[go: up one dir, main page]

WO2001054003A1 - Secure internet payment method - Google Patents

Secure internet payment method Download PDF

Info

Publication number
WO2001054003A1
WO2001054003A1 PCT/AU2000/000024 AU0000024W WO0154003A1 WO 2001054003 A1 WO2001054003 A1 WO 2001054003A1 AU 0000024 W AU0000024 W AU 0000024W WO 0154003 A1 WO0154003 A1 WO 0154003A1
Authority
WO
WIPO (PCT)
Prior art keywords
identification code
purchaser
computer
vendor
account identification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/AU2000/000024
Other languages
French (fr)
Inventor
Bradley Wein
Ben Thompson
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ABANACK PTY Ltd
Original Assignee
ABANACK PTY Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ABANACK PTY Ltd filed Critical ABANACK PTY Ltd
Priority to PCT/AU2000/000024 priority Critical patent/WO2001054003A1/en
Priority to AU24251/00A priority patent/AU2425100A/en
Publication of WO2001054003A1 publication Critical patent/WO2001054003A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/04Billing or invoicing

Definitions

  • This invention relates to a secure Internet payment method. It relates particularly but not exclusively to an Internet payment method which incorporates a step of verifying the identity of the purchaser's computer before the payment transaction is allowed to proceed.
  • Credit card fraud in Internet-related financial transactions is a significant problem for merchants and financial institutions, because Internet credit card transactions are conducted without requiring the purchaser's signature. There are many ways in which such fraud can occur.
  • One example is when a person steals a credit card and uses it to make purchases over the Internet before it is cancelled.
  • Another example is when a person intercepts a genuine Internet credit card transaction and obtains from it details sufficient to enable the person to make fraudulent purchases.
  • a purchaser visits a vendor's web site over the Internet and decides to make a purchase. The purchaser selects the items which are to be purchased and places them in a virtual shopping cart.
  • the purchaser then agrees to the total amount to be paid, and enters details of his or her credit card into a web page associated with the vendor.
  • the vendor then forwards the credit card details to a bank or other credit card verification authority, which then determines whether the credit card details are valid and whether the transaction is within the purchaser's credit limit. If these test are met, the bank advises the vendor that the transaction is authorised, and the vendor notifies the purchaser.
  • Efforts to prevent credit card fraud over the Internet have to date largely focused on ensuring that credit card information for genuine purchases is sent in a secure manner, such as in an encrypted form. Transmission of credit card details from purchaser to vendor is typically done through the medium of a "secure" server, employing a medium level of encryption to protect the data transmitted from interception.
  • US Patent 6,012,144 describes a method for performing credit card purchases over two networks such as the Internet and the public telephone system.
  • the transaction is commenced by the purchaser on one of the networks (e.g. the Internet), and the vendor's computer automatically calls the purchaser back via the other network (e.g. the telephone system) to verify the transaction and authenticate the identity or authority of the purchaser.
  • networks e.g. the Internet
  • the vendor's computer automatically calls the purchaser back via the other network (e.g. the telephone system) to verify the transaction and authenticate the identity or authority of the purchaser.
  • methods such as this add complexity to an Internet financial transaction process, thereby reducing the likelihood that individuals will be willing to use the system, and resulting, from the vendor's point of view, in loss of sales.
  • Multi-factor authentication for improving the security of e-commerce, delivery and access to sensitive documents • Improved identification for "push" of sensitive or protected information
  • a method of making a payment of a transaction amount over the Internet between a purchaser, who has a computer with a computer hardware identification code, and a vendor including the following steps: (a) from the purchaser's computer the purchaser forwards to the vendor over the Internet an account identification code identifying an account which the purchaser holds with a financial institution;
  • the present invention relies on the creation of a database which registers and links a prospective purchaser's account identification code (such as a credit card number or a code derived from a credit card number) with the purchaser's computer hardware identification code (such as a processor serial number or a code derived from a processor serial number).
  • the database may be maintained by the vendor or by the financial institution, but it is preferred that the database is maintained by a verification service provider which is separate from the vendor and the financial institution. It is further preferred that the database holds account identification codes for accounts held with a plurality of different financial institutions, with the database being available for query by multiple different vendors.
  • step of testing to determine whether the computer hardware identification code associated with the account identification code matches the computer hardware identification code on the computer from which the purchaser forwarded the account identification code is performed directly between the verification service provider and the purchaser's computer.
  • the purchaser may of course have more than one computer. It is therefore preferred that the database allow a person to register more than one computer hardware identification code for each account identification code.
  • the purchaser may have more than one bank account . It is therefore preferred that the database allow a person to register more than one account identification code for each computer hardware identification code.
  • the step of transmitting details of the transaction amount and account identification code to the financial institution for authorisation is performed by the vendor.
  • the vendor transmits the transaction amount to the verification service provider together with the account identification code, and the step of transmitting details of the transaction amount and account identification code to the financial institution for authorisation is performed by the verification service provider.
  • the message from the financial institution to the vendor indicating that the transaction has been authorised or has not been authorised may be sent via the verification service provider.
  • a message may be sent to the purchaser inviting the purchaser to register with the database, on providing appropriately secure verification of identity.
  • a message may sent to the owner of the account and/or to the financial institution, indicating that a transaction has been attempted with the account identification code from a computer which is not the computer registered in the database, and providing an alert to the effect that a fraudulent transaction may have been attempted.
  • the account identification code may be any suitable type of code. It is particularly preferred that the account identification code be a credit card or debit card number, or a code derived from such a number.
  • the computer hardware identification code may be any suitable type of code. It is preferred that the computer hardware identification code be an unchangeable code physically hardwired or otherwise embedded into an item of hardware associated with the purchaser's computer. It is particularly preferred that the computer hardware identification code be a network card serial number, a computer processor serial number, or a code derived from such a number.
  • Figure 1 is a schematic diagram of one embodiment of the invention.
  • Figure 2 is a schematic diagram of an alternative embodiment of the invention.
  • FIG. 1 there is shown a method of making a payment of a transaction amount between a purchaser's computer 1 and a vendor 3, via the Internet 2.
  • the method involves the purchaser forwarding from the purchaser's computer 1 to the vendor 3 an account identification code identifying an account which the purchaser holds with a financial institution 8.
  • the vendor checks the account identification code in a database 5 which stores details of registered account identification codes and associated computer hardware identification codes. Communications between vendor 3 and database 5 may be over the Internet 4 or via a secure communications channel or private line. Database 5 may even be located in the premises of vendor 3.
  • the account identification code is not located in database 5
  • a message indicating this is sent to the vendor.
  • the vendor then notifies the purchaser, who is optionally given opportunity to register with the database on providing adequate security information to authenticate his or her identity.
  • database 5 performs a test to determine whether the computer hardware identification code located in the database matches the code on the purchaser's computer 1. This test is preferably done by means of an Internet connection between database 5 and purchaser's computer 1 , in real time during the processing of the online purchase transaction, preferably transparently to the purchaser and vendor. It is possible, although not as desirable, that the test could be routed to the purchaser's computer 1 via vendor 3, rather than via direct Internet connection 6.
  • a message to this effect is sent to the vendor and the transaction fails.
  • a message is also sent to the registered owner of the account and to the financial institution advising them of the possible attempted unauthorised transaction.
  • a message to this effect is sent to the vendor 3. Either after receiving this message, or at the same time as sending the account identification code to database 5, vendor 3 contacts bank 8 via the Internet 7 or via a direct line, a dial-up line or any other suitable connection. Vendor 3 transmits to bank 8 details of the account identification code and the transaction amount. The bank then processes the authorisation request in accordance with its standard criteria before responding to vendor 3 with an authorisation message or a refusal of authorisation, and the transaction proceeds or fails accordingly.
  • the account identification code is not registered in the database.
  • the message may optionally incorporate further information on the nature of the result returned, such as providing a measure of reliability regarding verification of the initial registration of the purchaser's computer.
  • the scenario illustrated in Figure 2 is similar, except that the vendor communicates only with the database service provider 5, who communicates with the bank as agent for the vendor.
  • the vendor communicates only with the database service provider 5, who communicates with the bank as agent for the vendor.
  • details of the transaction amount are provided by vendor 3 to database service provider 5, as well as the account identification code.
  • the database service provider tests the computer hardware identification code and contacts financial institution 8 via the Internet 7 or via a private line, a dial-up line or any other suitable communications method.
  • Financial institution 8 provides the authorisation to database service provider 5, who relays it to vendor 3.
  • the method of the present invention could be accomplished by providing a server with a permanent connection to the Internet, with the server running database software fulfilling the function of database 5.
  • This server could be connected to individual vendors and financial institutions through the Internet, private lines, dial-up connections or any other suitable communication means.
  • the server could be located in the premises of a vendor or a financial institution, although it is preferred that the server be located separately. As traffic increases, to ensure availability and the ability to handle large transaction volumes, a number of clusters of servers geographically separated will be required.
  • the method of the present invention requires that the purchaser have a computer which has a computer hardware identification code which is capable of being read remotely. Many computers do not currently have such a hardware code. An aspiring purchaser who wishes to make purchases using the secure method of the present invention could do so by acquiring a processor which has a remotely accessible identification code such as an Intel Pentium III processor, or by adding to the purchaser's computer a hardware item with a remotely accessible identification code, such as an add-in card, board or other device.
  • the Pentium III processor serial number it is preferred that the computer hardware identification code used for the purposes of the present invention be a code based on modified version of the processor serial number, rather than the processor serial number itself.

Landscapes

  • Business, Economics & Management (AREA)
  • Development Economics (AREA)
  • Accounting & Taxation (AREA)
  • Economics (AREA)
  • Finance (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A method of making a payment of a transaction amount over the Internet (2, 4, 6, 7) between a purchaser, who has a computer (1) with a computer hardware identification code, and a vendor (3), includes the step of the purchaser forwarding from the purchaser's computer (1) to the vendor (3) over the Internet (2, 4, 6, 7) an account identification code identifying an account which the purchaser holds with a financial institution. The account identification code is then checked in a database (5) which stores details of registered account identification codes and associated hardware identification codes. If the account identification code is not located in the database (5), a message is sent to the vendor (3) indicating the code has not been located, otherwise a test is performed to determine whether the computer hardware identification code associated with the account identification code matches the computer hardware identification code on the computer from which the purchaser forwarded the account identification code.

Description

SECURE INTERNET PAYMENT METHOD
This invention relates to a secure Internet payment method. It relates particularly but not exclusively to an Internet payment method which incorporates a step of verifying the identity of the purchaser's computer before the payment transaction is allowed to proceed.
Credit card fraud in Internet-related financial transactions is a significant problem for merchants and financial institutions, because Internet credit card transactions are conducted without requiring the purchaser's signature. There are many ways in which such fraud can occur. One example is when a person steals a credit card and uses it to make purchases over the Internet before it is cancelled. Another example is when a person intercepts a genuine Internet credit card transaction and obtains from it details sufficient to enable the person to make fraudulent purchases. In a typical Internet credit card transaction, a purchaser visits a vendor's web site over the Internet and decides to make a purchase. The purchaser selects the items which are to be purchased and places them in a virtual shopping cart. The purchaser then agrees to the total amount to be paid, and enters details of his or her credit card into a web page associated with the vendor. The vendor then forwards the credit card details to a bank or other credit card verification authority, which then determines whether the credit card details are valid and whether the transaction is within the purchaser's credit limit. If these test are met, the bank advises the vendor that the transaction is authorised, and the vendor notifies the purchaser. Efforts to prevent credit card fraud over the Internet have to date largely focused on ensuring that credit card information for genuine purchases is sent in a secure manner, such as in an encrypted form. Transmission of credit card details from purchaser to vendor is typically done through the medium of a "secure" server, employing a medium level of encryption to protect the data transmitted from interception. An example of a system for secure network electronic payment is given in US Patent 5,987,140. Such systems can readily be implemented with currently available technology, but they only solve one of the minor aspects of Internet credit card fraud, namely the interception of confidential credit card transmissions. They do not solve the problem of preventing fraud once credit card details are known by a person who intends to commit a fraud, and they are not effective in checking whether the user of the credit card is its owner.
Other efforts to prevent credit card fraud focus on multiple source verification. US Patent 6,012,144 describes a method for performing credit card purchases over two networks such as the Internet and the public telephone system. The transaction is commenced by the purchaser on one of the networks (e.g. the Internet), and the vendor's computer automatically calls the purchaser back via the other network (e.g. the telephone system) to verify the transaction and authenticate the identity or authority of the purchaser. However, methods such as this add complexity to an Internet financial transaction process, thereby reducing the likelihood that individuals will be willing to use the system, and resulting, from the vendor's point of view, in loss of sales.
Effective prevention of credit card fraud requires adequate user authentication. In ordinary Internet usage, there has in the past been no reliable means of user authentication. On connection to the Internet, a user is normally assigned an "address", but on next connecting to the Internet the user is usually assigned a different address, with the result that the user's address does not provide a reliable guide to the user's identity. User authentication in computer environments is established by combining variables from three different broad classes:
• Something you know, such as a password
• Something you have, such as a key or a smart card
• Something you are, meaning biometrics such as fingerprints. Some types of computer hardware such as network cards have unique or rarely recurring serial numbers assigned to them. These serial numbers, which fall into the "something you have" class, allow easy identification of individual computers on a large network, and they can also be used to identify the particular computer from which a transmission originated. Intel has built similar unique processor serial numbers into Pentium III processors, although the ability to access a serial number remotely from the Internet is normally turned off, as a result of fears that such serial numbers could be used to invade the privacy of individual computer users. In their white paper entitled "Processor Serial Number Applications", Intel have anticipated applications along the lines of:
• Multi-factor authentication for improving the security of e-commerce, delivery and access to sensitive documents • Improved identification for "push" of sensitive or protected information
• Improved manageability in large networks and multi-processor systems - particularly asset tracking, fault detection and recovery, and virus detection and tracking
• Improved backup and restore protection, removable storage protection, managed file access and confirmation of information exchange
• Improved management of access to online communities by improving user identification.
It is an object of the present invention to provide a new method of payment over the Internet which incorporates a greater level of security than that provided by commonly available Internet payment methods.
According to the present invention there is provided a method of making a payment of a transaction amount over the Internet between a purchaser, who has a computer with a computer hardware identification code, and a vendor, including the following steps: (a) from the purchaser's computer the purchaser forwards to the vendor over the Internet an account identification code identifying an account which the purchaser holds with a financial institution;
(b) the account identification code is then checked in a database which stores details of registered account identification codes and associated computer hardware identification codes;
(c) if the account identification code is not located in the database, a message is sent to the vendor indicating that the code has not been located;
(d) if the account identification code is located in the database, a test is performed to determine whether the computer hardware identification code associated with the account identification code matches the computer hardware identification code on the computer from which the purchaser forwarded the account identification code; (e) a message is sent to the vendor indicating that the computer hardware identification code matches or does not match, depending on the results of the test;
(f) details of the transaction amount and account identification code are transmitted to the financial institution with which the purchaser holds the account for authorisation;
(g) if the financial institution determines not to authorise the payment, a message is sent to the vendor indicating that the payment has not been authorised; (h) if the financial institution determines to authorise the payment, a message is sent to the vendor indicating that the payment has been authorised, and the vendor sends to the purchaser's computer a message indicating that the payment has been accepted.
The present invention relies on the creation of a database which registers and links a prospective purchaser's account identification code (such as a credit card number or a code derived from a credit card number) with the purchaser's computer hardware identification code (such as a processor serial number or a code derived from a processor serial number). The database may be maintained by the vendor or by the financial institution, but it is preferred that the database is maintained by a verification service provider which is separate from the vendor and the financial institution. It is further preferred that the database holds account identification codes for accounts held with a plurality of different financial institutions, with the database being available for query by multiple different vendors. This maximises the security of the purchaser's confidential information because it only has to be disclosed to one party, the verification service provider, and it can then be used for multiple transactions with multiple vendors and financial institutions. If separate databases were maintained by different vendors and financial institutions, the purchaser's confidential information would have to be disclosed multiple times in order to register with the different vendors.
It is further preferred that the step of testing to determine whether the computer hardware identification code associated with the account identification code matches the computer hardware identification code on the computer from which the purchaser forwarded the account identification code is performed directly between the verification service provider and the purchaser's computer.
This ensures that details of computer hardware identification codes associated with particular account identification codes are kept confidential and never sent via vendors or financial institutions, so that the potential for fraudulent misuse is minimised.
The purchaser may of course have more than one computer. It is therefore preferred that the database allow a person to register more than one computer hardware identification code for each account identification code.
Further, the purchaser may have more than one bank account . It is therefore preferred that the database allow a person to register more than one account identification code for each computer hardware identification code.
In one embodiment of the invention, the step of transmitting details of the transaction amount and account identification code to the financial institution for authorisation is performed by the vendor. In another embodiment of the invention, the vendor transmits the transaction amount to the verification service provider together with the account identification code, and the step of transmitting details of the transaction amount and account identification code to the financial institution for authorisation is performed by the verification service provider. In this latter embodiment, the message from the financial institution to the vendor indicating that the transaction has been authorised or has not been authorised may be sent via the verification service provider.
If, during the course of the transaction, the account identification code is not located in the database, a message may be sent to the purchaser inviting the purchaser to register with the database, on providing appropriately secure verification of identity.
If the computer hardware verification test determines that the computer hardware identification code does not match, a message may sent to the owner of the account and/or to the financial institution, indicating that a transaction has been attempted with the account identification code from a computer which is not the computer registered in the database, and providing an alert to the effect that a fraudulent transaction may have been attempted.
The account identification code may be any suitable type of code. It is particularly preferred that the account identification code be a credit card or debit card number, or a code derived from such a number. The computer hardware identification code may be any suitable type of code. It is preferred that the computer hardware identification code be an unchangeable code physically hardwired or otherwise embedded into an item of hardware associated with the purchaser's computer. It is particularly preferred that the computer hardware identification code be a network card serial number, a computer processor serial number, or a code derived from such a number.
The invention will now be described in greater detail by reference to the attached drawings which illustrate example forms of the invention. It is to be understood that the particularity of the drawings does not supersede the generality of the preceding description of the invention.
Figure 1 is a schematic diagram of one embodiment of the invention.
Figure 2 is a schematic diagram of an alternative embodiment of the invention.
Referring firstly to Figure 1 , there is shown a method of making a payment of a transaction amount between a purchaser's computer 1 and a vendor 3, via the Internet 2. The method involves the purchaser forwarding from the purchaser's computer 1 to the vendor 3 an account identification code identifying an account which the purchaser holds with a financial institution 8.
The vendor checks the account identification code in a database 5 which stores details of registered account identification codes and associated computer hardware identification codes. Communications between vendor 3 and database 5 may be over the Internet 4 or via a secure communications channel or private line. Database 5 may even be located in the premises of vendor 3.
If the account identification code is not located in database 5, a message indicating this is sent to the vendor. The vendor then notifies the purchaser, who is optionally given opportunity to register with the database on providing adequate security information to authenticate his or her identity. If the account identification code is located in database 5, database 5 performs a test to determine whether the computer hardware identification code located in the database matches the code on the purchaser's computer 1. This test is preferably done by means of an Internet connection between database 5 and purchaser's computer 1 , in real time during the processing of the online purchase transaction, preferably transparently to the purchaser and vendor. It is possible, although not as desirable, that the test could be routed to the purchaser's computer 1 via vendor 3, rather than via direct Internet connection 6.
If the test results in a finding that the computer hardware identification code does not match the database entry, a message to this effect is sent to the vendor and the transaction fails. Preferably, a message is also sent to the registered owner of the account and to the financial institution advising them of the possible attempted unauthorised transaction. If, on the other hand, the test results in a finding that the purchaser's computer hardware identification code does indeed match the database entry, a message to this effect is sent to the vendor 3. Either after receiving this message, or at the same time as sending the account identification code to database 5, vendor 3 contacts bank 8 via the Internet 7 or via a direct line, a dial-up line or any other suitable connection. Vendor 3 transmits to bank 8 details of the account identification code and the transaction amount. The bank then processes the authorisation request in accordance with its standard criteria before responding to vendor 3 with an authorisation message or a refusal of authorisation, and the transaction proceeds or fails accordingly.
Thus there are three different messages which the database 5 may return to vendor 3: • The computer hardware identification code matches the database entry for the account identification code
• The computer hardware identification code does not match the database entry for the account identification code
• The account identification code is not registered in the database. The message may optionally incorporate further information on the nature of the result returned, such as providing a measure of reliability regarding verification of the initial registration of the purchaser's computer.
The scenario illustrated in Figure 2 is similar, except that the vendor communicates only with the database service provider 5, who communicates with the bank as agent for the vendor. In this case, when the purchaser attempts a transaction, details of the transaction amount are provided by vendor 3 to database service provider 5, as well as the account identification code. The database service provider tests the computer hardware identification code and contacts financial institution 8 via the Internet 7 or via a private line, a dial-up line or any other suitable communications method. Financial institution 8 provides the authorisation to database service provider 5, who relays it to vendor 3.
It will be appreciated that there are many different hardware and software configurations which could be adopted to embody the invention. In its simplest form, the method of the present invention could be accomplished by providing a server with a permanent connection to the Internet, with the server running database software fulfilling the function of database 5. This server could be connected to individual vendors and financial institutions through the Internet, private lines, dial-up connections or any other suitable communication means. The server could be located in the premises of a vendor or a financial institution, although it is preferred that the server be located separately. As traffic increases, to ensure availability and the ability to handle large transaction volumes, a number of clusters of servers geographically separated will be required.
It is not possible to state with complete accuracy the Internet bandwidth required for a given transaction volume, as the bandwidth required to test computer hardware identification codes depends upon protocols which may be defined from time to time by hardware manufacturers for reading those hardware identification codes remotely and upon protocols defined from time to time by financial institutions or regulatory authorities for transmission of financial transactions. The current estimate of required bandwidth, based upon 40Kb per transaction, is 20Kbps for every 1 million transactions processed per year.
It will further be appreciated that the method of the present invention requires that the purchaser have a computer which has a computer hardware identification code which is capable of being read remotely. Many computers do not currently have such a hardware code. An aspiring purchaser who wishes to make purchases using the secure method of the present invention could do so by acquiring a processor which has a remotely accessible identification code such as an Intel Pentium III processor, or by adding to the purchaser's computer a hardware item with a remotely accessible identification code, such as an add-in card, board or other device. When the Pentium III processor serial number is used, it is preferred that the computer hardware identification code used for the purposes of the present invention be a code based on modified version of the processor serial number, rather than the processor serial number itself.
It is to be understood that various additions and modifications may be made to the parts described above without departing from the ambit of the invention.

Claims

Claims:
1. A method of making a payment of a transaction amount over the Internet between a purchaser, who has a computer with a computer hardware identification code, and a vendor, including the following steps:
(a) from the purchaser's computer the purchaser forwards to the vendor over the Internet an account identification code identifying an account which the purchaser holds with a financial institution;
(b) the account identification code is then checked in a database which stores details of registered account identification codes and associated computer hardware identification codes;
(c) if the account identification code is not located in the database, a message is sent to the vendor indicating that the code has not been located;
(d) if the account identification code is located in the database, a test is performed to determine whether the computer hardware identification code associated with the account identification code matches the computer hardware identification code on the computer from which the purchaser forwarded the account identification code;
(e) a message is sent to the vendor indicating that the computer hardware identification code matches or does not match, depending on the results of the test;
(f) details of the transaction amount and account identification code are transmitted to the financial institution with which the purchaser holds the account for authorisation; (g) if the financial institution determines not to authorise the payment, a message is sent to the vendor indicating that the payment has not been authorised;
(h) if the financial institution determines to authorise the payment, a message is sent to the vendor indicating that the payment has been authorised, and the vendor sends to the purchaser's computer a message indicating that the payment has been accepted.
2. A method according to claim 1 wherein the database is maintained by a verification service provider which is separate from the vendor and the financial institution, and the database holds account identification codes for accounts held with a plurality of different financial institutions, with the database being available for query by multiple different vendors.
3. A method according to claim 2 wherein the step of testing to determine whether the computer hardware identification code associated with the account identification code matches the computer hardware identification code on the computer from which the purchaser forwarded the account identification code is performed directly between the verification service provider and the purchaser's computer, so that details of computer hardware identification codes associated with particular account identification codes are kept confidential and never revealed to vendors or financial institutions.
4. A method according to claim 1 wherein the step of transmitting details of the transaction amount and account identification code to the financial institution for authorisation is performed by the vendor.
5. A method according to claim 2 wherein the vendor transmits the transaction amount to the verification service provider together with the account identification code, and the step of transmitting details of the transaction amount and account identification code to the financial institution for authorisation is performed by the verification service provider.
6. A method according to claim 5 wherein the message from the financial institution to the vendor indicating that the transaction has been authorised or has not been authorised is sent via the verification service provider.
7. A method according to claim 1 wherein, if the account identification code is not located in the database, a message is sent to the purchaser inviting the purchaser to register with the database, on providing appropriately secure verification of identity.
8. A method according to claim 1 wherein, if the test determines that the computer hardware identification code does not match, a message is sent to the owner of the account and/or to the financial institution, indicating that a transaction has been attempted with the account identification code from a computer which is not the computer registered in the database.
9. A method according to claim 1 wherein the account identification code is a credit card or debit card number, or a code derived from such a number.
10. A method according to claim 1 wherein the computer hardware identification code is a computer processor serial number, or a code derived from such a number.
PCT/AU2000/000024 2000-01-18 2000-01-18 Secure internet payment method Ceased WO2001054003A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/AU2000/000024 WO2001054003A1 (en) 2000-01-18 2000-01-18 Secure internet payment method
AU24251/00A AU2425100A (en) 2000-01-18 2000-01-18 Secure internet payment method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/AU2000/000024 WO2001054003A1 (en) 2000-01-18 2000-01-18 Secure internet payment method

Publications (1)

Publication Number Publication Date
WO2001054003A1 true WO2001054003A1 (en) 2001-07-26

Family

ID=3700782

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU2000/000024 Ceased WO2001054003A1 (en) 2000-01-18 2000-01-18 Secure internet payment method

Country Status (2)

Country Link
AU (1) AU2425100A (en)
WO (1) WO2001054003A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2368168A (en) * 2000-05-17 2002-04-24 Nigel Henry Rawlins Transaction authentication
SG115432A1 (en) * 2001-12-04 2005-10-28 Clickhere2 Network Pte Ltd A computer-based donation system
WO2005084100A3 (en) * 2004-03-10 2007-07-05 Legitimi Ltda Access control system for information services based on a hardware and software signature of a requesting device

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997019414A1 (en) * 1995-11-21 1997-05-29 Oxford Media Pty. Ltd. Computer network value payment system

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997019414A1 (en) * 1995-11-21 1997-05-29 Oxford Media Pty. Ltd. Computer network value payment system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2368168A (en) * 2000-05-17 2002-04-24 Nigel Henry Rawlins Transaction authentication
SG115432A1 (en) * 2001-12-04 2005-10-28 Clickhere2 Network Pte Ltd A computer-based donation system
WO2005084100A3 (en) * 2004-03-10 2007-07-05 Legitimi Ltda Access control system for information services based on a hardware and software signature of a requesting device

Also Published As

Publication number Publication date
AU2425100A (en) 2001-07-31

Similar Documents

Publication Publication Date Title
US7003501B2 (en) Method for preventing fraudulent use of credit cards and credit card information, and for preventing unauthorized access to restricted physical and virtual sites
US6947727B1 (en) Method and system for authentication of a service request
RU2645593C2 (en) Verification of portable consumer devices
ES2748847T3 (en) Secure payment card transactions
US20100179906A1 (en) Payment authorization method and apparatus
USRE43440E1 (en) Method for performing a transaction over a network
AU2004252925B2 (en) Transaction verification system
US7319987B1 (en) Tokenless financial access system
US6847816B1 (en) Method for making a payment secure
JP4097040B2 (en) Tokenless identification system for approval of electronic transactions and electronic transmissions
US7248719B2 (en) Tokenless electronic transaction system
US6192142B1 (en) Tokenless biometric electronic stored value transactions
US6985608B2 (en) Tokenless electronic transaction system
US20050033653A1 (en) Electronic mail card purchase verification
US20060190412A1 (en) Method and system for preventing fraudulent use of credit cards and credit card information, and for preventing unauthorized access to restricted physical and virtual sites
US20140304157A1 (en) Identity theft and fraud protection system and method
US20040128249A1 (en) System and method for tokenless biometric electronic scrip
RU2281555C2 (en) Electronic method for transferring money
CA2260533A1 (en) Method and apparatus for electronic commerce
WO2006062998A2 (en) System and method for identity verification and management
EP1134707A1 (en) Payment authorisation method and apparatus
WO2001052205A1 (en) A processing method and apparatus
KR20000049788A (en) Personal ID automatic delivery and security by telecommunication system
US20100017333A1 (en) Methods and systems for conducting electronic commerce
WO2001054003A1 (en) Secure internet payment method

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase