The present invention concerns improvements relating to the security of payment transactions and provides, more specifically, though not exclusively, a method and apparatus for authorising electronic payment transactions such as those suitable for implementation by the APACS standards in the UK, where the amount to be paid may incorporate a gratuity.
Payment by credit or debit card, also known as electronic fund transfer (EFT), is rapidly becoming the preferred method of payment in many countries around the world. The number of payment cards issued is predicted to soar over the coming years, along with the number of purchases made using such cards. There are, however, serious concerns regarding the security of EFT systems and their robustness to fraud.
Debt arising from payment card fraud is generally met by the payment card issuing companies, but cardholders unwittingly pay for any unauthorised transactions that they fail to identify. Most cardholders, on receiving their monthly payment card statements, briefly check that their consumer activities are properly reflected. Few, however, go so far as retaining all of their receipts and marrying them up with the statement entries and so fraudulent transactions associated with genuine purchases often evade detection. More particularly, and to the surprise of many cardholders, EFT transactions which support gratuity payments are inherently susceptible to discrete manipulation because of the underlying processing systems which are employed.
Merchants who wish to accept EFT payments must install a terminal for authorising electronic fund transfers at the point of sale (EFTPOS). An EFTPOS terminal typically comprises a payment card reader device, an operator input device such as a keypad, an output display screen, an EFT processing engine, a database for recording transaction details, a modem and a printer for printing off transaction slips and receipts. Each EFTPOS terminal connects to the host terminals of so-called acquirers, which are responsible for the electronic data capture of one or more credit/debit card issuing companies. The connection is made via an EFT network, such as a hard-wired telephone network.
After payment card details and the amount to be paid have been entered, the merchant terminal contacts the relevant acquirer host terminal for authorisation of the payment. The information relating to the payment, including an authorisation code received from the acquirer host terminal, is stored locally at the merchant terminal until the transaction data is polled from the merchant terminal at a later stage. By polling it is meant a process whereby an acquirer host terminal addresses a merchant terminal, establishing a communications link across an EFT network, such that the merchant terminal is able to send data back to the acquirer host terminal on demand. The advantage of polling is that it can be carried out at a time suitable for the acquirer host terminal, usually at a time of low transaction activity.
Organisations which oversee the use of EFT networks for payment transactions impose certain governing standards and the EFTPOS terminals must be configured accordingly. For example, use of EFT networks in the UK is overseen by the Association for Payment Clearing Services (APACS). The associated standards are referred to as APACS n v.m, where n is the number by which the standard is referenced and m is its version number. The current standards in the UK which facilitate gratuity payments by credit or debit cards are APACS 30 v.15, which is concerned with obtaining authorisation for electronic payment transactions, in conjunction with APACS 50 v.15, which is concerned with the polling of authorised electronic payment transaction data. These standards and the problems associated with them are explained in more detail below, but it is to be appreciated that gratuity payments are supported by equivalent standards in other countries around the world.
Consider a customer who, on being presented with a bill in a restaurant, elects to pay by EFT and provides a payment card. The payment card is taken away to the merchant's EFTPOS terminal where the payment card details and a sale amount are entered and stored. In accordance with the APACS 30 standard, this information, together with a merchant ID, is sent as an authorisation request to the appropriate acquirer host terminal via the EFT network. On receiving the request the acquirer host terminal accesses the cardholder's account and, if the card is valid and sufficient funds are available, generates a code authorising payment to the merchant. The authorisation code is transmitted back to the merchant terminal and prompts the printing of an authorised transaction slip. This slip, together with a carbon copy backing, is removed and presented to the cardholder for signature.
An example of an authorised payment transaction slip 10 is shown in FIG. 1. The name and address of the merchant 12 are displayed at the head of the slip. The payment card details 14, including its type, number, expiry date and issue number, are then stated below, followed by a sale amount 16. Fields for a gratuity 18 and a final total amount 20 are to be completed by the cardholder, as is a signature field 22 where the cardholder confirms that their payment account should be debited as indicated on the slip. The signature field is followed by the acquirer's authorisation code 23. Finally, additional information about the transaction 24, such as the date and time 25, the merchant terminal number 26, the merchant ID 27, the receipt number 28 and the reference number 29 is printed at the bottom of the slip.
After the cardholder has completed the authorised transaction slip 10, the cardholder's signature is compared to that written on the payment card as a local security check. The cardholder is then handed the transaction slip 10, whilst the carbon copy is retained by the merchant.
As an alternative to carbon copy backing slips, a first version of an authorised transaction slip as shown in FIG. 1 may be printed, completed by the cardholder and retained by the merchant, but a second version may subsequently be printed showing the total amount to be paid in the transaction. The second version does not require the cardholder's signature, as it is merely a confirmatory statement of what the cardholder has agreed to, and is therefore deemed more secure.
Although the merchant has been provided with an authorisation code for the sub-total 16, the final total 20 will exceed this if the cardholder has elected to include a gratuity 18. Rather than requiring the merchant to contact the acquirer for further authorisation, the APACS 30 standard permits authorisation codes 23 to extend to final total amounts 20 which lie within a percentage of the authorised sale amount 16, which is typically 15%. Thus, by referring to the carbon copy of the authorised transaction slip 10, the merchant is able to recall the transaction details using the reference number 29 from the database stored on the EFTPOS terminal and replace the authorised sale amount 16 with the new total amount 20. This “tolerance” of authorisation codes 23 prevents the cardholder from being unduly delayed at the transaction site, minimises the amount of processing to be performed by the merchant terminal and also helps to restrict “traffic” on the EFT networks. However, the APACS 30 standard dictates that merchants must seek additional authorisation, or “re-auth”, for final totals 20 which fall beyond the permitted tolerance.
Finally, in accordance with the APACS 50 standard, the merchant's EFTPOS terminal is polled by the acquirer host terminals at a predetermined time (usually late at night), instigating an upload of details for all of the transactions which have been authorised and completed through it for subsequent settlement.
Unfortunately present systems which facilitate electronic gratuity payments, as described above, are open to fraudulent abuse. As a matter of custom cardholders generally make gratuity payments which are 10% of the sub-total amount 16. Unscrupulous merchant staff can tamper with gratuity amounts 18 and final totals 20 shown on carbon copy transaction slips before passing them on to an EFTPOS terminal operator, thereby increasing the pay that will be awarded to them in respect of the transactions by the merchant. Current systems often fail to alert the merchant, acquirer or card issuer to this type of fraud and it is becoming an increasingly common practice which merchants are keen to stamp out as it is highly damaging to their reputations. If stringent accountancy checks are not enforced, it is also possible for terminal operators, prior to polling by the acquirer host terminals, to elevate final totals 20 to the maximum amount that they think will evade detection. Indeed, this latter practice is conducted as a matter of routine in some establishments prior to its discovery.
Detection of this particular fraud is highly reliant on cardholders vigilantly policing their payment card statements. However, because the fraudulent increases are relatively small (say 5%) they are often difficult to detect and, in any event, many transaction slips are absent-mindedly discarded so that comparison with the intended amount cannot be made. Even if the fraud is noticed, a cardholder may fail to report it as they perceive the recovery of funds to be a time-consuming process and not worth pursuing if the amount involved is relatively small.
There are also inherent disadvantages associated with the polling of information from merchant terminals. For example, the failure rate of polling processes is estimated to be around 8%. Such failures cause delays in settlement of the transaction funds which can seriously affect merchant cash flow and, in addition, any interest which would have accumulated in the merchant's account is lost. There are also significant charges associated with polling itself—merchants are typically charged between £10 and £15 per month for each of their EFTPOS terminals. A merchant's income is further reduced if a final total exceeds an authorised tolerance and authorisation is refused when the “re-auth” procedure is executed; payment from the acquirer for the gratuity amount is then irretrievably lost.
It is desired to overcome or substantially reduce some of the abovementioned problems. More specifically, it is desired to provide a method and an apparatus for authorising and effecting electronic payment transactions which offer improved resistance to fraud committed at merchant sites, particularly where gratuity payments are concerned.
The inventors of the present invention are the first to appreciate that the established practice of seeking a gratuity from a customer after a transaction amount has been authorised is not necessary and is the root cause of the disadvantages described above. Accordingly, the present invention resides in the appreciation that an improved authorisation process for electronic payment transactions, which incorporate gratuity payments, can be achieved simply by determining the total amount that is to be paid electronically prior to obtaining authorisation for a transaction from an acquirer.
Whilst at first sight this concept may appear to be a relatively trivial and obvious variation from the existing procedure, it is to be appreciated that it provides significant advantages over known methods which are described in detail later. In addition, this variation is a complete departure from the existing direction of developments in this field of technology, which are to improving the various polling techniques utilised with existing payment transactions. Rather, the present invention is such a fundamental divergence from the direction of development in this field that it does not suffer any of the problems associated with polling at all.
More specifically, according to one aspect of the present invention there is provided a method of authorising a payment transaction, the method comprising: receiving data relating to a customer's transaction card, and data relating to an original amount of the payment transaction; presenting the original amount data to the customer such that a gratuity amount may be added and in response thereto receiving data relating to the gratuity amount; establishing a link with an acquirer via a telecommunications network and seeking online authorisation for the payment transaction by transmitting the transaction card data and data relating to a value of the transaction, the transaction value comprising the gratuity amount and the original amount; and generating and providing receipt data to the customer, the receipt data confirming authorisation of the payment transaction at the transaction value when the transaction has been authorised.
Here the term “acquirer” is intended to include any entity acting as a financial transaction handling proxy which has the right to authorise transactions on an acquirer's behalf.
By establishing the value of the payment transaction in this way, authorisation can be obtained for the total amount that is to be paid, comprising the original amount and the gratuity amount, rather than just for the original amount as is the practice in the prior art. The present invention makes the practice of issuing authorisations with which inherent tolerances are associated, permitting post-authorisation manipulation of transaction values, redundant. Hence, a whole level of post-authorisation processing conducted at the merchant site is removed, such that merchant staff are no longer presented with a legitimate opportunity to manipulate the values of payment transactions subsequent to their receiving authorisation. Given that those opportunities have previously been exploited for fraudulent purposes, it is apparent that the present invention offers improved security over those methods of transaction authorisation which are known from the prior art.
In addition to security considerations, the present invention can also be implemented by acquirers at a significantly reduced cost compared to that spent on implementing prior art systems. Since transactions do not need to be recalled for completion the transaction details are transmitted to the acquirer at the time of seeking authorisation for the total transaction amount, the polling processes of the prior art are also made obsolete by the present invention. The costs associated with developing, implementing and maintaining a polling system are considerable; for example, a large back office support staff is typically required.
Preferably, the customer transaction card data is stored on a personal item of the customer and the method further comprises obtaining the transaction card data from the personal item for the purposes of authorising the payment transaction. For example, the transaction card data may be stored on a magnetic strip of a customer's transaction card, such that it can be read quickly when the card is swiped through a magnetic card reader. Alternatively, an electronic chip located on a customer's transaction card may be used to store the transaction card data, thereby making the transaction card difficult to replicate. Of course, the data may merely be clearly visible from the personal item with the naked eye, for example if it were to be displayed on a personal hand held organiser, in which case the transaction data could simply be read and then manually inputted for conversion into an electronic format.
It is also advantageous if the data concerning the transaction card that is received includes the expiry date of the card. This information can then be sent to the acquirer as part of the authorisation request, guarding against fake cards which have been manufactured using valid account details but unknown expiry dates. On receiving an authorisation request, an acquirer host terminal can perform an independent check that the expiry date received agrees with that stored in its database record for the payment transaction card. If the dates do not agree, authorisation of the transaction will not be given.
Authorisation may be obtained more quickly in some instances if the establishing step is triggered by the occurrence of the receiving step, such that it is carried out at least in part concurrently with the presenting and gratuity amount receiving steps. That is to say that the present invention is not restricted to submitting an authorisation request only further to the value of the transaction being determined.
Merchants will also find it beneficial, for accounting purposes, if receipt data which is issued in respect of an authorised transaction is stored in a local database. In addition, in the event of any future query being made by a customer regarding their transaction, the transaction details can be readily recalled.
It is also advantageous for the method to further comprise creating one or more software session instances for the payment transaction requiring on-line authorisation, the software session instances controlling the receiving, presenting, establishing, transmitting, and generating and providing steps for the transaction. By “on-line” it is meant requesting authorisation of a payment transaction in real-time whilst the customer is waiting. A plurality of software session instances allows transaction card details to be received concurrently from more than one source so that initial processing can be performed in parallel. In what follows, the terms “concurrent” or “concurrently” as applied to payment transactions mean payment transactions where at least part of the processing of each respective payment transaction is conducted in parallel, namely processing of one payment transaction is being carried out at a given moment during the processing of another payment transaction. Also where more than one software session instance is created per payment transaction, it is possible to break down the above-mentioned method into modular processes which can be accessed by different payment transactions. This is particularly useful where there are shared resources, such as a communications link.
If there are a plurality of payment transactions to be processed and software instances are created for each payment transaction, then the method may further comprise implementing the receiving, presenting, establishing, transmitting, and generating and providing steps for the plurality of payment transactions concurrently. In this way, details of multiple transactions can be received from a single source without authorisation having yet been received for the previous transaction. So, a terminal operator may swipe several transaction cards through a magnetic card reader, one after the other, to trigger the processing of an individual authorisation request for each payment that is to be made. By allowing for concurrent processing, the time taken to obtain transaction authorisation, and the delay to the customer, can be kept to a minimum.
The present invention also extends to a payment transaction apparatus for carrying out an authorised payment transaction, the apparatus comprising: input means for inputting data relating to a customer's transaction card, and data relating to an original amount of the payment transaction; presenting means arranged to present the original amount data to the customer such that a gratuity amount can be determined and in response thereto data relating to the gratuity amount can be input via the input means; communication means arranged to establish a link with an acquirer via a telecommunications network and to seek online authorisation for the payment transaction by transmitting the transaction card data and data relating to a value of the transaction, the transaction value comprising the gratuity amount and the original amount; and means for generating and providing receipt data to the customer, the receipt data confirming authorisation of the payment transaction at the transaction value when the transaction has been authorised.
The present invention also provides a system for implementing and authorising a payment transaction, the system comprising: a payment transaction apparatus as described for the second aspect of the present invention; an acquirer apparatus arranged to receive a request for an online authorisation of a payment transaction from the payment transaction apparatus, to authorise the payment transaction at the transaction value and to transmit an authorisation confirmation over the telecommunications network to the payment transaction apparatus.
According to another aspect of the present invention there is provided a method of authorising concurrent payment transactions with an acquirer, the method comprising: establishing a link with the acquirer via a telecommunications network and transmitting a request for an online authorisation of a first payment transaction using received payment transaction data; storing data relating to a second concurrent payment transaction in a queue, whilst awaiting the result of the online authorisation of the first payment transaction; using the established link to the acquirer to transmit a request for online authorisation for the second payment transaction using the payment transaction data stored in the queue, once the result of the online authorisation request for the first payment transaction has been received.
In this way, when a communications link is established with an acquirer, it may be used to obtain authorisation for further transactions requiring authorisation from that same acquirer rather than being dropped after authorisation has been obtained only for a first transaction. Generally, the most time-consuming part in obtaining authorisation for a transaction, particularly where a public switched telephone network is employed, is the establishing of a communications link with the relevant acquirer. Hence, the speed with which transaction authorisation is obtained can be improved using the present invention whenever there may be concurrent transactions for the same acquirer.
While the telecommunications link is still established and in use, the storing step described above may comprise storing further transaction data in the queue relating to other concurrent payment transactions, such that many transactions may be awaiting authorisation simultaneously. In this way, data relating to a plurality of payment transactions can be received, initially processed and stored, prior to a communications link with each transaction's acquirer being sought. The greater the number of transactions for a given acquirer that are stored, the greater the improvement in efficiency that is obtained.
The method may further comprise: removing data relating to a concurrent payment transaction from the queue once an authorisation result for that transaction has been received; checking the contents of the queue; and relinquishing the established link with the acquirer once there is no further transaction data stored in the queue, after the result of the online authorisation request for the last transaction has been received. Hence, termination of a communications link with an acquirer can be avoided when further transaction data has been received requiring authorisation from the same acquirer. In other words, before dropping a communications link, a check is always made to see if the link could be of immediate further service and should therefore be maintained. Use of a queue in this way provides an efficient way of handling asynchronous authorisation requests which it is desired to process sequentially.
In order to better process transaction data when authorisation for concurrent transactions may be sought from more than one acquirer, the method may further comprise: considering the acquirers to which the other concurrent payment transactions relate, and the storing step may comprise storing only that transaction data in the queue which is directed to the same acquirer as the first payment transaction. In addition, transaction data which relates to a different acquirer may be stored in a respective queue related to that acquirer for subsequent transmission thereto. Hence, by forming separate queues of transactions awaiting authorisation for each different acquirer (in other words streaming transactions according to their destination acquirer), it is possible to group together those payment transactions which can take advantage of the present invention, thereby optimising the operation of authorising payment transactions to different acquirers.
It is also advantageous for the method to further comprise creating one or more software session instances for each payment transaction requiring on-line authorisation, the software session instances controlling the establishing, transmitting, storing and using steps for that transaction. This is because transaction card details can then be received concurrently from more than one source and initial processing can be performed in parallel.
Given the capability to process many transaction authorisation requests concurrently, the method may further comprise receiving concurrent payment transaction data from a plurality of remote terminals. Hence, all transaction authorisation requests can be transmitted to a central EFTPOS terminal where they are queued according to their destination acquirer, thereby saving costs over having multiple stand-alone EFTPOS terminals. If the remote terminals are portable then there is also the added advantage that they can be used in close proximity to the customer thereby improving security, since the customer's payment transaction card, say, need never leave their sight.
This aspect of the present invention may also be considered to extend to a method of authorising concurrent payment transactions with a first and a second acquirer, the method comprising a method of authorising concurrent payment transactions from a first acquirer as stated above, wherein the storing step comprises: storing data relating to further concurrent payment transactions in the queue and a further queue in dependence upon the acquirer to which the payment transaction relates, whilst awaiting the result of the online authorisation for the first payment transaction; the method further comprising: relinquishing the established link with the first acquirer once there are no further transaction data requests stored in the queue, after the result of the online authorisation request for the last transaction to the first acquirer has been received; and establishing a link with the second acquirer via the telecommunications network and transmitting a request for an online authorisation of a further payment transaction using received payment transaction data stored in the further queue.
This aspect of the present invention can also be considered as a method of authorising concurrent payment transactions with an acquirer, the method comprising: receiving data relating to a first and second payment transactions from one or more remote terminals; storing the data relating to the second payment transaction in a queue; establishing a link with the acquirer via a telecommunications network and transmitting a request for online authorisation for the first payment transaction using the received first payment transaction data; using the established link to the acquirer to transmit a request for online authorisation for the second payment transaction, using the received second payment transaction data, once the result of the online authorisation request for the first transaction has been received; and relinquishing the established link with the acquirer after the result of the online authorisation request for the second transaction has been received.
Alternatively, this aspect of the present invention can be understood to be a method of authorising concurrent payment transactions with an acquirer, the method comprising: establishing a link with the acquirer via a telecommunications network; storing data relating to at least one concurrent payment transaction, required for seeking an online authorisation, in a queue; using the established link to the acquirer to sequentially transmit requests for and receive results of online authorisations relating to each of the concurrent payment transactions until the queue is empty.
The present aspect of the invention also extends to an apparatus for authorising concurrent payment transactions with an acquirer, the apparatus comprising: communication means arranged to establishing a link with the acquirer via a telecommunications network; transmitting means arranged to transmit a request for an online authorisation of a first payment transaction over the link using received payment transaction data; and a store for storing data relating to a second and other concurrent payment transactions in a queue, whilst awaiting the result of the online authorisation of the first payment transaction; the transmission means being arranged to use the established link to the acquirer to transmit a request for online authorisation for the second payment transaction using the payment transaction data stored in the queue of the store, once the result of the online authorisation request for the first payment transaction has been received.
Advantageously the transmission means may comprise a finite state machine, such that account may be taken of different conditions which determine what action is to be implemented. Use of a finite state machine in such a transaction processing apparatus provides an efficient way of handling a plurality of interactive processes which change in dependence on external conditions.
The present aspect of the invention also extends to a system for implementing and authorising a payment transaction, the system comprising: a payment transaction apparatus according to the apparatus described above; an acquirer apparatus arranged to receive a request for an online authorisation of a payment transaction from the payment transaction apparatus, to authorise the payment transaction at the transaction value and to transmit an authorisation confirmation over the telecommunications network to the payment transaction apparatus.