An emerging technology in the industry of payment processing is mobile payments. Mobile payments addresses many needs including offering greater convenience to consumers through eliminating the use of plastic cards, stickers, or key tags that use magnetic-striped, radio frequency identification (RFID), barcodes, blue tooth, or chips to store and transmit payment account data to authorize and conduct payment transactions at point of sale terminals. Current mobile payment solutions might include the use of near-field communication (NFC), barcodes including two dimensional barcodes, Bluetooth, or significant software upgrades to the point of sale (POS) system. Each solution has significant unique setbacks for merchant and consumer adoption.
Conventional cards store payment account data on the card and payment terminal readers at point of sale in stores will read and capture the data required to submit and gain a transaction authorization and approval for the transaction from the card issuer. Since the advent of the magnetic striped cards and their readers, technologies have been centered around improving the security and speed by which transactions occur, but most methods still employ using a physical or virtual card that is read by a point of sale terminal. Through a variety of means, the payment account data by which the consumer is going to make a payment to a merchant is captured by the merchant payment terminal, via magnetic-stripe, RFID, Bluetooth, barcodes or chips and submitted for authorization and approval. The industry method of capturing card payment data has created the necessity for merchants to have payment terminal readers that are able to read the cards being used to make payments at their stores.
Virtual mobile or web enabled software applications are now in use which display an electronic barcode on the mobile phone screen. This requires the card data encoded in the barcode to be read by barcode readers at the POS to initiate the transaction. RFID or NFC technology transmits the payment card data to merchant payment terminals equipped to receive the radio signal. The cards or stickers that utilize this NFC solution must be swiped by the NFC enabled payment terminal reader in order to capture the payment card data and thus initiate the transaction. This NFC technology has also been used in phones to transmit the card data. The payment card data may be stored on the phone in a software application or it may be accessed via a mobile or web accessed software application that supplies the card data from an electronic wallet. With the prescribed NFC tag stored on the phone through a software application method a payment card or sticker equipped with NFC is not required to be present to capture the payment card data and to initiate the transaction as the NFC technology is embedded into the mobile phone itself. This NFC technology embedded into mobile phones or devices still requires a payment terminal capable of reading the payment card data transmitted via the NFC technology. In the United States, this technology is as of yet mainstream and intermediate solutions have also been developed that plug NFC technology into a port on the mobile phone.
Security remains a significant concern for most, if not all mobile solutions, as they send the consumer card data at point of sale to the merchant. This opens the transmission of the card data to hack attempts as was observed when the Hannaford Brothers regional grocery company announced a data breach on Mar. 17, 2008. In the Hannaford Brothers case, when the consumer swiped their magnetic payment card at a POS terminal, the track data from the customer card (the PAN and possibly the expiration date and PIN with PIN related transactions) was transmitted from the POS terminal to the store server and then from the store server out to the bank responsible for authorizing the transaction. The criminals were able to steal this data while it was moving through this authorization process (in-transit) by inserting a malware program onto the store server. It was estimated over 4.2 million credit and debit card numbers were compromised through every one of the chain's 300 grocery stores.
The Hannaford Brothers case was cause for even greater concern as the data theft was occurring despite the fact that Hannaford Brothers had a security firm to monitor its network security and their stores used a modern POS system that should have been secure (in fact, Hannaford Brothers had been featured in a 2005 Computerworld article as an example of a retailer aggressively updating and modernizing their POS system (Hoffman, 2005)). An NFC solution could increase risk as the ability to intercept in-transit data is greatly increased when the medium of exchange is no longer limited to a magnetic card swipe and instead broadened by the use of radio technology. The inventors of this patent application have observed that by eliminating the transmission of the sensitive financial card data at the point of sale, security measures are able to be greatly increased in protecting the financial transaction and account information exchanged during the transaction process whereby the financial account data is only exchanged between trusted financial institutions and not the merchant or POS system.
A recent alternative payment solution developed by Mocapay, Inc. offers a mobile payment solution whereas consumers pre-authorize payment to a store from a virtual electronic gift card. While yet to be seen in the form of a product, Mocapay discloses in US Patent Publication No. 2009/0063312 A1 an ability to use a credit card transaction; however the processing and interaction with the merchant's point of sale remains the same. The consumer utilizes a mobile application to pre-approve a transaction at a specific merchant. After the user submits their approval, the software issues an authorization code. This code is displayed numerically or in the form of a barcode on their phone. When the user is at checkout they tell the merchant or cashier they will be paying using Mocapay. The consumer then shows the merchant the approval code to be entered into the point of sale payment terminal to complete the transaction or they may scan the barcode to complete the transaction. Either method requires that the merchant's point of sale payment terminal or software system be changed or reprogrammed to be able to enter in and accept the authorization code generated and provided to the consumer's mobile device upon displaying it to the merchant.
Other methods of conducting payment or loyalty transactions require a physical chip or card or virtual card displayed in the form of a barcode to capture the payment card data at point of sale from which the funds will be drawn upon.