1. Field of the Invention
The invention pertains to online methods, systems and software for improving the privacy, anonymity, security and control of cardholders over their private financial and personal information in making online payments in a transaction over a network where online e-commerce transactions are carried out, such as the Internet.
2. Background of the Prior Art
Security, privacy, and anonymity have become major issues in e-commerce transactions. The e-commerce concept depends on the premise that it is possible to access a purchaser's financial accounts for payments in a manner that will provide purchasers with the confidence to participate and make purchases while dealing with a remote merchant in an online transaction. The purchaser making a payment is currently faced with a very rigid system where a credit card number must generally be supplied along with other personal information to make a purchase. Once the information is provided the payer loses control completely, until under ideal circumstances, the payer learns that the transaction has been properly executed. Yet, deficiencies of the system are well known, including the following:    1. theft of a purchaser's financial information enabling the recipient of the financial information to conduct fraudulent transactions,    2. lack of dynamic ability to review, reconsider, and even modify aspects of a transaction after the “buy” button is clicked on the merchant's site literally during the payment process,    3. lack of flexibility in structuring a payment among various accounts of different types (e.g., credit cards, debit cards, checking accounts, and etc.),    4. lack of privacy—the merchant has access to the payer's name, billing address, credit card number and other personal information which may be correlated against purchases and even sold to third parties, and    5. merchant records associated with online transactions are a concentrated financial information target for organized attack by criminals and terrorists.
Methods of conducting e-Commerce transactions wherein a buyer (payer) pays for goods or services obtained from a merchant (recipient) with a credit card in an online transaction over a computer network, such as the Internet, are well known in the prior art. While there are variations, the existing process for making such a transaction is that the payer enters a credit card number, billing address and other information needed for authorization of the payment onto a form on the web site to pay for an e-commerce transaction. The credit card number and the other information are transmitted over the Internet from the payer to the web site generally in an encrypted form such as SSL. The merchant site translates the information into a standard inter-bank protocol and forwards the information to a financial institution, usually known as the merchant's Acquiring bank, with which the merchant has an existing relationship generally over secure lines. The Acquiring bank forwards the transaction to the issuer of the credit card, generally known as the issuing bank, over a secure inter-bank payment network based on routing information which is part of the credit card number. The issuing bank either approves or denies the proposed transaction and returns the decision to the merchant through the Acquiring bank.
The prior art SET Secure Electronic Transaction™ (trademark and service mark owned by SET Secure Electronic Transaction LLC) protocol has been developed jointly by the Visa and MasterCard card associations as a method to secure credit card transactions over public networks such as the Internet. SET provides message integrity, authentication of all financial data, and encryption of sensitive data. SET is a three party protocol involving a cardholding consumer (buyer), a merchant and a gateway operating on behalf of an acquiring bank. The gateway is an addition to the model described above which intermediates between the merchant and the acquiring bank communicating with the merchant over the public network (Internet) and the acquiring bank over a private network. The scheme is complex, and depends on many participants conforming to a new process specification.
Another class of approaches towards improving the processing of online credit transactions includes issuance of one time or limited time pseudo card numbers by a bank which issues credit cards to its cardholders. These approaches protect the credit card numbers because the pseudo number is used in place of the actual card number. Valid credit card numbers contain routing information which identifies the issuing bank and allows transactions to be routed to the issuing bank for approval. In one-time or limited time approaches a cardholder's issuing bank establishes a method of issuing numbers containing the bank's routing information and a temporary pseudo card number which has been correlated to the cardholder's valid account number. Pseudo card numbers have less potential for misuse because of their limited duration and thus improve security. However, the approach is linked to implementation by a cardholder's issuing bank, so that a cardholder must enter into a different arrangement with the issuer of each account. The approach is also limited to protection of the credit card number but not protection of the privacy of the cardholder himself The approach similarly does not provide dynamic control during payment processing of the transaction.
Examples of one-time/limited time approaches include Wong, U.S. Pat. No. 5,956,699, which deals primarily with a method of generating an account number and permutation of the number for successive uses. Austin, U.S. Pat. No. 6,029,890 deals with a system for using a single use credit card number. Franklin, U.S. Pat. No. 6,000,832 discloses a form of one time account number where a unique account number is generated for each transaction by the user's computer according to an algorithm involving a base account number, a private key, and user specific data. Similar systems are U.S. Pat. Nos. 5,937,394 and 5,913,203.
Other approaches include Pearson, U.S. Pat. No. 6,023,684, which is a three tier financial transaction system having a local data memory. The system facilitates consumer access to financial institution records to service consumer transactions such as bill paying, retail banking, and credit card account support. Rosen, U.S. Pat. No. 5,745,886 discloses a system for a secure transaction between a customer and a merchant for the open distribution of electronic money between a customer trusted agent and a merchant trusted agent, each with an associated money module. U.S. Pat. No. 5,978,840 discloses a system, method and article of manufacture for a payment gateway system for processing encrypted transactions utilizing a multichannel, flexible architecture. These approaches deal primarily with new systems and methods for secure transactions and do not provide a cardholder with an improved means of payment over existing payment systems.
Another new type of bankcard processing system for online transactions is described by Linehan in U.S. Pat. No. 6,327,578. Lineham discloses a four party protocol intended to improve on the SET protocol by adding a fourth party to the three party SET protocol, an issuer gateway operating on behalf of a cardholder's issuing bank and moving the credit/debit card authorization process from the merchant to the issuing bank. The issuer gateway communicates with the cardholder's computer over the Internet and with the issuing bank over a private network. The communication between the cardholder's computer and the issuer gateway is initiated by message from the merchant that starts a wallet in the cardholder's computer. The initiation message includes a merchant digital signature and a digital certificate from an Acquiring bank as well as a payment amount, an order description, a time stamp and a nonce. Approval of the transaction is made by the issuing bank without real time involvement of the Acquiring bank. When approved an authorization is sent to the merchant either directly or via the cardholder. Upon receipt and verification of the authorization, the merchant completes the transaction with the cardholder. At a later time, the merchant requests the acquirer gateway to capture the transaction and arrange for settlement through the Acquiring bank. Linehan's method achieves improved privacy and security for the cardholder because the cardholder's sensitive information is not passed through the merchant, and because once the four party protocol is in place, various issuers may choose various different methods of authentication without the need to change the acquirer gateway. However, the challenge to adoption of Linehan's invention is that unlike today's situation where virtually any cardholder with browser access to the Internet can complete a transaction with virtually any merchant, Lineham requires that all four parties to a transaction (consumer, merchant, Acquiring bank, and Issuing bank) must have adopted the protocol to complete a transaction. The protocol involves a new method of online bankcard transactions and does not appear to contemplate use with the existing infrastructure.
There is a need for methods and systems for improving the security of financial account payments in online transactions between a payer and a beneficiary which will protect consumers, merchants, and financial institutions from misuses and criminal, and terrorist attacks.
There is a need for improved methods and systems for eliminating misuse of a payer's financial information associated with online payment transactions.
There is a need for improved methods and systems for protecting a payer's privacy in online payment transactions.
There is a need for improved methods and systems for giving payers dynamic control over online payment transactions between the time of submission of the payment information to the beneficiary and approval by the payer's financial institution.
There is a need for accomplishing the above within constraints of the existing account processing methods and systems in use today for processing online payments.