ABSTRACT :-
An online commerce system facilitates online commerce over a public network using an online commerce card. The "card" does not exist in physical form, but instead exists in digital form. The online commerce card is issued electronically to a customer by an issuing institution. The issued card is assigned a permanent customer account number that is maintained on behalf of the customer at the issuing institution to remove the risk of the number being lost or s stolen. When the customer desires to conduct an online transaction, the customer asks the issuing institution to issue a transaction number for a single transaction. The issuing institution generates a temporary transaction number and associates it with the permanent account number in a data record. The customer receives the transaction number and submits that number to the merchant as a proxy for the customer account number. The transaction number looks like a real card number and the merchant handles the transaction number in the same manner as any regular credit card number. When the merchant submits an request for authorization, the issuing institution recognizes the number as a transaction number for an online commerce card. The issuing institution references the customer account number, using the transaction number as an index, and processes the authorization request using the real customer account number in place of the proxy number. Once the authorization request is processed, the issuing institution once again exchanges the transaction number for the customer account number and sends an authorization reply back to the merchant under the transaction number.
DESCRIPTION :-
Online commerce is experiencing dramatic growth in recent years. More merchants are developing sites on the World Wide Web (or simply "WWW" or "Web") that consumers can access and order goods and/or services. It is fairly common for a consumer to browse a merchant's catalog, select a product, place an order for the product, and pay for the product all electronically over the Internet.
Typically, the consumer pays for the goods and/or services ordered over the Internet with a credit card. During the online transaction, the merchant sends an order form and requests the consumer to enter personal data (e.g., name, address, and telephone number) and credit card information (e.g., account number and expiration date). The consumer returns the completed order form containing the credit card information to the merchant over the Internet. The merchant verifies that the credit card number is valid and can be charged the payment amount. The card verification is usually conducted on a well-established card network, such as the VisaNet® network or the Veriphone® network.
One problem with this traditional online commerce model concerns the security of the credit card data as it travels over the Internet. The credit card information can be intercepted in route, copied into a database, and used to make unauthorized purchases. In an automated environment, an imposter can repeatedly use the stolen credit card data to conduct many online transactions before the consumer ever becomes aware that the credit card data has been stolen.
It would be desirable to develop a new online commerce model that reduces or eliminates the incentive for stealing credit card data. Ideally, a secure online commerce model would render the credit card data hard to steal, and if stolen, worthless to the thief.
Another concern is that any new online commerce model should integrate well with existing proprietary card network systems. There are well-established systems that verify credit card purchases and subsequently settle accounts. These systems and associated protocols are entrenched in the merchant and banking communities and experience a high level of acceptance and trust. A new online commerce model should not usurp these systems, nor require merchants to change their existing practices to implement completely different systems and protocols.
The inventor has developed a card-based online commerce system that improves security and integrates with existing card verification and settlement systems.
This invention concerns a system and method for facilitating online commerce over a public network (such as the Internet or Interactive TV/Cable Network) using an online commerce card. The "card" of this system does not exist in physical form, but instead exists in a digital form that can be electronically realized for online commerce.
The online commerce card is issued electronically to a customer by an issuing institution, such as a bank or third party certifying authority. The issued card is assigned a permanent customer account number that is maintained on behalf of the customer by the issuing institution. The customer account number is not given to the customer to remove the risk of that number being lost or stolen.
When the customer desires to conduct an online transaction, the customer sends a request to the issuing institution to issue a transaction number for a single transaction. The issuing institution generates a temporary transaction number and associates it with the permanent account number in a data record. The customer receives the transaction number and submits that number to the merchant as a proxy for the customer account number during the transaction.
The transaction number looks like a real card number (i.e., it has the same format and number of digits as a regular credit card). To the merchant, the transaction number is treated the same as any regular credit card number. The merchant handles the proxy transaction number according to traditional protocols, including seeking authorization from the issuing institution to honor the card number.
During the authorization phase, the issuing institution recognizes the number as a transaction number for an online commerce card. The issuing institution references the customer account number associated with the online commerce card, using the transaction number as an index to the appropriate data record, and processes the authorization request using the card's true customer account number. In this manner, the issuing institution can use its existing processing system to check account information, spending limits, and so forth. Once the authorization request is processed, the issuing institution once again exchanges the card's transaction number for the card's customer account number and sends an authorization reply back to the merchant under the transaction number.
As a result, the merchant never needs to know if the number is a legitimate account number, or a proxy number for an account number. The merchant does not need to implement any new devices, software, or protocols to participate in the new online commerce system.
For added security, the transaction number can be linked to extra transaction information to ensure that the number is only used for one specific transaction. For instance, the issuing institution might tie the transaction number to a specific purchase amount and a particular merchant ID. The issuing institution might further impose a short expiration term on the transaction number so that the number becomes invalid after the expiration term lapses.
The online commerce system substantially reduces the value of a stolen number since the transaction number that is transmitted over the Internet (or other network) is only a proxy number for a single purchase. Stealing the proxy number would not greatly benefit a thief because it cannot be repeatedly used for other purchases or transactions. In addition, the system seamlessly integrates with existing card verification and settlement protocols. Software modules are implemented at the customer and issuing institution, but no additional components are implemented at the merchant, settlement participants, or any other member in the online commerce transaction.
Nice material. I have also written the same thing on this topic take a look at it here
ReplyDelete