WO2005072382A2 - System and method for secure telephone and computer transactions - Google Patents

System and method for secure telephone and computer transactions Download PDF

Info

Publication number
WO2005072382A2
WO2005072382A2 PCT/US2005/002591 US2005002591W WO2005072382A2 WO 2005072382 A2 WO2005072382 A2 WO 2005072382A2 US 2005002591 W US2005002591 W US 2005002591W WO 2005072382 A2 WO2005072382 A2 WO 2005072382A2
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
payment account
information
transaction
payment
Prior art date
Application number
PCT/US2005/002591
Other languages
French (fr)
Other versions
WO2005072382A3 (en
Inventor
John Wankmueller
Original Assignee
Mastercard International Incorporated
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US10/764,099 external-priority patent/US7360694B2/en
Application filed by Mastercard International Incorporated filed Critical Mastercard International Incorporated
Priority to AU2005208908A priority Critical patent/AU2005208908B2/en
Priority to JP2006551471A priority patent/JP2007523405A/en
Priority to EP05706112A priority patent/EP1709566A4/en
Priority to CA002554173A priority patent/CA2554173A1/en
Priority to BRPI0507070-8A priority patent/BRPI0507070A/en
Publication of WO2005072382A2 publication Critical patent/WO2005072382A2/en
Publication of WO2005072382A3 publication Critical patent/WO2005072382A3/en
Priority to IL176961A priority patent/IL176961A0/en
Priority to ZA2006/06715A priority patent/ZA200606715B/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • G06Q20/023Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP] the neutral party being a clearing house
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/22Payment schemes or models
    • G06Q20/24Credit schemes, i.e. "pay after"
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/403Solvency checks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/403Solvency checks
    • G06Q20/4037Remote solvency checks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • GPHYSICS
    • G10MUSICAL INSTRUMENTS; ACOUSTICS
    • G10LSPEECH ANALYSIS OR SYNTHESIS; SPEECH RECOGNITION; SPEECH OR VOICE PROCESSING; SPEECH OR AUDIO CODING OR DECODING
    • G10L15/00Speech recognition
    • G10L15/22Procedures used during a speech recognition process, e.g. man-machine dialogue

Definitions

  • SSL secure socket layer
  • SETTM While SETTM is currently the most secure way to handle payments over the Internet, it requires digital certificates and cryptographic software to be installed and operated on the account holder's computer. In fact, most prior art secure electronic commerce systems require consumers to install special software on their computers. Yet, many consumers are reluctant to install such software and, in any case, a specialized account holder application may not be compatible with a wide variety of account holder access devices — e.g., personal computers, personal digital assistants, and mobile communication devices such as mobile telephones. As a result, it has been difficult for some secure electronic commerce systems to gain widespread acceptance among consumers.
  • a system and method for conducting a secure transaction which preferably includes the steps of providing a database including first authentication information associated with a holder of the payment account, providing payment account information associated with the payment account, the payment account information to be used for conducting the transaction, transmitting an authentication request including the payment account information to an access control server, receiving by a merchant information including authentication instructions, receiving second authentication information from the customer, and comparing the first and the second authentication information to determine whether the transaction is authorized by the holder of the payment account.
  • a system and method for conducting a secure transaction which preferably includes the steps of receiving payment account information associated with the payment account, the payment account information to be used for conducting the transaction, transmitting an authentication request including the payment account information to an access control server, the authentication request triggering automatically by the server the transmission of data used to display an electronic form, receiving via the electronic form authentication information from the holder, authenticating the holder for purposes of authorizing the transaction, and authorizing said transaction.
  • a method for conducting a secure transaction which preferably includes the steps of providing a database including at least a first set of authentication information associated with a holder of said payment account, receiving payment account information associated with the payment account, the payment account information to be used for conducting the transaction, receiving an authentication request including at least the payment account information in connection with conducting the transaction, triggering automatically the display of an electronic form, receiving a second set of authentication information from the holder of the payment account, inputting the second set of authentication information into the electronic form, and comparing the first set of authentication information to the second set of authentication information to determine whether the transaction is authorized by the holder of the payment account.
  • a system for conducting a secure transaction which preferably includes a server computer subsystem, the server computer subsystem including information relating to at least one payment account including at least a first set of authentication information relating to an account holder of the payment account, an automated voice response subsystem, and an authentication subsystem, wherein the automated voice response subsystem connects a call to the account holder to obtain a second set of authentication information, and further wherein the authentication subsystem compares the first set of authentication information to the second set of authentication information to determine whether the transaction is authorized by the account holder.
  • a system for conducting a secure transaction which preferably includes a server computer subsystem, the server computer subsystem including information relating to at least one payment account including at least a first set of authentication information relating to an account holder of the payment account, and a virtual electronic form subsystem, wherein the virtual electronic form subsystem provides an electronic form to the merchant, the electronic form receiving a second set of authentication information from the merchant, and further wherein the server computer subsystem compares the first set of authentication information to the second set of authentication information to determine whether the transaction is authorized by the account holder.
  • Fig. 1 is a block diagram illustrating an additional exemplary system for conducting a payment transaction in accordance with the present invention
  • Fig. 2A is a flow diagram illustrating an exemplary procedure for conducting a payment transaction in accordance with the present invention
  • Fig. 2B is a flow diagram illustrating an exemplary procedure for conducting a payment transaction in accordance with the present invention
  • Fig. 3 A is a flow diagram illustrating an exemplary procedure for conducting a payment transaction in accordance with the present invention
  • Fig. 1 is a block diagram illustrating an additional exemplary system for conducting a payment transaction in accordance with the present invention
  • Fig. 2A is a flow diagram illustrating an exemplary procedure for conducting a payment transaction in accordance with the present invention
  • Fig. 2B is a flow diagram illustrating an exemplary procedure for conducting a payment transaction in accordance with the present invention
  • Fig. 3 A is a flow diagram illustrating an exemplary procedure for conducting a payment transaction in accordance with the present invention
  • Fig. 1 is
  • FIG. 3B is a flow diagram illustrating an exemplary procedure for conducting a payment transaction in accordance with the present invention
  • Fig. 4 is a block diagram illustrating an exemplary system for conducting a payment transaction in accordance with the present invention
  • Fig. 5 is a block diagram illustrating an exemplary system for conducting a payment transaction in accordance with the present invention.
  • DETAILED DESCRIPTION OF THE INVENTION Fig. 1 illustrates an exemplary method for performing secure payment transactions in accordance with the present invention.
  • the system includes a consumer 102, a merchant 104 selling goods and/or services, an acquirer 106 — typically the merchant's acquiring bank — and an issuer 108 — typically a financial institution such as a bank — that has issued a payment account being used to conduct a transaction with the merchant.
  • the system may also include a cardholder directory/database 110 which stores information regarding the cardholder's account.
  • the database 110 is operated by a payment organization such as the MasterCard® payment organization and is preferably a server computer connected to a network such as the Internet.
  • the system preferably further includes, as part of the issuer system 108, an issuer access control server 112 which is mated to an issuer virtual authentication service 114, in accordance with an exemplary embodiment of the present invention.
  • the consumer 102 may be conducting the transaction 120 with the merchant 104 via telephone.
  • the system and method of the present invention may be implemented regardless of the means by which the transaction between the user and merchant is conducted, and the present invention accordingly shall not be limited to telephone transactions.
  • the payment account used to pay for the goods or services rendered by merchant 104 is typically a credit card account, a debit card account, and/or any other type of payment card account.
  • the account can, but need not be, associated with a physical card.
  • the payment account can be associated with a virtual card which can be stored electronically on a computing device used by consumer 102.
  • the consumer can, but need not be, the account holder, and as used herein the term "holder" includes one or more individuals associated with and authorized to use a payment account or payment card.
  • transaction 120 is conducted between a consumer 102 and a merchant 104, using a payment card such as a MasterCard ' credit card.
  • Consumer 102 selects the goods/services to purchase, and places an order with merchant 104, thereby providing merchant 104 with payment account information, including MasterCard ® credit card information such as account number, expiration date, and name of the cardholder.
  • Merchant 104 using a computer system connected to a network, may transmit a query 122 to a directory 110 such as a MasterCard ® directory to determine the cardholder's participation in authentication services.
  • the directory 110 then preferably communicates 124 with the issuer 108 to verify cardholder participation.
  • This verification 124 may be conducted with an issuer access control server 112, which preferably is part of an issuer system 108. Assuming the cardholder is verified as utilizing authentication services such as those described in accordance with the present invention, directory 110 may transmit to the merchant 104 an enrollment verification message 126 verifying the cardholder's enrollment for authentication services. After the merchant 104 receives the enrollment verification message from the directory 110, the merchant 104 may inform the consumer 102 that authentication will be performed, and that the transaction will be completed upon receipt of authorization. The merchant 104 preferably then transmits to issuer access control server 112 via issuer authentication service 114 a request for authentication 130. Authentication may now be performed by one of several methods depending upon the specific implementation of the present invention.
  • the merchant 104 may prompt the cardholder for data over the telephone line (or via internet, in the case of an online transaction), which data may be used to perform authentication.
  • data may be used to perform authentication.
  • extensions to the transaction's core protocol e.g., the 3-D Secure protocol, described in greater detail hereinafter and in related applications referenced hereinafter
  • the data necessary for authentication may be carried within extension "tags" of the messages exchanged (such as the VEReq, VERes and PAReq messages) during the course of an otherwise-standard 3-D Secure transaction.
  • the core protocol may be implemented without modification.
  • all data and tags according to the 3-D Secure protocol may remain unchanged.
  • a merchant may query a second directory to determine independently whether an issuer participates in authentication. If the issuer does participate in authentication, the merchant may direct the cardholder to call an Interactive Voice Response ("IVR") System in order to complete authentication.
  • IVR Interactive Voice Response
  • the core protocol may remain largely unchanged, with minor modification which would allow the merchant, on behalf of the cardholder, to enter data into the authentication system.
  • Such a system may be beneficial particularly for telephone transactions wherein the cardholder may not have access to a computer and may not wish to terminate the telephone call with the merchant (to provide the necessary authentication data to the issuer) until the transaction has been completed, h one such embodiment, modification may be made to the 3-D Secure protocol such that the Access Control Server URL field in the NERes message may be modified to prompt a merchant to enter authentication data on behalf of the cardholder.
  • the cardholder may preferably be the consumer 102 or, alternatively, the consumer may be a purchaser who is authorized by the cardholder to pay for the transaction with the merchant. The latter case may apply where, for example, an agent of the cardholder is directed to purchase goods or services on behalf of the cardholder.
  • the term "holder" includes any of these individuals. Regardless of the procedure used to obtain the required information from the cardholder, the information requested from the cardholder for authentication purposes may include any information on file with the issuer 108 and which may be used to verify the identity of the caller/purchaser, i.e., that the caller/purchaser is the cardholder.
  • the issuer access control server 112 determines that the transaction has been properly authenticated, the access control server 112 preferably transmits an authentication response message 132 through the issuer authentication service 114 to the merchant 104, indicating that the transaction has been authenticated.
  • An exemplary embodiment of the present invention may be implemented in conjunction with security protocols such as the 3-D (or three domain) Secure authentication protocol.
  • the 3-D Secure authentication protocol is known in the art and has generally been adopted and implemented across the payment industry.
  • the present invention may be implemented in conjunction with MasterCard ' 's implementation of 3-D Secure as described in U.S. Provisional Patent Application No. 60/477,187, entitled "Algorithm for use in a Secure Payment Application,” filed on June 10, 2003, which is incorporated herein by reference in its entirety, and related applications.
  • FIGS. 2A and 2B illustrate an exemplary method for operating the payment transaction system illustrated in Fig.
  • Step 202 a consumer selects goods and/or services which are the subject of the transaction.
  • the merchant computer system queries a MasterCard ® directory to verify cardholder participation in the voice authentication system (Step 204).
  • This query may preferably be in the form of a 3-D Secure Verify Enrollment Request (VEReq) message, as described in detail in the references incorporated hereinabove.
  • the merchant system may be configured with a software plug-in to facilitate compatibility and efficient interoperability with, e.g., the issuer (e.g., via a plug-in on the issuer side such as an issuer virtual pop-up service) and directory systems.
  • This plug-in may be used to translate data from the merchant system into a format suitable for use by the issuer system, and vice- versa. Such a plug-in would be useful to facilitate upgrading a merchant's current system for use with a system and method in accordance with the present invention, though such an upgrade is not necessary within the scope of the present invention. Additionally, the plug-in may be composed of software, hardware, or some combination thereof.
  • the MasterCard ® directory communicates with an Issuer Access
  • Step 206 the MasterCard ® directory then transmits an enrollment verification message to the merchant computer system (Step 208), indicating that authentication will be performed (Step 214).
  • the enrollment verification message may preferably be in the form of a Verify Enrollment Response (VERes) message in accordance with MasterCard ' 's implementation of 3-D Secure as referenced above. Also as described above, this message may be received by a software plug-in in the merchant system, which plug-in provides interoperability with the merchant's current system.
  • the merchant may transmit an authentication request message (Step 210) to the issuer system.
  • the request message may preferably be a 3-D Secure Payer Authorization Request (PAReq) message, and may be received by the Issuer's Access Control Server.
  • the PAReq message preferably includes a plurality of data fields, e.g., including information which will enable the issuer to perform authentication, and may also contain a "Request Expiration" field, which may be used to indicate the date and time when the merchant plug-in will allow the transaction to time out if no Payer Authentication Response (PARes) is received from the Issuer Access Control Server by the merchant plug-in. After the Issuer Access Control Server receives the PAReq message, authentication may be commenced.
  • PAReq 3-D Secure Payer Authorization Request
  • the issuer authentication service may be a "Virtual Pop-Up" Service which prepares an electronic form for the Cardholder (Step 212) and transmits the form to the Merchant for entry of the Cardholder' s data.
  • the Merchant may then request the caller/purchaser's pertinent data over the telephone and enter the information into the form and transmit the data to the issuer for authentication of the Cardholder (Step ' 214) (this exemplary embodiment may be termed a Merchant-On-Behalf-Of, or "MOBO" approach, described more fully hereinafter in connection with Fig. 3A).
  • MOBO Merchant-On-Behalf-Of
  • an authentication response is generated by the Issuer Access Control Server and transmitted to the merchant (Step 222), indicating the result of the authentication procedure.
  • the authentication response may be in the form of, e.g., a Payer Authentication Response (PARes) in accordance with the 3-D Secure protocol.
  • PARes Payer Authentication Response
  • the transaction may still be commenced depending on the reason for failure and configuration of the particular embodiment of the system according to the present invention. However, if authentication fails due to an apparent authorization problem, signaling a potential fraudulent transaction, authentication may be declined (Step 218) and the transaction cancelled.
  • Step 220 the Access Control Server may transmit an authentication response to the Merchant (Step 222) and the transaction may be completed in the conventional manner in accordance with the 3-D Secure protocol (Step 224).
  • An exemplary procedure for performing authentication (Step 214 of
  • Fig. 2A is illustrated in Fig. 3 A.
  • a Merchant-On- Behalf-Of (“MOBO") approach is implemented, i.e., the Merchant requests the authentication information from a Cardholder (e.g., over the telephone during a telephone transaction) and enters the authentication information into the system via an electronic form or other means.
  • the Merchant may communicate via a Merchant Plug-In with the Issuer Access Control Server to determine whether the Cardholder is enrolled in authentication services (Step 302).
  • the Issuer may transmit a VERes message which includes a query string parameter "IVRNO" within the ACS (Access Control Server) URL element (Step 304).
  • This additional query string parameter appended to the ACS URL is detected by the Merchant Plug-In and indicates to a Merchant that the Cardholder is enrolled for telephone authentication and that the Merchant must perform a MOBO authentication using the prescribed means for authentication (e.g., SecureCodeTM).
  • the Merchant may then transmit the merchant data to the Issuer Access Control Server (Step 306).
  • This name/value pair indicates to the Access Control Server that the PAReq transmitted by the Merchant is for telephone authentication as opposed to e-commerce/on-line transaction authentication.
  • the Merchant may then follow the instructions provided on an authentication web page provided by the Issuer Access Control Server (Step 308) and collect the necessary authentication information from the Cardholder.
  • the Merchant may then input the received authentication information into the Access Control Server electronic form (Step 310).
  • the electronic form (or "Virtual Pop-Up") is preferably provided by the Issuer Authentication Service.
  • the electronic form may be provided via the internet using a web interface, or may be provided using any software application which would facilitate the secure transfer of data between the Merchant and Issuer.
  • the Issuer Access Control Server preferably generates a PARes (Step 312) and transmits the PARes to the URL defined in the TermURL element of the PAReq.
  • the Merchant Plug-In may receive the encoded PARes and extract and validate the digital signature (Step 314).
  • the Merchant may then retrieve the Application Authentication Value (AAV) from the PARes and pass the AAV in the authorization message (Step 316).
  • the Merchant may complete the transaction in accordance with the 3-D Secure protocol or other known transaction protocol (Step 319).
  • Another exemplary procedure for performing authentication (Step 214 of Fig. 2 A) is illustrated in Fig. 3B.
  • an Interactive Voice Response (“IVR”) approach is implemented, i.e., wherein the Merchant conducts a transaction over the telephone with a caller/purchaser and transfers the caller/purchaser for authentication purposes to an INR system which prompts the purchaser for authentication information and performs the necessary authentication steps.
  • the Merchant may communicate via a Merchant Plug-In with the Access Control Server to determine whether the Cardholder is enrolled in authentication services (Step 320).
  • the Issuer may transmit a VERes message which includes a query string parameter "IVRNO" within the ACS (Access Control Server) URL element (Step 322).
  • This additional query string parameter appended to the ACS URL is detected by the Merchant Plug-In and indicates to the Merchant that the Cardholder is enrolled for telephone authentication and that the Merchant must perform INR authentication.
  • the merchant may then transmit the PAReq to the Issuer Access Control Server (Step
  • the value above may indicate to the Access Control Server that the PAReq transmitted by the Merchant is for telephone authentication as opposed to e-commerce/on-line authentication, that the authentication procedure is INR, and preferably also provides information such as caller identification information, instructions regarding the telephone number to which the customer should be transferred for INR authentication, and a TransferBack flag which indicates to the IVR system whether or not the caller should be transferred back to the Merchant upon completion of INR authentication.
  • the Merchant may then transfer the caller to the phone number provided within the query string to initiate INR authentication (Step
  • the caller/purchaser may then be transferred to the issuer INR for authentication (Step 328).
  • Authentication may be performed using numerous different procedures within the scope of the present invention, and may include, e.g., prompting the caller/purchaser to confirm the purchase information and prompting the caller/purchaser to enter/speak authentication information such as the Cardholder's SecureCode.
  • the Issuer Access Control Server may authenticate the caller/purchaser, generate a PARes and transmit the PARes to the URL defined in the TermURL element (Step 330).
  • the Cardholder may be transferred back to the merchant if the TransferBack parameter in the merchant data so dictates.
  • the Merchant Plug-In may then receive the encoded PARes and extract/validate the digital signature (Step 332).
  • the Merchant may then retrieve the AAV from the PARes and pass the AAV in the authorization message (Step 334). Finally, the Merchant may complete the transaction as normal in accordance with a 3-D Secure protocol or other known protocol (Step 336).
  • a 3-D Secure protocol or other known protocol
  • the computer system includes a processing section 410, a display 420, a keyboard 430, and a communications peripheral device 440 such as a modem.
  • the system can also include a printer 460.
  • the computer system typically includes one or more disk drives 470 which can read and write to computer-readable media such as magnetic media (i.e., diskettes) and/or optical media (e.g., CD-ROMS or DVDs), for storing data and application software.
  • the system also typically includes an internal computer-readable medium 480 such as a hard disk drive.
  • Other input devices, such as a digital pointer 490 (e.g., a mouse) and a card reader 450 for reading a payment card 400 can also be included.
  • Computer hardware such as is illustrated in Figs.
  • FIG. 4 and 5 can be used to execute the software illustrated in Figs. 1-3, and/or can be used to perform functions of a computer processors utilized by consumer 102, merchant 104 (and the related merchant plug-in discussed hereinabove), acquirer 106, issuer system 108, and directory system 110.
  • Figure 5 is a functional block diagram which further illustrates the processing section 410.
  • the processing section 410 generally includes a processing unit 510, control logic 520 and a memory unit 550.
  • the processing section 410 can also include a timer 530 and input/output ports 540.
  • the processing section 410 can also include a co-processor 560, depending on the microprocessor used in the processing unit.
  • Control logic 520 provides, in conjunction with processing unit 510, the control necessary to handle communications between memory unit 550 and input/output ports 540.
  • Timer 530 provides a timing reference signal for processing unit 510 and control logic 520.
  • Co-processor 560 provides an enhanced ability to perform complex computations in real time, such as those required by cryptographic algorithms.
  • Memory unit 550 can include different types of memory, such as volatile and non- volatile memory and read-only and programmable memory. For example, as shown in Fig. 5, memory unit 550 can include read-only memory (ROM) 552, electrically erasable programmable read-only memory (EEPROM) 554, and random- access memory (RAM) 556.
  • ROM read-only memory
  • EEPROM electrically erasable programmable read-only memory
  • RAM random- access memory
  • processing section 410 is illustrated in Figs. 4 and 5 as part of a computer system, the processing section 410 and/or its components can be incorporated into a PDA or a mobile telephone.
  • the present invention has been described in connection with specific exemplary embodiments, it should be understood that various changes, substitutions, and alterations apparent to those skilled in the art may be made to the disclosed embodiments without departing from the spirit and scope of the invention as set forth in the appended claims.

Abstract

A secure electronic payment system and method for conducting a secure transaction (120) using authentication is provided. A merchant's computer (104) transmits an authorization request to an access control server (112). The access control (112) obtains authentication (130) to confirm the identity of the purchaser (102), via e.g., an electronic form or interactive voice response system. The access control server (112) then transmits a response to the merchant's computer. If the purchaser (102) is authorized to access the account, payment is processed by the merchant (104) and the transaction (102) is completed.

Description

SYSTEM AND METHOD FOR SECURE TELEPHONE AND COMPUTER TRANSACTIONS
SPECIFICATION
CROSS-REFERENCE TO RELATED APPLICATIONS This application is a continuation-in-part of U.S. Patent Application No. 10/764,099, entitled "System and Method for Secure Telephone And Computer Transactions Using Voice Authentication," filed on January 23, 2004 (claiming priority to U.S. Provisional Patent Application No. 60/442,143, filed January 23, 2003), which is fully incorporated herein by reference. This application also claims priority to U.S. Provisional Patent Application No. 60/538,761, filed January 23, 2004, which is fully incorporated herein by reference. BACKGROUND OF THE INVENTION Credit cards and other forms of payment cards were originally designed for use during in-person transactions, during which the card may provide both a means for payment and a means for authentication of the cardholder. In addition to having actual possession of the card, the purchaser must also provide a signature which may be compared with the signature on the back of the card. The major drawback in telephone order transactions is that the vast majority are not authenticated in the manner described above. Accordingly, the number of fraudulent transactions and chargebacks associated with credit/payment cards are increased as a result. Additionally, consumers may be concerned about the potential hazards of providing personal payment information over a telephone to a possibly unknown and unidentifiable individual. On-line shopping, or e-commerce, suffers many of the same problems. On-line shopping offers unprecedented ease and convenience for consumers, while enabling merchants to reduce costs and obtain new customers. However, many consumers have been reluctant to take advantage of these benefits due to fear of theft of sensitive information such as credit card numbers. Efforts have been made to increase the security of such information transmitted across the internet. For example, in the secure socket layer (SSL) technique, messages sent between the consumer and the merchant are encrypted, thereby making it more difficult for a third party to intercept and use the information.- However, this method does not provide the merchant with any verification of the identity of the consumer. Accordingly, if a third party were to obtain a credit card number by other fraudulent means such as theft of physical credit card,, the SSL method would not prevent the third party from fraudulently using the stolen information. Secure Electronic Transaction (SET™) techniques attempt to solve the foregoing problems by using digital certificates to authenticate the consumer/account holder, the merchant, and the credit card issuer. Each certificate is issued by a trusted certificate authority. While SET™ is currently the most secure way to handle payments over the Internet, it requires digital certificates and cryptographic software to be installed and operated on the account holder's computer. In fact, most prior art secure electronic commerce systems require consumers to install special software on their computers. Yet, many consumers are reluctant to install such software and, in any case, a specialized account holder application may not be compatible with a wide variety of account holder access devices — e.g., personal computers, personal digital assistants, and mobile communication devices such as mobile telephones. As a result, it has been difficult for some secure electronic commerce systems to gain widespread acceptance among consumers. Accordingly, there exists a need in the art for a system and method for confirming the identity of a customer in conjunction with a telephone or on-line purchase in order to facilitate a more secure transaction. SUMMARY OF THE INVENTION It is therefore an object of the present invention to provide a method of conducting secure telephone and on-line transactions. This and other objects are accomplished by a system and method for conducting a secure transaction which preferably includes the steps of providing a database including first authentication information associated with a holder of the payment account, providing payment account information associated with the payment account, the payment account information to be used for conducting the transaction, transmitting an authentication request including the payment account information to an access control server, receiving by a merchant information including authentication instructions, receiving second authentication information from the customer, and comparing the first and the second authentication information to determine whether the transaction is authorized by the holder of the payment account. The objects of the invention are further accomplished by a system and method for conducting a secure transaction which preferably includes the steps of receiving payment account information associated with the payment account, the payment account information to be used for conducting the transaction, transmitting an authentication request including the payment account information to an access control server, the authentication request triggering automatically by the server the transmission of data used to display an electronic form, receiving via the electronic form authentication information from the holder, authenticating the holder for purposes of authorizing the transaction, and authorizing said transaction. The objects of the invention are further still accomplished by a method for conducting a secure transaction which preferably includes the steps of providing a database including at least a first set of authentication information associated with a holder of said payment account, receiving payment account information associated with the payment account, the payment account information to be used for conducting the transaction, receiving an authentication request including at least the payment account information in connection with conducting the transaction, triggering automatically the display of an electronic form, receiving a second set of authentication information from the holder of the payment account, inputting the second set of authentication information into the electronic form, and comparing the first set of authentication information to the second set of authentication information to determine whether the transaction is authorized by the holder of the payment account. The objects of the invention are further accomplished by a system for conducting a secure transaction which preferably includes a server computer subsystem, the server computer subsystem including information relating to at least one payment account including at least a first set of authentication information relating to an account holder of the payment account, an automated voice response subsystem, and an authentication subsystem, wherein the automated voice response subsystem connects a call to the account holder to obtain a second set of authentication information, and further wherein the authentication subsystem compares the first set of authentication information to the second set of authentication information to determine whether the transaction is authorized by the account holder. The objects of the invention are further accomplished by a system for conducting a secure transaction which preferably includes a server computer subsystem, the server computer subsystem including information relating to at least one payment account including at least a first set of authentication information relating to an account holder of the payment account, and a virtual electronic form subsystem, wherein the virtual electronic form subsystem provides an electronic form to the merchant, the electronic form receiving a second set of authentication information from the merchant, and further wherein the server computer subsystem compares the first set of authentication information to the second set of authentication information to determine whether the transaction is authorized by the account holder. BRIEF DESCRIPTION OF THE DRAWINGS Further objects, features, and advantages of the present invention will become apparent from the following detailed description taken in conjunction with the accompanying figures showing illustrative embodiments of the invention, in which: Fig. 1 is a block diagram illustrating an additional exemplary system for conducting a payment transaction in accordance with the present invention; Fig. 2A is a flow diagram illustrating an exemplary procedure for conducting a payment transaction in accordance with the present invention; Fig. 2B is a flow diagram illustrating an exemplary procedure for conducting a payment transaction in accordance with the present invention; Fig. 3 A is a flow diagram illustrating an exemplary procedure for conducting a payment transaction in accordance with the present invention; Fig. 3B is a flow diagram illustrating an exemplary procedure for conducting a payment transaction in accordance with the present invention; Fig. 4 is a block diagram illustrating an exemplary system for conducting a payment transaction in accordance with the present invention; and Fig. 5 is a block diagram illustrating an exemplary system for conducting a payment transaction in accordance with the present invention. Throughout the figures, unless otherwise stated, the same reference numerals and characters are used to denote like features, elements, components, or portions of the illustrated embodiments. DETAILED DESCRIPTION OF THE INVENTION Fig. 1 illustrates an exemplary method for performing secure payment transactions in accordance with the present invention. The system includes a consumer 102, a merchant 104 selling goods and/or services, an acquirer 106 — typically the merchant's acquiring bank — and an issuer 108 — typically a financial institution such as a bank — that has issued a payment account being used to conduct a transaction with the merchant. The system may also include a cardholder directory/database 110 which stores information regarding the cardholder's account. The database 110 is operated by a payment organization such as the MasterCard® payment organization and is preferably a server computer connected to a network such as the Internet. The system preferably further includes, as part of the issuer system 108, an issuer access control server 112 which is mated to an issuer virtual authentication service 114, in accordance with an exemplary embodiment of the present invention. The consumer 102 may be conducting the transaction 120 with the merchant 104 via telephone. The system and method of the present invention may be implemented regardless of the means by which the transaction between the user and merchant is conducted, and the present invention accordingly shall not be limited to telephone transactions. The payment account used to pay for the goods or services rendered by merchant 104 is typically a credit card account, a debit card account, and/or any other type of payment card account. The account can, but need not be, associated with a physical card. For example, the payment account can be associated with a virtual card which can be stored electronically on a computing device used by consumer 102. The consumer can, but need not be, the account holder, and as used herein the term "holder" includes one or more individuals associated with and authorized to use a payment account or payment card. In one exemplary embodiment of a method according to the present invention, transaction 120 is conducted between a consumer 102 and a merchant 104, using a payment card such as a MasterCard ' credit card. Consumer 102 selects the goods/services to purchase, and places an order with merchant 104, thereby providing merchant 104 with payment account information, including MasterCard® credit card information such as account number, expiration date, and name of the cardholder. Merchant 104, using a computer system connected to a network, may transmit a query 122 to a directory 110 such as a MasterCard® directory to determine the cardholder's participation in authentication services. The directory 110 then preferably communicates 124 with the issuer 108 to verify cardholder participation. This verification 124 may be conducted with an issuer access control server 112, which preferably is part of an issuer system 108. Assuming the cardholder is verified as utilizing authentication services such as those described in accordance with the present invention, directory 110 may transmit to the merchant 104 an enrollment verification message 126 verifying the cardholder's enrollment for authentication services. After the merchant 104 receives the enrollment verification message from the directory 110, the merchant 104 may inform the consumer 102 that authentication will be performed, and that the transaction will be completed upon receipt of authorization. The merchant 104 preferably then transmits to issuer access control server 112 via issuer authentication service 114 a request for authentication 130. Authentication may now be performed by one of several methods depending upon the specific implementation of the present invention. For example, in the context of a telephone order authentication system, the merchant 104 may prompt the cardholder for data over the telephone line (or via internet, in the case of an online transaction), which data may be used to perform authentication. However, several other procedures for authentication may also be implemented within the scope of the present invention. For example, in one exemplary embodiment, extensions to the transaction's core protocol (e.g., the 3-D Secure protocol, described in greater detail hereinafter and in related applications referenced hereinafter) may be implemented, and the data necessary for authentication may be carried within extension "tags" of the messages exchanged (such as the VEReq, VERes and PAReq messages) during the course of an otherwise-standard 3-D Secure transaction. In another exemplary embodiment in accordance with a system and method of the present invention, the core protocol may be implemented without modification. In one such embodiment, all data and tags according to the 3-D Secure protocol may remain unchanged. However, in order to perform the authentication steps, a merchant may query a second directory to determine independently whether an issuer participates in authentication. If the issuer does participate in authentication, the merchant may direct the cardholder to call an Interactive Voice Response ("IVR") System in order to complete authentication. In yet another exemplary embodiment in accordance with a system and method of the present invention, as discussed above, the core protocol may remain largely unchanged, with minor modification which would allow the merchant, on behalf of the cardholder, to enter data into the authentication system. Such a system may be beneficial particularly for telephone transactions wherein the cardholder may not have access to a computer and may not wish to terminate the telephone call with the merchant (to provide the necessary authentication data to the issuer) until the transaction has been completed, h one such embodiment, modification may be made to the 3-D Secure protocol such that the Access Control Server URL field in the NERes message may be modified to prompt a merchant to enter authentication data on behalf of the cardholder. Notably, the cardholder may preferably be the consumer 102 or, alternatively, the consumer may be a purchaser who is authorized by the cardholder to pay for the transaction with the merchant. The latter case may apply where, for example, an agent of the cardholder is directed to purchase goods or services on behalf of the cardholder. As used herein, the term "holder" includes any of these individuals. Regardless of the procedure used to obtain the required information from the cardholder, the information requested from the cardholder for authentication purposes may include any information on file with the issuer 108 and which may be used to verify the identity of the caller/purchaser, i.e., that the caller/purchaser is the cardholder. One such example would be to utilize an EMV Chip Card and card reader to provide the merchant, issuer, or an automated call center with the Cardholder's SecureCode.™ Other procedures for verification as would be known to those skilled in the art may include use of dynamic security questions, Dual Tone Multiple- Frequency ("DTMF") user input by the caller/purchaser, voice biometrics analysis, or any other method for confirming that the caller/purchaser is the cardholder. Continuing with the description of the exemplary embodiment of a system according to the present invention, if the issuer access control server 112 determines that the transaction has been properly authenticated, the access control server 112 preferably transmits an authentication response message 132 through the issuer authentication service 114 to the merchant 104, indicating that the transaction has been authenticated. Thereafter, the transaction may be completed as would otherwise be known in the art, e.g., through communications 134 between the merchant 104 and an acquirer 106 and communications 136 between acquirer 106 and issuer 108. An exemplary embodiment of the present invention may be implemented in conjunction with security protocols such as the 3-D (or three domain) Secure authentication protocol. The 3-D Secure authentication protocol is known in the art and has generally been adopted and implemented across the payment industry. The present invention may be implemented in conjunction with MasterCard ' 's implementation of 3-D Secure as described in U.S. Provisional Patent Application No. 60/477,187, entitled "Algorithm for use in a Secure Payment Application," filed on June 10, 2003, which is incorporated herein by reference in its entirety, and related applications. However, it is noted that the scope of the present invention shall not be limited to this implementation of a system and method for secure transactions using the 3-D Secure protocol; the concepts described herein may be broadly applied in numerous ways as would be apparent to one skilled in the related art. Additional detail regarding completion of the transaction using
MasterCard®'s implementation of the 3-D Secure protocol can be found in the following applications, all of which are also incorporated herein by reference in their entirety: U.S. Patent Application No. 09/963,274, entitled "A Universal and Interoperable System and Method Utilizing a Universal Cardholder Authentication Field (UCAF) For Authentication Data Collection and Validation," filed on
September 26, 2001; U.S. Provisional Patent Application No. 60/280,776, entitled "System and Method for Secure Payment Application (SPA) and Universal Cardholder Authentication," filed on April 2, 2001; U.S. Provisional Patent Application No. 60/295,630, entitled "Method and Process for a Secure Payment Application Using a Universal Cardholder Authentication Field," filed on June 4, 2001; U.S. Provisional Patent Application No. 60/307,575, entitled "Method and System for Conducting Transactions Over a Communication Network Using a Secure Payment Application," filed on July 24, 2001 ; U.S. Patent Application No. 09/886,486, entitled "Method and System for Conducting Secure Payments Over a Computer Network Without a Pseudo or Proxy Account Number," filed on June 22, 2001; U.S. Patent Application No. 09/886,485, entitled "Method and System for Conducting Secure Payments Over a Computer Network," filed on June 22, 2001; U.S. Patent Application No. 10/096,271, entitled "System and Method for Conducting Secure Payment Transactions," filed on March 11, 2002; and U.S. Provisional Patent Application No. 60/352,968, entitled "MasterCard UCAF TM and SPA TM Client- less Solution," filed on January 30, 2002. Figs. 2A and 2B illustrate an exemplary method for operating the payment transaction system illustrated in Fig. 1 using authentication, in conjunction with the 3-D Secure authentication protocol. First, a consumer selects goods and/or services which are the subject of the transaction (Step 202). Next, the merchant computer system queries a MasterCard® directory to verify cardholder participation in the voice authentication system (Step 204). This query may preferably be in the form of a 3-D Secure Verify Enrollment Request (VEReq) message, as described in detail in the references incorporated hereinabove. Notably, the merchant system may be configured with a software plug-in to facilitate compatibility and efficient interoperability with, e.g., the issuer (e.g., via a plug-in on the issuer side such as an issuer virtual pop-up service) and directory systems. This plug-in may be used to translate data from the merchant system into a format suitable for use by the issuer system, and vice- versa. Such a plug-in would be useful to facilitate upgrading a merchant's current system for use with a system and method in accordance with the present invention, though such an upgrade is not necessary within the scope of the present invention. Additionally, the plug-in may be composed of software, hardware, or some combination thereof. Next, the MasterCard® directory communicates with an Issuer Access
Control Server to verify cardholder participation (Step 206). Assuming cardholder participation is verified, the MasterCard® directory then transmits an enrollment verification message to the merchant computer system (Step 208), indicating that authentication will be performed (Step 214). The enrollment verification message may preferably be in the form of a Verify Enrollment Response (VERes) message in accordance with MasterCard ' 's implementation of 3-D Secure as referenced above. Also as described above, this message may be received by a software plug-in in the merchant system, which plug-in provides interoperability with the merchant's current system. After the merchant receives the VERes from the MasterCard® directory, which validated cardholder participation, the merchant may transmit an authentication request message (Step 210) to the issuer system. The request message may preferably be a 3-D Secure Payer Authorization Request (PAReq) message, and may be received by the Issuer's Access Control Server. The PAReq message preferably includes a plurality of data fields, e.g., including information which will enable the issuer to perform authentication, and may also contain a "Request Expiration" field, which may be used to indicate the date and time when the merchant plug-in will allow the transaction to time out if no Payer Authentication Response (PARes) is received from the Issuer Access Control Server by the merchant plug-in. After the Issuer Access Control Server receives the PAReq message, authentication may be commenced. In one exemplary embodiment of the present invention, the issuer authentication service may be a "Virtual Pop-Up" Service which prepares an electronic form for the Cardholder (Step 212) and transmits the form to the Merchant for entry of the Cardholder' s data. The Merchant may then request the caller/purchaser's pertinent data over the telephone and enter the information into the form and transmit the data to the issuer for authentication of the Cardholder (Step ' 214) (this exemplary embodiment may be termed a Merchant-On-Behalf-Of, or "MOBO" approach, described more fully hereinafter in connection with Fig. 3A). Upon completion of the authentication procedure, described more fully in conjunction with Figs. 3A and 3B below, an authentication response is generated by the Issuer Access Control Server and transmitted to the merchant (Step 222), indicating the result of the authentication procedure. The authentication response may be in the form of, e.g., a Payer Authentication Response (PARes) in accordance with the 3-D Secure protocol. If authentication fails or times out, the transaction may still be commenced depending on the reason for failure and configuration of the particular embodiment of the system according to the present invention. However, if authentication fails due to an apparent authorization problem, signaling a potential fraudulent transaction, authentication may be declined (Step 218) and the transaction cancelled. In contrast, if authentication completes successfully (Step 220), then the Access Control Server may transmit an authentication response to the Merchant (Step 222) and the transaction may be completed in the conventional manner in accordance with the 3-D Secure protocol (Step 224). An exemplary procedure for performing authentication (Step 214 of
Fig. 2A) is illustrated in Fig. 3 A. In this exemplary embodiment, a Merchant-On- Behalf-Of ("MOBO") approach is implemented, i.e., the Merchant requests the authentication information from a Cardholder (e.g., over the telephone during a telephone transaction) and enters the authentication information into the system via an electronic form or other means. Upon a Cardholder's purchase, the Merchant may communicate via a Merchant Plug-In with the Issuer Access Control Server to determine whether the Cardholder is enrolled in authentication services (Step 302). In response, the Issuer may transmit a VERes message which includes a query string parameter "IVRNO" within the ACS (Access Control Server) URL element (Step 304). For example, the following sample URL may be included in the VERes message: https://securecode.issuer.com/authenticate.asp?rVRNO=MOBO This additional query string parameter appended to the ACS URL is detected by the Merchant Plug-In and indicates to a Merchant that the Cardholder is enrolled for telephone authentication and that the Merchant must perform a MOBO authentication using the prescribed means for authentication (e.g., SecureCode™). Next, the Merchant Plug-In may generate a PAReq message and append a name/value pair within the merchant data (such as "##authentication- type=MOBO##") The Merchant may then transmit the merchant data to the Issuer Access Control Server (Step 306). This name/value pair indicates to the Access Control Server that the PAReq transmitted by the Merchant is for telephone authentication as opposed to e-commerce/on-line transaction authentication. The Merchant may then follow the instructions provided on an authentication web page provided by the Issuer Access Control Server (Step 308) and collect the necessary authentication information from the Cardholder. The Merchant may then input the received authentication information into the Access Control Server electronic form (Step 310). The electronic form (or "Virtual Pop-Up") is preferably provided by the Issuer Authentication Service. The electronic form may be provided via the internet using a web interface, or may be provided using any software application which would facilitate the secure transfer of data between the Merchant and Issuer. Next, The Issuer Access Control Server preferably generates a PARes (Step 312) and transmits the PARes to the URL defined in the TermURL element of the PAReq. The Merchant Plug-In may receive the encoded PARes and extract and validate the digital signature (Step 314). In accordance with the 3-D Secure Protocol, the Merchant may then retrieve the Application Authentication Value (AAV) from the PARes and pass the AAV in the authorization message (Step 316). Finally, the Merchant may complete the transaction in accordance with the 3-D Secure protocol or other known transaction protocol (Step 319). Another exemplary procedure for performing authentication (Step 214 of Fig. 2 A) is illustrated in Fig. 3B. In this exemplary embodiment, an Interactive Voice Response ("IVR") approach is implemented, i.e., wherein the Merchant conducts a transaction over the telephone with a caller/purchaser and transfers the caller/purchaser for authentication purposes to an INR system which prompts the purchaser for authentication information and performs the necessary authentication steps. Upon a Cardholder's purchase, the Merchant may communicate via a Merchant Plug-In with the Access Control Server to determine whether the Cardholder is enrolled in authentication services (Step 320). Next, the Issuer may transmit a VERes message which includes a query string parameter "IVRNO" within the ACS (Access Control Server) URL element (Step 322). For example, the following sample URL may be included in the VERes message: https://securecode.issuer.corn/authenticate.asp?INRNO=iNR This additional query string parameter appended to the ACS URL is detected by the Merchant Plug-In and indicates to the Merchant that the Cardholder is enrolled for telephone authentication and that the Merchant must perform INR authentication. Next, the Merchant Plug-In may generate a PAReq message and append name/value pairs within the merchant data element to indicate parameters for authentication, for example: "##authentication-type=IVR;caller-id=14403528444;transfer- back=Y;transfer-number=l 8004681512##"
The merchant may then transmit the PAReq to the Issuer Access Control Server (Step
324). For example, the value above may indicate to the Access Control Server that the PAReq transmitted by the Merchant is for telephone authentication as opposed to e-commerce/on-line authentication, that the authentication procedure is INR, and preferably also provides information such as caller identification information, instructions regarding the telephone number to which the customer should be transferred for INR authentication, and a TransferBack flag which indicates to the IVR system whether or not the caller should be transferred back to the Merchant upon completion of INR authentication. The Merchant may then transfer the caller to the phone number provided within the query string to initiate INR authentication (Step
326). The caller/purchaser may then be transferred to the issuer INR for authentication (Step 328). Authentication may be performed using numerous different procedures within the scope of the present invention, and may include, e.g., prompting the caller/purchaser to confirm the purchase information and prompting the caller/purchaser to enter/speak authentication information such as the Cardholder's SecureCode. Next, The Issuer Access Control Server may authenticate the caller/purchaser, generate a PARes and transmit the PARes to the URL defined in the TermURL element (Step 330). The Cardholder may be transferred back to the merchant if the TransferBack parameter in the merchant data so dictates. The Merchant Plug-In may then receive the encoded PARes and extract/validate the digital signature (Step 332). In accordance with the 3-D Secure Protocol, the Merchant may then retrieve the AAV from the PARes and pass the AAV in the authorization message (Step 334). Finally, the Merchant may complete the transaction as normal in accordance with a 3-D Secure protocol or other known protocol (Step 336). It will be appreciated by those skilled in the art that the methods and systems illustrated in Figs. 1-3 can be implemented using various standard computer platforms operating under the control of suitable software. In some cases, dedicated computer hardware, such as a peripheral card in a conventional personal computer, may be used to enhance the operational efficiency of the above methods. Figs. 4 and 5 illustrate typical computer hardware suitable for practicing the present invention. Referring to Figure 4, the computer system includes a processing section 410, a display 420, a keyboard 430, and a communications peripheral device 440 such as a modem. The system can also include a printer 460. The computer system typically includes one or more disk drives 470 which can read and write to computer-readable media such as magnetic media (i.e., diskettes) and/or optical media (e.g., CD-ROMS or DVDs), for storing data and application software. The system also typically includes an internal computer-readable medium 480 such as a hard disk drive. Other input devices, such as a digital pointer 490 (e.g., a mouse) and a card reader 450 for reading a payment card 400 can also be included. Computer hardware such as is illustrated in Figs. 4 and 5 can be used to execute the software illustrated in Figs. 1-3, and/or can be used to perform functions of a computer processors utilized by consumer 102, merchant 104 (and the related merchant plug-in discussed hereinabove), acquirer 106, issuer system 108, and directory system 110. Figure 5 is a functional block diagram which further illustrates the processing section 410. The processing section 410 generally includes a processing unit 510, control logic 520 and a memory unit 550. Preferably, the processing section 410 can also include a timer 530 and input/output ports 540. The processing section 410 can also include a co-processor 560, depending on the microprocessor used in the processing unit. Control logic 520 provides, in conjunction with processing unit 510, the control necessary to handle communications between memory unit 550 and input/output ports 540. Timer 530 provides a timing reference signal for processing unit 510 and control logic 520. Co-processor 560 provides an enhanced ability to perform complex computations in real time, such as those required by cryptographic algorithms. Memory unit 550 can include different types of memory, such as volatile and non- volatile memory and read-only and programmable memory. For example, as shown in Fig. 5, memory unit 550 can include read-only memory (ROM) 552, electrically erasable programmable read-only memory (EEPROM) 554, and random- access memory (RAM) 556. Different computer processors, memory configurations, data structures and the like can be used to practice the present invention, and the invention is not limited to a specific platform. For example, although the processing section 410 is illustrated in Figs. 4 and 5 as part of a computer system, the processing section 410 and/or its components can be incorporated into a PDA or a mobile telephone. Although the present invention has been described in connection with specific exemplary embodiments, it should be understood that various changes, substitutions, and alterations apparent to those skilled in the art may be made to the disclosed embodiments without departing from the spirit and scope of the invention as set forth in the appended claims.

Claims

I CLAIM: 1. A method for conducting a secure transaction between a merchant and a customer wherein payment is processed from a payment account comprising: providing a database comprising first authentication information associated with a holder of said payment account; providing payment account information associated with said payment account, said payment account information to be used for conducting said transaction; transmitting an authentication request including said payment account information to an access control server; receiving by a merchant information comprising authentication instructions; receiving second authentication information from the customer; comparing said first and said second authentication information to determine whether said transaction is authorized by said holder of said payment account. 2. The method of claim 1 further comprising the step of transmitting an authentication response responsive to said authentication request. 3. The method of claim 2 further comprising the steps of processing payment from said payment account to complete the transaction as a function of said authentication response. 4. The method of claim 1 wherein said payment account information is provided via telephone. 5. The method of claim 1 wherein said payment account information is provided via computer network. 6. The method of claim 2 wherein said authentication request and said authentication response are formatted according to the 3-D Secure authentication protocol. 7. The method of claim 1 wherein said authentication instructions comprise information relating to INR authentication. 8. The method of claim 1 wherein said authentication instructions comprise information relating to MOBO authentication. 9. A method for conducting a secure transaction using authentication wherein payment is processed from a holder's payment account comprising: receiving payment account information associated with said payment account, said payment account information to be used for conducting said transaction; transmitting an authentication request including said payment account information to an access control server, said authentication request triggering automatically by said server the transmission of data used to display an electronic form; receiving via said electronic form authentication information from said holder; authenticating said holder for purposes of authorizing said transaction; and authorizing said transaction. 10. The method of claim 9 further comprising the step of receiving an authentication response responsive to said authentication request. 11. The method of claim 10 further comprising the steps of processing payment from said payment account to complete the transaction as a function of said authentication response. 12. The method of claim 9 wherein said payment account information is provided via telephone. 13. The method of claim 9 wherein said payment account information is provided via computer network. 14. The method of claim 10 wherein said authentication request and said authentication response are formatted according to the 3-D Secure authentication protocol. 15. The method of claim 9 wherein said authentication instructions comprise information relating to INR authentication. 16. The method of claim 9 wherein said authentication instructions comprise information relating to MOBO authentication. 17. A method for conducting a secure transaction using authentication wherein payment is processed from a payment account comprising: providing a database comprising at least a first set of authentication information associated with a holder of said payment account; receiving payment account information associated with said payment account, said payment account information to be used for conducting said transaction; receiving an authentication request including at least said payment account information in connection with conducting said transaction; triggering automatically the display of an electronic form; receiving a second set of authentication information from said holder of said payment account; inputting said second set of authentication information into said electronic form; and comparing said first set of authentication information to said second set of authentication information to determine whether said transaction is authorized by said holder of said payment account. 18. The method of claim 17 further comprising the step of providing an authentication response responsive to said authentication request. 19. The method of claim 18 further comprising the steps of processing payment from said payment account to complete the transaction as a function of said authentication response. 20. The method of claim 17 wherein said payment account information is provided via telephone. 21. The method of claim 17 wherein said payment account information is provided via computer network. 22. The method of claim 18 wherein said authentication request and said authentication response are formatted according to the 3-D Secure authentication protocol. 23. A system for conducting a secure transaction comprising: a server computer subsystem, said server computer subsystem comprising information relating to at least one payment account including at least a first set of authentication information relating to an account holder of said payment account; an automated voice response subsystem; and an authentication subsystem, wherein said automated voice response subsystem connects a call to said account holder to obtain a second set of authentication information, and further wherein said authentication subsystem compares said first set of authentication information to said second set of authentication information to determine whether the transaction is authorized by said account holder. 24. The system of claim 23 wherein the transaction is conducted in accordance with the 3-D Secure protocol. 25. A system for conducting a secure transaction between a merchant and an account holder, comprising: a server computer subsystem, said server computer subsystem comprising information relating to at least one payment account including at least a first set of authentication information relating to an account holder of said payment account; and a virtual electronic form subsystem; wherein said virtual electronic form subsystem provides an electronic form to said merchant, said electronic form receiving a second set of authentication information from said merchant, and further wherein said server computer subsystem compares said first set of authentication information to said second set of authentication information to determine whether the transaction is authorized by said account holder. 26. The system of claim 25 wherein the transaction is conducted in accordance with the 3-D Secure protocol.
PCT/US2005/002591 2004-01-23 2005-01-24 System and method for secure telephone and computer transactions WO2005072382A2 (en)

Priority Applications (7)

Application Number Priority Date Filing Date Title
AU2005208908A AU2005208908B2 (en) 2004-01-23 2005-01-24 System and method for secure telephone and computer transactions
JP2006551471A JP2007523405A (en) 2004-01-23 2005-01-24 System and method for secure telephone and computer transactions
EP05706112A EP1709566A4 (en) 2004-01-23 2005-01-24 System and method for secure telephone and computer transactions
CA002554173A CA2554173A1 (en) 2004-01-23 2005-01-24 System and method for secure telephone and computer transactions
BRPI0507070-8A BRPI0507070A (en) 2004-01-23 2005-01-24 methods for conducting a secure financial transaction and systems for conducting a secure financial transaction between a merchant and an account owner
IL176961A IL176961A0 (en) 2004-01-23 2006-07-19 System and method for secure telephone and computer transactions
ZA2006/06715A ZA200606715B (en) 2004-01-23 2006-08-14 System and method for secure telephone and computer transactions

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US53876104P 2004-01-23 2004-01-23
US60/538,761 2004-01-23
US10/764,099 2004-01-23
US10/764,099 US7360694B2 (en) 2003-01-23 2004-01-23 System and method for secure telephone and computer transactions using voice authentication

Publications (2)

Publication Number Publication Date
WO2005072382A2 true WO2005072382A2 (en) 2005-08-11
WO2005072382A3 WO2005072382A3 (en) 2006-01-19

Family

ID=34830467

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2005/002591 WO2005072382A2 (en) 2004-01-23 2005-01-24 System and method for secure telephone and computer transactions

Country Status (8)

Country Link
EP (1) EP1709566A4 (en)
JP (1) JP2007523405A (en)
KR (1) KR20060135726A (en)
AU (1) AU2005208908B2 (en)
BR (1) BRPI0507070A (en)
CA (1) CA2554173A1 (en)
IL (1) IL176961A0 (en)
WO (1) WO2005072382A2 (en)

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102005061632A1 (en) * 2005-12-19 2007-06-21 T-Online International Ag Authorization enquiries responding method, involves communicating service system by mediator system, so that service system permits access to user system and communicates with user system, during positive authorization of data
JP2009528643A (en) * 2006-03-02 2009-08-06 ヴィザ インターナショナル サーヴィス アソシエイション Method and system for performing two-factor authentication in email and phone orders
WO2012040270A2 (en) * 2010-09-21 2012-03-29 Visa U.S.A. Inc. Systems and methods to program operations for interaction with users
US9154598B2 (en) 2007-03-16 2015-10-06 Thomson Licensing Call interception at a base station
WO2015168316A1 (en) * 2014-04-30 2015-11-05 Mastercard International Incorporated Method and system for authentication token generation
US9679299B2 (en) 2010-09-03 2017-06-13 Visa International Service Association Systems and methods to provide real-time offers via a cooperative database
US9697520B2 (en) 2010-03-22 2017-07-04 Visa U.S.A. Inc. Merchant configured advertised incentives funded through statement credits
CN106936587A (en) * 2006-06-19 2017-07-07 维萨美国股份有限公司 Consumer authentication system and method
US10055745B2 (en) 2010-09-21 2018-08-21 Visa International Service Association Systems and methods to modify interaction rules during run time
US10089624B2 (en) 2006-06-19 2018-10-02 Visa U.S.A. Inc. Consumer authentication system and method
US10223707B2 (en) 2011-08-19 2019-03-05 Visa International Service Association Systems and methods to communicate offer options via messaging in real time with processing of payment transaction
US10290018B2 (en) 2011-11-09 2019-05-14 Visa International Service Association Systems and methods to communicate with users via social networking sites
US10339554B2 (en) 2010-06-04 2019-07-02 Visa International Service Association Systems and methods to provide messages in real-time with transaction processing
US10354267B2 (en) 2009-07-27 2019-07-16 Visa International Service Association Systems and methods to provide and adjust offers
US10354268B2 (en) 2014-05-15 2019-07-16 Visa International Service Association Systems and methods to organize and consolidate data for improved data storage and processing
US10360591B2 (en) 2011-09-20 2019-07-23 Visa International Service Association Systems and methods to process referrals in offer campaigns
US10380617B2 (en) 2011-09-29 2019-08-13 Visa International Service Association Systems and methods to provide a user interface to control an offer campaign
US10419379B2 (en) 2014-04-07 2019-09-17 Visa International Service Association Systems and methods to program a computing system to process related events via workflows configured using a graphical user interface
US10438299B2 (en) 2011-03-15 2019-10-08 Visa International Service Association Systems and methods to combine transaction terminal location data and social networking check-in
US10475060B2 (en) 2010-11-04 2019-11-12 Visa International Service Association Systems and methods to reward user interactions
US10489754B2 (en) 2013-11-11 2019-11-26 Visa International Service Association Systems and methods to facilitate the redemption of offer benefits in a form of third party statement credits
US10497022B2 (en) 2012-01-20 2019-12-03 Visa International Service Association Systems and methods to present and process offers
US10672018B2 (en) 2012-03-07 2020-06-02 Visa International Service Association Systems and methods to process offers via mobile devices
US10977666B2 (en) 2010-08-06 2021-04-13 Visa International Service Association Systems and methods to rank and select triggers for real-time offers
US11210669B2 (en) 2014-10-24 2021-12-28 Visa International Service Association Systems and methods to set up an operation at a computer system connected with a plurality of computer systems via a computer network using a round trip communication of an identifier of the operation

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9477967B2 (en) 2010-09-21 2016-10-25 Visa International Service Association Systems and methods to process an offer campaign based on ineligibility

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
NL1001387C2 (en) * 1995-10-10 1997-04-11 Nederland Ptt Facilitating unit for aiding ordering and payment of services
US6266640B1 (en) * 1996-08-06 2001-07-24 Dialogic Corporation Data network with voice verification means
GB2366432A (en) * 2000-09-04 2002-03-06 Sonera Smarttrust Oy Secure electronic payment system
WO2002071176A2 (en) * 2001-03-08 2002-09-12 Cyota Inc. Transaction system
US20020116333A1 (en) * 2001-02-20 2002-08-22 Mcdonnell Joseph A. Method of authenticating a payment account user
JP2002366869A (en) * 2001-06-11 2002-12-20 Sony Corp Electronic commerce assisting method and electronic commerce method using the same
US7707120B2 (en) * 2002-04-17 2010-04-27 Visa International Service Association Mobile account authentication service

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of EP1709566A4 *

Cited By (44)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102005061632A1 (en) * 2005-12-19 2007-06-21 T-Online International Ag Authorization enquiries responding method, involves communicating service system by mediator system, so that service system permits access to user system and communicates with user system, during positive authorization of data
DE102005061632B4 (en) * 2005-12-19 2015-11-19 T-Online International Ag Method and apparatus for authorization
US9569775B2 (en) 2006-03-02 2017-02-14 Visa International Service Association Methods and systems for performing authentication in consumer transactions
US8453925B2 (en) 2006-03-02 2013-06-04 Visa International Service Association Method and system for performing two factor authentication in mail order and telephone order transactions
US9135621B2 (en) 2006-03-02 2015-09-15 Visa International Service Association Methods and systems for performing authentication in consumer transactions
JP2009528643A (en) * 2006-03-02 2009-08-06 ヴィザ インターナショナル サーヴィス アソシエイション Method and system for performing two-factor authentication in email and phone orders
CN106936587B (en) * 2006-06-19 2020-05-12 维萨美国股份有限公司 Consumer authentication system and method
US11488150B2 (en) 2006-06-19 2022-11-01 Visa U.S.A. Inc. Consumer authentication system and method
US10089624B2 (en) 2006-06-19 2018-10-02 Visa U.S.A. Inc. Consumer authentication system and method
US11107069B2 (en) 2006-06-19 2021-08-31 Visa U.S.A. Inc. Transaction authentication using network
CN106936587A (en) * 2006-06-19 2017-07-07 维萨美国股份有限公司 Consumer authentication system and method
US9154598B2 (en) 2007-03-16 2015-10-06 Thomson Licensing Call interception at a base station
US10354267B2 (en) 2009-07-27 2019-07-16 Visa International Service Association Systems and methods to provide and adjust offers
US10354250B2 (en) 2010-03-22 2019-07-16 Visa International Service Association Merchant configured advertised incentives funded through statement credits
US10902420B2 (en) 2010-03-22 2021-01-26 Visa International Service Association Merchant configured advertised incentives funded through statement credits
US9697520B2 (en) 2010-03-22 2017-07-04 Visa U.S.A. Inc. Merchant configured advertised incentives funded through statement credits
US10339554B2 (en) 2010-06-04 2019-07-02 Visa International Service Association Systems and methods to provide messages in real-time with transaction processing
US10977666B2 (en) 2010-08-06 2021-04-13 Visa International Service Association Systems and methods to rank and select triggers for real-time offers
US9679299B2 (en) 2010-09-03 2017-06-13 Visa International Service Association Systems and methods to provide real-time offers via a cooperative database
US9990643B2 (en) 2010-09-03 2018-06-05 Visa International Service Association Systems and methods to provide real-time offers via a cooperative database
US11151585B2 (en) 2010-09-21 2021-10-19 Visa International Service Association Systems and methods to modify interaction rules during run time
US10055745B2 (en) 2010-09-21 2018-08-21 Visa International Service Association Systems and methods to modify interaction rules during run time
US10546332B2 (en) 2010-09-21 2020-01-28 Visa International Service Association Systems and methods to program operations for interaction with users
WO2012040270A3 (en) * 2010-09-21 2012-05-18 Visa U.S.A. Inc. Systems and methods to program operations for interaction with users
WO2012040270A2 (en) * 2010-09-21 2012-03-29 Visa U.S.A. Inc. Systems and methods to program operations for interaction with users
US10475060B2 (en) 2010-11-04 2019-11-12 Visa International Service Association Systems and methods to reward user interactions
US10438299B2 (en) 2011-03-15 2019-10-08 Visa International Service Association Systems and methods to combine transaction terminal location data and social networking check-in
US10223707B2 (en) 2011-08-19 2019-03-05 Visa International Service Association Systems and methods to communicate offer options via messaging in real time with processing of payment transaction
US10628842B2 (en) 2011-08-19 2020-04-21 Visa International Service Association Systems and methods to communicate offer options via messaging in real time with processing of payment transaction
US10360591B2 (en) 2011-09-20 2019-07-23 Visa International Service Association Systems and methods to process referrals in offer campaigns
US10956924B2 (en) 2011-09-29 2021-03-23 Visa International Service Association Systems and methods to provide a user interface to control an offer campaign
US10380617B2 (en) 2011-09-29 2019-08-13 Visa International Service Association Systems and methods to provide a user interface to control an offer campaign
US10853842B2 (en) 2011-11-09 2020-12-01 Visa International Service Association Systems and methods to communicate with users via social networking sites
US10290018B2 (en) 2011-11-09 2019-05-14 Visa International Service Association Systems and methods to communicate with users via social networking sites
US10497022B2 (en) 2012-01-20 2019-12-03 Visa International Service Association Systems and methods to present and process offers
US11037197B2 (en) 2012-01-20 2021-06-15 Visa International Service Association Systems and methods to present and process offers
US10672018B2 (en) 2012-03-07 2020-06-02 Visa International Service Association Systems and methods to process offers via mobile devices
US10909508B2 (en) 2013-11-11 2021-02-02 Visa International Service Association Systems and methods to facilitate the redemption of offer benefits in a form of third party statement credits
US10489754B2 (en) 2013-11-11 2019-11-26 Visa International Service Association Systems and methods to facilitate the redemption of offer benefits in a form of third party statement credits
US10419379B2 (en) 2014-04-07 2019-09-17 Visa International Service Association Systems and methods to program a computing system to process related events via workflows configured using a graphical user interface
WO2015168316A1 (en) * 2014-04-30 2015-11-05 Mastercard International Incorporated Method and system for authentication token generation
US10354268B2 (en) 2014-05-15 2019-07-16 Visa International Service Association Systems and methods to organize and consolidate data for improved data storage and processing
US11640620B2 (en) 2014-05-15 2023-05-02 Visa International Service Association Systems and methods to organize and consolidate data for improved data storage and processing
US11210669B2 (en) 2014-10-24 2021-12-28 Visa International Service Association Systems and methods to set up an operation at a computer system connected with a plurality of computer systems via a computer network using a round trip communication of an identifier of the operation

Also Published As

Publication number Publication date
AU2005208908A1 (en) 2005-08-11
IL176961A0 (en) 2006-12-10
KR20060135726A (en) 2006-12-29
EP1709566A4 (en) 2007-07-18
BRPI0507070A (en) 2007-06-19
CA2554173A1 (en) 2005-08-11
AU2005208908B2 (en) 2011-08-11
EP1709566A2 (en) 2006-10-11
JP2007523405A (en) 2007-08-16
WO2005072382A3 (en) 2006-01-19

Similar Documents

Publication Publication Date Title
AU2005208908B2 (en) System and method for secure telephone and computer transactions
US8555358B2 (en) System and method for secure telephone and computer transactions using voice authentication
US20050289052A1 (en) System and method for secure telephone and computer transactions
US20180075452A1 (en) Online payer authentication service
AU2001257280B2 (en) Online payer authentication service
KR101137137B1 (en) Mobile account authentication service
US20080185429A1 (en) Authentication Of PIN-Less Transactions
US20020091646A1 (en) Method and system for verifying the identity of on-line credit card purchasers through a proxy transaction
US20170249639A9 (en) Method and System for Controlling Risk in a Payment Transaction
US20090076966A1 (en) Methods and apparatus for conducting electronic transactions
AU2001257280A1 (en) Online payer authentication service
WO2010056969A2 (en) Payment transaction processing using out of band authentication
JP2002245243A (en) Private and secure financial transaction system and method
US7431207B1 (en) System and method for two-step payment transaction authorizations
MXPA06008274A (en) System and method for secure telephone and computer transactions
ZA200606715B (en) System and method for secure telephone and computer transactions
CN1910592A (en) System and method for secure telephone and computer transactions

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

WWE Wipo information: entry into national phase

Ref document number: 2005208908

Country of ref document: AU

WWE Wipo information: entry into national phase

Ref document number: 176961

Country of ref document: IL

WWE Wipo information: entry into national phase

Ref document number: 2554173

Country of ref document: CA

Ref document number: 2006551471

Country of ref document: JP

WWE Wipo information: entry into national phase

Ref document number: PA/a/2006/008274

Country of ref document: MX

Ref document number: 2069/KOLNP/2006

Country of ref document: IN

WWE Wipo information: entry into national phase

Ref document number: 200580003101.3

Country of ref document: CN

NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Ref document number: DE

WWE Wipo information: entry into national phase

Ref document number: 1020067015137

Country of ref document: KR

Ref document number: 2005706112

Country of ref document: EP

ENP Entry into the national phase

Ref document number: 2005208908

Country of ref document: AU

Date of ref document: 20050124

Kind code of ref document: A

WWP Wipo information: published in national office

Ref document number: 2005208908

Country of ref document: AU

WWE Wipo information: entry into national phase

Ref document number: 2006/06715

Country of ref document: ZA

Ref document number: 200606715

Country of ref document: ZA

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWP Wipo information: published in national office

Ref document number: 2005706112

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 1020067015137

Country of ref document: KR

ENP Entry into the national phase

Ref document number: PI0507070

Country of ref document: BR