommerce applications.
In preferred embodiments, the application is either a native application using data entry fields provided by the platform, an HTML application running embedded inside a native application, or is a browser providing an HTML form.
In embodiments, the data reading step may comprise bringing an antenna of the user token into proximity with an antenna of the RFID reader. This approach, typically comprising tapping a payment card against a mobile telephone, allows for good user control of the form completion action.
In a second aspect, the invention provides a user computing device configured for data entry from a user token, the user computing device comprising: a memory having an application stored therein and a processor adapted to run the application, the application when running on the user computing device presenting on a user interface of the user computing device a data entry form having one or more fields for completion; an REID reader adapted when the data entry form is presented to read data relating to at least one of the one or more fields from an RFID chip of a user token; wherein the application is further adapted to complete the at least one of the one or more fields of the data entry form from the data received from the RFID chip of the user token.
Advantageously, the user computing device is a mobile telephone. Preferably, the user computing device and the RFID reader are adapted for NFC communication.
Brief Description of Drawings
Specific embodiments of the invention will be described below, by way of example, with reference to the accompanying drawings, of which: Figure 1 shows a conventional EMV payment card suitable for use in embodiments of the invention; Figure 2 shows a mobile phone running an application presenting a data entry form for completion suitable for use in embodiments of the invention; and Figures 3 shows steps in the use of the card of Figure 1 to enter data into the form shown in Figure 2 in accordance with embodiments of the invention.
Description of Specific Embodiments
While embodiments of the invention may be used in other contexts (for example, using other user computing apparatus such as a laptop computer, or other user tokens such as a smart badge), embodiments of particular interest here relate to the use of mobile telephones and payment cards in mCommerce applications.
Such embodiments of this invention provide for the entry of payment card details -card number, expiry date, account holder name -into a data entry form on an NFC-enabled mobile phone without the user having to key in the details on a keypad or touchscreen keyboard, by using the handset's NFC chip to read the details from an RFID-enabled EMV payment card (as used by Visa's Paywave and Mastercard's PayPass products). The card details available through the RFID radio interface are usually a subset of those printed on the front of the card.
Figure 1 shows basic elements of such a payment card. The card 1 comprises an EMV chip 11 (which may be directly readable in contact-based chip and PIN applications) and (either in the same chip or in a separate chip) an RFID capability, the RFID system comprising an antenna 12. Payment card details 13 are presented on the face of the payment card and are also stored in the EMV chip 11. There may be additional details (such as the CVV field printed on the reverse of the card) which are not stored in the EMV chip 11 for security reasons or otherwise. The payment card may be a debit card or a credit card.
Figure 2 shows basic elements of such a mobile phone. The mobile phone 2 comprises the normal computation and communication elements of a mobile phone, of which only the processor 21 and the memory 22 are of particular relevance here. As the mobile phone 2 is NFC enabled, it also includes an RFID reader 23 with suitable programming of the mobile phone to allow operation according to NFC protocols. The mobile phone has a display 24.
The mobile phone 2 is shown running an application which is providing a payment form 25 for completion on the display.
The data entry form is a series of data entry fields presented either as part of a screen in a native or hybrid HTML mobile application, or inside an HTML form in a full browser or a browser component. These fields cover all details of the card required to take a payment from the user; the invention will fill every field that it can using the data on the RFID-enabled payment card, however there will also be additional fields which cannot be automatically filled in such as the CVV field, because this information is not stored on the card.
As shown in Figure 3, when the data entry form 25 is presented, the application providing the data entry form will recognise when the handset contains a suitable NFC chip, and will display instructions indicating that the user may tap the phone to automatically enter their card details. When the card 1 is tapped against the mobile phone 2, the EMV data is read by the RFID reader of the phone and provided to the application. The relevant fields of the data entry form 25 are then automatically completed with the EMV data received through the NFC interaction with the card 1.
To read the user's details, one effective option is to use an open source library such as JavaEMVReader (http:t/code.cioople.com/ifiavaemvreader/), which contains detailed examples and working code. The full specification is available from EMV Co here:
htt:/twww.emvco.comtspecifications.aspx?id=21
A brief overview of the programming steps required for an exemplary embodiment is included below -an appropriate NFC object must be instantiated with a connection from a reader to an EMV card, and then the binary commands sent as shown.
[Step 1] SELECT FILE IPAY.SYS.DDFOI to get the PSE directory Command Sent [00a40400 0e3 15041 592e5359 532e4444 463031] Response Received [6f1a840e 31504159 2e535953 2e444446 3031a508 880101Sf 2d02656e 9000] Meaning of response: 6f la --File Control Information (FCI) Template 84 Oe --Dedicated File (DF) Name 31504159 2e535953 2e444446 3031 (BINARY) aS 08 --File Control Information (FCI) Proprietary Template 88 01 --Short File Identifier (SF1) 01 (BINARY) 5f2d 02--Language Preference 65 6e (=en) [Step 2] Send READ RECORD to read all records in SF1 I Command Sent [00b2010c 001 Response Received [703861 le 4f07a000 00000310 10501042 4152434c 41594341 52442056 49534187 01016116 4f07a000 00000380 02500842 4152434c 41595387 01009000] Meaning of response: 38 --Record Template (EMV Proprietary) 61 le --Application Template 4f 07--Application Identifier (AID)-card aO 0000 00 03 10 10 (BINARY) 50 10 --Application Label 42 41 5243 4c 41 594341 5244205649 5341 (BARCLAYCARD VISA) 87 01 --Application Priority Indicator 01 (BINARY) 6116--Application Template 4f 07--Application Identifier (AID) -card aO 0000 00 03 80 02 (BINARY) 08 --Application Label 42 41 52 43 4c 41 59 53 (=BARCLAYS) 87 01 --Application Priority Indicator 00 (BINARY) [Step 3] Send READ RECORD to read all records in SF1 I Command Sent [00b2020c 00] Response Received [6a83] Meaning of response: 6a 83 (Wrong parameter(s) P1 P2; record not found) [Step 4] Select application by AIDs [Step 4.1] AID: [a0000000 031010] Command Sent [00a40400 07a00000 00031010] Response Received [6f3d8407 a0000000 031010a5 32501042 4152434c 41594341 52442056 4953419f 38189f66 049f0206 9f03069f 1a029505 5f2a029a 039c019f 37045f2d 02656e90 00] Meaning of response: 6f 3d --File Control Information (FCI) Template 84 07 --Dedicated File (DF) Name aO 00000003 10 10 (BINARY) aS 32 --File Control Information (FCI) Proprietary Template 10 --Application Label 42 41 5243 4c 41 594341 5244205649 5341 (BARCLAYCARD VISA) 9f 38 18--Processing Options Data Object List (PDOL) 9f 66 04 --Terminal Transaction Qualifiers 9f 02 06 --Amount, Authorised (Numeric) 9f 03 06 --Amount, Other (Numeric) 9f la 02 --Terminal Country Code 05 --Terminal Verification Results (TVR) Sf 2a 02 --Transaction Currency Code 9a 03 --Transaction Date 9c 01 --Transaction Type 9f 37 04 --Unpredictable Number 5f2d 02--Language Preference 65 6e (=en) [Step 4.1.1] READ RECORD OF THAT APPLICATION Command Sent [OOb2OlOc 00] Response Received [704d5713 49291234 43216008 d141 1201 20244000 0000lfSf 201a474f 44424552 2f542020 20202020 20202020 20202020 20202020 9f1f1832 30303030 30303030 30303030 30303234 34303030 30303090 00] Meaning of response: 4d -Record Template (EMV Proprietary) 57 13-Card Number 4929 1234 4321 6008 d -Expiry date 1411 (usually written as 11/14) 201 2024400 00 if (BINARY) Sf20 1 a -Cardholder Name 474f 44424552 2f542020 20202020 20202020 20202020 20202020 (=GODBER/T) 9f if 10-[Magnetic Stripe] Track 1 Discretionary Data 30303030 30303030 30303030 30303234 34303030 30303090 00

Claims (12)

  1. CLAIMS1. A method of data entry on a user computing device comprising: an application on the user computing device presenting a data entry form to a user, the data entry form having one or more fields for completion; an RFID reader on the user computing device reading data relating to at least one of the one or more fields from an REID chip of a user token; and the application completing the at least one of the one or more fields of the data entry form from the data received from the SF10 chip of the user token.
  2. 2. A method as claimed in claim 1, wherein the user computing device is a mobile telephone.
  3. 3. A method as claimed in claim 1 or claim 2, wherein the one or more fields forcompletion comprise payment card parameter fields.
  4. 4. A method as claimed in claim 3, wherein the user token is a payment card.
  5. 5. A method as claimed in claim 4, wherein the payment card is an EMV payment card, and wherein the user computing device comprises an NFC enabled SF10 reader.
  6. 6. A method as claimed in any preceding claim, wherein the application is a pure native application.
  7. 7. A method as claimed in any of claims ito 5, wherein the application is a hybrid HTML application.
  8. 8. A method as claimed in any of claims ito 5, wherein the application is a browser providing an HTML form.
  9. 9. A method as claimed in any preceding claim, wherein the data reading step comprises bringing an antenna of the user token into proximity with an antenna of the SF10 reader.
  10. 10. A user computing device configured for data entry trom a user token, the user computing device comprising: a memory having an application stored therein and a processor adapted to run the application, the application when running on the user computing device presenting on a user interface of the user computing device a data entry form having one or more fields for completion; an RFID reader adapted when the data entry form is presented to read data relating to at least one of the one or more fields from an RFID chip of a user token; wherein the application is further adapted to complete the at least one of the one or more fields of the data entry form from the data received from the RFID chip of the user token.
  11. 11. A user computing device as claimed in claim 10, wherein the user computing device is a mobile telephone.
  12. 12. A user computing device as claimed in claim 10 or claim 11, wherein the user computing device and the RFID reader are adapted for NEC communication.
GB1212545.6A 2012-07-13 2012-07-13 Data entry during non-contact payment transactions Withdrawn GB2504925A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
GB1212545.6A GB2504925A (en) 2012-07-13 2012-07-13 Data entry during non-contact payment transactions
PCT/GB2013/051846 WO2014009736A1 (en) 2012-07-13 2013-07-11 Data entry

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB1212545.6A GB2504925A (en) 2012-07-13 2012-07-13 Data entry during non-contact payment transactions

Publications (2)

Publication Number Publication Date
GB201212545D0 GB201212545D0 (en) 2012-08-29
GB2504925A true GB2504925A (en) 2014-02-19

Family

ID=46799619

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1212545.6A Withdrawn GB2504925A (en) 2012-07-13 2012-07-13 Data entry during non-contact payment transactions

Country Status (2)

Country Link
GB (1) GB2504925A (en)
WO (1) WO2014009736A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9436670B2 (en) 2014-06-17 2016-09-06 International Business Machines Corporation Webpage based form entry aid
US10074231B2 (en) 2015-06-09 2018-09-11 Stmicroelectronics S.R.L. Method for the activation of a payment card, corresponding system and computer program
WO2016201522A1 (en) * 2015-06-18 2016-12-22 Maxwell Forest Pty Ltd Data transfer during electronic transactions

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010027439A1 (en) * 1999-07-16 2001-10-04 Holtzman Henry N. Method and system for computerized form completion
US7062258B1 (en) * 2001-12-06 2006-06-13 Oracle International Corporation Wallet for storage of information for automated entry into forms of mobile applications
US20070262134A1 (en) * 2006-05-10 2007-11-15 First Data Corporation System and method for activating telephone-based payment instrument
US20100217682A1 (en) * 2009-02-26 2010-08-26 Research In Motion Limited System and method for capturing user inputs in electronic forms
WO2011127177A2 (en) * 2010-04-09 2011-10-13 Visa International Service Association System and method for securely validating transactions

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7775432B2 (en) * 2003-10-16 2010-08-17 Nokia Corporation Terminal, method and computer program product for interacting with a signaling tag
US8706628B2 (en) * 2009-02-25 2014-04-22 Mastercard International Incorporated Automated opening of electronic wallet function in mobile device
US10255601B2 (en) * 2010-02-25 2019-04-09 Visa International Service Association Multifactor authentication using a directory server
US8453226B2 (en) * 2010-07-16 2013-05-28 Visa International Service Association Token validation for advanced authorization

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010027439A1 (en) * 1999-07-16 2001-10-04 Holtzman Henry N. Method and system for computerized form completion
US7062258B1 (en) * 2001-12-06 2006-06-13 Oracle International Corporation Wallet for storage of information for automated entry into forms of mobile applications
US20070262134A1 (en) * 2006-05-10 2007-11-15 First Data Corporation System and method for activating telephone-based payment instrument
US20100217682A1 (en) * 2009-02-26 2010-08-26 Research In Motion Limited System and method for capturing user inputs in electronic forms
WO2011127177A2 (en) * 2010-04-09 2011-10-13 Visa International Service Association System and method for securely validating transactions

Also Published As

Publication number Publication date
WO2014009736A1 (en) 2014-01-16
GB201212545D0 (en) 2012-08-29

Similar Documents

Publication Publication Date Title
US6705520B1 (en) Point of sale adapter for electronic transaction device
EP2430601B1 (en) Apparatus, method, and computer program product for providing a quality control mechanism for the contactless interface of a dual-interface card
AU2010229107B2 (en) Cardholder verification rule applied in payment-enabled mobile telephone
EP1960938B1 (en) Techniques for co-existence of multiple stored value applications on a single payment device managing a shared balance
KR102008206B1 (en) A server, method and system for managing card transaction service
US20140114861A1 (en) Hand-held self-provisioned pin ped communicator
US20100153269A1 (en) System, method, apparatus and computer program product for interfacing a multi-card radio frequency (rf) device with a mobile communications device
US12293363B2 (en) Multi-factor automated teller machine (ATM) personal identification number (PIN)
EP3223220A1 (en) Smart multi card, and method for issuing card data for smart multi card
WO2009032687A2 (en) System and method for completing a secure financial transaction using a wireless communications device
US20200356968A1 (en) Method and system for carrying out a payment transaction on a bank terminal using an electronic device
GB2504925A (en) Data entry during non-contact payment transactions
KR200230813Y1 (en) Cellular phone having card reading system
US20150242845A1 (en) Portable electronic card system and method for manufacturing a rewritable plastic card
EP4513410A1 (en) Payment method and terminal
EP3534313A1 (en) Payment device with touch screen
KR20180036937A (en) A server, method and system for managing card transaction service
US20150134525A1 (en) Method for Preventing Misappropriation of Plastic Money and Plastic Money
KR20050064618A (en) The method of banking auto-teller machine by using mobile phone
HK40026515A (en) Multi-card and payment method using same
GB2523102A (en) A device for facilitating face to face funds transfers

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)