Mobile devices such as Smartphones are increasingly utilized to facilitate payments for purchases and other transactions. When a transaction is initiated, such as via a merchant system at a point of sale or a via a customer device in an online purchase, a debit or credit card number of the customer is then sent electronically in a transaction message to a payment gateway, payment processor, and/or or payment network to process payment for the transaction. This includes obtaining authorization to charge a payment account of the customer that corresponds to the card number. If the authorization is obtained, the transaction is allowed to proceed, and funds are at some point moved from the customer's account to the merchant's account.
Integrating customer mobile devices into this process allows for the addition of valuable functions such as providing notification of the transaction to the customer, obtaining confirmation from the customer to pay for the transaction, obtaining a selection from the customer of which account to make the payment with, and so forth. Conventional means of processing payments, however, do not optimally support the accomplishment of such functions in the short space of time during which a transaction typically occurs. The specific format required by transaction messages and the specific ways in which such transaction messages are utilized, for example, do not currently provide for efficient notification of relevant transaction processing components that the customer mobile device is to be involved in the transaction, or for efficient interaction with the customer mobile device in the process.
Another disadvantage of the current approach is that the security of the debit or credit card number may be compromised. Transaction messages include, among other things, a primary account number (PAN) that corresponds to the debit or credit card account of the party making payment. Although the PAN is necessary to process a payment, providing it to and from the point of sale exposes it to potential discovery by unintended parties each time a purchase is made. And if the merchant retains the PAN on a merchant system or database, it continues to be exposed to potential discovery by unintended parties in the event the merchant system is breached thereafter. Any such discovery could cause major problems for a cardholder, such as theft of funds or identity theft, and could require considerable time and effort trying to mitigate the damage done. It could also cause major problems for the merchant, including loss of funds on a potentially large scale, damage to reputation, loss of business, and the expenditure of time and money investigating and tracking the occurrences, responding to complaints, implementing new procedures and so forth.
For these reasons, there is a need for a means of more efficiently and securely handling payment transactions that are facilitated by customer mobile devices.