Applicant believes that there is considerable potential in the mobile commerce field in spite of the ever increasing activity reported. One factor that restrains additional growth of this market sector appears to be the security of electronic payments made for goods and services purchased on-line. In particular, credit card or debit card information inputted into the mobile communications device, typically a cellular telephone, is typically transmitted in an un-encrypted form simply because encryption keys that would need to be shared between the communications device and payment engine in order to encrypt and to decrypt the relevant data cannot be provided in practice.
This being so, a typical mobile commerce transaction developed on a mobile device is illustrated in FIG. 1. In such an application multiple mobile devices, in this instance cellular telephones (A), are provided wherein communication is enabled via a wireless network (B) with selected webpage servers (C) of multiple suppliers, such as online stores or booking applications. In order to complete a transaction it is often required to perform a payment and these applications need to connect to payment systems to facilitate the actual payment by transmitting the payment details to a backend server to perform the actual payment.
A mobile application would normally transmit the relevant data that typically includes credit or debit card or other financial account data to the webpage server or its associated payment engine using a secure TCP/IP protocol (e.g. HTTPS).
However, in most cases this level of security is not really sufficient. Each of the e-commerce stores needs to develop code to integrate to a payment engine or a financial switch (D) to perform the payment that is ultimately only finalised when the relevant banking institution (E) has cleared the transaction typically in accumulated batches of transactions.
Such applications are typically complicated pieces of development, but it is obviously necessary to ensure the integrity of the application. Every application on the mobile device that needs to capture payment will require the same functionality to capture the payment details, securely transmit the data to a backend system and then to integrate and pass these details to a payment engine or financial switch to perform the transaction. This is a substantial duplication of code both on the mobile device and the backend server. Of course, it is to be remembered that mobile devices have a limited amount of electronic capacity for processing and storing data.
Furthermore, payment details from online stores ultimately go through a financial switch (e.g. Visa or Mastercard etc). These transactions enter the switch in the country of the online store and not the country of the user making the payment. As a result these transactions are normally not conducted in real time and are processed batchwise.
A typical mobile commerce system would thus gather the payment information from the user and then submit this data to a backend server that then connects to a payments engine. This requires that the mobile commerce provider has online connectivity to the payment engine and has implemented the often tricky interface to the payment engine.
The general difficulties have led to the creation of various payment organisations often referred to as financial cyber mediaries, probably the most well-known of which is the E-BAY™ owned organisation known as PAYPAL™, an e-mail based payment system in which payment is collected by the payment organisation and subsequently paid over to the recipient.
Various other efforts have been made to enhance the security of electronic payments and in recent times a cellular telephone based payment system by the name of MOBILLCASH™ has been introduced that avoids the problem by adding payments to the actual cell phone account. However, this solution may well be unacceptable to cellular telephone service providers in that their responsibility of securing payments of their accounts is substantially increased and the addition of service functions outside of the provision of a telephone service may not be acceptable.
Payment for goods or services purchased over the Internet therefore represents a serious technical problem that existing solutions have not been able to overcome to a satisfactory extent and in a satisfactorily secure manner.