Current methods for utilizing mobile devices, such as cell phones, to make purchases at POSs typically focus on using stored value accounts for payment and personal identification numbers (“PiNs”) and/or callback confirmation messages in order to validate purchases. For example, MobileLime offers a cell phone payment solution based on “pre-authorization.” A consumer registers with MobileLime by providing a PIN to the MobileLime system via its website. By presenting cash at a participating merchant location or conducting a credit or debit card transaction via the MobileLime website, a consumer can “prepay” a specified amount into a stored value account. Alternatively, a consumer can directly link a credit or debit card to his MobileLime account. When the consumer subsequently visits a participating merchant, he dials the MobileLime number and, using dual-tone multi-frequency (“DTMF”) or interactive voice response (“IVR”), enters his PIN and a merchant identification number (visible at the merchant location or available at the MobileLime website) in order to pre-approve his purchase. When the consumer is ready to complete his purchase, he tells the clerk the last four digits of his cell phone number to consummate the transaction. MobileLime's back-end system interfaces with the POS to settle the transaction by deducting the appropriate purchase amount from the consumer's account.
The MyTango system functions somewhat similarly. MyTango enables a consumer to design “preorders” via the MyTango website for specific merchants (e.g., restaurant chains, etc.) such that the consumer is able to send a Short Message Service (“SMS”) code for the designed preorder to the MyTango system. The system verifies that the MyTango consumer's stored value account contains sufficient funds and transfers the payment to the merchant. The system then forwards the order to the merchant who prepares the order.
Other cell phone payment solutions intended to be used at merchant locations involve technologies using over the air (“OTA”) or contactless interfaces, such as Radio Frequency Identification (“RFID”), Near Field Communication (“NFC”), Bluetooth, or infrared technologies, to transfer data or otherwise communicate with a merchant's payment system. Such payment solutions typically require consumers to use specialized mobile devices (e.g., with contactless capabilities) and merchants to employ additional hardware devices (e.g., RFID or NFC readers). For example, DoCoMo requires a participant to use a smartcard-equipped mobile phone (known as a “wallet phone” or “Osaifu-Keitai”). The smartcard, also called an integrated circuit (“IC”) card, enables the mobile phone for contactless payments, as well as other functions. To conduct a purchase, a consumer must first add value to his DoCoMo account, which is stored within the phone via the smartcard. The consumer can do so using the DoCoMo Internet billing application via the phone by entering his password and the amount he wishes to add via the phone's interface. Additionally, he can present his mobile phone at a physical location, such as at a POS or an automated kiosk equipped with a contactless reader, and add value by providing cash or credit. Alternatively, a DoCoMo user can associate his smartcard-equipped mobile phone with a DoCoMo credit account, thereby allowing the phone itself to function as a credit card. In all of the foregoing configurations, the consumer can use his mobile phone for payments by waving it in front of a contactless reader at the POS and the consumer's DoCoMo account is charged accordingly.
Other mobile payment solutions are less focused on POS transactions. For example, PayPal's mobile payment solution enables a cell phone owner to send an SMS message to purchase an item appearing in an advertisement. First, a consumer registers at least one financial account (checking, credit, debit, stored-value, etc.) with PayPal to be used for online or mobile payments. Typically, the consumer sets one financial account as a default for all PayPal payments. When the cell phone owner sees a PayPal icon with an SMS number and product code appearing in an advertisement, he sends an SMS message containing the product code to the number. PayPal immediately calls the cell phone owner and requests that he enter a PIN to confirm the purchase. If the consumer provides the proper PIN, the transaction is billed to his PayPal account.
The aforementioned mobile payment solutions depend upon the proper use of the mobile device involved in the transaction, but do not provide strong authentication of the consumer utilizing it. Solutions requiring pre-authorization or preordering could allow an interceptor to impersonate the cell phone owner at the POS without the device. For example, in the MobileLime system, if an imposter knows or suspects that the cell phone owner has pre-authorized a MobileLime transaction and knows the owner's cell phone number, the imposter could offer the last four digits of the cell phone number at the POS and attempt a purchase based on the pre-authorization. Similarly, MyTango does not appear to offer any authentication at the merchant location and an imposter could pick up a preordered meal if he is aware of the cell phone owner's preorder.
Some of the foregoing solutions utilize PLNs/passwords to authenticate the cell phone owner. Although such security mechanisms offer some level of authentication, they are weaker or at best equivalent to other payment systems available for POS transactions; therefore, the industry may be hesitant to move towards higher value mobile payment transactions. For example, if a criminal steals the mobile device of a MobileLime user and is able to decipher the PIN, he can use the mobile device as if he were the legitimate owner. Mobile payment solutions that store a consumer's financial account information on his mobile device are at even greater risk. For example, a DoCoMo mobile phone stores financial account information on an integrated smartcard, and once a criminal defeats the device's security features (if any), he has instant access to the owner's financial account.
Some mobile devices are equipped with biometric readers, such as fingerprint sensors, and restrict access via biometric security measures. For example, mHave offers mobile payment services via a mobile phone equipped with a fingerprint sensor. However, as of the date of the disclosure, the typical consumer does not own such a device because they are not commonly available or affordable.
Additionally, mobile payment solutions that require specially equipped mobile devices to communicate with the POS terminal can hinder adoption due to the need for consumers to purchase such specially equipped devices and merchants to purchase hardware infrastructure to support such devices.
Furthermore, many mobile payment solutions do not account for the limitations of mobile devices. Cell phone interfaces offer limited keypad functionality, which can make sending text messages inconvenient, especially during a transaction at a POS. Likewise, DTMF methods typically require the consumer to switch back and forth between listening to the phone and pressing the keypad. IVR solutions in which a PIN is spoken into the cell phone also risk compromise of secret information by eavesdroppers. Such issues can lessen the appeal of mobile payment solutions and thereby limit their adoption.
In contrast to current mobile payment solutions, biometric authentication systems offer merchants a convenient and secure means for POS transactions. For example, the Pay By Touch biometric payment solution allows a consumer to register multiple payment accounts, as well as loyalty account information and other personal and identity-related information, in a central location. A Pay By Touch user can access this information by providing a fingerprint scan at a POS terminal. However, to implement such a system, a merchant's POS terminals must be equipped with biometric sensors and the associated operating systems. Regardless of the benefits (e.g., security, convenience, etc.), a merchant may be hesitant to implement such a biometric payment solution due to the cost, time and other resources required for installation.
What is needed is a more strongly authenticated mobile solution that enables secure and convenient payments in a merchant setting without necessitating additional hardware integration at the POS or specially equipped mobile devices. The system of the present invention stores the consumer's financial data at a central location, and the consumer can access it via a merchant's standard payment terminal to select the desired account. The consumer does not need a special mobile device to participate, nor does the merchant need to install biometric sensors and associated equipment. Thus, the present invention allows for the implementation of a biometric mobile payment system without the necessity of cost-prohibitive equipment.