Bankcard payments are transactions performed between two parties, where one party, usually called the cardholder, makes the payment and the other party, usually called the merchant, receives the payment. Both parties use bank accounts supporting the payments. The cardholder's account is debited and the merchant's account is credited with the payment amount. Based on the timing of the payment transaction vs. its settlement, there are two types of bankcard payment transactions, debit or credit. With debit transactions the payment amount is immediately debited from the cardholder's account and credited to the merchant's account. With credit payments the transaction is instantaneously authorized, but the merchant's account is credited with a short delay. The cardholder's account accumulates credited payments, which are then paid by a cardholder at a later time.
In this type of payment, both parties have accounts that support payments. The merchant's account that receives the payment is always a standard bank account in a bank. That bank is called the acquiring bank, as it acquires payments on behalf of merchants. For debit payments, the account of the cardholder is also a standard bank account in a bank. That bank is called the issuing bank, as it issues bankcards to cardholders. Issuers may also be other financial institutions, not only banks. The cardholder's debit account must have a sufficient balance at the time of payment. For credit payments, the cardholder has an account with a line of credit with the financial institution that issued the card. The payment is made to the merchant by that institution, and the amount is accumulated in the cardholder's credit account and paid at a later time.
The main goal of each bankcard payment transaction is to authorize payment to the merchant from the cardholder's account. With a debit payment, the authorization is performed as an immediate transfer of funds to the merchant's account. With a credit payment, the merchant first receives an authorization from the cardholder's financial institution, which pays the transactions and credits the cardholder's credit account. To get payment authorization, the cardholder must give his/her consent. For that purpose the cardholder has a bankcard account number. Presentation of that number and its verification by the financial institution constitutes payment consent.
Bankcard account numbers are distributed to cardholders in the form of the plastic bankcards with the number written on the face of the card and also recorded either in the chip or in the magnetic stripe of the card. To give consent for payment, the standard protocol used at the time of this invention is for the cardholder to give his/her bankcard account number to the merchant, who presents it to the cardholder's bankcard financial institution—card issuer, as an authorization request. The issuing institution returns a response to the merchant, which is an authorization response—approval or rejection of the payment.
The infrastructure to perform bankcard payment transactions is very complex and has many components. It is shown in FIG. 1. At the counter, merchants use various types of point-of-sale (POS) devices used to capture the cardholder's bankcard number. At larger stores, those devices are usually connected to the store's payment server, which is connected to the payment gateway that accumulates payment transactions from local merchants. Payment gateways are connected to larger payment switches called payment processors. To interconnect to multiple banks, payment processors are connected to the bankcard brand network and that network connects payment-processing components to the issuer and acquirer banks.
At the time of this invention, bankcard payment technologies, payment protocols, and payment infrastructures have many problems, resulting in high fees, fraud, and serious financial damages. The first group of problems is due to the complexity of the system. Because the system has many components, its structure and protocols are complex, expensive to maintain, and vulnerable. The other group of problems is based on the very bad practice of requiring cardholders to give consent by sharing their bankcard account number, which should remain secret between the cardholder and his/her issuer financial institution. Due to a complex and insecure protocol, that bankcard account number is recorded and known to many parties in the system. In essence, most of the problems with the bankcard payment systems that exist at the time of this invention are caused by two main reasons: (a) complex payment infrastructure with multiple components and (2) weak authentication and authorization mechanisms.
Another group of problems in standard bankcard processing systems is user privacy and anonymity. In fact, user privacy and anonymity does not exist at all, as all cardholder transactions are available to all parties of the system involved in processing of transactions. All cardholder purchases are traceable as the same bankcard number is used for each of them. This results in the tracing and profiling of cardholders by unauthorized parties (store and Web merchants), thus violating their privacy and anonymity.
At the time of this invention, there is an emerging and disruptive technology with technical, conceptual, and organizational characteristics that seems as a promising concept that could solve all the problems of the standard bankcard payments infrastructure. That technology and concept were introduced by Bitcoin, the anonymous peer-to-peer electronic cash system. In the Bitcoin system that concept is called the blockchain and, in essence, it represents a public ledger of all transactions. The core of the account validation process when performing payments is that the account has to have a sufficient balance to make a payment. Because Bitcoin is a peer-to-peer payment system without third parties, it does not use the complex infrastructure of multiple third parties to validate its payment transactions. In Bitcoin, to validate whether an account has a sufficient balance, all of that account's transactions are made publicly available. In that way, the recipient of the transaction can validate that the payer is in possession of a sufficient amount of the currency and is not making double payments. The requirements for the ledger are that the transactions cannot be illegally modified, inserted, or deleted after their settlement. This is achieved using a public ledger that is a globally available, distributed, replicated, synchronized, append-only, and secure archive of transactions.
In this invention, the idea of a public ledger is used as the solution for both of the core problems in bankcard payment system. Public ledgers support validation of peer-to-peer transactions without the participation or assistance of any third party, so the use of these ledgers eliminates all components of complex bankcard payment infrastructures. Accounts that use Bitcoin are anonymous and unforgeable, which is an ideal approach for hiding and protecting bankcard account numbers when used to authorize transactions.
In other words, this invention describes a system that supports direct, peer-to-peer payment transactions between cardholders and merchants that (a) does not require validation by a third party, (b) does not require trust in any party in the system, (c) uses a cryptographic (and therefore strongly protected) form of bankcard numbers, and (d) provides security, privacy, anonymity, and untraceability for users, their accounts, and their transactions. With these features, the proposed system eliminates all components of complex bankcard payment infrastructures and, therefore, all weaknesses and disadvantages of these infrastructures, such as complexity, inefficiency, high fees, and vulnerabilities. The proposed system also prevents intrusions and eliminates the threat of stolen bankcard numbers and funds, as well as the personal damages associated with those threats. Finally, the proposed system eliminates the possibility that users and their transactions can be traced, tracked, and profiled.
The secure bankcard payment system described in this invention is one type of a larger and more general system that supports the peer-to-peer exchange of any type of secure, private, and anonymous data or transaction over the open Internet using a public transactions ledger. A public transactions ledger is a public archive of all objects reflecting the actions that have been performed in the system. Its main purpose is to provide data, cryptographic mechanisms, and protocols to validate transactions without the assistance of third parties. The objects, individually or grouped in blocks, are cryptographically encapsulated and mutually linked in a functional or time sequence. The concept of a public transactions ledger is known as a blockchain. The system described in this invention, called the Blockchain Information eXchange (BIX), is a conceptually broad system that supports the validation of any type of secure, private, and anonymous peer-to-peer transaction using a public transactions ledger (blockchain).