U.S. patent application number 16/427322 was filed with the patent office on 2020-04-23 for methods for performing internet processes using global positioning and other means.
The applicant listed for this patent is Ecardless Bancorp. Ltd.. Invention is credited to Randy A. Gregory, Randy D. Sines.
Application Number | 20200126076 16/427322 |
Document ID | / |
Family ID | 42109428 |
Filed Date | 2020-04-23 |
United States Patent
Application |
20200126076 |
Kind Code |
A1 |
Sines; Randy D. ; et
al. |
April 23, 2020 |
METHODS FOR PERFORMING INTERNET PROCESSES USING GLOBAL POSITIONING
AND OTHER MEANS
Abstract
Methods for purchasing of goods or services over the internet. A
customer has a customer account set up at a bank with associated
account information. The account information includes verification
information for verification parameters, such as authorized
computer identification, authorized delivery addresses, authorized
global positioning satellite or other secure location information,
authorized user identification, authorized telephone caller
identification, and/or other account information. An order is
placed by a user via an ordering computer which provides order
information. Such order information includes verification variables
used by the bank. Verification and/or authentication using one or
more variables of the customer account information is used by the
bank to validate the order before assuring payment to the
merchant.
Inventors: |
Sines; Randy D.; (Spokane,
WA) ; Gregory; Randy A.; (Spokane, WA) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
Ecardless Bancorp. Ltd. |
Spokane |
WA |
US |
|
|
Family ID: |
42109428 |
Appl. No.: |
16/427322 |
Filed: |
May 30, 2019 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
15729342 |
Oct 10, 2017 |
|
|
|
16427322 |
|
|
|
|
14956109 |
Dec 1, 2015 |
9785942 |
|
|
15729342 |
|
|
|
|
12455022 |
May 26, 2009 |
9202206 |
|
|
14956109 |
|
|
|
|
10435516 |
May 9, 2003 |
|
|
|
12455022 |
|
|
|
|
09859616 |
May 16, 2001 |
|
|
|
10435516 |
|
|
|
|
09669332 |
Sep 25, 2000 |
7080048 |
|
|
09859616 |
|
|
|
|
60379846 |
May 10, 2002 |
|
|
|
Current U.S.
Class: |
1/1 |
Current CPC
Class: |
H04W 4/023 20130101;
G06Q 20/02 20130101; G01S 19/42 20130101; G06Q 20/12 20130101; G06Q
20/40 20130101; G06Q 20/04 20130101; G06Q 20/401 20130101; G06Q
20/108 20130101; G06Q 30/0601 20130101; H04L 63/08 20130101 |
International
Class: |
G06Q 20/40 20060101
G06Q020/40; G06Q 20/02 20060101 G06Q020/02; G06Q 20/04 20060101
G06Q020/04; G06Q 20/10 20060101 G06Q020/10; G06Q 20/12 20060101
G06Q020/12; G06Q 30/06 20060101 G06Q030/06; H04L 29/06 20060101
H04L029/06; H04W 4/02 20060101 H04W004/02; G01S 19/42 20060101
G01S019/42 |
Claims
1. A method for a financial provider to authenticate or verify a
customer using a computer device in connection with a payment
transaction between the customer and a merchant, comprising:
receiving, by at least one processor, computer identification
information and a plurality of changeable authentication or
changeable verification parameters from the customer computer
device; performing, by at least one processor, a first verification
procedure using the plurality of changeable authentication or
changeable verification parameters and the computer identification
information from the customer computer device to determine that the
customer is authorized to use the customer computer device;
linking, by at least one processor, the computer device with a
first account based on the computer identification information from
the customer computer device; accessing, by at least one processor
of the financial provider, a positioning location indicative of a
physical location of the customer computer device for the purpose
of conducting the payment transaction, wherein the positioning
location includes position data obtained from a GPS sensor of the
customer computer device; performing, by at least one processor of
the financial provider, a second verification procedure utilizing
the positioning location from the customer computer device to
verify that the customer computer device is at an authorized
location; determining, by at least one processor, that the customer
is authorized to use the first account in the payment transaction
based on the first and second verification procedures; receiving,
by at least one processor, computer identification information from
a merchant computer device; linking, by at least one processor, the
merchant computer device with a second account based on the
computer identification information from the merchant computer
device; receiving, by at least one processor, a payment transaction
request; generating, by at least one processor, a transaction
identifier in response to the payment transaction request for said
transaction based on the first and second verification procedures;
and assuring, by at least one processor, payment between the first
account and the second account using said transaction identifier.
Description
CROSS-REFERENCE TO RELATED APPLICATIONS
[0001] This application is a continuation of U.S. patent
application Ser. No. 15/729,342 filed on Oct. 10, 2017, which is a
continuation of U.S. patent application Ser. No. 14/956,109 which
is now U.S. Pat. No. 9,785,942. This application was a
continuation-in-part of U.S. patent application Ser. No.
12/455,022, filed May 26, 2009, now U.S. Pat. No. 9,202,206, which
is a continuation of U.S. patent application Ser. No. 10/435,516,
filed May 9, 2003, which claims benefit of U.S. provisional
application Ser. No. 60/379,846 filed May 10, 2002, and which is
further a continuation-in-part of U.S. patent application Ser. No.
09/859,616 filed May 16, 2001 and Ser. No. 09/669,332 filed Sep.
25, 2000 now U.S. Pat. No. 7,080,048, granted Jul. 18, 2006. The
contents of each of the aforementioned applications are hereby
incorporated by reference in their entirety.
TECHNICAL FIELD
[0002] The technical field of this invention is methods and systems
for purchasing on the to internet or other global computer
information network without need for transferring charge card
numbers or similar sensitive financial or personal account
information during the purchase transaction.
BACKGROUND OF THE INVENTION
Internet Purchase Transactions
[0003] The volume of commercial transactions being conducted by
communication over the internet has grown dramatically. These
transactions typically include placement of orders by purchasers
using a merchant or plural merchants who are paid by one or more
credit card companies or banks using credit or debit accounts. This
trend will continue and the volume of purchase transactions
conducted over the internet will increase, probably at an
accelerating rate.
[0004] A typical internet purchase transaction includes an order
which is placed with a merchant. The order information is assembled
by the customer, typically using the customer's name. If the
customer is a company or other organization, then the order will
include both the company name and the name of the person who is
using the computer. Such user names are also included to better
process the order and provide greater accountability.
[0005] The home address, business address, or other mailing and/or
billing addresses are frequently required by the merchant during
the order session to create an order file. Also included as part of
the order information is the shipping or delivery address. If the
order is for shipment to a third party, then the shipping or
delivery address is different from the customer address.
Order Response Communication
[0006] Internet purchasers are also typically invited to provide an
email address to which an order response communication can be sent.
Alternative order response communications can be used, such as
phone, letter or other. The order response communication is most
often in the form of a confirmation communication providing the
customer with pertinent transaction information and a message which
reassures the customer that the order has been successfully
communicated and is being processed.
[0007] Additional information which may be gathered in connection
with an internet purchase may include telephone contact
information, purchase order numbers, invoice numbers and additional
billing or customer information.
[0008] In most internet purchase transactions the order is
processed and paid using a bank credit or debit card. The
information provided by the customer includes an account number,
card expiration date, card holder's name and the type of card being
used. The charges for the order is are posted against the customer
account number as a charge entry or entries. These entries can be
either a credit charge entry or a debit charge entry, depending on
whether the charge account is a credit card account or a debit card
account.
[0009] Placement of orders for internet purchasing using charge
card accounts is now widely conducted using the limited information
just described--account name, account number, and expiration date.
This information is available on the face of most charge cards.
Because of this, it is relatively easy for a thief using a stolen
charge card to purchase items over the internet. The frequency of
internet charge card fraud is increasing and the associated costs
are also rising. Whether the order is authentic or a fraud is
almost impossible to determine unless the charge card has been
reported as stolen and been deactivated.
Initial Processing By Merchant
[0010] After an internet purchase order is placed, the merchant
then undertakes initial processing of the order. Initial processing
includes a merchant's review of the requested goods or services to
determine whether the order can be properly processed and whether
the ordered goods or services can be provided to the purchasing
customer. This initial processing varies from one merchant to
another.
[0011] A common initial processing sequence is for the merchant to
first analyze the customer purchase order file to see if all
necessary information has been provided. This can be done while the
customer is in active communication with the merchant over the
internet. Alternatively, the customer order can be checked or
double checked after the customer's session with the merchant's web
site has been completed. The order file review performed by the
merchant checks for completeness to make sure that sufficient
information has been provided for the merchant's further review and
processing of the customer's order.
[0012] The merchant's initial processing of an order usually leads
to an initial order response communication. The initial order
response communication can be in various forms and is used to
communicate results of the initial processing analysis. For
example, the initial order response may communicate confirmation of
the order, a query for additional information, or a refusal that
declines the order or explains some other alternative.
[0013] Initial order processing by a merchant may also include
inventory review. Such is inventory review analysis considers the
merchant's inventory of goods or resources available for providing
services. This is assessed against previous orders to determine if
and when the ordered items can be provided.
[0014] Another step or phase of initial processing may include
payment assessment. Payment assessment of an internet order is
performed to determine whether the customer has adequately arranged
for or provided payment for the ordered items. The merchant
considers the payment information contained in the order and then
decides whether to accept or reject the order on this
assessment.
[0015] One widespread form of payment assessment involves orders
placed using credit or debit cards as the means for payment. The
customer provides sensitive charge account information via the
internet as explained above. This information is then used by the
merchant to determine whether the customer's account can be charged
for the ordered items to pay the merchant. The ordered items may be
goods, services or a combination of goods and services.
Prior Art Communication of Account Information
[0016] The current practice involves not only the communication of
sensitive account information between the customer and merchant
when the order is initially placed, but also the secondary
retransmission of this account information between the merchant and
the bank card company. The order is usually accepted by the
merchant after receiving charge authorization from credit card
companies, such as VISA.TM., MASTERCARD.TM., DISCOVER.TM., and
AMERICAN EXPRESS.TM., or processing companies working in their
behalf or service. The established approach involves two or more
transmissions of the customer account name, account number,
expiration date of card, and the amount to be charged to the
customer's account for the ordered items.
Dishonored Bank Card Account Transactions
[0017] Submission of charge requests to the bank card processors
for authorization does not necessarily result in a merchant
receiving actual payment. Most businesses receive the customer
order and submit a request to the bank card processors for
authorization to charge a particular customer's account. In some
cases this involves two separate queries by the merchant.
[0018] In reviewing a charge request, a first analysis is performed
by the bank card processor to determine if the account is valid and
active. In a second query, the bank card company or another related
bank card processor performs a second analysis to determine if the
account has sufficient credit or funds. Both of these queries can
also be performed in a single request to a single processing
operation serving the merchant or charge card company being
used.
[0019] The bank card processor responds to the merchant's request
for authorization at the time of submission of the authorization
request. This can be at or near the time the order is placed or the
sale transaction is being conducted. The submission of an
authorization can also occur at a later time, particularly when the
merchant is taking numerous orders at a substantial frequency.
Depending upon the merchant's business, an authorization request or
requests can also be routinely submitted later. For example,
telephone orders can be processed later in the day or next day,
and/or prior to shipment of the goods or rendition of the
services.
[0020] Surprisingly, although a merchant may receive a positive
authorization to charge from the charge card processing company,
this does not insure the merchant will actually be paid on the
transaction. This uncertainty arises because merchants submit their
charge card sales to a designated processing bank for payment to
the merchant's account. This is usually done in the form of an
electronic file which is submitted hours or even days after the
authorization request may have been submitted by the merchant, and
approved by the bank card processor. The actual requests for
payment are submitted usually at the end of the business day, but
can be at various times.
[0021] Whatever the merchant's practice, there is an inherent delay
between the time the request for authorization to charge is
approved and the time the merchant makes an actual demand for
payment. The demand for payment is made at the time such demand is
processed at the merchant's processing bank. Under the terms of the
merchant's agreement with the bank card company, the charge may or
may not be paid. For example, if other merchants or banks have in
the meantime requested payment or advanced cash so that the
customer's account has reached its available credit limit or
account balance, then the merchant's demand for payment may be
dishonored even though it was previously authorized. Depending on
the circumstances, the merchant may end up being paid later or
never. Merchant's suffering such dishonored charge is transactions
are dissatisfied since authorization was given to charge against
the account. Nonetheless, the terms of the merchant's agreement
with the charge card company will be determinative, and many or
most card companies have the ability to dishonor a charge if the
account exceeds the available credit limit or account balance.
[0022] The merchant's decision as a result of the initial
processing is most frequently to accept the order. However, the
initial processing may be lengthened in some situations because a
merchant may await irrevocable payment from the merchant's
processing bank before shipment of goods. This can be done to avoid
the risk that the charge transaction will be dishonored or paid
late. However, it has the disadvantage of increasing the time
between order and shipment. This delay to avoid dishonor may end up
hurting the merchant's business in a general manner because of
negative effects on responsiveness and business volume. This may be
incurred to address the problem of dishonored charges.
Order Acceptance By Merchant
[0023] For internet purchase transactions, whether the merchant's
initial processing response is acceptance, rejection, or request
for additional information, a response is usually communicated by
the merchant to the customer in a relatively short period of time,
usually less than 1-2 days. This initial processing response
communication can be done in a number of suitable ways. Most
typically, the merchant's initial processing response is
communicated by sending an email to the customer.
[0024] Although a variety of formats are used for merchant initial
processing responses, the responses usually involve sending a
confirmation that the order has been received and accepted. An
invoice or other transaction control number is usually assigned.
The merchant also typically indicates that shipment has or will
occur on or about an expected shipping date. Alternatively, the
confirmation may state the customer should expect delivery at the
delivery address on or about a certain delivery date.
Electronic Commerce Fraud
[0025] A substantial amount of effort has already been expended in
setting up internet purchase transaction systems. Despite these
earlier efforts, there is a continuing and increasing risk of
electronic commerce fraud. The problem of internet fraud has been
previously approached by creating secure or encrypted network
communications techniques. Although the commercial establishments
developing and using these techniques espouse confidence to the
public, there are common fears that electronic commerce fraud will
both escalate in number and become of greater value. The use of
secure or encrypted techniques are not effective where the account
card or key account information has been stolen and is being used
fraudulently. Fraudulent charges may occur for some time before
being reported or detected and the account is deactivated.
[0026] The internet or possibly other causes have also led to a
growing problem of identity theft. This problem can have a
devastating effect on the person who has their normal identity
stolen. In identity theft, an impostor obtains sensitive personal
information, such as social security numbers, bank account numbers,
charge account numbers, driver's license numbers and other
information having important identification attributes. The victim
of identity theft is usually left with a number of overdue accounts
having large balances run up by the impostor. The abused accounts
are frequently discovered long after the fraudulent activity first
began.
[0027] In many instances the victim of identity theft has
difficulty in clearing their name from the abusive use by the
impostor. This has led many such victims to change their names to
alleviate the problems of credit record destruction and other
effects of the identity theft.
General
[0028] Some or all of these problems and other objectives and
considerations are addressed by the current invention which is
described more fully below. Terminology and information used in
this background discussion is also applicable to corresponding
aspects of the invention as described below. The reader should also
understand that some of the benefits and advantages of the
invention are given in this description, whereas others may become
apparent later, in light of further use and study of the
invention.
BRIEF DESCRIPTION OF THE DRAWINGS
[0029] Preferred embodiments of the invention are described herein
with the help of is accompanying drawings which are now briefly
described.
[0030] FIG. 1 is a block diagram indicating a prior art equipment
arrangement for conducting purchase transactions over the internet.
This diagram also shows some of the principal actions indicated by
arrows.
[0031] FIG. 2 is a process block diagram indicating processing
steps used in prior art internet purchase transactions, such as
shown in FIG. 1.
[0032] FIG. 3 is a block diagram indicating an equipment
arrangement for conducting transactions over the internet according
to this invention. The diagram also shows some of the principal
actions indicted by arrows.
[0033] FIG. 4 is a process block diagram indicating processing
steps used in a preferred embodiment of the invention.
[0034] FIG. 5 is a diagram illustrating a series of exemplary
screen displays during placement of an order by an existing
customer account using the invention.
[0035] FIGS. 6 and 7 are diagrams illustrating a series of screen
displays and process steps involved in an alternative form of the
invention wherein a new customer is processed partly on-screen and
party via telephone to effect customer set up.
DETAILED DESCRIPTION OF THE INVENTION
Introduction
[0036] The current invention has several features, functions and
aspects which are explained below. Additional aspects may also be
appreciated from the background description given above and the
claims presented hereafter.
[0037] The invention includes improved methods and associated
systems for conducting a purchase transaction over the internet or
other widespread or global computer information network or
networks. The novel methods for conducting purchase transactions
have a number of steps or phases with associated features. Also
included are combinations and subcombinations of the enumerated
steps, phases and features. The novel methods can be used in
connection with a variety of purchase items, including either goods
or services, or both, in the same or separate transactions.
[0038] In one aspect the preferred methods involve creating a
customer account with a financial organization which is a bank, a
business akin to a bank, or other similar financial institution
functioning as provided for herein. For purposes of convenience,
such organizations shall herein be referred to simply as a bank.
However, such use of this term should not be interpreted as
implying any legal requirements for being called a bank, or
implying attributes other than those which are at issue in the
methods performed as described herein.
[0039] In the methods according to the invention, the bank provides
a customer account which is associated with a customer. The bank
has a record of the customer account that includes associated
customer account information. In some implementations of the
invention the customer account is set up prior to any purchase
transaction over the internet. In other forms of the invention the
customer account is in part created during an initial interaction
between the customer and bank, such as via the internet. This is
coupled with supplementary set up with the bank wherein the
customer supplies additional account information later, or confirms
initially provided account information in second or subsequent
setup sessions.
[0040] Prior to providing further explanation of the methods
according to this invention, the discussion will now turn to a
description of a prior art internet purchase transaction with
reference to FIGS. 1 and 2.
Prior Art Internet Purchase Transaction
[0041] FIG. 1 shows a diagram representing principal equipment and
key actions involved in a common internet purchasing transaction. A
customer computer 10 is operated by a human user (not illustrated),
for example a person using his or her home or office computer. The
customer has an internet service provider with data processing
equipment 12 that provides service to the customer allowing the
customer to communicate over the internet 15 to a large number of
internet web sites. The customer accesses web sites of interest in
the well-known fashion. One web site is represented by the
merchant's internet service provider with data processing equipment
18.
[0042] FIG. 1 also shows a merchant computer 20 which is under the
control and direction of a merchant. The merchant computer provides
the information which the merchant wishes to present to the public
over the internet. This typically includes general company
information and products and services which the merchant offers to
sell. The goods and services may be produced or rendered by the
merchant, or they may be produced, rendered and/or distributed
through other businesses with the merchant being just an order
processor or one of several sources for the offered items.
[0043] Communications links between the customer computer 10,
customer internet service provider 12, internet 15, merchant
internet service provider 18 and merchant computer 20 may use a
variety of data processing communications vehicles. Future
advancements in communications vehicles allowing such data
processing communications are expected to perform the same or
similar functions, or enhanced functions which are not yet
available.
[0044] FIG. 1 also shows a bank computer 30. Bank computer 30
stores or accesses customer account information relating to the
bank's customers who have charge accounts, such as VISA.TM. and
MASTERCARD.TM.. The bank computer or computers 30 also perform
certain analyses which are initiated by a merchant requesting
authorization to charge a particular customer account.
[0045] FIG. 2 further illustrates steps performed in a typical
prior art internet purchase transaction. The customer computer
accesses the merchant computer in step 41 to obtain information
relating to the customer's interest and planned placement of an
order or orders.
[0046] Step 43 involves interaction between the customer computer
and the merchant computer wherein the customer builds an order
file. The order file includes the ordered items, the shipping or
delivery address, the cost, and sensitive customer charge account
information. As explained above the customer charge account
information usually includes the account name, account number, card
type, card expiration date and the amount to be charged the
customer's account.
[0047] After the customer has provided such order file information,
then the merchant checks the order file for completeness in step
45. In step 47 the purchaser submits the order file to the
merchant. The merchant then performs initial processing in step 49.
The merchant's initial processing may include one or more analyses
which implement the merchant's policies concerning submission and
processing of customer orders. For example, the merchant may
perform an analysis to see if the item selected by the customer is
available and the date of is availability. This may be compared
against management-determined ranges for acceptable delivery
response.
[0048] The initial processing by the merchant computer also
commonly involves payment analysis to determine whether the order
has been placed using a payment method which is valid and
authorizes payment. The payment analysis usually processes
instructions from the customer computer to charge a bank card
charge account, which can be either a credit or debit account
associated with the customer. To properly process such a payment
method, the merchant typically submits the requested transaction
for approval or authorization by the bank card company or it's
processing service, as illustrated in step 51 of FIG. 2. The
payment analysis uses the customer charge account number,
expiration date, cardholder's name, and the amount of the charges
being submitted for approval.
[0049] Step 53 of FIG. 2 represents the bank's analysis of the
authorization request. This bank card analysis uses the customer
account number and internal information, such as the credit or
account limit on a credit account or account balance on a debit
account. The analysis determines whether the bank authorizes a
charge to be made against the identified account. The bank then
responds to the merchant in reaction to the charge authorization
request in step 55.
[0050] The merchant then completes any additional order analysis or
processing in step 57. Step 59 indicates communication of the
initial order processing response from the merchant to the
customer. This can be a confirmation of the order, refusal of the
order, or query for additional information.
[0051] If the initial response includes acceptance of the order,
then the merchant charges the customer charge account with the
bank, as illustrated in step 61. The merchant's acceptance of the
order leads to shipment of the order as directed by the customer
when the order file was submitted in step 63.
[0052] This prior art practice includes transmitting sensitive
account information between the customer computer 10 and the
merchant computer 20. Such transmission is a security risk when
transmitted over the internet. The basic internet structure is an
open computer architecture which allows free access to everyone and
involves repeated copying and re-transmission of data being
communicated.
[0053] Security is also compromised when the merchant computer
sends an authorization request to the bank computer 30. Again, this
risk is increased if it occurs via the internet. Security may still
again be compromised if account information is used in the bank
card company's response to the charge authorization request.
[0054] Since this sensitive business information is communicated at
least twice with any number of relaying intermediary data
processors in between, there is significant opportunity for
interception. This is particularly true when the customer account
information is communicated over the internet to the merchant which
in itself may involve numerous relays in transmission, all of which
are openly available for others to access due to the open
architecture of the internet.
[0055] The merchant's communications link with the bank computer
may be either via the internet, or by dedicated secure
communications vehicle, such as a dedicated telephone data
transmission line or other suitable communications vehicles. Such
"secure" transmissions may also involve numerous communications
processors. These may or may not be susceptible to third party
access for decoding and possible fraudulent use of the customer
account information being communicated.
[0056] Another risk is associated with the employees of the
merchant, bank, or other transmitters of account information. Even
good organizations suffer incidents of embezzlement and absconding
of information which can serve as the basis of fraud. Thus, it is
inherent that current methods for handling charge card transactions
are subject to fraud by manual and/or automated data
interception.
[0057] The current methods for transacting purchases over the
internet increase the risks of fraud because commonly transmitted
charge account information used in each internet purchase is
sufficiently complete to be used in the conduct of a fraudulent
charge using another merchant who may be located anywhere in the
world.
Preferred System Equipment Configuration for Invention
[0058] FIG. 3 shows a preferred equipment configuration and some
aspects of preferred methods according to the current invention.
Customer computer 10 is linked with the internet using the customer
internet service provider computer 12. Data communications are
conducted via the internet 15 between the internet service provider
12 and the merchant internet service provider computer 18. Merchant
computer 20 is linked to the merchant internet service provider 18.
All links use conventional data communications vehicles or suitable
future technology communications vehicles.
[0059] FIG. 3 also shows merchant computer 20 communicating with
bank computer 30. This can be a secure communications vehicle or
via the internet as shown. The merchant internet service 18
connects through the internet 15 to bank internet service provider
28. Bank computer 30 is connected to the bank internet service
provider 28. Bank computer 30 stores or otherwise controls access
to customer account information and other bank information or third
party information accessed by the bank computer.
[0060] FIG. 3 further illustrates customer computer 10 in
communication with the bank computer 30 via the internet. Customer
computer 10 is again connected by the customer internet service
provider 12 to internet 15. Internet 15 is connected to bank
internet service 28 and hence to bank computer 30.
Preferred Communications Linkages
[0061] The diagram shown in FIG. 3 illustrates a significant
difference utilized in some of the preferred methods according to
this invention. FIG. 3 indicates that the customer computer 10,
merchant computer 20 and bank computer 30 can be in simultaneous or
effectively simultaneous communication. Simultaneous or effectively
simultaneous communication allows one party to communicate with
another and immediately thereafter the same party can communicate
to another party thus allowing a three party data flow on a
real-time or nearly real-time basis.
[0062] Simultaneous communication does not necessarily imply that
all three parties are engaged in a multi-party communications
session where all or more than two parties are to receiving the
same data, voice, video or other communications mode provided by or
to all other parties. Instead, it is preferred that the
simultaneously or approximately simultaneous communication between
these parties is established by discrete communications linkages.
These discrete communication linkages are advantageously not in
communication with other linkages except as controlled by the
merchant, bank or customer computers acting as communications nodes
in the purchase transaction communications tree.
[0063] As illustrated, FIG. 3 most clearly indicates three discrete
communications linkages which define communications routes between
the three key parties--the customer computer 10, the merchant
computer 20 and the bank computer 30. This allows each of the three
communicating pairs to communicate independently in a
communications triad. In this communications triad each link
communicates separately using different communications routes
and/or vehicles. They can each also use different means for
providing encoding, encryptions, data compression, or other data
processing and communications techniques which make interception of
meaningfully complete account information dramatically more
difficult or effectively impossible.
[0064] These discrete communications linkages also enhance security
for the processing of an internet purchase transaction without
necessarily requiring use of encoding and encryption techniques
because the linkages are independently created and would in general
not share the same communications vehicles and relaying internet
computers. Instead, for example, one linkage may be communicated by
satellite through relaying computers between New York and Atlanta,
whereas another linkage may be via optical fiber data
communications land facilities between Miami and Atlanta. The third
exemplary linkage may be by microwave transmission and land lines
between Miami and New York.
[0065] The separation of certain data processing functions and key
information to one of the three or more communications linkages in
the purchasing transaction communications tree, thus provides
increased security against surreptitious interception or collection
of internet communicated files that have all the information needed
to effectuate a purchase transaction according to prior art
techniques, such as discussed above for charge card
transactions.
[0066] The above configuration advantageously includes having the
customer computer establish one data communications link, sometimes
referred to herein as a first data processing to linkage having an
associated first communication route. This is most preferably via
the internet as illustrated so that the customer can in a
conventional manner initiate shopping over the internet. This
customer-merchant communications linkage can function in many of
the conventional ways now known or hereafter developed.
[0067] The second data communications linkage is established
between the customer is computer 10 and bank computer 30 using an
associated second communications route. The third data
communications linkage is established between the merchant computer
20 and the bank computer 30 using an associated third
communications route.
[0068] The first, second and third communications linkages are
preferably initiated or established in an independent manner
through independent communications initiatives and communicating
using different communications routes. They also are preferably
configured such that each is using a distinct communications
vehicle or vehicles so that the data involved with the same
internet purchasing transaction does not get transmitted over the
same communications vehicles in the same or a related transmission.
This provides inherent added security for this internet purchasing
transaction data communications equipment arrangement.
[0069] It should also be recognized that one or more of the
communications linkages in the purchase transaction communications
tree may alternatively be via a non-internet communications
vehicle. For example, the customer-merchant communications vehicle
is via the internet as illustrated. The second communications link
between the customer computer 10 and bank computer 30 also is
preferably via the internet for ease and economy. Alternatively,
the customer may for specific reasons have another linkage which is
preferably a secure or dedicated communications link with the
bank.
[0070] The third communications linkage is between the bank and
merchant and is also preferably via the internet. It is
alternatively possible that the third communications linkage may be
via a non-internet communications vehicle, such as a dedicated data
transmission line, direct modem connection, or otherwise as is now
known or hereafter becomes available in the art.
Customer Account Setup with Bank
[0071] The novel methods according to this invention include
creating a customer account with the bank having certain attributes
and features as explained herein. The setup of the customer account
can be accomplished in a number of different ways, but includes
limited communication of certain types of information relevant to
the conduct of internet purchase transactions in accordance with
the invention.
[0072] In general, the creating of a customer account involves
associating the bank's customer account information with a
particular customer. The customer can be an individual,
association, government, corporation or other entity which is
interested in conducting a purchase is transaction over the
internet utilizing the methods of this invention. The exact manner
of associating the customer with the account can vary dependent
upon the bank and how it wishes to organize the customer accounts
and associated data. In one example, the customer account may be
associated with a customer by using a customer identification code.
The customer identification code may be an account number, account
name, account alpha-numeric identifier or other means for
identifying the customer in the records of the bank.
Customer-Originated Account Information
[0073] The creating of a customer account involves communicating
information from the customer to the bank for use in connection
with the customer account. The customer account information
includes customer-originated information which is communicated by
the customer to the bank. Examples of customer-originated
information would typically include the customer's name, home
and/or business address, phone number, social security number, tax
identification number and other information, such as discussed
below.
[0074] The customer-originated information may also include
information which indicates physical location of the customer user
or customer computer placing the order. More specifically, the
customer-originated information may include a suitable device for
determining the position of the customer user or customer computer
being utilized in the ordering process. In one preferred form of
the invention, customer-originated location information can be
generated by a global satellite positioning device. Such global
satellite positioning devices are commercially available in a wide
range of forms and are often referred to as "GPS" units.
[0075] The global satellite positioning device may be separate
from, or more preferably, directly included as part of the ordering
computer. In the more preferred version the GPS unit can be
included as part of the ordering computer in a manner which has the
GPS unit integrated into or coordinately affixed to the computer
such that tampering is alleviated or totally prevented. The
customer-originating information can thus have an additional factor
which tends to increase the reliability of both verification and
authentication processes as described elsewhere herein. This
information can be used in set up of a customer or user or customer
computer and then used as added confirmation verifying the user
during a purchase transaction. It can also be used initially during
account setup to serve as an authenticating piece of evidence as to
the location of the computer which is requesting setup or
subsequent use.
Bank-Originated Account Information
[0076] The process of setting up the customer account may also
include communicating customer account information from previous
records of the bank. This may involve communication from one
division of the bank to another division of the bank. Customer
account information originating from the bank is herein termed
bank-originated customer account information. The bank-originated
customer account information may not need to be specially
communicated and could be called upon by authorization of the
customer or by policy of the bank.
[0077] The bank-originated account information may include address
or physical location information which may be used in comparison to
any GPS locational information provided by the customer user or
customer computer. For example, the customer may have prior
accounts at the bank which have address information which includes
physical address information. Obtaining user or customer computer
GPS location information may be used to both set up, verify and
authenticate the session between the customer and bank or merchant
or both.
Third-Party-Originated Account Information
[0078] Additionally, methods according to this invention may use
customer account information provided by third parties. Exemplary
third-party-originated information may include credit information
from a credit reporting service or other business or credit
reference. Another form of third-party-originated information may
be various types of information from a government entity, public
records or other publically available information.
[0079] The third-party originated information may also be
considered to include the locational information explained above.
The signals emanating from the global positioning satellites is
originated from a third-party; namely, the operator of the
satellites. This broadcast information is then processed by the GPS
unit and produces a result indicating the physical location of the
GPS unit. Development or use of secure GPS units which form a part
of the user computer may render this factor of particular benefit
in authenticating and verifying customer computer or customer user
information during the setup or processing of a commercial
transaction.
Communicating Customer Account Information is
[0080] Preferred methods according to the invention include
communicating some of the customer account information to the bank,
preferably with at least some of the information being communicated
via one or more communications vehicles which are not over the
internet. This allows the customer account information to include
information which comes via another mode, source or vehicle. This
helps to provide additional security so that fraud cannot easily be
practiced. Fraud may otherwise be possible merely by intercepting
communications made via the internet, using publicly accessible
files. The accessible files are then used for fraudulent schemes
and can be easily perpetrated against prior technology.
[0081] Methods for communicating some of the customer account
information may also include communicating via the internet for a
portion of the customer account information. This allows simplicity
in some aspects for setting up portions of the account or for
providing additional information desired after the account has be
set up or partially set up. Such internet communicated account
information may come from any suitable source. For example, the
customer may provide it's name along with a request to setup an
account via the internet. Other customer account data fields may be
completed via telephone using customer-originated information,
which may be combined with bank-originated information and
third-party-originated information, both or only one of which may
be provided via the internet or using non-internet
communications.
Customer Account Information Control & Maintenance
[0082] The customer account information maintained by the bank, or
by a service or equipment vendor maintained for the bank's use, is
advantageously stored in the form of a data processing accessible
database or the equivalent. The database can be maintained on a
bank computer or computers, or at computers or other database
storage and data processing equipment maintained for the bank and
which is accessible thereto. The bank's access to the customer
account database is preferably via a dedicated or secure
communications conduit, such as within the bank's data processing
equipment or between the bank's data processing equipment and a
service vendor which utilizes a secure, dedicated, encrypted and/or
encoded communications link with the bank.
Customer Account Information Field for Computer Identification
[0083] The customer account information with the bank, or
maintained for the bank, also is preferably includes a number of
customer account information fields. One customer account
information field preferably includes customer computer
information. The customer computer information includes at least
one customer computer identification code or other computer
identification information which is used to associate the customer
account with at least one authorized customer computer. The
customer computer identification information kept by the bank is
used to identify when a computer is an authorized customer computer
which is set up and authorized to conduct transactions for the
customer. The bank's customer computer identification information
may include information for one customer computer, or a plurality
of customer computers.
[0084] The bank's customer computer identification information may
be used in connection with one authorized customer computer, or by
more than one authorized customer computer. In one form of the
invention a single authorized customer computer identification may
be used on multiple computers; such as home, office, laptop, etc.
for a single user. In another form of the invention the bank
customer computer identification information may be uniquely
associated with a single, particular customer computer in such a
way that no other customer computer is associated with such
information. This can be done by utilizing unique information which
can be stored on the customer computer and is not capable of being
reproduced onto another computer.
[0085] The associated bank data field used to specifically or
uniquely identify an authorized customer computer may take various
forms now known or hereafter developed. One example would be
information kept by or for the bank which indicates what a file
stored on the customer computer will contain when read or
interrogated by the bank computer using a code key, or other
decoding or deciphering means now known or hereafter developed.
[0086] The contents of a customer computer identification file or
files may remain fixed over time. Alternatively, the computer
identification information may vary with time, so as to be unique
at any particular point in time. Still further, such information
may change or be changeable each time or at a certain frequency or
variable frequency or variable frequency when read by the bank.
Such information may also, as a matter of programming, change over
time either by data processing which occurs on the customer
computer or as a result of a process performed by the bank computer
during reading or interrogation.
[0087] In other forms of the invention the file or files on the
customer computer identification information may change as a result
of some additional variable or parameter other than time. Exemplary
alternatives may include parameters such as bank or customer
transaction numbers, control numbers or other variables. In some
forms of the invention the bank changes the customer computer
identification information as each customer purchase transaction is
processed or at each instance of communication between the customer
and bank. The associated change in the authorized customer computer
identification may not involve time as a factor but may merely
depend on the number of bank-customer communications
interactions.
[0088] The customer computer identification information may also
employ computer locational information if such is available. For
example, the form of the invention which can or does utilize a GPS
computer location or GPS user location, or a combination thereof
can be of potential benefit to the bank in both setup of customer
account information and in verification or authentication of
customer account information. Although the GPS location is in
general a location-type of information, the locational resolution
of advanced global positioning satellites and GPS receivers has
reached such a high level that individual computers within the same
building may be resolvable by different GPS location data.
[0089] The customer computer identification or location information
is used on or with the customer computer in such a way as to
provide a secure, specific, and preferably unique, identifier which
can be read or otherwise identified by the bank when in
communication with the customer computer. Such communication
between the customer computer and the bank can be effected in a
variety of suitable ways, but typically and preferably will be
communication over the internet in the course of conducting a
purchase or similar transaction. Alternatively, it may be more
advantageous for some or all of the computer identification
information to be communicated between the authorized customer
computer and the bank computer via direct telephone modem or other
communication methodology when setting up or creating the customer
account. The communications alternatives will in some forms of the
invention have at least one non-internet communications vehicles
used.
Customer Account Information Field for Delivery Address
[0090] The process of setting up or creating the customer account
with the bank also is preferably involves providing the customer
account with customer delivery address information associating said
customer account with at least one authorized customer delivery
address.
[0091] Customer delivery address information kept by the bank
computer 30 can be inclusive of a single home or business delivery
address. This provides a more secure purchasing transaction because
methods according to this invention include verification of the
shipping or delivery address directions given to the merchant so
that shipments are directed to a street address or other address
which is tied to the customer. The delivery or shipping address
setup information is preferably information which can be
authenticated. The setup authentication preferably uses third party
authentication or bank-originated information which is useful for
authenticating, and further preferably uses means other than
internet communicated information ostensibly from the customer
computer.
[0092] Authentication of the shipping or delivery address can in
one form be provided by having the delivery address supplied for
set up in the bank customer account records using a non-internet
mode of communication, such as personal communication. For example,
a person could appear in person at the bank and provide personal
identification for setting up a portion or all of the customer
account verification information. Another possibility is for the
customer to provide authorized delivery addresses and other
customer account information to the bank via voice phone line.
Other communications vehicles for supplying setup information may
alternatively be used, such as direct modem communications between
the customer and bank.
[0093] The shipping or delivery address is a key piece of order
information because without such information the internet merchant
cannot provide the goods or services requested. The shipping or
delivery address also may serve as customer verification and
authentication information according to some of the preferred
methods according to this invention. The delivery address can be
used as order verification information by having the customer
include the desired delivery address as part of the order file and
the merchant can submit the requested delivery address to the bank
for verification and confirmation during the bank's analysis
determining validation of the order.
[0094] In some embodiments of the invention the computer or user
location information, such as GPS unit location information can be
used to enhance or improve service or reliability. For example, if
the customer specifies delivery to a delivery address which is
confirmed by location information from an associated GPS or other
user or computer location indicator, then the processing of the
order may be effected more quickly without using some of the other
verification or authentication information. Alternatively, it may
not save time in the processing of the order but may provide
enhanced evidence of the authenticity of the ordering computer or
user, and allow verification usually a bank data field for user
and/or computer location information in GPS or other suitable
location format.
[0095] During the course of a purchase transaction, the delivery
address can alternatively be supplied by the bank to the merchant.
This may be done after the customer has selected during
communication with the bank, the desired authorized delivery
address from a group of one or more previously set up authorized
customer delivery addresses contained in the customer account
records held by or for the bank.
[0096] To enhance security, the customer may during communication
with the bank indicate the desired authorized delivery address from
a set of available options and/or in a shorthand manner. For
example, the customer goes through a delivery address selection
process which allows the customer to only select one of the
authorized customer delivery addresses set up in the bank's
customer account information.
[0097] To further illustrate the shorthand presentation of
authorized delivery addresses, the customer is placed in
communication with the bank, such as diagramed in FIG. 3. The
customer is then prompted to select from his or her "home address"
or "office address" as queried by the bank in an on-line
communications sequence. The full home or office addresses need not
be communicated between the bank and customer using the internet.
The customer may click upon one of the addresses indicated in
shorthand. This is done as part of requesting the bank to validate
and authorize the transaction.
[0098] The bank is also requested to assure the merchant of payment
and/or provide payment to the merchant. The bank, after
successfully completing its validation analysis of the purchase
transaction, sends assurance of payment to the merchant and directs
that shipment must be to an authorized delivery address specified
by the bank to the merchant. Alternately, the delivery address may
be confirmed by the bank as supplied by the customer to the
merchant.
[0099] The customer authorized delivery address information is
preferably provided to the bank for account setup using a
non-internet information source or communications vehicle, such as
a voice telephone line. More preferably, the authorized customer
delivery address information is provided to the bank by the
customer using a caller identification telephone line which can be
linked with the customer and/or authenticated as explained further
below.
[0100] The customer may have routine address options such as home
or office address. The customer may also have secondary or
incidental delivery addresses to which purchased goods may be
directed. For example, secondary address may be setup regularly for
close family members upon request from the customer in a request
which can be authenticated to the true customer.
[0101] Incidental addresses used by the customer, such as for gifts
to friends or other people, can be handled similarly. The customer
calls and submits the additional authorized delivery address using
a caller identification telephone line authenticated to the
customer and/or user. The bank then edits the customer record to
add the additional authorized addresses. These too can be presented
in shorthand during purchasing transactions using a variety of
different shorthand terms picked by the user.
Customer Account User or Computer Locational Information
[0102] The bank may also maintain customer account information
which indicates the location or locations which are authorized
locations from which orders may be placed. The location information
may be of various types, but is presently preferred to be some form
of GPS coordinate information which is consistent with either a
user GPS unit, or a GPS unit mounted in the customer computer, or
both. It is preferred that the GPS locational information be
encoded into a special encrypted format for communication over the
internet or other modes of communication used in the methods
according to this invention. The encryption may take many forms as
explained elsewhere herein and/or according to present or future
encryption technology suitable for use in this application or
applications.
Customer Account Field for Telephone Caller Identification
[0103] The customer account with the bank may also include
authorized telephone caller identification information which is
associated with the customer. The telephone caller identification
line information can be used to provide immediate authentication
evidence if it matches with other customer account information.
This may be supplemented using additional is telephone company or
other third party information which provides supporting
authentication that the telephone line being used is associated
with the customer for which the bank has an associated customer
account.
[0104] The telephone caller identification information is
preferably authenticated in some forms of the invention. The
telephone caller identification information may be authenticated by
third party authentication using the phone company or other third
party.
[0105] Alternatively and more simply, the telephone caller
identification information can be used directly as a verification
parameter because the customer used the same telephone line when
setting up the customer account with the bank. Thus the bank
verifies that each purchase transaction communication between the
customer and bank is via the same telephone line or one of several
authorized telephone lines.
[0106] It is also possible to use one or more of the above
verification techniques in combination with an additional third
party authentication process. This is preferably performed such as
by comparison to a credit report which includes the customer's
address information and telephone number. With these pieces of
information, the customer telephone caller identification may match
either or both the telephone line used during the customer account
setup, and/or by comparison of the telephone caller identification
information with third party information to perform an
authentication process.
[0107] Another preferred form of the invention utilizes any
available customer or user locational information to further
authenticate the ordering computer. The GPS or other location
information may be combined with telephone caller identification
information which includes location or locations of the telephone
line normal users. This may facilitate detection of fraudulent
routing schemes which might otherwise misuse telephone caller
identification alone or in combination with other parameters as
explained herein.
User Identification Codes
[0108] Customer account set up at the bank further preferably
includes another field or fields of information to define
authorized users for the customer account. This is done by setting
up a user personal identification number or other user
identification information and coding. The user identification code
may be selected by the bank, or the code may reflect the user's
choice. A particular requested personal identification number or
code can be numeric, alpha-numeric, is alphabetical or some other
code configuration.
[0109] The user identification code is set up, and is provided in
the customer account records at the bank for the authorized user or
users and the associated customer account. This personal
identification information is preferably communicated using a
non-internet means of communication. This is advantageously done
using a secure non-internet means of communication. One suitable
form of communication is via voice telephone line. Alternatively,
an email communication to the user of the user's personal
identification code may be employed. Email communicated over the
internet may be acceptable depending upon the policies and levels
of security determined by the bank and customer. Other modes of
communication such as telephone caller identified voice discussion,
written notification, or personal communication may also be
suitable in some of the methods according to this invention.
Customer Account Verification Information
[0110] The customer account information kept by or for the bank
includes customer account verification information. The customer
account verification information may include one or more, or
various selected combinations of the following types of
information.
[0111] One verification parameter is the shipping or delivery
address or addresses as discussed above. By performing a
verification process using delivery address of a purchase
transaction order, the bank can help assure that the set up of
customer account information and/or purchase transaction includes
goods or services which are being provided to an actual customer at
it's authorized address.
[0112] Another verification parameter is customer computer
identification information to as discussed above. By performing a
verification process using customer computer identification
information at the bank and customer computer, the bank can help
assure that the purchase transaction is being made from a computer
authorized by the customer as a source for authorized purchase
transactions.
[0113] A further verification parameter is telephone caller
identification information is provided on the telephone line used
by the customer to communicate with the merchant, the bank, or
both. By performing a telephone caller identification analysis, the
bank can help assure that the purchase transaction is being placed
using an authorized customer telephone line having line or caller
identification.
[0114] An additional or alternative verification parameter is user
personal identification information as discussed above. By
performing a user personal identification verification analysis,
the bank can help assure that the purchase transaction is being
placed by an authorized user for the particular customer account
being used.
[0115] A further alternative verification parameter is user
personal location information or computer location information as
discussed above. By performing locational verification analysis,
the bank can help assure that the purchase transaction is being
placed by an authorized computer or authorized user located at a
location of record for the particular customer account being
used.
[0116] Other types or forms of customer account information can
also be used as verification information used by the bank in making
one or more verification analyses as part of the bank's process in
considering and determining whether a purchase transaction is
properly validated or invalidated.
[0117] The one or more verification analyses performed by the bank
in processing a purchase transaction validation request preferably
employ information which is obtained from the customer computer.
This is advantageously done by placing the bank computer 30 and
customer computer 10 into active communication with one another.
This can be most easily done using the internet as illustrated in
FIG. 3. It can also be done using other alternative communications
vehicles.
[0118] FIG. 3 shows customer computer 10 submitting a purchase
transaction authorization request to the bank computer. This is
preferably done directly with the bank. Alternatively, it can be
done via relay by the merchant computer.
[0119] In the preferred versions of the invention, the bank
computer 30 responds or precedes the customer authorization request
with an identification inquiry. This can use one or more of the
verification or authentication parameters or other identification
means. In general, the larger the number of verification or
authentication parameters considered by the bank in the is
identification inquiry, then the reliability of the inquiry tends
to improve. Typically, the identification inquiry will use
verification of customer account verification information. For
example, the user personal identification and customer computer
identification information associated with the customer account
would be verified. Also, the telephone line caller identification
may be used to verify the caller identification relative to caller
identification information kept re the associated customer account.
This can be to verify to customer account information, or
additionally or alternatively in an authentication mode. Other
verification parameters may also be used.
[0120] The bank verification analysis or analyses can be the
determinative factors in leading to a bank decision whether to
validate the purchase transaction. It is also possible to combine
one or more verification analyses with one or more authentication
analyses as indicated in this document.
[0121] In performing validation analyses, the bank can also employ
verification or authentication of one or more verification or
authentication parameters used in connection with a merchant
account set up with the bank. The same or different verification or
authentication parameters may be used with the merchant as are
described with respect to verification and authentication of the
customer and user as described herein.
Customer Account Authentication Information
[0122] The customer account information kept by or for the bank
preferably includes customer account authentication information.
The customer account authentication information can include one or
more or various selected combinations of the following types of
information or their equivalents.
[0123] One authentication parameter is the shipping or delivery
address as discussed above. By performing an authentication process
determining the authenticity of one or more of the customer
authorized delivery addresses, and then verifying a delivery
address of a purchase order, the bank can help assure that the
purchase transaction includes goods or services which are being
provided to a customer at it's authorized and authenticated
address.
[0124] Another authentication parameter is customer computer
identification information as discussed above. By performing an
authentication process using customer computer identification
information at the bank and customer computer, the bank can help
assure that the is purchase transaction is being made from a
computer authorized by the customer as a source for authorized
purchase transactions and authenticated by the bank after
setup.
[0125] A further authentication parameter is telephone caller
identification information provided on the telephone line used by
the customer to communicate with the merchant, the bank, or both.
By performing a telephone caller identification analysis, the bank
can help assure that the purchase transaction is being placed using
an authorized customer telephone caller identification telephone
line by a customer authenticated to the specific telephone line by
comparison with corresponding authentication information, such as
from one or more third parties.
[0126] An additional or alternative authentication parameter is
user personal identification information as discussed above. By
performing a user personal identification authentication analysis,
the bank can help assure that the purchase transaction is being
placed by an authorized user for the customer account being
used.
[0127] A further alternative authentication parameter is user
personal location information or computer location information as
discussed above. By performing locational authentication analysis,
the bank can help assure that the purchase transaction is being
placed by an authorized computer or authorized user located at a
location of record for the particular customer account being
used.
[0128] Other types or forms of customer account information can
also be used as authentication information used by the bank in
making one or more authentication analyses as part of the bank's
process in considering and determining whether a customer account
should be set up or a purchase transaction should be validated or
invalidated. Authentication processes used during setup are termed
setup authentication, and authentication processes used during
transaction validation are termed transaction authentication.
[0129] The one or more authentication analyses performed by the
bank in processing a purchase transaction validation request
preferably employ information which is obtained from the customer
computer. This is advantageously done by placing the bank computer
30 and customer computer 10 into active communication with one
another. This can be most easily done using the internet as
illustrated in FIG. 3. It can also be done using other alternative
communications vehicles.
[0130] FIG. 3 shows the customer computer 10 submitting an
authorization request to the bank computer. This is preferably done
in a linear communications relationship connecting the customer
with the bank without involvement of the merchant. Alternatively,
it can be done via a relay communications relationship through the
merchant computer.
[0131] In the most preferred versions of the invention, the bank
computer 30 responds to the customer validation and authorization
request with an identification inquiry. This can use one or more of
the validation and/or authentication parameters. The larger the
number of parameters considered by the bank in the identification
inquiry, then the reliability of the inquiry tends to improve.
[0132] The bank validation analysis or analyses can be the
determinative factor or factors in leading to a bank decision
whether to validate the purchase transaction. It is also possible
to combine one or more validation and/or authentication analyses
with one or more other verification analyses as indicated elsewhere
in this document.
[0133] In performing validation analyses, the bank can also employ
verification and/or authentication of one or more parameters
associated with the involved merchant. Such merchant account
parameters are used in connection with a merchant account which is
also set up with the bank. The same or different authentication or
verification parameters may be used with the merchant as are
described with respect to verification and/or authentication of the
customer and user as described herein.
Customer Account Setup at Customer Location
[0134] In addition to the customer account setup at the bank, there
is also preferably setup at the customer location. The customer
computer may be provided with programming that allows the bank to
access the bank-encoded or otherwise provided customer computer
identification code. A variety of known identification methods are
possible.
[0135] One suitable form of identification is sometimes referred to
as a "cookie". The to preferred cookies for the invention are
selectively allowed by the customer computer to be written to the
customer computer in a form which allows the bank to positively
identify the customer computer. A variety of formats may be used to
produce and render secure the cookie or cookies sent to the
customer's computer by the bank.
[0136] The cookie is preferably written or encoded onto the
customer computer one or is more times in a communication or series
of communications between the bank computer 30 and the customer
computer 10. This can be accomplished by direct modem interaction
over a regular telephone line or using other communications
vehicles. Alternatively, the communications between the customer
computer 10 and the bank computer 30 can be via the internet as
illustrated in FIG. 3. The communication or communications sending
the cookie, cookies or other computer identification coding is
preferably encrypted to improve security, particularly with regard
to setup of the customer computer for bank identification
inquiries.
[0137] The cookie or other customer computer identification can be
a single sequence or code written a single time. Alternatively, it
can be a code or series of codes which are written at different
times. A further alternative is that the code placed on the
customer computer for identification by the bank can be written in
plural sessions and/or repeatedly. A further alternative is to
rewrite the computer identification in part or in whole during each
transaction.
[0138] A still further alternative is to write identification
coding each time the customer computer is used with the bank to
provide a historical series that cannot be reproduced by
interception of any one communication. The computer identification
may be subject to processing by specific use programming written
onto the user's computer, such as by the bank during setup. The
programming may include a code key which is static or variable,
such as variable with time or with customer, bank or other
transaction history.
[0139] The customer computer identification may also be subject to
processing by the bank computer, and such may include a code key
which is static or variable, such as variable with time or with
customer, bank or other transaction history. Still further, the
customer computer identification may be subject to combined
processing by both the customer computer programming and the bank
computer programming, and such may include a code key which is
static or variable, such as variable with time or with customer,
bank or other transaction history. A variety of customer computer
identification techniques can be used as may now be known or using
new technology hereafter developed.
[0140] It is also contemplated that the customer computer 10 will
be provided with software which facilitates or is required to allow
communication between the customer computer 10 and the bank
computer 30 to selectively allow the customer computer
identification is processing steps to be performed in setting up
the customer computer. Such software may also be used in conducting
purchasing transactions involving the bank and customer.
[0141] Another feature which may be allowed is the ability for a
customer to transfer cookies or other customer computer
identification tools between one customer computer and another
customer computer. This would only be permitted if the bank and
customer programming so provides. If such is allowed, then the
customer computer identification tools may be communicated between
the two customer computers in several different ways; such as by
direct wiring, or by email from the first to the second authorized
customer computer.
[0142] A further alternative set up parameter is user personal
location information or computer location information as discussed
above. By performing locational verification or authentication
analysis, the bank can help assure that the set up information or
purchase transaction is being placed by an authorized computer or
authorized user located at a location of record for the particular
customer account being used. Implementation of this additional
parameter or parameters for verification or authentication may be
limited to certain types of computers having GPS units therein, or
computers could potentially be retrofitted with such GPS or other
locational indicators, which preferably work on a real time
basis.
[0143] The customer computer software may also provide the customer
and associated users with various account management and utility
features. Account management features may include allowing the
customer to perform functions such as monitoring the purchase
transactions made to the customer's account and monitoring payments
made by the customer to pay the bank for customer charge
transactions made. The utility features may also act as the means
for allowing or controlling transmission of customer computer
identification information between first and second customer
computers.
[0144] Such programming may also advantageously have other
capabilities and features which allow the customer and authorized
users of the customer to use the account. Although such customer
computer interface software may allow some modifications and
information gathering, the preferred processes according to the
invention may require in some implementations that setting up or
changing of key or all customer account information fields occur
using specific communications vehicles or modes. For example,
changing (editing, adding or deleting) of customer account
information fields may only be allowed by direct, non-internet
communication. Further, account information such as authorized
delivery addresses, changes to personal identification codes,
changing telephone caller identification information kept by the
bank, user personal identification or other account information may
be modified only by non-internet communication. These setup or
account information modification processes are preferably done
using a non-internet vehicle of communications which can preferably
be authenticated by the bank prior to implementing the requested
information. For example, by telephone communication over a
telephone line having telephone caller identification which matches
and is an authorized customer phone line. Such fields may also
require voice communication between authorized representatives of
the customer and the bank.
Exemplary Setting Up of Customer Account
[0145] In one form of the invention a customer may initiate setup
of a customer account with the bank. This can be done in various
ways. For example, a customer may telephone the bank and request
that the bank set up an account according to this invention. The
customer could provide some or all of the customer-originated
information indicated in the description given in this document.
For example, name of customer, customer billing address, customer
phone number, customer social security number, customer tax
identification information, customer driver's license number,
customer email address, customer authorized user identification
codes, and other pertinent forms and fields of customer account
information may be singularly or in combination provided in one or
more modes or vehicles of communication and in one or more
sessions.
[0146] The preferred methods for setting up the customer also
preferably include authenticating one or more of the fields of
customer account information by an independent authentication
procedure or procedures. For example, one authenticating process
would be for the bank to require that the customer provide some or
all fields of the customer account information via a telephone line
having telephone caller identification information available that
matches the customer setting up the account. This matching for
authentication may require that the named telephone owner as
indicated by telephone company caller identification information be
the same as the information supplied by the customer.
[0147] Another example of independent authentication information
may include is alternative or additional third party information
made available by credit services or other companies having credit
information or serving as credit references. Examples of such
authenticating analysis would be to verify that one or more of the
customer-supplied data fields match independent authentication
information. Information such as customer name, account billing
address, home address, home telephone number, social security
number and other information given by the customer in setting up
the account would be compared to the authentication information.
Matched information of this type which corresponds with comparable
customer information provided by the credit reporting agency or
other third-party source of authentication information will provide
an indication of authenticity during the customer account setup
procedure.
[0148] Another preferred authentication procedure may include
utilization of locational information for the user, customer
computer or both. Setup can be made more reliable if third party
location information confirms GPS or other locational information
provided by the customer user, computer or both at the time of
setup.
[0149] Some preferred setup methods according to the invention also
include plural authenticating procedures. In some forms of the
invention, the new customer account is further subjected to
secondary authentication procedures after the bank has performed at
least one initial authentication test which confirms the
authenticity of the new customer account and demonstrates
reliability of at least one field of customer account information
which is a verification parameter. Then the bank may instruct the
customer to establish a data communications linkage with the bank
to allow the bank to provide computer identification information to
the customer computer. Such communications sessions can also be
used to load customer and user interface software which facilitates
the use of the customer account by authorized users of the
customer. Such interface software may also play a role in
facilitating the bank's computer identification inquiry and provide
on-line verification or authentication of the customer computer and
authorized user during purchase transactions.
[0150] The setting up of the customer computer and user, and the
setting up of the customer account information held by the bank may
include establishing data communications between the customer and
bank using at least one session where a non-internet data is
communications vehicle is employed. For example, the bank may
during the setup process instruct the customer to establish direct
modem communications with the bank to download the interface
software and provide the customer computer with a bank identifiable
authentication code or codes and any encryption software. The
processes may require a single non-internet communications session
or plural sessions whereby the computer identification information
provided to the customer computer may be expanded, replicated,
rendered more encoded, or encrypted using a single or plural
encryption techniques.
Customer Account Activation
[0151] Preferred methods according to this invention further
include activating a customer account. The customer account is most
preferably activated after the bank has received some or all of the
customer account information. It is also advantageous that the
customer account be activated after the bank has performed at least
one setup authentication process deemed appropriate by the bank
according to the banks security policies. For example, receiving
setup information from a new customer using a caller identification
telephone line that indicates the customer is authentic may by bank
policy be sufficient authentication for activation of the account.
Alternatively, more fields or other fields can be used in a setup
authentication analysis.
[0152] It is also possible that the setup authentication may
proceed in a progressive manner. After an initial contact and at
least one setup authentication analysis, the bank may provide
limited utilization, such as a small credit limit. The credit limit
may be increased after additional authentication procedures have
been performed successfully. The credit limit may also be increased
after additional customer utilization establishes that the account
is performing validly. Such progressive authentication will allow
greater reliability as the customer history progresses in time or
transaction number.
[0153] Activation may also advantageously include writing to the
customer computer. The writing to the customer computer may include
interface programming as discussed herein. It also typically will
include writing, encoding or otherwise providing the customer
computer with customer computer identification coding and
programming needed.
[0154] In some of the preferred methods according to this
invention, the activation of the customer account may also be made
contingent upon successful testing. Test communications is can be
conducted between the customer and bank. This can be in the nature
of a test communication whereby the customer goes to a special web
site operated by the bank and then proceeds to conduct a test
internet purchase transaction. In such test transaction the user
will be prompted for entry of the user's personal identification
code. The user's actual name may be supplied as added verification
but is not believed necessary since the customer's computer has
been provided with bank accessible customer computer identification
information. This can be assessed either before or after the user
is prompted for the user's personal identification code.
[0155] In one optional form of the invention, the customer account
setup and activation is abbreviated to facilitate immediate limited
use of the account and this is further detailed hereinbelow in a
separate section of this document.
Merchant Account with Bank
[0156] Methods according to preferred forms of the invention may
also include setting up a merchant account with the bank. This is
advantageous to further reduce the risk of fraud and to facilitate
and speed payment to the merchant. It is also desirable in
establishing a legal foundation between the bank and merchant
whereby the merchant is prepared and willing to accept assurance of
payment from the bank as contrasted with actual payment or funds
transfer. The processing of internet purchase transactions will be
facilitated by prior setup of the merchant with the bank.
[0157] The process of setting up the merchant with the bank can
vary significantly depending on policies of the bank and can vary
with time to improve or modify processing and transaction of the
internet purchases. The merchant can be set up using some or all of
the same procedures described above in connection with preferred
processes for setting up customers. Some modifications, additions
and/or abbreviations may be in order depending upon the policies of
the bank and the desired level of security relative to
convenience.
[0158] One possible abbreviation which may be as acceptable is to
not employ third-party to transaction authentication of the
merchant computer for reasons of processing speed or economy. If
the bank has a merchant account set up with various fields of data
and since the merchant is primarily looking to get paid, then it
may be sufficient that the merchant receives assurance of payment
and/or payment without the bank performing authentication of the
merchant computer involved in the purchase transaction.
[0159] Authenticating and/or verifying the identification of the
merchant computer is preferred in other implementations of the
invention. For example, in some of the preferred methods the
customer establishes communications with the merchant and then
indicates to the merchant that payment will be assured and/or made
by the bank. Since the merchant is looking for payment assurance,
it may be to the increased satisfaction of the merchant for the
merchant to establish the third communications link directly with
the bank. This approach may improve the confidence that the party
contacted by the merchant in seeking transaction authorization is
in fact the bank. The bank then may perform an authentication
process relative to the merchant which is similar, the same, or
employing one or more of the processes, aspects and features
described hereinabove in connection with the bank identifying,
verifying or authenticating the customer. Accordingly, any, all or
various combinations of authentication procedures and features may
be used by the bank, including those used to authenticate the
merchant's computer.
[0160] Alternatively, the bank may choose to more simply verify the
merchant computer identification with merchant account verification
information kept by the bank. This can be done without performing
additional authentication analysis, or authentication analyses
which utilizes third party information or other independent
authenticating information.
[0161] The description given hereinabove concerning the bank and
customer relationship thus is applied by reference to describe the
possible use of some or all of the authentication procedures and/or
various verification procedures described in connection with the
customer account for use in considering the setup of the merchant
and whether a transaction being analyzed by the bank should be
validated and payment assured to the merchant.
[0162] It should also be understood that some forms of this
invention may include internet purchase transactions where the
merchant has not been previously set up with a merchant account
with the bank. In such situations it may be desirable to set up the
merchant during the to course of the purchase transaction. This
setup option during the course of the transaction may be either a
partial setup or a complete setup depending upon the bank's
policies and desire for security in validating and paying for
internet purchases.
[0163] In other forms of the invention the merchant may not in a
practical manner be set up at all since the procedures may simply
involve transfer or delivery of funds automatically after or at the
time the transaction is validated and authorized by the bank. For
example, the bank and merchant may be in communication and the
merchant instructs payment to be sent by check to a stipulated
address at which the merchant receives payments. Electronic
transfer of funds may similarly be directed as the merchant and
bank find acceptable. Other payment options are also potentially
acceptable.
Merchant Account Setup at Merchant Location
[0164] Depending on the degree of security desired, the setting up
of the merchant account at the merchant computer may employ actions
by the merchant and/or bank similar to those described hereinabove
with regard to setup of the customer account upon the customer's
computer. Analogous or the same procedures may be used at or upon
the merchant computer 20. Such description shall be applied by
reference without being reiterated at this point in this
document.
[0165] In some respects the setting up of the merchant computer may
be tailored more specifically to the needs of the bank and
merchant. For example, the merchant may be provided with merchant
computer identification or not. This in turn may allow simplified
software to be used on the merchant computer to speed order
processing or provide other enhanced abilities or features. One or
more of the above-explained customer setup techniques may be
applied alone or in combinations for the setup of a merchant.
Merchant Account Activation
[0166] The explanations provided above with regard to setting up
and activating a customer account may also be employed in part or
in whole with regard to activation of a merchant account. The
description given herein is applied by reference to merchant
account activation as described above to provide preferred forms of
the invention.
[0167] The merchant account setup process and activation process
may also be abbreviated or eliminated. For example, the merchant
could be informed that it is not yet fully set up, but that a
one-time transaction account is being established in the merchant's
name at the bank. The merchant can obtain payment as the merchant
subsequently instructs the bank.
[0168] Alternatively, the bank could assure payment and communicate
that payment in a desired form is being made to the merchant, for
example, the assurance of payment may be communicated by the bank
to the merchant along with an indication that the bank is sending
is payment. Such payment can be by check, electronic funds transfer
or other suitable means. Payment effected by bank check payable to
the order of the merchant illustrates that merchant account setup
would not be an absolute requirement, although such is preferred
under this invention.
[0169] In the most preferred forms of this invention the merchant
would preferably be paid after the bank performs at least a minimal
amount of merchant account setup and either or both verification
and/or authentication of the merchant during both setup and in
processing purchase transactions. This can be done analogous to the
discussion given herein with regard to initial use by a new
customer.
Order File Creation
[0170] Preferred methods according to this invention include order
file creation. The customer is principally involved in creating the
order file. Key or principal aspects of the order file include: a)
specifying the goods or services, or both, which the customer seeks
to obtain using the merchant; and, b) specifying the delivery or
shipping address to which the goods are to be shipped or delivered,
or at which the requested services are to be performed.
[0171] The order file will typically be assembled using ordering
software which the merchant provides or makes available at the
merchant's web site. Since conventional merchant order taking
software requires a preliminary assessment of means for payment,
this indicates the appropriateness of implementing modified order
software when orders are to be paid using the bank and methods
according to this invention. Preferably the modifications direct
the order taking software into ancillary programming which is
associated with the assurance of payment and payment processes
described herein according to this invention.
[0172] Under some of the methods according to this invention, the
customer accesses the merchant web site and then builds the order
file by specifying the goods and services. The order file may also
include the customer's name, although such is not strictly
necessary. The essential fields in the order file are the goods
and/or services and delivery address information. The merchant may
elect to require more information, and typically the customer name
or some other customer identifier will be used to increase
reliability of the ordering process. Also desirable is telephone or
email contact information for the customer and user representing
the customer.
[0173] It is also typically desirable for the order file to define
the costs associated with is the order. This is provided so that
the customer may consent to the amount of charges being incurred by
the customer, and the amount to be assured and paid by the
bank.
[0174] Many additional fields of information may be included in the
order file as desired by the merchant or bank, and in compliance
with any agreement entered into between the merchant and bank.
[0175] In preferred methods according to this invention, the order
file used in placement, of the customer order with the merchant
does not include a customer account number, numbers or codes which
is or are separately useful to apply charges to the account. This
is eliminated to reduce the risk of internet fraud or other misuse
of the customer account with the bank. Instead, the customer builds
the order file in part or in total and specifies that payment will
be assured and made by the bank. This is preferably implemented
using a displayed icon on the merchant's web site which allows the
customer to at some point in the process of building the order
file, or after it is complete, to indicate the use of the bank as
the means for payment.
[0176] Where a merchant is previously set up with the bank, then
the election by the customer to use the bank for payment may
advantageously cause the merchant's order file building program to
enter into a programming routine or sub-routine that does not
require an account number to be communicated. Other information may
also be omitted to minimize the risk of interception and/or
fraud.
[0177] In some forms of the invention, the order may be assembled
by a customer with merely the ordered items specified, the identity
of the merchant, and a transaction identification or control
number. Alternatively, merely with the ordered items and customer's
name or other customer identification. The customer may either
provide a delivery address in the order file, or this information
can be omitted from the customer's order file and supplied solely
by the bank. Alternatively, the order file can include a customer's
specification of the delivery address and this information can be
relayed by the merchant to the bank for verification. The bank can
then verify that the delivery address is an authorized delivery
address for the customer involved prior to validating the
order.
[0178] In another form of the invention, the customer builds the
order file with the delivery address being provided to the
merchant. The customer establishes independent communication with
the bank seeking authorization of the purchase transaction. Then
the is customer is required to specify the desired delivery address
to the bank. This can be done in response to an inquiry by the bank
computer. It can also be done using a shorthand listing of
authorized delivery addresses so that the customer and bank do not
therebetween communicate the delivery address in sufficiently
complete form to allow interception.
[0179] The order file may alternatively be built in one or more
order file building sessions involving one or more communications
linkages via the internet between the customer and merchant. The
order file may be saved and then retrieved for later editing and
placement of the order.
Communicating Between the Customer and Merchant
[0180] In methods according to the invention the customer
establishes communication via the internet with the merchant. The
mode of communication via the internet may use any acceptable
protocol or security precautions now known or hereafter developed.
The mode of communication can be encrypted or use other secure
network procedures. A variety of communications options arise and
are possible because the customer is advantageously not
transmitting sensitive information, such as the account number and
expiration date coupled with account name.
[0181] In alternative forms of the invention, the customer may
initiate the purchase transaction by contacting the bank and
providing an indication that an order is planned. Thereafter, the
merchant may be contacted. This can occur directly between the
customer and merchant, or using the bank as an intermediary.
Order Placement
[0182] Methods according to this invention also include placement
of the customer's order with the merchant. This is most frequently
done by communications linkage between the customer and merchant
computers, such as illustrated in FIG. 3. The placing of the order
will typically occur shortly after the customer has assembled the
requisite information in the order file as required by the
merchant. This may be modified for orders being paid by the bank in
accordance with this invention.
[0183] Placement of the order will preferably entail specification
by the customer that the means of payment is via the bank. The
merchant therefore looks to the bank for assurance of is payment
and/or payment.
[0184] In alternative forms of the invention, the customer may
contact the bank and build the order file and/or place the order
via the bank's computer. The bank can then assure payment to the
merchant in the same or a separate communication from the
communication including placing or confirming the customer
order.
[0185] In either of the above alternatives, the customer account
number is not communicated to the merchant. Also in such
alternatives, the customer's communication with the bank does not
require providing information which is sufficient to allow an
intercepting party to place orders which charge against the
customer's account. This should be contrasted to the current
practices explained above which provide such information and
require it to be relayed, usually multiple times.
Communicating Between Customer and Bank
[0186] Preferred methods according to the invention also include
communicating between the customer and bank whereby the customer
submits a request for bank authorization, and for the bank to
assure payment and/or make payment to the merchant. FIG. 3
illustrates an internet communications linkage between the customer
computer 10 and the bank computer 30. This is done via customer
internet service 12, internet 15 and the bank internet service
28.
[0187] In alternative systems and methods the customer computer 10
may be directly connected via modem (not illustrated) to the bank
computer 30. Other communications vehicles and various
communications routes can be employed to provide data
communications between the customer and bank.
[0188] In some of the methods according to this invention the
customer communicates with the bank in non-internet forms of
communication. This includes the direct modem connection explained
above. It is also possible to employ direct, in person
communications between a customer and a representative of the bank.
Further it is possible to use telephone voice lines, fax
communication or other non-internet communications vehicles. This
is particularly advantageous in the setup phase, but also can apply
to editing or other changes to the setup information.
[0189] It may also be desirable to use non-internet forms of
communication between the customer and bank in the course of a
purchase transaction. The customer or bank can initiate the
communication, which is preferably a data processing communications
vehicle. Data concerning the proposed order and other data passed
between the customer and bank are communicated to perform the
methods according to this invention.
Initiation
[0190] The communications linkage between the customer and bank
computers can result from customer initiation or bank initiation.
This can be done either before or after the order file is created
and/or placed. In one preferred version of the invention, the user
representing a customer first builds an order file at the
merchant's web site. Then the customer indicates while in
communication with the merchant via the internet, that the customer
wishes to pay using the bank. This is easily provided by having an
internet link between the merchant's web site and the bank computer
30. This can be part of the merchant setup with the bank.
[0191] The selection of the bank using the merchant web site link
or other suitable means initiates a data communications linkage
between the customer and bank. This is preferably a direct
connection between the customer and bank.
[0192] In alternative methods according to the invention, the
customer may indicate while at the merchant web site that the
customer wants to pay using the bank. Instead of the customer
initiating the communications linkage with the bank, the customer's
placement of the order with the merchant can result in a
communication between the merchant and bank. The merchant
communicates with the bank and indicates that the customer has
placed an order that includes a request that the bank is to be used
to assure payment and/or make payment for the customer order. The
merchant can communicate relevant information to the bank
indicating the to transaction control number, customer
identification, and amount of charges associated with the
order.
[0193] In response to the merchant's communication with the bank,
the bank initiates a communications linkage with the customer. The
customer computer 10 can be contacted via the internet or by other
data processing communications vehicles.
[0194] The merchant information supplied to the bank concerning the
customer order includes transaction identification which is also
provided to the customer computer. When the bank computer
establishes communication with the customer computer, then the bank
goes through an identification inquiry and verification and/or
authentication processes to determine that the bank has contacted
the proper customer user and proper customer computer which is
authorized to be involved in the identified transaction with the
merchant.
Bank Identification Inquiry
[0195] After communication has been established between the bank
and customer, the bank performs a bank identification inquiry. The
inquiring action may involve a number of different identification
procedures. These identification procedures may be the same as
described above using verification of customer account information
and/or authentication of the customer computer and user using one
or more of the indicated analyses.
[0196] A preferred identification inquiry performed by the bank
relative to the customer utilizes the customer computer
identification setup on the customer computer. The bank computer
performs an identification inquiry which is preferably in an
encoded form. The customer computer must provide a satisfactory
response identifying the customer computer to the bank computer. If
proper identification is not achieved then the communications
session is terminated.
[0197] If proper identification of the customer computer is
achieved, then the bank further analyzes to determine whether the
personal identification information given by the customer computer
user is an authorized user. This is done by verifying that the
personal identification code given by the user is an authorized
user personal identification code. It can alternatively or
additionally employ other inquiries using other fields of customer
and user information for verification or authentication.
[0198] The above identification analyses are used to properly
associate in the banks to records, the customer account and user
for further processing of the communication and associated payment
authorization request. The above-described identification
procedures may also act as a portion of the verification analyses
used in performing validity analyses, or as part of one or more
authentication analyses, which may include just these
considerations or may be combined with additional analyses to
provide additional reliability for the authentication analysis and
validation decision. The additional parameters may be any of those
described elsewhere herein in connection with verification or
authentication of the setup of the customer account and processing
of the purchase authorization request, or other similar
parameters.
Bank Authentication Inquiry
[0199] The communications between the customer and bank may also
advantageously include an authentication inquiry by the bank to
reliably determine whether the customer computer 10 is an
authorized customer computer and that the user is an authorized
user for such customer account. The authentication procedures
explained above can also be applied during setup or a purchasing
transaction validation analysis according to the invention.
[0200] The authentication procedures seek to determine that the
customer computer and user are an authorized customer computer and
an authorized user for the customer account. The authenticity
analysis can use third party information as part of the
authenticity analysis, or the authentication can entail only
verification by matching one or more fields of customer account
information.
Communicating Between Bank and Merchant
[0201] Preferred methods according to the invention may also
include communicating between the bank and merchant. In such
communications the merchant is seeking assurance of payment from
the bank, so that the customer order can be fully processed. The
customer or merchant may submit a request seeking bank
authorization, and for the bank to assure payment and/or make
payment to the merchant. FIG. 3 illustrates an internet
communications linkage between the merchant computer 20 and the
bank computer 30. This is done via merchant internet service 18,
internet 15 and the bank internet service 28.
[0202] In alternative systems and methods the merchant computer 10
may be directly connected via modem (not illustrated) to the bank
computer 30. Other communications vehicles and various
communications routes can be employed to provide data
communications between the merchant and bank.
[0203] In some of the methods according to this invention the
merchant may communicate with the bank using non-internet forms of
communication. This includes the direct modem connection explained
above. It is also possible to employ other direct communications is
between a merchant and the bank or a representative of the bank.
Furthermore, it is possible to use telephone voice lines, fax
communication or other non-internet communications vehicles. This
is particularly advantageous in the setup phase, but also can apply
to editing of setup information.
[0204] In most purchase transaction processing the merchant and
bank will communicate via the internet. It may alternatively be
desirable to use non-internet forms of communication between the
merchant and bank in the course of a purchase transaction. The
customer or bank can initiate the communication, which is
preferably a data processing communications vehicle. Data
concerning the proposed order and other data passed between the
bank and merchant are communicated to perform the methods according
to this invention.
Merchant-Bank Communications Initiation
[0205] The communications linkage between the merchant and bank
computers can result from merchant initiation or bank initiation.
This can be done either before or after the order file is created
and/or placed. In one preferred version of the invention, the user
representing a customer first builds an order file at the
merchant's web site. Then the customer indicates while in
communication with the merchant via the internet, that the customer
wishes to pay using the bank. This is easily provided by having an
internet link between the merchant's web site and the bank computer
30. This can be part of the merchant setup with the bank.
[0206] The selection of the bank using the merchant web site link
or other suitable means initiates a data communications linkage
between the customer and bank. This is preferably a direct
connection between the customer and bank. Invitation of merchant
bank communications may vary dependent upon the chosen
communications approach between the customer and merchant.
[0207] In alternative methods according to the invention, the
customer may indicate while at the merchant web site that the
customer wants to pay using bank. Instead of the customer
initiating the communications linkage with the bank, the customer's
placement of the order with the merchant can result in
communications being initiated between the merchant and bank. In
one such procedure, the merchant communicates with the bank and
indicates that the customer has placed an order that includes a
request that bank is to be used to assure payment and/or make
payment for the customer order. The merchant can communicate
relevant information to the is bank indicating the transaction
control number, customer identification, amount of charges
associated with the order, ordered goods or services or other
information.
[0208] In response to the merchant's communication with the bank,
the bank preferably initiates a communications linkage with the
customer. The customer computer 10 can be contacted via the
internet or by other data processing communications vehicles.
[0209] The merchant information supplied to the bank concerning the
customer order includes transaction identification which is also
provided to the customer computer. When the bank computer
establishes communication with the customer computer, then the bank
goes through an identification inquiry and verification and/or
authentication processes to determine that the bank has contacted
the proper customer and proper customer computer which is involved
in the identified transaction with the merchant.
Bank Identification Inquiry of Merchant
[0210] A bank identification inquiry also is preferably used when
the bank and merchant computers are in communication. This can be
accomplished in the same manner as described with respect to the
bank identification inquiry for communications with the
customer.
Bank Authentication Inquiry of Merchant
[0211] A bank authentication inquiry may also be used when the bank
and merchant computers are in communication. This can be
accomplished in the same manner as described with respect to the
bank authentication inquiry for communications with the
customer.
Other Analyses by Bank for Validation of Transaction
[0212] In addition to the analyses mentioned above with regard to
identification, to verification or authentication, it is also
preferable that the bank perform one or more supplemental
validation analyses. Examples of such supplemental transaction
validation analyses include analyzing the available credit or
available funds in the credit or debit account to be charged.
[0213] An additional area of analysis which can be employed is
transaction frequency is analysis. This type of analysis looks at
the frequency of a customer's use and compares it with a
predetermined range or the historical frequency of use. The
historical frequency can be determined over any desired prior
period or periods of use of the customer account. If the frequency
of use is abnormal, then validation may be refused pending further
investigation to determine if the transaction for which
authorization is being sought is genuine or as a result of fraud or
other abusive action by unauthorized users or customer
impostors.
[0214] Another supplemental validation analysis is dollar amount of
transaction. This analysis can look at the dollar value of a
particular transaction to help determine abusive situations. For
example, a set monetary amount can be used for a particular
customer account as a trigger to invalidating the purchase
transaction. Alternatively, the monetary trigger may be based on
historical data associated with a customer account or user. The
historical data can be compiled over any desired period of
time.
[0215] Determination of validity may employ a weak link conditional
approach wherein certain factors are necessarily at or above a
triggering limit, or within an acceptable range. If such is not
found then the ruling by the bank is invalidity and the transaction
is not authorized. It is also possible to use weighted factor
analysis wherein one or more of the factors used to determine
validity may be scaled relative to one or more other factors using
fixed, predetermined or variable weight scaling factors.
Validation and Authorization of Transaction
[0216] The bank receives a request for authorization to charge a
customer account in connection with an internet purchase
transaction. The request for authorization also serves as a request
that the bank perform a validation analysis which is the basis of
the decision whether to authorize the transaction and communicate
assurance of payment to the merchant to the benefit of the customer
account being charged.
[0217] The request for authorization and validation can be
communicated by either the merchant or customer to the direction of
the bank. This can be done in a variety of suitable ways; however,
communication via the internet is contemplated to be the most
expedient.
[0218] The validation analysis performed by the bank can include
one or more of the various analyses which have been described
herein. Validation analysis by the bank can also include additional
analyses which the bank deems appropriate in determining whether
the is proposed internet purchase transaction will be completed
using the bank as a payment assurer and payment agent in favor of
the assured, merchant.
[0219] The validation analysis may include analysis of the
merchant, analysis of the customer, analysis of the user, analysis
of third party information, and analysis of historical or other
customer account information. Other analyses can also be
included.
[0220] The validation analysis results in either validation of the
transaction, invalidation of the transaction, or some other
response indicating need for additional analysis or added
information.
Communication of Assurance of Payment
[0221] If the validation analysis or additional authorization
analyses performed by the bank result in a positive or valid
result, then the bank communicates with the merchant and provides
assurance of payment. Assurance of payment can be in various forms
and formats. Acceptance of the assurance is facilitated by having
the merchant set up with the bank as a participating merchant. In
some forms the assurance of payment is communicated by the bank to
the merchant via the internet. This can most effectively be
accomplished by merely including the transaction control number,
the amount authorized and an indication that the merchant's account
with the bank will be credited in due course for the authorized
amount.
[0222] It is also possible to send the authorization notice and
assurance of payment to the merchant along with key information
which has been verified. This may be transaction purchase amount,
confirmation of the goods or services, and/or delivery address
information which has been verified against authorized delivery
addresses for the customer account involved. The bank may make
payment contingent upon or subject to revocation, if the merchant
ships in a manner which is inconsistent with the key information
provided in the bank assurance of payment, or in a separate
communication of bank authorization. In such later case the
assurance of payment may be made in a separate communication
between the bank and merchant.
Shipment or Delivery
[0223] One key piece of transaction information which can be used
in the bank transaction authorization or assurance of payment is
the delivery address. The delivery address may be specified by the
bank and shipment to any different address may result in refusal to
pay or revocation of payment. The merchant is obligated in such
forms of the invention to follow is the bank instructions
containing a delivery authorization address communicated by the
bank to the merchant. This delivery authorization address may be
the only address provided, or it may be a confirmation of an
address provided by the customer in building the order file. Still
further, it is possible for the order file to be built by
contributions from both the customer and bank with the bank
supplying key information, such as the delivery address using an
authorized delivery address set up with the bank for the proper
customer account and user.
[0224] A further alternative is that the merchant submits the
planned delivery address with the request for authorization and the
bank confirms after verification against the customer account that
shipment to the address indicated in the request for authorization
is an authorized delivery address to which the merchant may direct
shipment.
[0225] It is further possible to utilize the locational
identification information from a GPS unit to additionally analyze
the apparent validity of a transaction. This can be done by
comparing the indicated user or computer GPS or other location
information against the shipping address. This check will not be
useful in all orders because of the variations in shipment which
may be requested by a customer. However, if the ordering computer
is at the delivery address additional indication of the validity of
the order is provided.
[0226] The location information may also be used merely to verify
that the ordering user or computer is located at a customer
authorized location. Additional analyses using the user or computer
location information will also be possible.
Payment by Bank to Merchant
[0227] Payment by the bank to the merchant is most efficiently
effected by crediting a previously set up merchant account with the
bank. Alternatively, the bank can effect payment by sending checks,
wire transfers, electronic funds transfers, or other known or
hereafter developed methods of payment. The payment is preferably
made concurrent with or after to debiting the customer account to
which the purchase transaction charges are to be made.
Alternatively, the bank may effect payment and then charge the
customer.
Billing or Charging of Customer
[0228] The customer is billed in a suitable fashion for the charges
which are associated with the customer's internet purchase
transactions. In the case of a credit account, the charge will be
posted to the customer's account and then demand for payment is
made by the bank to the customer. This can be done in a variety of
ways, such as by billing the customer for the charges using a
printed bill format.
[0229] Alternatively, the customer may have an account which is
prepaid and has funds available for debiting to cover the purchase
transaction charges. These funds can then be credited to the
account of the merchant, either directly or using one or more
intermediaries, such as the bank.
[0230] It is also possible that the customer may be charged and
that payment is effected by the customer to the bank using another
institution or payment agent which is billed using paper or
electronic documentation. The payment agent then pays in behalf of
the customer and the arrangements between the agent and customer
may be accounts of various types and requirements.
Further Explanation of Methods According to the Invention
[0231] FIG. 4 further details actions taken by the customer,
merchant and bank using a preferred process and preferred
configuration, such as the configuration of FIG. 3. Step 110
illustrates the customer accessing the merchant internet site for
purposes of gaining information, building an order file, and/or
placing an order.
[0232] Step 120 is the customer building an order file in
preparation for placing an order. The order file being built by the
customer may identify the customer or it may be identified solely
by an order tracking number assigned by the merchant. The order
file also includes identification of the items which the customer
wishes to obtain. Additionally, the order file may indicate that
the customer has selected to have payment provided by bank 30.
However, no account number, account address, or other sensitive
information is required to build the order file using the novel
methods. Instead, the customer order is identified by the merchant
and the desired goods and services are identified in the order
file. Depending upon the specific embodiment of the invention
employed, other information may be included in the order file.
[0233] Step 130 represents the customer placing the order with the
merchant. The is merchant can perform any desired initial
processing (not illustrated), such as to determine if the order is
sufficiently defined and/or complete. The set of order information
fields required may indicate that the customer intends to pay using
bank 30.
[0234] Step 140 represents the customer contacting the bank. This
can be done via the internet or otherwise as explained herein. Upon
customer communication with the bank, the customer submits to the
bank identification inquiry in step 150. The bank then analyzes the
customer for authenticity using one or more of the authentication
or verification procedures explained herein.
[0235] FIG. 4 also shows that the bank may in step 170 additionally
analyze the transaction relative to the customer account for a
monetary limit. Other additional analyses as explained herein may
also be performed prior to validating or invalidating the purchase
transaction and responding to the request for authorization.
[0236] In the case where the transaction is validated, then step
180 illustrates that in response to the request for authorization,
the bank contacts the merchant and assures payment. The bank may
provide delivery or shipping instructions, or confirm instructions
already given by the customer, when the bank is assuring the
merchant of payment.
[0237] Thereafter the bank sends payment to the merchant and bills
the customer for the charges made in the transaction. A transaction
processing fee may be charged to either or both the merchant and/or
customer.
FIG. 5--Illustration of Established Customer Transaction
[0238] FIG. 5 illustrates a method according to the inventions. The
customer computer monitor is shown as monitor 200. Displayed
information is included on the monitor as shown. This
advantageously includes screen order file data representatively
shown as order data 201. Order data 201 is used and forms part or
all of the order file for this order.
[0239] After the order data 201 has been selected by the customer,
then the operational command icons for save 202 and place order 203
are displayed to allow the user to save the order file for later
editing or submission. If the user is satisfied with the order data
and wants to place the order, then the order placement icon 203 is
clicked or otherwise operated to place the order with the merchant
or bank.
[0240] The display on monitor 200 also shows two traditional charge
account options labeled as operational icons 205 and 206. A user
may click upon either of these to choose a prior art purchasing
process such as described above.
[0241] Alternatively, the user is given the option of clicking on
the bank icon 208 which activates one of several different
processes according to this invention.
[0242] FIG. 5 shows a displayed message 210 indicating that the
customer is an approved purchaser. The identification inquiry or
inquiries explained elsewhere herein are being performed. The
computer identification is conveniently referred to as an
electronic thumb print. If this authentication of the customer
computer is successfully completed, then the display indicates that
the order approval process automatically starts.
[0243] Display message 220 indicates that the computer
identification inquiry was successfully completed. Now the
displayed message prompts the user to enter the personal
identification code associated with this user and customer account.
The user then provides the code in the squares or in another
suitable manner. Entering this information on the customer/user
computer starts the process again and the personal identification
process is undertaken. This is advantageously done by verifying the
personal identification code field of the bank's customer record
against the entered information.
[0244] Message display 230 indicates success in the prior step and
the user is now being prompted to indicate whether the order is to
be shipped to the user's home or business address. After the
desired address is indicated, such as by clicking on screen, then
the submit order command is activated and the validation and
authorization procedures explained herein can be performed in
various manners as described. The displayed message 240 indicates
the order has been approved. The user has thus completed the
interactive portion with his or her customer computer.
FIGS. 6 & 7--Illustration of New Customer Transaction
[0245] FIG. 6 shows another monitor 250 having a customer/user
computer screen display similar to that described above with regard
to monitor 200. After providing the needed order data, the user
clicks on the bank icon 208 to start interaction with the bank. The
bank seeks to find computer identification information from the
user's computer but is unsuccessful and thus screen display 260 is
presented. Displayed message 260 welcomes the potential new
customer and queries the user whether he or she wants to open a new
account with the bank. The user clicks on the "yes" operation
control icon 261.
[0246] A subsequent screen display message 270 is presented in
reaction to the yes command. The user is prompted to contact the
bank using a specified voice telephone line. This is done to setup
the customer account as variously described herein. The
user/customer then performs such a setup procedure. As illustrated
in representative display screen message 280, the user/customer
provides the indicated information by voice explanation. The
customer also agrees to the account terms and conditions. The user
is also advantageously provided with the personal identification
code or codes needed during this setup telephone session.
[0247] FIG. 7 shows a further screen display message 300. This
message is displayed after the user contacts the bank or merchant
web site to complete setup of the customer account by activating
the account. Message 300 indicates the various verification and
authentication processes have been performed and setup has been
approved. An alternative rejection (non-approval) display message
is shown is display message 310.
[0248] The displayed message 300 may also show the credit limit
assigned by the bank. If the user want to proceed with account
activation, then the "activate account" screen icon is clicked. In
the procedure illustrated by FIGS. 6 and 7, the user has been given
a personal identification code by telephone during the
customer-bank setup telephone session. The user/customer then
provides the requested number.
[0249] The user/customer then indicates that the activation
process, as described herein, should be performed when the
"activate account" icon is clicked by the user using the customer
computer.
[0250] Message 330 indicates that the activation process preferably
includes providing the customer computer with computer
identification coding and programming as needed to act as an
electronic thumbprint which can be read or otherwise decoded by the
bank computer to verify or authenticate the computer in further
transaction processing or account modification operations. This
step can also be used to provide any needed customer interface
programming.
[0251] Display message 340 indicates that the acceptance of the
computer identification coding by the customer computer leads to a
welcome message indicating that the customer is account is
activated. If the customer computer does not accept the coding
and/or programming, then additional instructions (not shown) can be
given.
[0252] Upon approval and activation of the customer account, the
customer is then given an opportunity to continue with the initial
order. The "yes" icon is clicked as screen display 370 indicates. A
yes command leads to step 360 which prompts the user for the
desired customer shipping address.
[0253] Screen display message 350 indicates that the order has been
approved by the bank and is being further processed. Such further
processing leads to the merchant also receiving approval according
to the various methods described herein.
Example A
[0254] This is one example of how the methods according to this
invention can be carried out. In this example the customer and the
merchant are already set up with the bank in accordance herewith.
The customer contacts the merchant via the internet as described.
The customer initiates communications with the merchant using a
first communications link. The customer then builds the order file
but does not include customer account information which is
sufficient for obtaining payment, goods or services in a fraudulent
transaction. Instead, the customer clicks on the bank icon set up
on the merchant's web site and this links to the bank web site
establishing an additional or second communications linkage
therewith, advantageously using a distinct communications mode or
vehicle.
[0255] The bank then performs a customer identity check such as by
using bank encoded information written onto the customer computer.
The bank analyzes the customer identity information and verifies
that it is an active account. The user is prompted for his personal
identification code and the user supplies such information. The
bank verifies that the personal identification code is correct as
an authorized user under the customer's account. If these factors
are verified, then this serves as an authentication process
indicating the authenticity of the user to use the particular
customer account and authorized customer computer involved.
[0256] Further third party authentication is optionally provided by
the bank performing an assessment of the caller identification
information associated with the telephone line through which the
customer is connected to the internet in the customer-bank
communications linkage. The telephone line number information is
verified against the related information contained in is the bank's
customer account information. If the caller identification
information is verified, then additional authentication evidence is
provided and the bank now completes the authentication
analysis.
[0257] The customer computer then communicates to the bank computer
information indicating the merchant being used in the purchase
transaction. The amount to be charged to the customer for the goods
and/or services are communicated to the bank. The bank then does a
credit limit analysis for the customer account, and the amount
requested for authorization may or may not be found acceptable.
[0258] The bank then establishes a third communications link with
the merchant via the internet while the customer is in active or
standby communication with the merchant. The bank performs any
desired merchant identification inquiry, such as done with the
customer. The bank also performs an authentication analysis by
verifying that the merchant computer is an authorized merchant
computer using the bank's merchant account verification
information.
[0259] With the above steps performed the bank is now in a position
to perform a validation analysis for the transaction. Since the
merchant, customer and user identifications have been verified and
the credit limit analysis has successfully been passed, then the
bank determines that the transaction is valid.
[0260] The merchant, bank and customer are in this example engaged
in a communications triad wherein each is communicating with the
other two over the internet in an independent fashion.
[0261] The bank then communicates to both the merchant and customer
that the purchase transaction has been authorized. The bank
communicates assurance of payment to the merchant indicating that
payment will be made to merchant's account with bank on the next
business day. The merchant in many cases will accept the assurance
of payment as sufficient for the merchant to proceed with shipment
of the purchased goods or services.
[0262] The bank debits the customer account at or near the time the
authorization is given. The bank also credits the merchant's
account such as at nearly the same time or otherwise. The customer
is subsequently billed for the transaction, such as on the next
customer billing statement.
Example B
[0263] In this example the customer and the merchant are already
set up with the bank in accordance herewith. The customer contacts
the merchant via the internet as described. The customer initiates
communications with the merchant using a first communications link.
The customer then builds the order file but does not include
customer account information sufficient to authorize goods,
services or for receiving payment. Instead, the customer saves the
order file with the merchant and maintains a record of the order
file contents on the user's computer. The record of the order file
includes merchant identification information, transaction
identification, and an indication of the amount to be charged to
the customer's account. The customer then discontinues
communications with the merchant via the internet.
[0264] The customer thereafter initiates communications with the
bank, such as via the internet. The user is prompted for his
personal identification code and the user supplies such
information. The bank performs the desired identification inquiry
by comparing the user's personal identification code to the
customer account information for this field. The bank also performs
customer computer identification analysis using specially coded
information contained on the user's authorized computer and GPS
locational information. The bank then analyzes the customer
identity information and verifies that it is an active account. The
bank verifies that the personal identification code is correct as
an authorized user under the customer's account.
[0265] The user's computer includes bank programming which has an
encryption key which varies as a function of the information
previously written to the customer's computer by the bank, the time
and date, and the number of transactions conducted by the customer
with the bank. The bank then authenticates the user and customer
computer using such analyses. If these factors are successfully
verified, then this serves as an authentication analysis indicating
the authenticity of the user to use the customer account.
[0266] Further third party authentication is optionally provided by
the bank performing an assessment of the caller identification
information associated with the telephone line through to which the
customer is connected to the internet in the customer-bank
communications linkage. The telephone line number information is
verified against the related information contained in the bank's
customer account information. If the caller identification
information is verified, then additional authentication evidence is
provided and the bank now has completed the authentication analysis
of the user and customer account. This can also be enhanced by
prompting the user and customer computers for location information.
The user may be required to recite the address in the form of a
street address or longitude and latitude coordinates based on GPS
receiver location information.
[0267] The customer computer then communicates to the bank computer
information indicating the merchant being used in the purchase
transaction and the transaction control number. The amount to be
charged to the customer for the goods and/or services are also
communicated to the bank. The bank then does a credit limit
analysis for the customer account, and the amount requested for
authorization is acceptable. The bank communicates to the user that
the transaction is processing.
[0268] The bank then establishes a communications link with the
merchant via the internet while the customer is in active or
standby communications with the merchant. The bank performs any
desired merchant identification inquiry, such as done with the
customer. The bank also performs an authentication analysis by
verifying that the merchant computer is an authorized merchant
computer using the bank's merchant account computer identification
verification information.
[0269] With the above steps performed the bank is now in a position
to perform a validation analysis for the transaction. Since the
merchant, customer and user identifications have been verified and
the credit limit analysis has successfully been passed, then the
bank determines that the transaction is valid.
[0270] The bank is simultaneously engaged with the merchant and
customer but the customer and merchant are not in active
communication. The bank then communicates to both the merchant and
customer that the purchase transaction has been authorized. The
bank communicates assurance of payment to the merchant indicating
that payment will be made to merchant's account with bank by the
next business day. The merchant accepts the assurance of payment as
sufficient for the merchant to proceed with shipment of the
purchased goods.
[0271] The bank debits the customer account at the time the
authorization is given. The bank also credits the merchant's
account at nearly the same time. The customer is subsequently
billed for the transaction on the next customer billing
statement.
Example C
[0272] In this example the customer and the merchant are already
set up with the bank is in accordance herewith. The customer
contacts the merchant via the internet as described. The customer
initiates communications with the merchant using a first
communications link. The customer then builds the order file but
does not include sensitive customer account information. Instead,
the customer saves the order file with the merchant and maintains a
record of the order file on the user's computer.
[0273] The record of the order file includes customer and merchant
identification information, transaction identification, an
indication of the amount to be charged to the customer's account,
an indication that the bank is being used to assure payment, and
other information specifying essential and desired key information
for the order being placed. The customer then places the order with
the merchant via the internet.
[0274] The merchant thereafter initiates communications with the
bank, such as via the internet. Information concerning the order
file is in part or in whole communicated to the bank along with a
request for authorization.
[0275] The bank then initiates communication with the customer,
such as via the internet. The user is prompted for his personal
identification code and the user supplies such information. The
bank performs the desired identification inquiry by comparing the
user's personal identification code to the customer account
information for this information field. The bank also performs
customer computer identification analysis using specially coded
information contained on the user's authorized computer. The bank
then analyzes the customer identity information and verifies that
it is an active account. The bank verifies that the personal
identification code is correct as an authorized user under the
customer's account.
[0276] The user's computer includes bank interface programming
which has an encryption key which varies as a function of the
information previously written to the customer's computer by the
bank, the time and date, and the number of transactions conducted
by the customer with the bank. The bank then authenticates the user
and customer computer using such analyses. If these factors are
successfully verified, then this serves as an authentication
analysis indicating the authenticity of the user to use the
customer account.
[0277] Further third party authentication is optionally provided by
the bank performing an assessment of the caller identification
information associated with the telephone line through which the
customer is connected to the internet in the customer-bank
communications linkage. The telephone line number information is
verified against the related information contained in the bank's
customer account information. If the caller identification
information is verified, then additional authentication evidence is
provided and the bank now has completed the authentication analysis
of the user and customer account.
[0278] The customer computer then communicates to the bank computer
information indicating the merchant being used in the purchase
transaction and the transaction control number. The amount to be
charged to the customer for the goods and/or services are also
communicated to the bank. The bank then does a credit limit
analysis for the customer account, and the amount requested for
authorization is acceptable. The bank communicates to the user that
the transaction is processing.
[0279] The bank then establishes a communications link with the
merchant via the internet while the customer is in active or
standby communication with the merchant. The bank performs any
desired merchant identification inquiry, such as done with the
customer. The bank also performs an authentication analysis by
verifying that the merchant computer is an authorized merchant
computer using the bank's merchant account verification
information.
[0280] With the above steps performed the bank is now in a position
to perform a validation analysis for the transaction. Since the
merchant, customer and user identifications have been verified and
the credit limit analysis has successfully been passed, then the
bank determines that the transaction is valid.
[0281] The bank is simultaneously engaged with the merchant and
customer but the customer and merchant are no longer in active
communication. The bank then communicates to both the merchant and
customer that the purchase transaction has been authorized. The
bank communicates assurance of payment to the merchant indicating
that payment will be made to merchant's account with bank by the
next business day. The merchant accepts the assurance of payment as
sufficient for the merchant to proceed with shipment of the
purchased goods.
[0282] The bank debits the customer account at the time the
authorization is given. The bank also credits the merchant's
account at nearly the same time. The customer is subsequently
billed for the transaction on the next billing statement.
Alternative Representation of Customer by Purchasing Agent
[0283] The methods according hereto can also be practiced wherein
the customer is represented by a buying agent. The buying agent can
be a more traditional type buying agent whereby the customer
appoints and authorizes the buying agent. Alternatively, the buying
agent may be a computer service vested with various techniques for
securing the most favorable purchasing on behalf of the
customer.
Alternative Representation of Merchant by Selling Agent
[0284] The methods according hereto can also be practiced wherein
the merchant is represented by a selling agent. The selling agent
can be a more traditional type selling agent whereby the customer
appoints and effectively authorizes the selling agent.
Alternatively, the selling agent may be a computer service vested
with various techniques for securing the most favorable selling
price in behalf of the merchant.
Bank Functions May be Divided or Substituted
[0285] The description given herein is made as if the bank is a
single legal entity. However, the functions of the bank may instead
be performed by an agent or various agents which assume some or all
of the bank's responsibilities and functions in accordance with the
inventions. For example, the bank may have several subsidiary or
sister corporations which perform some or all of the functions
instead of or in support of the bank's performance of the methods
according hereto.
Alternative Quick Setup and Related Purchase Transaction
[0286] In still another alternative method according to the
invention a potential customer is both setup and given credit in a
series of steps preferably performed as explained below.
[0287] The procedure applies to certain situations wherein a new
customer is more quickly set up to facilitate nearly immediate use
of the customer account. The context of the procedure is explained
with regard to a customer accessing a merchant web site for a
merchant that is set up with a merchant account at the bank in
accordance with the invention. The screen display at the merchant
web site is provided with an icon or other indication that the
merchant is a bank authorized merchant and that payment can be made
employing the bank.
[0288] If a potential new customer clicks on the bank icon or
otherwise indicates that the customer wants to set up a customer
account with the bank, then the setup procedure is initiated. This
can initially involve establishing a communications link between
the customer and bank. Preferably, the initial setup communications
link is via telephone voice line between the is customer telephone
and the bank setup telephone.
[0289] Alternatively, the potential customer may make some initial
communications link via the internet in response to the potential
customer's indication that it would like to set up an account with
the bank.
[0290] The methods thus advantageously also include prompting the
potential customer to call the bank setup telephone number. The
bank setup telephone number can be a toll-free number, for example
1-800-000-0000. The prompting of the potential customer involves
providing the potential customer with the telephone number to be
used. The prompting also preferably includes instructing the
potential customer that the telephone to be used in the voice
telephone setup contact be the customer's or user's home number, or
other customer telephone number that will be used in future
communications sessions with the bank and/or merchants. Such
customer or user telephone line is for convenience called the
designated customer or user telephone line.
[0291] The prompting also preferably includes explaining that this
designated telephone line is also preferably a telephone line which
has caller identification information available concerning the
customer or user, and that such caller identification information
is not in a blocked status. This is desired since in at least some
of the preferred methods the telephone caller identification
information is used by the bank in processing requests for setup,
setup modification and requests for authorization to charge.
[0292] The potential customer then proceeds by telephoning or
otherwise communicating in a setup mode communications linkage with
the bank setup telephone line. The preferred setup mode
communications linkage is a customer voice telephone line
communicating with a bank voice telephone line.
[0293] The methods also include establishing the setup mode
communications linkage between the potential customer and the bank
setup communications line.
[0294] The methods further preferably include providing some or all
of the customer account setup information by voice or other
communications mode which is preferably not via the internet. The
providing of customer account information will typically include
voice communication of customer information such as explained above
in connection with typical setup procedures.
[0295] The quick setup methods further employ a quick setup
authenticating step or steps performed while the potential customer
is in the setup mode on-line communications linkage with the bank.
A preferred mode of quick setup authentication is to use a
pre-existing charge card which can be checked for validity and
credit limit quickly while the potential customer is on the
telephone with the bank setup department. Alternatively, the bank
may have rapid processing access to a credit report or abbreviated
credit report to use in lieu of or in addition to using the
pre-existing account information. This could be bank-originated
information or third-party originated information.
[0296] The quick setup procedure may also or alternatively employ
the location information provided by a user or computer which can
provide GPS or other secured locational information. This can be
cross-checked with an authenticating source, such as credit reports
or other authenticating information, advantageously from a
third-party authentication source.
[0297] The quick or instant setup procedure speeds setup by
providing to the potential customer a setup option wherein the
customer provides credit authentication information which can be
immediately accessed by the bank and used to provide setup approval
and authorization for credit using the customer account with the
bank. One example of such credit authentication information is the
indicated pre-existing credit card. Other quickly accessible
customer authentication and credit information may also be
alternatively used.
[0298] In this process the customer provides via the voice
telephone line or other setup communications linkage, an indication
of the bank card customer account number, customer name and
expiration date, similar to making a charge over the phone using
the pre-existing credit card. The bank then utilizes conventional
technology to seek authorization to charge the potential customer's
pre-existing charge account. The authorization request to the
pre-existing charge card account may or may not result in an actual
charge to the pre-existing account.
[0299] Full setup of the customer account with the bank may be
subsequently completed, yet the quick setup procedure will allow an
initial transaction or transactions to be approved by the bank
against the new customer's account.
[0300] When using the quick setup procedure, the bank will
typically limit the credit amount to a low initial value until the
full setup procedure can subsequently be completed. At that time
the bank may indicate that additional credit is available beyond
the quick setup credit limit given.
[0301] After the new customer has been approved using the quick
setup procedure, then the steps for activation and use will be the
same as those described above.
Alternative Process with Assurance to New Merchant
[0302] The quick or instant credit procedure described above can
also be used in the context of quick set up of a new merchant
account in the same or an analogous manner to that described above
in connection with quick set up of a new customer account. For
example, the merchant can use the merchant's pre-existing bank
card, e.g. a MASTERCARD.TM.. This can be used to authenticate the
merchant to allow a merchant account to be established with the
bank on a quick basis similar to the quick set up procedure for
customers described above. Subsequent completion of the full setup
procedure is preferred.
Further Explanation Concerning Aspects of the Invention
[0303] The invention may reside in an individual feature or
features or in combinations of features as set out herein in
summarized and exemplary forms. Although every novel combination
has not been individually discussed, it must be understood that the
various features, combinations, subcombinations and functions
recited herein are appropriately combined with one or more of the
other such features, combinations, subcombinations and functions to
serve as bases for claiming of patent protection on this
invention.
Further Indication of Aspects of the Invention
[0304] The invention can be considered in a number of different
combinations and subcombinations. Exemplary combinations and
subcombinations are set out below. It should be appreciated that
additional combinations and subcombinations can also be defined
consistent with the description given herein.
[0305] A method for conducting a purchase of goods or services over
the internet, the purchase being made by a customer using a
merchant for goods or services which are to be provided at a
delivery location, and wherein a bank assures payment to the
merchant for said purchase, comprising--
[0306] creating a customer account with the bank, said customer
account being associated with said customer; the customer account
also having: [0326] customer computer identification information
associating said customer account with at least one authorized
customer computer which is identifiable by the bank; [0327]
customer delivery address information associating said customer
account with at least one authorized customer delivery address;
[0307] creating a merchant account, said merchant account being
associated with said merchant; said merchant having a merchant
internet site at which the merchant offers goods or services;
[0308] displaying to the customer on the merchant internet site
indicia which indicates customers can choose to pay the merchant
using said bank;
[0309] detecting when a customer chooses to pay the merchant using
said bank;
[0310] obtaining computerized order information placed from an
ordering computer which indicates an order for chosen goods or
services being sought for purchase by the customer using the
merchant; said obtaining computerized order information
including:
[0311] obtaining an order delivery address indicating a location
for the delivery of the goods or services associated with the
order;
[0312] obtaining ordering computer identification information from
the ordering computer;
[0313] verifying said order delivery address by comparing said
order delivery address to said customer delivery address
information kept by the bank to assure it is an authorized to
customer delivery address;
[0314] verifying said ordering computer identification information
from the ordering computer by comparing said ordering computer
identification information to said customer computer identification
information kept by the bank to assure it is an authorized customer
computer;
[0315] communicating assurance of payment to the merchant in
connection with said order upon successful verification of said
order delivery address and said ordering computer identification
information.
[0316] A method for conducting a purchase of goods or services over
the internet, the purchase being made by a customer using a
merchant via a merchant internet site selling goods or services to
be provided at a delivery location, and wherein a bank assures
payment to the merchant for said purchase, comprising--
[0317] creating a customer account with the bank, said customer
account being associated with said customer; the customer account
also having: [0339] customer computer identification information
associating said customer account with at least one authorized
customer computer which is identifiable by the bank; [0340]
customer delivery address information associating said customer
account with at least one authorized customer delivery address;
[0318] detecting when a customer chooses to pay the merchant using
said bank;
[0319] obtaining computerized order information placed from an
ordering computer which indicates an order for chosen goods or
services being sought for purchase by the customer using the
merchant; said obtaining computerized order information including:
[0343] recording an order delivery address indicating a location
for the delivery of the goods or services associated with the
order; [0344] obtaining computer identification information from
the ordering computer;
[0320] verifying said order delivery address by comparing said
order delivery address to said authorized delivery address
information kept by the bank;
[0321] verifying that said computer identification information from
the ordering computer is from an authorized customer computer
associated with said customer account;
[0322] communicating assurance of payment to the merchant in
connection with said order upon successful verification of said
order delivery address and said computer identification
information.
[0323] A method for conducting a purchase of goods or services over
the internet, the purchase being made by a customer using a
merchant, said merchant having an internet site at which the
merchant offers goods or services; and wherein a bank assures
payment to the merchant, comprising--
[0324] creating a customer account with the bank that is associated
with said customer;
[0325] providing the customer account with customer account
information associated therewith which includes:
[0326] authorized user identification information associating said
customer account with at least one authorized user identification
code;
[0327] customer computer identification information associating
said customer account with at least one authorized customer
computer, said at least one authorized customer computer being
identifiable by the bank;
[0328] detecting when said customer chooses to pay the merchant
using said bank;
[0329] recording information indicating the customer has placed an
order which seeks to obtain using the merchant ordered goods or
services;
[0330] obtaining computer identification information about an
ordering computer from which said order has been placed;
[0331] verifying said computer identification information is from
an authorized customer computer associated with the customer
account;
[0332] recording user identification code information provided by a
user of the order computer when placing said order;
[0333] verifying said user identification code information by
comparing the user identification code information so provided in
comparison to authorized user identification codes associated with
the customer account;
[0334] communicating assurance of payment to the merchant upon
successful verification of said computer identification information
and said user identification code information.
[0335] A method for authorizing a purchase of goods or services
over the internet, the purchase being made by a customer using a
merchant, said merchant having an internet site at is which the
merchant offers goods or services; and wherein a bank authorizes
the purchase and assures payment to the merchant, comprising:
[0336] detecting when a customer chooses to pay the merchant using
said bank;
[0337] obtaining order information indicating the customer has
placed an order which seeks to obtain goods or services using the
merchant;
[0338] obtaining information about an order computer from which
said order has been placed;
[0339] accessing customer verification information which includes
authorized customer computer information which indicates one or
more computers which have been authorized for use in placing
orders;
[0340] verifying said order computer used in placing the order is
an authorized customer computer;
[0341] communicating to the merchant assurance of payment
information upon successful verification in said verifying
step.
[0342] A method for conducting a purchase of goods or services over
the internet, the purchase being made by a customer using a
merchant for goods or services which are to be provided at a
delivery location, and wherein a bank assures payment to the
merchant for said purchase, comprising--
[0343] creating a customer account with the bank, said customer
account being associated with said customer; the customer account
having verification information contained therein, said
verification information including information about at least one
of the following verification parameters:
[0344] customer delivery address information associating said
customer account with at least one authorized customer delivery
address;
[0345] customer computer identification information associating
said customer account with at least one authorized customer
computer which is identifiable by the bank;
[0346] authorized user identification information associating said
customer account with at least one authorized user identification
code; or,
[0347] authorized telephone caller identification information
including at least one authorized telephone caller identification
code;
[0348] creating a merchant account, said merchant account being
associated with said merchant; said merchant having a merchant
internet site at which the merchant offers goods or services;
[0349] detecting when a customer chooses to pay the merchant using
said bank;
[0350] communicating to the bank computerized order information
originating in connection with an order for chosen goods or
services being sought using the merchant by a user from an ordering
computer;
[0351] said step of communicating to the bank being performed in
connection with obtaining computerized information about at least
one of the following verification variables:
[0352] an order delivery address indicating a location for the
delivery of the goods or services associated with the order;
[0353] ordering computer identification information obtained from
the ordering computer;
[0354] ordering user identification information obtained from the
ordering user when the order is placed;
[0355] ordering telephone caller identification information
obtained when the order is placed;
[0356] validating said order by the bank using said computerized
order information and the verification information kept by the bank
in connection with said customer account;
[0357] communicating assurance of payment to the merchant in
connection with said order upon successful validation of said
order.
[0358] A method for conducting a purchase of goods or services over
the internet, the purchase being made by a customer using a
merchant for goods or services which are to be provided at a
delivery location, and wherein a bank assures payment to the
merchant for said purchase, comprising--
[0359] creating a customer account with the bank, said customer
account being associated is with said customer; the customer
account having verification information contained therein, said
verification information including information about at least one
of the following verification parameters:
[0360] customer delivery address information associating said
customer account with at least one authorized customer delivery
address;
[0361] customer computer identification information associating
said customer account with at least one authorized customer
computer which is identifiable by the bank;
[0362] authorized user identification information associating said
customer account with at least one authorized user identification
code; or,
[0363] authorized telephone caller identification information
including at least one authorized telephone caller identification
code;
[0364] detecting when a customer chooses to pay the merchant using
said bank;
[0365] communicating to the bank computerized order information
originating in connection with an order for chosen goods or
services being sought using the merchant by a user from an ordering
computer;
[0366] said step of communicating to the bank being performed in
connection with obtaining computerized information about at least
one of the following verification variables: [0392] an order
delivery address indicating a location for the delivery of the
goods or services associated with the order; [0393] ordering
computer identification information obtained from the ordering
computer; [0394] ordering user identification information obtained
from the ordering user when the order is placed; [0395] ordering
telephone caller identification information obtained when the order
is placed;
[0367] qualifying said order by the bank using said computerized
order information and the verification information kept by the bank
in connection with said customer account; is
[0368] communicating assurance of payment to the merchant in
connection with said order upon successful qualification of said
order.
[0369] A method for purchasing of goods or services and assuring
payment over the internet, the purchase being made by a customer
using a merchant, said merchant having an internet site at which
the merchant offers goods or services; and wherein a bank
authorizes the purchase and assures payment to the merchant,
comprising:
[0370] obtaining computerized order information indicating a
customer desires to place an order which seeks to obtain goods or
services using the merchant;
[0371] communicating the order information to the merchant;
[0372] providing customer information to the bank in connection
with said order information;
[0373] accessing customer verification information by the bank,
said customer verification information being previously set up by
the customer with the bank;
[0374] verifying that the customer order information provided in
connection with said order information is associated with said
customer;
[0375] verifying that order delivery address information is an
authorized delivery address associated with the customer;
[0376] providing delivery address information to the merchant in
connection with said order;
[0377] communicating from the bank to the merchant assurance of
payment information upon successful verification in said verifying
steps.
[0378] A method for facilitating purchasing of goods or services
and assuring payment over the internet, the purchase being made by
a customer using a merchant, said merchant having an internet site
at which the merchant offers goods or services; and wherein a bank
validates the purchase and assures payment to the merchant,
comprising:
[0379] telephoning the bank by the customer using a caller
identification phone line associated with the customer;
[0380] providing the bank with customer account information from
the customer using said caller identification phone line;
[0381] verifying that the customer account information given from
the customer using the is caller identification phone line is
consistent with account setup verification information which
includes the caller identification information available when the
customer uses the caller identification phone line;
[0382] creating a customer account with the bank, said customer
account being associated with said customer and having customer
account information including customer account verification
information;
[0383] obtaining order information indicating a customer desires to
place an order which seeks to obtain goods or services using the
merchant;
[0384] delivering the order information to the merchant;
[0385] providing customer information to the bank in connection
with said order information;
[0386] accessing customer verification information by the bank,
said customer verification information being previously set up by
the customer with the bank;
[0387] verifying that the customer order information provided in
connection with said order information is associated with said
customer;
[0388] communicating from the bank to the merchant assurance of
payment information upon successful verification in said verifying
steps.
[0389] A method performed by a bank for processing a purchase of
goods or services over the internet, the purchase being made by a
customer using a merchant via a merchant internet site selling
goods or services to be provided at a delivery location, and
wherein the bank assures payment to the merchant for said purchase,
comprising--
[0390] creating a customer account with the bank, said customer
account being associated with said customer; the customer account
also having:
[0391] customer computer identification information associating
said customer account with at least one authorized customer
computer which is identifiable by the bank;
[0392] customer delivery address information associating said
customer account with at least one authorized customer delivery
address;
[0393] detecting when a customer chooses to pay the merchant using
said bank;
[0394] obtaining computerized order information placed from an
ordering computer which indicates an order for chosen goods or
services being sought for purchase by the customer using the
merchant; said obtaining computerized order information
including:
[0395] receiving an order delivery address indicating a location
for the delivery of the goods or services associated with the
order;
[0396] obtaining computer identification information from the
ordering computer;
[0397] verifying said order delivery address by comparing said
order delivery address to said authorized delivery address
information kept by the bank;
[0398] verifying that said computer identification information from
the ordering computer is from an authorized customer computer
associated with said customer account;
[0399] communicating assurance of payment to the merchant in
connection with said order upon successful verification of said
order delivery address and said computer identification
information.
[0400] A method performed by a bank for processing a purchase of
goods or services over the internet, the purchase being made by a
customer using a merchant, said merchant having an internet site at
which the merchant offers goods or services; and wherein a bank
assures payment to the merchant, comprising--
[0401] creating a customer account with the bank that is associated
with said customer;
[0402] providing the customer account with customer account
information associated therewith which includes:
[0403] authorized user identification information associating said
customer account with at least one authorized user identification
code;
[0404] customer computer identification information associating
said customer account with at least one authorized customer
computer, said at least one authorized customer computer being
identifiable by the bank;
[0405] detecting when said customer chooses to pay the merchant
using said bank;
[0406] recording information indicating the customer has placed an
order which seeks to obtain using the merchant ordered goods or
services;
[0407] obtaining computer identification information about an
ordering computer from which said order has been placed;
[0408] verifying said computer identification information is from
an authorized customer computer associated with the customer
account;
[0409] recording user identification code information provided by a
user of the order computer when placing said order;
[0410] verifying said user identification code information by
comparing the user identification code information so provided in
comparison to authorized user identification codes associated with
the customer account;
[0411] communicating assurance of payment to the merchant upon
successful verification of said computer identification information
and said user identification code information.
[0412] A method performed by a bank for authorizing a purchase of
goods or services over the internet, the purchase being made by a
customer using a merchant, said merchant having an internet site at
which the merchant offers goods or services; and wherein a bank
authorizes the purchase and assures payment to the merchant,
comprising:
[0413] detecting by the bank when a customer chooses to pay the
merchant using said bank;
[0414] obtaining by the bank order information indicating the
customer has placed an order which seeks to obtain goods or
services using the merchant;
[0415] obtaining by the bank information about an order computer
from which said order has been placed;
[0416] accessing customer verification information which includes
authorized customer computer information which indicates one or
more computers which have been authorized for use in placing
orders;
[0417] verifying said order computer used in placing the order is
an authorized customer computer;
[0418] communicating from the bank to the merchant assurance of
payment information upon successful verification in said verifying
step.
[0419] A method for a bank authorizing a purchase of goods or
services and assuring payment over the internet, the purchase being
made by a customer using a merchant, said merchant having an
internet site at which the merchant offers goods or services; and
wherein a bank authorizes the purchase and assures payment to the
merchant, comprising:
[0420] detecting by the bank when a customer chooses to pay the
merchant using said bank;
[0421] obtaining by the bank order information indicating the
customer has placed an order which seeks to obtain goods or
services using the merchant;
[0422] obtaining by the bank order information about an order
computer from which said order has been placed;
[0423] obtaining by the bank order information about an order
delivery address to which said order is to be sent;
[0424] accessing customer verification information which includes
authorized customer computer information which indicates one or
more computers which have been authorized for use in placing
orders;
[0425] verifying said order computer used in placing the order is
an authorized customer computer;
[0426] verifying said order delivery address is an authorized
customer delivery address;
[0427] communicating from the bank to the merchant assurance of
payment information upon successful verification in said verifying
steps.
[0428] A method performed by a bank for authorizing a purchase of
goods or services and assuring payment over the internet, the
purchase being made by a customer using a merchant, said merchant
having an internet site at which the merchant offers goods or
services; and wherein a bank authorizes the purchase and assures
payment to the merchant, comprising:
[0429] detecting by the bank when a customer chooses to pay the
merchant using said to bank;
[0430] obtaining by the bank order information indicating the
customer has placed an order which seeks to obtain goods or
services using the merchant;
[0431] obtaining by the bank order information about an order
computer from which said order has been placed;
[0432] obtaining by the bank order information about an order
delivery address;
[0433] accessing customer verification information which includes
authorized customer computer information which indicates one or
more computers which have been authorized for use in placing
orders;
[0434] verifying said order computer used in placing the order is
an authorized customer computer;
[0435] verifying said order delivery address is an authorized
customer delivery address;
[0436] communicating from the bank to the merchant an authorized
delivery address and assurance of payment information upon
successful verification in said verifying steps.
[0437] A method performed by a bank for authorizing a purchase of
goods or services and assuring payment over the internet, the
purchase being made by a customer using a merchant, said merchant
having an internet site at which the merchant offers goods or
services; and wherein a bank authorizes the purchase and assures
payment to the merchant, comprising:
[0438] detecting by the bank when a customer chooses to pay the
merchant using said bank;
[0439] obtaining by the bank order information indicating the
customer has placed an order which seeks to obtain goods or
services using the merchant;
[0440] obtaining by the bank order telephone caller identification
information from which said order has been placed;
[0441] accessing customer verification information which includes
authorized customer computer information which indicates one or
more computers which have been authorized for use in placing
orders;
[0442] verifying said order computer used in placing the order is
an authorized customer computer;
[0443] verifying said order telephone caller identification
information is an authorized to customer telephone caller
identification;
[0444] communicating from the bank to the merchant an assurance of
payment information upon successful verification in said verifying
steps.
[0445] A method performed by a bank for authorizing a purchase of
goods or services over the internet, the purchase being made by a
customer using a merchant for goods or services which are to be
provided at a delivery location, and wherein a bank assures payment
to the merchant for said purchase, comprising--
[0446] creating a customer account with the bank, said customer
account being associated with said customer; the customer account
having verification information contained therein, said
verification information including information about at least one
of the following verification parameters:
[0447] customer delivery address information associating said
customer account with at least one authorized customer delivery
address;
[0448] customer computer identification information associating
said customer account with at least one authorized customer
computer which is identifiable by the bank;
[0449] authorized user identification information associating said
customer account with at least one authorized user identification
code; or,
[0450] authorized telephone caller identification information
including at least one authorized telephone caller identification
code;
[0451] detecting by the bank when a customer chooses to pay the
merchant using said bank;
[0452] obtaining by the bank computerized order information
originating in connection with an order for chosen goods or
services being sought by a user from an ordering computer;
[0453] said step of obtaining by the bank computerized order
information being performed in connection with obtaining
computerized information about at least one of the following
verification variables: [0483] an order delivery address indicating
a location for the delivery of the goods or services associated
with the order; [0484] ordering computer identification information
obtained from the ordering computer; ordering user identification
information obtained from the ordering user when the order is
placed; [0486] ordering telephone caller identification information
obtained when the order is placed;
[0454] validating said order by the bank using said computerized
order information and the verification information kept by the bank
in connection with said customer account;
[0455] communicating from the bank to the merchant assurance of
payment upon successful validation of said order.
[0456] A method performed by a merchant for conducting a purchase
of goods or services over the internet, the purchase being made by
a customer using the merchant for goods or services which are to be
provided at a delivery location, and wherein a bank assures payment
to the merchant for said purchase, comprising
[0457] displaying to the customer on the merchant internet site
indicia which indicates customers can choose to pay the merchant
using said bank;
[0458] detecting when a customer chooses to pay the merchant using
said bank;
[0459] obtaining computerized order information placed from an
ordering computer which indicates an order for chosen goods or
services being sought for purchase by the customer using the
merchant; said obtaining computerized order information
including:
[0460] obtaining an order delivery address indicating a location
for the delivery of the goods or services associated with the
order;
[0461] obtaining ordering computer identification information from
the ordering computer;
[0462] submitting said order delivery address to the bank for
verification of said order delivery address kept by the bank to
assure it is an authorized customer delivery address;
[0463] verifying said ordering computer identification information
from the ordering to computer by comparing said ordering computer
identification information to said customer computer identification
information kept by the bank to assure it is an authorized customer
computer;
[0464] receiving assurance of payment from the bank to the merchant
in connection with said order upon successful verification of said
order delivery address and said ordering computer identification
information.
[0465] A method performed by a customer for conducting a purchase
of goods or services over the internet, the purchase being made by
a customer using a merchant for goods or services which are to be
provided at a delivery location, and wherein a bank assures payment
to the merchant for said purchase, comprising--
[0466] creating a customer account with the bank, said customer
account being associated with said customer; the customer account
having verification information contained therein, said
verification information including information about at least one
of the following verification parameters:
[0467] customer delivery address information associating said
customer account with at least one authorized customer delivery
address;
[0468] customer computer identification information associating
said customer account with at least one authorized customer
computer which is identifiable by the bank;
[0469] authorized user identification information associating said
customer account with at least one authorized user identification
code; or,
[0470] authorized telephone caller identification information
including at least one authorized telephone caller identification
code;
[0471] detecting when a customer chooses to pay the merchant using
said bank;
[0472] communicating from the customer to the bank computerized
order information originating in connection with an order for
chosen goods or services being sought using the merchant by a user
from an ordering computer;
[0473] said step of communicating from the customer to the bank
being performed in to connection with computerized information
about at least one of the following verification variables:
[0474] an order delivery address indicating a location for the
delivery of the goods or services associated with the order;
[0475] ordering computer identification information obtained from
the ordering computer;
[0476] ordering user identification information obtained from the
ordering user when the order is placed;
[0477] ordering telephone caller identification information
obtained when the order is placed.
[0478] A method for establishing a customer account with a bank
which is used to pay merchants in connection with internet purchase
transactions for goods or services, comprising:
[0479] creating a customer account with the bank, said customer
account being associated with said customer and having customer
account information; said customer account information including
customer computer identification information associating said
customer account with at least one authorized customer computer
which is identifiable by the bank while the customer is in
communication over the internet.
[0480] A method for establishing a customer account with a bank
which is used to pay merchants in connection with internet purchase
transactions for goods or services, comprising:
[0481] telephoning the bank by the customer using a caller
identification phone line associated with the customer;
[0482] providing the bank with customer account information from
the customer using said caller identification phone line;
[0483] verifying that the customer account information given from
the customer using the caller identification phone line is
consistent with account setup verification information which
includes the caller identification information available when the
customer uses the caller identification phone line;
[0484] creating a customer account with the bank, said customer
account being associated with said customer and having customer
account information; said customer account information to including
customer computer identification information associating said
customer account with at least one authorized customer computer
which is identifiable by the bank while the customer is in
communication over the internet.
[0485] A method for establishing a customer account with a bank
which is used to pay merchants in connection with internet purchase
transactions for goods or services, comprising:
[0486] telephoning between the bank and the customer to provide
oral explanation of customer account information using a caller
identification phone line associated with the customer, said oral
explanation of customer account information including:
[0487] customer name information;
[0488] at least one authorized customer delivery address;
[0489] at least one authorized user identification code;
[0490] verifying that the customer account information given from
the customer using the caller identification phone line is
consistent with account setup verification information which
includes the caller identification information available when the
customer uses the caller identification phone line;
[0491] creating a customer account with the bank, said customer
account being associated with said customer and having customer
account information; said customer account information
including:
[0492] customer computer identification information associating
said customer account with at least one authorized customer
computer which is identifiable by the bank while the customer is in
communication over the internet;
[0493] customer delivery address information associating said
customer account with at least one authorized customer delivery
address;
[0494] authorized user identification information associating said
customer account with at least one authorized user identification
code.
[0495] A method for purchasing of goods or services and assuring
payment over the internet, the purchase being made by a customer
using a merchant, said merchant having an to internet site at which
the merchant offers goods or services; and wherein a bank
authorizes the purchase and assures payment to the merchant,
comprising:
[0496] obtaining order information indicating a customer desires to
place an order which seeks to obtain goods or services using the
merchant;
[0497] delivering the order information to the merchant;
[0498] providing customer verification information to the bank;
[0499] accessing customer verification information by the bank,
said customer verification information being previously set up with
the bank;
[0500] verifying that the order information is associated with the
customer using the customer verification information;
[0501] providing delivery address information to the merchant from
the bank in connection with said order;
[0502] communicating from the bank to the merchant assurance of
payment information upon successful verification in said verifying
step.
[0503] A method for purchasing of goods or services and assuring
payment over the internet, the purchase being made by a customer
using a merchant, said merchant having an internet site at which
the merchant offers goods or services; and wherein a bank
authorizes the purchase and assures payment to the merchant,
comprising:
[0504] obtaining by the bank computerized order information
indicating a customer desires to place an order which seeks to
obtain goods or services using the merchant;
[0505] communicating the at least some of the order information
from the bank to the merchant;
[0506] providing customer information to the bank in connection
with said order information;
[0507] accessing customer verification information by the bank,
said customer verification information being previously set up by
the customer with the bank;
[0508] verifying that the customer order information provided in
connection with said order information is associated with said
customer;
[0509] verifying that order delivery address information is an
authorized delivery address associated with the customer;
[0510] providing delivery address information to the merchant in
connection with said order;
[0511] communicating from the bank to the merchant assurance of
payment information upon successful verification in said verifying
steps.
[0512] A method for purchasing of goods or services and assuring
payment over the internet, the purchase being made by a customer
using a merchant, said merchant having an internet site at which
the merchant offers goods or services; and wherein a bank
authorizes the purchase and assures payment to the merchant,
comprising:
[0513] obtaining order information indicating a customer desires to
place an order which seeks to obtain goods or services using the
merchant;
[0514] delivering a first portion of the order information to the
merchant using a customer computer;
[0515] delivering a second portion of the order information to the
merchant via a bank computer;
[0516] providing customer information to the bank in connection
with said order information;
[0517] accessing customer verification information by the bank,
said customer verification information being previously set up by
the customer with the bank;
[0518] verifying that the customer information provided in
connection with said order information is associated with said
customer;
[0519] communicating from the bank to the merchant assurance of
payment information upon successful verification in said verifying
step.
[0520] A method for validating a purchase of goods or services over
the internet, the purchase being made by a customer using a
merchant, said merchant having an internet site at which the
merchant offers goods or services; and wherein a bank authorizes
the purchase and assures payment to the merchant, comprising:
[0521] detecting when a customer chooses to pay the merchant using
said bank;
[0522] obtaining order information indicating the customer has
placed an order which seeks to obtain goods or services using the
merchant;
[0523] obtaining information about an order computer from which
said order has been to placed;
[0524] accessing customer verification information which includes
authorized customer computer information which indicates one or
more computers which have been authorized for use in placing
orders;
[0525] verifying said order computer used in placing the order is
an authorized customer is computer;
[0526] validating the order.
[0527] A method for conducting a purchase of goods or services over
the internet, the purchase being made by a customer using a
merchant for goods or services which are to be provided at a
delivery location, and wherein a bank assures payment to the
merchant for said purchase, comprising--
[0528] creating a customer account with the bank, said customer
account being associated with said customer; the customer account
also having:
[0529] customer computer global positioning satellite location
identification information associating said customer account with
at least one authorized customer computer which is identifiable by
the bank using global positioning satellite location
information;
[0530] customer delivery address information associating said
customer account with at least one authorized customer delivery
address;
[0531] creating a merchant account, said merchant account being
associated with said merchant; said merchant having a merchant
internet site at which the merchant offers goods or services;
[0532] obtaining computerized order information placed from an
ordering computer which indicates an order for chosen goods or
services being sought for purchase by the customer using the
merchant; said obtaining computerized order information
including:
[0533] obtaining an order delivery address indicating a location
for the delivery of the goods or services associated with the
order;
[0534] obtaining ordering computer global positioning satellite
location information indicating location of the ordering
computer;
[0535] verifying said order delivery address by comparing said
order delivery address to said customer delivery address
information kept by the bank to assure it is an authorized customer
delivery address;
[0536] verifying said ordering computer global positioning
satellite location information from the ordering computer by
comparing said ordering computer global positioning satellite
location information to said customer computer global positioning
satellite information kept by the bank to assure it is an
authorized customer computer location;
[0537] communicating assurance of payment to the merchant in
connection with said order upon successful verification of said
order delivery address and said ordering computer global
positioning satellite location information.
[0538] A method as indicated above and further comprising crediting
funds to the merchant account in payment of said order.
[0539] A method as indicated above--
[0540] wherein said customer account information further includes
authorized user identification information including at least one
authorized user identification code;
[0541] and further comprising, before said communicating step:
[0542] obtaining user identification code information provided by a
user of the ordering computer when placing said order;
[0543] verifying said user identification code information by
comparing the user identification code information so provided in
comparison to authorized user identification codes associated with
the customer account.
[0544] A method as indicated above--
[0545] wherein said customer account information further includes
authorized telephone caller identification information including at
least one authorized telephone caller identification code;
[0546] and further comprising before said communicating step:
[0547] obtaining telephone caller identification information from a
telephone order line used to place the order;
[0548] verifying that the telephone caller identification
information obtained from the telephone order line is an authorized
telephone caller is identification code associated with the
customer account.
[0549] A method as indicated above--
[0550] wherein said customer account information further
includes:
[0551] authorized user identification information associating said
customer account with at least one authorized user identification
code;
[0552] authorized telephone caller identification information
including at least one authorized telephone caller identification
code;
[0553] and further comprising, before said communicating step:
[0554] obtaining user identification code information provided by a
user of the ordering computer when placing said order;
[0555] verifying said user identification code information by
comparing the user identification code information so provided in
comparison to authorized user identification codes associated with
the customer account;
[0556] obtaining user telephone caller identification information
from a telephone order line used by the user to place the
order;
[0557] verifying that the telephone caller identification
information obtained from the telephone order line is an authorized
user telephone caller identification code associated with said
customer account.
[0558] A method as indicated above wherein the customer contacts
the merchant internet site and builds an order file.
[0559] A method as indicated above wherein the customer contacts
the merchant internet site and builds an order file at least part
of which is obtained by the bank in said obtaining computerized
order information.
[0560] A method as indicated above wherein the customer, banker and
merchant are in approximately simultaneous communication as the
order is placed and assurance of payment is communicated to the
merchant.
[0561] A method as indicated above wherein:
[0562] communicating between the customer and merchant internet
site to provide the is merchant with a first portion of a merchant
order file in connection with placing said order;
[0563] communicating between said customer and said bank to create
a bank customer order file;
[0564] communicating between the bank and the merchant to provide
the merchant with a second portion of the merchant order file, said
second portion of the merchant order file being based at least in
part on said bank customer order file.
[0565] A method as indicated above wherein the customer account
includes customer account verification information which is
supplied via a second customer information source which is not via
the internet.
[0566] A method as indicated above wherein the customer account
includes customer account verification information which is
supplied via a telephone line.
[0567] A method as indicated above wherein the customer account
includes customer account verification information which is
supplied via a telephone voice line.
[0568] A method as indicated above and further comprising
transferring order information from the bank to the merchant.
[0569] A method as indicated above providing order information to
the merchant from both the bank and the customer.
[0570] A method as indicated above wherein said creating a customer
account includes supplying at least some customer account
verification information before the step of obtaining computerized
order information.
[0571] A method as indicated above wherein said creating a customer
account includes supplying at least some customer account
verification information from a secondary source before the step of
obtaining computerized order information.
[0572] A method as indicated above wherein said creating a customer
account includes supplying at least some customer account
verification information using an alternative communications
carrier before the step of obtaining computerized order
information.
[0573] A method as indicated above wherein said creating a customer
account includes;
[0574] supplying at least some customer account verification
information before the step of obtaining computerized order
information, and
[0575] supplying at least some customer account verification
information using an is alternative communications carrier.
[0576] A method for conducting a purchase of goods or services over
the internet, the purchase being made by a customer using a
merchant for goods or services which are to be provided at a
delivery location, and wherein a bank assures payment to the
merchant for said purchase, comprising--
[0577] creating a customer account with the bank, said customer
account being associated with said customer; the customer account
also having:
[0578] customer computer global positioning satellite location
identification information associating said customer account with
at least one authorized customer computer which is identifiable by
the bank using global positioning satellite location
information;
[0579] customer delivery address information associating said
customer account with at least one authorized customer delivery
address;
[0580] obtaining computerized order information placed from an
ordering computer which indicates an order for chosen goods or
services being sought for purchase by the customer using the
merchant; said obtaining computerized order information
including:
[0581] obtaining an order delivery address indicating a location
for the delivery of the goods or services associated with the
order;
[0582] obtaining ordering computer global positioning satellite
location information indicating location of the ordering
computer;
[0583] verifying said order delivery address by comparing said
order delivery address to said customer delivery address
information kept by the bank to assure it is an authorized customer
delivery address;
[0584] verifying said ordering computer global positioning
satellite location information from the ordering computer by
comparing said ordering computer global positioning satellite
location information to said customer computer global positioning
satellite information kept by the bank to assure it is an
authorized customer computer location;
[0585] communicating assurance of payment to the merchant in
connection with said order upon successful verification of said
order delivery address and said ordering computer identification
information.
[0586] A method as indicated above--
[0587] wherein said customer account information further includes
authorized user identification information including at least one
authorized user identification code;
[0588] and further comprising, before said communicating step:
[0589] obtaining user identification code information provided by a
user of the ordering computer when placing said order;
[0590] verifying said user identification code information by
comparing the user identification code information so provided in
comparison to authorized user identification codes associated with
the customer account.
[0591] A method as indicated above--
[0592] wherein said customer account information further includes
authorized telephone caller identification information including at
least one authorized telephone caller identification code;
[0593] and further comprising before said communicating step:
[0594] obtaining telephone caller identification information from a
telephone order line used to place the order;
[0595] verifying that the telephone caller identification
information obtained from the telephone order line is an authorized
telephone caller identification code associated with the customer
account.
[0596] A method as indicated above--
[0597] wherein said customer account information further
includes:
[0598] authorized user identification information associating said
customer account with at least one authorized user identification
code;
[0599] authorized telephone caller identification information
including at least one authorized telephone caller identification
code; is
[0600] and further comprising, before said communicating step:
[0601] obtaining user identification code information provided by a
user of the ordering computer when placing said order;
[0602] verifying said user identification code information by
comparing the user identification code information so provided in
comparison to authorized user identification codes associated with
the customer account;
[0603] obtaining user telephone caller identification information
from a telephone order line used by the user to place the
order;
[0604] verifying that the telephone caller identification
information obtained from the telephone order line is an authorized
user telephone caller identification code associated with said
customer account.
[0605] A method as indicated above wherein the customer contacts
the merchant internet site and builds an order file.
[0606] A method as indicated above wherein the customer contacts
the merchant internet site and builds an order file at least part
of which is obtained by the bank in said obtaining computerized
order information.
[0607] A method as indicated above wherein the customer, banker and
merchant are in approximately simultaneous communication as the
order is placed and assurance of payment is communicated to the
merchant.
[0608] A method as indicated above wherein:
[0609] communicating between the customer and merchant internet
site to provide the merchant with a first portion of a merchant
order file in connection with placing said order;
[0610] communicating between said customer and said bank to create
a bank customer to order file;
[0611] communicating between the bank and the merchant to provide
the merchant with a second portion of the merchant order file, said
second portion of the merchant order file being based at least in
part on said bank customer order file.
[0612] A method as indicated above wherein the customer account
includes customer is account verification information which is
supplied via a second customer information source which is not via
the internet.
[0613] A method as indicated above wherein the customer account
includes customer account verification information which is
supplied via a telephone line.
[0614] A method as indicated above wherein the customer account
includes customer account verification information which is
supplied via a telephone voice line.
[0615] A method as indicated above and further comprising
transferring order information from the bank to the merchant.
[0616] A method as indicated above providing order information to
the merchant from both the bank and the customer.
[0617] A method as indicated above wherein said creating a customer
account includes supplying at least some customer account
verification information before the step of obtaining computerized
order information.
[0618] A method as indicated above wherein said creating a customer
account includes supplying at least some customer account
verification information from a secondary source before the step of
obtaining computerized order information.
[0619] A method as indicated above wherein said creating a customer
account includes supplying at least some customer account
verification information using an alternative communications
carrier before the step of obtaining computerized order
information.
[0620] A method as indicated above wherein said creating a customer
account includes;
[0621] supplying at least some customer account verification
information before the step of obtaining computerized order
information, and
[0622] supplying at least some customer account verification
information using an to alternative communications carrier.
[0623] A method for conducting a purchase of goods or services over
the internet, the purchase being made by a customer using a
merchant for goods or services and wherein a bank assures payment
to the merchant for said purchase, comprising:
[0624] creating a customer account with the bank, said customer
account being associated is with said customer; the customer
account also having an internet specific account number;
[0625] obtaining computerized order information placed from an
ordering computer using a first internet communications link which
indicates an order for chosen goods or services being sought for
purchase by the customer using the merchant; said obtaining
computerized order information further including said internet
specific account number;
[0626] establishing communications between said merchant and said
bank using a second internet communications link and communicating
at least said internet specific account number therewith and a
request for assurance of payment;
[0627] establishing communications between said bank and said
customer using a third internet communications link and
communicating order information therewith;
[0628] performing a verification analysis by using said
communications between said bank and said customer;
[0629] communicating a response to said request for assurance of
payment to the merchant in connection with said verification
analyses which is used to condition whether assurance of payment is
made by the bank to the merchant.
[0630] A method as indicated above wherein said step of
establishing communications between said bank and said customer is
initiated by said internet specific account number being
communicated between the merchant and said bank.
[0631] A method as indicated above wherein said communications
between said merchant and said bank includes information concerning
and expiration date field that is variable for different
transactions to provide a changeable transactional user
identification field which can be used in at least part of said
verification analysis.
[0632] A method performed by a bank in processing a request for
assurance of payment from a merchant concerning a customer order,
comprising:
[0633] receiving from a merchant a request for assurance of payment
via a first internet communications link;
[0634] communicating with a customer computer via a second internet
communications link;
[0635] performing in said step of communicating with a customer
computer a verification analysis to determine if the customer
computer is genuine using prearranged verification is
parameters;
[0636] communicating a response to said request for assurance of
payment to the merchant in connection with said verification
analyses which is used to condition whether assurance of payment is
made by the bank to the merchant.
[0637] A method as indicated above wherein said step of
communicating with a customer computer is with a customer computer
involved in making said customer order.
[0638] A method for establishing a customer account with a bank
which is used to pay merchants in connection with internet purchase
transactions for goods or services, comprising:
[0639] creating a customer account with the bank, said customer
account being associated with said customer and having customer
account information; said customer account information including
customer computer identification information associating said
customer account with at least one authorized customer computer
which is identifiable by the bank while the customer is in
communication over the internet;
[0640] assigning an internet-only account number to the customer
account which requires confirmation prior to approval of any
request for assurance of payment submitted by a merchant to the
bank.
[0641] A method as indicated above wherein the customer account
information further includes authorized user identification
information associating said customer account with at least one
authorized user identification code.
[0642] A method as indicated above wherein the customer account
information further includes authorized telephone caller
identification information including at least one authorized
telephone caller identification code.
[0643] A method as indicated above wherein the customer account
information further includes:
[0644] customer delivery address information associating said
customer account with at least one authorized customer delivery
address;
[0645] authorized user identification information associating said
customer account with at least one authorized user identification
code.
[0646] A method as indicated above wherein the customer account
information includes customer computer identification information
which indicates at least one identification code written onto the
at least one authorized customer computer by said bank.
[0647] A method as indicated above wherein the customer account
information includes customer computer identification information
which indicates plural identification codes written onto the at
least one authorized customer computer.
[0648] A method as indicated above wherein the customer account
information includes customer computer identification information
which indicates plural identification codes written onto the at
least one authorized customer computer by said bank.
[0649] A method as indicated above wherein the customer contacts
the bank using a telephone with caller identification and the
customer provides customer account information via the
telephone.
[0650] A method for validating a purchase of goods or services over
the internet, the purchase being made by a customer using a
merchant, said merchant having an internet site at which the
merchant offers goods or services; and wherein a bank authorizes
the purchase and assures payment to the merchant, comprising:
[0651] detecting when a customer chooses to pay the merchant using
an internet-only account by said bank;
[0652] obtaining order information indicating a customer order
using the merchant;
[0653] accessing customer verification information;
[0654] verifying said order information has been generated using an
authorized customer computer;
[0655] validating the order.
Additional Procedures
[0656] Additional improved forms of the invention may include novel
procedures which are directed at providing improved and relatively
automatic processing having confirmation security and the ability
to carry out internet transactions using existing merchant order
taking software or merchant order taking software needing only
limited modifications. These novel methodologies are directed to
simplifying the transformation needed relative to the merchant is
handling of confirmed internet purchasing transactions. These forms
of the invention are also directed to providing a user procedure
which is similar to prior art internet sales ordering from the
perspective of the user and customer, although there are added
procedural steps needed to set up the customer account and certain
added processing is done which is either transparent to or easily
carried out by the user/customer. The additional aspects of these
forms of the invention will now be described in greater detail with
support also provided from the description given hereinabove.
[0657] In this implementation of the invention the bank creates a
class of customer accounts which are specifically capable of
internet purchasing. More preferably, the class of customer
accounts are internet only accounts which are only for carrying out
purchase transactions over the internet and are not enabled for use
at retail sales conducted in person, over the telephone and other
traditional uses other than via the internet. For convenience,
these customer accounts shall hereinafter be referred to as
internet-only customer accounts.
[0658] In these implementations the customer computers receive bank
purchasing software. The ordering and/or confirming computer would
have bank purchasing software installed thereon which is capable of
interaction with the bank during verification or authentication
processing and confirmation processing. Such bank purchasing
software could be downloaded off of the internet by the customer as
part of the set up of the account. Set up of the customer account
and a user or users thereunder is as explained above, except the
customer and or users are assigned the internet specific account
number. A further optional set up aspect occurs in connection with
any implementation using variable expiration date field which is
explained further below.
[0659] In addition to receiving the bank purchasing software, the
customer would go through an additional setup procedure which
preferably would be done by having the customer computer placed in
communication with a bank computer. This would preferably be done
via telephone modem between the customer computer and the bank
computer, preferably allowing caller i.d. to be used in
authenticating the setup information. Additional authenticating
information can also be used at this time and prior to allowed use
of the internet account.
[0660] The account set up procedure would in general involve
encoding the customer computer in a manner which would uniquely
identify the customer computer in subsequent verification or
authentication exchanges between the customer computer and the bank
computer. Customer account set up would also provide a basis for
verifying or authenticating other user, customer and communications
vehicle identification and information.
[0661] Subsequent to the initial setup, it is also desirable to
have security enhancing updates to the customer and user records.
These might include the following. Automatic encoding update
sessions could be done on a regular or irregular basis to keep
authentication and verification information changing and current
between the customer and bank. Such automatic encoding update
sessions would allow the customer computers to be kept current with
regard to proper authentication coding. Updating would help prevent
customer computers from being misused for any substantial period of
time.
[0662] The internet-only customer accounts will require a
confirmation procedure to take place prior to the bank providing
assurance of payment or actual payment to the merchant. The
confirmation procedure will involve verification analysis to be
performed between the bank and the customer. Such confirmation
procedure will preferably be done over the internet using a
distinct communications link from the communications link used by
the customer to build and submit an order file to an internet
merchant. Alternatively, verification could be undertaken via
telephone and modem where conditions warrant, such as where
transaction values are high.
[0663] In some of the preferred forms for implementing this
procedure the customer user contacts a merchant internet web site
in a typical manner, such as described further hereinabove. An
order file is built or partially built by the customer creating a
listing of desired goods and or services. The procedure relative to
arranging for payment for the customer order may be conducted in
the following fashion in preferred implementations. The
customer-user is previously in possession of an internet-only
account number. The internet-only account number is only usable
over the internet and is preferably of a form which is
conventional, such as the 16-digit, account identification numbers
commonly used by current charge and debit accounts. The
internet-only accounts are structured using a numbering or other
identification character code which can be accommodated by
conventional internet merchant order processing software. The
internet-only accounts are identifiable as such by a processing
bank or other intermediary payment processing agent acting for the
bank as internet-only accounts. The customer places the order in
the typical fashion using the internet-only account number into the
order file software of the merchant. The merchant then submits the
request for assurance of payment to the bank or its agent
requesting authorization to accept the charge or debit to the
customer account. The bank or agent processing the request for
payment or assurance of payment recognizes the merchant's request
as involving a customer account which is an internet-only account
from the account number. The desired processes preferably have the
further attribute of invoking a requirement that the merchant
request is not authorized without confirmation of the transaction
by the bank. The confirmation of the transaction is preferably a
verified confirmation such as described at length hereinabove.
[0664] The preferred procedures involved in this implementation
thus involve a verified or authenticated communications exchange
between the bank and customer concerning the particular order
involved. This is most preferably done nearly simultaneously with
the placement of the order, but can be done either before or after
submission of part or all of the order to the merchant.
Alternatively, the order may be provided by placement of order
parts coming from both the customer and bank. The transaction is
identified by a transaction identification, such as a transaction
number which is not fraud enabling if intercepted by a third
party.
[0665] The above is advantageously combined with automated
instigation of the bank-customer communications link which allows
the exchange of information, including verification information or
authentication information of the type or types explained
hereinabove or other suitable alternatives such that the customer
and customer user are verified or authenticated to be the real
party associated with a particular customer account and user as set
up with the bank.
[0666] In one exemplary implementation of this form of the
invention the customer contacts a merchant web site via a first
communications link via the internet and then builds essential
parts of an order file, such as the nature of goods or services
requested, the shipping address and a transaction identification
number. Upon initiation by the customer user the to software on the
user's computer initiates a second communications link with the
bank which is distinct from the first communications link used with
the merchant. The user is queried for one or more verification
parameters or authentication parameters allowing the bank computer
to reliably determine that the customer and user are genuine. The
user's computer thereafter communicates the transaction
identification information, amount of value associated with the
goods or services and can additionally include shipping address
information or other information. The verification or
authentication parameters used by the bank in this inquiry is
preferably variable from one transaction to another transaction in
a manner that is unknown and unpredictable to the user or customer
and which draws from a plurality, more preferably a multitude of
different available verification or authentication parameters.
[0667] In a further alternative manner of implementation the
expiration date field commonly used in charge card transactions may
also be used as an initial or preliminary identification screening
code which must match certain criteria and be consistent with the
internet-only account number being used. Such may be used in an
alternative implementation of the invention wherein the initiation
of an order file causes the merchant to initiate a third
communications linkage between the merchant and bank submitting
information concerning a particular transaction. This may allow the
expiration field to act as a personal identification field because
the account is an internet-only account and there is no card
bearing the expiration date field to be stolen. The expiration date
field can thus be subject to frequent change or change at each
different transaction according to an algorithm either contained in
the software included on the user's computer or can be set by the
bank after each transaction for the succeeding transaction.
[0668] In this embodiment the internet-only account is not fraud
enabling because the assurance of payment routine is subject to
confirmation by the bank in addition to the constant or frequent
variation of the expiration date field coupled with the indication
by the nature of the internet-only account number that confirmation
is required. The expiration date field serving as an initial user
identification could be advantageous in providing an initial
screening technique allowing the bank transaction processing system
to screen out obviously erroneous or fraudulent attempts to use the
internet-only account number because the expiration date field for
a particular account could be reset and be easily reviewed by the
bank processing software. Attempts to randomly seek out use of the
internet-only account number by attempting to try various
expiration dates different from the expected expiration date could
be used to deactivate the internet-only account number.
[0669] Authorization requests from merchants on transactions having
the correct customer account number and initial screening PIN, but
which did not yet have customer confirmation, is would receive a
response indicating the transaction was pending subject to customer
confirmation. Authorization requests would be denied if some aspect
of the authorization request was irregular, e.g. the account number
was incorrect or had been inactivated, or if the initial PIN was
incorrect. If customer name information was included, then an
incorrect name could also cause rejection of the authorization
request upon initial review by the bank processing of a request for
assurance of payment communication by a merchant to the bank.
[0670] If the merchant ordering software already has a field for
input of user personal identification code (PIN), then this could
be used instead of the expiration date field. Nonetheless, a
confirmation process would still be performed prior to assurance of
payment.
[0671] In another preferred form the use of one of the special
internet account numbers automatically causes the merchant request
for authorization to become a request for assurance of payment. The
request for authorization could also be treated in a manner the
same as or similar to current processing. If the user initial PIN
number is incorrect, then the request for authorization is on its
face denied. The authorization request could be processed by bank
in a typical manner using current authorization procedures and
systems. However, authorization or assurance of payment would not
be provided to the merchant unless and until the customer had
confirmed the order.
[0672] If the order was confirmed by the customer at the time the
order was placed and the verification and/or authentication
procedures were passed, then the merchant would receive assurance
of payment or authorization to charge in response to the
authorization request.
[0673] Authorization requests from merchants on transactions having
the correct customer account number and PIN, but which did not yet
have customer confirmation, would receive a response indicating the
transaction was pending subject to customer confirmation.
[0674] Authorization requests would be denied if some aspect of the
authorization request was irregular, e.g. the account number was
incorrect or had been inactivated, or if the initial PIN was
incorrect.
[0675] If customer name was included, then an incorrect name could
also cause rejection of the authorization request.
[0676] The internet account purchase transactions would require
confirmation. The confirmations would occur using one or more
communications exchanges between a customer computer and bank
computers. The bank computers would be accessed in a manner
different from the associated merchant authorization request. In
some situations, confirmation might be done later if access to the
bank customer computer bank was unavailable at the time the
customer placed the order with the merchant. Alternatively, a
customer could pre-authorize in some instances undergoing the same
verification and or authentication process or processes.
[0677] The customer confirmation would typically be made using the
ordering computer. This would allow easier verification or
authentication of the user and customer computer. The verification
and authentication procedures might be very simple or completely
transparent. For example, a transaction identification tracking
number might be automatically assigned by the customer computer
using the bank purchasing software and then this would be used
along with automated verification. Information about the order
could then be stored by the customer computer and relayed to the
bank customer computer bank for confirming the merchant
authorization request.
[0678] Alternatively, it may be possible to accept confirmation
from a computer other than the ordering computer if adequate
verification or authentication procedures are met, e.g. by
requiring additional verification or authentication procedures to
be followed by the user in order to confirm the order, such as
explained in detail hereinabove. The confirmation exchange between
bank and the customer would typically be more than just a message
from the customer confirming the order. It would preferably include
some type of verification or authentication exchange which involved
some back and forth interaction that greatly improves reliability
of the exchange for purposes of verifying or authenticating the
confirmation. The verification/authentication subroutine would
involve queries from bank to the customer computer or user to
assure that the party confirming the order is the customer's
authorized user. The authentication and verification parameters
would change from transaction to transaction so that fraudulent
attempts would be discovered using fields that are difficult or
impossible to know unless the computer and or user are legitimate.
This might include purchasing history information as well as set up
information as explained hereinabove.
[0679] The above is flexible enough to allow user confirmation even
though the customer computer is not being used. This would
typically entail much stricter user verification and or
authentication analysis to make up for the absence of computer
verification/authentication. Where shipping address is
pre-authorized then the verification/authentication procedures may
be simplified to speed processing between bank and the customer in
the bulk of the transactions.
[0680] The implementation preferably utilizes at least two and more
preferably three different communications links in performing the
methods. For example, the internet link between the customer and
merchant would be determined by ordinary internet processing. If
the customer then seeks to immediately confirm the order with bank,
then the bank purchasing software will determine the communications
link used between the customer and merchant and then direct the
communication between the customer and bank along a different
internet route to further diminish the possibility of intercepting
both communications. This will reduce possible interception of both
communications to the local internet service provider serving the
customer and would allow tracking of fraudulent transactions
involving interception of both communications back to that
facility. The merchant would communication with the bank using
another link which may involve the customer, but could
advantageously be a third distinct communications link.
[0681] Internet purchases using such technology would involve bank
processing which may justify improved bank fees and or savings are
fraudulent transactions. The procedures involve bank verification
of each internet charge transaction with the customer. The
decreased loss due to diminished fraudulent transactions will save
substantial amounts. Not only are internet transactions helped, but
the widespread use by customers of internet dedicated accounts may
reduce the general use of regular accounts and thus reduce
fraudulent use of such regular accounts. Further reductions may be
realized when customer and merchants favor internet dedicated
accounts for internet sales.
[0682] Customers could have the special internet accounts billed
separately or integrated with their regular Visa or MasterCard
account postings. The internet accounts could be a subaccount
associated with existing accounts but using different
identification numbers and the PIN in the expiration field. The
added security to the customer reduces the risk of identity theft
and all the negative aspects that customers can run into.
[0683] The new procedures may also be sufficient to justify
assurance of payment more quickly to the merchants. This may create
increased motivation for merchants to have customers is use this
type of account as compared to current general purpose Visa or
MasterCard accounts. The end result may be a very substantial
increase in revenues and in customer base.
[0684] A key concept is that the new procedures eliminate
fraud-enabling data from being conveyed via the internet during
communications exchanges involved in processing of an internet
purchase transaction. The customer-merchant communication exchange
will not provide fraud-enabling information. The customer-bank
communications exchange will also not provide fraud-enabling data.
Eliminating the transfer of such fraud-enabling information in any
one communications session reduces the risk of fraud in a
fundamental manner which is superior to encryption or coding of
enabling data. Current techniques using only encryption make the
information available but difficult to decipher. In the new
approach financially sensitive, fraud-enabling information is
simply not made available over the internet to the merchant. Fraud
from merchant employees is thus not possible. Current techniques
being used require relay of fraud-enabling information from the
customer to the merchant and then to the bank. This exposes the
sensitive information at least twice to internet interception in a
continuous packet or stream of data. In some prior approaches
additional sensitive information may be communicated in the
responsive communications sent from the bank and merchant.
[0685] Our technology preferably utilizes a three party transaction
information flow concept that provides inherent increased security
and reliability in processing and approving internet purchasing
transactions. In the preferred versions the merchant and bank both
make direct communication with the customer at some time during the
processing and approval of the transaction. This inherently
increases security and reliability because bank has previously set
up the account and is in the most capable position to verify and/or
authenticate the party attempting the purchase. The procedures do
not require simultaneous three party communications. To the
customer in most transactions, it may be configured to seem like
only one communication has occurred because the merchant order is
submitted and then there is an associated confirmation
communication with bank. Such nearly simultaneous three party
communications will keep the amount of time needed between
initiation and completion of the transaction to a minimum and very
similar to existing internet charging using bank charge cards.
[0686] The further developments described above allow the novel
procedures of this is technology to be implemented on existing
merchant and bank card processing systems using some special coding
techniques. This may make implementation very quick and simple and
allow commercialization of this technology at a surprisingly quick
rate.
[0687] The inventions may use flexible verification or
authentication techniques which help to prevent frustrating
unnecessary denial of a legitimate transaction. The new procedures
preferably incorporate multiple verification and authentication
parameters which may be used in the confirmation communications
session in approving a transaction. Under the new technology, if
one parameter cannot be met, then another or others can be used to
greater consideration or to override the missing or non-verifying
parameter. This flexible approach allows the transaction to proceed
despite the absence of a preferred verification parameter or
parameters. For example, if a user is not at their normal computer,
then additional verification parameters may be called upon in
deciding whether to approve or deny the payment request. This
allows systems to deal with the day-to-day variations in people's
lives, working locations, equipment and other factors so that quick
and reliable transaction processing can proceed without getting
tripped up by one missing parameter essential to approval. This may
be extremely important in providing a system which will have a
sufficiently high transaction approval success rate to be
acceptable to customers, merchants and bank.
[0688] Even though a flexible approach can be used, it is still
possible to include essential or weak-link verification parameters
that must be provided to prevent bogus transactions from being
approved. In many implementations of our technology it will be
possible to use preauthorization of shipping address to simplify
verification of a transaction for payment. This may greatly
simplify the verification procedures and shorten processing time
for the bulk of internet sales which are shipped to the customer's
regular addresses. In some implementations of the inventions it is
possible to make shipping address preauthorization mandatory. For
example, with regard to certain classes of accounts (more risky
accounts) it may be preferred to require preauthorization of all
shipping addresses. This may be determined by bank policy and
conceivably could vary not only by customer but by segment of bank
or bank authorized processors handling transaction processing.
Although shipping address preauthorization is preferred, it is not
essential in some implementations. This is a significant
consideration due to the large number of gifts purchased via the
internet for direct shipment to the recipients. In these situations
it is possible to either require preauthorization of the
recipient's address or to use other transaction verification or
authentication parameters during the confirmation session to
overcome the fact that the requested shipping address has not been
preauthorized
[0689] The preferred methods use customer account information
(verification or authentication information) which is preferably
not communicated via the internet in the process of setting up the
account at least with regard to one or more parameters. Since the
customer record includes numerous verification and authentication
fields or parameters, the bank computers will use varying
verification and authentication parameters during the confirmation
session. This variation would make it much more difficult to
fraudulently pass the authentication or verification test during
the confirmation communication exchange between the bank and the
customer. Use of non-internet transmitted information for
authentication or verification has synergistic effects in this
procedure because it eliminates or reduces the possibility of
someone establishing a fraudulent account using only internet
communications. The bank can choose those or additional parameters
which facilitate reliable and accurate assessment of whether the
order was placed by a genuine customer. The
authentication/verification parameters can be selectively increased
or decreased depending on transaction particulars, such as amount,
computer used to confirm, shipping address preauthorization, etc.
The authentication/verification parameters used in one transaction
will in general not be sufficient in another transaction. This
makes the confirmation communication non-enabling to an
intercepting party seeking to perpetrate a fraudulent purchase
transaction. This compliments the similar absence of sufficient
fraud-enabling information in the communication between the
customer and the merchant when the order is submitted to the
merchant. Thus, the procedures frustrate the ability of employees
at the merchant's location, or third parties seeking to intercept
internet transmissions, from having access in any one or more
communication sessions the information needed to perpetrate fraud.
It will also make customer fraud more difficult to successfully
practice
General and Interpretational Explanation
[0690] Various forms and aspects of the invention have been
described. It should be understood that the invention may in
alternative forms include one or more of the aspects or features
shown in one embodiment implemented into another embodiment. Thus
the various combinations of features shown herein can be combined
in such alternative ways to further set is out alternative forms of
the invention.
[0691] The invention has been described in compliance with the
disclosure requirements. In doing so the invention has necessarily
been described in language more or less specific as to structural
and methodical features. However, it is understood that the
invention is not necessarily limited to the specific features shown
and described, since the features and methods disclosed herein
comprise preferred forms of putting the invention into effect, and
cannot describe all options for implementation. The invention is,
therefore, claimed in its various forms or modifications to the
full extent allowed by law.
[0692] Although the present invention has been described with
reference to preferred embodiments, workers skilled in the art will
recognize that changes can be made in form and detail without
departing from the spirit and scope of the present invention.
* * * * *