US20190087823A1 - Cashless transaction processing methods and apparatus - Google Patents

Cashless transaction processing methods and apparatus Download PDF

Info

Publication number
US20190087823A1
US20190087823A1 US16/048,670 US201816048670A US2019087823A1 US 20190087823 A1 US20190087823 A1 US 20190087823A1 US 201816048670 A US201816048670 A US 201816048670A US 2019087823 A1 US2019087823 A1 US 2019087823A1
Authority
US
United States
Prior art keywords
token
transaction
authorization request
request
customer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US16/048,670
Inventor
Keyur Patel
PiyushKumar Mistry
Rahul Ojha
Hiren Patel
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Mastercard International Inc
Original Assignee
Mastercard International Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mastercard International Inc filed Critical Mastercard International Inc
Assigned to MASTERCARD INTERNATIONAL INCORPORATED reassignment MASTERCARD INTERNATIONAL INCORPORATED ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: MISTRY, PIYUSHKUMAR, OJHA, RAHUL, PATEL, HIREN, PATEL, KEYUR
Publication of US20190087823A1 publication Critical patent/US20190087823A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4093Monitoring of device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/347Passive cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes

Definitions

  • the present disclosure relates to cashless payment transactions.
  • it provides methods and systems to allow cashless payments to a merchant by a consumer.
  • the present disclosure proposes methods and systems for processing cashless transactions without the requirement for a sophisticated POS device.
  • a customer wishes to make a payment to a merchant
  • the customer requests a token from an issuing organization.
  • a token is provided to the customer.
  • the customer then provides the token to the merchant.
  • the merchant then provides the token to an acquirer bank which authenticates the token with the issuer. If the authentication is successful, the issuer transfers funds corresponding to the payment amount from a payment card account associated with the customer.
  • the transaction can be processed without the customer's payment card details being known by the merchant.
  • the method may be implemented smart phone devices owned by the customer and merchant so there is no requirement for POS devices or near field communication (NFC) devices.
  • NFC near field communication
  • a cashless transaction processing method comprises: receiving, in an issuer server, a transaction token request from a customer device, the transaction token request comprising an indication of a payment card account associated with a customer; providing a token to the customer device in response to the transaction token request; storing an indication of the token on the issuer server; receiving, from an acquirer server, a transaction authorization request, the transaction authorization request comprising a token; authenticating the token received in the transaction authorization request against the stored token; and initiating a transaction for the transaction amount from the payment card account associated with the customer.
  • the transaction token request further comprises an indication of a transaction amount.
  • the token has an expiry time and the authenticating the token received in the transaction authorization request further comprises determining whether the transaction authorization request was received within the expiry time.
  • the method further comprises generating a passcode; and providing the passcode to the customer device, wherein the transaction authorization request further comprises an indication of a passcode; and wherein authenticating the token received in the transaction authorization request further comprises comparing the received passcode with the passcode provided to the customer device.
  • the token comprises an issuer identifier portion which uniquely identifies an issuer organization associated with the issuer server. In an embodiment, the token comprises a random number portion.
  • a data processing apparatus for processing cashless transactions.
  • the data processing apparatus comprises: a computer processor; and a data storage device, the data storage device having a token authentication component and a transaction initiation component comprising non-transitory instructions operative by the processor to: receive a transaction token request from a customer device, the transaction token request comprising an indication of a payment card account associated with a customer; provide a token to the customer device in response to the transaction token request; store an indication of the token on the issuer server; receive, from an acquirer server, a transaction authorization request, the transaction authorization request comprising a token; authenticate the token received in the transaction authorization request against the stored token; and initiate a transaction for the transaction amount from the payment card account associated with the customer.
  • a non-transitory computer-readable medium has stored thereon program instructions for causing at least one processor to perform operations of a method disclosed above.
  • FIG. 1 is a block diagram of a data processing system according to an embodiment of the present invention
  • FIG. 2 is a block diagram illustrating a technical architecture of an issuer server according to an embodiment of the present invention.
  • FIG. 3 is a flowchart showing a method of processing a cashless transaction according to an embodiment of the present invention.
  • the term “payment card” refers to any suitable cashless payment device, such as a credit card, a debit card, a prepaid card, a charge card, a membership card, a promotional card, a frequent flyer card, an identification card, a prepaid card, a gift card, and/or any other device that may hold payment account information, such as mobile phones, Smartphones, personal digital assistants (PDAs), key fobs, transponder devices, NFC-enabled devices, and/or computers.
  • PDAs personal digital assistants
  • Each type of payment card can be used as a method of payment for performing a transaction.
  • FIG. 1 is a block diagram showing a data processing system according to an embodiment of the present invention.
  • the data processing system processes cashless transactions between a customer and a merchant.
  • the data processing system comprises a user device 110 associated with the customer; an issuer server 120 ; a merchant device 130 associated with the merchant; and an acquirer server 140 .
  • the user device 110 is a mobile computing device such as a smart phone, tablet device or laptop computer.
  • the user device 110 is coupled to the issuer server 120 via a network such as a mobile telephone network or the internet.
  • a communication channel between the user device 110 and the merchant device 130 is used to transmit a token between the user device 110 and the merchant device 130 .
  • This communication channel may be a mobile telecommunications network and the communication may take place through short message service (SMS) or unstructured supplementary service data (USSD), or other electronic communication method.
  • SMS short message service
  • USB unstructured supplementary service data
  • the customer and merchant may exchange information such as the token in person.
  • the issuer server 120 is a server associated with a financial institution is authorised by a payment network to issue payment card on behalf of customers to perform transactions over the payment network.
  • the financial institution also provides funding of the transaction to the payment network for transactions that are approved.
  • the issuer server 120 operates to generate a token in response to a request from the user device 110 .
  • This token may be used by the customer to carry out a transaction with the merchant without the need to provide the merchant with the details of their payment card.
  • the token may be generated by a separate party from the issuer server 120 , for example a token service provider.
  • the acquirer server 140 is a server associated with a financial institution with which the merchant has an account.
  • the acquirer server 140 is communicatively coupled with merchant device 130 via a communication network.
  • the acquirer server 140 may communicate with the merchant device via an application programming interface (API) or SMS or USSD.
  • API application programming interface
  • the acquirer server 140 and the issuer server 120 are both connected via a payment network which routes transaction authorization requests.
  • a payment network is the payment network provided by MasterCard.
  • FIG. 2 is a block diagram showing a technical architecture 200 of the issuer server 120 for performing an exemplary method 300 as described below with reference to FIG. 3 .
  • the method 300 is implemented by a computer having a data-processing unit.
  • the block diagram as shown FIG. 2 illustrates a technical architecture 200 of a computer which is suitable for implementing one or more embodiments herein.
  • the technical architecture 200 includes a processor 222 (which may be referred to as a central processor unit or CPU) that is in communication with memory devices including secondary storage 224 (such as disk drives), read only memory (ROM) 226 , and random access memory (RAM) 228 .
  • the processor 222 may be implemented as one or more CPU chips.
  • the technical architecture 200 may further comprise input/output (I/O) devices 230 , and network connectivity devices 232 .
  • the secondary storage 224 is typically comprised of one or more disk drives or tape drives and is used for non-volatile storage of data and as an over-flow data storage device if RAM 228 is not large enough to hold all working data. Secondary storage 224 may be used to store programs which are loaded into RAM 228 when such programs are selected for execution.
  • the secondary storage 224 has a token generation component 224 a , a token authentication component 224 b , and a transaction initiation component 224 c comprising non-transitory instructions operative by the processor 222 to perform various operations of the method of the present disclosure.
  • the components 224 a - 224 c are distinct modules which perform respective functions implemented by the issuer server 200 .
  • the ROM 226 is used to store instructions and perhaps data which are read during program execution.
  • the secondary storage 224 , the RAM 228 , and/or the ROM 226 may be referred to in some contexts as computer readable storage media and/or non-transitory computer readable media.
  • I/O devices 230 may include printers, video monitors, liquid crystal displays (LCDs), plasma displays, touch screen displays, keyboards, keypads, switches, dials, mice, track balls, voice recognizers, card readers, paper tape readers, or other well-known input devices.
  • LCDs liquid crystal displays
  • plasma displays plasma displays
  • touch screen displays keyboards, keypads, switches, dials, mice, track balls
  • voice recognizers card readers, paper tape readers, or other well-known input devices.
  • the network connectivity devices 232 may take the form of modems, modem banks, Ethernet cards, universal serial bus (USB) interface cards, serial interfaces, token ring cards, fiber distributed data interface (FDDI) cards, wireless local area network (WLAN) cards, radio transceiver cards that promote radio communications using protocols such as code division multiple access (CDMA), global system for mobile communications (GSM), long-term evolution (LTE), worldwide interoperability for microwave access (WiMAX), near field communications (NFC), radio frequency identity (RFID), and/or other air interface protocol radio transceiver cards, and other known network devices. These network connectivity devices 232 may enable the processor 222 to communicate with the Internet or one or more intranets.
  • CDMA code division multiple access
  • GSM global system for mobile communications
  • LTE long-term evolution
  • WiMAX worldwide interoperability for microwave access
  • NFC near field communications
  • RFID radio frequency identity
  • RFID radio frequency identity
  • the processor 222 might receive information from the network, or might output information to the network in the course of performing the above-described method operations.
  • Such information which is often represented as a sequence of instructions to be executed using processor 222 , may be received from and outputted to the network, for example, in the form of a computer data signal embodied in a carrier wave.
  • the processor 222 executes instructions, codes, computer programs, scripts which it accesses from hard disk, floppy disk, optical disk (these various disk based systems may all be considered secondary storage 224 ), flash drive, ROM 226 , RAM 228 , or the network connectivity devices 232 . While only one processor 222 is shown, multiple processors may be present. Thus, while instructions may be discussed as executed by a processor, the instructions may be executed simultaneously, serially, or otherwise executed by one or multiple processors.
  • the technical architecture 200 is described with reference to a computer, it should be appreciated that the technical architecture may be formed by two or more computers in communication with each other that collaborate to perform a task.
  • an application may be partitioned in such a way as to permit concurrent and/or parallel processing of the instructions of the application.
  • the data processed by the application may be partitioned in such a way as to permit concurrent and/or parallel processing of different portions of a data set by the two or more computers.
  • virtualization software may be employed by the technical architecture 200 to provide the functionality of a number of servers that is not directly bound to the number of computers in the technical architecture 200 .
  • Cloud computing may comprise providing computing services via a network connection using dynamically scalable computing resources.
  • a cloud computing environment may be established by an enterprise and/or may be hired on an as-needed basis from a third party provider.
  • the method 300 begins when the customer wishes to make a transaction with the merchant.
  • the customer using the user device 110 submits a transaction token request to the issuer server 120 .
  • the communication between the user device 110 and the issuer may be facilitated by a wallet application running on the user device 110 .
  • the wallet application stores an indication of a payment card account associated with the user.
  • the user may open the wallet application on the user device 110 . This may include the user entering a password, passcode or biometric data to authenticate themselves. The user may then enter an indication of the desired transaction amount and may select or confirm a payment card account to be used for the transaction.
  • the issuer server 120 receives the transaction token request from the user device.
  • the transaction token request comprises an indication of the payment card account of the customer.
  • the transaction token request may also comprise an indication of a transaction amount for the transaction between the customer and the merchant.
  • the token generation component 224 a of the issuer server 120 generates a token.
  • the token may comprise a tenant identifier portion that identifies the issuer and a random number portion that uniquely identifies the token.
  • the token may comprise a 3 digit tenant identifier portion and a 6 digit random number.
  • the tenant identifier portion allows the token to be routed to the issuer server 120 by the payment network.
  • the issuer server 120 may store an indication of the token linked to details of the transaction such as the transaction amount and details of the payment card account associated with the customer.
  • the token may be generated with a limited lifetime, for example the token may have to be used within 180 seconds of its creation. In an embodiment the expiry of the token is in the range 120 to 360 seconds.
  • the issuer server in addition to generating the token, the issuer server also generates a passcode, for example, a 4 or 6 digit number.
  • step 306 the issuer server 120 provides the token to the user device 110 .
  • Step 306 may involve the issuer server 120 sending the token to the wallet application running on the user device. If a passcode was also generated, the passcode is also provided to the user device 120 .
  • the customer provides these to the merchant.
  • the user provides the token to the merchant in person.
  • the token is a soft token, for example a string of characters.
  • the customer may provide the token to the merchant electronically, for example by sending a text message or SMS message including the token from the user device 110 to the merchant device 130 .
  • the customer may provide the token to the merchant electronically and may provide the passcode to the merchant verbally.
  • the merchant device 130 sends the token to the acquirer server 140 .
  • the token, and if applicable the passcode may be send to the acquirer server 140 via an API, SMS message, USSD or other data transfer protocol.
  • the merchant device 130 may also send details of the transaction amount to the acquirer server 140 .
  • the acquirer server 140 Once the acquirer server 140 has received the token and the passcode, the acquirer server 140 generates a token authentication request.
  • the token authentication request comprises the token and if applicable, the passcode.
  • the token authentication request is sent by the acquirer server 140 to the issuer server 120 via a payment network.
  • the payment network may use the token included in the token authentication request to route the token authentication request to the issuer server 120 .
  • the token may comprise a string to characters which the payment network uses to identify the issuer server 120 to route the token authentication request.
  • the token may include a dummy payment card number which is used by the payment network identify how to route the token authentication request.
  • the issuer server 120 receives the token authentication request from the acquirer server 140 via the payment network.
  • the token authentication component 224 b of the issuer server 120 authenticates the token received in the token authentication request.
  • the authentication may comprise validating the received token against the stored token to check if the two tokens match. This check may include checking that each character in the string of characters making up the token matches the string of characters in the stored token. If a passcode was also provided to the user device 110 , a passcode received as part of the token authentication request may also be compared with the passcode provided to the user device 110 .
  • the token has a limited lifetime, in such embodiments, the authentication of the token may comprise determining whether the lifetime has expired.
  • step 312 if the authentication in step 310 was successful, the transaction initiation component 224 c of the issuer server 120 initiates a transaction from the payment card associated with the customer to an account associated with the merchant.
  • the acquirer may be provided with the payment card details in order to carry out the transaction.
  • the merchant 130 may have an account registered with the acquirer server 140 .
  • the acquirer server 140 may use the payment card details received in step 312 to initiate a transaction for the transaction amount from the account associated with the customer which is identifiable using the payment card details and the account associated with the merchant.
  • the token authentication request sent by the acquirer server 140 to the issuer server 120 comprises an indication of an account associated with the merchant, thus, the transaction from the account associated with the customer to the account associated with the merchant can be initiated by the issuer server 120 .

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Computer Security & Cryptography (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A cashless transaction processing method is disclosed. The method comprises: receiving, in an issuer server, a transaction token request from a customer device, the transaction token request comprising an indication of a payment card account associated with a customer; providing a token to the customer device in response to the transaction token request; storing an indication of the token on the issuer server; receiving, from an acquirer server, a transaction authorization request, the transaction authorization request comprising a token; authenticating the token received in the transaction authorization request against the stored token; and initiating a transaction for the transaction amount from the payment card account associated with the customer.

Description

    CROSS-REFERENCE TO RELATED APPLICATION
  • This application is a U.S. National Stage filing under 35 U.S.C. § 119, based on and claiming benefits of and priority to Indian Patent Application No. 201741033395 filed on Sep. 20, 2017. The entire disclosure of the above application is incorporated herein by reference for all purposes.
    • TECHNICAL FIELD AND BACKGROUND
  • The present disclosure relates to cashless payment transactions. In particular, it provides methods and systems to allow cashless payments to a merchant by a consumer.
  • In emerging economies such as India many merchants do not have sophisticated point of sale (POS) devices. This is one of the reasons why in such economies approximately 85% of transactions are made using cash. Many of these transactions are for relatively small amounts and therefore the provision of POS devices to merchants handling such transactions is low.
  • In order to increase the use of cashless payments in such circumstances there is a need to provide cashless payment methods and systems which do not require the use of sophisticated POS devices.
    • SUMMARY
  • In general terms, the present disclosure proposes methods and systems for processing cashless transactions without the requirement for a sophisticated POS device. When a customer wishes to make a payment to a merchant, the customer requests a token from an issuing organization. In response to the request a token is provided to the customer. The customer then provides the token to the merchant. The merchant then provides the token to an acquirer bank which authenticates the token with the issuer. If the authentication is successful, the issuer transfers funds corresponding to the payment amount from a payment card account associated with the customer. Thus the transaction can be processed without the customer's payment card details being known by the merchant. Further, it is envisaged that the method may be implemented smart phone devices owned by the customer and merchant so there is no requirement for POS devices or near field communication (NFC) devices.
  • According to a first aspect of the present invention, there is provided a cashless transaction processing method. The method comprises: receiving, in an issuer server, a transaction token request from a customer device, the transaction token request comprising an indication of a payment card account associated with a customer; providing a token to the customer device in response to the transaction token request; storing an indication of the token on the issuer server; receiving, from an acquirer server, a transaction authorization request, the transaction authorization request comprising a token; authenticating the token received in the transaction authorization request against the stored token; and initiating a transaction for the transaction amount from the payment card account associated with the customer.
  • In an embodiment, the transaction token request further comprises an indication of a transaction amount.
  • In an embodiment, the token has an expiry time and the authenticating the token received in the transaction authorization request further comprises determining whether the transaction authorization request was received within the expiry time.
  • In an embodiment the method further comprises generating a passcode; and providing the passcode to the customer device, wherein the transaction authorization request further comprises an indication of a passcode; and wherein authenticating the token received in the transaction authorization request further comprises comparing the received passcode with the passcode provided to the customer device.
  • In an embodiment, the token comprises an issuer identifier portion which uniquely identifies an issuer organization associated with the issuer server. In an embodiment, the token comprises a random number portion.
  • According to a second aspect of the present invention, there is provided a data processing apparatus for processing cashless transactions. The data processing apparatus comprises: a computer processor; and a data storage device, the data storage device having a token authentication component and a transaction initiation component comprising non-transitory instructions operative by the processor to: receive a transaction token request from a customer device, the transaction token request comprising an indication of a payment card account associated with a customer; provide a token to the customer device in response to the transaction token request; store an indication of the token on the issuer server; receive, from an acquirer server, a transaction authorization request, the transaction authorization request comprising a token; authenticate the token received in the transaction authorization request against the stored token; and initiate a transaction for the transaction amount from the payment card account associated with the customer.
  • According to a yet further aspect, there is provided a non-transitory computer-readable medium. The computer-readable medium has stored thereon program instructions for causing at least one processor to perform operations of a method disclosed above.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • Embodiments of the invention will now be described for the sake of non-limiting example only, with reference to the following drawings in which:
  • FIG. 1 is a block diagram of a data processing system according to an embodiment of the present invention;
  • FIG. 2 is a block diagram illustrating a technical architecture of an issuer server according to an embodiment of the present invention; and
  • FIG. 3 is a flowchart showing a method of processing a cashless transaction according to an embodiment of the present invention.
    •  DETAILED DESCRIPTION
  • As used herein, the term “payment card” refers to any suitable cashless payment device, such as a credit card, a debit card, a prepaid card, a charge card, a membership card, a promotional card, a frequent flyer card, an identification card, a prepaid card, a gift card, and/or any other device that may hold payment account information, such as mobile phones, Smartphones, personal digital assistants (PDAs), key fobs, transponder devices, NFC-enabled devices, and/or computers. Each type of payment card can be used as a method of payment for performing a transaction.
  • FIG. 1 is a block diagram showing a data processing system according to an embodiment of the present invention. The data processing system processes cashless transactions between a customer and a merchant. The data processing system comprises a user device 110 associated with the customer; an issuer server 120; a merchant device 130 associated with the merchant; and an acquirer server 140.
  • The user device 110 is a mobile computing device such as a smart phone, tablet device or laptop computer. The user device 110 is coupled to the issuer server 120 via a network such as a mobile telephone network or the internet. In some embodiments a communication channel between the user device 110 and the merchant device 130 is used to transmit a token between the user device 110 and the merchant device 130. This communication channel may be a mobile telecommunications network and the communication may take place through short message service (SMS) or unstructured supplementary service data (USSD), or other electronic communication method. In other embodiments the customer and merchant may exchange information such as the token in person.
  • The issuer server 120 is a server associated with a financial institution is authorised by a payment network to issue payment card on behalf of customers to perform transactions over the payment network. The financial institution also provides funding of the transaction to the payment network for transactions that are approved.
  • As described in more detail below, the issuer server 120 operates to generate a token in response to a request from the user device 110. This token may be used by the customer to carry out a transaction with the merchant without the need to provide the merchant with the details of their payment card. In some embodiments, the token may be generated by a separate party from the issuer server 120, for example a token service provider.
  • The acquirer server 140 is a server associated with a financial institution with which the merchant has an account. The acquirer server 140 is communicatively coupled with merchant device 130 via a communication network. The acquirer server 140 may communicate with the merchant device via an application programming interface (API) or SMS or USSD.
  • The acquirer server 140 and the issuer server 120 are both connected via a payment network which routes transaction authorization requests. An example of a payment network is the payment network provided by MasterCard.
  • FIG. 2 is a block diagram showing a technical architecture 200 of the issuer server 120 for performing an exemplary method 300 as described below with reference to FIG. 3. Typically, the method 300 is implemented by a computer having a data-processing unit. The block diagram as shown FIG. 2 illustrates a technical architecture 200 of a computer which is suitable for implementing one or more embodiments herein.
  • The technical architecture 200 includes a processor 222 (which may be referred to as a central processor unit or CPU) that is in communication with memory devices including secondary storage 224 (such as disk drives), read only memory (ROM) 226, and random access memory (RAM) 228. The processor 222 may be implemented as one or more CPU chips. The technical architecture 200 may further comprise input/output (I/O) devices 230, and network connectivity devices 232.
  • The secondary storage 224 is typically comprised of one or more disk drives or tape drives and is used for non-volatile storage of data and as an over-flow data storage device if RAM 228 is not large enough to hold all working data. Secondary storage 224 may be used to store programs which are loaded into RAM 228 when such programs are selected for execution. In this embodiment, the secondary storage 224 has a token generation component 224 a, a token authentication component 224 b, and a transaction initiation component 224 c comprising non-transitory instructions operative by the processor 222 to perform various operations of the method of the present disclosure. As depicted in FIG. 2, the components 224 a-224 c are distinct modules which perform respective functions implemented by the issuer server 200. It will be appreciated that the boundaries between these components are exemplary only, and that alternative embodiments may merge components or impose an alternative decomposition of functionality of components. For example, the components discussed herein may be decomposed into sub-components to be executed as multiple computer processes, and, optionally, on multiple computers. Moreover, alternative embodiments may combine multiple instances of a particular component or sub-components. It will also be appreciated that, while a software implementation of the components 224 a-224 c is described herein, these may alternatively be implemented as one or more hardware components (such as field-programmable gate array(s) or application-specific integrated circuit(s)) comprising circuitry which implements equivalent functionality to that implemented in software. The ROM 226 is used to store instructions and perhaps data which are read during program execution. The secondary storage 224, the RAM 228, and/or the ROM 226 may be referred to in some contexts as computer readable storage media and/or non-transitory computer readable media.
  • I/O devices 230 may include printers, video monitors, liquid crystal displays (LCDs), plasma displays, touch screen displays, keyboards, keypads, switches, dials, mice, track balls, voice recognizers, card readers, paper tape readers, or other well-known input devices.
  • The network connectivity devices 232 may take the form of modems, modem banks, Ethernet cards, universal serial bus (USB) interface cards, serial interfaces, token ring cards, fiber distributed data interface (FDDI) cards, wireless local area network (WLAN) cards, radio transceiver cards that promote radio communications using protocols such as code division multiple access (CDMA), global system for mobile communications (GSM), long-term evolution (LTE), worldwide interoperability for microwave access (WiMAX), near field communications (NFC), radio frequency identity (RFID), and/or other air interface protocol radio transceiver cards, and other known network devices. These network connectivity devices 232 may enable the processor 222 to communicate with the Internet or one or more intranets. With such a network connection, it is contemplated that the processor 222 might receive information from the network, or might output information to the network in the course of performing the above-described method operations. Such information, which is often represented as a sequence of instructions to be executed using processor 222, may be received from and outputted to the network, for example, in the form of a computer data signal embodied in a carrier wave.
  • The processor 222 executes instructions, codes, computer programs, scripts which it accesses from hard disk, floppy disk, optical disk (these various disk based systems may all be considered secondary storage 224), flash drive, ROM 226, RAM 228, or the network connectivity devices 232. While only one processor 222 is shown, multiple processors may be present. Thus, while instructions may be discussed as executed by a processor, the instructions may be executed simultaneously, serially, or otherwise executed by one or multiple processors.
  • Although the technical architecture 200 is described with reference to a computer, it should be appreciated that the technical architecture may be formed by two or more computers in communication with each other that collaborate to perform a task. For example, but not by way of limitation, an application may be partitioned in such a way as to permit concurrent and/or parallel processing of the instructions of the application. Alternatively, the data processed by the application may be partitioned in such a way as to permit concurrent and/or parallel processing of different portions of a data set by the two or more computers. In an embodiment, virtualization software may be employed by the technical architecture 200 to provide the functionality of a number of servers that is not directly bound to the number of computers in the technical architecture 200. In an embodiment, the functionality disclosed above may be provided by executing the application and/or applications in a cloud computing environment. Cloud computing may comprise providing computing services via a network connection using dynamically scalable computing resources. A cloud computing environment may be established by an enterprise and/or may be hired on an as-needed basis from a third party provider.
  • It is understood that by programming and/or loading executable instructions onto the technical architecture 200, at least one of the CPU 222, the RAM 228, and the ROM 226 are changed, transforming the technical architecture 200 in part into a specific purpose machine or apparatus having the novel functionality taught by the present disclosure. It is fundamental to the electrical engineering and software engineering arts that functionality that can be implemented by loading executable software into a computer can be converted to a hardware implementation by well-known design rules.
  • Various operations of an exemplary method 300 will now be described with reference to FIG. 3 in respect of processing a cashless transaction. It should be noted that enumeration of operations is for purposes of clarity and that the operations need not be performed in the order implied by the enumeration.
  • The method 300 begins when the customer wishes to make a transaction with the merchant. In order to facilitate the transaction, the customer, using the user device 110 submits a transaction token request to the issuer server 120. The communication between the user device 110 and the issuer may be facilitated by a wallet application running on the user device 110. The wallet application stores an indication of a payment card account associated with the user. To initiate the method, the user may open the wallet application on the user device 110. This may include the user entering a password, passcode or biometric data to authenticate themselves. The user may then enter an indication of the desired transaction amount and may select or confirm a payment card account to be used for the transaction.
  • In step 302, the issuer server 120 receives the transaction token request from the user device. The transaction token request comprises an indication of the payment card account of the customer. The transaction token request may also comprise an indication of a transaction amount for the transaction between the customer and the merchant.
  • In step 304, the token generation component 224 a of the issuer server 120 generates a token. The token may comprise a tenant identifier portion that identifies the issuer and a random number portion that uniquely identifies the token. For example, the token may comprise a 3 digit tenant identifier portion and a 6 digit random number. The tenant identifier portion allows the token to be routed to the issuer server 120 by the payment network.
  • The issuer server 120 may store an indication of the token linked to details of the transaction such as the transaction amount and details of the payment card account associated with the customer. The token may be generated with a limited lifetime, for example the token may have to be used within 180 seconds of its creation. In an embodiment the expiry of the token is in the range 120 to 360 seconds.
  • In some embodiments, in addition to generating the token, the issuer server also generates a passcode, for example, a 4 or 6 digit number.
  • In step 306, the issuer server 120 provides the token to the user device 110. Step 306 may involve the issuer server 120 sending the token to the wallet application running on the user device. If a passcode was also generated, the passcode is also provided to the user device 120.
  • Once the user device 110 receives the token, and the passcode, the customer provides these to the merchant. In some embodiments, the user provides the token to the merchant in person. The token is a soft token, for example a string of characters. In some embodiments, the customer may provide the token to the merchant electronically, for example by sending a text message or SMS message including the token from the user device 110 to the merchant device 130. In some embodiments, the customer may provide the token to the merchant electronically and may provide the passcode to the merchant verbally.
  • Once the merchant has received the token and, if applicable, the passcode, the merchant device 130 sends the token to the acquirer server 140. The token, and if applicable the passcode, may be send to the acquirer server 140 via an API, SMS message, USSD or other data transfer protocol. The merchant device 130 may also send details of the transaction amount to the acquirer server 140.
  • Once the acquirer server 140 has received the token and the passcode, the acquirer server 140 generates a token authentication request. The token authentication request comprises the token and if applicable, the passcode. The token authentication request is sent by the acquirer server 140 to the issuer server 120 via a payment network. The payment network may use the token included in the token authentication request to route the token authentication request to the issuer server 120. The token may comprise a string to characters which the payment network uses to identify the issuer server 120 to route the token authentication request. In one embodiment, the token may include a dummy payment card number which is used by the payment network identify how to route the token authentication request. In step 308, the issuer server 120 receives the token authentication request from the acquirer server 140 via the payment network.
  • In step 310, the token authentication component 224 b of the issuer server 120 authenticates the token received in the token authentication request. The authentication may comprise validating the received token against the stored token to check if the two tokens match. This check may include checking that each character in the string of characters making up the token matches the string of characters in the stored token. If a passcode was also provided to the user device 110, a passcode received as part of the token authentication request may also be compared with the passcode provided to the user device 110. As discussed above, in some embodiments, the token has a limited lifetime, in such embodiments, the authentication of the token may comprise determining whether the lifetime has expired.
  • In step 312, if the authentication in step 310 was successful, the transaction initiation component 224 c of the issuer server 120 initiates a transaction from the payment card associated with the customer to an account associated with the merchant. In step 312, the acquirer may be provided with the payment card details in order to carry out the transaction.
  • The merchant 130 may have an account registered with the acquirer server 140. In some embodiments, the acquirer server 140 may use the payment card details received in step 312 to initiate a transaction for the transaction amount from the account associated with the customer which is identifiable using the payment card details and the account associated with the merchant.
  • In some embodiments, the token authentication request sent by the acquirer server 140 to the issuer server 120 comprises an indication of an account associated with the merchant, thus, the transaction from the account associated with the customer to the account associated with the merchant can be initiated by the issuer server 120.
  • Whilst the foregoing description has described exemplary embodiments, it will be understood by those skilled in the art that many variations of the embodiment can be made within the scope and spirit of the present invention.

Claims (13)

1. A cashless transaction processing method comprising:
receiving, in an issuer server, a transaction token request from a customer device, the transaction token request comprising an indication of a payment card account associated with a customer;
providing a token to the customer device in response to the transaction token request;
storing an indication of the token on the issuer server;
receiving, from an acquirer server, a transaction authorization request, the transaction authorization request comprising a token;
authenticating the token received in the transaction authorization request against the stored token; and
initiating a transaction for the transaction amount from the payment card account associated with the customer.
2. A cashless transaction processing method according to claim 1, wherein the transaction token request further comprises an indication of a transaction amount.
3. A cashless transaction processing method according to claim 1, wherein the token has an expiry time and the authenticating the token received in the transaction authorization request further comprises determining whether the transaction authorization request was received within the expiry time.
4. A cashless transaction processing method according to claim 1, further comprising generating a passcode; and providing the passcode to the customer device, wherein the transaction authorization request further comprises an indication of a passcode; and wherein authenticating the token received in the transaction authorization request further comprises comparing the received passcode with the passcode provided to the customer device.
5. A cashless transaction processing method according to claim 1 wherein the token comprises an issuer identifier portion which uniquely identifies an issuer organization associated with the issuer server.
6. A cashless transaction processing method according to claim 1 wherein the token comprises a random number portion.
7. A data processing apparatus for processing cashless transactions, the data processing apparatus comprising:
a computer processor; and
a data storage device, the data storage device having a token authentication component and a transaction initiation component comprising non-transitory instructions operative by the processor to:
receive a transaction token request from a customer device, the transaction token request comprising an indication of a payment card account associated with a customer;
provide a token to the customer device in response to the transaction token request;
store an indication of the token on the issuer server;
receive, from an acquirer server, a transaction authorization request, the transaction authorization request comprising a token;
authenticate the token received in the transaction authorization request against the stored token; and
initiate a transaction for the transaction amount from the payment card account associated with the customer.
8. A data processing apparatus according to claim 7, wherein the transaction token request further comprises an indication of a transaction amount.
9. A data processing apparatus according to claim 7, wherein the token has an expiry time and the token authentication component comprises comprising non-transitory instructions operative by the processor to: authenticate the token received in the transaction authorization request by determining whether the transaction authorization request was received within the expiry time.
10. A data processing apparatus according to claim 7, the data storage device further comprising a token generation component comprising non-transitory instructions operative by the processor to generate the token.
11. A data processing apparatus according to claim 10, wherein the token generation component further comprises non-transitory instructions operative by the processor to: generate a passcode and, wherein the transaction authorization request further comprises an indication of a passcode; and wherein the token authentication component further comprises non-transitory instructions operative by the processor to: authenticate the token received in the transaction authorization request by comparing the received passcode with the passcode provided to the customer device.
12. A data processing apparatus according to claim 7, wherein the token comprises an issuer identifier portion which uniquely identifies an issuer organization associated with the issuer server.
13. A data processing apparatus according to claim 7, wherein the token comprises a random number portion.
US16/048,670 2017-09-20 2018-07-30 Cashless transaction processing methods and apparatus Abandoned US20190087823A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN201741033395 2017-09-20
IN201741033395 2017-09-20

Publications (1)

Publication Number Publication Date
US20190087823A1 true US20190087823A1 (en) 2019-03-21

Family

ID=65720466

Family Applications (1)

Application Number Title Priority Date Filing Date
US16/048,670 Abandoned US20190087823A1 (en) 2017-09-20 2018-07-30 Cashless transaction processing methods and apparatus

Country Status (1)

Country Link
US (1) US20190087823A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11037139B1 (en) 2015-03-19 2021-06-15 Wells Fargo Bank, N.A. Systems and methods for smart card mobile device authentication
US11062302B1 (en) 2016-04-22 2021-07-13 Wells Fargo Bank, N.A. Systems and methods for mobile wallet provisioning
US11138593B1 (en) 2015-03-27 2021-10-05 Wells Fargo Bank, N.A. Systems and methods for contactless smart card authentication
US20220156719A1 (en) * 2019-11-25 2022-05-19 Capital One Services, Llc Programmable card for token payment and systems and methods for using programmable card
WO2022101340A1 (en) * 2020-11-11 2022-05-19 Barclays Execution Services Limited Secure processing of payment transactions
US11423392B1 (en) 2020-12-01 2022-08-23 Wells Fargo Bank, N.A. Systems and methods for information verification using a contactless card
US11551200B1 (en) 2019-09-18 2023-01-10 Wells Fargo Bank, N.A. Systems and methods for activating a transaction card

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030200184A1 (en) * 2002-04-17 2003-10-23 Visa International Service Association Mobile account authentication service
US20050256802A1 (en) * 2001-11-14 2005-11-17 Dirk Ammermann Payment protocol and data transmission method and data transmission device for conducting payment transactions
US20090070272A1 (en) * 2007-09-12 2009-03-12 Devicefidelity, Inc. Wirelessly executing financial transactions
US20110307710A1 (en) * 2009-04-07 2011-12-15 Princeton Payment Solutions Tokenized Payment Processing Schemes
US20120150673A1 (en) * 2010-12-13 2012-06-14 Hart Annmarie D Systems and methods for conducting financial transactions using non-standard magstripe payment cards
US20150006305A1 (en) * 2005-10-11 2015-01-01 Joseph R. Randazza Payment System and Methods
US20150312038A1 (en) * 2014-04-23 2015-10-29 Karthikeyan Palanisamy Token security on a communication device
US20190057385A1 (en) * 2017-08-16 2019-02-21 Visa International Service Association System, Method, and Computer Program Product for Authorizing a Transaction

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050256802A1 (en) * 2001-11-14 2005-11-17 Dirk Ammermann Payment protocol and data transmission method and data transmission device for conducting payment transactions
US20030200184A1 (en) * 2002-04-17 2003-10-23 Visa International Service Association Mobile account authentication service
US20150006305A1 (en) * 2005-10-11 2015-01-01 Joseph R. Randazza Payment System and Methods
US20090070272A1 (en) * 2007-09-12 2009-03-12 Devicefidelity, Inc. Wirelessly executing financial transactions
US20110307710A1 (en) * 2009-04-07 2011-12-15 Princeton Payment Solutions Tokenized Payment Processing Schemes
US20120150673A1 (en) * 2010-12-13 2012-06-14 Hart Annmarie D Systems and methods for conducting financial transactions using non-standard magstripe payment cards
US20150312038A1 (en) * 2014-04-23 2015-10-29 Karthikeyan Palanisamy Token security on a communication device
US20190057385A1 (en) * 2017-08-16 2019-02-21 Visa International Service Association System, Method, and Computer Program Product for Authorizing a Transaction

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12288206B1 (en) 2015-03-19 2025-04-29 Wells Fargo Bank, N.A. Systems and methods for smart card mobile device authentication
US12159275B1 (en) 2015-03-19 2024-12-03 Wells Fargo Bank, N.A. Systems and methods for smart card mobile device authentication
US11037139B1 (en) 2015-03-19 2021-06-15 Wells Fargo Bank, N.A. Systems and methods for smart card mobile device authentication
US11138593B1 (en) 2015-03-27 2021-10-05 Wells Fargo Bank, N.A. Systems and methods for contactless smart card authentication
US11188919B1 (en) 2015-03-27 2021-11-30 Wells Fargo Bank, N.A. Systems and methods for contactless smart card authentication
US11631076B1 (en) 2016-04-22 2023-04-18 Wells Fargo Bank, N.A. Systems and methods for mobile wallet provisioning
US11062302B1 (en) 2016-04-22 2021-07-13 Wells Fargo Bank, N.A. Systems and methods for mobile wallet provisioning
US11113688B1 (en) 2016-04-22 2021-09-07 Wells Fargo Bank, N.A. Systems and methods for mobile wallet provisioning
US12099995B2 (en) 2016-04-22 2024-09-24 Wells Fargo Bank, N.A. Systems and methods for providing a code to a user device
US11941608B1 (en) 2019-09-18 2024-03-26 Wells Fargo Bank, N.A. Systems and methods for a transaction card having a customer-specific URL
US11551200B1 (en) 2019-09-18 2023-01-10 Wells Fargo Bank, N.A. Systems and methods for activating a transaction card
US11599871B1 (en) 2019-09-18 2023-03-07 Wells Fargo Bank, N.A. Systems and methods for a transaction card having a cryptographic key
US11694188B1 (en) 2019-09-18 2023-07-04 Wells Fargo Bank, N.A. Systems and methods for contactless card activation
US11928666B1 (en) 2019-09-18 2024-03-12 Wells Fargo Bank, N.A. Systems and methods for passwordless login via a contactless card
US12014354B1 (en) 2019-09-18 2024-06-18 Wells Fargo Bank, N.A. Systems and methods for a transaction card having a cryptographic key
US12182798B1 (en) 2019-09-18 2024-12-31 Wells Fargo Bank, N.A. Systems and methods for activating a transaction card
US11410157B2 (en) * 2019-11-25 2022-08-09 Capital One Services, Llc Programmable card for token payment and systems and methods for using programmable card
US20220156719A1 (en) * 2019-11-25 2022-05-19 Capital One Services, Llc Programmable card for token payment and systems and methods for using programmable card
EP4002256A1 (en) * 2020-11-11 2022-05-25 Barclays Execution Services Limited Secure processing of payment transactions
WO2022101340A1 (en) * 2020-11-11 2022-05-19 Barclays Execution Services Limited Secure processing of payment transactions
US11423392B1 (en) 2020-12-01 2022-08-23 Wells Fargo Bank, N.A. Systems and methods for information verification using a contactless card

Similar Documents

Publication Publication Date Title
US11853984B2 (en) Methods and systems for making a payment
US20190087823A1 (en) Cashless transaction processing methods and apparatus
US11443325B2 (en) Computer system and computer-implemented method for processing an electronic commerce transaction using a network
US20190236592A1 (en) Computer system and computer-implemented method for secure e-commerce
US20180121925A1 (en) Method and device for making a payment transaction
US20170091730A1 (en) Method and system for dynamic pin authorisation for atm or pos transactions
US20190114633A1 (en) Computer system and computer-implemented method for processing payment card transactions
US20180018666A1 (en) Methods and systems for securing a payment
US10789584B2 (en) Methods and apparatus for processing a payment-on-delivery (POD) transaction
US20170357956A1 (en) Methods and systems for processing a fund transfer
US11093938B2 (en) Computer systems and computer-implemented methods for card-not-present transactions
US20190034927A1 (en) Payment transaction processing systems and methods
US11501289B2 (en) Computer system and computer-implemented method for secure payment transaction
US20190392446A1 (en) Computer system and computer-implemented method for authenticating a card-not-present transaction
EP3561752A1 (en) Electronic system and method for funding a prepaid account
US20190026736A1 (en) Electronic signature processing apparatus and methods
US11227274B2 (en) Computer system and computer-implemented method for processing a cashless payment transaction via a point-of-sale terminal
US20180165678A1 (en) Methods and systems for processing a payment transaction
US11074564B2 (en) Computer system and computer-implemented method for processing a payment transaction at a point-of-sale terminal
US20190362350A1 (en) Computer system and computer-implemented method for processing an electronic commerce payment transaction
US11663576B2 (en) Methods and apparatus for initiating a payment transaction by a missed call
US11722900B2 (en) Mobile device data security using shared security values
US20230316291A1 (en) Physical medium for restricted account access to contributed resources
US20190259027A1 (en) Computer system and computer-implemented method for importing payee details
US11080663B2 (en) Electronic payment processing apparatus and method

Legal Events

Date Code Title Description
AS Assignment

Owner name: MASTERCARD INTERNATIONAL INCORPORATED, NEW YORK

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:PATEL, HIREN;OJHA, RAHUL;MISTRY, PIYUSHKUMAR;AND OTHERS;REEL/FRAME:046499/0320

Effective date: 20170613

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: FINAL REJECTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: ADVISORY ACTION MAILED

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION

OSZAR »