WO2010001423A1 - Method and system for managing financial transactions - Google Patents

Method and system for managing financial transactions Download PDF

Info

Publication number
WO2010001423A1
WO2010001423A1 PCT/IT2008/000449 IT2008000449W WO2010001423A1 WO 2010001423 A1 WO2010001423 A1 WO 2010001423A1 IT 2008000449 W IT2008000449 W IT 2008000449W WO 2010001423 A1 WO2010001423 A1 WO 2010001423A1
Authority
WO
WIPO (PCT)
Prior art keywords
processing equipment
electronic device
transaction
transactions according
managing
Prior art date
Application number
PCT/IT2008/000449
Other languages
French (fr)
Inventor
Massimo Riorda
Fabio Forno
Alessandro Malgaroli
Elias Sebastiano Giuseppe Carotti
Luca Tagliaferri
Original Assignee
Ooros S.R.L.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ooros S.R.L. filed Critical Ooros S.R.L.
Priority to PCT/IT2008/000449 priority Critical patent/WO2010001423A1/en
Priority to EP08790038A priority patent/EP2316101A1/en
Publication of WO2010001423A1 publication Critical patent/WO2010001423A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3223Realising banking transactions through M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • G06Q20/425Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation

Definitions

  • the present invention regards a method for managing financial transactions ' which employs at least one electronic device associated with the user.
  • the present invention refers, as a non- limiting example, to a method and a system for authorising payments for the purchase of goods and/or services .
  • credit/debit cards can be used on suitable fixed terminals or POS (Point of Sale) at stores and commercial businesses, which allow banking circuit transactions with the possible insertion of a personal code, geared towards the purchase of goods and services, authenticated with a possible signature confirming the transaction.
  • POS Point of Sale
  • credit cards represent an instantaneous authorisation system of payment and clearing of the amount due. Such cards, in fact, do not allow instantaneously transferring money during the transaction, but permit informing the parties involved that a transaction has been authorised and cleared.
  • each credit/debit card has a unique 16-digit identification, an issue date, an expiry date, and a holder.
  • some of these also have a three digit security code, in addition to a copy of the holder signature - the retailer should check such signature for every purchase, but for small transaction amounts this is usually not respected.
  • the debit cards also have a security PIN identification code. It is evident that such unique identifications, the issue dates, expiry dates, names of the holders and possibly the security codes represent sensitive, confidential data of each credit/debit card holder. In fact, from such data it is possible to directly or indirectly trace back to the holder credentials, which are necessary for authorising a payment.
  • Another method provides that the paying ; user can call or send an SMS (Short Message Service) to a payment service provider, specifying the amount to be paid, the telephone number (or e-mail) and other sensitive information of the receiver. Also possibly required is the sending of the unique identification code of the transaction.
  • SMS Short Message Service
  • the data inserted on the portal or transmitted with the telephone call or SMS message are sent to a data processing system of the service provider, which is charged with concluding the transaction by notifying the completed money transfer only to the paying user or also to the receiver.
  • the object of the present invention is that of offering a method for managing financial transactions, in particular for authorising payments, alternative to the conventional methods and which preferably combines ease of use by the users with the security and/or confidentiality required in carrying out the transaction.
  • a method for managing financial transactions as defined by the enclosed claim 1.
  • Preferred embodiments of such method are described by the dependent claims 2-23.
  • a system for managing transactions as defined in claim 24.
  • Figure 1 schematically illustrates a system for managing financial transactions according to one embodiment of the invention
  • Figure 2 schematically illustrates a further embodiment of the system for managing transactions of figure 1;
  • Figure 3 illustrates, by means of a flow diagram, one example of a method foe managing financial transactions according to one embodiment of the invention.
  • FIG. 1 schematically shows a system for managing financial transactions 100 made according to a particular embodiment of the invention.
  • the system 100 comprises a first electronic device 1, a second electronic device 2, a first 3 and a second 4 data processing equipment adapted to communicate by means of a communications network NW.
  • NW is for example the Internet network (IP, internet protocol) or a dedicated network.
  • IP Internet protocol
  • each of such first 3 and second 4 processing equipment is configured to communicate with main data processing equipment 5, which is separate from both of these.
  • the first 1 and the second 2 electronic device can be any one device provided with user interfaces for the insertion and display of data
  • the first electronic device 1 is a portable radio device.
  • the system for managing transactions 100 is employable for the purchase of goods and/or services by a user in possession of such portable radio device 1. For the sake of simplicity, such user will be known as "paying user” or “payer” .
  • the portable device 1 is, for example, a mobile telephone, advantageously, of cellular type, a PDA (Personal Digital Assistant) telephone or any one portable electronic device adapted to receive and transmit messages and operating within a mobile telephone network.
  • a mobile telephone advantageously, of cellular type, a PDA (Personal Digital Assistant) telephone or any one portable electronic device adapted to receive and transmit messages and operating within a mobile telephone network.
  • PDA Personal Digital Assistant
  • the portable device 1 is a cell phone.
  • the cell phone 1 is per se conventional and thus does not require a detailed description.
  • Such phone 1 comprises a transceiver device connected with a respective antenna, a central processing unit adapted to exchange signals bearing information/data with the transceiver device, work and mass memories and a user interface including a display 10 and an alphanumeric keyboard 11.
  • the cell phone 1 is provided with a mobile communication network device (Network Device Communication Object) that is also conventional, i.e. a digital interface which permits the processing unit to suitably dialogue with the mobile telephone network.
  • the mobile telephone network is, for example, a GPRS (General Packet Radio Service) network or a UMTS (Universal Mobile Telecommunications System) network.
  • the cell phone 1 is also equipped with a communication device in wireless technology, in addition to that of the mobile telephone network.
  • the wireless technology employed is WiFi, ZigBee, NFC (Near Field Communication) or, preferably, BlueTooth.
  • a digital memory of the cell phone 1 there is suitable software for implementing financial transactions.
  • Such software can be a Java program, a program especially written for the cell phone 1 or for the operating system of the phone itself.
  • a browser present on the cell phone 1 can be used which displays wml or html pages, or of the other pre-installed software on the phone which permits managing USSD
  • the software module containing the necessary application for implementing the method for managing transactions which will be described below can be automatically installed in the cell phone 1 by means of SMS (Short Message Service) connections to hypermedia addresses which allow a download through GPRS/UMTS/WLAN networks. Such download operation can also be carried out by means of MMS (Multimedia Messaging Service) messages containing the application, limiting the installation and updating problems to a minimum.
  • the second electronic device 2 is an electronic terminal, for example a laptop computer, a desktop computer, an electronic cash register or, preferably, a POS (point of sale) associated with a retailer of goods and/or services. For the sake of simplicity, the retailer of goods and services will be called "paid user" or "paid party" below.
  • Such terminal 2 is schematically represented in figure 1 by means of a laptop computer adapted to receive and transmit messages inside a first network NWl, for example the Internet network (IP) .
  • the electronic terminal 2 comprises a central processing unit adapted to exchange signals bearing information/data with a respective transceiver device, work and mass memories and a user interface including a first display 20 at a first alphanumeric keyboard 21.
  • such electronic terminal 2 comprises a laptop computer connected to a server device of an e- commerce web site.
  • the software application which manages the financial transaction is stored in such server device .
  • the electronic terminal 2 associated with a paid goods retailer user can also be a cell phone analogous to the cell phone 1.
  • the first 3 and second 4 data processing equipment are associated with a first BanA and second BanB bank or credit institute, respectively.
  • the first bank BanA is associated with the paying user and the second bank BanB with the paid user.
  • said first 3 and second 4 processing equipment comprise a first 30 and a second 40 computer server, respectively.
  • Such first/second computer server 30/40 is inside the first/second bank BanA/BanB, i.e. inside the banking circuit, and is configured for:
  • first 30 and second 40 computer server are connected with a further first 31 and a further second 41 computer server, respectively, adapted to support the payment system in accordance with the managing method of the invention.
  • the first 30 and the second 40 computer server are respectively connected to the further first 31 and second 41 computer server by means of a local area network L (LAN) .
  • the first 3 and the second 4 processing equipment comprise software applications that are externally offered by third parties to the first BanA and second BanB .
  • such further first 31 and second 41 computer server are configured for: authenticating the users and communicating with their mobile terminals (cell phone 1) or fixed terminals (POS, laptop computer 2) by means of a plurality of communication systems (fixed Internet or GPRS, WAP or Wireless Application Protocol, SMS) ; communicating with each other and with every other further computer server of other banks making up part of the system for managing financial transactions.
  • such further first 31 and second 41 computer server are configured for communicating with the main processing equipment 5 by means of the network NW.
  • main processing equipment 5 preferably comprises a respective computer server.
  • Each computer server 30, 31, 40, 41 and 5 comprises a central processing unit (microprocessor) adapted to exchange signals bearing information/data with work and mass memories.
  • the main computer server 5 and the further first 31 and second 41 computer servers comprise communication interfaces for exchanging information and data on the network NW with each other.
  • the main computer server 5 and the further first 31 and second 41 computer server are connected to the network NW by means of VPN (Virtual Private Network) networks and by means of Firewall devices, so as to ensure the security of the communications .
  • VPN Virtual Private Network
  • the further second computer server 41 comprises further communications interfaces for transmitting/receiving information and data from the electronic terminal 2 on the first network NWl.
  • the cell phone 1 of the paying user is adapted to communicate with the further first computer server 31 of the first bank BanA through a second network NW2.
  • second network NW2 is the Internet network
  • the cell phone 1 is configured for being connected via GPRS.
  • the cell phone 1 communicates with the further first computer server 31 by means of SMS.
  • the mobile operator is a neutral connectivity provider for the management system 100, i.e. it is not an integral part of the system, but only a service provider.
  • a suitable software is advantageously installed (in a digital memory) in such further first 31 and second 41 computer server, in Java or any other language, for implementing the method for managing financial transactions.
  • such further computer servers 31 and 41 each comprise a local relational data-base for a first identification of the cellular phone 1 and of the electronic terminal 2 associated with the paying user and with the paid party, respectively, which use the service.
  • such further computer servers 31 and 41 store identifications of the paying and paid users, i.e. the username, password or an authentication token which represent the credentials of such users for the service access.
  • the main computer server 5 is configured for generating a payment code or token TO associated with the transaction.
  • token TO is adapted to enable the money transaction by associating the two ends of the transaction, i.e. the payer (cell phone 1) and the paid party (electronic terminal 2) , even if these are registered in different banks.
  • token TO is an alphanumeric code generated in a causal or sequential manner and comprise, for example, 6 digits as shown on the first display 20 of the electronic terminal 2 of figure 1.
  • the token TO has a time duration limited to the completion of the transaction to be carried out (from several dozen seconds to three minutes) and is repeatable over time, i.e.
  • the token TO generated by the main computer server 5 is adapted to be sent to the electronic terminal 2 of the paid user on the first network NWl in order to be displayed on the first display 20.
  • such token TO can be made available to the payer (as represented schematically by the dashed line of figure 1) in order to be typed on the keyboard 11 of the cell phone 1.
  • the electronic terminal 2 is a POS
  • the latter is provided with a printer for printing the token TO, making it available to the payer.
  • the token TO is adapted to be passed from the cell phone 1 to the further first computer server 31 through the second network NW2, in particular by means of an Internet connection.
  • the communication between the cell phone 1 and the further first 31 can provide for the use of specific communication channels of the mobile telephone networks, such as for example Push WAP or USSD for data transmission on the GSM channels.
  • a gateway is provided interposed between the cell phone 1 and the further first computer server 31 of the first bank BanA.
  • Such gateway is configured for translating the messages and associating identifications of the users (userID) with the respective phone numbers.
  • the first network NWl can comprise USSD and gateways for allowing the communication between the electronic terminal 2 and the further second computer server 41.
  • the system 100 of figure 2 comprises a local device 50 for wireless access to a communication network provided by the paid user and associated with the electronic terminal 2.
  • a local device 50 for wireless access to a communication network provided by the paid user and associated with the electronic terminal 2.
  • Such wireless access device 50 is adapted to operate in accordance with the NFC, Bluetooth or WiFi standards .
  • Such wireless access device 50 can advantageously be used for establishing a first communication Cl with the cell phone 1 so as to automatically transfer the token TO from the electronic terminal 2 to the cell phone
  • such wireless connection device 50 can advantageously be used as an access point for allowing the cell phone 1 to be connected by means of the Internet network NWi to the further first computer server 31 of the first bank BanA without using the second network NW2 of the mobile operator.
  • the WiFi communication standard offers direct connectivity to the Internet network, while the NFC and Bluetooth standards can do the same by providing suitable gateways towards the Internet network installed in the same wireless access device 50. Functioning method An example is now illustrated of the method for managing the financial transactions actuated by the system 100. As an example, the desire to carry out a money transfer (payment) between "payer" and "paid party" for the purchase of a good or service is considered.
  • FIG 3 an example is shown of the functioning method, in the form of a flow diagram which involves the elements of the system 100, i.e. the cell phone 1, the electronic terminal 2, the first 30 and the second 40 computer server of the banks, the further first 31 and second 41 computer server and the main computer server 5.
  • the payer and the paid party involved in the financial transaction are already authenticated with the respective further first 31 and further second 41 computer server.
  • the payer is registered at the further first computer server 31 of the system 100 and logs into the service, for example starting the application which lies in the cell phone 1 and typing his/her own username and a password.
  • the login can be completed by means of connection to a personalised link and the insertion of a numeric code
  • IP Internet connectivity
  • Analogous considerations are valid for the paid user enabled to log into the service through the electronic terminal 2. If such electronic terminal 2 is a POS connected via internet, the latter is assumed to be connected to the aforesaid further second computer server 41 by means of the first network NWl. Such connection can be of permanent type or it is established at the time of a financial transaction.
  • the transaction starts at the paid user, but the management method can also start from the paying party, thus resulting symmetrical .
  • the paid party which must receive the payment for the purchase of goods or merchandise sends, through the electronic terminal 2, a start transaction message 51 to the further second computer server 41.
  • Such message 51 comprises the amount to pay and the reason for the transaction to be communicated to the paid party.
  • the further second computer server 41 once it has received the message 51, optionally sends an activation message 52 to the second computer server 40 of the second bank BanB. With such activation message 52, one is asked to open a new transaction, indicating the amount and reason.
  • the second computer server 40 of the second bank BanB stores such data and creates the unique identification UUID associated with the transaction.
  • Such identification UUID will be used for tracing every message during the entire transaction.
  • the identification UUID is therefore sent by means of a reply message 53 to the further second computer server 41.
  • such further second computer server 41 stores the received data in a respective memory (stored for the time necessary for carrying out the transaction) and sends a first activation message 54 to the main computer server 5, requiring the latter to generate the token TO related to the transaction underway.
  • the further second computer server 41 also sends the unique identification UUID to the main server 5 along with possible other data (for example, the identification id of the bank of the recipient, i.e. of the paid party) .
  • the main computer server 5 stores such data and sends a response message 55 comprising the required token TO. It is observed that the main computer server 5 can also store a multiplicity of other optional data depending on the application.
  • the further second computer server 41 communicates the token TO on the first network NWl through a notification message 56 to the electronic terminal 2 of the paid party.
  • the electronic terminal 2 displays the token TO on the related first display 20, for example "FF02752" as shown in figure 1.
  • the same electronic terminal 2 is adapted to transmit, to the cell phone 1 of the payer, the token TO received by means of the wireless access device 50 according to the standard NFC or Bluetooth.
  • the token TO is provided to the payer (ACC step) .
  • the paying user sends, to the further first computer server 31, a third message 57 comprising the token TO displayed on the display 20.
  • the token TO is typed by the payer on the keyboard 11 of the cell phone 1 in order to be sent by means of the suitable application software stored in the phone 1.
  • the payer authorises the further first computer server 31 of the token TO received by the electronic terminal 2 in wireless mode.
  • the further first computer server 31 sends a request 58 to the main computer server 5, inquiring as to which transaction the received token TO makes reference.
  • the main computer server 5 sends a second response message 59 indicating the address of the further second computer server 41 and the unique identification UUID of the transaction.
  • the further first computer server 31 is connected by means of the network NW to the further second computer server 41, by sending a further request 60 in order to pick up the essential data of the transaction identified by the received UUID.
  • the further second computer server 41 sends a third response message 61 including all the data related to the transaction.
  • the further first computer server 31 sends a clearing request 62 to the first computer server 30 of the first bank BanA in order to learn if the operation is cleared.
  • the first computer server 30 sends a clearing message 63 and the further first computer server 31 communicates the transaction data to the cell phone 1 of the payer, requesting confirmation in order to proceed with payment.
  • an authorisation request message 64 is sent to the payer, indicating the amount to be paid, the reason and the recipient.
  • the further first computer server 31 sends a payment order message 66 to the first computer server 30 of the first bank BanA.
  • the further first computer server 31 communicates (message 67) to the further second computer server 41 that the payment has been authorised.
  • the further second computer server 41 communicates to the paid party, with a transaction execution message 68, that the transaction was concluded and also optionally communicates the payer's identification.
  • the electronic terminal 2 of the paid party sends a reception confirmation 69 of the message 68 to the further second computer server 41.
  • Such further second computer server 41 sends a communication 70 to the second computer server 40 inside the second bank BanB indicating that the payment related to the transaction has been authorised.
  • the further second computer server 41 communicates to the further first computer server 31 that the authorisation has been communicated to the paid party (message 71) .
  • the same computer server 31 communicates to the main computer server 5 that the transaction has concluded (message 73) .
  • the method for managing transactions of the invention permits associating payer and paid party through the token TO (i.e. a temporary transaction code), without these having any previous relationship and without communicating to the payer any sensitive data regarding the buyer.
  • the first BanA and second BanB bank exchange the transaction data (the money will be transferred afterward by using normal banking circuits) and send a confirmation message to both the subjects involved in the transaction. In such a manner, both the payer and paid receive confirmation of the completed payment and can securely conclude the purchase .
  • the token TO is an identification code that permits associating the paid party and the payer with a particular payment for the purchase of a good and/or service in a predetermined time interval in which such token remains valid.
  • Such token TO differs from the unique identification code UUID of the transaction.
  • the latter in fact, is a unique code, inside the payment system, comprises numerous alphanumeric digits for ensuring the traceability, it is not recyclable and is generated at the start of the payment for tracing all of the steps of the payment itself.
  • the token TO is rendered visible to the users during the execution of a transaction.
  • the method for managing financial transactions of the present invention has further important advantages with respect to conventional technologies .
  • the fact that the token TO is a simple and short alphanumeric code limits possible typing errors by the payer user and can be easily transmitted by means of a plurality of communication means, for example by means of suitable programs via Internet (both from desktop or laptop computer and from cell phone) , SMS, USSD.
  • the main computer server 5 can, during the process, carry out additional operations related to the payment, for example transaction accounting.
  • the ATM reader is the electronic terminal 2
  • a main computer server 5 is provided connected with the bank BanA for generating the token TO.
  • the withdrawal authorisation method provides that the user inserts his/her own bank card in the ATM.
  • the user is authenticated on the system and the identification of the user (read through the bank card) is sent to the bank BanA.
  • the main computer server 5 generates a token TO related to the withdrawal operation requested by the user to be sent to the bank BanA. Such token TO sent to the ATM is displayed on the screen.
  • the user types the token TO on his/her own cell phone 1 and sends it to the bank BanA, which can thus verify that the token TO displayed by the user corresponds to that generated. When this is verified, it is sufficient to demonstrate that the legitimate holder of the bank card is actually before the ATM device in which the card is inserted.
  • the user does not have to insert the secret code of the card (PIN) in the potentially not-very-secure ATM readers. In other words, the user is protected from devices which spy the PIN.
  • the token TO can be displayed on web pages in order to carry out online purchases. In such case, therefore, there is no electronic terminal 2 of the paid retailer.

Abstract

The invention regards a method for managing financial transactions for authorising a payment for the purchase of goods or services. The method comprises: providing a user with a first electronic device (1) connected with first processing equipment (30, 31); providing a second electronic device (2) connected to second processing equipment (40, 41); providing main processing equipment (5) separate from the first and second processing equipment and connected thereto; the second electronic device (2) sending a transaction start message (51) to the second processing equipment (40, 41); the second processing equipment (40, 41) sending an activation message (54) to the main processing equipment (5); the main processing equipment (5) generating a payment code (TO) related to the transaction configured for associating the transaction to the first and second electronic device; providing the payment code (TO) on the first (l) and on the second (2) electronic device; the user sending the payment code (TO) to the first processing equipment by means of the first electronic device (1) in order to place the first processing equipment in communication with the second processing equipment involved in the transaction.

Description

DESCRIPTION
METHOD AND SYSTEM FOR MANAGING FINANCIAL TRANSACTIONS Field of the invention
The present invention regards a method for managing financial transactions ' which employs at least one electronic device associated with the user. In particular, the present invention refers, as a non- limiting example, to a method and a system for authorising payments for the purchase of goods and/or services .
State of the art
According to conventional financial transaction management modes for the purchase of goods and/or services via telematics, one assumes the use by users of different instruments, such as for example credit/debit cards or magnetic cards .
As is known, credit/debit cards can be used on suitable fixed terminals or POS (Point of Sale) at stores and commercial businesses, which allow banking circuit transactions with the possible insertion of a personal code, geared towards the purchase of goods and services, authenticated with a possible signature confirming the transaction.
In particular, it is observed that credit cards represent an instantaneous authorisation system of payment and clearing of the amount due. Such cards, in fact, do not allow instantaneously transferring money during the transaction, but permit informing the parties involved that a transaction has been authorised and cleared.
As is known, each credit/debit card has a unique 16-digit identification, an issue date, an expiry date, and a holder. In addition, some of these also have a three digit security code, in addition to a copy of the holder signature - the retailer should check such signature for every purchase, but for small transaction amounts this is usually not respected. It is observed that the debit cards also have a security PIN identification code. It is evident that such unique identifications, the issue dates, expiry dates, names of the holders and possibly the security codes represent sensitive, confidential data of each credit/debit card holder. In fact, from such data it is possible to directly or indirectly trace back to the holder credentials, which are necessary for authorising a payment. Therefore, the use of such identifications and data made visible to the public and to retailers represents a critical element of the credit/debit card-based systems, naturally endangering the security of the transactions. Other financial transaction management methods via telematics of known type provide for the use of a portable electronic device, for example a cell phone. In particular, one of such methods provides that a paying user provided with cell phone can access a browser of a service provider to which it is already registered. From the browser, the paying user can send money for the purchase of a good, specifying the amount to pay, the telephone number or e-mail of the payment receiver or other identifying data of the latter. In some cases, it is also required to specify a single identification code of the transaction. In addition, if the recipient solicits payment with a direct message, such payment management modes provide that the payer's sensitive data is specified.
Another method provides that the paying; user can call or send an SMS (Short Message Service) to a payment service provider, specifying the amount to be paid, the telephone number (or e-mail) and other sensitive information of the receiver. Also possibly required is the sending of the unique identification code of the transaction.
In both above-described cases, the data inserted on the portal or transmitted with the telephone call or SMS message are sent to a data processing system of the service provider, which is charged with concluding the transaction by notifying the completed money transfer only to the paying user or also to the receiver.
It is observed that such management methods of the financial transactions have numerous drawbacks . For example, the paying user is required to insert numbers or identification codes which are often long and complex, to provide sensitive data of the payment recipient outside the banking systems. In addition, such methods are linked to Internet connections or calls towards service centres which can also last several minutes, with consequent additional costs for the paying user. Summary of the invention The object of the present invention is that of offering a method for managing financial transactions, in particular for authorising payments, alternative to the conventional methods and which preferably combines ease of use by the users with the security and/or confidentiality required in carrying out the transaction. Such object is achieved by a method for managing financial transactions as defined by the enclosed claim 1. Preferred embodiments of such method are described by the dependent claims 2-23. Also forming the object of the present invention is a system for managing transactions as defined in claim 24. Brief description of the figures
In order to better understand the invention and appreciate it's advantages, several of its exemplifying and non-limiting embodiments are described below with reference to the attached drawings, in which:
Figure 1 schematically illustrates a system for managing financial transactions according to one embodiment of the invention;
Figure 2 schematically illustrates a further embodiment of the system for managing transactions of figure 1;
Figure 3 illustrates, by means of a flow diagram, one example of a method foe managing financial transactions according to one embodiment of the invention.
Description of preferred embodiments System for managing transactions
Figure 1 schematically shows a system for managing financial transactions 100 made according to a particular embodiment of the invention. The system 100 comprises a first electronic device 1, a second electronic device 2, a first 3 and a second 4 data processing equipment adapted to communicate by means of a communications network NW. Such network NW is for example the Internet network (IP, internet protocol) or a dedicated network. Advantageously, each of such first 3 and second 4 processing equipment is configured to communicate with main data processing equipment 5, which is separate from both of these. It is observed that the first 1 and the second 2 electronic device can be any one device provided with user interfaces for the insertion and display of data
(for example, a laptop or desktop computer) and connected to an external service centre in wired or wireless mode. According to a preferred embodiment, the first electronic device 1 is a portable radio device. In addition, the system for managing transactions 100 is employable for the purchase of goods and/or services by a user in possession of such portable radio device 1. For the sake of simplicity, such user will be known as "paying user" or "payer" .
The portable device 1 is, for example, a mobile telephone, advantageously, of cellular type, a PDA (Personal Digital Assistant) telephone or any one portable electronic device adapted to receive and transmit messages and operating within a mobile telephone network. Below, it will be assumed that the portable device 1 is a cell phone.
The cell phone 1 is per se conventional and thus does not require a detailed description. Such phone 1 comprises a transceiver device connected with a respective antenna, a central processing unit adapted to exchange signals bearing information/data with the transceiver device, work and mass memories and a user interface including a display 10 and an alphanumeric keyboard 11.
In particular, the cell phone 1 is provided with a mobile communication network device (Network Device Communication Object) that is also conventional, i.e. a digital interface which permits the processing unit to suitably dialogue with the mobile telephone network. The mobile telephone network is, for example, a GPRS (General Packet Radio Service) network or a UMTS (Universal Mobile Telecommunications System) network. Advantageously, the cell phone 1 is also equipped with a communication device in wireless technology, in addition to that of the mobile telephone network. For example, the wireless technology employed is WiFi, ZigBee, NFC (Near Field Communication) or, preferably, BlueTooth.
Preferably, in a digital memory of the cell phone 1, there is suitable software for implementing financial transactions. Such software can be a Java program, a program especially written for the cell phone 1 or for the operating system of the phone itself. Alternatively, a browser present on the cell phone 1 can be used which displays wml or html pages, or of the other pre-installed software on the phone which permits managing USSD
(Unstructured Supplementary Service Data) and Push WAP. Preferably, the software module containing the necessary application for implementing the method for managing transactions which will be described below can be automatically installed in the cell phone 1 by means of SMS (Short Message Service) connections to hypermedia addresses which allow a download through GPRS/UMTS/WLAN networks. Such download operation can also be carried out by means of MMS (Multimedia Messaging Service) messages containing the application, limiting the installation and updating problems to a minimum. The second electronic device 2 is an electronic terminal, for example a laptop computer, a desktop computer, an electronic cash register or, preferably, a POS (point of sale) associated with a retailer of goods and/or services. For the sake of simplicity, the retailer of goods and services will be called "paid user" or "paid party" below.
Such terminal 2 is schematically represented in figure 1 by means of a laptop computer adapted to receive and transmit messages inside a first network NWl, for example the Internet network (IP) . The electronic terminal 2 comprises a central processing unit adapted to exchange signals bearing information/data with a respective transceiver device, work and mass memories and a user interface including a first display 20 at a first alphanumeric keyboard 21.
Preferably, in a respective digital memory of the aforesaid electronic terminal 2, there is a further software application for the connection to a web browser
\ integratable in other applications or a specific dedicated application for implementing the financial transaction, as will be described below.
Alternatively, such electronic terminal 2 comprises a laptop computer connected to a server device of an e- commerce web site. In such case, the software application which manages the financial transaction is stored in such server device .
It is also observed that the electronic terminal 2 associated with a paid goods retailer user can also be a cell phone analogous to the cell phone 1. In one embodiment, the first 3 and second 4 data processing equipment are associated with a first BanA and second BanB bank or credit institute, respectively. In particular, the first bank BanA is associated with the paying user and the second bank BanB with the paid user. In a preferred embodiment, said first 3 and second 4 processing equipment comprise a first 30 and a second 40 computer server, respectively. Such first/second computer server 30/40 is inside the first/second bank BanA/BanB, i.e. inside the banking circuit, and is configured for:
- managing the sensitive data of its users by keeping such data confidential;
- managing the portfolios of the users according to the modes selected by the bank itself; - managing the financial transactions through the traditional banking circuits, by generating a unique and unrepeatable identification code UUID over time for each transaction and processing all the data related to the transaction in order to manage the actual money transfer;
- verifying the clearing of every payment .
In addition, such first 30 and second 40 computer server are connected with a further first 31 and a further second 41 computer server, respectively, adapted to support the payment system in accordance with the managing method of the invention.
It is observed that the further first 31 and further second 41 computer server are physically separated from the respective first 30 and second 40 computer server and they are found inside the network of the banks BanA and BanB.
In the example of figure 1, it is assumed that the further first' 31 and further second 41 computer server are inside the first BanA and second BanB bank, respectively.
In addition, for example, the first 30 and the second 40 computer server are respectively connected to the further first 31 and second 41 computer server by means of a local area network L (LAN) . Alternatively to such further first 31 and second 41 computer server, the first 3 and the second 4 processing equipment comprise software applications that are externally offered by third parties to the first BanA and second BanB . In particular, such further first 31 and second 41 computer server are configured for: authenticating the users and communicating with their mobile terminals (cell phone 1) or fixed terminals (POS, laptop computer 2) by means of a plurality of communication systems (fixed Internet or GPRS, WAP or Wireless Application Protocol, SMS) ; communicating with each other and with every other further computer server of other banks making up part of the system for managing financial transactions. In addition, such further first 31 and second 41 computer server are configured for communicating with the main processing equipment 5 by means of the network NW. Also such main processing equipment 5 preferably comprises a respective computer server. Each computer server 30, 31, 40, 41 and 5 comprises a central processing unit (microprocessor) adapted to exchange signals bearing information/data with work and mass memories. In addition, the main computer server 5 and the further first 31 and second 41 computer servers comprise communication interfaces for exchanging information and data on the network NW with each other. Preferably the main computer server 5 and the further first 31 and second 41 computer server are connected to the network NW by means of VPN (Virtual Private Network) networks and by means of Firewall devices, so as to ensure the security of the communications .
In addition, the further second computer server 41 comprises further communications interfaces for transmitting/receiving information and data from the electronic terminal 2 on the first network NWl.
It is observed that in the embodiment of the system 100 of figure 1, the cell phone 1 of the paying user is adapted to communicate with the further first computer server 31 of the first bank BanA through a second network NW2. For example, such second network NW2 is the Internet network, and the cell phone 1 is configured for being connected via GPRS. Alternatively, the cell phone 1 communicates with the further first computer server 31 by means of SMS. In both cases, the mobile operator is a neutral connectivity provider for the management system 100, i.e. it is not an integral part of the system, but only a service provider.
In addition, a suitable software is advantageously installed (in a digital memory) in such further first 31 and second 41 computer server, in Java or any other language, for implementing the method for managing financial transactions. In addition, such further computer servers 31 and 41 each comprise a local relational data-base for a first identification of the cellular phone 1 and of the electronic terminal 2 associated with the paying user and with the paid party, respectively, which use the service. For example, such further computer servers 31 and 41 store identifications of the paying and paid users, i.e. the username, password or an authentication token which represent the credentials of such users for the service access.
Advantageously, the main computer server 5 is configured for generating a payment code or token TO associated with the transaction. Such token TO is adapted to enable the money transaction by associating the two ends of the transaction, i.e. the payer (cell phone 1) and the paid party (electronic terminal 2) , even if these are registered in different banks. Preferably, such token TO is an alphanumeric code generated in a causal or sequential manner and comprise, for example, 6 digits as shown on the first display 20 of the electronic terminal 2 of figure 1. In addition, advantageously, the token TO has a time duration limited to the completion of the transaction to be carried out (from several dozen seconds to three minutes) and is repeatable over time, i.e. it can be reused for other user pairs after a predetermined time interval or timeout (for example, 5-10 minutes) or immediately after the conclusion of the transaction in which it was used. In a preferred embodiment, the token TO generated by the main computer server 5 is adapted to be sent to the electronic terminal 2 of the paid user on the first network NWl in order to be displayed on the first display 20. In such a manner, such token TO can be made available to the payer (as represented schematically by the dashed line of figure 1) in order to be typed on the keyboard 11 of the cell phone 1.
Alternatively, if the electronic terminal 2 is a POS, the latter is provided with a printer for printing the token TO, making it available to the payer. Once typed, the token TO is adapted to be passed from the cell phone 1 to the further first computer server 31 through the second network NW2, in particular by means of an Internet connection. Alternatively to the Internet connection, the communication between the cell phone 1 and the further first 31 can provide for the use of specific communication channels of the mobile telephone networks, such as for example Push WAP or USSD for data transmission on the GSM channels.
In such case, it is necessary to employ services provided by the mobile operator, since they are not directly accessible via Internet. For such purposes, a gateway is provided interposed between the cell phone 1 and the further first computer server 31 of the first bank BanA. Such gateway is configured for translating the messages and associating identifications of the users (userID) with the respective phone numbers.
Analogously, also the first network NWl can comprise USSD and gateways for allowing the communication between the electronic terminal 2 and the further second computer server 41.
In reference to figure 2, a further embodiment is shown of the system for managing financial transactions 100. In such figure 2, elements equivalent or analogous to those described in reference to figure 1 are indicated by means of the same numeric references.
In particular, the system 100 of figure 2 comprises a local device 50 for wireless access to a communication network provided by the paid user and associated with the electronic terminal 2. Such wireless access device 50 is adapted to operate in accordance with the NFC, Bluetooth or WiFi standards .
Such wireless access device 50 can advantageously be used for establishing a first communication Cl with the cell phone 1 so as to automatically transfer the token TO from the electronic terminal 2 to the cell phone
1 without such token TO having to be typed by the payer.
In addition, such wireless connection device 50 can advantageously be used as an access point for allowing the cell phone 1 to be connected by means of the Internet network NWi to the further first computer server 31 of the first bank BanA without using the second network NW2 of the mobile operator. In particular, the WiFi communication standard offers direct connectivity to the Internet network, while the NFC and Bluetooth standards can do the same by providing suitable gateways towards the Internet network installed in the same wireless access device 50. Functioning method An example is now illustrated of the method for managing the financial transactions actuated by the system 100. As an example, the desire to carry out a money transfer (payment) between "payer" and "paid party" for the purchase of a good or service is considered. The basic requirement is that both have a digital wallet or e-wallet in a circuit, for example an account in a banking circuit (in the current case, BanA and BanB) which supports the described payment system. In figure 3, an example is shown of the functioning method, in the form of a flow diagram which involves the elements of the system 100, i.e. the cell phone 1, the electronic terminal 2, the first 30 and the second 40 computer server of the banks, the further first 31 and second 41 computer server and the main computer server 5.
It is supposed that the payer and the paid party involved in the financial transaction are already authenticated with the respective further first 31 and further second 41 computer server. In other words, the payer is registered at the further first computer server 31 of the system 100 and logs into the service, for example starting the application which lies in the cell phone 1 and typing his/her own username and a password. Alternatively, the login can be completed by means of connection to a personalised link and the insertion of a numeric code
(PIN) . Both above-indicated steps assume the existence of
Internet connectivity (IP) between the cell phone 1 and the further first computer server 31. Without such connectivity, USSD, Push WAP and SMS are employed.
Analogous considerations are valid for the paid user enabled to log into the service through the electronic terminal 2. If such electronic terminal 2 is a POS connected via internet, the latter is assumed to be connected to the aforesaid further second computer server 41 by means of the first network NWl. Such connection can be of permanent type or it is established at the time of a financial transaction.
In addition, as an example it is assumed that the transaction starts at the paid user, but the management method can also start from the paying party, thus resulting symmetrical .
In an initial step of the method (200) , the paid party which must receive the payment for the purchase of goods or merchandise sends, through the electronic terminal 2, a start transaction message 51 to the further second computer server 41. Such message 51 comprises the amount to pay and the reason for the transaction to be communicated to the paid party. The further second computer server 41, once it has received the message 51, optionally sends an activation message 52 to the second computer server 40 of the second bank BanB. With such activation message 52, one is asked to open a new transaction, indicating the amount and reason.
The second computer server 40 of the second bank BanB stores such data and creates the unique identification UUID associated with the transaction. Such identification UUID will be used for tracing every message during the entire transaction. The identification UUID is therefore sent by means of a reply message 53 to the further second computer server 41.
In a subsequent activation step (250) , such further second computer server 41 stores the received data in a respective memory (stored for the time necessary for carrying out the transaction) and sends a first activation message 54 to the main computer server 5, requiring the latter to generate the token TO related to the transaction underway. In addition, in the first message 54, the further second computer server 41 also sends the unique identification UUID to the main server 5 along with possible other data (for example, the identification id of the bank of the recipient, i.e. of the paid party) . The main computer server 5 stores such data and sends a response message 55 comprising the required token TO. It is observed that the main computer server 5 can also store a multiplicity of other optional data depending on the application. At this point, the further second computer server 41 communicates the token TO on the first network NWl through a notification message 56 to the electronic terminal 2 of the paid party. The electronic terminal 2 displays the token TO on the related first display 20, for example "FF02752" as shown in figure 1.
Alternatively, in reference to the system of figure 2, the same electronic terminal 2 is adapted to transmit, to the cell phone 1 of the payer, the token TO received by means of the wireless access device 50 according to the standard NFC or Bluetooth.
In such a manner, the token TO is provided to the payer (ACC step) .
In a subsequent verification step (300) , the paying user sends, to the further first computer server 31, a third message 57 comprising the token TO displayed on the display 20. For example, the token TO is typed by the payer on the keyboard 11 of the cell phone 1 in order to be sent by means of the suitable application software stored in the phone 1. Alternatively, in reference to figure 2, the payer authorises the further first computer server 31 of the token TO received by the electronic terminal 2 in wireless mode.
The further first computer server 31 sends a request 58 to the main computer server 5, inquiring as to which transaction the received token TO makes reference.
The main computer server 5 sends a second response message 59 indicating the address of the further second computer server 41 and the unique identification UUID of the transaction.
In a dialogue step between banks (350) , the further first computer server 31 is connected by means of the network NW to the further second computer server 41, by sending a further request 60 in order to pick up the essential data of the transaction identified by the received UUID.
Following such request, the further second computer server 41 sends a third response message 61 including all the data related to the transaction. Thus, the further first computer server 31 sends a clearing request 62 to the first computer server 30 of the first bank BanA in order to learn if the operation is cleared.
The first computer server 30 sends a clearing message 63 and the further first computer server 31 communicates the transaction data to the cell phone 1 of the payer, requesting confirmation in order to proceed with payment.' In particular, an authorisation request message 64 is sent to the payer, indicating the amount to be paid, the reason and the recipient.
In a subsequent authorisation and closure step
(400) , once the payer authorises the payment (message
65) , the further first computer server 31 sends a payment order message 66 to the first computer server 30 of the first bank BanA.
In addition, the further first computer server 31 communicates (message 67) to the further second computer server 41 that the payment has been authorised.
The further second computer server 41 communicates to the paid party, with a transaction execution message 68, that the transaction was concluded and also optionally communicates the payer's identification.
The electronic terminal 2 of the paid party sends a reception confirmation 69 of the message 68 to the further second computer server 41.
Such further second computer server 41 sends a communication 70 to the second computer server 40 inside the second bank BanB indicating that the payment related to the transaction has been authorised. The further second computer server 41 communicates to the further first computer server 31 that the authorisation has been communicated to the paid party (message 71) .
Finally, in a closure step of the transaction (450) , such further first computer server 31 communicates
(message 72) to the payer that the transaction is closed.
Analogously, the same computer server 31 communicates to the main computer server 5 that the transaction has concluded (message 73) . Advantageously, the method for managing transactions of the invention permits associating payer and paid party through the token TO (i.e. a temporary transaction code), without these having any previous relationship and without communicating to the payer any sensitive data regarding the buyer. Indeed, once the payment is authorised by the payer, the first BanA and second BanB bank exchange the transaction data (the money will be transferred afterward by using normal banking circuits) and send a confirmation message to both the subjects involved in the transaction. In such a manner, both the payer and paid receive confirmation of the completed payment and can securely conclude the purchase .
It is observed that the token TO is an identification code that permits associating the paid party and the payer with a particular payment for the purchase of a good and/or service in a predetermined time interval in which such token remains valid.
Such token TO differs from the unique identification code UUID of the transaction. The latter, in fact, is a unique code, inside the payment system, comprises numerous alphanumeric digits for ensuring the traceability, it is not recyclable and is generated at the start of the payment for tracing all of the steps of the payment itself. In addition, unlike the unique identification code UUID, the token TO is rendered visible to the users during the execution of a transaction.
The method for managing financial transactions of the present invention has further important advantages with respect to conventional technologies .
Indeed, the fact that the token TO is a simple and short alphanumeric code limits possible typing errors by the payer user and can be easily transmitted by means of a plurality of communication means, for example by means of suitable programs via Internet (both from desktop or laptop computer and from cell phone) , SMS, USSD.
In addition, throughout the transaction, confidential payer and paid party data does not circulate. Therefore, the privacy and sensitive data (like the password) of the system users are protected. In addition, as a further guarantee of security and privacy, no direct message related to the transaction is exchanged between the paid party and the payer, but everything takes place through the first BanA and the second BanB bank. The actual transaction only involves the computer servers 30, 31, 40, 41 of the banks, in addition to the cell phone 1 and the electronic terminal 2. No data pertaining to the payment exits from the banking circuit or is communicated to the main computer server 5. In fact, the latter only comes into play in the initial step of the method, in order to permit the banks to place themselves in contact with each other.
Optionally, the main computer server 5 can, during the process, carry out additional operations related to the payment, for example transaction accounting.
It is observed that the passage through the banks permits verifying the financial availability of the payer in real time, without however communicating any confidential data of the payer. In addition, the theft or interception of the token TO does not compromise the transaction, this being an instrument for associating payer and paid party. Every money transaction must always be authorised before being carried out . Alternative applications The method for managing transactions employing the token TO of the invention can be advantageously applied for authorising money withdrawal at ATMs (Automated
Teller Machine) or payments at POS, by means of credit card.
For example, the withdrawal of money at an ATM reader can be similar to a payment in which: the paid party is the same bank associated with the withdrawing user provided with cell phone 1 (i.e. BanA=BanB) ; the ATM reader is the electronic terminal 2 ; a main computer server 5 is provided connected with the bank BanA for generating the token TO.
In such case, the withdrawal authorisation method provides that the user inserts his/her own bank card in the ATM. In such a manner, the user is authenticated on the system and the identification of the user (read through the bank card) is sent to the bank BanA.
At this point, the main computer server 5 generates a token TO related to the withdrawal operation requested by the user to be sent to the bank BanA. Such token TO sent to the ATM is displayed on the screen.
Then, the user types the token TO on his/her own cell phone 1 and sends it to the bank BanA, which can thus verify that the token TO displayed by the user corresponds to that generated. When this is verified, it is sufficient to demonstrate that the legitimate holder of the bank card is actually before the ATM device in which the card is inserted. Advantageously, in such a manner, the user does not have to insert the secret code of the card (PIN) in the potentially not-very-secure ATM readers. In other words, the user is protected from devices which spy the PIN.
In addition, the token TO can be displayed on web pages in order to carry out online purchases. In such case, therefore, there is no electronic terminal 2 of the paid retailer.
In addition, it is possible for a payer to insert, in the authorisation mechanism, a secret PIN code for protecting payments beyond a certain threshold, or to ensure the user in case of cell phone theft.
From the described embodiments, one infers how the teachings of the invention permit making a system and a method for managing financial transactions for the purchase of goods and services which has: simplicity of use; versatility; simplicity of integration with third party platforms; technological stability; transparent management and security of the transactions.
Regarding the embodiments of the management method and related system described above, a man skilled in the art, in order to satisfy contingent needs, can make modifications, adaptations and substitutions of elements with other functional equivalent elements, without departing from the scope of the following claims. Each of the characteristics described as belonging to a possible embodiment can be made independent of the other described embodiments .
*** * ***

Claims

1. Method for managing financial transactions for authorising a payment for the purchase of goods or services, comprising: - providing a user with a first electronic device (1) connected with first processing equipment (30, 31) ; providing a second electronic device (2) connected to second processing equipment (40, 41); providing main processing equipment (5) separate from said first and second processing equipment and connected thereto; one from among said first (1) and second (2) electronic devices sending a transaction start message (51) to the respective first (30, 31) or second (40, 41) processing equipment; said first or second (40, 41) processing equipment activating said main processing equipment (5) ; said main processing equipment (5) generating a payment code (TO) related to the transaction configured for associating the transaction to said first and second electronic device; ^ providing said payment code (TO) on the first (1) and on the second (2) electronic device; the user sending the payment code (TO) to the first processing equipment by means of the first electronic device (1) , in order to place said first processing equipment in communication with the second processing equipment involved in the transaction.
2. Method for managing transactions according to claim 1, wherein said payment code (TO) is an alphanumeric code generated in a causal or sequential manner.
3. Method for managing transactions according to claim 1 or 2 , wherein said payment code (TO) has a time duration limited to the transaction to be carried out and is repeatable over time.
4. Method for managing transactions according to claim 1, wherein said step of providing the payment code (TO) on the second (2) electronic device comprises the further steps of: - said second processing equipment (40, 41) sending, on a first communication network (NWl) , a notification message (56) to said second electronic device (2) comprising said payment code (TO) ; displaying said payment code on a display (20) of the second electronic device (2) .
5. Method for managing transactions according to claim 4, wherein said step of providing the payment code (TO) on the first (1) electronic device comprises the step of the user typing the payment code (TO) displayed on the display (20) of the second electronic device (2) by means of a keyboard (11) of the first electronic device.
6. Method for managing transactions according to claim 4, wherein said step of providing the payment code (TO) on the first (1) electronic device comprises the step of said second electronic device (2) transmitting the received payment code (TO) by means of a wireless access device (50) operating in accordance with a NFC or Bluetooth standard.
7. Method for managing transactions according to claim 5, further comprising a step of sending, to the first processing equipment (30, 31) , the payment code (TO) typed on the first electronic device (1) by means of a first message (57) sent on a second communication network (NW2) .
8. Method for managing transactions according to claim 6 and 7, wherein said step of the first electronic device (1) sending the payment code (TO) to the first processing equipment (30, 31) comprises a step of the user authorising the sending of the code received by the second electronic device (2) in wireless mode.
9. Method for managing transactions according to claim 1, comprising the further steps of: the first processing equipment (30, 31) sending, on a communication network (NW) , a request (58) to the main processing equipment (5) for identifying the transaction associated with the received payment code (TO) ; the main processing equipment (5) sending a response message (59)" to the first processing equipment, indicating the address of the second processing equipment (40, 41) and a unique identification UUID of the transaction; establishing communication between the first and the second processing equipment by means of the network (NW) for exchanging the transaction-related data.
10. Method for managing transactions according to claim
9, comprising the further steps of: the first processing equipment (30, 31) sending the transaction data to the first electronic device (1) in order to request a confirmation for proceeding with the payment ; the user authorising the payment by means of a further message (65) ; the first processing equipment sending a payment authorisation confirmation message (67) to the second processing equipment (40, 41) .
11. Method for managing transactions according to claim
10, wherein the data of the transaction comprises: an amount to be paid, a reason and a name of the payment recipient .
12. Method for managing transactions according to claim 1, wherein the first electronic device (1) is a portable radio device.
13. Method for managing transactions according to claim 12, wherein said portable radio device (1) is a cell phone, a PDA phone or any other portable electronic device adapted to receive and transmit messages and operating inside a mobile telephone network.
14. Method for managing transactions according to claim 12, wherein said portable radio device (1) is provided with a wireless communication device operating in WiFi, ZigBee, NFC, BlueTooth technology.
15. Method for managing transactions according to claim 12, wherein said portable radio device (1) comprises a digital memory for storing: a Java program, a program suitably written for the portable radio device or for the operating system of said device, a pre-installed software on the radio device which allows managing USSD (Unstructured Supplementary Service Data) and Push WAP.
16. Method for managing transactions according to claim 1, wherein said second electronic device (2) is a laptop computer, a desktop computer, an electronic cash register, a POS, cell phone or an ATM reader.
17. Method for managing transactions according to claim 16, wherein said second electronic device comprises a further digital memory for storing a further software application for connecting with a web browser integratable in other applications or a dedicated application for managing the financial transaction.
18, Method for managing transactions according to claim 17, wherein said second electronic device (2) comprises a laptop computer connected to a server device of an e- commerce web site, a software application for managing the financial transaction being stored in such server device.
19. Method for managing transactions according to claim 1, wherein said first (30, 31) and second (40, 41) processing equipment comprise a first (30) and a second
(40) computer server, respectively, said first computer server being inside a first bank (BanA) and said second computer server being inside a second bank (BanB) .
20. Method for managing transactions according to claim
19, wherein said first (30, 31) and second (40, 41) processing equipment further comprise a further first
(31) and a further second (41) computer server connected to said first and said second computer server, respectively, for supporting the payment system.
21. Method for managing transactions according to claim
20, wherein said further first (31) and further second
(41) computer server are physically separated from the respective first (30) and second (40) computer servers and are situated inside a network of the first (BanA) and second (BanB) bank.
22. Method for managing transactions according to claim 19, wherein the first (3) and the second (4) processing equipment comprise software applications externally offered by third parties to the first (BanA) and second (BanB) bank.
23. Method for managing transactions according to claim 1, wherein the first (1) and the second (2) electronic device communicate with said first (30, 31) and second (40, 41) processing equipment by means of the Internet network or through connections provided by mobile phone networks such as Push WAP and USSD.
24. System (100) for managing financial transactions for the purchase of goods and services, comprising: a first electronic device (1) associated with a user connected to first processing equipment (30, 31) ; a second electronic device (2) connected to second processing equipment (40, 41) ; - main processing equipment (5) separate from said first and second processing equipment and connected thereto; the management system, the processing equipment, the first and second electronic devices being configured so to achieve the method described by at least one of the preceding claims .
PCT/IT2008/000449 2008-07-04 2008-07-04 Method and system for managing financial transactions WO2010001423A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/IT2008/000449 WO2010001423A1 (en) 2008-07-04 2008-07-04 Method and system for managing financial transactions
EP08790038A EP2316101A1 (en) 2008-07-04 2008-07-04 Method and system for managing financial transactions

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IT2008/000449 WO2010001423A1 (en) 2008-07-04 2008-07-04 Method and system for managing financial transactions

Publications (1)

Publication Number Publication Date
WO2010001423A1 true WO2010001423A1 (en) 2010-01-07

Family

ID=40342226

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IT2008/000449 WO2010001423A1 (en) 2008-07-04 2008-07-04 Method and system for managing financial transactions

Country Status (2)

Country Link
EP (1) EP2316101A1 (en)
WO (1) WO2010001423A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012041781A1 (en) * 2010-09-30 2012-04-05 Moqom Limited Fraud prevention system and method using unstructured supplementary service data (ussd)
ITRM20110070A1 (en) * 2011-02-16 2012-08-17 Hideea S R L ANONYMOUS AUTHENTICATION METHOD FOR THE USE OF A SERVICE
EP2595104A1 (en) * 2011-11-17 2013-05-22 Deutsche Post AG Electronic transaction method
EP2779682A3 (en) * 2013-03-11 2015-04-15 Nagravision S.A. Method for acquiring access rights to a product or a service and system for implementing this method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1065634A1 (en) * 1999-07-02 2001-01-03 Mic Systems System and method for performing secure electronic transactions over an open communication network
US20010037264A1 (en) * 2000-04-26 2001-11-01 Dirk Husemann Payment for network-based commercial transactions using a mobile phone
WO2002091144A1 (en) * 2001-04-18 2002-11-14 Roman Dzamko Method of secure transactions by means of two public networks
US20070271192A1 (en) * 2003-09-19 2007-11-22 Brunet Holding Ag Method for Carrying Out an Electronic Transaction

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1065634A1 (en) * 1999-07-02 2001-01-03 Mic Systems System and method for performing secure electronic transactions over an open communication network
US20010037264A1 (en) * 2000-04-26 2001-11-01 Dirk Husemann Payment for network-based commercial transactions using a mobile phone
WO2002091144A1 (en) * 2001-04-18 2002-11-14 Roman Dzamko Method of secure transactions by means of two public networks
US20070271192A1 (en) * 2003-09-19 2007-11-22 Brunet Holding Ag Method for Carrying Out an Electronic Transaction

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012041781A1 (en) * 2010-09-30 2012-04-05 Moqom Limited Fraud prevention system and method using unstructured supplementary service data (ussd)
ITRM20110070A1 (en) * 2011-02-16 2012-08-17 Hideea S R L ANONYMOUS AUTHENTICATION METHOD FOR THE USE OF A SERVICE
EP2595104A1 (en) * 2011-11-17 2013-05-22 Deutsche Post AG Electronic transaction method
WO2013072341A1 (en) * 2011-11-17 2013-05-23 Deutsche Post Ag Electronic transaction method
CN103946881A (en) * 2011-11-17 2014-07-23 德国邮政股份公司 Electronic transaction method
AU2012338907B2 (en) * 2011-11-17 2017-09-28 Deutsche Post Ag Electronic transaction method
US10032155B2 (en) 2011-11-17 2018-07-24 Deutsche Post Ag Electronic transaction method
EP2779682A3 (en) * 2013-03-11 2015-04-15 Nagravision S.A. Method for acquiring access rights to a product or a service and system for implementing this method

Also Published As

Publication number Publication date
EP2316101A1 (en) 2011-05-04

Similar Documents

Publication Publication Date Title
US7014107B2 (en) Wireless payment processing system
JP4525556B2 (en) Settlement system, transaction management server, settlement method used for them, and program thereof
US7069001B2 (en) Method for supporting cashless payment
AU2004250444B2 (en) Method for authorising mandates of payment by credit cards and related apparatuses
US20030191945A1 (en) System and method for secure credit and debit card transactions
US20150046330A1 (en) Transaction processing system and method
NZ535428A (en) System and method for secure credit and debit card transactions using dynamic random CVV2 code to mobile communications device
EP1914675A1 (en) Electronic settlement system, method therefor, settlement server used therein, communication terminal, and program
CN104112196A (en) Electronic System For Provision Of Banking Services
CN109242468A (en) System and method for dynamic temporary payments authorization in portable communication device
JP2004509409A (en) Ways to secure transactions on computer networks
RU2263347C2 (en) Method for performing transactions of users of mobile communication devices and computerized cashless transaction system for realization of said method
US20160125407A1 (en) Systems and Methods for Secure Remote Payments
US20140365364A1 (en) Method of payment for a product or a service on a commercial site through an internet connection and a corresponding terminal
KR20010100380A (en) Method and apparatus for paying a charge of goods or service using a mobile phone
GB2496595A (en) Smart phone payment application using two-dimensional barcodes
WO2008015637A2 (en) Mobile payment method and system
WO2009064160A1 (en) System for electronic commerce transactions, portable electronic communications device, communications network, computer program product and method thereof
KR100822985B1 (en) System for Processing Payment by Using Nickname
EP2316101A1 (en) Method and system for managing financial transactions
JP2011044151A (en) Method and system for safe payment by portable terminal
CA2475275C (en) Wireless data processing system for credit payment
KR20050106795A (en) Method and system for providing on-line credit card payment confirmation service by using short message
KR100928412B1 (en) Payment processing system using virtual merchant network
KR20140038698A (en) Method and system for credit payment by credit card which used a radio communication terminal

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08790038

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2008790038

Country of ref document: EP