WO2020099690A1 - Method and system for financing purchases with strengthened client authentication - Google Patents

Method and system for financing purchases with strengthened client authentication Download PDF

Info

Publication number
WO2020099690A1
WO2020099690A1 PCT/ES2018/070742 ES2018070742W WO2020099690A1 WO 2020099690 A1 WO2020099690 A1 WO 2020099690A1 ES 2018070742 W ES2018070742 W ES 2018070742W WO 2020099690 A1 WO2020099690 A1 WO 2020099690A1
Authority
WO
WIPO (PCT)
Prior art keywords
payment
customer
electronic payment
electronic
token
Prior art date
Application number
PCT/ES2018/070742
Other languages
Spanish (es)
French (fr)
Inventor
Daniel Alegre Herrero
Álvaro ALZOLA JÉREZ
José Luis LLAIRÓ CANAL
Carlos ALONSO DE LINAJE
Original Assignee
Financiera Española de Crédito a Distancia EFC, S.A.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Financiera Española de Crédito a Distancia EFC, S.A. filed Critical Financiera Española de Crédito a Distancia EFC, S.A.
Priority to PCT/ES2018/070742 priority Critical patent/WO2020099690A1/en
Priority to FR1912753A priority patent/FR3088747B3/en
Priority to DE202019106383.1U priority patent/DE202019106383U1/en
Priority to ES201931896U priority patent/ES1239905Y/en
Priority to PT11915U priority patent/PT11915Y/en
Publication of WO2020099690A1 publication Critical patent/WO2020099690A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/22Payment schemes or models
    • G06Q20/24Credit schemes, i.e. "pay after"
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • G06Q20/027Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP] involving a payment switch or gateway
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/10Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
    • G06Q20/102Bill distribution or payments
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • G06Q20/204Point-of-sale [POS] network systems comprising interface for record bearing medium or carrier for electronic funds transfer or payment credit
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4012Verifying personal identification numbers [PIN]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/405Establishing or using transaction specific rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • G06Q20/425Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means

Definitions

  • the present invention relates, in general, to the field of security risks related to electronic transactions.
  • the invention relates to a method and system for financing purchases with enhanced customer authentication.
  • the Directive defines that, to ensure the consistent application of this Directive, the Commission should be able to draw on the experience and support of EBA, which develops guidelines and prepares regulatory technical standards for projects on security aspects of payment services.
  • enhanced client authentication that is, authentication based on the use of two or more elements categorized as knowledge (something that only the client knows), possession (something that only the client owns) and inherent (something that the client is) independent, to the extent that one does not compromise the reliability of the others, and is designed in such a way to protect the confidentiality of the authentication data.
  • the present invention focuses on a method for financed purchases that provides the three different elements of the definition for enhanced customer authentication in payment services.
  • International patent application WO2016172541 discloses a system for integrating bank account information (an integration transaction) for use in future transactions that includes a banking device terminal with a card reading device for reading a bank card and device or devices entry to receive a verification entry that associates the bank card with a bank customer.
  • One or more secure bank computing devices receive the bank account information and the verification entry and verify that the bank account information corresponds to the verification entry to authorize the integration transaction.
  • the integration transaction is authorized, at least one secure bank computing device requests a client device identification from a mobile client device to be used for future bank transactions.
  • the secure bank computing device or devices receive the customer device identification and store account data associated with the customer device identification, bank account information and / or verification entry so that they can be used for future bank transactions .
  • this international patent application only refers to simple authentication based on PCI-DSS.
  • United States Patent US7533047 discloses a method and system for securing card payment transactions using a mobile communication device that provides enhanced security in card payment transactions such as credit and debit card transactions.
  • a message is sent to a mobile communication device that has been unambiguously associated with the card.
  • the message can be an interactive message that requires a response from the cardholder for authorization, or it can communicate a one-time personal identification number (PIN) with a required PIN return through the point-of-sale system or device. mobile communications.
  • PIN personal identification number
  • the card issuer or service provider confirms that communication was received and the transaction was authorized by the card owner, further ensuring authorized use of the card.
  • the PIN and / or the interactive message response period may be invalidated after a short time, further improving the security of the transaction.
  • PIN authentication is carried out by sending the key to the mobile communication device by means of a message, therefore it is not an element that only the user knows.
  • United States patent application US2012173348 provides a system and method to facilitate transactions using mobile communications.
  • the method includes receiving, on a computing device, a payment request, the payment request identifying an account identification number issued by a bank to a user, the account identification number representing a user account at the bank; determining, using the computing apparatus, a telephone number associated with the account identification number; and process, by the computer device, the payment request using a source of funds associated with the phone number, the source of funds being different from the bank account identified by the account identification number.
  • any of the telephone number or additional security data is sufficient for payment or, when a card is read, the server then has knowledge of the telephone number that is associated with the number of card. However, in this case the phone number must already have been provided.
  • a first aspect of the present invention provides a method of financing purchases with enhanced client authentication.
  • the method comprises receiving, by an electronic payment device such as a point of sale (POS): (i) the amount of a transaction that includes a purchase made by a customer; (ii) a number of installments in which the client wishes to make the payment of said transaction, said number of installments being linked to a credit institution server; (iii) a telephone number of a telephone device of said client; and (iv) a payment instrument that allows the client to pay the transaction without cash.
  • the method also comprises the generation, by a payment gateway server, external to the electronic payment device and connected to it, of a first information token associated with said payment instrument.
  • the telephone device receives from the electronic payment device a message (for example a short text message (sms), an instant message, an email message or an APP notification, among others) that includes a web address link, for example a URL, that has a second token that identifies the transaction on the credit institution's server.
  • a message for example a short text message (sms), an instant message, an email message or an APP notification, among others
  • the telephone device receives, preferably, from the client, through the web address link, a personal identification number of a client's identity document and an acceptance of the terms and conditions of said credit institution server.
  • the personal identification number can be received either by the customer who dials it directly or by the client taking a photograph of an identification card that includes said number.
  • the electronic payment device receives, preferably from the client, and validates a character string that associates the payment instrument with the client.
  • the payment of one of said terms is made first.
  • the other installments will be made at a later date through an electronic network (that is, in a virtual or electronic commerce environment) using said first generated token, without customer involvement, in accordance with the installment payment agreement.
  • the validation is successful a certain amount of the customer's money can be blocked.
  • the first installment, as well as other installments will be made at a later date in accordance with the installment payment agreement.
  • the first token is generated by the payment gateway server that receives from an decrypted layer of the electronic payment device an encrypted message that includes said information associated with the payment instrument and further decrypts the encrypted message with a symmetric key , which generates the first witness. The first token is then forwarded to the decrypted layer of the electronic payment device.
  • the second token is generated by the credit institution server and particularly comprises an alphanumeric code.
  • the second control has a limited durability of a few hours, preferably less than 5 hours, for example 2 or 3 hours.
  • the payment instrument includes a payment card, which can be virtual or physical, and the character string includes a card identification number such as a PCI-DSS payment card personal identification number (PIN) that is, a trusted customer number provided by the Payment Card Industry ("PCI") that develops a Data Security Standard (DSS).
  • PIN PCI-DSS payment card personal identification number
  • DSS Data Security Standard
  • the payment instrument may include a biometric proof of the customer directly linked to a customer's bank account and not associated with a payment card, for example a fingerprint, a face, an iris, a voice, etc. .
  • a second aspect of the present invention provides a system for financing purchases with enhanced client authentication.
  • the proposed system comprises an electronic payment device such as a POS; a payment gateway server, external to the electronic payment device and configured to communicate with it; and a customer's telephone device configured to communicate with the electronic payment device.
  • the electronic payment device has one or more interfaces / units / elements to receive the amount of a transaction that includes a purchase made by said customer; receive a number of installments in which the customer wants the payment of said transaction to be made, in which said number of installments is linked to a credit institution server; receive a phone number from said phone device; and receive a payment instrument that allows the customer to pay for the transaction without cash.
  • the payment gateway server is adapted and configured to generate a first information token associated with the cited payment instrument.
  • the telephone device has one or more interfaces / units / elements to receive a message (for example an sms) that includes a web address link after said payment instrument is received by the electronic payment device, including the link of web address a second token that identifies the transaction on the credit institution server; and to receive a personal identification number from a customer identity document and an acceptance of the terms and conditions of said credit institution server through the web address link.
  • a message for example an sms
  • the electronic payment device after these terms and conditions are accepted, is configured to receive a character string that associates the payment instrument with the customer through said one or more interfaces / units / elements, so that the payment of the transaction after the character string is successfully validated by the electronic payment device.
  • acceptance of payment includes payment of a first of said installments, in which the other installments will be made at a later date through an electronic network using the first generated token, without user involvement.
  • the one or more interfaces of the electronic payment device include a numeric keypad, a touch panel, or a voice interface, among others.
  • the present invention allows, through the combination of two processes: payment for a On the one hand, and the contracting of financing on the other, to finalize a process of purchasing goods and services using the highest level of authentication through online processes and with a minimum time between the beginning and the end of the transaction.
  • the invention is developed in two different environments: a physical environment and an electronic commerce environment.
  • the entire method also provides a faster and more secure way to get the transaction done because the method involves enhanced client authentication on non-virtual computing devices throughout the entire electronic transaction, including both the payment transaction and digital contracts.
  • it guarantees a high degree of security in the transaction, since it allows improved client authentication through the combined use of the three identification elements referred to in the EU Directive 2015/2366 in payment services in the Internal market.
  • reinforced / reinforced client authentication is based on the combined use of two or more elements of the type:
  • KNOWLEDGE Something that only the client knows (KNOWLEDGE); in the case of the present invention, the character string (PIN, password, etc. only known by the customer) that associates the payment instrument with the customer.
  • the personal identification number of an identity document such as the DNI number for Spanish citizens, or equivalent as used in other countries.
  • the present invention allows authentication to be done by combining these three elements (and not just two of the three as requested by the aforementioned EU Directive), which covers the process with optimal security in terms of authentication, without undue delay, in an easy and simple process for the constituent parts of the process.
  • Figure 1 illustrates a conceptual illustration of the present invention and relationship between the different elements.
  • Figure 2 illustrates a method flow diagram of a method for financing purchases with enhanced customer authentication, in accordance with an embodiment of the present invention.
  • Figure 1 shows a concept of the proposed system embodiment with the different elements used to provide enhanced client authentication.
  • the system comprises a client 1 that has a telephone device 10; an electronic payment device 100 of a merchant, such as a POS, specially modified for the objects of the invention; a payment gateway server 30; and a credit institution server 40 (ie a party interested in offering financing so that client 1 can obtain a good or service in which he / she is interested.
  • This financing is formalized directly between the credit institution server 40 and client 1 by means of a formalized contract between the parties).
  • the electronic payment device 100 can communicate with the payment gateway server 30 (and vice versa) and with the credit institution server 40 (and vice versa) through an electronic communication network 25 such as the Internet.
  • the electronic payment device 100 can also establish communication with the telephone device 10, for example through a messaging service or an instant messaging platform through the Internet, among others.
  • FIG. 2 shows an embodiment of the process flow to provide enhanced client authentication on electronic payment device 100. That is, to provide independent elements of knowledge, possession, and inheritance that satisfy the aforementioned EU security directive.
  • the electronic payment device 100 receives by means of a numeric keypad, a touch panel or a voice interface thereof the amount of a transaction such as a purchase made by the customer 1.
  • the electronic payment device 100 receives the number of installments in which the customer 1 wants the payment to be made payment of the transaction. For example, for a purchase of € 500, he / she may decide to split the transaction into 5 installments of € 100 each.
  • electronic payment device 100 additionally receives customer's phone number 1 and a payment instrument that allows customer 1 to pay for the transaction without cash.
  • the payment gateway server 30 generates a first information token associated with the payment instrument.
  • the electronic payment device 100 has a decrypted layer to handle non-confidential information such as the customer's phone number 1, amount of the transaction or number of installments; and an encrypted layer to manage the information associated with the payment instrument such as expiration date, number or owner.
  • the present invention prior to the execution of step 201, develops a new information transfer functionality that allows said information associated with the payment instrument to be 'made in the form of a token' to make the following recurring financial service payments in a virtual (non-physical) environment.
  • the encrypted layer of the electronic payment device 100 and the payment gateway server 30 exchange "symmetric encryption keys" that allow said information associated with the payment instrument to be sent to the payment gateway server 30 without being modify or capture the information by third parties.
  • the encrypted layer of the electronic payment device 100 sends an encrypted message to the decrypted layer. Since the decrypted layer cannot decrypt the message, it forwards the message to the payment gateway server 30.
  • the payment gateway server decrypts the message with the previously exchanged symmetric key, generates the first token, and returns the first generated token to the decrypted layer of the electronic payment device 100.
  • This first token which includes any other data that may have been processed by the new implemented functionality, is further transmitted to the credit institution server 40.
  • the credit institution server 40 relates the information that it enables the financial contract to be generated by customer 1 and the INE (that is, a mandatory pre-contractual European standard information document).
  • step 206 customer 1 receives on the mobile phone 10 a message, for example an sms, which includes a web address link and a second token (or identifier) that identifies the transaction on the credit institution server 40.
  • the second token comprises an alphanumeric code and has a limited durability of a few hours, for example 2 hours.
  • customer 1 accesses a website where he / she can obtain the terms and conditions on the financial operation provided by the credit institution server 40.
  • the invention will require, step 207, a personal identification number of a customer identity document 1, then a scoring process will take place. If Client 1 is qualified for the financial operation, he / she will have to sign their corresponding part of the electronic contract with that same mobile phone 10.
  • the scoring and result data processed on the server of the credit institution server are sent to the electronic payment 100.
  • step 208 a string of characters associating the payment instrument with the customer 1, so that the first part of the payment process will be completed, as well as the authentication of the customer.
  • Client 1 can achieve a financial operation in a few stages. Client 1 should only use the merchant's electronic payment device 100 for the first payment process (i.e. the first installment payment) since the rest of the installments will be paid by client 1 to the credit institution server 40. On the first installment being made, the credit institution server 40 ends or accepts its corresponding part of the electronic contract. Client 1 would conclude the process in agreement with the credit institution server 40 through its own mobile phone 10.
  • the first installment payment would be made in two stages. Because the client 1 has signed the legal agreement with the credit institution server 40 through his mobile phone 10; the credit institution server 40 will make the payment of the total amount to the merchant on behalf of the customer 1. This payment will take place once the customer 1 enters the string in the electronic payment device 100 (in the example given: € 500). At the same time, customer 1 will pay through that electronic payment device 100 the first installment in accordance with the installment payment agreement that customer 1 has selected before and was later confirmed during the signing agreement. This first installment will be paid by customer 1 to the credit institution server 40 directly through the electronic payment device 100 (in the example given: € 100).
  • the acceptance of the payment that is, the correct validation of the character string, instead of including the payment of the first installment, only includes the blocking of a certain amount of money from the client 1.
  • the first term will be made when the first due date arrives and thus the rest of the terms.
  • the server of the credit institution 40 ends or accepts its corresponding part of the electronic contract.
  • the result of said acceptance can be sent to the telephone device 10 by means of an sms message confirming the financing to the client 1.
  • the payment instrument includes a payment card, either virtual or physical, and the character string includes a PIN number.
  • the payment instrument may include a biometric proof of the customer, for example a fingerprint, among others.

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Cash Registers Or Receiving Machines (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention relates to a method and system for financing purchases with strengthened client authentication, wherein an electronic payment device receives the amount of the transaction, a number of installments for the payment of the transaction, the telephone number of a client's telephone device, and a payment instrument. A gateway payment server generates a first information token associated with the payment instrument. Next, the telephone device receives a message that includes a web address link containing a second token that identifies the transaction in a credit institution server, a personal identification number of the client, and an acceptance of the terms and conditions of the credit institution server. The payment device receives a character string that associates the payment instrument with the client. The acceptance of payment includes the payment of a first installment, the other installments being paid at a later date using the first token, without the involvement of the user.

Description

Método v sistema para financiar compras con autenticación reforzada de cliente  Method v system to finance purchases with enhanced client authentication
Campo de la técnica Field of technique
La presente invención se refiere, en general, al campo de riesgos de seguridad relacionados con transacciones electrónicas. En particular, la invención se refiere a un método y sistema para financiar compras con autenticación reforzada de cliente. The present invention relates, in general, to the field of security risks related to electronic transactions. In particular, the invention relates to a method and system for financing purchases with enhanced customer authentication.
Antecedentes de la invención Background of the Invention
El progreso significativo del marco legal en servicios de pago y, en particular, nuevos productos o servicios de pago ha mostrado que los desarrollos han sufrido desafíos significativos desde una perspectiva reglamentaria. Significant progress in the legal framework for payment services, and in particular new payment products or services, has shown that developments have faced significant challenges from a regulatory perspective.
En ese contexto, la Unión Europea ha adoptado la directiva (EU) 2015/2366 para pagos electrónicos seguros en un mercado integrado. In this context, the European Union has adopted directive (EU) 2015/2366 for secure electronic payments in an integrated market.
En particular, la Directiva define que, para asegurar la aplicación consistente de esta Directiva, la Comisión debería poder basarse en la experiencia y soporte de EBA, que elabora directrices y prepara normas técnicas reglamentarias de proyectos sobre aspectos de seguridad de servicios de pago. En particular con respecto a autenticación reforzada de cliente, es decir, una autenticación basada en el uso de dos o más elementos categorizados como conocimiento (algo que únicamente el cliente conoce), posesión (algo que únicamente el cliente posee) e inherencia (algo que el cliente es) que son independientes, en la medida en que uno no compromete la fiabilidad de los otros, y está diseñado de tal manera para proteger la confidencialidad de los datos de autenticación. In particular, the Directive defines that, to ensure the consistent application of this Directive, the Commission should be able to draw on the experience and support of EBA, which develops guidelines and prepares regulatory technical standards for projects on security aspects of payment services. In particular with regard to enhanced client authentication, that is, authentication based on the use of two or more elements categorized as knowledge (something that only the client knows), possession (something that only the client owns) and inherent (something that the client is) independent, to the extent that one does not compromise the reliability of the others, and is designed in such a way to protect the confidentiality of the authentication data.
La presente invención se centra en un método para compras financiadas que proporciona los tres elementos diferentes de la definición para autenticación reforzada de cliente en servicios de pago. The present invention focuses on a method for financed purchases that provides the three different elements of the definition for enhanced customer authentication in payment services.
Existen algunas patentes o solicitudes de patente conocidas en este campo técnico. There are some known patents or patent applications in this technical field.
La solicitud de patente internacional WO2016172541 desvela un sistema para integrar información de cuenta bancaria (una transacción de integración) para usarse en transacciones futuras que incluye un terminal de dispositivo de banca con un dispositivo de lectura de tarjeta para leer una tarjeta bancaria y dispositivo o dispositivos de entrada para recibir una entrada de verificación que asocia la tarjeta bancaria con un cliente bancario. Uno o más dispositivos informáticos de banco seguros reciben la información de cuenta bancaria y la entrada de verificación y verifican que la información de cuenta bancaria corresponde con la entrada de verificación para autorizar la transacción de integración. Cuando la transacción de integración está autorizada, al menos un dispositivo informático de banco seguro solicita una identificación de dispositivo de cliente de un dispositivo de cliente móvil para que se use para transacciones bancarias futuras. El dispositivo o dispositivos informáticos de banco seguros reciben la identificación de dispositivo de cliente y almacenan datos de cuenta asociados con la identificación de dispositivo de cliente, la información de cuenta bancaria y/o la entrada de verificación de modo que pueden usarse para transacciones bancarias futuras. Es decir, esta solicitud de patente internacional únicamente se refiere a una autenticación sencilla basándose en PCI-DSS. International patent application WO2016172541 discloses a system for integrating bank account information (an integration transaction) for use in future transactions that includes a banking device terminal with a card reading device for reading a bank card and device or devices entry to receive a verification entry that associates the bank card with a bank customer. One or more secure bank computing devices receive the bank account information and the verification entry and verify that the bank account information corresponds to the verification entry to authorize the integration transaction. When the integration transaction is authorized, at least one secure bank computing device requests a client device identification from a mobile client device to be used for future bank transactions. The secure bank computing device or devices receive the customer device identification and store account data associated with the customer device identification, bank account information and / or verification entry so that they can be used for future bank transactions . In other words, this international patent application only refers to simple authentication based on PCI-DSS.
La Patente de Estados Unidos US7533047 desvela un método y sistema para asegurar transacciones de pago de tarjeta usando un dispositivo de comunicación móvil que proporciona seguridad mejorada en transacciones de pago de tarjeta tal como transacciones de tarjeta de crédito y débito. Tras la recepción de una transacción en el emisor de tarjeta u otro proveedor de servicio, se envía un mensaje a un dispositivo de comunicación móvil que se ha asociado de manera inequívoca con la tarjeta. El mensaje puede ser un mensaje interactivo que requiere respuesta por el propietario de la tarjeta para autorización, o puede comunicar un número de identificación personal (PIN) de un solo uso con retorno de PIN requerido mediante el sistema de punto de ventas o el dispositivo de comunicaciones móvil. En cada transacción, el emisor de la tarjeta o proveedor de servicio confirma que la comunicación se recibió y la transacción se autorizó por el propietario de la tarjeta, asegurando adicionalmente el uso autorizado de la tarjeta. El PIN y/o el periodo de respuesta de mensaje interactivo pueden invalidarse después de un breve tiempo, mejorando adicionalmente la seguridad de la transacción. Es decir, en esta patente la autenticación del PIN se realiza enviando la clave al dispositivo de comunicación móvil mediante un mensaje, por lo tanto no es un elemento que únicamente conoce el usuario. United States Patent US7533047 discloses a method and system for securing card payment transactions using a mobile communication device that provides enhanced security in card payment transactions such as credit and debit card transactions. Upon receipt of a transaction at the card issuer or other service provider, a message is sent to a mobile communication device that has been unambiguously associated with the card. The message can be an interactive message that requires a response from the cardholder for authorization, or it can communicate a one-time personal identification number (PIN) with a required PIN return through the point-of-sale system or device. mobile communications. In each transaction, the card issuer or service provider confirms that communication was received and the transaction was authorized by the card owner, further ensuring authorized use of the card. The PIN and / or the interactive message response period may be invalidated after a short time, further improving the security of the transaction. In other words, in this patent, PIN authentication is carried out by sending the key to the mobile communication device by means of a message, therefore it is not an element that only the user knows.
La solicitud de patente de Estados Unidos US2012173348 proporciona un sistema y método para facilitar transacciones mediante comunicaciones móviles. El método incluye recibir, en un aparato informático, una solicitud de pago, identificando la solicitud de pago un número de identificación de cuenta emitido por un banco a un usuario, representando el número de identificación de cuenta una cuenta del usuario en el banco; determinar, usando el aparato informático, un número de teléfono asociado con el número de identificación de cuenta; y procesar, por el aparato informático, la solicitud de pago usando un origen de fondos asociado con el número de teléfono, siendo la fuente de fondos diferente de la cuenta en el banco identificada por el número de identificación de cuenta. A diferencia de la presente invención, en este documento cualquiera del número de teléfono o los datos de seguridad adicionales son suficientes para el pago o, cuando se lee una tarjeta, a continuación el servidor tiene conocimiento del número de teléfono que está asociado al número de tarjeta. Sin embargo, en este caso el número de teléfono ya debe haberse proporcionado. United States patent application US2012173348 provides a system and method to facilitate transactions using mobile communications. The method includes receiving, on a computing device, a payment request, the payment request identifying an account identification number issued by a bank to a user, the account identification number representing a user account at the bank; determining, using the computing apparatus, a telephone number associated with the account identification number; and process, by the computer device, the payment request using a source of funds associated with the phone number, the source of funds being different from the bank account identified by the account identification number. Unlike the present invention, in this document any of the telephone number or additional security data is sufficient for payment or, when a card is read, the server then has knowledge of the telephone number that is associated with the number of card. However, in this case the phone number must already have been provided.
Sin embargo, ninguno de estos documentos de las técnicas anteriores proporciona un método, y sistema, que proporcione autenticación reforzada de cliente según se define en la Directiva de la EU anteriormente mencionada 2015/2366. Son por lo tanto necesarias nuevas soluciones para proporcionar autenticación reforzada de cliente en pagos financiados. However, none of these prior art documents provides a method, and system, that provides enhanced client authentication as defined in the aforementioned EU Directive 2015/2366. Therefore new solutions are necessary to provide enhanced customer authentication on funded payments.
Descripción de la invención Description of the Invention
Para este fin, un primer aspecto de la presente invención proporciona un método para financiar compras con autenticación reforzada de cliente. El método comprende recibir, por un dispositivo de pago electrónico tal como un punto de venta (POS): (i) la cantidad de una transacción que incluye una compra realizada por un cliente; (ii) un número de plazos en los que el cliente desea hacer el pago de dicha transacción, estando vinculado dicho número de plazos a un servidor de entidad de crédito; (iii) un número de teléfono de un dispositivo de teléfono de dicho cliente; y (iv) un instrumento de pago que permite que el cliente pague la transacción sin efectivo. El método también comprende la generación, por un servidor de pasarela de pagos, externo al dispositivo de pago electrónico y conectado al mismo, de un primer testigo de información asociado a dicho instrumento de pago. To this end, a first aspect of the present invention provides a method of financing purchases with enhanced client authentication. The method comprises receiving, by an electronic payment device such as a point of sale (POS): (i) the amount of a transaction that includes a purchase made by a customer; (ii) a number of installments in which the client wishes to make the payment of said transaction, said number of installments being linked to a credit institution server; (iii) a telephone number of a telephone device of said client; and (iv) a payment instrument that allows the client to pay the transaction without cash. The method also comprises the generation, by a payment gateway server, external to the electronic payment device and connected to it, of a first information token associated with said payment instrument.
Después de que se reciba dicho instrumento de pago por el dispositivo de pago electrónico, el dispositivo de teléfono recibe desde el dispositivo de pago electrónico un mensaje (por ejemplo un mensaje corto de texto (sms), un mensaje instantáneo, un mensaje de correo electrónico o una notificación de APP, entre otros) que incluye un enlace de dirección web, por ejemplo un URL, que tiene un segundo testigo que identifica la transacción en el servidor de entidad de crédito. En ese momento, el dispositivo de teléfono recibe, preferentemente, desde el cliente, mediante el enlace de dirección web, un número de identificación personal de un documento de identidad del cliente y una aceptación de los términos y condiciones de dicho servidor de entidad de crédito. De acuerdo con la invención, el número de identificación personal puede ser recibido bien por el cliente que directamente lo marca o por el cliente tomando una fotografía de una tarjeta de identificación que incluya dicho número. After said payment instrument is received by the electronic payment device, the telephone device receives from the electronic payment device a message (for example a short text message (sms), an instant message, an email message or an APP notification, among others) that includes a web address link, for example a URL, that has a second token that identifies the transaction on the credit institution's server. At that time, the telephone device receives, preferably, from the client, through the web address link, a personal identification number of a client's identity document and an acceptance of the terms and conditions of said credit institution server. . According to the invention, the personal identification number can be received either by the customer who dials it directly or by the client taking a photograph of an identification card that includes said number.
Cuando se aceptan los términos y condiciones, el dispositivo de pago electrónico recibe, preferentemente desde el cliente, y valida una cadena de caracteres que asocia el instrumento de pago con el cliente. When the terms and conditions are accepted, the electronic payment device receives, preferably from the client, and validates a character string that associates the payment instrument with the client.
En una realización, si la validación es correcta (es decir la cadena de caracteres es válida/correcta) se realiza el pago de uno primero de dichos plazos. Los otros plazos se realizarán a una fecha posterior a través de una red electrónica (es decir en un entorno virtual o de comercio electrónico) usando dicho primer testigo generado, sin implicación del cliente, conforme con el acuerdo de pago a plazos. Alternativamente, si la validación es correcta puede bloquearse una cierta cantidad del dinero del cliente. En este caso, el primer plazo, así como otros plazos, serán realizados en una fecha posterior conforme al acuerdo de pago a plazos. In one embodiment, if the validation is correct (that is, the character string is valid / correct), the payment of one of said terms is made first. The other installments will be made at a later date through an electronic network (that is, in a virtual or electronic commerce environment) using said first generated token, without customer involvement, in accordance with the installment payment agreement. Alternatively, if the validation is successful a certain amount of the customer's money can be blocked. In this case, the first installment, as well as other installments, will be made at a later date in accordance with the installment payment agreement.
En una realización, el primer testigo se genera por el servidor de pasarela de pagos que recibe desde una capa desencriptada del dispositivo de pago electrónico un mensaje cifrado que incluye dicha información asociada al instrumento de pago y que descifra adicionalmente el mensaje cifrado con una clave simétrica, que genera el primer testigo. El primer testigo se reenvía a continuación a la capa desencriptada del dispositivo de pago electrónico. In one embodiment, the first token is generated by the payment gateway server that receives from an decrypted layer of the electronic payment device an encrypted message that includes said information associated with the payment instrument and further decrypts the encrypted message with a symmetric key , which generates the first witness. The first token is then forwarded to the decrypted layer of the electronic payment device.
De acuerdo con la invención, el segundo testigo se genera por el servidor de entidad de crédito y particularmente comprende un código alfanumérico. En una realización, el segundo testigo tiene una durabilidad limitada de unas pocas horas, preferentemente menos de 5 horas, por ejemplo 2 o 3 horas. In accordance with the invention, the second token is generated by the credit institution server and particularly comprises an alphanumeric code. In one embodiment, the second control has a limited durability of a few hours, preferably less than 5 hours, for example 2 or 3 hours.
En particular, el instrumento de pago incluye una tarjeta de pago, que puede ser virtual o física, y la cadena de caracteres incluye un número de identificación de tarjeta tal como un número de identificación personal (PIN) de tarjeta de pago de PCI-DSS, es decir un número de cliente de confianza proporcionado por la Industria de las Tarjetas de Pago (“PCI”) que desarrolla una Norma de Seguridad de Datos (DSS). En otras realizaciones, el instrumento de pago puede incluir una prueba biométrica del cliente directamente vinculada a una cuenta bancaria del cliente y que no está asociada a una tarjeta de pago, por ejemplo una huella digital, una cara, un iris, una voz, etc. In particular, the payment instrument includes a payment card, which can be virtual or physical, and the character string includes a card identification number such as a PCI-DSS payment card personal identification number (PIN) that is, a trusted customer number provided by the Payment Card Industry ("PCI") that develops a Data Security Standard (DSS). In other embodiments, the payment instrument may include a biometric proof of the customer directly linked to a customer's bank account and not associated with a payment card, for example a fingerprint, a face, an iris, a voice, etc. .
Un segundo aspecto de la presente invención proporciona un sistema para financiar compras con autenticación reforzada de cliente. El sistema propuesto comprende un dispositivo de pago electrónico tal como un POS; un servidor de pasarela de pagos, externo al dispositivo de pago electrónico y configurado para comunicar con el mismo; y un dispositivo de teléfono de un cliente configurado para comunicar con el dispositivo de pago electrónico. A second aspect of the present invention provides a system for financing purchases with enhanced client authentication. The proposed system comprises an electronic payment device such as a POS; a payment gateway server, external to the electronic payment device and configured to communicate with it; and a customer's telephone device configured to communicate with the electronic payment device.
De acuerdo con el segundo aspecto de la invención el dispositivo de pago electrónico tiene una o más interfaces/unidades/elementos para recibir la cantidad de una transacción que incluye una compra realizada por dicho cliente; recibir un número de plazos en los que el cliente desea que se haga el pago de dicha transacción, en el que dicho número de plazos está vinculado a un servidor de entidad de crédito; recibir un número de teléfono de dicho dispositivo de teléfono; y recibir un instrumento de pago que permite que el cliente pague la transacción sin efectivo. El servidor de pasarela de pagos está adaptado y configurado para generar un primer testigo de información asociado con el instrumento de pago citado. El dispositivo de teléfono tiene una o más interfaces/unidades/elementos para recibir un mensaje (por ejemplo un sms) que incluye un enlace de dirección web después de que se reciba dicho instrumento de pago por el dispositivo de pago electrónico, incluyendo el enlace de dirección web un segundo testigo que identifica la transacción en el servidor de entidad de crédito; y para recibir un número de identificación personal de un documento de identidad del cliente y una aceptación de los términos y condiciones de dicho servidor de entidad de crédito mediante el enlace de dirección web. According to the second aspect of the invention, the electronic payment device has one or more interfaces / units / elements to receive the amount of a transaction that includes a purchase made by said customer; receive a number of installments in which the customer wants the payment of said transaction to be made, in which said number of installments is linked to a credit institution server; receive a phone number from said phone device; and receive a payment instrument that allows the customer to pay for the transaction without cash. The payment gateway server is adapted and configured to generate a first information token associated with the cited payment instrument. The telephone device has one or more interfaces / units / elements to receive a message (for example an sms) that includes a web address link after said payment instrument is received by the electronic payment device, including the link of web address a second token that identifies the transaction on the credit institution server; and to receive a personal identification number from a customer identity document and an acceptance of the terms and conditions of said credit institution server through the web address link.
El dispositivo de pago electrónico, después de que se acepten dichos términos y condiciones, está configurado para recibir una cadena de caracteres que asocia el instrumento de pago con el cliente mediante dicha una o más interfaces/unidades/elementos, de modo que se acepta el pago de la transacción después de que se valide correctamente la cadena de caracteres por el dispositivo de pago electrónico. The electronic payment device, after these terms and conditions are accepted, is configured to receive a character string that associates the payment instrument with the customer through said one or more interfaces / units / elements, so that the payment of the transaction after the character string is successfully validated by the electronic payment device.
En una realización, la aceptación del pago incluye el pago de uno primero de dichos plazos, en el que los otros plazos se realizarán a una fecha posterior a través de una red electrónica usando el primer testigo generado, sin implicación del usuario. In one embodiment, acceptance of payment includes payment of a first of said installments, in which the other installments will be made at a later date through an electronic network using the first generated token, without user involvement.
En una realización, la una o más interfaces del dispositivo de pago electrónico incluyen un teclado numérico, un panel táctil o una interfaz de voz, entre otros. In one embodiment, the one or more interfaces of the electronic payment device include a numeric keypad, a touch panel, or a voice interface, among others.
La presente invención permite, a través de la combinación de dos procesos: pago por un lado, y la contratación de financiación por el otro, para finalizar un proceso de compra bienes y servicios usando el nivel más alto de autenticación mediante procesos en línea y con un tiempo mínimo entre el comienzo y el final de la transacción. The present invention allows, through the combination of two processes: payment for a On the one hand, and the contracting of financing on the other, to finalize a process of purchasing goods and services using the highest level of authentication through online processes and with a minimum time between the beginning and the end of the transaction.
Por otra parte, la invención está desarrollada en dos entornos diferentes: un entorno físico y un entorno de comercio electrónico. Todo el método proporciona también una manera más rápida y más segura para conseguir que se haga la transacción debido a que el método implica la autenticación reforzada del cliente en dispositivos informáticos no virtuales durante la totalidad de la transacción electrónica, incluyendo tanto la transacción de pago como los contratos digitales. Además, garantiza un alto grado de seguridad en la transacción, ya que permite autenticación de cliente mejorada a través del uso combinado de los tres elementos de identificación a los que se hace referencia en la Directiva de EU 2015/2366 en servicios de pago en el Mercado Interno. Furthermore, the invention is developed in two different environments: a physical environment and an electronic commerce environment. The entire method also provides a faster and more secure way to get the transaction done because the method involves enhanced client authentication on non-virtual computing devices throughout the entire electronic transaction, including both the payment transaction and digital contracts. In addition, it guarantees a high degree of security in the transaction, since it allows improved client authentication through the combined use of the three identification elements referred to in the EU Directive 2015/2366 in payment services in the Internal market.
Además, la presente invención se centra en un método, y sistema correspondiente, que verifican los tres elementos de la definición de autenticación de cliente mejorada. De acuerdo con dicha normativa, la autenticación de cliente reforzada/reforzada está basada en el uso combinado de dos o más elementos del tipo: Furthermore, the present invention focuses on a method, and corresponding system, that verify the three elements of the definition of improved client authentication. In accordance with said regulations, reinforced / reinforced client authentication is based on the combined use of two or more elements of the type:
- Algo que únicamente el cliente conoce (CONOCIMIENTO); en el caso de la presente invención la cadena de caracteres (PIN, clave, etc. solo conocidos por el cliente) que asocia el instrumento de pago con el cliente. - Something that only the client knows (KNOWLEDGE); in the case of the present invention, the character string (PIN, password, etc. only known by the customer) that associates the payment instrument with the customer.
- Algo que únicamente el cliente posee (POSESIÓN); en el caso de la presente invención el número de teléfono. - Something that only the client has (POSSESSION); in the case of the present invention the telephone number.
- Algo que únicamente el cliente es (INHERENCIA); en el caso de la presente invención el número de identificación personal de un documento de identidad, tal como el número de DNI para ciudadanos españoles, o equivalente según se usa en otros países. - Something that only the client is (INHERENCE); in the case of the present invention, the personal identification number of an identity document, such as the DNI number for Spanish citizens, or equivalent as used in other countries.
La presente invención permite que se haga la autenticación por medio de la combinación de dichos tres elementos (y no únicamente de dos de los tres como pide la Directiva de la EU mencionada), que cubre el proceso con una seguridad óptima en términos de autenticación, sin retardos indebidos, en un proceso fácil y sencillo para las partes constitutivas del proceso. The present invention allows authentication to be done by combining these three elements (and not just two of the three as requested by the aforementioned EU Directive), which covers the process with optimal security in terms of authentication, without undue delay, in an easy and simple process for the constituent parts of the process.
Breve descripción de los dibujos Las anteriores y otras ventajas y características se entenderán más profundamente a partir de la siguiente descripción detallada de las realizaciones, con referencia a las figuras adjuntas, que deben considerarse de una manera ilustrativa y no limitante, en las que: Brief description of the drawings The foregoing and other advantages and features will be more fully understood from the following detailed description of the embodiments, with reference to the accompanying figures, which should be considered in an illustrative and not limiting manner, in which:
La Figura 1 ilustra una ilustración conceptual de la presente invención y relación entre los diferentes elementos. Figure 1 illustrates a conceptual illustration of the present invention and relationship between the different elements.
La Figura 2 ilustra un diagrama de flujo de método de un método para financiar compras con autenticación reforzada de cliente, de acuerdo con una realización de la presente invención. Figure 2 illustrates a method flow diagram of a method for financing purchases with enhanced customer authentication, in accordance with an embodiment of the present invention.
Descripción detallada de la invención y de varias realizaciones Detailed description of the invention and various embodiments
La Figura 1 muestra un concepto de la realización del sistema propuesto con los diferentes elementos usados para proporcionar autenticación reforzada de cliente. Como puede observarse en la figura, el sistema comprende un cliente 1 que tiene un dispositivo de teléfono 10; un dispositivo de pago electrónico 100 de un mercante, tal como un POS, especialmente modificado para los objetos de la invención; un servidor de pasarela de pagos 30; y un servidor de entidad de crédito 40 (es decir una parte interesada en ofrecer financiación de modo que el cliente 1 puede obtener un bien o servicio en el que él/ella está interesado. Esta financiación se formaliza directamente entre el servidor de entidad de crédito 40 y el cliente 1 por medio de un contrato formalizado entre las partes). Figure 1 shows a concept of the proposed system embodiment with the different elements used to provide enhanced client authentication. As can be seen in the figure, the system comprises a client 1 that has a telephone device 10; an electronic payment device 100 of a merchant, such as a POS, specially modified for the objects of the invention; a payment gateway server 30; and a credit institution server 40 (ie a party interested in offering financing so that client 1 can obtain a good or service in which he / she is interested. This financing is formalized directly between the credit institution server 40 and client 1 by means of a formalized contract between the parties).
El dispositivo de pago electrónico 100 puede comunicar con el servidor de pasarela de pagos 30 (y viceversa) y con el servidor de entidad de crédito 40 (y viceversa) mediante una red de comunicaciones electrónica 25 tal como Internet. El dispositivo de pago electrónico 100 puede también establecer comunicación con el dispositivo de teléfono 10, por ejemplo mediante un servicio de mensajería o una plataforma de mensajería instantánea mediante la Internet, entre otros. The electronic payment device 100 can communicate with the payment gateway server 30 (and vice versa) and with the credit institution server 40 (and vice versa) through an electronic communication network 25 such as the Internet. The electronic payment device 100 can also establish communication with the telephone device 10, for example through a messaging service or an instant messaging platform through the Internet, among others.
La Figura 2 muestra una realización del flujo de proceso para proporcionar autenticación reforzada de cliente en el dispositivo de pago electrónico 100. Es decir, para proporcionar elementos independientes de conocimiento, posesión e inherencia que satisfacen la directiva de la EU de seguridad anteriormente mencionada. De acuerdo con esta realización, en la etapa 201 , el dispositivo de pago electrónico 100 recibe mediante un teclado numérico, un panel táctil o una interfaz de voz del mismo la cantidad de una transacción tal como una compra realizada por el cliente 1. A continuación, en la etapa 202, el dispositivo de pago electrónico 100 recibe el número de plazos en los que el cliente 1 desea que se haga el pago de la transacción. Por ejemplo, para una compra de 500€, él/ella puede decidir fraccionar la transacción en 5 plazos de 100€ cada uno. En las etapas 203 y 204, el dispositivo de pago electrónico 100 recibe adicionalmente el número de teléfono del cliente 1 y un instrumento de pago que permite que el cliente 1 pague la transacción sin efectivo. A continuación, en la etapa 205, el servidor de pasarela de pagos 30 genera un primer testigo de información asociado al instrumento de pago. Figure 2 shows an embodiment of the process flow to provide enhanced client authentication on electronic payment device 100. That is, to provide independent elements of knowledge, possession, and inheritance that satisfy the aforementioned EU security directive. According to this embodiment, in step 201, the electronic payment device 100 receives by means of a numeric keypad, a touch panel or a voice interface thereof the amount of a transaction such as a purchase made by the customer 1. Next , in step 202, the electronic payment device 100 receives the number of installments in which the customer 1 wants the payment to be made payment of the transaction. For example, for a purchase of € 500, he / she may decide to split the transaction into 5 installments of € 100 each. In steps 203 and 204, electronic payment device 100 additionally receives customer's phone number 1 and a payment instrument that allows customer 1 to pay for the transaction without cash. Next, in step 205, the payment gateway server 30 generates a first information token associated with the payment instrument.
De acuerdo con la invención, el dispositivo de pago electrónico 100 tiene una capa desencriptada para manejar información no confidencial tal como el número de teléfono del cliente 1 , cantidad de la transacción o número de plazos; y una capa encriptada para manejar la información asociada al instrumento de pago tal como fecha de caducidad, número o titular. In accordance with the invention, the electronic payment device 100 has a decrypted layer to handle non-confidential information such as the customer's phone number 1, amount of the transaction or number of installments; and an encrypted layer to manage the information associated with the payment instrument such as expiration date, number or owner.
Además, para permitir la generación de dicho primer testigo, la presente invención antes de la ejecución de la etapa 201 , desarrolla una nueva funcionalidad de transferencia de información que permite que dicha información asociada al instrumento de pago se‘haga en forma de testigo’ para hacer los siguientes pagos recurrentes del servicio financiero en un entorno virtual (no físico). Para este fin, la capa encriptada del dispositivo de pago electrónico 100 y el servidor de pasarela de pagos 30 intercambian“claves de encriptación simétricas” que permiten que se envíe dicha información asociada al instrumento de pago al servidor de pasarela de pagos 30 sin que se modifique o capture la información por terceras partes. Furthermore, to allow the generation of said first token, the present invention, prior to the execution of step 201, develops a new information transfer functionality that allows said information associated with the payment instrument to be 'made in the form of a token' to make the following recurring financial service payments in a virtual (non-physical) environment. For this purpose, the encrypted layer of the electronic payment device 100 and the payment gateway server 30 exchange "symmetric encryption keys" that allow said information associated with the payment instrument to be sent to the payment gateway server 30 without being modify or capture the information by third parties.
Por lo tanto, tras haber recibido el dispositivo de pago electrónico 100 el instrumento de pago, la capa encriptada del dispositivo de pago electrónico 100 envía un mensaje cifrado a la capa desencriptada. Puesto que la capa desencriptada no puede descifrar el mensaje, reenvía el mensaje al servidor de pasarela de pagos 30. El servidor de pasarela de pagos descifra el mensaje con la clave simétrica previamente intercambiada, genera el primer testigo y devuelve el primer testigo generado a la capa desencriptada del dispositivo de pago electrónico 100. Este primer testigo, que incluye cualesquiera otros datos que puedan haberse procesado por la nueva funcionalidad implementada, se transmite adicionalmente al servidor de entidad de crédito 40. El servidor de entidad de crédito 40 relaciona la información que permite generar el contrato financiero por el cliente 1 y el INE (es decir un documento de información normalizado Europeo pre-contractual obligatorio). Therefore, after the electronic payment device 100 has received the payment instrument, the encrypted layer of the electronic payment device 100 sends an encrypted message to the decrypted layer. Since the decrypted layer cannot decrypt the message, it forwards the message to the payment gateway server 30. The payment gateway server decrypts the message with the previously exchanged symmetric key, generates the first token, and returns the first generated token to the decrypted layer of the electronic payment device 100. This first token, which includes any other data that may have been processed by the new implemented functionality, is further transmitted to the credit institution server 40. The credit institution server 40 relates the information that it enables the financial contract to be generated by customer 1 and the INE (that is, a mandatory pre-contractual European standard information document).
Haciendo referencia de vuelta a la Figura 2, después de que el dispositivo de pago electrónico 100 ha recibido el instrumento de pago, en la etapa 206, el cliente 1 recibe en el teléfono móvil 10 un mensaje, por ejemplo un sms, que incluye un enlace de dirección web y un segundo testigo (o identificador) que identifica la transacción en el servidor de entidad de crédito 40. En particular, el segundo testigo comprende un código alfanumérico y tiene una durabilidad limitada de unas pocas horas, por ejemplo 2 horas. A través de ese enlace de dirección web, el cliente 1 accede a un sitio web donde él/ella puede conseguir los términos y condiciones sobre la operación financiera proporcionada por el servidor de entidad de crédito 40. Para aceptar estos términos y condiciones, la invención requerirá, etapa 207, un número de identificación personal de un documento de identidad del cliente 1 , a continuación tendrá lugar un proceso de puntuación. Si se califica el cliente 1 para la operación financiera él/ella tendrá que firmar su parte correspondiente del contrato electrónico con ese mismo teléfono móvil 10. Los datos de puntuación y resultado procesados en el servidor del servidor de entidad de crédito se envían al dispositivo de pago electrónico 100. Referring back to Figure 2, after the payment device electronic 100 has received the payment instrument, in step 206, customer 1 receives on the mobile phone 10 a message, for example an sms, which includes a web address link and a second token (or identifier) that identifies the transaction on the credit institution server 40. In particular, the second token comprises an alphanumeric code and has a limited durability of a few hours, for example 2 hours. Through this web address link, customer 1 accesses a website where he / she can obtain the terms and conditions on the financial operation provided by the credit institution server 40. To accept these terms and conditions, the invention will require, step 207, a personal identification number of a customer identity document 1, then a scoring process will take place. If Client 1 is qualified for the financial operation, he / she will have to sign their corresponding part of the electronic contract with that same mobile phone 10. The scoring and result data processed on the server of the credit institution server are sent to the electronic payment 100.
Una vez que se hace el proceso del contrato por el cliente, el cliente 1 tendrá que volver al dispositivo de pago electrónico 100 para conseguir que concluya el proceso. El dispositivo de pago electrónico 100 a continuación requiere, etapa 208, una cadena de caracteres que asocia el instrumento de pago con el cliente 1 , de modo que se finalizará la primera parte del proceso de pago, así como la autenticación del cliente. El cliente 1 puede conseguir una operación financiera en pocas etapas. El cliente 1 debería usar únicamente el dispositivo de pago electrónico 100 del comerciante para el primer proceso de pago (es decir el pago del primer plazo) ya que el resto de los plazos se pagarán por el cliente 1 al servidor de entidad de crédito 40. Sobre la primera cuota que se está realizando el servidor de entidad de crédito 40 finaliza o acepta su parte correspondiente del contrato electrónico. El cliente 1 concluiría el proceso de acuerdo con el servidor de entidad de crédito 40 a través de su propio teléfono móvil 10. Los siguientes plazos no requerirán la intervención de ninguno de los participantes. Todas estas siguientes etapas se harán en un entorno virtual o de comercio electrónico, donde el cliente 1 no tendrá que usar el dispositivo de pago electrónico 100, el teléfono móvil 10, el ID de número o el código de la cadena de caracteres. Toda esa información relacionada con la identificación del cliente, la autenticación del cliente y el proceso de pago estaría contenida en el primer testigo creado para estos fines. De la misma manera la intervención del comerciante ya no sería necesaria más. En este punto el comerciante ha vendido su producto o servicio al cliente 1 y ya ha recibido la cantidad total por el servidor de entidad de crédito 40. Con respecto a los pagos entrantes adicionales, el servidor de entidad de crédito 40 no necesitará hacer nada. A través de ese primer testigo el servidor de entidad de crédito 40 podrá recopilar los siguientes pagos entrantes automáticamente y la cantidad debida se cobrará en el instrumento de pago proporcionado por el cliente 1 en cada día del acuerdo de pago a plazos. Once the contract process is done by the customer, customer 1 will have to go back to electronic payment device 100 to get the process done. The electronic payment device 100 below requires, step 208, a string of characters associating the payment instrument with the customer 1, so that the first part of the payment process will be completed, as well as the authentication of the customer. Client 1 can achieve a financial operation in a few stages. Client 1 should only use the merchant's electronic payment device 100 for the first payment process (i.e. the first installment payment) since the rest of the installments will be paid by client 1 to the credit institution server 40. On the first installment being made, the credit institution server 40 ends or accepts its corresponding part of the electronic contract. Client 1 would conclude the process in agreement with the credit institution server 40 through its own mobile phone 10. The following deadlines will not require the intervention of any of the participants. All of these next steps will be done in a virtual or e-commerce environment, where customer 1 will not have to use electronic payment device 100, mobile phone 10, number ID, or character string code. All this information related to customer identification, customer authentication and the payment process would be contained in the first witness created for these purposes. In the same way, the intervention of the merchant would no longer be necessary. At this point the merchant has sold his product or service to customer 1 and has already received the full amount from the credit institution server 40. Regarding payments additional inbound, credit institution server 40 need not do anything. Through that first token the credit institution server 40 will be able to collect the following incoming payments automatically and the amount due will be collected in the payment instrument provided by the client 1 on each day of the installment payment agreement.
En una realización, el pago del primer plazo se realizaría en dos etapas. Debido a que el cliente 1 ha firmado el acuerdo legal con el servidor de entidad de crédito 40 a través de su teléfono móvil 10; el servidor de entidad de crédito 40 hará el pago de la cantidad total al comerciante en nombre del cliente 1. Este pago tendrá lugar una vez que el cliente 1 introduzca la cadena de caracteres en el dispositivo de pago electrónico 100 (en el ejemplo dado: 500€). Al mismo tiempo, el cliente 1 pagará a través de ese dispositivo de pago electrónico 100 el primer plazo de acuerdo con el acuerdo de pago a plazos que el cliente 1 ha seleccionado antes y ha sido confirmado más tarde durante el acuerdo de firma. Este primer plazo se pagará por el cliente 1 al servidor de entidad de crédito 40 directamente a través del dispositivo de pago electrónico 100 (en el ejemplo dado: 100€). Como el servidor de entidad de crédito 40 está pagando la cantidad total de la transacción al comerciante en nombre del cliente 1 y el cliente 1 tiene que pagar únicamente el primer plazo hasta ahora, deben realizarse pagos mensuales por el cliente 1 al servidor de entidad de crédito 40 (en el ejemplo dado: la cantidad debida es 400€ pagables en 4 plazos) de acuerdo con el acuerdo de pago a plazos. In one embodiment, the first installment payment would be made in two stages. Because the client 1 has signed the legal agreement with the credit institution server 40 through his mobile phone 10; the credit institution server 40 will make the payment of the total amount to the merchant on behalf of the customer 1. This payment will take place once the customer 1 enters the string in the electronic payment device 100 (in the example given: € 500). At the same time, customer 1 will pay through that electronic payment device 100 the first installment in accordance with the installment payment agreement that customer 1 has selected before and was later confirmed during the signing agreement. This first installment will be paid by customer 1 to the credit institution server 40 directly through the electronic payment device 100 (in the example given: € 100). Since credit institution server 40 is paying the full transaction amount to the merchant on behalf of client 1 and client 1 has to pay only the first installment thus far, monthly payments must be made by client 1 to the credit institution server. Credit 40 (in the example given: the amount due is € 400 payable in 4 installments) according to the installment payment agreement.
Como alternativa, en otra realización, en este caso no ilustrada, la aceptación del pago, es decir, la validación correcta de la cadena de caracteres, en lugar de incluir el pago del primer plazo únicamente incluye el bloqueo de una cierta cantidad de dinero del cliente 1. En este caso, el primer plazo se hará cuando llegue la primera fecha debida y así el resto de los plazos. Sobre el bloqueo de dicha cantidad de dinero el servidor de la entidad de crédito 40 finaliza o acepta su parte correspondiente del contrato electrónico. As an alternative, in another embodiment, in this case not illustrated, the acceptance of the payment, that is, the correct validation of the character string, instead of including the payment of the first installment, only includes the blocking of a certain amount of money from the client 1. In this case, the first term will be made when the first due date arrives and thus the rest of the terms. Upon blocking of said amount of money, the server of the credit institution 40 ends or accepts its corresponding part of the electronic contract.
En otra realización más, el resultado de dicha aceptación puede enviarse al dispositivo de teléfono 10 mediante un mensaje de sms que confirma la financiación al cliente 1. In yet another embodiment, the result of said acceptance can be sent to the telephone device 10 by means of an sms message confirming the financing to the client 1.
En particular, de acuerdo con la presente invención, el instrumento de pago incluye una tarjeta de pago, ya sea virtual o física, y la cadena de caracteres incluye un número de PIN. Sin embargo, en otras realizaciones, el instrumento de pago puede incluir una prueba biométrica del cliente, por ejemplo una huella digital, entre otros. Aunque lo anterior describe diversas realizaciones de la invención, pueden idearse otras realizaciones y adicionales de la invención sin alejarse del alcance básico de la misma. El alcance de la presente invención se define en el siguiente conjunto de reivindicaciones. In particular, according to the present invention, the payment instrument includes a payment card, either virtual or physical, and the character string includes a PIN number. However, in other embodiments, the payment instrument may include a biometric proof of the customer, for example a fingerprint, among others. Although the foregoing describes various embodiments of the invention, other and additional embodiments of the invention can be devised without departing from the basic scope of the invention. The scope of the present invention is defined in the following set of claims.

Claims

REIVINDICACIONES
1. Un método para financiar compras con autenticación reforzada de cliente, que comprende: 1. A method of financing purchases with enhanced customer authentication, comprising:
recibir, por un dispositivo de pago electrónico (100), la cantidad de una transacción que incluye una compra realizada por un cliente (1), y recibir adicionalmente un número de plazos en los que el cliente (1) desea que se haga el pago de dicha transacción, en el que dicho número de plazos está vinculado a un servidor de entidad de crédito (40);  receive, by an electronic payment device (100), the amount of a transaction that includes a purchase made by a customer (1), and additionally receive a number of installments in which the customer (1) wants the payment to be made of said transaction, in which said number of terms is linked to a credit institution server (40);
recibir, por el dispositivo de pago electrónico (100), un número de teléfono de un dispositivo de teléfono (10) de dicho cliente (1);  receiving, by the electronic payment device (100), a telephone number of a telephone device (10) of said customer (1);
recibir, por el dispositivo de pago electrónico (100), un instrumento de pago que permite que el cliente (1) pague la transacción sin efectivo;  receiving, through the electronic payment device (100), a payment instrument that allows the customer (1) to pay for the transaction without cash;
generar, por un servidor de pasarela de pagos (30), externo al dispositivo de pago electrónico (100) y conectado al mismo, un primer testigo de información asociado a dicho instrumento de pago;  generate, by a payment gateway server (30), external to and connected to the electronic payment device (100), a first information token associated with said payment instrument;
tras recibirse dicho instrumento de pago por el dispositivo de pago electrónico (100), recibir, por el dispositivo de teléfono (10), desde el dispositivo de pago electrónico (100), un mensaje que incluye un enlace de dirección web, incluyendo el enlace de dirección web un segundo testigo que identifica la transacción en el servidor de entidad de crédito (40);  upon receipt of said payment instrument by the electronic payment device (100), to receive, by the telephone device (10), from the electronic payment device (100), a message that includes a web address link, including the link web address a second token that identifies the transaction on the credit institution server (40);
recibir, por el dispositivo de teléfono (10), un número de identificación personal de un documento de identidad del cliente (1) y una aceptación de los términos y condiciones de dicho servidor de entidad de crédito (40) mediante el enlace de dirección web; y  receive, by the telephone device (10), a personal identification number of a customer identity document (1) and an acceptance of the terms and conditions of said credit institution server (40) through the web address link ; and
tras aceptarse dichos términos y condiciones, recibir, por el dispositivo de pago electrónico (100), una cadena de caracteres que asocia el instrumento de pago con el cliente (1), aceptando el dispositivo de pago electrónico (100) el pago tras validarse correctamente la cadena de caracteres,  After accepting said terms and conditions, receive, by the electronic payment device (100), a character string that associates the payment instrument with the customer (1), the electronic payment device (100) accepting the payment after validating correctly the character string,
en el que la aceptación del pago incluye el pago de uno primero de dichos plazos o el bloqueo de una cierta cantidad de dinero del cliente (1), y en el que los otros plazos se realizarán a una fecha posterior a través de una red electrónica (25) usando dicho primer testigo generado, sin implicación del cliente (1). in which the acceptance of the payment includes the payment of the first of said installments or the blocking of a certain amount of money from the client (1), and in which the other installments will be made at a later date through an electronic network (25) using said first generated token, without implication of the client (1).
2. El método de la reivindicación 1 , en el que el primer testigo se genera por dicho servidor de pasarela de pagos (30): 2. The method of claim 1, wherein the first token is generated by said payment gateway server (30):
recibiendo desde una capa desencriptada del dispositivo de pago electrónico (100) un mensaje cifrado que incluye dicha información asociada al instrumento de pago; descifrando el mensaje cifrado con una clave simétrica y generando el primer testigo; y receiving from an decrypted layer of the electronic payment device (100) an encrypted message that includes said information associated with the payment instrument; decrypting the encrypted message with a symmetric key and generating the first token; and
reenviando el primer testigo generado a dicha capa desencriptada del dispositivo de pago electrónico (100).  forwarding the first generated token to said decrypted layer of the electronic payment device (100).
3. El método de cualquier reivindicación anterior, en el que el segundo testigo se genera por dicho servidor de entidad de crédito (40) y que comprende un código alfanumérico. 3. The method of any preceding claim, wherein the second token is generated by said credit institution server (40) and comprising an alphanumeric code.
4. El método de la reivindicación 3, en el que el segundo testigo tiene una durabilidad limitada de unas pocas horas. 4. The method of claim 3, wherein the second control has a limited durability of a few hours.
5. El método de cualquier reivindicación anterior, en el que el instrumento de pago incluye una tarjeta de pago, física o virtual, y la cadena de caracteres incluye un número de identificación de tarjeta. 5. The method of any preceding claim, wherein the payment instrument includes a physical or virtual payment card, and the character string includes a card identification number.
6. El método de la reivindicación 5, en el que el número de identificación de la tarjeta comprende un número de identificación personal, PIN de tarjeta de pago de PCI-DSS. 6. The method of claim 5, wherein the card identification number comprises a personal identification number, PCI-DSS payment card PIN.
7. El método de cualquier reivindicación anterior, en el que al menos el número de teléfono y/o la cadena de caracteres se introducen por el cliente (1) a través de al menos uno de un teclado numérico, un panel táctil o una interfaz de voz del dispositivo de pago electrónico (100). 7. The method of any preceding claim, wherein at least the telephone number and / or the character string are entered by the customer (1) via at least one of a numeric keypad, a touch panel or an interface of the electronic payment device (100).
8. El método de cualquier reivindicación anterior, en el que el mensaje comprende al menos uno de un mensaje corto de texto, un mensaje instantáneo, un mensaje de correo electrónico o una notificación de APP The method of any preceding claim, wherein the message comprises at least one of a short text message, an instant message, an email message, or an APP notification.
9. Un sistema para financiar compras con autenticación reforzada de cliente, que comprende: 9. A system to finance purchases with enhanced client authentication, comprising:
un dispositivo de pago electrónico (100);  an electronic payment device (100);
un servidor de pasarela de pagos (30), externo al dispositivo de pago electrónico (100) y configurado para comunicar con el dispositivo de pago electrónico (100); y  a payment gateway server (30), external to the electronic payment device (100) and configured to communicate with the electronic payment device (100); and
un dispositivo de teléfono (10) de un cliente (1) configurado para comunicar con el dispositivo de pago electrónico (100),  a telephone device (10) of a customer (1) configured to communicate with the electronic payment device (100),
en el que: in which:
- el dispositivo de pago electrónico (100) comprende una o más interfaces para:  - the electronic payment device (100) comprises one or more interfaces for:
recibir la cantidad de una transacción que incluye una compra realizada por dicho cliente (1); recibir un número de plazos en los que el cliente (100) desea que se haga el pago de dicha transacción, en el que dicho número de plazos está vinculado a un servidor de entidad de crédito (40); receive the amount of a transaction that includes a purchase made by said customer (1); receiving a number of installments in which the client (100) wants the payment of said transaction to be made, in which said number of installments is linked to a credit institution server (40);
recibir un número de teléfono de dicho dispositivo de teléfono (10); y recibir un instrumento de pago que permite que el cliente (1) pague la transacción sin efectivo;  receiving a phone number from said phone device (10); and receive a payment instrument that allows the customer (1) to pay for the transaction without cash;
- el servidor de pasarela de pagos está adaptado y configurado para generar un primer testigo de información asociado a dicho instrumento de pago; y  - the payment gateway server is adapted and configured to generate a first information token associated with said payment instrument; and
- el dispositivo de teléfono (10) comprende una o más interfaces para:  - the telephone device (10) comprises one or more interfaces for:
recibir un mensaje que incluye un enlace de dirección web después de que se reciba dicho instrumento de pago por el dispositivo de pago electrónico (10), incluyendo el enlace de dirección web un segundo testigo que identifica la transacción en el servidor de entidad de crédito (40); y  receiving a message that includes a web address link after said payment instrument is received by the electronic payment device (10), the web address link including a second token that identifies the transaction on the credit institution's server ( 40); and
recibir un número de identificación personal de un documento de identidad del cliente (1) y una aceptación de los términos y condiciones de dicho servidor de entidad de crédito (40) mediante el enlace de dirección web,  receive a personal identification number from a customer identity document (1) and an acceptance of the terms and conditions of said credit institution server (40) through the web address link,
en el que el dispositivo de pago electrónico (100), después de que se acepten dichos términos y condiciones, está configurado para recibir, mediante dicha una o más interfaces, una cadena de caracteres que asocia el instrumento de pago con el cliente (1), de modo que se acepta el pago de la compra después de que se valide correctamente la cadena de caracteres por el dispositivo de pago electrónico (1), en el que la aceptación del pago incluye el pago de uno primero de dichos plazos o el bloqueo de una cierta cantidad de dinero del cliente (1), y en el que los otros plazos se realizarán a una fecha posterior a través de una red electrónica (25) usando dicho primer testigo generado, sin implicación del cliente (1). in which the electronic payment device (100), after said terms and conditions are accepted, is configured to receive, through said one or more interfaces, a character string that associates the payment instrument with the customer (1) , so that the payment of the purchase is accepted after the character string is correctly validated by the electronic payment device (1), in which the acceptance of the payment includes the payment of the first of said terms or the blocking of a certain amount of money from the client (1), and in which the other installments will be made at a later date through an electronic network (25) using said first generated token, without the involvement of the client (1).
10. El sistema de la reivindicación 9, en el que el dispositivo de pago electrónico (100) comprende un punto de venta, POS. 10. The system of claim 9, wherein the electronic payment device (100) comprises a point of sale, POS.
11. El sistema de la reivindicación 9, en el que el segundo testigo comprende un código alfanumérico y tiene una durabilidad limitada de unas pocas horas. 11. The system of claim 9, wherein the second token comprises an alphanumeric code and has a limited durability of a few hours.
12. El sistema de la reivindicación 9, en el que el instrumento de pago comprende una tarjeta de pago, física o virtual, y la cadena de caracteres comprende un número de identificación de tarjeta que incluye un número de identificación personal, PIN de tarjeta de pago de PCI-DSS. 12. The system of claim 9, wherein the payment instrument comprises a physical or virtual payment card, and the character string comprises a card identification number including a personal identification number, card PIN, PCI-DSS payment.
13. El sistema de la reivindicación 9, en el que la una o más interfaces del dispositivo de pago electrónico (100) incluye un teclado numérico, un panel táctil o una interfaz de voz. 13. The system of claim 9, wherein the one or more interfaces of the electronic payment device (100) includes a numeric keypad, a touch panel, or a voice interface.
14. El sistema de la reivindicación 9, en el que el mensaje comprende al menos uno de un mensaje corto de texto, un mensaje instantáneo, un mensaje de correo electrónico o una notificación de APP. 14. The system of claim 9, wherein the message comprises at least one of a short text message, an instant message, an email message, or an APP notification.
PCT/ES2018/070742 2018-11-16 2018-11-16 Method and system for financing purchases with strengthened client authentication WO2020099690A1 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
PCT/ES2018/070742 WO2020099690A1 (en) 2018-11-16 2018-11-16 Method and system for financing purchases with strengthened client authentication
FR1912753A FR3088747B3 (en) 2018-11-16 2019-11-15 Electronic payment device
DE202019106383.1U DE202019106383U1 (en) 2018-11-16 2019-11-15 Electronic payment device
ES201931896U ES1239905Y (en) 2018-11-16 2019-11-18 Electronic payment device
PT11915U PT11915Y (en) 2018-11-16 2019-11-20 ELECTRONIC PAYMENT DEVICE

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/ES2018/070742 WO2020099690A1 (en) 2018-11-16 2018-11-16 Method and system for financing purchases with strengthened client authentication

Publications (1)

Publication Number Publication Date
WO2020099690A1 true WO2020099690A1 (en) 2020-05-22

Family

ID=65657485

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/ES2018/070742 WO2020099690A1 (en) 2018-11-16 2018-11-16 Method and system for financing purchases with strengthened client authentication

Country Status (5)

Country Link
DE (1) DE202019106383U1 (en)
ES (1) ES1239905Y (en)
FR (1) FR3088747B3 (en)
PT (1) PT11915Y (en)
WO (1) WO2020099690A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114124545A (en) * 2021-11-25 2022-03-01 杭州摸象大数据科技有限公司 Data credible cochain and identity authentication terminal for supply chain finance

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080270301A1 (en) * 2007-04-27 2008-10-30 American Express Travel Related Services Co., Inc. Mobile payment system and method
US7533047B2 (en) 2005-05-03 2009-05-12 International Business Machines Corporation Method and system for securing card payment transactions using a mobile communication device
US20120047070A1 (en) * 2008-04-02 2012-02-23 Jennifer Pharris ATM/KIOSK Cash Acceptance
US20120173348A1 (en) 2010-12-29 2012-07-05 Boku, Inc. Systems and Methods to Process Payments via Account Identifiers and Phone Numbers
US20160275507A1 (en) * 2015-03-19 2016-09-22 International Business Machines Corporation Multi-point authentication for payment transactions
WO2016172541A1 (en) 2015-04-23 2016-10-27 Diebold, Incorporated Onboarding of mobile-wallet datasets

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7533047B2 (en) 2005-05-03 2009-05-12 International Business Machines Corporation Method and system for securing card payment transactions using a mobile communication device
US20080270301A1 (en) * 2007-04-27 2008-10-30 American Express Travel Related Services Co., Inc. Mobile payment system and method
US20120047070A1 (en) * 2008-04-02 2012-02-23 Jennifer Pharris ATM/KIOSK Cash Acceptance
US20120173348A1 (en) 2010-12-29 2012-07-05 Boku, Inc. Systems and Methods to Process Payments via Account Identifiers and Phone Numbers
US20160275507A1 (en) * 2015-03-19 2016-09-22 International Business Machines Corporation Multi-point authentication for payment transactions
WO2016172541A1 (en) 2015-04-23 2016-10-27 Diebold, Incorporated Onboarding of mobile-wallet datasets

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114124545A (en) * 2021-11-25 2022-03-01 杭州摸象大数据科技有限公司 Data credible cochain and identity authentication terminal for supply chain finance

Also Published As

Publication number Publication date
ES1239905Y (en) 2020-07-02
FR3088747A3 (en) 2020-05-22
ES1239905U (en) 2020-01-22
PT11915U (en) 2020-05-20
FR3088747B3 (en) 2020-11-20
DE202019106383U1 (en) 2020-01-31
PT11915Y (en) 2021-01-22

Similar Documents

Publication Publication Date Title
US20170366530A1 (en) Mobile Account Authentication Service
CN105960776B (en) Token authentication using limited-use credentials
US10311433B2 (en) Secure authorizations using independent communications and different one-time-use encryption keys for each party to a transaction
US7983987B2 (en) System and method for conducting secure payment transaction
US20180268407A1 (en) Apparatus and method for payment authorization and authentication based tokenization
JP5294880B2 (en) Method and system for performing two-factor authentication in email and phone orders
ES2823592T3 (en) Secure payment system
KR101557895B1 (en) Payment method based on safety payment code and safe payment agency server for the same method
BRPI0411286B1 (en) system for authenticating a cardholder business transaction with a merchant on an electronic network; data structure to carry information and method for business transaction authentication
US20190295074A1 (en) Secure authorizations using independent communications and different one-time-use encryption keys for each party to a transaction
CN110574032A (en) system and method for generating access credentials
WO2020099690A1 (en) Method and system for financing purchases with strengthened client authentication
ES2865380T3 (en) Method of carrying out a transaction, terminal and corresponding computer program
KR100458526B1 (en) System and Method for the wire·wireless complex electronic payment
US20200051054A1 (en) Method and apparatus for credit transaction employing unbreakable encryption
ES1227068U (en) Electronic payment device (Machine-translation by Google Translate, not legally binding)
WO2017006194A1 (en) System of payment made in real time

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18852793

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18852793

Country of ref document: EP

Kind code of ref document: A1