SYSTEM AND METHOD FOR SECURED PAYMENT AND SETTLEMENT IN NETWORK ENVIRONMENT
FIELD OF THE INVENTION The present invention relates to the field of providing a secure payment and settlement system and method for at least a merchant (i.e. seller) and at least a customer (i.e. buyer) to conduct commerce transaction over a network (hereinafter called "network-based commerce"). Such network includes any public or private communication network like Internet, Intranet, mobile telephone system etc. The present invention protects the interest of customer, merchant, deliverer, financial institution and other parties involved in a network-based commerce.
BACKGROUND OF THE INVENTION A secure payment and settlement system is vital to the success of conducting a network-based commerce. The recent rapid growth of Internet and mobile phone equipped with Wireless Application Protocol (WAP) for accessing the Internet would lead to the formation of a global new market place of conducting commerce for goods, information and services (hereinafter called "Product"). The size of population having access to the Internet is growing rapidly and merchants are also increasingly interested in selling Product over the Internet, particularly via the World Wide Web. On the other hand, Product sold through telephone network and postal delivery network by mail order is also on the increasing trend. Payments for such network-based commerce, especially over the Internet are mostly settled by credit card. However there is a significant size of population still disqualified for using credit card. It is therefore necessary to provide a secure and convenient payment and settlement system to cater for the needs of conducting network-based commerce, especially over the Internet for all users.
A network-based commerce usually involves customer to order Product, customer or reap ient authorised by the customerto receive the ordered Product, deliverer appointed by merchant to deliver the ordered Product to customer or reap ient, and financial institution acting on customer's instruction to pay merchant for the Product ordered. The typical process of completing a network-based commerce is explained as follows: upon receipt of a purchase request from customer, merchant issues a payment request to financial institution to effect
payment and then informs deliverer to deliver the ordered Product to customer orrecipient. In this way, customer has no control over payment before received the ordered Product and is left with the choices of either to settle the bill or to deny payment and wait for finanαal institution to investigate. If there is no sufficient p oof to confirm failure of customer, financial institution may probably give benefit of doubt to customer and demands merchant to bear the loss. Besides being hassle for customer and usually disadvantageous to merchant, such investigation process is usually lengthy and costly.
Furthermore, there are numerous problems hindering growth of network-based commerce market place, especially over Internet. One problem is that information such as credit card number and other confidential information supplied by customer to merchant is at risk of interception by third parties, unauthorized possession by computer network invaders or misuse by employees of merchant.
In the existing credit card payment systems for the commerce transacted over shop counter, credit card's issuing bank takes on the fraud risk associated with misuse of credit card when a merchant follows the established card acceptance procedure. Such acceptance procedure may include verification of card holder's signature on the card and obtaining authorization for payments by retrieving and sending card data to the issuing bank's computer through a network. However, merchant conducting network-based commerce can not physically examine purchaser's credit card, resulted in the fraud risk being reverted to the merchant, so many merchants are discouraged to conduct network-based commerce for not willing to bear this fraud risk. Moreover, merchants have yet to face another fraud risk of deliverer having problem to verify a person being authorized to receive the ordered Product.
Another problem with commerce over Internet is that the customer generally has to repeatedly supply and transmit a plethora of confidential information each time the customer wishes to purchase Product from a new merchant, and requirement of such information usually varies according to individual merchant's customized electronic order form. Besides being hassle for the customer, it also places the confidential information at risk each time such information is supplied to a new merchant.
Yet another problem hindering growth of network-based commerce is lack of a clearing house system for the suppliers of Product (i.e. the one who supplied Product to merchants to sell over network) to ensure payment from merchants. Without such system, suppliers are not willing to supply Product to a new merchant without having examined creditability of the new merchant, resulted in limited merchants selling their Product.
Accordingly, there is a pressing need to resolve these problems associated with conducting a network-based commerce. The present invention is therefore important for encouraging merchants to participate in the network-based commerce.
OBJECT OF THE INVENTION
The present invention has the first objective of providing a secure payment and settlement system that will authorize payment requests and remove fraud risk from customer ordering Product over network, merchants selling Product over network, deliverer identifying genuine customer or recipient and suppliers supplying Product to merchants.
The second objective of the present invention is to utilize existing financial instruments such as credit card, debit cards and demand deposit accounts to settle the payments.
The third objective of the present invention is to utilize existing encryption and authentication technique to protect confidentiality of information and to verify identification of a party participated in a network-based commerce.
SUMMARY OF THE INVENTION
The present invention provides a secure payment and settlement system for customer and merchant to conduct network-based commerce. A unique pair of customer identification code (CustlD) and password are assigned by financial institution to individual customer. CustlD is linked to such financial institution and at least an external account of customer managed by such financial institution. A unique merchant identification code (MerchantlD) is also assigned to individual merchant.
The present invention requires a customer to use a customer means to communicate with various parties and to request payment gateway or a merchant to generate a temporary unique shopper identification code (ShopperlD). The customer may communicate with a plurality of merchants directly or via payment gateway to conduct a plurality of network-based commerce by supplying ShopperlD to individual merchant for generation of respective purchase record comprising non-confidential data of ShopperlD, MerchantlD and information for the ordered Product. Subsequently, individual merchant sends respective purchase record directly to payment gateway memory or stores such purchase record in customer means for subsequent retrieval by payment gateway or financial institution.
On completion of conducting network-based commerce with a plurality of merchants, the customer uses customer means to send CustlD and ShopperlD to payment gateway for executing the following processes:
• To display all purchase records which are linked to ShopperlD and stored in payment gateway memory or customer means for customer to confirm.
• To generate payment request for the confirmed purchase records.
• To send CustlD and payment request to financial institution identified by CustlD.
• To establish or initiate the establishment of a cryptographically secured session between customer means and such financial institution for customer to authorise payment through supplying password to such financial institution.
After verified password and CustlD, financial institution initiates transfer of payment from customer's external account to a trusty account of clearing house. Thereafter, payment gateway issues for individual purchase record having been confirmed payment a unique pair of Token-code and Check-code conformed to a predefined relationship, and sends Token-code to customer and Check-code to merchant.
Upon delivery of the ordered Product, customer exchanges Token-code for the ordered Product. Deliverer of merchant verifies existence of the predefined relationship between Check-code supplied by merchant and Token-code supplied by customer for confirming Token-code and thus customer as genuine. Finally, merchant sends Token-code to payment gateway for verification and
settlement of the payment secured in trusty account for all relevant parties in a network-based commerce.
As such, the present invention enables deliverer to verify customer or the authorized recipient as genuine and all parties to identify defaulter caused failure in completing a network-based commerce through tracking the flow of Token- code.
BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 illustrates the concept of a secure payment and settlement system of the present invention that a customer settles payment through a payment gateway stored the purchase records for the network-based commerce transacted by the customer with a plurality of merchants.
Figure 2 illustrates the concept of a secure payment and settlement system of the present invention that a customer settles payment through a payment gateway by retrieving from customer means the purchase records for the network-based commence transacted by the customer with a plurality of merchants.
Figure 3 illustrates the concept of a secure payment and settlement system of the present invention that a customer settles payment immediately for a network-based commerce through a double loop-passing process for Check- code and Token-code.
Figure 4 illustrates the concept of a secure payment and settlement system of the present invention that a customer settles payment immediately for a network-based commerce through a single loop-passing process for Check- code.
DETAILED DESCRIPTION OF THE INVENTION
The present invention describes a method and system universally applicable to provide a secure payment and settlement system for at least a customer and a merchant to conduct a network-based commerce. To facilitate better description of the present invention, the following definitions are adopted:
• A network refers to a public or private communication system like Internet, Intranet, Extranet, mobile data communication system, wired telephone system, mobile telephone system and postal delivery system etc.
• A Product is any goods, information and services sold through a network.
5 • A Party is a person, company, institution, Internet portal operator or any other entity as part of a payment and settlement system involved in transaction or settlement of payment for a network-based commerce.
• A Merchant is a Party selling Product through a network.
• A Customer is a Party ordering Product through a network and making l o payment to a Merchant.
• A Customer Means is a means e.g. computer, used by Customer to conduct network-based commerce.
• A Recipient is a Party authorized by Customer to receive the ordered Product.
15 • A Deliverer is a Party authorized by Merchant to deliver the ordered Product to Customer or Recipient.
• A Beneficiary is a Party entitled to receive from payment and settlement system a portion or total of the payment payable by Customer for a network- based commerce.
20 • An External-account is any existing financial instrument such as credit card, debit card and demand deposit account etc.
• A Financial Institution is a functional unit within a Party or a Party e.g. bank, managing External-account for Customer and ensuring sufficient fund or credit in such External-account to pay for a network-based commerce, or a trusted Party
25 authorized by Customer to initiate fund transfer from such Customer's External- account managed by a bank to pay for a network-based commerce.
• A Purchase Record describes detailed information of a network-based commerce transaction. Such information may include Merchant identification code, Merchant URL, identification code and quantity and price of individual Product,
3 o invoice number and amount of payment for a network-based commerce etc.
• A Payment Request describes the detailed information of payment for a network-based commerce. Such information may include Merchant account, Customer identification code, invoice number and amount of payment for a network-based commerce.
• A Settlement Order describes the detailed account settlement information and instructions for dividing and transferring payment for a network-based commerce credited in a trusty account to the accounts of Merchant and relevant Beneficiaries. Such information may include Merchant account identification, identification code and quantity and price of individual Product sold in a network- based commerce, invoice number of a network-based commerce, account identification of Beneficiaries and method to divide payment for Merchant and Beneficiaries.
• A Clearing House is a functional unit within a Party or a Party trusted b y Merchant and Beneficiaries to execute Settlement Order and manage fund transfer for Merchant and Beneficiaries according to Settlement Order.
• A Payment Gateway is a functional unit within a Party or a Party receiving Purchase Record, communicating with Customer for receiving customer identification code and confirming Purchase Record, generating Payment Request for forward transmission to Financial Institution to affect transfer of payment from Customer's External-account to Clearing House, and communicating with Merchant for verifying payment request and activating Clearing House to affect settlement of payment for each network-based commerce. • A payment and settlement system is a service that authorizes and executes Payment Request backed by External-account of Customer and Settlement Order for the final settlement of such Payment Request.
The present invention to provide a secure payment and settlement system expressed as a method universally applicable to generating a Payment
Request and processing a Settlement Order for at least a network-based commerce involving at least a Merchant and a Customer, requires assignment of a unique identification code MerchantlD to individual Merchant and a unique pair of identification code CustlD and password or the equivalent (e.g. the smart card or b iometrics authentication technique) to individual C ustomer. CustlD is linked to
Financial Institution and at least an External-account of Customer to settle payment for a network-based commerce. Password is required by Financial
Institution to authenticate Customer and is usually a fixed code subject to change by Customer or Financial Institution.
To improve security in authenticating Customer, the present invention introduces the method of allowing a password to be used once only for each authentication process. The method requires a plurality of different passwords to be printed on a handy card, and cover such printed passwords firmly by a thin layer of non- transparent material to prevent disclosure to any unauthorized party. For each authentication process, Customer gets a new password through removing the portion of non-transparent material covered such printed new password. Security is further improved by combining such printed new password with other code supplied by Customer to form a new password. The present invention adopts the following inventive steps of registering the passwords printed on a card ready to be used for authentication of Customer:
• A unique card-code is printed on each card for identification purpose. Such card-code is covered firmly by a thin layer of non-transparent material to prevent disclosure to any unauthorized party. • The card-code and passwords printed on the card are stored in a central means.
• For registering the printed password, Customer removes the non- transparent material to read card-code and sends such card-code to Financial Institution. • Financial Institution then sends such card-code to central means for retrieving the passwords printed on such card and stores the received passwords as registered passwords in customer records for authentication of Customer.
• Customer may repeat the above process to register new passwords printed on any new card to top up the registered password in customer record. • In order to prevent card producer or distributor from knowing any registered password, each card is constructed by combining at least 2 partial cards into a complete card. Each partial card only captures partial printed passwords and card-code, a complete printed password and card-code is obtained b y combining few partial cards into a complete card.
In detail now and referring to Figure 1 it describes the present invention in resolving the problems and limitations inhabited in the existing process of handling payment settlement fora network-based commerce. Prior to conducting a network-based commerce, Customer 101 initiates a request e.g. supply email address, to Payment Gateway 100 or Merchant 102 for requesting a unique shop per identification code ShopperlD which may simply be a random number
or a unique email address or a combination of both email address and a speα'al code supplied by Payment Gateway 100 or Merchant 102. Such speα'al code may comprise a random number and a code derived from both email address and such random number. The use of special code helps Merchant 102 to verify email address supplied by Customer 101 and improves confidentiality for a network-based commerce because email address is the non-confidential information. ShopperlD has limited life span effective for the intended purpose of identifying C ustomer 101.
In executing a network-based commerce, Customer 101 establishes a communication link directly with Merchant 102 for supplying ShopperlD as identification and forward transmission to Payment Gateway 100 together with Purchase Record 115 generated by Merchant 102. Customer 101 may repeat this process with a plurality of Merchant 102 for storing a plurality of Purchase Record 115 and same ShopperlD in Payment Gateway 100. Thereafter, Customer 101 establishes a communication link with Payment Gateway 100 to send CustlD and ShopperlD for retrieving and confirming each stored Purchase Record 115 identified by ShopperlD. After completed such confirmation p ocess, Payment Gateway 100 executes the following processes: » To generate a Payment Request 107 for each confirmed Purchase Record 115.
• To send Payment Request 107 and CustlD to Financial Institution 104 identified by CustlD. Alternatively, Finandal Institution 104 is identified by other information supplied by Customer 101 to Payment Gateway 100 e.g. clicking an icon linked to Financial Institution 104.
• To establish or initiate the establishment of a secured cryptographic session between Customer 101 and Financial Institution 104 for Customer 101 to send confidential password to Finandal Institution 104.
Finandal Institution 104 then executes the following p rocesses:
• To authenticate identification of C ustomer 101 through matching the received CustlD and password with the stored contents in customer record.
• Upon successful authentication, to transfer payment for Payment Request 107 from CustlD linked External-account (which is managed by Finandal Institution 104) to a trυsty account of Clearing House 103. Alternatively, to initiate a request to the bank of Customer 101 to transfer payment for
Payment Request 107 from CustlD linked External-account (which is managed by such bank) to a trusty account of Clearing House 103.
• To inform Payment Gateway 100 comp letion of p ay ment transfer.
Payment Gateway 100 then executes the following p rocesses:
• To inform individual Merchant 102 of having secured payment for commenαng delivery of the Product ordered under each Purchase Record 115.
• To generate a unique pair of Token-code 108 and C heck-code 109 for each Purchase Record 115 having payment secured, wherein Token-code 108 is uniquely related to Check-code 109 in a predefined relationship, or Token- code 108 is uniquely tied to Check-code 109 as a p air of random numbers.
• To send Token-code 108 to Customer 101 and Check-code 109 to Merchant 102.
Subsequently, Merchant 102 passes Check-code 109 to Deliverer 105 to deliver the ordered Product to Customer 101 or Redpient 106 who is given Token-code 108 by Customer 101 for receiving the ordered Product. After having exchanged the ordered Product with Customer 101 or Redpient 106 for Token-code 108, Deliverer 105 verifies existence of the p redefined relationship between Check-code 109 and Token-code 108 for confirming Customer 101 or Redpient 106 as genuine. Having received Token-code 108 from Deliverer 105, Merchant 102 sends Token-code 108 to Payment Gateway 100 for verification in order to request Clearing House 103 to execute payment settlement.
The other embodiment of the present invention as described in Figure 1 requires Customer 101 to establish a communication link with Payment Gateway 100 for supplying CustlD and activating a communication linkage e.g. a hyperlink, provided by Payment Gateway 100 in order to establish a communication link with Merchant 102 for execution of a network-based commerce. As such, no ShopperlD is required for identification of Customer 101 because Payment Gateway 100 may tie Purchase Record 115 received from Merchant 102 to CustlD supplied by Customer 101.
The other embodiment of the present invention to verify Token-code 108 as described in Figure 1 requires Financial Institution 104 to generate only Token- code 108 without Check-code 109 and store Token-code 108 in a hand-held tamper-proof device or a central means. Deliverer 105 enters the code supplied by Customer 101 into such device or remotely sends such code to central means for matching with the stored Token-code 108 in order to verify the code supplied by Customer 101 as genuine Token-code 108.
Yet the other embodiment of the present invention to verify Token-code 108 as described in Figure 1 requires a central means to store Token-code 108 and Check-code 109. Deliverer 105 remotely sends the code supplied by Customer 101 to such central means for matching such code with the stored Token-code 108 and sending the linked Check-code 109 to Deliverer 105 who then confirmed the code supplied by Customer 101 being Token-code 108 if the code received from such central means is same as Check-code 109 supplied by Merchant 102.
The other embodiment of the present invention as described in Figure 1 requires Payment Gateway 100 to send Merchant 102 a plurality of Check-code 109 and send Customer 101 a plurality of Token-code 108 after Finandal Institution 104 has indicated completion of payment transfer from External- account of Customer 101 to a trusty account of Clearing House 103 for a network-based commerce. Each Token-code 108 is uniquely related to a Check- code 109 in a predefined relationship. At each stage of network-based commerce transaction (e.g. a partial delivery of ordered Product or at each stage of delivery process), Customer 101 gives Merchant 102 one of Token-code 108 in a predetermined sequence of order or in a random order. Merchant 102 firstly uses Check-code 109 to verify Token-code 108 then sends Token-code 108 to Payment Gateway 100 for requesting Clearing House 103 to execute partial payment settlement by transferring part of payment from such trusty account to the accounts of Merchant 102 and all Benefiαaries according to Settlement Order. The process of Customer 101 giving Merchant 102 a Token- code 108 for requesting Clearing House 103 to execute partial payment settlement is repeated until the last Token-code 108 is given by Customer 101 to M erchant 102 to comp lete full p ay ment settlement.
Figure 2 describes an alternate embodiment of the present invention applicable to providing a secure payment and settlement system for a network-based commerce. In executing a network-based commerce. Customer 201 uses Customer Means 216 to establish a communication link with Merchant 202 for receiving and storing Purchase Record 215 generated by Merchant 202. Customer 201 may repeat this process with a plurality of Merchant 202 for Customer Means 216 to store respective Purchase Record 215. In the preferred embodiment of the present invention, the Customer means is a computer teiminal or processor device. On completion of shopping activities, Customer 201 confirms each stored Purchase Record 215 retrieved from Customer Means 216. Thereafter, Customer 201 uses Customer Means 216 to establish a communication link with Payment Gateway 200 for supplying CustlD and the stored Purchase Record 215 in order to complete each confirmed network-based commerce in the following way similar to what has been described in the Figure 1 embodiment:
• Payment Gateway 200 sending Payment Request 207 and CustlD to Finandal Institution 204.
• Customer 201 using Customer Means 216 to establish a secured cryptographic session with Finandal Institution 204 for sending confidential password for authentication and initiating transfer of payment from CustlD linked External-account to a trusty account of Clearing House 203.
• Payment Gateway 200 sending Token-code 208 to Customer 201 and Check-code 209 to Merchant 202.
• Merchant 202 passing Check-code 209 to Deliverer 205 for delivering the ordered Product to Customer 201 or Redpient 206 who is given Token- code 208 by Customer201. After having exchanged ordered Product with Customer201 or Redpient 206 for Token-code 208, Deliverer 205 uses Check-code 209 to verify Token-code 208 for identifying Customer 201 or Redpient 206. Merchant 202 sends Token-code 208 to Payment Gateway 200 for verification and requesting Clearing House 203 to execute payment settlement.
The other embodiment of the present invention as described in Figure 2 requires Customer 201 to establish a communication link with Payment Gateway 200 for supplying CustlD and activating a communication linkage e.g. a
hyperlink, provided by Payment Gateway 200 for establishing a communication link with Merchant 202 to execute a network-based commerce.
Yet another embodiment of the present invention as described in Figure 2 requires Customer 201 , after completion of shopping activities, to establish a communication link with Payment Gateway 200 first. As such, Payment Gateway 200 may receive CustlD from Customer 202 for identification purpose and retrieve Purchase Record 215 from Customer Means 216 for Customer 201 to confirm each network-based commerce.
In summary, the present invention resolves the inherent problems and limitations in the existing system to handle network-based commerce as follows:
• Customer is only required to supply confidential information comp rising CustlD and password or the equivalent to Payment Gateway or Finandal Institution through a cryptographically secured session.
• Customer controls payment to Merchant through exchange of Token-code forthe ordered Product.
• Deliverer may verify Customer or Redpient as genuine through testing existence of the predefined relationship between Token-code and Check- code
• Merchant and Deliverer may protect respective interest through demanding Token-code from Customer to prove that Customer has satisfactorily accepted the ordered Product.
• Finandal Institution transferring p ay ment from External-account of C ustomer to a trusty account of Clearing House minimises the fraud risk faced by
Merchant.
• Payment Gateway or Finandal Institution may solely rely on Token-code supplied by Merchant as the evidence of having received proper instruction from Customerto pay Merchant. • Clearing House acting as a legally trusted agent to settle payment for a network-based commence for Merchant and all Beneficiaries, induding the supplier, without having to credit payment to the account controlled by M erchant relieves the concern of sup p lier on cred itab ility of M erchant.
Figure 3 describes the embodiment of the present invention applicable to immediate settlement of payment for a network-based commerce e.g. a
commerce transacted over shop counter. Having transacted a network-based commerce, Merchant 302 sends Purchase Record 315 to Payment Gateway 300 for requesting Check-code 309 there from and then forward passing Check- code 309 to Customer 301. Customer 301 uses hand phone or other communication means to establish a secured session for requesting Finandal Institution 304 to execute the following processes:
• Receiving CustlD and password from Customer 301 to match with the contents of stored customer records for verifying identification of Customer 301. • Receiving Check-code 309 from Customer 301 and forward transmission to Payment Gateway 300 for retrieving Purchase Record 315 identified by Check-code 309.
• Requesting Customer 301 to confirm Purchase Record 315 and authorize payment. • Issuing a unique Token-code 308 to Customer 301 upon authorisation of payment by Customer301.
Subsequently, Customer 301 passes Token-code 308 to Merchant 302 for sending Token-code 308 and Check-code 309 to Payment Gateway 300. Financial Institution 304 then executes the following processes upon receipt of Token-code 308, Check-code 309 and Payment Request 307 from Payment Gateway 300:
• Matching the received Token-code 308 and Check-code 309 with the contents of the stored records. • Initiating transfer of payment for such network-based commerce from External-account of Customer 301 to a trusty account of Clearing House 303 for executing payment settlement according to Settlement Order given by Merchant 302 and other Benefidaries.
• Informing Payment Gateway 300 completion of payment settlement.
A simplified version for the embodiment of the present invention as described π Figure 3 is presented in Figure 4. Having transacted a network-based commerce over a shop counter, Merchant 402 sends Purchase Record 415 to Payment Gateway 400 for requesting Check-code 409 there from and forward passing Check-code 409 to Customer 401. Customer 401 then uses hand phone or
other communication means to establish a secured session for requesting Finandal Institution 404 to execute the following p rocesses:
• Receiving CustlD and password from Customer 401 to match with the contents of stored customer records for verifying identification of Customer 401.
• Receiving Check-code 409 from Customer 401 and forward transmission to Payment Gateway 400 for requesting Payment Request 407 and Purchase Record 415 (identified by Check-code 409) there from.
• Requesting Customer 401 to confirm Purchase Record 415 and authorize payment for such network-based commerce.
• Upon authorization of payment, initiating transfer of payment from External- account of Customer 401 to a trusty account of Clearing House 403 for executing payment settlement according to Settlement Order given by Merchant 402 and other Benefiαaries. • Informing Payment Gateway 400 completion of payment settlement.
The following altematives are applicable to the embodiments as described in Figure 3 and 4 above:
1. Merchant issues Check-code e.g. invoice number of a network-based commerce, for forward transmission to Payment Gateway together with
Purchase Record.
2. Check-code is p re-assigned by Finandal Institution and stored in Payment Gateway. Upon receipt of Purchase Record from Merchant for a network- based commerce, Payment Gateway sends such Check-code to Merchant and sends to Finandal Institution such Check-code together with Payment
Request for Finandal Institution to match with the Check-code received from Merchant through C ustomer.
The present invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof. The presently disclosed embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims and all changes which come within the meaning and range of equivalency of the claims are, therefore, to be embraced therein.