US 12,169,839 B2
Computer-implemented method, system, and computer program product for authenticating a transaction
Gurpreet Singh Bhasin, Fremont, CA (US)
Assigned to Visa International Service Association, San Francisco, CA (US)
Appl. No. 17/632,889
Filed by Visa International Service Association, San Francisco, CA (US)
PCT Filed Aug. 8, 2019, PCT No. PCT/US2019/045673
§ 371(c)(1), (2) Date Feb. 4, 2022,
PCT Pub. No. WO2021/025698, PCT Pub. Date Feb. 11, 2021.
Prior Publication US 2022/0270096 A1, Aug. 25, 2022
Int. Cl. G06Q 20/40 (2012.01); G06Q 20/32 (2012.01); G06Q 20/38 (2012.01)
CPC G06Q 20/4015 (2020.05) [G06Q 20/3224 (2013.01); G06Q 20/3226 (2013.01); G06Q 20/389 (2013.01)] 3 Claims
OG exemplary drawing
 
1. A computer-implemented method for authenticating a card-not-present transaction, comprising:
storing, by a mobile device comprising a memory, a graphical user interface (GUI), and a global positioning system (GPS) receiver, account data for a payment device of a user in the memory;
transmitting, by the mobile device, a transaction request message to a merchant system, wherein the transaction request comprises the account data from the memory and an Internet Protocol (IP) address;
receiving, by an authentication system, a transaction initiation message from the merchant system, wherein the transaction initiation message comprises the transaction request and based on the received transaction initiation message, transmitting, by the authentication system, a challenge to the mobile device, wherein the challenge comprises a public key, and the transmitting the challenge further comprises displaying, on the GUI, a prompt for obtaining an account number from the payment device via an NFC connection with the payment device;
receiving, by the mobile device, the challenge and in response to the received challenge:
receiving, by the mobile device, and based on the displayed prompt, the account number from the payment device via the NFC connection with the payment device;
obtaining, by the mobile device, via the GPS receiver, location data; and
generating, by the mobile device, an encrypted data packet, by encrypting the account number and the location data using the public key;
transmitting, by the mobile device, the generated encrypted data packet to the authentication system;
decrypting, by the authentication system, the encrypted data packet using a private key corresponding to the public key, and determining, by the authentication system, that the account number from the decrypted encrypted data matches the account data;
determining, by the authentication system, that a distance between a location of the IP address and a location of the mobile device according to the location data from the decrypted encrypted data is less than a threshold; and
based on determining that the distance is less than the threshold and that the account number from the decrypted encrypted data matches the account data, authenticating, by the authentication system, the transaction.