[go: up one dir, main page]

WO2003098563A2 - Transaction authorisation system - Google Patents

Transaction authorisation system Download PDF

Info

Publication number
WO2003098563A2
WO2003098563A2 PCT/GB2003/002187 GB0302187W WO03098563A2 WO 2003098563 A2 WO2003098563 A2 WO 2003098563A2 GB 0302187 W GB0302187 W GB 0302187W WO 03098563 A2 WO03098563 A2 WO 03098563A2
Authority
WO
WIPO (PCT)
Prior art keywords
transaction
authorisation
party
web site
details
Prior art date
Application number
PCT/GB2003/002187
Other languages
French (fr)
Other versions
WO2003098563A8 (en
Inventor
Richard Read
Simon Bargate
Mark Jones
Original Assignee
Yates Web Marketing Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yates Web Marketing Limited filed Critical Yates Web Marketing Limited
Priority to AU2003239682A priority Critical patent/AU2003239682A1/en
Publication of WO2003098563A2 publication Critical patent/WO2003098563A2/en
Publication of WO2003098563A8 publication Critical patent/WO2003098563A8/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/22Payment schemes or models
    • G06Q20/24Credit schemes, i.e. "pay after"
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists

Definitions

  • the present invention relates to a Transaction Authorisation System.
  • a purchaser uses Internet browser software to input their credit card number to a web site together with the expiry date of the credit card, and often enters other information pertinent to the transaction, for example a delivery address.
  • the web site server contacts the issuer of the credit card to obtain confirmation that the credit card number is valid and that the transaction does not exceed the credit limit of the credit card.
  • a web site server may cross-reference the delivery address given by a purchaser with the address recorded by the issuer of the credit card. If the delivery address does not correspond to the address held by the credit card issuer then the web site server may refuse to dispatch the purchased goods. This cross-referencing provides some protection against fraudulent transactions, although the protection is limited.
  • a transaction authorisation system for authorising a transaction between first and second parties, in which details which identify a payment means are provided to the first party of the transaction, details of the transaction are passed to a third party having a server hosting an authorisation web site together with details identifying the second party of the transaction, the second party of the transaction indicates to the third party whether the transaction is authorised, and the third party passes this authorisation information to the first party of the transaction.
  • the invention is advantageous because the third party, which is conveniently accessible via the internet, refrains from authorising a transaction until specifically instructed to do so by the second party.
  • the payment means may be a credit card account, a bank account or any other suitable payment means.
  • the authorisation information comprises confirmation that the transaction is authorised
  • the first party then completes the transaction.
  • the authorisation information comprises an indication that the second party has decided to cancel the transaction
  • the first party cancels the transaction.
  • the authorisation information comprises an indication that the transaction is fraudulent
  • the first party cancels the transaction and an administrator of the payment means is notified that a fraudulent transaction has been attempted.
  • the administrator of the payment means is notified directly by the third party.
  • the authorisation information is recorded by the third party at the server hosting the authorisation web site, and cannot subsequently be altered by the first or second parties.
  • the recorded authorisation information may be subsequently viewed at the authorisation web site by the first or second parties.
  • the details identifying the second party are passed by the first party to the third party.
  • the details which identify the payment means are passed to the administrator of the payment means, and the administrator of the payment means then passes to the third party details identifying the second party.
  • the system may include a database which cross-references payment means details with second party identity details. Consequently, the details that identify a payment means may in some instances be identity details, and details identifying a second party may in some instances be payment means details.
  • the details identifying the second party comprise an authorisation reference number which identifies the second party at the server hosting the authorisation web site.
  • the authorisation reference number is used to identify the payment means to be used for the transaction, the payment means administrator holding a database which cross-references the authorisation reference number and the payment means.
  • the second party logs on to the authorisation web site via the Internet, the logging on process including a security check, and authorises the transaction at the web site.
  • the second party is already logged on to the authorisation web site before the transaction is initiated, and authorises the transaction at the web site.
  • the second party is required to pass a security check in order to authorise the transaction.
  • the second party logs on to the authorisation web site using a Wireless Application Protocol (WAP) telephone.
  • WAP Wireless Application Protocol
  • the authorisation web site sends a text message including details of the transaction to a telephone operated by the second party, and the second party authorises the transaction by entering security information into the telephone as a text message, and sending the text message to the web site.
  • the authorisation web site rings a telephone operated by the second party and provides orally details of the transaction, the second party authorising the transaction by entering an authorisation code using the keypad of the telephone.
  • the administrator of the payment means determines whether the payment means is valid and has not exceeded its payment limit.
  • the first party is a vendor of an item or service
  • the second party is a purchaser of the item or service
  • the third party is an authorisation regulator.
  • Figure 1 is a schematic diagram of a first embodiment of the transaction authorisation system according to the invention
  • Figure 2 is a schematic diagram of a second embodiment of the transaction authorisation system according to the invention.
  • FIG. 1 A transaction which takes place over the Internet is shown schematically in figure 1, each step of the transaction being numbered in chronological order.
  • a customer wishes to purchase an item from an e-retailer.
  • the customer uses Internet browser software to input 1 their credit card number to a web site of the e- retailer.
  • the web server of the e-retailer Upon receiving the credit card details, the web server of the e-retailer forwards details 2 of the credit card and the transaction amount to the credit card issuer.
  • the credit card issuer checks the credit card details against its records to determine whether the credit card is valid and has not exceeded its credit limit. Provided that the card satisfies these requirements, the credit card issuer sends a message 3 back to the e-retailer authorising the transaction. In a conventional Internet transaction the e-retailer would at this point dispatch the ordered item to the customer. However, the invention provides an extra authorisation step which adds security to the transaction.
  • the web server of the e-retailer sends a message 4 over the Internet to a web site administrated by a third party (hereafter referred to as the authorisation web site).
  • the message comprises sufficient information to identify the customer. This may be for example a personal authorisation reference number which is input by the customer at the e-retailer web site, or may be the customer's name and address, or the customer's credit card number.
  • the message also includes information relating to the item that the customer wishes to purchase. In order to authorise the purchase of the item, the customer must log on 5 to the authorisation web site.
  • the authorisation web site is provided with a security system which requires a user name and password to allow the customer to log on to the web site.
  • the web site has an 'account' which relates to the credit card that has been used (the account may relate to more than one credit card), and the customer must log on to that account in order to authorise the purchase.
  • the user name and password are known only to the customer; a third party which has skimmed the credit card number will have no way of knowing the user name and password and thus cannot log on to the authorisation web site to authorise the purchase.
  • a flashing icon indicates that there is a transaction to be authorised. Upon selecting that icon details of the transaction are displayed. The customer may then select one of three options: authorise, changed mind, or fraudulent transaction. A message 6 is then sent from authorisation web site to the e-retailer web site.
  • the message 6 sent from the authorisation web site to the e-retailer web site indicates that the customer has authorised the transaction.
  • the e-retailer then dispatches 7 the purchased item. The item is not dispatched until authorisation is received from the authorisation web site.
  • the message states that the transaction is cancelled, and the e-retailer cancels the transaction. If the customer selects 'fraudulent transaction' then the message sent to the e-retailer alerts the e- retailer to the fact that an unauthorised person has attempted to use the credit card.
  • the e-retailer web server passes this information to the credit card issuer (this is not shown in figure 1). The fraudulent transaction information may be passed directly to the credit card issuer from the authorisation web site (this is not shown in figure 1).
  • the invention prevents a fraudulent transaction taking place using a skimmed credit card number, since the transaction will not take place until it is authorised by the owner of the credit card.
  • the e-retailer may require all purchasers to use the transaction authorisation system. Alternatively, the requirement may be enforced only for transactions which exceed a predetermined limit.
  • the credit card issuer determines whether the purchase should be subject to the transaction authorisation system.
  • the e-retailer forwards credit card details 2 to the credit card issuer, who checks the validity of the credit card number, and the available credit, in the usual way.
  • the credit card company sends details 8 regarding the credit card holder to the authorisation web site.
  • the authorisation web site identifies the credit card holder, and refrains from authorising the transaction until the credit card holder has logged on to the authorisation web site and authorised the transaction.
  • a message is sent 9 to the credit card issuer, which in turn forwards authorisation 10 to the e-retailer.
  • the transaction authorisation system is transparent to the e-retailer, who does not require any information in addition to that usually taken for a credit card transaction, and does not require any additional action to be taken.
  • the modified embodiment of the invention may be adopted by a credit card issuer for all Internet transactions which involve its credit cards. This would significantly reduce the number of fraudulent transactions carried using that issuer's credit cards.
  • the credit card issuer may offer the transaction authorisation scheme to its customers. Customers who subscribe to the scheme will be provided with peace of mind through knowing that their credit card cannot be used to carry out a transaction over the Internet without consent being given using a username and password known only to them.
  • Status information regarding each transaction is held at the authorisation web site and cannot be modified by the customer or e-retailer after the event. For example, once the customer has provided authorisation for a transaction, this information is retained at the authorisation web site and cannot subsequently be altered. This prevents the customer from authorising a transaction and subsequently attempting to claim that the transaction was not authorised.
  • the authorisation information is held in a form that can be easily accessed and monitored by the e- retailer and customer at any time in the future.
  • Further information may be held at the authorisation database, for example the date that the e-retailer dispatched a purchased item. This information is also held in a form that can be easily accessed and monitored by the e-retailer and customer at any time in the future.
  • the customer is permanently logged in to the authorisation web site via the Internet (permanent Internet connection is provided by several ISP's and is becoming increasingly widespread).
  • the authorisation web site receives the authorisation request message from the e-retailer and a flashing icon immediately appears on the customer's screen asking him to authorise the transaction.
  • the transaction may be authorised immediately. It will be appreciated that the full authorisation process, from the moment the customer has entered his credit card details at the e-retailer's web site, will only take a few seconds.
  • the customer may be required to enter a password, or some other security information, in order to authorise the transaction. This is to prevent a third party with access to the customer's computer from authorising fraudulent transactions (the customer is permanently logged in to the authorisation web site).
  • An e-retailer that wishes to implement the invention is provided with software which is installed at the e-retailer's web site.
  • the software is configured to automatically send messages between the e-retailer, the customer, the credit card issuer and the authorisation web site as described above.
  • the invention is not limited to authorisation of transactions with e-retailers, but may be applied to any situation in which fraudulent use of credit card details (or other payment means) may be a problem.
  • the invention allows a transaction to be authorised by a credit card holder on behalf of someone else. For example, a credit card holder may give his credit card details to a relative that is travelling overseas. The relative may wish to purchase an item from an e-retailer, and enters the credit card details at the e-retailer's web site in the usual way. The credit card holder is then asked by the authorisation web site to authorise the transaction. In this way the relative is given the means to purchase items, but only with specific authorisation from the credit card holder.
  • a company employee may be responsible for ordering stationery from an e-retailer, the e-retailer having standing instructions not to dispatch an order until it has been authorised by a director of the company using the invention.
  • Authorisation may be provided by a customer by logging on to the authorisation web site using a Wireless Application Protocol (WAP) telephone.
  • the authorisation web site may be configured to alert the customer's WAP telephone when there is a transaction to be authorised, the customer being required to enter a password or code in order to authorise the transaction.
  • WAP Wireless Application Protocol
  • Authorisation may be provided using a conventional mobile telephone.
  • the authorisation web site is configured to send a text message to the mobile telephone of the customer requesting that authorisation be provided for a transaction, and including details of the transaction.
  • the customer enters a password or code in order to authorise the transaction.
  • Authorisation may be provided using a conventional telephone.
  • the authorisation web site rings the customer's telephone, uses an automated voice to give the customer details of the transaction and then asks the customer to enter an authorisation code using the keypad of his telephone.
  • the invention may be dovetailed with a credit card issuer's system such that a customer is not required to enter his credit card details when initiating a transaction, but instead enters his personal authorisation reference number.
  • the authorisation reference number is used by the credit card issuer to locate the credit card details of the customer.
  • the authorisation reference number is also used to notify the authorisation web site that that customer has initiated a transaction that needs to be authorised.
  • the invention may be used to authorise remotely a conventional credit card transaction.
  • a travelling relative that has been provided with credit card details of a credit card holder may wish to use those credit card details to book a hotel room.
  • the travelling relative does not possess the physical credit card, and in any case could not provide the signature required to authorise the transaction.
  • the details of the credit card are sent by the hotel, via the Internet, to the authorisation web site.
  • the credit card holder is then requested by the authorisation web site to authorise the transaction as described above.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A transaction authorization system for authorising a transaction between first and second parties, in which details which identify a payment means are provided to first party of a transaction, details of the transaction are passed to a third party having a server hosting an authorisation web site together with details identifying a second party of the transaction, the second party of the transaction indicates to the third party whether the transaction is authorised, and the third party passes this authorisation information to the first party of the transaction.

Description

TRANSACTION AUTHORISATION SYSTEM
The present invention relates to a Transaction Authorisation System.
In recent years there has been a rapid expansion of the Internet. The nature in which the Internet is used has changed considerably, and it is now common for shoppers to purchase goods over the Internet. The purchase of goods over the Internet, and other financial transactions, is often carried out using a credit card.
Typically, to make a purchase over the Internet a purchaser uses Internet browser software to input their credit card number to a web site together with the expiry date of the credit card, and often enters other information pertinent to the transaction, for example a delivery address. The web site server contacts the issuer of the credit card to obtain confirmation that the credit card number is valid and that the transaction does not exceed the credit limit of the credit card.
One known way in which a fraudulent transaction may be carried out over the Internet is by obtaining the credit card number of a third party and using that number to purchase goods. This is known as using a 'skimmed' credit card. Many web sites offer no protection against a fraudulent transaction of this type.
A web site server may cross-reference the delivery address given by a purchaser with the address recorded by the issuer of the credit card. If the delivery address does not correspond to the address held by the credit card issuer then the web site server may refuse to dispatch the purchased goods. This cross-referencing provides some protection against fraudulent transactions, although the protection is limited.
It is an object of the present invention to provide a transaction authorisation system which reduces the potential for fraudulent credit card transactions. According to the invention there is provided a transaction authorisation system for authorising a transaction between first and second parties, in which details which identify a payment means are provided to the first party of the transaction, details of the transaction are passed to a third party having a server hosting an authorisation web site together with details identifying the second party of the transaction, the second party of the transaction indicates to the third party whether the transaction is authorised, and the third party passes this authorisation information to the first party of the transaction.
The invention is advantageous because the third party, which is conveniently accessible via the internet, refrains from authorising a transaction until specifically instructed to do so by the second party.
The payment means may be a credit card account, a bank account or any other suitable payment means.
Preferably, when the authorisation information comprises confirmation that the transaction is authorised, the first party then completes the transaction.
Preferably, when the authorisation information comprises an indication that the second party has decided to cancel the transaction, the first party then cancels the transaction.
Preferably, when the authorisation information comprises an indication that the transaction is fraudulent, the first party cancels the transaction and an administrator of the payment means is notified that a fraudulent transaction has been attempted.
Preferably, the administrator of the payment means is notified directly by the third party. Preferably, the authorisation information is recorded by the third party at the server hosting the authorisation web site, and cannot subsequently be altered by the first or second parties.
Preferably, the recorded authorisation information may be subsequently viewed at the authorisation web site by the first or second parties.
Preferably, other details relevant to the transaction are also recorded by the third party at the server hosting the authorisation web site and cannot subsequently be altered by the first or second parties.
Preferably, the details identifying the second party are passed by the first party to the third party.
Preferably, the details which identify the payment means are passed to the administrator of the payment means, and the administrator of the payment means then passes to the third party details identifying the second party.
The system may include a database which cross-references payment means details with second party identity details. Consequently, the details that identify a payment means may in some instances be identity details, and details identifying a second party may in some instances be payment means details.
Preferably, the details identifying the second party comprise an authorisation reference number which identifies the second party at the server hosting the authorisation web site.
Preferably, the authorisation reference number is used to identify the payment means to be used for the transaction, the payment means administrator holding a database which cross-references the authorisation reference number and the payment means. Preferably, the second party logs on to the authorisation web site via the Internet, the logging on process including a security check, and authorises the transaction at the web site.
Preferably, the second party is already logged on to the authorisation web site before the transaction is initiated, and authorises the transaction at the web site.
Preferably, the second party is required to pass a security check in order to authorise the transaction.
Preferably, the second party logs on to the authorisation web site using a Wireless Application Protocol (WAP) telephone.
Preferably, the authorisation web site sends a text message including details of the transaction to a telephone operated by the second party, and the second party authorises the transaction by entering security information into the telephone as a text message, and sending the text message to the web site.
Preferably, the authorisation web site rings a telephone operated by the second party and provides orally details of the transaction, the second party authorising the transaction by entering an authorisation code using the keypad of the telephone.
Preferably, the administrator of the payment means determines whether the payment means is valid and has not exceeded its payment limit.
Preferably, the first party is a vendor of an item or service, the second party is a purchaser of the item or service, and the third party is an authorisation regulator.
Specific embodiments of the invention will now be described by way of example only, with reference to the accompanying figures in which:
Figure 1 is a schematic diagram of a first embodiment of the transaction authorisation system according to the invention; and Figure 2 is a schematic diagram of a second embodiment of the transaction authorisation system according to the invention.
A transaction which takes place over the Internet is shown schematically in figure 1, each step of the transaction being numbered in chronological order.
A customer wishes to purchase an item from an e-retailer. The customer uses Internet browser software to input 1 their credit card number to a web site of the e- retailer. Upon receiving the credit card details, the web server of the e-retailer forwards details 2 of the credit card and the transaction amount to the credit card issuer.
The credit card issuer checks the credit card details against its records to determine whether the credit card is valid and has not exceeded its credit limit. Provided that the card satisfies these requirements, the credit card issuer sends a message 3 back to the e-retailer authorising the transaction. In a conventional Internet transaction the e-retailer would at this point dispatch the ordered item to the customer. However, the invention provides an extra authorisation step which adds security to the transaction.
Where the invention has been implemented by the e-retailer, the customer is informed that the transaction can only take place when the transaction authorisation system has authorised the transaction. The web server of the e-retailer sends a message 4 over the Internet to a web site administrated by a third party (hereafter referred to as the authorisation web site). The message comprises sufficient information to identify the customer. This may be for example a personal authorisation reference number which is input by the customer at the e-retailer web site, or may be the customer's name and address, or the customer's credit card number. The message also includes information relating to the item that the customer wishes to purchase. In order to authorise the purchase of the item, the customer must log on 5 to the authorisation web site. The authorisation web site is provided with a security system which requires a user name and password to allow the customer to log on to the web site. The web site has an 'account' which relates to the credit card that has been used (the account may relate to more than one credit card), and the customer must log on to that account in order to authorise the purchase. The user name and password are known only to the customer; a third party which has skimmed the credit card number will have no way of knowing the user name and password and thus cannot log on to the authorisation web site to authorise the purchase.
Once the customer has logged on to the web site, a flashing icon indicates that there is a transaction to be authorised. Upon selecting that icon details of the transaction are displayed. The customer may then select one of three options: authorise, changed mind, or fraudulent transaction. A message 6 is then sent from authorisation web site to the e-retailer web site.
If the customer selects 'authorise' then the message 6 sent from the authorisation web site to the e-retailer web site indicates that the customer has authorised the transaction. The e-retailer then dispatches 7 the purchased item. The item is not dispatched until authorisation is received from the authorisation web site.
If the customer selects 'changed mind' then the message states that the transaction is cancelled, and the e-retailer cancels the transaction. If the customer selects 'fraudulent transaction' then the message sent to the e-retailer alerts the e- retailer to the fact that an unauthorised person has attempted to use the credit card. The e-retailer web server passes this information to the credit card issuer (this is not shown in figure 1). The fraudulent transaction information may be passed directly to the credit card issuer from the authorisation web site (this is not shown in figure 1).
The invention prevents a fraudulent transaction taking place using a skimmed credit card number, since the transaction will not take place until it is authorised by the owner of the credit card. The e-retailer may require all purchasers to use the transaction authorisation system. Alternatively, the requirement may be enforced only for transactions which exceed a predetermined limit.
In a modified embodiment of the invention, shown in figure 2, the credit card issuer determines whether the purchase should be subject to the transaction authorisation system. The e-retailer forwards credit card details 2 to the credit card issuer, who checks the validity of the credit card number, and the available credit, in the usual way. The credit card company sends details 8 regarding the credit card holder to the authorisation web site. The authorisation web site identifies the credit card holder, and refrains from authorising the transaction until the credit card holder has logged on to the authorisation web site and authorised the transaction. When authorisation is received, a message is sent 9 to the credit card issuer, which in turn forwards authorisation 10 to the e-retailer. In the modified embodiment of the invention the transaction authorisation system is transparent to the e-retailer, who does not require any information in addition to that usually taken for a credit card transaction, and does not require any additional action to be taken.
The modified embodiment of the invention may be adopted by a credit card issuer for all Internet transactions which involve its credit cards. This would significantly reduce the number of fraudulent transactions carried using that issuer's credit cards. Alternatively, the credit card issuer may offer the transaction authorisation scheme to its customers. Customers who subscribe to the scheme will be provided with peace of mind through knowing that their credit card cannot be used to carry out a transaction over the Internet without consent being given using a username and password known only to them.
Status information regarding each transaction is held at the authorisation web site and cannot be modified by the customer or e-retailer after the event. For example, once the customer has provided authorisation for a transaction, this information is retained at the authorisation web site and cannot subsequently be altered. This prevents the customer from authorising a transaction and subsequently attempting to claim that the transaction was not authorised. The authorisation information is held in a form that can be easily accessed and monitored by the e- retailer and customer at any time in the future.
Further information may be held at the authorisation database, for example the date that the e-retailer dispatched a purchased item. This information is also held in a form that can be easily accessed and monitored by the e-retailer and customer at any time in the future.
In a modified arrangement of the invention the customer is permanently logged in to the authorisation web site via the Internet (permanent Internet connection is provided by several ISP's and is becoming increasingly widespread). When the customer wishes to purchase an item from an e-retailer, the authorisation web site receives the authorisation request message from the e-retailer and a flashing icon immediately appears on the customer's screen asking him to authorise the transaction. The transaction may be authorised immediately. It will be appreciated that the full authorisation process, from the moment the customer has entered his credit card details at the e-retailer's web site, will only take a few seconds. The customer may be required to enter a password, or some other security information, in order to authorise the transaction. This is to prevent a third party with access to the customer's computer from authorising fraudulent transactions (the customer is permanently logged in to the authorisation web site).
An e-retailer that wishes to implement the invention is provided with software which is installed at the e-retailer's web site. The software is configured to automatically send messages between the e-retailer, the customer, the credit card issuer and the authorisation web site as described above.
The invention is not limited to authorisation of transactions with e-retailers, but may be applied to any situation in which fraudulent use of credit card details (or other payment means) may be a problem. The invention allows a transaction to be authorised by a credit card holder on behalf of someone else. For example, a credit card holder may give his credit card details to a relative that is travelling overseas. The relative may wish to purchase an item from an e-retailer, and enters the credit card details at the e-retailer's web site in the usual way. The credit card holder is then asked by the authorisation web site to authorise the transaction. In this way the relative is given the means to purchase items, but only with specific authorisation from the credit card holder. In an alternative scenario, a company employee may be responsible for ordering stationery from an e-retailer, the e-retailer having standing instructions not to dispatch an order until it has been authorised by a director of the company using the invention.
Authorisation may be provided by a customer by logging on to the authorisation web site using a Wireless Application Protocol (WAP) telephone. The authorisation web site may be configured to alert the customer's WAP telephone when there is a transaction to be authorised, the customer being required to enter a password or code in order to authorise the transaction.
Authorisation may be provided using a conventional mobile telephone. The authorisation web site is configured to send a text message to the mobile telephone of the customer requesting that authorisation be provided for a transaction, and including details of the transaction. The customer enters a password or code in order to authorise the transaction.
Authorisation may be provided using a conventional telephone. The authorisation web site rings the customer's telephone, uses an automated voice to give the customer details of the transaction and then asks the customer to enter an authorisation code using the keypad of his telephone.
The invention may be dovetailed with a credit card issuer's system such that a customer is not required to enter his credit card details when initiating a transaction, but instead enters his personal authorisation reference number. The authorisation reference number is used by the credit card issuer to locate the credit card details of the customer. The authorisation reference number is also used to notify the authorisation web site that that customer has initiated a transaction that needs to be authorised.
The invention may be used to authorise remotely a conventional credit card transaction. For example, a travelling relative that has been provided with credit card details of a credit card holder may wish to use those credit card details to book a hotel room. The travelling relative does not possess the physical credit card, and in any case could not provide the signature required to authorise the transaction. Using the invention, the details of the credit card are sent by the hotel, via the Internet, to the authorisation web site. The credit card holder is then requested by the authorisation web site to authorise the transaction as described above.

Claims

1. A transaction authorisation system for authorising a transaction between first and second parties, in which details which identify a payment means are provided to a first party of a transaction, details of the transaction are passed to a third party having a server hosting an authorisation web site together with details identifying a second party of the transaction, the second party of the transaction indicates to the third party whether the transaction is authorised, and the third party passes this authorisation information to the first party of the transaction.
2. A transaction authorisation system according to claim 1, wherein when the authorisation information comprises confirmation that the transaction is authorised, the first party then completes the transaction.
3. A transaction authorisation system according to claim 1 or claim 2, wherein when the authorisation information comprises an indication that the second party has decided to cancel the transaction, the first party then cancels the transaction.
4. A transaction authorisation system according to any of claims 1, 2 or 3, wherein when the authorisation information comprises an indication that the transaction is fraudulent, the first party cancels the transaction and the administrator of the payment means is notified that a fraudulent transaction has been attempted.
5. A transaction authorisation system according to claim 4, wherein the administrator of the payment means is notified directly by the third party.
6. A transaction authorisation system according to any preceding claim, wherein the authorisation information is recorded by the third party at the server hosting the authorisation web site, and cannot subsequently be altered by the first or second parties.
7. A transaction authorisation system according to claim 6, wherein the recorded authorisation information may be subsequently viewed at the authorisation web site by the first or second parties.
8. A transaction authorisation system according to claim 6 or claim 7, wherein other details relevant to the transaction are also recorded by the third party at the server hosting the authorisation web site and cannot subsequently be altered by the first or second parties.
9. A transaction authorisation system according to any preceding claim, wherein the details identifying the second party are passed by the first party to the third party.
10. A transaction authorisation system according to any preceding claim, wherein the details which identify the payment means are passed to the administrator of the payment means, and the administrator of the payment means then passes to the third party details identifying the second party.
11. A transaction authorisation system according to any preceding claim, wherein the system includes a database which cross-references payment means details with second party identity details.
12. A transaction authorisation system according to any preceding claim, wherein the details identifying the second party comprise an authorisation reference number which identifies the second party at the server hosting the authorisation web site.
13. A transaction authorisation system according to claim 12, wherein the authorisation reference number is used to identify the payment means to be used for the transaction, the payment means administrator holding a database which cross- references the authorisation reference number and the payment means.
14. A transaction authorisation system according to any preceding claim, wherein the second party logs on to the authorisation web site via the Internet, the logging on process including a security check, and authorises the transaction at the web site.
15. A transaction authorisation system according to claim 13, wherein the second party is already logged on to the authorisation web site before the transaction is initiated, and authorises the transaction at the web site.
16. A transaction authorisation system according to claim 15, wherein the second party is required to pass a security check in order to authorise the transaction.
17. A transaction authorisation system according to claim 14, wherein the second party logs on to the authorisation web site using a Wireless Application Protocol (WAP) telephone.
18. A transaction authorisation system according to any of claims 1 to 13, wherein the authorisation web site sends a text message including details of the transaction to a telephone operated by the second party, and the second party authorises the transaction by entering security information into the telephone as a text message, and sending the text message to the web site.
19. A transaction authorisation system according to any of claims 1 to 13, wherein the authorisation web site rings a telephone operated by the second party and provides orally details of the transaction, the second party authorising the transaction by entering an authorisation code using the keypad of the telephone.
20. A transaction authorisation system according to any preceding claim, wherein the administrator of the payment means determines whether the payment means is valid and has not exceeded its payment limit.
21. A transaction authorisation system according to any preceding claim, wherein the first party is a vendor of an item or service, the second party is a purchaser of the item or service, and the third party is an authorisation regulator.
22. A transaction authorisation system substantially as hereinbefore described with reference to the accompanying figures.
PCT/GB2003/002187 2002-05-22 2003-05-21 Transaction authorisation system WO2003098563A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2003239682A AU2003239682A1 (en) 2002-05-22 2003-05-21 Transaction authorisation system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB0211730.7 2002-05-22
GB0211730A GB0211730D0 (en) 2002-05-22 2002-05-22 Transaction authorisation system

Publications (2)

Publication Number Publication Date
WO2003098563A2 true WO2003098563A2 (en) 2003-11-27
WO2003098563A8 WO2003098563A8 (en) 2004-02-12

Family

ID=9937152

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2003/002187 WO2003098563A2 (en) 2002-05-22 2003-05-21 Transaction authorisation system

Country Status (3)

Country Link
AU (1) AU2003239682A1 (en)
GB (1) GB0211730D0 (en)
WO (1) WO2003098563A2 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008104788A3 (en) * 2007-02-28 2008-11-27 Secoren Ltd Authorisation system
EP2214373A1 (en) 2009-01-30 2010-08-04 BRITISH TELECOMMUNICATIONS public limited company Secure web-based service provision
WO2010086624A1 (en) 2009-01-30 2010-08-05 British Telecommunications Public Limited Compan Secure web-based service provision
US7885890B2 (en) * 2006-01-17 2011-02-08 Hsbc Finance Corporation System for authorizing credit use

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
No Search *

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7885890B2 (en) * 2006-01-17 2011-02-08 Hsbc Finance Corporation System for authorizing credit use
WO2008104788A3 (en) * 2007-02-28 2008-11-27 Secoren Ltd Authorisation system
JP2010520524A (en) * 2007-02-28 2010-06-10 セコレン リミテッド Approval system
JP4810613B2 (en) * 2007-02-28 2011-11-09 セコレン リミテッド Approval system
AU2008220625B2 (en) * 2007-02-28 2011-11-24 Secoren Limited Authorisation system
AP2553A (en) * 2007-02-28 2013-01-31 Secoren Ltd Authorisation system
EP2214373A1 (en) 2009-01-30 2010-08-04 BRITISH TELECOMMUNICATIONS public limited company Secure web-based service provision
WO2010086624A1 (en) 2009-01-30 2010-08-05 British Telecommunications Public Limited Compan Secure web-based service provision
WO2010086625A1 (en) 2009-01-30 2010-08-05 British Telecommunications Public Limited Company Secure web-based service provision
US8844056B2 (en) 2009-01-30 2014-09-23 British Telecommunications Public Limited Company Service provision
US9338185B2 (en) 2009-01-30 2016-05-10 British Telecommunications Public Limited Company Service provision

Also Published As

Publication number Publication date
WO2003098563A8 (en) 2004-02-12
AU2003239682A1 (en) 2003-12-02
GB0211730D0 (en) 2002-07-03

Similar Documents

Publication Publication Date Title
AU2018204529B2 (en) Electronic transaction fraud prevention
US8234172B2 (en) System for securing card payment transactions using a mobile communication device
US9582802B2 (en) Identity theft and fraud protection system and method
JP4083428B2 (en) Electronic payment system, payment apparatus and terminal
US8719106B2 (en) Identity theft and fraud protection system and method
EP1301912B1 (en) Transaction processing system
US8396747B2 (en) Identity theft and fraud protection system and method
US5615277A (en) Tokenless security system for authorizing access to a secured computer system
US20140046830A1 (en) Mobile Application For Monitoring and Managing Transactions Associated with Accounts Maintained at Financial Institutions
US20100179906A1 (en) Payment authorization method and apparatus
JP2006501584A (en) Electronic payment confirmation using transaction authorization token
US20090254476A1 (en) Method and system for managing personal and financial information
MXPA03002050A (en) Embedded synchronous random disposable code identification method and system.
WO2007027791A2 (en) System and method for locking and unlocking a financial account card
WO2002077745A2 (en) Transaction authorisation system
WO2008050132A2 (en) Secure authentication and payment system
EP1134707A1 (en) Payment authorisation method and apparatus
US20040122767A1 (en) Method for secure, anonymous electronic financial transactions
JP4071445B2 (en) Transaction mediation system, transaction mediation apparatus and program
WO2003098563A2 (en) Transaction authorisation system
JP2005115597A (en) Card management system and card information management method
JP2006085446A (en) Card illegal use prevention system
US20180018646A1 (en) Front end transaction system
GB2360383A (en) Payment authorisation
JP2003030472A (en) Membership shopping system by mobile phone

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NI NO NZ OM PH PL PT RO RU SC SD SE SG SK SL TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
D17 Declaration under article 17(2)a
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase in:

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP