WO2001086539A1 - Electronic transaction system and methods thereof - Google Patents

Electronic transaction system and methods thereof Download PDF

Info

Publication number
WO2001086539A1
WO2001086539A1 PCT/SG2000/000180 SG0000180W WO0186539A1 WO 2001086539 A1 WO2001086539 A1 WO 2001086539A1 SG 0000180 W SG0000180 W SG 0000180W WO 0186539 A1 WO0186539 A1 WO 0186539A1
Authority
WO
WIPO (PCT)
Prior art keywords
transaction
user
fransaction
information
system controller
Prior art date
Application number
PCT/SG2000/000180
Other languages
French (fr)
Inventor
Kay Hian Danny Lim
Teck Cheong Ho
Original Assignee
Creditel (S) Pte Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Creditel (S) Pte Ltd filed Critical Creditel (S) Pte Ltd
Priority to AU2001214291A priority Critical patent/AU2001214291A1/en
Publication of WO2001086539A1 publication Critical patent/WO2001086539A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • G06Q20/425Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation

Definitions

  • This invention relates to non-cash electronic transactions such as credit card payments for goods and services.
  • this invention relates to an electronic transaction system to prevent or at least alleviate transaction fraud and methods thereof.
  • Payments for goods and services are made through various commercial instruments such as, for example, cash, checks, and credit cards.
  • Use of non-cash instruments has grown both in terms of volume as well as popularity. This use is expected to accelerate especially with the proliferation of electronic commerce (e- commerce) via the Internet.
  • a merchant has to examine the credit card to detect forgery as well as verify data stored in a magnetic data strip of the credit card.
  • data includes user information that is electronically extracted and processed to validate an electronic transaction. Processing generally involves electronically relaying the user information to a company that issued the credit card or agents of such a company.
  • an electronic transaction system has locations at which confidential information is stored.
  • the electronic transaction system typically enables user access via assigned user identification (ID) and passwords.
  • ID user identification
  • passwords passwords
  • user accounts are suspended after a predetermined number of attempts .
  • suspending user accounts is inconvenient to users as well as service providers because computer hackers can then cause widespread access denial.
  • Such widespread access denial requires considerable efforts to reinstate suspended user accounts. Reinstating suspended user accounts can be costly in terms of time, loss of use, administrative expenses and, most importantly, loss of confidence in an electronic transaction system.
  • an electronic transaction system for validating a transaction of a user of the electronic transaction system, the electronic transaction system having a system controller, includes: means for receiving, by the system controller of the electronic transaction system, transaction information and user information from a transaction device coupled to the system controller, the transaction information and the user information being respectively associated with the transaction and the user;
  • the electronic transaction system can further include means for invalidating the transaction when either the at least one identification code or the user information is not verified.
  • the determining means can include means for checking credit information of the user, the credit information being stored in association with the system controller.
  • the electronic transaction system can further include means for validating the transaction based upon the checking.
  • the electronic transaction system can further include means for transmitting at least one message to the wireless portable communication device upon validating the transaction.
  • the means for receiving the transaction information and the user information can include means for prompting the user to provide at least one input to obtain at least some of the user information.
  • an electronic transaction system for validating a transaction of a user of the electronic transaction system, the electronic transaction system having a system controller, includes: means for receiving, by the system controller of the electronic transaction system, transaction information and user information from a transaction device coupled to the system controller, the transaction information and the user information being respectively associated with the transaction and the user; means for transmitting, by the system controller to a wireless portable communication device associated with the user, at least one transaction code associated with the transaction;
  • the electronic transaction system can further include means for invalidating the transaction when the verification of the at least one transaction code fails.
  • the determining means can include means for checking credit information of the user, the credit information being stored in association with the system controller.
  • the electronic transaction system can further include means for validating the transaction based upon the checking.
  • the electronic transaction system can further include means for transmitting at least one message to the wireless portable communication device upon validating the transaction.
  • the means for receiving the transaction information and the user information can include means for prompting the user to provide at least one input to obtain at least some of the user information.
  • a method for validating a transaction of a user of an electronic transaction system including the steps of: receiving, by a system controller of the electronic transaction system, transaction information and user information from a transaction device coupled to the system controller, the transaction information and the user information being respectively associated with the transaction and the user;
  • the method can further include the step of invalidating the transaction when either the at least one identification code or the user information is not verified.
  • the determining step can include the step of checking credit information of the user, the credit information being stored in association with the system controller. More typically, the method can further include the step of validating the transaction based upon the checking step.
  • the method can further include the step of transmitting at least one message to the wireless portable commumcation device upon validating the transaction.
  • the step of receiving the transaction information and the user information can include the step of prompting the user to provide at least one input to obtain at least some of the user information.
  • a method for validating a transaction of a user of an electronic transaction system including the steps of: receiving, by a system controller of the electronic transaction system, transaction information and user information from a transaction device coupled to the system controller, the transaction information and the user information being respectively associated with the transaction and the user;
  • the method can further include the step of invalidating the transaction when the verification of the at least one transaction code fails.
  • the determining step can include the step of checking credit information of the user, the credit information being stored in association with the system controller.
  • the method can further include the step of validating the transaction based upon the checking step.
  • the method can further include the step of transmitting at least one message to the wireless portable communication device upon validating the transaction.
  • the step of receiving the transaction information and the user information can include the step of prompting the user to provide at least one input to obtain at least some of the user information.
  • a computer program product with a computer usable medium having a computer readable program code means embodied therein for validating a transaction of a user of an electronic transaction system having a system controller
  • the computer program product including: computer readable program code means for receiving, by the system controller of the electronic transaction system, transaction information and user information from a transaction device coupled to the system controller, the transaction information and the user information being respectively associated with the transaction and the user; computer readable program code means for receiving, by the system controller from a wireless portable communication device associated with the user, at least one identification code associated with the wireless portable communication device;
  • computer readable program code means for verifying, by the system controller, the at least one identification code and the user information based upon registered information of the user, the registered information being stored in association with the system controller;
  • computer readable program code means for determining, by the controller, whether to validate the transaction in response to the verifying.
  • the computer program product can further include computer readable program code means for invalidating the transaction when either the at least one identification code or the user information is not verified.
  • the computer readable program code means for determining can include computer readable program code means for checking credit information of the user, the credit information being stored in association with the system controller.
  • the computer program product can further include computer , readable program code means for validating the transaction based upon the checking.
  • the computer program product can further include computer readable program code means for transmitting at least one message to the wireless portable communication device upon validating the transaction.
  • the computer readable program code means for receiving the transaction information and the user information can include computer readable program code means for prompting the user to provide at least one input to obtain at least some of the user information.
  • a computer program product with a computer usable medium having a computer readable program code means embodied therein for validating a transaction of a user of an electronic transaction system having a system controller
  • the computer program product including: computer readable program code means for receiving, by the system controller of the elecfronic transaction system, transaction information and user information from a fransaction device coupled to the system controller, the transaction information and the user information being respectively associated with the transaction and the user;
  • computer readable program code means for transmitting, by the system controller to a wireless portable communication device associated with the user, at least one transaction code associated with the transaction;
  • computer readable program code means for receiving, by the system controller via the transaction device, the at least one transaction code for verification;
  • the computer program product can further include computer readable program code means for invalidating the transaction when the verification of the at least one fransaction code fails.
  • the computer readable program code means for dete ⁇ nining includes computer readable program code means for checking credit information of the user, the credit information being stored in association with the system controller.
  • the computer program product can further include computer readable program code means for validating the fransaction based upon the checking.
  • the computer program product can further include computer readable program code means for transmitting at least one message to the wireless portable communication device upon validating the fransaction.
  • the computer readable program code means for receiving the transaction information and the user information can include computer readable program code means for prompting the user to provide at least one input to obtain at least some of the user information.
  • FIG. 1 is a schematic block diagram illustrating an electronic transaction system in accordance with a preferred embodiment of the invention
  • FIG. 2 is a flowchart illustrating processing of an identification code of a wireless portable communication device in the elecfronic transaction system of FIG. 1;
  • FIG. 3 is a flowchart illustrating a user registration process to register users of for the electronic transaction system of FIG. 1;
  • FIG. 4 is a flowchart illustrating a process for a user of the elecfronic transaction system of FIG. 1 to change a user ID and/or password;
  • FIG. 5 is a schematic block diagram of a system controller of the electronic transaction system of FIG. 1;
  • FIGs. 6a to 6c are flowcharts illustrating a method for processing a typical
  • FIGs. 7a to 7c are flowcharts illustrating a method for processing a typical face-to-face fransaction of the electronic transaction system of FIG. 1;
  • FIG. 8 is a block diagram of an example of a computer system capable of processing electronic transactions in the electronic transaction system of FIG. 1.
  • the advantages of the preferred embodiment of the invention are manifold.
  • One advantage is that elecfronic transactions, such as, for example, payments or change of user information are effected using different communication media. This enhances security of the electronic transaction system.
  • opposite parties of, for example, a payment transaction can verify information relating to each other and to the payment fransaction with the different communication media before validating the payment transaction.
  • Another advantage of the preferred embodiment of the invention is that security and usability of the preferred embodiment of the invention can be easily established with existing wireless communication systems such as mobile phone networks. This makes for an easier acceptance of the preferred embodiment of the invention as users need not have to learn completely new processes.
  • infrastructure support for implementing the preferred embodiment is at least partly available when used with existing mobile phone networks having mobile phones with roaming capabilities.
  • the elecfronic fransaction system 10 supports transactions such as, for example, change of user information or payment for goods and services.
  • the elecfronic transaction system 10 includes a system controller 11.
  • the system controller 11 couples to a service provider 12, a wireless communication system 13, the Internet 14 and a merchant acquirer 15.
  • the merchant acquirer 15 is responsible for recruitment of merchants participating in the elecfronic fransaction system 10. Merchants are sellers of goods and services who have joined the electronic transaction system 10 and accept payment through the elecfronic fransaction system 10 either for face-to-face and/or Internet transactions. For face-to-face transactions, the merchant acquirer 15 arranges to install, maintain and route all transactions originating from a merchant location. The merchant acquirer 15 thus coordinates with merchants in promoting use of the elecfronic transaction system 10. In addition, the merchant acquirer 15 is a settlement agent for participating merchants and is responsible for the proper conduct of such participating merchants in accordance to rules and regulations of the elecfronic transaction system 10.
  • the wireless communication system 13 supports at least one wireless portable communication device 16.
  • the wireless commumcation system 13 can be, for example, a mobile phone network.
  • the wireless portable communication device 15 is a mobile phone for a user to communicate with the system controller 11.
  • a user can access the system controller 11 using a fransaction.
  • the transaction device 17 can be, for example, a computer system coupled to the Internet 14.
  • the user browses a merchant website associated with the merchant server 18 using the computer system prior to making a fransaction.
  • the fransaction can be, for example, a purchase of goods or services provided via the merchant website.
  • a merchant fransaction device 19 When a user makes transactions at a merchant location, a merchant fransaction device 19 is used to access the system controller 11.
  • the merchant fransaction device 19 couples to the merchant acquirer via a private fransaction network 20.
  • fransaction networks 20,21,22 Connection between the system controller 11 to the merchant acquirer 15 and to the service provider 12 is via private fransaction networks (PTNs) 20,21,22, respectively.
  • PTNs public fransaction networks
  • the use of the PTNs 20,21,22 enables confrol of communications between the system controller 11 and the service provider 12 or the merchant acquirer 15.
  • Such confrol can be applied to leased lines, dial-up lines or wireless data communication networks used in the PTNs 20,21,22.
  • the communications can be further protected by cryptography methods to encrypt data in such communications.
  • controlling communications using the PTNs 20,21,22 can prevent or at least alleviate unauthorized access to the communications.
  • fransaction devices 17,19 include user input devices that are not shown in FIG. 1. Such user input devices enable a user to provide information related to a transaction that is being transacted.
  • the system controller 11 also couples via a PTN 23 to at least one clearing bank 24 that is collectively indicated by a single block.
  • the at least one clearing bank 24 supports financial transactions of the electronic transaction system 10 and is responsible for settlement of user accounts of users from the service provider 12 or the merchant acquirer 15.
  • an identification code that is unique to the wireless portable communication device 16 is required for some transactions.
  • Such an identification code is possible for mobile phones. This is because mobile telephone manufacturers as well as mobile telephone service providers are continually improving or at least maintaining security features of mobile telephony. Consistent with this development, most users or subscribers are currently registered with a unique identification code. Such an identification code enables a mobile telephone to operate when in the coverage area of different mobile telephone service providers.
  • the identification code may include alphanumeric characters.
  • a flowchart illustrates processing 30 of an identification code received by the system controller 11.
  • the identification code is communicated to the system controller 11 when a system feature is selected.
  • a user communicates the identification code to the electronic transaction system 10 using the wireless portable communication device 16 via, for example, one or more of the following communication modes: a) Interactive voice response (INR); b) Short message system (SMS); and c) Wireless application protocol (WAP).
  • ITR Interactive voice response
  • SMS Short message system
  • WAP Wireless application protocol
  • the system controller 11 uses the identification code to ascertain the intended purpose of the user in selecting the system feature at step 32.
  • This intended purpose can be to enable a system feature such as, for example, changing user information or making a purchase of goods or services.
  • the system controller 11 can then enable a selected system feature to be subsequently processed.
  • the user information can include a user identification (ID) or password. It is assumed that only a registered user of the wireless portable communication device 16 can invoke the identification code for a transaction. Unauthorized use of the wireless portable communication device 16 is not likely unless an unauthorized user knows the user ID or password.
  • the system controller 11 then time logs the identification code at decision step 33.
  • the selected system feature is enabled at step 34 with a "No" from decision step 33. The user can then proceed with the selected system feature. After the specified time limit expires and if the user does not complete the intended purpose, the system controller 11 times out the identification code. Thereafter, the system controller 11 generates an output message at step 35 to inform the user via the wireless portable communication device 16 using, for example, SMS.
  • the electronic fransaction system 10 has an additional security procedure in which the user is clearly identified. This is because the identification code can only originate from the wireless portable communication device 16 that is registered to the user. Furthermore, with the identification code, the electronic fransaction system 10 is protected from computer hacking or other forms of malicious intentions. This is because access to the system controller 11 requires completion of the process 30 before any subsequent processing or access can continue.
  • the identification code serves two purposes. First, it verifies that the user has an intention to perform a function such as changing an assigned user ID and/or password, or making a purchase. Second, the identification code is an additional security feature that prevents unauthorized attempts to query a database for a correct match of the user ID and password. Hence, use of the identification code, in conjunction with a user ID and password, provides the elecfronic transaction system 10 with a security feature that is practical and easy to use.
  • system controller 11 ensures confidential information pertaining to transactions or users are not transmitted and/or stored on any other servers. Such users need to register with the system controller 11 in order to use the elecfronic transaction system 10.
  • FIG. 3 a user registration process 40 to register users for the elecfronic transaction system 10 is illustrated.
  • subscribers of the wireless communication system 13 are identified from databases of the service provider 12. These databases are represented using a single block 41 in FIG. 3.
  • the service provider 12 facilitates recruitment of users from the subscribers and is also a collection agent for purchases incurred by these users.
  • the service provider 12 is also responsible for real time updating of user data with the system controller 11.
  • the subscribers are invited to join as users of the elecfronic fransaction system 10 at step 42.
  • Each subscriber is provided with an application form and pre- assigned with a user TD and a password.
  • the user ID is unique in that no two users are given the same user ID.
  • the subscriber has a choice of whether or not to register as a user at decision step 43. If the subscriber declines or ignores an invitation resulting in a 'No' from decision step 43, the user registration process 40 for that subscriber terminates at step 44. Otherwise, a 'Yes' from decision step 43 is obtained when a subscriber submits the application form to the service provider 12 at step 45.
  • staff of the service provider 12 inputs user information pertaining to that subscriber at step 46. Thereafter, the user information is provided, via the private transaction network (PTN) 21, for storage into at least one storage location of the electronic transaction system 10 at step 47. This at least one storage location is associated with the system controller 11.
  • PTN private transaction network
  • a user account is activated.
  • a request by the user to enable a system feature such as to change the user ID or password is processed by the system controller 11 using a process 50 illustrated by the flowchart of FIG. 4.
  • the user can be connected to the system controller 11 via, for example, the Internet 14.
  • Process 50 starts when the system controller 11 requests an identification code from the user at step 51.
  • the user identification code is provided using the process 30.
  • the user Upon selecting a system feature and, consequently providing the identification code, the user inputs a user ID at step 52.
  • the system controller 11 determines whether the user ID and the identification code are correctly matched or verified at decision step 53. With a 'No' from decision step 53, the system controller 11 determines at decision step 54 whether less than three attempts have been made by the user to enter the user ID or whether a timeout has occurred.
  • the system controller 11 has a timeout feature that is activated if the user ID is not received within a predetermined time period.
  • step 54 the process 50 returns to step 52 in which the system controller 11 awaits the user to re-enter the user ID and password. Otherwise, with a 'Yes' following decision step 54, the process 50 proceeds to step 55.
  • step 55 the system controller 11 terminates the process 50.
  • the process 50 continues to step 56 in which the system controller 11 prompts for a password.
  • the system controller 11 determines at decision step 57 whether the password is verified at decision step 57.
  • decision step 58 determines at decision step 58 whether less than three attempts have been made by the user to enter the password or whether the timeout has occurred.
  • step 59 the system controller 11 terminates the process 50, notifies the service provide 12 about the failed attempts to access the system controller 11 and suspends the user account.
  • step 60 the process 50 continues to step 60 at which the user inputs a new user ID.
  • the new user TD has to conform with predetermined parameters in order to meet security requirements of the elecfronic fransaction system 10.
  • decision step 61 the system controller 11 checks for uniqueness of the new user TD. If the new user ID is not unique, the process 50 returns with a 'No' to step 60. Otherwise, once the new user TD is determined to be unique, the process 50 proceeds with a 'Yes' to step 62.
  • step 62 the user inputs a new password and the process 50 continues with step 63 at which the user has to re-enter the new password for confirmation.
  • the system controller 11 verifies at decision step 64 whether the new password conforms to security requirements of the elecfronic fransaction system 10.
  • a 'No' from decision step 64 results in the process 50 returning to step 63 to input another new password. Otherwise, a 'Yes' following decision step 64 ends the process 50 at step 65 in which the user is informed of the change in the user ID and/or password via an SMS transmitted to the wireless portable communication device 16.
  • the system controller 11 maintains all user information and fransaction records.
  • the service provider 12 can update the user information on-line.
  • the system controller 11 serves as an authenticating body for all transactions of the elecfronic transaction system 10, manages usability of the elecfronic fransaction system 10 via the Internet 14, enables fransaction confirmations to merchants and provides settlement services to service providers and merchant acquirers participating in the elecfronic transaction system 10.
  • the system controller 11 supports two verification processes as described hereinbefore. Specifically, one of the two verification processes is to verify the identification code associated with the wireless portable communication device 16 or the merchant acquirer 15. The other one of the two verification processes is to verify the user ID and password of a user. These two verification processes are separately processed to isolate the user information and enhance security of the user information and the system controller 11.
  • the system controller 11 has a communications controller 71, a user account server 72 and a database server 73.
  • the communications controller 71 controls communications between the elecfronic fransaction system 10 and either the wireless portable communication device 16 or the merchant acquirer.
  • the user account server 72 couples to the communications controller 71 and the database server 73 to support transactions in which fransaction information or user information, such as user IDs and/or passwords, is to be verified.
  • the database server 73 accesses information stored in a storage device 74 of the system controller 11.
  • the system controller 11 has a firewall 75, a Web server 76, an applications server 77 and a database server 78.
  • the firewall 75 provides a security shield for access to the system controller 11.
  • the Web server 76 and the applications server 77 supports users who access the system controller 11 via the Internet 14.
  • the database server 78 accesses information stored in the storage device 74 of the system controller 11. It is to be noted that the storage device 74 is common for the two verification processes.
  • Transactions in the elecfronic fransaction system 10 can be carried out either through the Internet via the user fransaction device 17 or face-to-face at a merchant location via the merchant transaction device 19.
  • these transactions require the following procedures for completion: a) offer of goods and/or services by a merchant; b) acceptance of the offer; c) payment for the goods and/or services; and d) delivery and receipt of the goods and or services.
  • Typical transactions for the electronic fransaction system 10 are described with reference to the system controller 11 using FIGs. 6a to 6c and FIGs. 7a to 7c.
  • a method 100 for a typical Internet transaction of the elecfronic fransaction system 10 is illustrated with a flowchart.
  • a user is logged onto the Internet 14 to browse a merchant Website supported by the merchant server 18.
  • prices and description of goods and services are displayed to the user via the user fransaction device 17.
  • the user is typically queried as to a preferred mode of payment for the items.
  • This payment query is represented by decision box 102 in which a controller of the merchant fransaction device 19 determines whether the payment mode selected requires use of the elecfronic fransaction system 10.
  • merchant Websites offer different modes of payment for Internet transactions.
  • step 104 the controller of the merchant transaction device 19 establishes a connection between the user fransaction device 17 and the system controller 11.
  • step 104 a computer program script is sent to the user transaction device 17 to initiate communications with the system controller 11. Communications between the user transaction device 17 and the system controller 11 is encrypted using known encryption techniques such as, for example, SSLTM (Secure Sockets Layer).
  • step 105 the system controller 11 requests the user to issue an identification code associated with the wireless portable communication device 16. This requires the user to provide the identification code as described in the process 30.
  • the system controller 11 extracts transaction information of the purchase from the merchant fransaction device 19.
  • step 106 of FIG. 6b the user inputs a user ID. This user 3D is then verified, at decision step 107, with the identification upon reception of the iatter by the system controller 11. It is to be noted that unless the system controller 11 receives the identification code associated with the wireless portable communication device 16 of the user, the method 100 cannot continue.
  • the system controller 11 has a timeout feature that is activated if the password is not received within a predetermined time period.
  • the system controller 11 also monitors the predetermined time period at decision step 107.
  • the method 100 continues to decision step 108.
  • the system controller keeps count of the number of failed attempts at verifying the user TD with the identification code and also determines whether the predetermined time period has expired. For less than three failed attempts, the system controller 11 returns the method 100 with a 'No' back to step 106. Otherwise, when three failed attempts have been recorded or the predetermined time period has expired, the method 100 proceeds with a 'Yes' to step 109.
  • the system controller 11 terminates the method 100 for this transaction.
  • step 107 Following a 'Yes' from decision step 107, the method 100 continues to step
  • the method 100 continues to decision step 112 in which the system controller 11 determines whether the password has been received and verified.
  • decision step 112 the timeout feature is again activated if the password is not received within the predetermined time period.
  • the method 100 continues to decision step 113 in which the system controller keeps count of the number of failed attempts and monitors the predetermined time period.
  • step 114 the system controller 11 terminates the transaction.
  • the system controller 11 also notifies the service provider 12 of the failed attempts to complete the fransaction and suspends the user account. Otherwise, the method 100 returns to step 111 to await another password input from the user following a 'No' from decision step 113.
  • step 115 in FIG. 6c the system controller 11 checks credit information of the user.
  • the credit limit of the user is determined at decision step 116 in order to continue the method 100.
  • the method 100 proceeds with a 'No' to step 117.
  • step 117 the system controller 11 terminates the fransaction and sends a message to the user via the wireless portable communication device 16 to request that the user checks with the service provider 12 on the credit limit.
  • the system controller 11 informs the service provider 12 on the incomplete transaction because of insufficient credit limit.
  • the method 100 continues with a 'Yes' from decision step 116 to step 118 at which the system controller 11 informs the user that the transaction is approved. Thereafter, at step 119, the system controller 11 sends to the wireless portable communication device 16 an SMS to confirm the fransaction. With the fransaction confirmed, the system controller 11 updates a fransaction log at step 120 and updates the merchant server 18 with an approval code for the transaction at step 121. The method 100 then terminates at step 121.
  • a method 200 for a typical face-to-face transaction of the electronic transaction system 10 is illustrated with a flowchart.
  • the user is at a merchant location.
  • the merchant location has the merchant transaction device 19 for the user to access the electronic transaction system 10.
  • the merchant transaction device 19 is activated to connect to the system controller 11 via the merchant acquirer 15. Connection between the merchant transaction device 19 and the merchant acquirer 15 uses the PTN 20 to ensure security of transactions therebetween.
  • the merchant fransaction device 19 establishes a connection to the system controller 11. Thereafter, fransaction information for the fransaction is provided to the system controller 11 at step 202. Upon receiving the fransaction information, the system controller 11 then generates a request for the user TD and the password at step 203.
  • the user In response to the request, the user then inputs the user TD and the password at the merchant fransaction device 19 at step 204 in FIG. 6b. The user ID and the password is then transmitted back to the system controller 11 from the merchant fransaction device 19. Receiving the user TD and the password, the system controller 11 then determines at decision step 205 whether the user ID and the password matches user information stored at the system controller 11. The system controller 11 in decision step 205 also applies the timeout feature. With a 'No' from decision step 205, the method 200 continues to decision step 206 in which the system controller 11 determines whether there have been three failed attempts to verify the user ID and the password for the user.
  • the system controller 11 terminates the fransaction at step 207. Otherwise, for a 'No' following decision step 206, the method 200 returns to step 204.
  • the method 200 continues with a 'Yes' to step 208 at which the system controller 11 sends a transaction code to the user via the wireless portable communication device 16.
  • the system controller 11 randomly generates the fransaction code.
  • the system controller 11 Upon receiving the fransaction code in, for example, an SMS, the user then inputs the fransaction code at the merchant fransaction device 19 at step 209. Thereafter, the system controller 11 verifies the fransaction code to determine validity of the user at decision step 210.
  • the process 200 continues to decision step 211.
  • the system controller 11 determines if three failed attempts has occurred or if the predetermined time period has expired. With a 'Yes' from decision step 211, the system controller 11 terminates the transaction at step 212. At step 212, the system controller 11 also notifies the service provider 12 of the terminated fransaction and suspends the user account of the user.
  • step 213 the system controller 11 checks credit information of the user to determine, for example, the user's credit limit. Thereafter, at decision step 214, if the credit limit is exceeded, a 'No' is generated and the method 200 continues to step 215.
  • step 215 the system controller 11 terminates the fransaction and sends a message to the user via the wireless portable communication device 16 to request that the user checks with the service provider 12 on the credit limit. In addition, at step 215, the system controller 11 informs the service provider 12 on the incomplete transaction because of insufficient credit limit.
  • the method 200 continues with a 'Yes' from decision step 214 to step 216 at which the system controller 11 informs the user that the transaction is approved. Thereafter, at step 217, the system controller 11 sends the wireless portable communication device 16 an SMS to confirm the transaction. With the transaction confirmed, the system controller 11 updates a transaction log at step 218 and updates the merchant server 18 with an approval code for the fransaction at step 219. The method 100 then terminates at step 219.
  • the credit limit of the user for a purchase is determined based on a rule table defined by the service provider 12.
  • the rule table can define the following: a) Maximum single purchase; b) Domicile of a merchant using an exclusion table; c) Currency of purchase using an exclusion table for foreign exchange controls; d) Purchase limit for shipment to address other than the user's.
  • the elecfronic transaction system 10 cannot assist users in evaluating a merchant from with whom they intend to make a purchase. However, merchants who are guilty of any unscrupulous dealings shall not be allowed to continue participating in the elecfronic fransaction system 10.
  • the method 200 can be applied for Internet fransactions.
  • the elecfronic fransaction system 10 can be configured such that a user of the user fransaction device 17 is required to provide a fransaction code to the system controller 11 using the wireless portable communication device 16. This depends on how much security is desired by users of the elecfronic transaction system 10.
  • the elecfronic fransaction system 10 ensures that a user is properly identified and has sufficient credit limit to complete a fransaction. Thus, the elecfronic fransaction system 10 facilitates the two fransactions describe in the methods 100 and 200.
  • the transaction log mentioned in step 120 of the method 100 and step 216 in the method 200 keeps track of all failed attempts to log onto a user account.
  • the electronic fransaction system 10 as described above provides for global usage as users are not restricted to a physical location when using the wireless portable communication device 16. Furthermore, infrastructure support for the electronic transaction system 10 is at least partly available if the wireless communication system 13 is implemented with existing mobile phone networks having mobile phones with roaming capabilities.
  • the system controller 11 in the preferred embodiment of the invention can be implemented using a computer program product such as, for example, a computer system 300 as shown in FIG. 8.
  • a computer program product such as, for example, a computer system 300 as shown in FIG. 8.
  • the processes 30, 40, 50 and methods 100 and 200 can be implemented as software, or computer readable program code, executing on the computer system 300.
  • the computer system 300 includes a processor 301, a video display 302, and input devices 303, 304.
  • a communication input/output (I O) signal bus 305 provides for inputs and outputs between the processor 301 and the three PTNs 20,21,22, the wireless communication system 13 and the Internet 14.
  • the computer system 300 also includes a memory 306 that may include random access memory (RAM) and read-only memory (ROM), input/output (I/O) interfaces 71, 307, a video interface 308, and one or more storage devices generally represented by in FIG. 8 with the storage device 74.
  • the memory 306 can be used to store the transaction code or the identification code when processing a transaction.
  • a common bus 309 links elements of the computer system 300 to provide data fransfers when processing data for transactions.
  • the video interface 308 is connected to the video display 302 and provides video signals from the computer system 300 for display on the video display 302.
  • User input to operate the computer system 300 can be provided by one or more of the input devices 303,304 via the I/O interface 307.
  • a user of the computer system 300 can use a keyboard as the input device 303 and/or a pointing device such as a mouse as the input device 74.
  • the keyboard and the mouse provide input to the computer system 300.
  • the storage device 74 can consist of one or more of the following: a floppy disk, a hard disk drive, a magneto-optical disk drive, CD-ROM, magnetic tape or any other of a number of non- volatile storage devices well known to those skilled in the art.
  • Each of the elements in the computer system 300 is typically connected to other devices via a bus 81 that in turn can consist of data, address, and control buses.
  • the processes 30, 40, 50 and methods 100 and 200 are effected by instructions in the software that are carried out by the computer system 300.
  • the software may be implemented as one or more modules for implementing the method steps. That is, the system controller 11 can be a part of a computer readable program code that usually performs a particular function or related functions.
  • the software may be stored in a computer readable medium, including the storage device 74.
  • the computer system 300 includes the computer readable medium having such software or program code recorded such that instructions of the software or the program code can be carried out.
  • the use of the computer system 300 preferably effects advantageous apparatuses for validating transactions of the elecfronic fransaction system 10.
  • the computer system 300 simply provides for illustrative purposes and other configurations can be employed without departing from the scope and spirit of the invention.
  • the foregoing is merely exemplary of the types of computers or computer systems with which the embodiments of the invention may be practised.
  • the processes 30, 40, 50 and methods 100 and 200 of the embodiments are resident as software or a computer readable program code recorded on a hard disk drive
  • the storage device 74 (generally depicted as the storage device 74) as the computer readable medium, and read and controlled using the system controller 11.
  • Intermediate storage of the program code and media content data and any data fetched from the network may be accomplished using the memory 306, possibly in concert with the storage device 74.
  • the program may be supplied to the user encoded on a
  • CD-ROM or a floppy disk both generally depicted by the storage device 74
  • the computer system 300 can load the software from other computer readable media.
  • This may include magnetic tape, a ROM or integrated circuit, a magneto-optical disk, a radio or infra-red transmission channel between the computer and another device, a computer readable card such as a PCMCIA card, and the Internet and Intranets including email transmissions and information recorded on Internet sites and the like.
  • a computer readable media such as a PCMCIA card
  • Internet and Intranets including email transmissions and information recorded on Internet sites and the like.
  • the electronic fransaction system 10 as described in the above preferred embodiment of the invention advantageously overcomes or at least alleviates the disadvantages of conventional elecfronic fransaction systems for validating a fransaction.

Abstract

An electronic transaction system (10) for validating electronic transactions of a user of system (10) is described. System (10) includes a system controller (11) that couples to a service provider (12) of a wireless communication system (13), the Internet (14) and a merchant acquirer (15). System (10) supports electronic transactions such as payment for goods and services. An electronic transaction is initiated from either a user transaction device (17) or a merchant transaction device (19). Controller (11) then communicates transaction and user information with devices (17, 19) via the Internet (14) or a private transaction network (20). In one type of transaction, the user information has an identification code identifying communication device (16). In another type of transaction, a transaction code is sent to communication device (16). Upon controller (11) verifying the user, the transaction is validated and a message is sent directly to communication device (16).

Description

ELECTRONIC TRANSACTION SYSTEM AND METHODS
THEREOF
Field of the Invention This invention relates to non-cash electronic transactions such as credit card payments for goods and services. In particular, this invention relates to an electronic transaction system to prevent or at least alleviate transaction fraud and methods thereof.
Background
Payments for goods and services are made through various commercial instruments such as, for example, cash, checks, and credit cards. Use of non-cash instruments has grown both in terms of volume as well as popularity. This use is expected to accelerate especially with the proliferation of electronic commerce (e- commerce) via the Internet.
For non-cash instruments and, in particular, credit cards, the accuracy of identifying and authenticating purchasers is critical in order to avoid payment fraud. To identify or authenticate a user of a credit card, a merchant has to examine the credit card to detect forgery as well as verify data stored in a magnetic data strip of the credit card. Typically, such data includes user information that is electronically extracted and processed to validate an electronic transaction. Processing generally involves electronically relaying the user information to a company that issued the credit card or agents of such a company.
Generally, fraudulent use of credit cards in face-to-face transactions involves criminal syndicates because the entire process for such f audulent use requires multiple parties and large resources to produce forged credit cards. While credit card companies use more sophisticated printing processes to prevent unauthorized reproduction of credit cards, such processes are still accessible to criminal syndicates. In addition to the physical appearance of a credit card, the data stored in the magnetic data strip can be copied or reproduced. For electronic transactions such as purchasing goods via the Internet, fraud is more easily committed because such fraud only requires the data stored for a credit card. This is because the credit card does not need to be physically provided to validate Internet transactions. Hence, individuals who have access to the data of the credit cards can commit credit card fraud via Internet transactions.
The above problems of fraud in an electronic transaction system are further compounded by the possibility of unauthorized access to locations in which credit card information of customers are stored. Security of these locations is not practically monitored by any public or private regulatory bodies and, currently, does not conform to any internationally acceptable security standards.
Conventionally, an electronic transaction system has locations at which confidential information is stored. The electronic transaction system typically enables user access via assigned user identification (ID) and passwords. Generally, to protect against unauthorized access to such locations, user accounts are suspended after a predetermined number of attempts . However, suspending user accounts is inconvenient to users as well as service providers because computer hackers can then cause widespread access denial. Such widespread access denial requires considerable efforts to reinstate suspended user accounts. Reinstating suspended user accounts can be costly in terms of time, loss of use, administrative expenses and, most importantly, loss of confidence in an electronic transaction system.
Consequently, verification and authentication have to be reduced to a practical level to accommodate users having varying levels of technological knowledge and capability. On the other hand, the protection of confidential information such as user TD and passwords has to be maintained at a sufficient level of security to attain user confidence. Credit card fraud accounts for significant losses of credit card companies and merchants that provide for credit card billings. Without major enhancements to existing credit card payment systems, the impact of credit card fraud, especially for merchants who conduct business on the Internet, is likely to increase. Therefore, in view of the above problems and constraints, there is a need for an electronic transaction system to prevent or at least alleviate credit card fraud and yet that has security features that are practically applied by users.
Summary
In accordance with one aspect of the invention, there is disclosed an electronic transaction system for validating a transaction of a user of the electronic transaction system, the electronic transaction system having a system controller, includes: means for receiving, by the system controller of the electronic transaction system, transaction information and user information from a transaction device coupled to the system controller, the transaction information and the user information being respectively associated with the transaction and the user;
means for receiving, by the system controller from a wireless portable communication device associated with the user, at least one identification code associated with the wireless portable communication device;
means for verifying, by the a system controller, the at least one identification code and the user information based upon registered information of the user, the registered information being stored in association with the system controller;
and means for determining, by the controller, whether to validate the transaction in response to the verifying.
Generally, the electronic transaction system can further include means for invalidating the transaction when either the at least one identification code or the user information is not verified.
Typically, the determining means can include means for checking credit information of the user, the credit information being stored in association with the system controller.
More typically, the electronic transaction system can further include means for validating the transaction based upon the checking.
Yet more typically, the electronic transaction system can further include means for transmitting at least one message to the wireless portable communication device upon validating the transaction.
Generally, the means for receiving the transaction information and the user information can include means for prompting the user to provide at least one input to obtain at least some of the user information.
In accordance with another aspect of the invention, there is disclosed an electronic transaction system for validating a transaction of a user of the electronic transaction system, the electronic transaction system having a system controller, includes: means for receiving, by the system controller of the electronic transaction system, transaction information and user information from a transaction device coupled to the system controller, the transaction information and the user information being respectively associated with the transaction and the user; means for transmitting, by the system controller to a wireless portable communication device associated with the user, at least one transaction code associated with the transaction;
means for receiving, by the system controller via the transaction device, the at least one transaction code for verification;
and
means for determining, by the system controller, whether to validate the transaction based upon the verification.
Generally, the electronic transaction system can further include means for invalidating the transaction when the verification of the at least one transaction code fails.
Typically, the determining means can include means for checking credit information of the user, the credit information being stored in association with the system controller.
More typically, the electronic transaction system can further include means for validating the transaction based upon the checking.
Yet more typically, the electronic transaction system can further include means for transmitting at least one message to the wireless portable communication device upon validating the transaction.
Generally, the means for receiving the transaction information and the user information can include means for prompting the user to provide at least one input to obtain at least some of the user information. In accordance with another aspect of the invention, there is disclosed a method for validating a transaction of a user of an electronic transaction system, the method including the steps of: receiving, by a system controller of the electronic transaction system, transaction information and user information from a transaction device coupled to the system controller, the transaction information and the user information being respectively associated with the transaction and the user;
receiving, by the system controller from a wireless portable communication device associated with the user, at least one identification code associated with the wireless portable communication device;
verifying, by the a system controller, the at least one identification code and the user information based upon registered information of the user, the registered information being stored in association with the system controller;
and
determining, by the system controller, whether to validate the transaction based upon the verifying step.
Generally, the method can further include the step of invalidating the transaction when either the at least one identification code or the user information is not verified.
Typically, the determining step can include the step of checking credit information of the user, the credit information being stored in association with the system controller. More typically, the method can further include the step of validating the transaction based upon the checking step.
Yet more typically, the method can further include the step of transmitting at least one message to the wireless portable commumcation device upon validating the transaction.
Generally, the step of receiving the transaction information and the user information can include the step of prompting the user to provide at least one input to obtain at least some of the user information.
In accordance with another aspect of the invention, there is disclosed a method for validating a transaction of a user of an electronic transaction system, the method including the steps of: receiving, by a system controller of the electronic transaction system, transaction information and user information from a transaction device coupled to the system controller, the transaction information and the user information being respectively associated with the transaction and the user;
transmitting, by the system controller to a wireless portable communication device associated with the user, at least one transaction code associated with the transaction;
receiving, by the system controller via the transaction device, the at least one transaction code for verification;
and
determining, by the system controller, whether to validate the transaction based upon the verification. Generally, the method can further include the step of invalidating the transaction when the verification of the at least one transaction code fails.
Typically, the determining step can include the step of checking credit information of the user, the credit information being stored in association with the system controller.
More typically, the method can further include the step of validating the transaction based upon the checking step.
Yet more typically, the method can further include the step of transmitting at least one message to the wireless portable communication device upon validating the transaction.
Generally, the step of receiving the transaction information and the user information can include the step of prompting the user to provide at least one input to obtain at least some of the user information.
In accordance with another aspect of the invention, there is disclosed a computer program product with a computer usable medium having a computer readable program code means embodied therein for validating a transaction of a user of an electronic transaction system having a system controller, the computer program product including: computer readable program code means for receiving, by the system controller of the electronic transaction system, transaction information and user information from a transaction device coupled to the system controller, the transaction information and the user information being respectively associated with the transaction and the user; computer readable program code means for receiving, by the system controller from a wireless portable communication device associated with the user, at least one identification code associated with the wireless portable communication device;
computer readable program code means for verifying, by the system controller, the at least one identification code and the user information based upon registered information of the user, the registered information being stored in association with the system controller;
and
computer readable program code means for determining, by the controller, whether to validate the transaction in response to the verifying.
Generally, the computer program product can further include computer readable program code means for invalidating the transaction when either the at least one identification code or the user information is not verified.
Typically, the computer readable program code means for determining can include computer readable program code means for checking credit information of the user, the credit information being stored in association with the system controller.
More typically, the computer program product can further include computer , readable program code means for validating the transaction based upon the checking.
Yet more typically, the computer program product can further include computer readable program code means for transmitting at least one message to the wireless portable communication device upon validating the transaction. Generally, the computer readable program code means for receiving the transaction information and the user information can include computer readable program code means for prompting the user to provide at least one input to obtain at least some of the user information.
In accordance with another aspect of the invention, there is disclosed a computer program product with a computer usable medium having a computer readable program code means embodied therein for validating a transaction of a user of an electronic transaction system having a system controller, the computer program product including: computer readable program code means for receiving, by the system controller of the elecfronic transaction system, transaction information and user information from a fransaction device coupled to the system controller, the transaction information and the user information being respectively associated with the transaction and the user;
computer readable program code means for transmitting, by the system controller to a wireless portable communication device associated with the user, at least one transaction code associated with the transaction;
computer readable program code means for receiving, by the system controller via the transaction device, the at least one transaction code for verification;
and
computer readable program code means for determining, by the controller, whether to validate the transaction based upon the verification. Generally, the computer program product can further include computer readable program code means for invalidating the transaction when the verification of the at least one fransaction code fails.
Typically, the computer readable program code means for deteπnining includes computer readable program code means for checking credit information of the user, the credit information being stored in association with the system controller.
More typically, the computer program product can further include computer readable program code means for validating the fransaction based upon the checking.
Yet more typically, the computer program product can further include computer readable program code means for transmitting at least one message to the wireless portable communication device upon validating the fransaction.
Generally, the computer readable program code means for receiving the transaction information and the user information can include computer readable program code means for prompting the user to provide at least one input to obtain at least some of the user information.
Brief Description of the Drawings
Embodiments of the invention are described hereinafter with reference to the drawings, in which:
FIG. 1 is a schematic block diagram illustrating an electronic transaction system in accordance with a preferred embodiment of the invention;
FIG. 2 is a flowchart illustrating processing of an identification code of a wireless portable communication device in the elecfronic transaction system of FIG. 1; FIG. 3 is a flowchart illustrating a user registration process to register users of for the electronic transaction system of FIG. 1;
FIG. 4 is a flowchart illustrating a process for a user of the elecfronic transaction system of FIG. 1 to change a user ID and/or password;
FIG. 5 is a schematic block diagram of a system controller of the electronic transaction system of FIG. 1;
FIGs. 6a to 6c are flowcharts illustrating a method for processing a typical
Internet fransaction of the elecfronic transaction system of FIG. 1;
FIGs. 7a to 7c are flowcharts illustrating a method for processing a typical face-to-face fransaction of the electronic transaction system of FIG. 1; and
FIG. 8 is a block diagram of an example of a computer system capable of processing electronic transactions in the electronic transaction system of FIG. 1.
Detailed Description An electronic fransaction system, a method and a computer program product for validating electronic transactions of users of the elecfronic transaction system in accordance with a preferred embodiment of the invention are described. In the following, numerous details are provided for a more thorough description. It shall be apparent to one skilled in the art, however, that the invention may be practised without such details. In other instances, well-known details have not been described at length so as not to obscure the invention.
The advantages of the preferred embodiment of the invention are manifold. One advantage is that elecfronic transactions, such as, for example, payments or change of user information are effected using different communication media. This enhances security of the electronic transaction system. Thus, opposite parties of, for example, a payment transaction can verify information relating to each other and to the payment fransaction with the different communication media before validating the payment transaction.
Another advantage of the preferred embodiment of the invention is that security and usability of the preferred embodiment of the invention can be easily established with existing wireless communication systems such as mobile phone networks. This makes for an easier acceptance of the preferred embodiment of the invention as users need not have to learn completely new processes.
Yet a further advantage of the preferred embodiment of the invention is that infrastructure support for implementing the preferred embodiment is at least partly available when used with existing mobile phone networks having mobile phones with roaming capabilities.
Referring now to FIG. 1, a schematic block diagram of an elecfronic fransaction system 10 in accordance with a preferred embodiment of the invention is illustrated. The elecfronic fransaction system 10 supports transactions such as, for example, change of user information or payment for goods and services. The elecfronic transaction system 10 includes a system controller 11. The system controller 11 couples to a service provider 12, a wireless communication system 13, the Internet 14 and a merchant acquirer 15.
The merchant acquirer 15 is responsible for recruitment of merchants participating in the elecfronic fransaction system 10. Merchants are sellers of goods and services who have joined the electronic transaction system 10 and accept payment through the elecfronic fransaction system 10 either for face-to-face and/or Internet transactions. For face-to-face transactions, the merchant acquirer 15 arranges to install, maintain and route all transactions originating from a merchant location. The merchant acquirer 15 thus coordinates with merchants in promoting use of the elecfronic transaction system 10. In addition, the merchant acquirer 15 is a settlement agent for participating merchants and is responsible for the proper conduct of such participating merchants in accordance to rules and regulations of the elecfronic transaction system 10.
The wireless communication system 13 supports at least one wireless portable communication device 16. The wireless commumcation system 13 can be, for example, a mobile phone network. In such a mobile phone network, the wireless portable communication device 15 is a mobile phone for a user to communicate with the system controller 11.
As for transactions via the Internet 14, a user can access the system controller 11 using a fransaction. device 17. The transaction device 17 can be, for example, a computer system coupled to the Internet 14. Typically, the user browses a merchant website associated with the merchant server 18 using the computer system prior to making a fransaction. The fransaction can be, for example, a purchase of goods or services provided via the merchant website.
When a user makes transactions at a merchant location, a merchant fransaction device 19 is used to access the system controller 11. The merchant fransaction device 19 couples to the merchant acquirer via a private fransaction network 20.
Connection between the system controller 11 to the merchant acquirer 15 and to the service provider 12 is via private fransaction networks (PTNs) 20,21,22, respectively. The use of the PTNs 20,21,22 enables confrol of communications between the system controller 11 and the service provider 12 or the merchant acquirer 15. Such confrol can be applied to leased lines, dial-up lines or wireless data communication networks used in the PTNs 20,21,22. Furthermore, the communications can be further protected by cryptography methods to encrypt data in such communications. Thus, controlling communications using the PTNs 20,21,22 can prevent or at least alleviate unauthorized access to the communications. It is to be noted that fransaction devices 17,19 include user input devices that are not shown in FIG. 1. Such user input devices enable a user to provide information related to a transaction that is being transacted.
The system controller 11 also couples via a PTN 23 to at least one clearing bank 24 that is collectively indicated by a single block. The at least one clearing bank 24 supports financial transactions of the electronic transaction system 10 and is responsible for settlement of user accounts of users from the service provider 12 or the merchant acquirer 15.
In using the elecfronic transaction system 10, use of the wireless portable communication device 16 is required at some stage of a fransaction. In one embodiment of the invention, an identification code that is unique to the wireless portable communication device 16 is required for some transactions. Such an identification code is possible for mobile phones. This is because mobile telephone manufacturers as well as mobile telephone service providers are continually improving or at least maintaining security features of mobile telephony. Consistent with this development, most users or subscribers are currently registered with a unique identification code. Such an identification code enables a mobile telephone to operate when in the coverage area of different mobile telephone service providers. The identification code may include alphanumeric characters.
Referring now to FIG. 2, a flowchart illustrates processing 30 of an identification code received by the system controller 11. The identification code is communicated to the system controller 11 when a system feature is selected. At step 31, a user communicates the identification code to the electronic transaction system 10 using the wireless portable communication device 16 via, for example, one or more of the following communication modes: a) Interactive voice response (INR); b) Short message system (SMS); and c) Wireless application protocol (WAP). These communication modes cater to users who have varying levels of comfort in adapting to complex technology.
Use of the identification code enables the system controller 11 to ascertain the intended purpose of the user in selecting the system feature at step 32. This intended purpose can be to enable a system feature such as, for example, changing user information or making a purchase of goods or services. In providing the identification code together with selecting a system feature, the system controller 11 can then enable a selected system feature to be subsequently processed. The user information can include a user identification (ID) or password. It is assumed that only a registered user of the wireless portable communication device 16 can invoke the identification code for a transaction. Unauthorized use of the wireless portable communication device 16 is not likely unless an unauthorized user knows the user ID or password. The system controller 11 then time logs the identification code at decision step 33. Within a specified time limit that is configurable as a predetermined transaction parameter, the selected system feature is enabled at step 34 with a "No" from decision step 33. The user can then proceed with the selected system feature. After the specified time limit expires and if the user does not complete the intended purpose, the system controller 11 times out the identification code. Thereafter, the system controller 11 generates an output message at step 35 to inform the user via the wireless portable communication device 16 using, for example, SMS.
In providing for process 30, the electronic fransaction system 10 has an additional security procedure in which the user is clearly identified. This is because the identification code can only originate from the wireless portable communication device 16 that is registered to the user. Furthermore, with the identification code, the electronic fransaction system 10 is protected from computer hacking or other forms of malicious intentions. This is because access to the system controller 11 requires completion of the process 30 before any subsequent processing or access can continue. The identification code serves two purposes. First, it verifies that the user has an intention to perform a function such as changing an assigned user ID and/or password, or making a purchase. Second, the identification code is an additional security feature that prevents unauthorized attempts to query a database for a correct match of the user ID and password. Hence, use of the identification code, in conjunction with a user ID and password, provides the elecfronic transaction system 10 with a security feature that is practical and easy to use.
Also, use of the system controller 11 ensures confidential information pertaining to transactions or users are not transmitted and/or stored on any other servers. Such users need to register with the system controller 11 in order to use the elecfronic transaction system 10.
Referring now to FIG. 3, a user registration process 40 to register users for the elecfronic transaction system 10 is illustrated. In collaboration with the service provider 12 of FIG. 1, subscribers of the wireless communication system 13 are identified from databases of the service provider 12. These databases are represented using a single block 41 in FIG. 3. The service provider 12 facilitates recruitment of users from the subscribers and is also a collection agent for purchases incurred by these users. The service provider 12 is also responsible for real time updating of user data with the system controller 11.
The subscribers are invited to join as users of the elecfronic fransaction system 10 at step 42. Each subscriber is provided with an application form and pre- assigned with a user TD and a password. The user ID is unique in that no two users are given the same user ID. Thereafter, the subscriber has a choice of whether or not to register as a user at decision step 43. If the subscriber declines or ignores an invitation resulting in a 'No' from decision step 43, the user registration process 40 for that subscriber terminates at step 44. Otherwise, a 'Yes' from decision step 43 is obtained when a subscriber submits the application form to the service provider 12 at step 45.
To complete the user registration process 40 for a subscriber, staff of the service provider 12 inputs user information pertaining to that subscriber at step 46. Thereafter, the user information is provided, via the private transaction network (PTN) 21, for storage into at least one storage location of the electronic transaction system 10 at step 47. This at least one storage location is associated with the system controller 11.
Following completion of the user registration process 40, a user account is activated. A request by the user to enable a system feature such as to change the user ID or password is processed by the system controller 11 using a process 50 illustrated by the flowchart of FIG. 4. The user can be connected to the system controller 11 via, for example, the Internet 14.
Process 50 starts when the system controller 11 requests an identification code from the user at step 51. The user identification code is provided using the process 30. Upon selecting a system feature and, consequently providing the identification code, the user inputs a user ID at step 52. Thereafter, the system controller 11 determines whether the user ID and the identification code are correctly matched or verified at decision step 53. With a 'No' from decision step 53, the system controller 11 determines at decision step 54 whether less than three attempts have been made by the user to enter the user ID or whether a timeout has occurred. The system controller 11 has a timeout feature that is activated if the user ID is not received within a predetermined time period. With a 'No' following decision step 54, the process 50 returns to step 52 in which the system controller 11 awaits the user to re-enter the user ID and password. Otherwise, with a 'Yes' following decision step 54, the process 50 proceeds to step 55. At step 55, the system controller 11 terminates the process 50. With a 'Yes' from decision step 53, the process 50 continues to step 56 in which the system controller 11 prompts for a password. Thereafter, the system controller 11 determines at decision step 57 whether the password is verified at decision step 57. For a 'No' following decision step 57, the system controller 11 determines at decision step 58 whether less than three attempts have been made by the user to enter the password or whether the timeout has occurred. With a 'Yes' following decision step 58, the process 50 proceeds to step 59. At step 59, the system controller 11 terminates the process 50, notifies the service provide 12 about the failed attempts to access the system controller 11 and suspends the user account.
Following a 'Yes' from decision step 57, the process 50 continues to step 60 at which the user inputs a new user ID. The new user TD has to conform with predetermined parameters in order to meet security requirements of the elecfronic fransaction system 10. At decision step 61, the system controller 11 checks for uniqueness of the new user TD. If the new user ID is not unique, the process 50 returns with a 'No' to step 60. Otherwise, once the new user TD is determined to be unique, the process 50 proceeds with a 'Yes' to step 62.
At step 62, the user inputs a new password and the process 50 continues with step 63 at which the user has to re-enter the new password for confirmation. With the new password ascertained, the system controller 11 verifies at decision step 64 whether the new password conforms to security requirements of the elecfronic fransaction system 10. A 'No' from decision step 64 results in the process 50 returning to step 63 to input another new password. Otherwise, a 'Yes' following decision step 64 ends the process 50 at step 65 in which the user is informed of the change in the user ID and/or password via an SMS transmitted to the wireless portable communication device 16.
Thus far, user account set-up or changes to a user account initiated by a user of the electronic transaction system 10 has been described. The set-up and changes involve only the user accessing the system controller 11 via the wireless communication system 13 or the Internet 14. Reference shall now be made to FIG. 5 to describe features of the system controller 11.
Referring now to FIG. 5, a schematic block diagram of the system controller 11 is illustrated. The system controller 11 maintains all user information and fransaction records. The service provider 12 can update the user information on-line. The system controller 11 serves as an authenticating body for all transactions of the elecfronic transaction system 10, manages usability of the elecfronic fransaction system 10 via the Internet 14, enables fransaction confirmations to merchants and provides settlement services to service providers and merchant acquirers participating in the elecfronic transaction system 10.
The system controller 11 supports two verification processes as described hereinbefore. Specifically, one of the two verification processes is to verify the identification code associated with the wireless portable communication device 16 or the merchant acquirer 15. The other one of the two verification processes is to verify the user ID and password of a user. These two verification processes are separately processed to isolate the user information and enhance security of the user information and the system controller 11.
For non-Internet transactions, the system controller 11 has a communications controller 71, a user account server 72 and a database server 73. The communications controller 71 controls communications between the elecfronic fransaction system 10 and either the wireless portable communication device 16 or the merchant acquirer. The user account server 72 couples to the communications controller 71 and the database server 73 to support transactions in which fransaction information or user information, such as user IDs and/or passwords, is to be verified. The database server 73 accesses information stored in a storage device 74 of the system controller 11.
For Internet transactions, the system controller 11 has a firewall 75, a Web server 76, an applications server 77 and a database server 78. The firewall 75 provides a security shield for access to the system controller 11. The Web server 76 and the applications server 77 supports users who access the system controller 11 via the Internet 14. The database server 78 accesses information stored in the storage device 74 of the system controller 11. It is to be noted that the storage device 74 is common for the two verification processes.
Transactions in the elecfronic fransaction system 10 can be carried out either through the Internet via the user fransaction device 17 or face-to-face at a merchant location via the merchant transaction device 19. Typically, these transactions require the following procedures for completion: a) offer of goods and/or services by a merchant; b) acceptance of the offer; c) payment for the goods and/or services; and d) delivery and receipt of the goods and or services.
Typical transactions for the electronic fransaction system 10 are described with reference to the system controller 11 using FIGs. 6a to 6c and FIGs. 7a to 7c.
Referring now to FIGs. 6a to 6c, a method 100 for a typical Internet transaction of the elecfronic fransaction system 10 is illustrated with a flowchart. Starting at step 101, a user is logged onto the Internet 14 to browse a merchant Website supported by the merchant server 18. Prices and description of goods and services are displayed to the user via the user fransaction device 17. After selecting one or more items to purchase, the user is typically queried as to a preferred mode of payment for the items. This payment query is represented by decision box 102 in which a controller of the merchant fransaction device 19 determines whether the payment mode selected requires use of the elecfronic fransaction system 10. Generally, merchant Websites offer different modes of payment for Internet transactions. If the user selects other payment modes, then the method 100 continues with a 'No' to step 103. Otherwise, if the user selects the payment mode of the elecfronic fransaction system 10, then the method 100 continues with step 104 in which the controller of the merchant transaction device 19 establishes a connection between the user fransaction device 17 and the system controller 11. In addition, at step 104, a computer program script is sent to the user transaction device 17 to initiate communications with the system controller 11. Communications between the user transaction device 17 and the system controller 11 is encrypted using known encryption techniques such as, for example, SSL™ (Secure Sockets Layer).
The method 100 continues to step 105 in which the system controller 11 requests the user to issue an identification code associated with the wireless portable communication device 16. This requires the user to provide the identification code as described in the process 30. In addition, the system controller 11 extracts transaction information of the purchase from the merchant fransaction device 19. Following step 105, the method 100 continues to step 106 of FIG. 6b in which the user inputs a user ID. This user 3D is then verified, at decision step 107, with the identification upon reception of the iatter by the system controller 11. It is to be noted that unless the system controller 11 receives the identification code associated with the wireless portable communication device 16 of the user, the method 100 cannot continue. Hence, the system controller 11 has a timeout feature that is activated if the password is not received within a predetermined time period. Thus, the system controller 11 also monitors the predetermined time period at decision step 107. With a 'No' following decision step 107, the method 100 continues to decision step 108. At decision step 108, the system controller keeps count of the number of failed attempts at verifying the user TD with the identification code and also determines whether the predetermined time period has expired. For less than three failed attempts, the system controller 11 returns the method 100 with a 'No' back to step 106. Otherwise, when three failed attempts have been recorded or the predetermined time period has expired, the method 100 proceeds with a 'Yes' to step 109. At step 109, the system controller 11 terminates the method 100 for this transaction.
Following a 'Yes' from decision step 107, the method 100 continues to step
111 in which the system controller 11 prompts the user to provide a password. Thereafter, the method 100 continues to decision step 112 in which the system controller 11 determines whether the password has been received and verified. In decision step 112, the timeout feature is again activated if the password is not received within the predetermined time period. Hence, for a 'No' in decision step 112, the method 100 continues to decision step 113 in which the system controller keeps count of the number of failed attempts and monitors the predetermined time period.
For a 'Yes' following decision step 113, the method 100 continues to step 114 in which the system controller 11 terminates the transaction. In addition, at step 114, the system controller 11 also notifies the service provider 12 of the failed attempts to complete the fransaction and suspends the user account. Otherwise, the method 100 returns to step 111 to await another password input from the user following a 'No' from decision step 113.
Returning to decision step 112, the method 100 continues to step 115 in FIG. 6c in which the system controller 11 checks credit information of the user. In particular, the credit limit of the user is determined at decision step 116 in order to continue the method 100. When the fransaction is not within the credit limit of the user, the method 100 proceeds with a 'No' to step 117. At step 117, the system controller 11 terminates the fransaction and sends a message to the user via the wireless portable communication device 16 to request that the user checks with the service provider 12 on the credit limit. In addition, at step 117, the system controller 11 informs the service provider 12 on the incomplete transaction because of insufficient credit limit.
The method 100 continues with a 'Yes' from decision step 116 to step 118 at which the system controller 11 informs the user that the transaction is approved. Thereafter, at step 119, the system controller 11 sends to the wireless portable communication device 16 an SMS to confirm the fransaction. With the fransaction confirmed, the system controller 11 updates a fransaction log at step 120 and updates the merchant server 18 with an approval code for the transaction at step 121. The method 100 then terminates at step 121.
Referring now to FIGs. 7a to 7c, a method 200 for a typical face-to-face transaction of the electronic transaction system 10 is illustrated with a flowchart. For the method 200, the user is at a merchant location. The merchant location has the merchant transaction device 19 for the user to access the electronic transaction system 10. Hence, upon the user deciding to make a fransaction such as payment for a purchase, the merchant transaction device 19 is activated to connect to the system controller 11 via the merchant acquirer 15. Connection between the merchant transaction device 19 and the merchant acquirer 15 uses the PTN 20 to ensure security of transactions therebetween.
Starting at step 201 in FIG. 6a, the merchant fransaction device 19 establishes a connection to the system controller 11. Thereafter, fransaction information for the fransaction is provided to the system controller 11 at step 202. Upon receiving the fransaction information, the system controller 11 then generates a request for the user TD and the password at step 203.
In response to the request, the user then inputs the user TD and the password at the merchant fransaction device 19 at step 204 in FIG. 6b. The user ID and the password is then transmitted back to the system controller 11 from the merchant fransaction device 19. Receiving the user TD and the password, the system controller 11 then determines at decision step 205 whether the user ID and the password matches user information stored at the system controller 11. The system controller 11 in decision step 205 also applies the timeout feature. With a 'No' from decision step 205, the method 200 continues to decision step 206 in which the system controller 11 determines whether there have been three failed attempts to verify the user ID and the password for the user. For a 'Yes' following decision step 206, the system controller 11 terminates the fransaction at step 207. Otherwise, for a 'No' following decision step 206, the method 200 returns to step 204. Returning back to decision step 205, the method 200 continues with a 'Yes' to step 208 at which the system controller 11 sends a transaction code to the user via the wireless portable communication device 16. The system controller 11 randomly generates the fransaction code. Upon receiving the fransaction code in, for example, an SMS, the user then inputs the fransaction code at the merchant fransaction device 19 at step 209. Thereafter, the system controller 11 verifies the fransaction code to determine validity of the user at decision step 210.
With a 'No' following decision step 210, the process 200 continues to decision step 211. At decision step 211, the system controller 11 determines if three failed attempts has occurred or if the predetermined time period has expired. With a 'Yes' from decision step 211, the system controller 11 terminates the transaction at step 212. At step 212, the system controller 11 also notifies the service provider 12 of the terminated fransaction and suspends the user account of the user.
Returning to decision step 210, and upon verification of the fransaction code with a 'Yes', the method 200 continues to step 213 in FIG. 7c. At step 213, the system controller 11 checks credit information of the user to determine, for example, the user's credit limit. Thereafter, at decision step 214, if the credit limit is exceeded, a 'No' is generated and the method 200 continues to step 215. At step 215, the system controller 11 terminates the fransaction and sends a message to the user via the wireless portable communication device 16 to request that the user checks with the service provider 12 on the credit limit. In addition, at step 215, the system controller 11 informs the service provider 12 on the incomplete transaction because of insufficient credit limit.
The method 200 continues with a 'Yes' from decision step 214 to step 216 at which the system controller 11 informs the user that the transaction is approved. Thereafter, at step 217, the system controller 11 sends the wireless portable communication device 16 an SMS to confirm the transaction. With the transaction confirmed, the system controller 11 updates a transaction log at step 218 and updates the merchant server 18 with an approval code for the fransaction at step 219. The method 100 then terminates at step 219.
For decision steps 116 and 214 in the methods 100 and 200, respectively, the credit limit of the user for a purchase is determined based on a rule table defined by the service provider 12. For example, the rule table can define the following: a) Maximum single purchase; b) Domicile of a merchant using an exclusion table; c) Currency of purchase using an exclusion table for foreign exchange controls; d) Purchase limit for shipment to address other than the user's.
It is to be noted that the elecfronic transaction system 10 cannot assist users in evaluating a merchant from with whom they intend to make a purchase. However, merchants who are guilty of any unscrupulous dealings shall not be allowed to continue participating in the elecfronic fransaction system 10.
It is further to be noted that the method 200 can be applied for Internet fransactions. In other words, the elecfronic fransaction system 10 can be configured such that a user of the user fransaction device 17 is required to provide a fransaction code to the system controller 11 using the wireless portable communication device 16. This depends on how much security is desired by users of the elecfronic transaction system 10.
To protect honest and reliable merchants, the elecfronic fransaction system 10 ensures that a user is properly identified and has sufficient credit limit to complete a fransaction. Thus, the elecfronic fransaction system 10 facilitates the two fransactions describe in the methods 100 and 200. The transaction log mentioned in step 120 of the method 100 and step 216 in the method 200 keeps track of all failed attempts to log onto a user account.
The electronic fransaction system 10 as described above provides for global usage as users are not restricted to a physical location when using the wireless portable communication device 16. Furthermore, infrastructure support for the electronic transaction system 10 is at least partly available if the wireless communication system 13 is implemented with existing mobile phone networks having mobile phones with roaming capabilities.
The system controller 11 in the preferred embodiment of the invention can be implemented using a computer program product such as, for example, a computer system 300 as shown in FIG. 8. In particular, the processes 30, 40, 50 and methods 100 and 200 can be implemented as software, or computer readable program code, executing on the computer system 300.
The computer system 300 includes a processor 301, a video display 302, and input devices 303, 304. A communication input/output (I O) signal bus 305 provides for inputs and outputs between the processor 301 and the three PTNs 20,21,22, the wireless communication system 13 and the Internet 14.
The computer system 300 also includes a memory 306 that may include random access memory (RAM) and read-only memory (ROM), input/output (I/O) interfaces 71, 307, a video interface 308, and one or more storage devices generally represented by in FIG. 8 with the storage device 74. The memory 306 can be used to store the transaction code or the identification code when processing a transaction. A common bus 309 links elements of the computer system 300 to provide data fransfers when processing data for transactions.
The video interface 308 is connected to the video display 302 and provides video signals from the computer system 300 for display on the video display 302. User input to operate the computer system 300 can be provided by one or more of the input devices 303,304 via the I/O interface 307. For example, a user of the computer system 300 can use a keyboard as the input device 303 and/or a pointing device such as a mouse as the input device 74. The keyboard and the mouse provide input to the computer system 300. The storage device 74 can consist of one or more of the following: a floppy disk, a hard disk drive, a magneto-optical disk drive, CD-ROM, magnetic tape or any other of a number of non- volatile storage devices well known to those skilled in the art. Each of the elements in the computer system 300 is typically connected to other devices via a bus 81 that in turn can consist of data, address, and control buses.
The processes 30, 40, 50 and methods 100 and 200 are effected by instructions in the software that are carried out by the computer system 300. Again, the software may be implemented as one or more modules for implementing the method steps. That is, the system controller 11 can be a part of a computer readable program code that usually performs a particular function or related functions.
In particular, the software may be stored in a computer readable medium, including the storage device 74. The computer system 300 includes the computer readable medium having such software or program code recorded such that instructions of the software or the program code can be carried out. The use of the computer system 300 preferably effects advantageous apparatuses for validating transactions of the elecfronic fransaction system 10.
The computer system 300 simply provides for illustrative purposes and other configurations can be employed without departing from the scope and spirit of the invention. The foregoing is merely exemplary of the types of computers or computer systems with which the embodiments of the invention may be practised. Typically, the processes 30, 40, 50 and methods 100 and 200 of the embodiments are resident as software or a computer readable program code recorded on a hard disk drive
(generally depicted as the storage device 74) as the computer readable medium, and read and controlled using the system controller 11. Intermediate storage of the program code and media content data and any data fetched from the network may be accomplished using the memory 306, possibly in concert with the storage device 74.
In some instances, the program may be supplied to the user encoded on a
CD-ROM or a floppy disk (both generally depicted by the storage device 74), or alternatively could be read by the user from the network via a modem device connected to the computer system 300. Still further, the computer system 300 can load the software from other computer readable media. This may include magnetic tape, a ROM or integrated circuit, a magneto-optical disk, a radio or infra-red transmission channel between the computer and another device, a computer readable card such as a PCMCIA card, and the Internet and Intranets including email transmissions and information recorded on Internet sites and the like. The foregoing is merely exemplary of relevant computer readable media. Other computer readable media may be practised without departing from the scope and spirit of the invention.
The electronic fransaction system 10 as described in the above preferred embodiment of the invention advantageously overcomes or at least alleviates the disadvantages of conventional elecfronic fransaction systems for validating a fransaction.
In the foregoing description, an electronic fransaction system, a method and a computer program product for validating elecfromc fransactions of users of the electronic transaction system are described. Although a preferred embodiment is described, it shall be apparent to one skilled in the art in view of this preferred embodiment that numerous changes and/or modifications can be made without departing from the scope and spirit of the invention.

Claims

Claims:
1. An elecfronic transaction system for validating a transaction of a user of said elecfronic fransaction system, said elecfronic fransaction system having a system controller, includes:
means for receiving, by said system controller of said elecfronic fransaction system, transaction information and user information from a fransaction device coupled to said system controller, said transaction information and said user information being respectively associated with said fransaction and said user;
means for receiving, by said system controller from a wireless portable communication device associated with said user, at least one identification code associated with said wireless portable commumcation device;
means for verifying, by said a system controller, said at least one identification code and said user information based upon registered information of said user, said registered information being stored in association with said system controller;
and
means for determining, by said controller, whether to validate said fransaction in response to said verifying.
The elecfronic fransaction system as claimed in Claim 1, and further including means for invalidating said fransaction when either said at least one identification code or said user information is not verified.
3. The elecfronic fransaction system as claimed in Claim 1, wherein said determining means includes means for checking credit information ofsaid user, said credit information being stored in association with said system controller.
4. The elecfronic transaction system as claimed in Claim 3, and further including means for validating said transaction based upon said checking.
5. The electronic transaction system as claimed in Claim 4, and further including means for transmitting at least one message to said wireless portable communication device upon validating said fransaction.
The elecfronic transaction system as claimed in Claim 1, wherein said means for receiving said transaction information and said user information includes means for prompting said user to provide at least one input to obtain at least some of said user information.
IX An elecfronic transaction system for validating a fransaction of a user of said electronic transaction system, said electronic transaction system having a system controller, includes:
means for receiving, by said system controller of said electronic transaction system, fransaction information and user information from a transaction device coupled to said system controller, said fransaction information and said user information being respectively associated with said transaction and said user;
means for transmitting, by said system controller to a wireless portable communication device associated with said user, at least one transaction code associated with said transaction;
means for receiving, by said system controller via said fransaction device, said at least one transaction code for verification;
and
means for determining, by said system controller, whether to validate said transaction based upon said verification.
8. The elecfronic fransaction system as claimed in Claim 7, and further including means for invalidating said fransaction when said verification of said at least one transaction code fails.
9. The electronic fransaction system as claimed in Claim 7, wherein said determining means includes means for checking credit information ofsaid user, said credit information being stored in association with said system controller.
10. The elecfronic transaction system as claimed in Claim 9, and further including means for validating said fransaction based upon said checking.
11. The electronic fransaction system as claimed in Claim 10, and further including means for transmitting at least one message to said wireless portable communication device upon validating said fransaction.
12. The electronic transaction system as claimed in Claim 7, wherein said means for receiving said transaction information and said user information includes means for prompting said user to provide at least one input to obtain at least some of said user information.
3. A method for validating a transaction of a user of an electronic transaction system, said method including the steps of:
receiving, by a system controller of said electronic fransaction system, transaction information and user information from a transaction device coupled to said system controller, said transaction information and said user information being respectively associated with said transaction and said user;
receiving, by said system controller from a wireless portable communication device associated with said user, at least one identification code associated with said wireless portable communication device;
verifying, by said a system controller, said at least one identification code and said user information based upon registered information of said user, said registered information being stored in association with said system controller;
and
determining, by said system controller, whether to validate said fransaction based upon said verifying step.
14. The method as claimed in Claim 13, and further including the step of invalidating said fransaction when either said at least one identification code or said user information is not verified.
15. The method as claimed in Claim 13, wherein said deteπnining step includes the step of checking credit information of said user, said credit information being stored in association with said system controller.
16. The method as claimed in Claim 15, and further including the step of validating said fransaction based upon said checking step.
17. The method as claimed in Claim 16, and further including the step of transmitting at least one message to said wireless portable communication device upon validating said fransaction.
18. The method as claimed in Claim 13, wherein said step of receiving said transaction information and said user information includes the step of prompting said user to provide at least one input to obtain at least some of said user information.
19. A method for validating a transaction of a user of an elecfronic transaction system, said method including the steps of:
receiving, by a system controller of said electronic transaction system, transaction information and user information from a transaction device coupled to said system controller, said fransaction information and said user information being respectively associated with said fransaction and said user;
transmitting, by said system controller to a wireless portable communication device associated with said user, at least one transaction code associated with said transaction;
receiving, by said system controller via said transaction device, said at least one transaction code for verification;
and
determining, by said system controller, whether to validate said fransaction based upon said verification.
20. The method as claimed in Claim 19, and further including the step of invalidating said transaction when said verification of said at least one fransaction code fails.
21. The method as claimed in Claim 19, wherein said determining step includes the step of checking credit information ofsaid user, said credit information being stored in association with said system controller.
22. The method as claimed in Claim 21, and further including the step of validating said transaction based upon said checking step.
23. The method as claimed in Claim 22, and further including the step of transmitting at least one message to said wireless portable communication device upon validating said transaction.
24. The method as claimed in Claim 19, wherein said step of receiving said transaction information and said user information includes the step of prompting said user to provide at least one input to obtain at least some of said user information.
5. A computer program product with a computer usable medium having a computer readable program code means embodied therein for validating a transaction of a user of an electronic transaction system having a system controller, said computer program product including:
computer readable program code means for receiving, by said system controller ofsaid elecfronic transaction system, fransaction information and user information from a fransaction device coupled to said system controller, said transaction information and said user information being respectively associated with said transaction and said user;
computer readable program code means for receiving, by said system controller from a wireless portable communication device associated with said user, at least one identification code associated with said wireless portable commumcation device;
computer readable program code means for verifying, by said system controller, said at least one identification code and said user information based upon registered information ofsaid user, said registered information being stored in association with said system controller;
and
computer readable program code means for determining, by said controller, whether to validate said transaction in response to said verifying.
26. The computer program product as claimed in Claim 25, and further including computer readable program code means for invalidating said transaction when either said at least one identification code or said user information is not verified.
27. The computer program product as claimed in Claim 25, wherein said computer readable program code means for determining includes computer readable program code means for checking credit information of said user, said credit information being stored in association with said system controller.
28. The computer program product as claimed in Claim 27, and further including computer readable program code means for validating said transaction based upon said checking.
29. The computer program product as claimed in Claim 28, and further including computer readable program code means for transmitting at least one message to said wireless portable communication device upon validating said fransaction.
30. The computer program product as claimed in Claim 25, wherein said computer readable program code means for receiving said transaction information and said user information includes computer readable "program code means for prompting said user to provide at least one input to obtain at least some of said user information.
1. A computer program product with a computer usable medium having a computer readable program code means embodied therein for validating a transaction of a user of an electronic fransaction system having a system controller, said computer program product including:
computer readable program code means for receiving, by said system controller of said electronic transaction system, fransaction information and user information from a fransaction device coupled to said system controller, said fransaction information and said user information being respectively associated with said transaction and said user;
computer readable program code means for transmitting, by said system controller to a wireless portable communication device associated with said user, at least one fransaction code associated with said fransaction;
computer readable program code means for receiving, by said system controller via said fransaction device, said at least one fransaction code for verification;
and
computer readable program code means for determining, by said controller, whether to validate said fransaction based upon said verification.
32. The computer program product as claimed in Claim 31 , and further including computer readable program code means for invalidating said transaction when said verification ofsaid at least one fransaction code fails.
33. The computer program product as claimed in Claim 31 , wherein said computer readable program code means for determining includes computer readable program code means for checking credit information of said user, said credit information being stored in association with said system controller.
34. The computer program product as claimed in Claim 33, and further including computer readable program code means for validating said fransaction based upon said checking.
35. The computer program product as claimed in Claim 34, and further including computer readable program code means for transmitting at least one message to said wireless portable communication device upon validating said transaction.
36. The computer program product as claimed in Claim 31 , wherein said computer readable program code means for receiving said transaction information and said user information includes computer readable program code means for prompting said user to provide at least one input to obtain at least some ofsaid user information.
PCT/SG2000/000180 2000-05-12 2000-11-03 Electronic transaction system and methods thereof WO2001086539A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2001214291A AU2001214291A1 (en) 2000-05-12 2000-11-03 Electronic transaction system and methods thereof

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US57020700A 2000-05-12 2000-05-12
US09/570,207 2000-05-12

Publications (1)

Publication Number Publication Date
WO2001086539A1 true WO2001086539A1 (en) 2001-11-15

Family

ID=24278699

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SG2000/000180 WO2001086539A1 (en) 2000-05-12 2000-11-03 Electronic transaction system and methods thereof

Country Status (2)

Country Link
AU (1) AU2001214291A1 (en)
WO (1) WO2001086539A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6839692B2 (en) * 2000-12-01 2005-01-04 Benedor Corporation Method and apparatus to provide secure purchase transactions over a computer network
WO2005001725A1 (en) * 2003-06-27 2005-01-06 Tafmo Australia Pty Ltd An electronic transaction system
WO2005031667A1 (en) * 2003-09-19 2005-04-07 Brunet Holding Ag Method for carrying out an electronic transaction
EP1647952A2 (en) * 2002-08-27 2006-04-19 Visa International Service Association Method and system for facilitating payment transactions using access devices
WO2008113093A1 (en) * 2007-03-16 2008-09-25 Txn Pty Ltd Payment transaction system
US8229855B2 (en) 2002-08-27 2012-07-24 Jean Huang Method and system for facilitating payment transactions using access devices

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0367361A2 (en) * 1988-10-31 1990-05-09 Gte Telecommunication Services Incorporated Customer activation system
WO1994011849A1 (en) * 1992-11-11 1994-05-26 Telecom Finland Oy Mobile telephone systems and a method for carrying out financial transactions by means of a mobile telephone system
WO1997045814A1 (en) * 1996-05-24 1997-12-04 Behruz Vazvan Real time system and method for remote purchase payment and remote bill payment transactions and transferring of electronic cash and other required data
GB2319381A (en) * 1996-11-14 1998-05-20 Eastmar Holdings Ltd Transaction processing
EP0848360A1 (en) * 1996-12-11 1998-06-17 BRITISH TELECOMMUNICATIONS public limited company Electronic funds transfer authentication system
WO1998035521A2 (en) * 1997-02-06 1998-08-13 Telefonaktiebolaget Lm Ericsson (Publ) Cellular telephone network support of international mobile station identity (imsi)
WO1998037524A1 (en) * 1997-06-27 1998-08-27 Swisscom Ag Transaction method using a mobile device
WO1998047116A1 (en) * 1997-04-15 1998-10-22 Telefonaktiebolaget Lm Ericsson (Publ) Tele/datacommunications payment method and apparatus
US6039247A (en) * 1997-12-19 2000-03-21 Xico, Inc. Secure, stored-value systems and methods of transferring monetary values in one or more transactions to a specific receiving device

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0367361A2 (en) * 1988-10-31 1990-05-09 Gte Telecommunication Services Incorporated Customer activation system
WO1994011849A1 (en) * 1992-11-11 1994-05-26 Telecom Finland Oy Mobile telephone systems and a method for carrying out financial transactions by means of a mobile telephone system
WO1997045814A1 (en) * 1996-05-24 1997-12-04 Behruz Vazvan Real time system and method for remote purchase payment and remote bill payment transactions and transferring of electronic cash and other required data
GB2319381A (en) * 1996-11-14 1998-05-20 Eastmar Holdings Ltd Transaction processing
EP0848360A1 (en) * 1996-12-11 1998-06-17 BRITISH TELECOMMUNICATIONS public limited company Electronic funds transfer authentication system
WO1998035521A2 (en) * 1997-02-06 1998-08-13 Telefonaktiebolaget Lm Ericsson (Publ) Cellular telephone network support of international mobile station identity (imsi)
WO1998047116A1 (en) * 1997-04-15 1998-10-22 Telefonaktiebolaget Lm Ericsson (Publ) Tele/datacommunications payment method and apparatus
WO1998037524A1 (en) * 1997-06-27 1998-08-27 Swisscom Ag Transaction method using a mobile device
US6039247A (en) * 1997-12-19 2000-03-21 Xico, Inc. Secure, stored-value systems and methods of transferring monetary values in one or more transactions to a specific receiving device

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6839692B2 (en) * 2000-12-01 2005-01-04 Benedor Corporation Method and apparatus to provide secure purchase transactions over a computer network
US8010453B2 (en) 2002-08-27 2011-08-30 Visa U.S.A. Inc. Method and system for facilitating payment transactions using access devices
EP1647952A2 (en) * 2002-08-27 2006-04-19 Visa International Service Association Method and system for facilitating payment transactions using access devices
EP1647952A3 (en) * 2002-08-27 2006-05-10 Visa International Service Association Method and system for facilitating payment transactions using access devices
US7280981B2 (en) 2002-08-27 2007-10-09 Visa U.S.A. Inc. Method and system for facilitating payment transactions using access devices
US7571141B2 (en) 2002-08-27 2009-08-04 Visa U.S.A. Inc. Method and system for facilitating payment transactions using access devices
US7711621B2 (en) 2002-08-27 2010-05-04 Visa U.S.A. Inc. Method and system for facilitating payment transactions using access devices
US8229855B2 (en) 2002-08-27 2012-07-24 Jean Huang Method and system for facilitating payment transactions using access devices
US8924299B2 (en) 2002-08-27 2014-12-30 Visa U.S.A. Inc. Method and system for facilitating payment transactions using access devices
WO2005001725A1 (en) * 2003-06-27 2005-01-06 Tafmo Australia Pty Ltd An electronic transaction system
WO2005031667A1 (en) * 2003-09-19 2005-04-07 Brunet Holding Ag Method for carrying out an electronic transaction
US8756162B2 (en) 2003-09-19 2014-06-17 Google Inc. Method for carrying out an electronic transaction
WO2008113093A1 (en) * 2007-03-16 2008-09-25 Txn Pty Ltd Payment transaction system

Also Published As

Publication number Publication date
AU2001214291A1 (en) 2001-11-20

Similar Documents

Publication Publication Date Title
US7308431B2 (en) System and method of secure authentication and billing for goods and services using a cellular telecommunication and an authorization infrastructure
US7107248B1 (en) System and method of bootstrapping a temporary public-key infrastructure from a cellular telecommunication authentication and billing infrastructure
JP5638046B2 (en) Method and system for authorizing purchases made on a computer network
USRE44513E1 (en) Method and apparatus for performing a credit based transaction between a user of a wireless communications device and a provider of a product or service
RU2427893C2 (en) Method of service server authentication (versions) and method of services payment (versions) in wireless internet
US8898762B2 (en) Payment transaction processing using out of band authentication
US20060089906A1 (en) Method for securing a payment transaction over a public network
AU2012265824B2 (en) A transaction system and method for use with a mobile device
US20090292642A1 (en) Method and system for automatically issuing digital merchant based online payment card
WO2005064503A1 (en) A safe network payment system and safe network payment authentication method
WO2001095204A1 (en) Electronic commerce system and method using credit card
KR20010087564A (en) User authentification system and the method using personal mobile device
KR20020032821A (en) Electronic commerce system of settlements using radio communication equipment and method thereof
US11880840B2 (en) Method for carrying out a transaction, corresponding terminal, server and computer program
WO2001086539A1 (en) Electronic transaction system and methods thereof
KR20050045157A (en) Electronic payment system and method thereof

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase