Conventional merchant payment systems typically include one or more point-of-sale workstations (“POS workstations”), such as an electronic cash register (“ECR”) that may be coupled to a payment terminal, such as a PIN pad card reader (“PIN pad”) to accommodate credit and debit card payments from consumers. The ECR is coupled through a network connection (e.g., broadband connection or dial-up connection) at the merchant location in order to interact with remote card payment processing systems to process credit card and debit card transactions initiated by consumers for settlement. A merchant may have multiple checkout lanes each with its own POS workstation, such as a supermarket, or a merchant may simply have a single checkout area with one POS workstation, such as at a convenience store.
In contrast to the conventional merchant payment systems above, cross-merchant payment platforms currently exist in which a consumer's payment modalities, such as credit cards, debit cards and checking account information, are stored at a remote location that is managed by a third party “identity provider service.” When a consumer sufficiently authenticates his identity at the point-of-sale of any merchant that has integrated into such a cross-merchant payment platform, such consumer's payment modalities are transmitted by the identity provider service to the merchant's POS workstation in order to consummate a payment transaction. Such cross-merchant payment systems provide for additional security at the point-of sale by requiring the consumer to submit biometric information, such as a fingerprint image, to unlock access to an “electronic wallet” containing the consumer's different payment modalities and stored at the identity provider service. Additionally, such cross-merchant payment systems also provide an opportunity to use payment options other than credit and debit card payments that can be stored in the electronic wallet (e.g., checking account information for eCheck transactions) for which back-end processing fees may be less for the merchant. Such cross-merchant payment systems are typically integrated into the merchants' POS workstations by adding hardware and software that enable biometric authentication and electronic wallet presentation.
FIG. 1 depicts a system-level block diagram for an exemplary cross-merchant payment and authentication system. As shown in FIG. 1, a client hardware device 105 resides at a checkout area, such as a checkout lane, within a merchant location. Multiple client hardware devices 105 may reside in a single merchant environment that has multiple checkout lanes.
Each client hardware device 105 is attached to a biometric sensor 110 for receiving biometric information from a consumer. The client hardware device 105 is also connected to a payment terminal 115, such as a PIN pad, and a network hub device 130 that serves as a hub for multiple checkout areas in a merchant location.
The PIN pad 115 receives information from a consumer, such as via swiping a transaction card or entering a passcode via a keypad. The PIN pad 115 is connected to a POS workstation 120, such as an ECR, which processes a consumer transaction. The POS workstation 120 is also used to forward information received from the PIN pad 115 to the network hub device 130. The POS workstation 120 can also be attached to a printer, check reader or other peripheral device useful at a point-of-sale 125.
As discussed, the network hub device 130 includes a connection to each POS workstation 120 and each client hardware device 105. The network hub device 130 is used to forward received information to server devices, such as a store controller 135, a corporate network server 140, payment processing servers 145 and 150 and an identity provider service 155.
FIG. 2 depicts a block diagram depicting the software components resident on the various devices in FIG. 1. As shown in FIG. 2, a client hardware device 105 includes software components based upon one or more application program interfaces (“APIs”), such as 205-215. The client hardware device 105 includes a software component 205 for interfacing with the biometric sensor 110 through the biometric sensor's API. Such a software component 205 enables the client hardware device 105 to request that the biometric sensor 110 activate in order to capture biometric information from a consumer. The client hardware device 105 also includes a software component 210 for interfacing, via a commonly understood API, with the complementary software component 220 of the PIN pad 115. Such a software component 210 enables the client hardware device 105 to receive requests from the PIN pad 115 to capture biometric information from the biometric sensor 110, receive and transmit information received from the consumer from the PIN pad 115 to the identity provider service 155, and transmit information received from the identity provider service 155 (e.g., consumer account information) to the PIN pad 115. The client hardware device 105 also includes a software component 215 for interfacing, via a commonly understood API, with the complementary software component 225 of the identity provider service 155. Such software component 215 enables the client hardware device 105 to communicate with the identity provider service to authenticate a consumer biometric information and to receive a consumer's electronic wallet information.
For example, in one communication process flow of an architecture under FIG. 1, the client hardware device 105 may be requested by the PIN pad 115 to request biometric information, such as a fingerprint image, to be captured by the biometric sensor 110. The client hardware device 105 receives the request and activates the biometric sensor 110 to capture the fingerprint image. The client hardware device 105 receives the image from the biometric sensor 110 and generates a biometric template (i.e., an extracted feature set of minutiae points) from the fingerprint image or alternatively, the biometric sensor 110 generates the biometric template itself and transmits the template to the client hardware device 105. The client hardware device 105 requests and receives consumer identifying information, such as a phone number, identification number or any other alphanumeric sequence, from the PIN pad 115 and communicates the biometric template and the consumer identifying information to the identity provider service 155 (optionally using encryption and decryption algorithms). Authentication information and/or authorized payment information can be retrieved by the client hardware device 105 from the identity provider service 155 if the biometric template and consumer identifying information match a user profile and thus unlock such user's electronic wallet.
For example, in such a conventional cross-merchant payment system that includes a biometric sensor for authentication purposes, a cashier processes items for purchase at a POS workstation 120. Once a total purchase price has been generated, the POS workstation 120 sends a signal to the PIN pad 115 to prompt a user for a payment method. If the user requests that biometric information be used (e.g., to obviate the necessity of providing a credit card or other payment token), the PIN pad 115 communicates with the client hardware device 105 to request that the biometric sensor 110 be turned on. The PIN pad 115 might also display a prompt for the user to, for example, place a finger on the biometric sensor 110. A fingerprint image is captured by the biometric sensor 110 and transmitted to the client hardware device 105 (or alternatively, the biometric sensor 110 converts the captured fingerprint image to a template and transmits the template to the client hardware device for storage). The PIN pad 115 might then request that the user enter a number into the PIN pad 115, which the PIN pad 115 then forwards to the client hardware device 105. If not already generated by the biometric sensor 110, the client hardware device 105 then generates a biometric template based on the fingerprint image and transmits the template and the number to the identity provider service 155 via one or more network devices, such as a hub 130. The template and number can be encrypted prior to transmission. The identity provider service 155 then compares the template with one or more stored registration templates to determine if a match occurs. The number can be used to reduce the number of stored registration templates with which the template is compared in order to decrease processing time. Each user might have a unique number such that the template need only be compared with a single stored registration template for verification purposes. If a match occurs, the identity provider service 155 sends an electronic wallet associated with the matched stored registration template to the client hardware device 105. The electronic wallet can be encrypted prior to transmission. The client hardware device 105 can forward a representation of wallet items (e.g., representations of one or more credit cards or debit cards, etc.) to the PIN pad 115 to be displayed to the consumer. Upon a selection of a particular payment option (e.g., credit card) the PIN pad 115 requests the client hardware device 105 to provide the associated payment account information (e.g., credit card number) and subsequently forward the payment account information to the POS workstation 120. In this manner, the above process emulates, for example, a magnetic card swipe to the PIN pad 115 and POS workstation 120. Normal credit processing can then be performed using the POS workstation 120 to access a card/payment processing server 145.
One problem with such cross-merchant payment systems is that each checkout area in a merchant environment requires a substantial amount of hardware. For example, a client hardware device 105, such as the one shown in FIG. 1, requires a processor, a coupled biometric sensor and a power cable. Additionally, numerous connections are required for a checkout area having such a cross-merchant payment system. For example, as illustrated in FIG. 1, RS-232 connections are required between the client hardware device 105 and the PIN pad 115. Moreover, an Ethernet connection exists between the client hardware device 105 and the network hub device 130. Each client hardware device and associated cables incurs an additional expense from the merchant on a per checkout area basis. Additionally, security mechanisms such as cryptographic keys, encryption algorithms and tamper proof designs for the devices must also be developed, installed and maintained at each such checkout area. As such, reducing the number of hardware devices and cables per checkout area could significantly reduce a merchant's financial and maintenance overhead in implementing such a cross-merchant payment system.
What is needed is a method and system for reducing the amount of hardware required for a biometrically enhanced checkout area for the implementation of a cross-merchant payment system at a merchant location. The present disclosure is directed to solving one or more of the above listed problems.