This section provides background information related to the present disclosure which is not necessarily prior art.
Payment card (such as credit cards, debit cards, charge cards, pre-paid cards, etc.) issuers use rewards programs and schemes (such as cash-back rewards, discounts at retail outlets, accumulative reward points/mileage, etc.) to improve the profitability of the cards. In particular, different card issuers use different reward programs to attract new customers signing up for their cards, and to incentivize existing cardholders to increase the usage of the card in terms of transaction amount and value.
The payment cards are issued by financial institutions such as banks (also known as issuers or issuing banks) and are associated with one or more bank accounts (e.g. a credit card account, a loan account, a checking account, a savings account etc.) of the cardholder at the issuing bank. Typically, each payment card is associated with an account number (known as the primary account number, PAN—typically a 16-digit number) which can be used for performing point-of-sale (POS) transactions as well as Internet-based/e-commerce transactions (e.g. making a payment) with a merchant. Conventionally, the first six digits of the PAN (e.g. 5466 1601 XXXX XXXX) of a credit/debit card are the Bank Identification Number (BIN) (also known as the Issuer Identification Number (IIN))—in this case 554616. In other words, the BIN range allows cards issued by different banks to be differentiated from one and another. In the current rewards system, when a cardholder makes a transaction using the card, the merchant and the card issuer offers rewards based on the BIN range of the card used in that transaction.
However, in processing an electronic transaction, secure handling of sensitive card data is usually required to minimize their exposure to security risks such as fraud. Sensitive card data is usually tokenized (a process in which sensitive data is replaced by non-sensitive data which is infeasible to reverse in the absence of a detokenization system) before it is handled by the relevant parties. In the process, a token is generated by a card scheme server, which has a format which resembles the real card credentials (e.g. a 16-digit number PAN) which is used during payment processing. Tokenization also applies to a scenario in which the physical plastic payment cards is not present on a transaction, rather, the tokenized payment credentials embodied in other physical devices, such as appropriately configured smart phones, are used for a payment. In such a case, a cardholder presents his smart phone as the payment device for an electronic transaction, e.g. a POS transaction at a retail outlet.
With tokenization, however, the BIN ranges, which are assigned by the card scheme server, no longer allow two card issuers to be differentiated based on the first 6-digits of the token (i.e. the tokenized PAN). Instead, card issuers are differentiable based on the first 8-digits (e.g. 5466 1601 23XX XXXX). Therefore, the current rewards system would no longer work for electronic transactions which are tokenized.
Therefore, it is desirable to provide an improved system and method for retrieving rewards for cards used in a tokenized electronic transaction.