DEVICE INCLUDING USER EXCLUSIVE DATA TAG
A consumer device is disclosed. The device comprises a body, and a memory comprising a computer readable medium disposed on or within the body. The computer readable medium comprises user exclusive data tag, which can be placed in a user exclusive data tag.
This application claims priority to and is a non-provisional of U.S. provisional patent application No. 61/048,814, filed on Apr. 29, 2008, which is incorporated herein by reference in its entirety for all purposes.
BACKGROUNDA traditional payment process utilizing a bank issued payment card includes the reading of data from a contactless payment card in the form of track data. An authorization request message including the data from the contactless payment card is thereafter generated by an access device. This authorization request message is then sent to the issuer of the contactless payment card. Other transaction information including an indicator of the type of transaction (e.g., contactless) and the amount of the transaction is also included in the authorization request message. After the issuer receives the authorization request message, the issuer sends an authorization response message back to the merchant with an immediate authorization or decline of the transaction at the time of the purchase based on the issuer's rules for authorization. This is considered an on-line transaction.
While traditional payment processes such as these are useful, improved services and improved functionality in the context of payment transactions would also be desirable.
Embodiments of the invention address these and other problems, individually and collectively.
BRIEF SUMMARYEmbodiments of the invention are directed to consumer devices, methods, and systems that use user exclusive data tags such as customer exclusive data tags in transactions such as purchase transactions.
One embodiment of the invention is directed to a consumer device comprising: a body; and a memory comprising a computer readable medium disposed on or within the body, the computer readable medium comprising user exclusive data, wherein the user exclusive data is configured to be transmitted in an authorization request message comprising the user exclusive data in a user exclusive data tag.
Another embodiment of the invention is directed to a method comprising: receiving, at a server computer, an authorization request message comprising user exclusive data in a user exclusive data tag, wherein the user exclusive data was previously stored in a consumer device; analyzing the authorization request message; and performing additional processing based on the user exclusive data.
Another embodiment of the invention a method comprising: obtaining a consumer device comprising a body, and a memory comprising a computer readable medium disposed on or within the body, the computer readable medium comprising user exclusive data; and using the consumer device to interact with an access device, wherein the access device thereafter generates and sends an authorization request message comprising a user exclusive data tag comprising the user exclusive data to an issuer associated with the portable consumer device.
Embodiments of the invention are directed to specific combinations of these different aspects, as well as specific embodiments related to those specific aspects.
As technology improves over time, so does the opportunity to include new data to be recognized within a payment processing network, or other suitable network. This new data, which may be alpha and/or numeric, may have various forms depending upon the particular services to be provided. For example, user data may be defined by the issuer of a portable consumer device and may be specific to their own implementation, and/or may be standardized for use by any network node or authorized service provider. The data may be static and personalized onto the portable consumer device prior to issuance. Alternatively or additionally, it may be dynamic and placed into a data tag by a portable consumer device based on point of sale parameters. It may be permanently encoded in a memory in a portable consumer device such as a card, or may be changed by the cardholder after issuance of the card.
These services provided after analyzing the data could also be provided by the merchant, payment processing organization, acquirer, or other third party on behalf of the issuer. This data may be provided in the clear and may be directly visible by any of the nodes in the system or may be encrypted and visible by only those that understand the encryption techniques (typically the issuer). Encryption techniques may include symmetric (DES, 3DES) or asymmetric (AES or public key infrastructure—PKI) encryption techniques. Encryption techniques may be global and applied across all portable consumer devices utilizing master keys, or may utilize unique derivation keys for each portable consumer device or groups of portable consumer devices
Embodiments of the invention involve the use of a supplementary data field as a vehicle for providing additional data in the authorization request messages from a point of sale to an issuer. The supplementary data field may be Field 55 as defined in Visa Contactless Payment Specification. The supplementary data (i.e., the user specific data) in the supplementary data field can be used for a variety of new services that can enhance traditional transactions.
Embodiments of the invention include the use of data tags, assigned or enhanced, to be sent in the supplementary data field, for the purpose of moving additional data in authorization request messages. Exemplary data tags may include a user exclusive data tag and a form factor indicator tag. The user exclusive data tag can be a customer exclusive data tag. The data within these tags may be utilized alone or together, and in the clear or encrypted.
A “data tag” may include one or more data elements in any suitable form and typically includes at least a tag identifier element and a value element. In some embodiments, a data tag may include a tag identifier element, a length element, and a value element. The tag identifier element may be embodied by one or more characters, which indicate a characteristic of the data tag. For example, a customer exclusive data tag identifier element may indicate that its corresponding data tag is related to data that is specifically associated with the consumer. A length element may indicate the length of the value element in the data tag, or could indicate the length of the data tag itself. For example, a length element, which has the value “4” may indicate that the value element may have four characters. The length element advantageously indicates the size of its corresponding value element so that a computer apparatus that reads the data tag will know how large the data tag will be. Lastly, a value element can be a substantive value associated with the data tag. For example, a consumer's phone number could be a substantive value and can be an example of user exclusive data or customer exclusive data. As an illustration, a data tag including a customer's phone number might be 99105555555. “99” might be a tag identifier element indicating a phone number. “10” might be an indication of the length of the value. “5555555555” might be a value corresponding to a phone number.
In embodiments of the invention, the payment process can include the reading of additional data from a contactless portable consumer device, or other type of consumer device, in the form of data tags from the portable consumer device. This additional data can be included in a supplementary data field such as Field 55. Additional transaction information can be included in the authorization request message to the issuer and can be utilized at any node of the system to provide new services (i.e. used by the merchant, acquirer, payment processing organization, issuer, or other third party service providers). The issuer may provide additional services in addition to the returning of the traditional authorization or decline of the transaction at the time of the purchase.
Embodiments of the invention include the use of a user exclusive data tag. The user exclusive data tag may include user exclusive data. More specifically, the user exclusive data tag may be a customer exclusive data tag. Many of the specific examples below describe the use of customer exclusive data tags and customer exclusive data. It is understood that the users of embodiments of the invention need not be strictly customers that purchase goods and services at a merchant.
User exclusive data (or customer exclusive data) may be in any suitable form. User exclusive data may relate to a characteristic of a portable consumer device that the user is using (e.g., a phone number associated with a having a payment function), or may relate to a characteristic (e.g., the consumer's annual income) or preferences (e.g., a preference for receiving alerts when transactions are conducted) of the consumer. Typically, the user exclusive data is uniquely associated with the particular user (e.g., a consumer). The types of services that can be produced after analyzing the user exclusive data may include rewards, authentication, risk analysis, etc. Further, the user exclusive data may correspond to the “value element” in the tag that is described above.
A “customer exclusive data tag” may be used to include customer exclusive data. Customer exclusive data may be personalized on the portable consumer device prior to issuance and/or derived by the device at the point of sale and placed into this data tag in advance of point of sale authorization. The contents of this tag are then forwarded from the point of sale to the issuer, via a payment processing network, in the supplementary data field as part of an authorization request message.
Table 1 has samples of the types of data that may be included in the customer exclusive data tag. Information from this table, supplied within the authorization request message to the issuer, may be useful to service providers such as merchants, payment processing organizations and card issuers for a variety of purposes. Below are some example business uses for this data.
Exemplary systems and methods using these data tags are provided below.
I. Exemplary Systems
A system according to an embodiment of the invention is shown in
As used herein, an “issuer” is typically a business entity (e.g., a bank) which maintains financial accounts for the consumer and often issues a portable consumer device such as a credit or debit card to the consumer. A “merchant” is typically an entity that engages in transactions and can sell goods or services. An “acquirer” is typically a business entity (e.g., a commercial bank) that has a business relationship with a particular merchant or other entity. Some entities can perform both issuer and acquirer functions. Embodiments of the invention encompass such single entity issuer-acquirers.
In
The consumer devices according to embodiments of the invention may be in any suitable form. In some embodiments, the consumer devices are portable in nature and may be portable consumer devices. Suitable portable consumer devices can be hand-held and compact so that they can fit into a consumer's wallet and/or pocket (e.g., pocket-sized). They may include smart cards, ordinary credit or debit cards (with a magnetic strip and without a microprocessor), keychain devices (such as the Speedpass™ commercially available from Exxon-Mobil Corp.), etc. Other examples of portable consumer devices include cellular phones, personal digital assistants (PDAs), pagers, payment cards, security cards, access cards, smart media, transponders, and the like. The portable consumer devices can also be debit devices (e.g., a debit card), credit devices (e.g., a credit card), or stored value devices (e.g., a stored value card).
Each consumer device may comprise a body, and a memory comprising a computer readable medium disposed on or within the body. The computer readable medium may comprise code for a form factor indicator element coupled to the body. The form factor indicator element may be in a form factor indicator tag. The computer readable medium may also comprise code for one or more customer exclusive data tags (described above). In addition, the consumer device may also include a processor coupled to the memory, where greater functionality and/or security are desired.
Other types of consumer devices may include devices that are not generally carried by consumers to make purchases. An example of a consumer device of this type may be a desktop computer terminal.
The payment processing network 26 may include data processing subsystems, networks, and operations used to support and deliver authorization services, exception file services, and clearing and settlement services. An exemplary payment processing network may include VisaNet™. Payment processing networks such as VisaNet™ are able to process credit card transactions, debit card transactions, and other types of commercial transactions. VisaNet™, in particular, includes a VIP system (Visa Integrated Payments system) which processes authorization requests and a Base II system which performs clearing and settlement services.
The payment processing network 26 may include a server computer. A server computer is typically a powerful computer or cluster of computers. For example, the server computer can be a large mainframe, a minicomputer cluster, or a group of servers functioning as a unit. In one example, the server computer may be a database server coupled to a Web server. The payment processing network 26 may use any suitable wired or wireless network, including the Internet.
The server computer in the payment processing network 26 may comprise code for receiving, at the server computer, an authorization request message comprising customer exclusive data, where the customer exclusive data was previously stored in a consumer device; code for analyzing the authorization request message; and code for performing additional processing based on the customer exclusive data.
The merchant 22 may also have, or may receive communications from, an access device 34 that can interact with the portable consumer device 32. The access devices according to embodiments of the invention can be in any suitable form. Examples of access devices include point of sale (POS) devices, cellular phones, PDAs, personal computers (PCs), tablet PCs, handheld specialized readers, set-top boxes, electronic cash registers (ECRs), automated teller machines (ATMs), virtual cash registers (VCRs), kiosks, security systems, access systems, and the like.
If the access device 34 is a point of sale terminal, any suitable point of sale terminal may be used including card readers. The card readers may include any suitable contact or contactless mode of operation. For example, exemplary card readers can include RF (radio frequency) antennas, magnetic stripe readers, etc. to interact with the portable consumer devices 32.
In a typical purchase transaction, a consumer such as consumer A 30(a) purchases a good or service at the merchant 22 using a portable consumer device such as portable consumer device B 32-2, which may be in the form of a credit card. The consumer's portable consumer device B 32-2 can interact with an access device 34 such as a POS (point of sale) terminal at the merchant 22. For example, the consumer 30 may take the credit card and may swipe it through an appropriate slot in the POS terminal. Alternatively, the POS terminal may be a contactless reader, and the portable consumer device B 32-2 may be a contactless device such as a contactless card.
An authorization request message is then forwarded to the acquirer 24. After receiving the authorization request message, the authorization request message is then sent to the payment processing network 26. The payment processing network 26 then forwards the authorization request message to the issuer 28 of the portable consumer device B 32-2.
After the issuer 28 receives the authorization request message, the issuer 28 sends an authorization response message back to the payment processing network 26 (step 56) to indicate whether or not the current transaction is authorized (or not authorized). The payment processing network 26 then forwards the authorization response message back to the acquirer 24. The acquirer 24 then sends the response message back to the merchant 22.
After the merchant 22 receives the authorization response message, the access device 34 at the merchant 22 may then provide the authorization response message for consumer A 30(a). The response message may be displayed by the access device 34, or may be printed on a receipt.
At the end of the day, a normal clearing and settlement process can be conducted by the payment processing network 26. A clearing process is a process of exchanging financial details between and acquirer and an issuer to facilitate posting to a consumer's account and reconciliation of the consumer's settlement position. Clearing and settlement can occur simultaneously.
II. Exemplary Consumer Devices, Access Devices, and Computer Apparatuses
In some embodiments, information in the memory may also be in the form of data tracks that are traditionally associated with credits cards. Such tracks include Track 1 and Track 2. Track 1 (“International Air Transport Association”) stores more information than Track 2, and contains the cardholder's name as well as account number and other discretionary data. This track is sometimes used by the airlines when securing reservations with a credit card. Track 2 (“American Banking Association”) is currently most commonly used. This is the track that is read by ATMs and credit card checkers. The ABA (American Banking Association) designed the specifications of this track and all world banks must abide by it. It contains the cardholder's account, encrypted PIN, plus other discretionary data.
The phone 32′ may further include a contactless element 32(g), which is typically implemented in the form of a semiconductor chip (or other data storage element) with an associated wireless transfer (e.g., data transmission) element, such as an antenna. Contactless element 32(g) is associated with (e.g., embedded within) phone 32 and data or control instructions transmitted via a cellular network may be applied to contactless element 32(g) by means of a contactless element interface (not shown). The contactless element interface functions to permit the exchange of data and/or control instructions between the mobile device circuitry (and hence the cellular network) and an optional contactless element 32(g).
Contactless element 32(g) is capable of transferring and receiving data using a near field communications (“NFC”) capability (or near field communications medium) typically in accordance with a standardized protocol or data transfer mechanism (e.g., ISO 14443/NFC). Near field communications capability is a short-range communications capability, such as RFID, Bluetooth™, infra-red, or other data transfer capability that can be used to exchange data between the phone 32′ and an interrogation device. Thus, the phone 32′ is capable of communicating and transferring data and/or control instructions via both cellular network and near field communications capability.
The phone 32′ may also include a processor 32(c) (e.g., a microprocessor) for processing the functions of the phone 32 and a display 32(d) to allow a consumer to see phone numbers and other information and messages. The phone 32′ may further include input elements 32(e) to allow a consumer to input information into the device, a speaker 32(f) to allow the consumer to hear voice communication, music, etc., and a microphone 32(i) to allow the consumer to transmit her voice through the phone 32′. The phone 32′ may also include an antenna 32(a) for wireless data transfer (e.g., data transmission).
The various participants and elements in
II. Exemplary Methods
Methods according to embodiments of the invention can be described with respect to
Prior to using the customer exclusive data tag with customer exclusive data in transactions, a portable consumer device may be loaded with the customer exclusive data. The customer exclusive data may be representative of the actual data (e.g., a phone number encoded on a payment card) or may be representative of a code or other data element that is linked to the actual data. As an example of the latter case, a code such as the letter “1” may be linked to an instruction such as sending an alert to the consumer's phone. When a service provider server computer determines that a particular data tag has the number “1”, it may retrieve the instruction to send the alert to the consumer's phone and may thereafter initiate this function.
In one embodiment, the customer exclusive data may be provided to a service provider such as a merchant, an organization that operates the payment processing network, or an issuer. It may be provided to the service provider in any suitable manner. If the service provider is, for example, an organization that operates the payment processing network 26 or the issuer 28, then the consumer (e.g., consumer C 30(c)) may contact a server computer in the payment processing network 26 or at the issuer 28 via the Internet 72, using a standard computing device (e.g., consumer device C 32-4) operating a standard operating system (e.g., a Windows™ based operating system) and using a standard browser (Internet Explorer)™. The consumer can then provide customer exclusive data to the payment processing network 26 or the issuer 28. In some embodiments, after receiving the customer exclusive data, the issuer 28 could issue one or more portable consumer devices to the consumer with the customer exclusive data stored in their associated memories. Alternatively, if the consumer devices can receive data (e.g., as in the case of phones or computers), then the customer exclusive data can be send to the consumer devices and then stored in them. In yet another embodiment, the consumer data may be loaded on to the consumer devices by the user using external devices such as access devices. For example, a consumer could take a standard payment card with a re-writeable memory to an access device that can write the customer exclusive data to the standard payment card. In yet another embodiment, the consumer device itself can generate the customer exclusive data. For example, the consumer device can generate a dCVV (dynamic card verification value) and this data can be used as customer exclusive data. Regardless of how the consumer data is loaded on to the consumer's consumer device, the consumer data may include any of the particular type or amount of consumer-specific data including any of the types of data described in
After the consumer data is loaded into the consumer device, it may be used in a transaction such as payment transaction. In an exemplary embodiment, a consumer may use a portable consumer device including a customer exclusive data tag. Illustratively, a consumer A 30(a) may first use his portable consumer device A 32-1 to purchase a good or service at a merchant 22. The portable consumer device A 32-1 may be in the form of a phone with a contactless element (as described above with respect to
A server computer in the payment processing network 26 can then receive (step 206) and analyze the authorization request message. It can perform additional processing (step 208) using the customer exclusive data tag, before sending the authorization request message on to the issuer 28 for approval. For example, the customer exclusive data may include the consumer's mobile phone number and may also include a preference for receiving alert messages for transactions that are conducted by the consumer. The additional processing in this example comprises initiating the sending of a notification message to the consumer device (e.g., portable consumer device A 32-1). The notification message may indicate that the current transaction is being conducted. Additional processing may not only involve sending messages after analyzing customer exclusive data. Other additional processing steps may involve adding points or other benefits to user or consumer accounts, sending messages to entities other than the consumer, performing the transaction in a specific manner that is different than a normal transaction, etc. Yet other specific examples of additional processing (step 208) are provided below.
Although a server at the payment processing network 26 is described as performing additional processing in this and in other examples in this application, it is understood that other entities including the merchant 22, acquirer 24, issuer 28, or a third party processor may perform such additional processing using its own server computer.
The authorization request message is then forwarded to the issuer 28 for approval (step 210). The issuer 28 may then approve or deny the transaction, depending on whether there is sufficient credit and/or sufficient funds in the consumer A's account. After this, the issuer 28 sends an authorization response message back to access device 34 via the acquirer 24 and the payment processing network 26 (step 212).
Examples of New Services Resulting from Extra Data Including Customer Exclusive Data and Form Factor Indicator Tags
Table 1 above has samples of the types of data that may be included in the customer exclusive data tag. Information from Table 1, supplied within the authorization request message to the issuer, may be useful to service providers such as payment processing organizations and card issuers for a variety of purposes. Below are some example uses for this data. The specific examples provided below relate to the use of a server computer in a payment processing network as the device which receives an authorization request message and then performs additional processing. Embodiments of the invention, are not, however, limited to this. Embodiments of the invention could also be performed in other ways. For example, instead of the payment processing network 26, the issuer 28, or a third party payment processor may perform the functions performed by the payment processing network 26.
Transaction Notification and Control:
In one embodiment of the invention, a service provider such as an issuer 28 or payment processing network 26 could establish a transaction notification service where the phone, text, or email is used to validate a transaction. For example, a parent could give his card to his child and ask to be notified any time his card is used, anytime a transaction exceeds a predetermined threshold (e.g., $25), or anytime the merchant has a specified characteristic (e.g. a liquor store). Notification flags could be of any type, value, merchant name or type, location, count, etc. The notification could be sent to a phone, or other suitable device.
Referring to
In a similar manner, the service provider (e.g., an organization that operates the payment processing network 26 or the payment processing network 26 itself) could also establish a notification service for a corporate or fleet card. An employer or supervisor can give a corporate card to an employee for the purchase of gas or the purchase of other necessities. For example, the above-described authorization request message may include data that represents an instruction to send an alert message to the employee's supervisor, each time or under specific conditions specified by the employer or supervisor. This could allow for notification and control on specific devices, or groups of devices as consolidated by the issuer.
In yet another example, fleet card accounting is possible based on parameters established in a host computer system. Using accounting preferences as established by customer exclusive data from the consumer device, logging, receipts, notification, and accounting can be done per device or as consolidated based on a master account. The master account may be held by an employer and each employee of the employer may operate a different consumer device. Transaction data associated with purchases made by each consumer device could be routed to the employer's computer system.
In embodiments of the invention, the transaction control service could be of a passive or active type. In the passive mode, transactions are automatically allowed or disallowed based on pre-established parameters held on the consumer device, type, value, merchant name or type, location, count, etc. No notification is necessary. This could be used to stop this one transaction or all future transactions if the parameters are met. In the active mode, notification by e-mail, text message, or phone call is made to ask for the transaction to be allowed or disallowed. The decision or control mechanism is included in the transaction flow.
Note that in these embodiments, a consumer does not need to register for the alerts service, since an issuer can load the consumer's portable consumer device with the consumer's phone number. This advantageously can save the consumer time and effort.
Electronic Receipts or Statements:
In other embodiments of the invention, a service provider such as the payment processing network 26 or the issuer 28 could establish an electronic receipt service where the phone or other device is used as a place to receive a receipt. For example, a flag indicating that a receipt is required could be included in the customer exclusive data in an authorization request message which passes from the merchant 22 to the payment processing network 26. For some merchant types, a receipt may not be available (such as transit or other high speed point of sale environment). As an additional processing step, the receipt could be sent from the payment processing network 26 to a phone (e.g., portable consumer device A 32-1) as a text message or email.
The electronic receipt could be sent, for example, in a pre-defined format consistent with specific software for expense reports. For example, the customer exclusive data tag may include customer exclusive data which indicates a preference for electronic receipts in a format that is compatible with Microsoft Excel™. Alternatively, the receipt could be, for example, of any free-form format for display on a phone screen. Which type of receipt to send could be included as part of the data from the portable consumer device in the customer exclusive data.
Monthly statement preferences could be as defined on the device. The customer exclusive data could indicate that monthly paper statements should be mailed, or could indicate that electronic statements should be e-mailed.
Loyalty:
In other embodiments of the invention, there could be information about loyalty programs included on the portable consumer device, such as, for example, loyalty program identification and participation information. The data in the consumer device (portable consumer device B 32-2) could tell the merchant 22 how to process data as preferred by the cardholder. For example, the customer exclusive data tag in an authorization request message may indicate that the cardholder (e.g., consumer A 30(a)) may choose to use points before charges are made in cash. As noted above, this authorization request message may be sent from the access device 34 to the payment processing network 26 via the acquirer 24. A server computer in the payment processing network 26 could then apply points to the particular transaction being conducted and could then re-format the authorization request message to the issuer 26 for the difference between the transaction price and the value of the points. In another example, it may be possible for the payment processing network 26 to apply one program first in advance of another such as airline mileage, rather than rental car points. In these cases, the data held on the consumer device (e.g., portable consumer device A 32-1) is used by the merchant 22.
Transaction Security:
Today, in a dynamic CVV (card verification value) process, a device application transaction counter (ATC) is sent in the clear within the authorization request message from the access device 34 at the merchant 22 to the issuer 28. The information is then used by the issuer 28 to detect fraud. For example, if the ATC does not match the ATC at the issuer, then this may indicate that there is fraud. It is also possible for transactions to be recorded and viewed, and under certain scenarios, it may be possible to commit fraud because the security data is not hidden.
In embodiments of the invention, using encryption techniques, customer exclusive data could include the ATC in encrypted format as it is provided by the portable consumer device (portable consumer device A 32-1) to the access device 34. The access device 34 can then transmit the authorization request message to the payment processing network 26 and the issuer 28. This can prevent a would-be fraudster from seeing or utilizing this data. Additionally, there is much more space within the customer exclusive data tag to allow for a longer cryptogram (as compared to conventional message protocols), thereby making the transaction more secure.
Reloadable Prepaid Account:Reloadable prepaid cards are sometimes first issued with a temporary card prior to enrollment. After enrollment, a personalized embossed card is typically sent as a replacement for the temporary card. Some interesting opportunities exist when the personalized card is issued with customer exclusive data. For instance, a customer exclusive data tag could indicate the mechanism for account replenishment. For example, account replenishment can occur through a monthly payroll, or it can be topped up against another bank account, and an indicator of this may be included in a customer exclusive data tag that is sent in an authorization request message from the access device 34 to the payment processing network 26 and the issuer 28. The customer exclusive data tag could be used to indicate how to notify the cardholder (e.g., consumer A 30(a)) when the account balance is getting low (i.e. through email, text message, phone call, etc). In another example, a prepaid card could be issued to a child, and an account associated with the prepaid card can be topped up with funds from the parent's account. The top up mechanism could be included on the child's card. When the child's card is used at the access device 34, an authorization request message including those top up preferences may be sent to the prepaid issuer 28.
Proxy Account Information:
For purposes of security, there may be instances where the primary account number (PAN) can be masked during a payment transaction. For example, transit fare collection could be an example where the real PAN can be masked due to the off-line nature of bus fare transactions and the need to store cardholder information, possibly for multiple hours on a bus or other mode of transportation. The customer exclusive data could be used in an authorization request message to hold a proxy account number that is linked to the real PAN in the issuer host system. The proxy account number is read and used by all nodes in the payment system. The proxy account could be limited for use in specific merchant types (like transit). For example, the authorization request message could be sent from the access device 34 to the issuer 28 via the acquirer 24 and the payment processing network 26. Each of these nodes may see and use the proxy account number. However, the real PAN may be customer exclusive data that is determined and analyzed by a server computer in the payment processing network 26 or the issuer 28. Normal transaction processing can take place after the real PAN is determined by the payment processing network 26 or the issuer 28.
Multi-Application:
College or commercial campus environments many times require multiple applications with data peculiar to each application. The customer exclusive data in an authorization request message could be used to hold other account data and preferences for such things as student ID, payment preferences, dorm access information or ID, notification information, age verification and identity, etc.
Version Control:
At times the version of a card or application may be important for variety of reasons. For example, if version 1 of a card or application uses one type of encryption and version 2 of a card or application uses another type of encryption, it would be desirable for the issuer and other service providers to know what card type is being used. This information could be included in the customer exclusive data to indicate to the payment nodes what version of the card was used.
Form Factor Indictor and Customer Exclusive Data Tags Used Together
Another type of data tag that can be used in conjunction with the customer exclusive data tag is a “form factor indicator data tag.” As this data is forwarded to the payment processing network and the issuer, the information may be used as necessary by service providers that recognize the data for a particular service. The definition of the data within this tag may be standardized or may be specific to a particular issuer's definition, and may be in the clear or encrypted.
Payment transactions and other transactions can be initiated by portable consumer devices other than traditional card form factors. Mini-cards, micro tags, key FOBs, cell phones, watches, and other key chain devices can be used to initiate a payment transaction at the point of sale.
The form factor indicator tag is available to indicate the capabilities of the device used to initiate the transaction at the point of sale. It is possible for the issuer to personalize one character of track data with values of 1 to 9 to indicate the device type. It is recognized that 9 values may not be sufficient to fully define not only the form factor of the device, but other inherent capabilities that the device may possess. Although embodiments of the invention are not limited to the size of a tag, the form factor indicator tag can be sized to 4 bytes (8 hex characters) and can be refined with more definition than is available with one character in track data. The form factor indicator tag can be transmitted in a supplementary data field in an authorization request message from the point of sale to the issuer during an authorization process.
A form factor indicator tag may include a form factor indicator element, a device security features element, and a device communications features element. The form factor indicator element may include information about the particular form factor of the portable consumer device being used. The device security features element may indicate the type of security features that are present on the particular portable consumer device. Lastly, the device communications feature element may include information about the particular communication features present in the device.
Table 2 provides examples of some types of indications that may be utilized or defined with the form factor indicator tag. As illustrated below, the form factor indicator tag may include a form factor indicator element, a device security features element, other data elements, and a device communications technology element.
Additional details regarding the use of Customer Exclusive Data Tags are provided in U.S. patent application Ser. No. ______ entitled “Device Including Form Factor Indicator,” which is being filed on the same day as the present application (Attorney Docket No. 16222U-041710US) and which is herein incorporated by reference in its entirety for all purposes.
The form factor indicator tag can be used to initiate a transaction at the point of sale and may be used by service providers for a variety of purposes. It can be used alone or in combination with the customer exclusive data tag.
Referring to
A server computer in the payment processing network 26 can then receive (step 306) and analyze the authorization request message and can perform additional processing (step 308) using the form factor indicator tag and the customer exclusive data tag, before sending the authorization request message on to the issuer 28 for approval.
The authorization request message is then forwarded to the issuer 28 for approval (step 310). The issuer 28 may then approve or deny the transaction, depending on whether there is sufficient credit and/or sufficient funds in the consumer A's account. After this, the issuer 28 sends an authorization response message back to access device 34 via the acquirer 24 and the payment processing network 26 (step 312).
In one specific example, the form factor indicator tag in the authorization request message may indicate that the consumer device is a mobile phone (byte 1 of the tag). The customer exclusive data tag may include the phone number of the mobile phone. The server computer in a payment processing network 26 or in another location can then send an authentication message to the consumer device 32-1 by SMS, text, or e-mail as provided in a customer exclusive data tag in the authorization request message. In another example, it is possible to take the form factor indicator from byte 1 of the form factor indicator tag, and then use the consumer device to encrypt it for security purposes. It is then possible to send an authorization request message with the encrypted indicator tag to the issuer 28 in the customer exclusive data tag. This could be used as an indication that the transaction was not tampered with and that the transaction is authentic.
Although a specific example is provided, it is also understood that any of the form factor indicator elements in Table 2 may be combined with any of the customer exclusive data elements in Table 1, in any suitable authorization request message, or other type of message.
Embodiments of the invention have a number of advantages. Because user specific data is provided in authorization request messages, normal payment transactions can be conducted and customized in some manner for the particular consumer that is making the current purchase. Each user experience can be different, without requiring the user to expend much effort.
Embodiments of the invention are not limited to the above-described embodiments. For example, although separate functional blocks are shown for an issuer, payment processing network, and acquirer, some entities perform (e.g., Discover, AMEX, etc.) all of these functions and may be included in embodiments of invention.
Specific details regarding some of the above-described aspects are provided below. The specific details of the specific aspects may be combined in any suitable manner without departing from the spirit and scope of embodiments of the invention.
It should be understood that the present invention as described above can be implemented in the form of control logic using computer software in a modular or integrated manner. Based on the disclosure and teachings provided herein, a person of ordinary skill in the art will know and appreciate other ways and/or methods to implement the present invention using hardware and a combination of hardware and software
Any of the software components or functions described in this application, may be implemented as software code to be executed by a processor using any suitable computer language such as, for example, Java, C++ or Perl using, for example, conventional or object-oriented techniques. The software code may be stored as a series of instructions, or commands on a computer readable medium, such as a random access memory (RAM), a read only memory (ROM), a magnetic medium such as a hard-drive or a floppy disk, or an optical medium such as a CD-ROM. Any such computer readable medium may reside on or within a single computational apparatus, and may be present on or within different computational apparatuses within a system or network.
The above description is illustrative and is not restrictive. Many variations of the invention will become apparent to those skilled in the art upon review of the disclosure. The scope of the invention should, therefore, be determined not with reference to the above description, but instead should be determined with reference to the pending claims along with their full scope or equivalents.
One or more features from any embodiment may be combined with one or more features of any other embodiment without departing from the scope of the invention.
A recitation of “a”, “an” or “the” is intended to mean “one or more” unless specifically indicated to the contrary.
All patents, patent applications, publications, and descriptions mentioned above are herein incorporated by reference in their entirety for all purposes. None is admitted to be prior art.
Claims
1. A consumer device comprising:
- a body; and
- a memory comprising a computer readable medium disposed on or within the body, the computer readable medium comprising user exclusive data, wherein the user exclusive data is configured to be transmitted in a user exclusive data tag in an authorization request message.
2. The consumer device of claim 1 further comprising:
- a processor coupled to the computer readable medium.
3. The consumer device of claim 1 wherein the consumer device is a phone.
4. The consumer device of claim 1 wherein the consumer device is in the form of a card.
5. A method comprising:
- receiving, at a server computer, an authorization request message comprising a user exclusive data tag comprising user exclusive data, wherein the user exclusive data was previously stored in a consumer device;
- analyzing the authorization request message; and
- performing additional processing based on the user exclusive data.
6. The method of claim 5 further comprising:
- wherein performing additional processing comprises initiating the sending of a notification message to the consumer device, and wherein the user exclusive data includes a user's phone number.
7. The method of claim 6 wherein the consumer device is a phone.
8. The method of claim 5 wherein the user exclusive data relates to an instruction to send a receipt to the consumer device.
9. The method of claim 5 wherein the user exclusive data comprises consumer preferences.
10. The method of claim 5 wherein the authorization request message comprises a BIN.
11. A computer useable medium having a computer readable program code embodied therein, said computer readable program code adapted to be executed by a processor, the method comprising:
- receiving an authorization request message comprising user exclusive data in a user exclusive data tag;
- analyzing the user exclusive data; and
- performing additional processing based on the user exclusive data.
12. The computer useable medium of claim 11 wherein the authorization request message further comprises a BIN.
13. The computer useable medium of claim 11 wherein the authorization request message further comprises a form factor indicator tag.
14. A server computer comprising the processor and the computer readable medium of claim 11 coupled to the processor.
15. A system comprising the server computer of claim 14.
16. A method comprising:
- obtaining a consumer device comprising a body, and a memory comprising a computer readable medium disposed on or within the body, the computer readable medium comprising user exclusive data; and
- using the consumer device to interact with an access device, wherein the access device thereafter generates and sends an authorization request message comprising a user exclusive data tag with the user exclusive data to an issuer associated with the portable consumer device.
17. The method of claim 16 wherein the consumer device is a phone.
18. The method of claim 16 wherein the consumer device is a card.
19. The method of claim 16 wherein the consumer device is a portable consumer device.
20. The method of claim 16 wherein the authorization request message is sent to the issuer via a payment processing network.
Type: Application
Filed: Apr 28, 2009
Publication Date: Oct 29, 2009
Inventor: Ayman Hammad (Pleasanton, CA)
Application Number: 12/431,452
International Classification: H04L 9/32 (20060101); H04M 1/00 (20060101); G06Q 20/00 (20060101);