US20230385845A1 - System and method for card present account provisioning - Google Patents

Abstract

In a method for provisioning account information of a payment card, user datum encryption information is transmitted to a transaction data processing system. A user datum encrypted using the user datum encryption information and a request to share account provisioning information is received from the transaction data processing system when the payment card is present by a user at the transaction data processing system. A user account associated with the payment card is determined and the user of the payment card is authenticated. A request for confirmation that the account provisioning information should be shared is sent to a user device associated with the user account and a confirmation response is received from the user device that includes permission to share account provisioning information. Account provisioning information is then transmitted to the transaction data processing system.

Description

FIELD OF THE INVENTION
• This disclosure relates generally to systems and automated methods for user account provisioning and, more particularly to an automated system and method for card present account provisioning to a transaction data processing system.
BACKGROUND OF THE INVENTION
• There are many instances where a user having a primary identification card, payment card, transaction card, or other primary account wishes to provide data relating to this primary account to administrators/processors of other accounts. Also the administrators/processors of other accounts (such as merchants) may wish to get the data relating to this primary account when a user of this primary account sets up the other accounts. When the other accounts are set up, the user generally is required to manually enter the card account provisioning information into the systems of the administrators/processors of other accounts, and at the same time, the administrators/processors of other accounts also need to perform some manual processes. Therefore, this approach still has the drawback that both the user of the card and the administrators/processors of other accounts must go through the entire manual process. The resulting process is not only time-consuming, it will also lower the willingness of both the user and the administrators/processors of other accounts to establish accounts that could benefit both.
SUMMARY OF THE INVENTION
• An illustrative aspect of the invention provides a method for provisioning account information of a payment card by an account administrator data processing system to a transaction data processing system. The method may comprise transmitting, by the account administrator data processing system to the transaction data processing system, user datum encryption information; and receiving, by the account administrator data processing system from a payment terminal machine of the transaction data processing system, a user datum encrypted by the transaction data processing system using the user datum encryption information. The user datum is obtained through reading the payment card by the payment terminal machine. The method may further comprise receiving, by the account administrator data processing system from the payment terminal machine of the transaction data processing system, a request to share account provisioning information of a user account of the payment card associated with the encrypted user datum and administrated by the account administrator data processing system; determining, by the account administrator data processing system based on the encrypted user datum, the user account of the payment card is associated with the encrypted user datum; determining, by the account administrator data processing system, a user device associated with the user account of the payment card; authenticating, by the account administrator data processing system, a user of the payment card who is present at the payment terminal machine of the transaction data processing system; transmitting, by the account administrator data processing system to the user device, a message comprising a request for confirmation that the account provisioning information of the user account should be provisioned to the transaction data processing system; receiving, by the account administrator data processing system from the user device, a confirmation response including permission to provision to the transaction data processing system the account provisioning information of the user account; and transmitting, by the account administrator data processing system to the transaction data processing system, the account provisioning information of the user account.
• Another aspect of the invention provides an automated system for provisioning account information of a payment card to a transaction data processing system. The system may comprise: a datum encryption data processor, a user account identification data processor, a user authentication data processor, a user confirmation data processor, and a provisioning information broadcast data processor. The datum encryption data processor is configured to: generate user datum encryption information; and transmit, over a first network to the transaction data processing system, the user datum encryption information. The user account identification data processor is configured to: receive, over the first network from a payment terminal machine of the transaction data processing system, a user datum encrypted by the transaction data processing system using the user datum encryption information, wherein the user datum is obtained through reading the payment card by the payment terminal machine; receive, over the first network from the payment terminal machine of the transaction data processing system, a request to share account provisioning information of a user account of the payment card associated with the encrypted user datum; determine, based on the encrypted user datum, the user account of the payment card is associated with the encrypted user datum; and determine a user device associated with the user account of the payment card. The user authentication data processor is configured to authenticate a user of the payment card who is present at the payment terminal machine of the transaction data processing system. The user confirmation data processor is configured to: transmit, over a second network to the user device, a message comprising a request for confirmation that the account provisioning information of the user account should be provisioned to the transaction data processing system; and receive, over the second network from the user device, a confirmation response including permission to provision to the transaction data processing system the account provisioning information of the user account. The provisioning information broadcast data processor is configured to transmit, over the first network, the account provisioning information of the user account.
• Another aspect of the invention provides a non-transitory, computer readable medium comprising instructions for provisioning account information of a payment card to a transaction data processing system that, when executed on a data processing system, perform actions comprising transmitting, to the transaction data processing system, user datum encryption information; receiving, from a payment terminal machine of the transaction data processing system, a user datum encrypted by the transaction data processing system using the user datum encryption information, wherein the user datum is obtained through reading the payment card by the payment terminal machine; receiving, from the payment terminal machine of the transaction data processing system, a request to share account provisioning information of a user account of the payment card associated with the encrypted user datum and administrated by the account administrator data processing system; determining, based on the encrypted user datum, the user account of the payment card is associated with the encrypted user datum; determining a user device associated with the user account of the payment card; authenticating a user of the payment card who is present at the payment terminal machine of the transaction data processing system; transmitting, to the user device, a message comprising a request for confirmation that the account provisioning information of the user account should be provisioned to the transaction data processing system; receiving, from the user device, a confirmation response including permission to provision to the transaction data processing system the account provisioning information of the user account; and transmitting, to the transaction data processing system, the account provisioning information of the user account.
BRIEF DESCRIPTION OF THE DRAWINGS
• The invention can be more fully understood by reading the following detailed description together with the accompanying drawings, in which like reference indicators are used to designate like elements, and in which:
• FIG.1 is a schematic representation of a system for provisioning account information of a payment card to a transaction data processing system according to an embodiment of the invention;
• FIG.2 illustrates a sequence of operations for automatically provisioning account information of a payment card to a transaction data processing system according to an embodiment of the invention;
• FIG.3 illustrates a sequence of operations for provisioning account information of a payment card to a transaction data processing system according to an embodiment of the invention;
• FIG.4 is a schematic representation of a user processing device usable in embodiments of the invention;
• FIG.5 is a schematic representation of a card account administrator data processing system according to an embodiment of the invention;
• FIG.6 is a flow diagram illustrating a method of provisioning account information of a payment card to a transaction data processing system according to an embodiment of the invention; and
• FIG.7 is a flow diagram illustrating a method of provisioning account information of a payment card to a transaction data processing system according to an embodiment of the invention.
DETAILED DESCRIPTION OF THE INVENTION
• While the invention will be described in connection with particular embodiments and manufacturing environments, it will be understood that the invention is not limited to these embodiments and environments. On the contrary, it is contemplated that various alternatives, modifications and equivalents are included within the spirit and scope of the invention as described.
• The present invention provides automated methods and systems by which an account administrator (e.g., a bank or transaction card account administrator) can securely push account provisioning information and user data to an account processing entity (e.g., a merchant) without the need for the account holder and/or the account processing entity to manually enter required data. This is accomplished through the use of a shared encryption/hashing algorithm that allows the primary account administrator (e.g., a bank or transaction card account administrator) and partner account processing entities (e.g., merchants) to identify account holders they have in common and establish the basis for secure transmission of primary account provisioning information for a particular primary account holder from the primary account administrator to those partner entities who invite that primary account holder to set up an account with that partner entity.
• One example of the present disclosure includes a card present version of push provisioning. For example, a user dips an Europay, Mastercard, and Visa (EMV) capable credit card into a point-of-sale (POS) terminal at a merchant site, and the user enters a personal identification code or number (PIN) code onto the POS terminal. The POS terminal prompts the user to share bank/user data with the merchant to set up a merchant account. The merchant calls (e.g., through an API) a bank server associated with the EMV credit card to retrieve consumer data. The bank server returns account information and payment credentials, as well as any other data the user/customer has set up to share previously, for example, email address, social profile identity, gender, age, income, credit score, etc. The merchant confirms receipt of the consumer data, and the POS terminal confirms to the customer that data share and merchant account setup is complete. The creation of the merchant account at a POS terminal may drive a subsequent discount, coupon, gift card, gift, etc. After having the merchant account established, access to the merchant account may then be provided by a link in a bank application. Alternatively, a temporary password for the merchant website might be provided in the bank application. Also a push notification might be delivered by the bank that deep links to the password setup page in the bank application. This example is a card present equivalent of retail/merchant push provisioning. Further, in this example, a pre-authorization of the credit card can be sufficient, so a transaction does not have to be run. In this way, the credit card becomes a way to acquire bank-verified (a know your customer regulatory requirement) identity. Thus, push account provisioning flow can be triggered from a verified state that exists at time of an EMV credit card transaction.
• The present invention is usable for any type of account, but is of particular value for those associated with a smart card (e.g., a chip-provided identification card or transaction card). While not limited to such accounts, the invention may be of particular value in relation to card-based financial accounts. As used herein, the term financial account encompasses any account through which financial transactions may be processed. Financial accounts can include, for example, credit accounts, savings accounts, checking accounts, investment accounts, and the like.
• Embodiments of the invention may be best understood with reference toFIG.1, which illustrates anexemplary system100 that encompasses auser device150, an account administrator138 (e.g., a bank) for a primary account of an account holder associated with theuser device150, a transaction administrator108 (e.g., a merchant) and a payment terminal machine (e.g., a POS)120 associated with the transaction administrator108. The transaction administrator108 comprises a transaction data processing system110 and an account database112 (also referred to as datastore). The account administrator138 has an administratordata processing system140 and an account information database (also referred to as datastore)139. In the illustrated example, theuser device150, the transaction data processing system110, thepayment terminal machine120, and the administratordata processing system140 are network-enable computer systems configured to communicate with each other via acommunication network130. A user122 may carry theuser device150 and a EMVcapable credit card124, and scan, swipe, or insert thecredit card124 on thepayment terminal machine120 to initiate a transaction with the transaction administrator. Thecredit card124 may be provided with achip126 to enable a chip-provided identification (e.g., EMV number).
• As referred to herein, a network-enabled computer system and/or device may include, but is not limited to any computer device, or communications device (or combination of such devices) including, a server, a network appliance, a personal computer (PC), a workstation, and a mobile processing device such as a smart phone, smart pad, handheld PC, personal digital assistant (PDA), or smart card (e.g., a contact-based card or a contactless card). Mobile processing devices may include Near Field Communication (NFC) capabilities, which may allow for communication with other devices by touching them together or bringing them into close proximity.
• The network-enabled computer systems used to carry out the transactions contemplated in the embodiments may execute one or more software applications to, for example, receive data as input from an entity accessing the network-enabled computer system, process received data, transmit data over a network, and receive data over a network. The one or more network-enabled computer systems may also include one or more software applications to notify an account holder based on transaction information. It will be understood that the depiction inFIG.1 is an example only, and the functions and processes described herein may be performed by any number of network-enabled computers. It will also be understood that where thesystem100 may have only a single instance of certain components, multiple instances of these components may be used. Thesystem100 may also include other devices not depicted inFIG.1.
• Thenetwork130 may be any form of communication network capable of enabling communication between the components of thesystem100. For example, thenetwork130 may be one or more of a wireless network, a wired network or any combination of wireless network and wired network. Thenetwork130 may be or include one or more of a fiber optics network, a passive optical network, a cable network, an Internet network, a satellite network, a wireless LAN, a Global System for Mobile Communication (“GSM”), a Personal Communication Service (“PCS”), a Personal Area Network (“PAN”), Wireless Application Protocol (WAP), Multimedia Messaging Service (MMS), Enhanced Messaging Service (EMS), Short Message Service (SMS), Time Division Multiplexing (TDM) based systems, Code Division Multiple Access (CDMA) based systems, D-AMPS, Wi-Fi, Fixed Wireless Data, IEEE 802.11b, 802.15.1, 802.11n and 802.11g or any other wired or wireless network for transmitting and receiving a data signal. Thenetwork130 may utilize one or more protocols of one or more network elements to which it is communicatively coupled. Thenetwork130 may translate to or from other protocols to one or more protocols of network devices. Although thenetwork130 is depicted as a single network, it will be appreciated that it may comprise a plurality of interconnected networks, such as, for example, the Internet, a service provider's network, a cable television network, corporate networks, and home networks.
• In the example embodiments presented herein, an account holder/user/consumer may be any individual or entity having a primary account with an account administrator (e.g., a bank or primary card account processor) and, typically, one or more secondary accounts with account processing entities (e.g., merchants or other service providers) or who would like to or is asked to set up one or more secondary accounts with account processing entities. Anuser device150 may be a mobile device or other processor that an account holder/user/consumer uses to carry out a transaction. An account may be held by any place, location, object, entity, or other mechanism for performing transactions in any form, including, without limitation, electronic form. An account may be a financial account or a non-financial transaction account. In various embodiments, a card-facilitated account may be a credit card account, a prepaid card account, stored value card account, debit card account, check card account, payroll card account, gift card account, prepaid credit card account, charge card account, checking account, rewards account, line of credit account, credit account, mobile device account, or mobile commerce account. In some instances, the account holder may be a transaction processing entity such as a financial institution, credit card provider, or other entity that offers accounts to customers. In some instances, the account may be a non-financial transaction account, such as a membership account, a transportation account, a loyalty account, or other account.
• In some examples, procedures in accordance with the present disclosure described herein can be performed by a computer arrangement, and/or a processing arrangement (e.g., a computer hardware arrangement). Such computing and/or processing arrangement can be, for example entirely or a part of, or include, but not limited to, a computer and/or processor that can include, for example one or more microprocessors, and use instructions stored on a non-transitory computer-readable medium (e.g., RAM, ROM, hard drive, or other storage device). For example, a computer-readable medium can be part of the memory of the transaction data processing system110,payment terminal machine120,credit card124, administratordata processing system140,user device150, and/or other computer hardware arrangement.
• In some examples, a computer-readable medium (e.g., as described herein, a storage device such as a hard disk, floppy disk, memory stick, CD-ROM, RAM, ROM, etc., or a combination thereof) can be provided (e.g., in communication with the computing and/or processing arrangement). The computer-readable medium can contain executable instructions thereon. In addition or alternatively, a storage arrangement can be provided separately from the computer-readable medium, which can provide the instructions to the computing and/or processing arrangement so as to configure the computing and/or processing arrangement to execute certain exemplary procedures, processes, and methods, as described herein above, for example.
• The sequence diagram ofFIG.2 illustrates an exemplary application of embodiments of the invention in conjunction with thesystem100 ofFIG.1. In the scenario set forth inFIG.2, an account holder (e.g., the user122) associated with a user device (e.g., user device150) and a EMV credit card (e.g., the card124) has a card account with a card account administrator (e.g., the account administrator138). The account holder conducts a transaction with a transaction administrator at a payment terminal machine of that transaction administrator (e.g., thepayment terminal machine120 as a POS) using the EMV credit card (e.g., scanning, swiping, or inserting the card on the payment terminal machine). In this scenario, the account holder is asked by that transaction administrator (e.g., a cashier at the payment terminal machine) to or wishes to set up an merchant account with that transaction administrator and to have the account information associated with the cardholder bank account provisioned to that transaction administrator. In addition to the EMV number of the credit card received by the payment terminal machine, the account holder may also be asked to enter a personal PIN at the payment terminal machine as an optional additional layer of security, and the account holder is prompted to have her/his data sharing being requested and to allow him/her to opt in for the data sharing. At that point, that transaction administrator can retrieve the bank account data from the card account administrator. The bank account data may include bank verified data. That transaction administrator may send a receipt confirmation of the bank account data back to the card account administrator. Then that transaction administrator can create the merchant account automatically by using the provisioned bank account data. In this way, setting up the merchant account can be easier and lower friction for both the cardholder and that transaction administrator, because all it takes is for the cardholder to insert/scan/swipe the credit card at the payment terminal machine. In addition, that transaction administrator or the card account administrator can convey a link to the cardholder to download the merchant application with a temporary password so that the merchant account can be virtually activated.
• Embodiments of the present invention provide an automated process by which the card account administrator can accomplish such provisioning with that partner transaction administrator who asks that cardholder to set up a merchant account. As part of this process and as shown inFIG.2, the card account administrator138, at1100, securely transmits to the transaction administrator108 unique information (also referred to as “hash information,” “user datum encryption information,” “datum encryption information,” or “encryption information”) that can be used to encrypt a predetermined piece of account holder information that is unique to the account holder and would typically be available to all of the administrators. This piece of account holder information (sometimes referred to herein as an account holder datum or user datum) may be, for example, a telephone number, email address, driver's license number, social security number, a credit card number, or employee number. The user datum encryption information may be, for example, a unique algorithm and/or encryption key values usable to create a hash of a standardized format version of the account holder datum. At the time the card account administrator138 transmits the hash information to the transaction administrator108, it may also specify the particular account holder datum to be used and the format it should be in prior to hashing. Once the hash information is received, the transaction administrator108 can then use it to generate a hashed datum for each of its own account holders or to-be-account holders, which it then stores in its account holder information database (also referred to as datastore).
• In the scenario ofFIG.2, the card account holder/user can scan, swipe or insert a credit card having an EMV number at a payment terminal machine associated with the transaction administrator108. Upon receiving the EMV number by the transaction data processing system110 of the transaction administrator108, the transaction data processing system110 uses the user datum encryption information to encrypt the EMV number (also referred as account holder/user datum) and, at1200, transmits it to the administratordata processing system140 of the account administrator138. In response to consent of the user that the bank account information associated with the credit card will be shared with the transaction administrator, the transaction data processing system110, at1300, sends a provisioning request to the administratordata processing system140. The request is received by the administratordata processing system140 of the account administrator. In response, at1400, the administratordata processing system140 compares the encrypted user datum to each encrypted account holder datum in its account database (e.g., information database139) to determine if the card account holder has an account with that account administrator. In the scenario illustrated inFIG.2, the account administrator138 find that they have a matching encrypted datum and, thus, have an account for the card account holder. That is, the EMV number of the credit card can be used an account identifier by the account administrator138 to determine the account associated with that credit card. Further, the account administrator138 may identify a user device (e.g., the user device150) associated with the determined bank account. At1500, the administratordata processing system140 may transmit an authentication request to the transaction data processing system110 to authenticate the user/cardholder. In response, the transaction data processing system110 may direct via thepayment terminal machine120 the user to enter some credentials, such as a personal identification code or number (PIN) associated with the credit card, and/or biometric data of the user (e.g., finger prints, facial picture, voice, and the like). At1600, the transaction data processing system110 transmits an authentication response including the entered credentials to the administratordata processing system140. The entered credentials may be encrypted for security, for example, by the user datum encryption information and/or any suitable encryption methods/algorithms.
• Alternatively, the user may be asked to enter credentials for authentication purpose when the user scans, swipes or inserts the credit card at thepayment terminal machine120. In such case, the hashed datum at1200 may include the credentials in addition to the EMV number.
• Having received the authentication response including the entered credentials, the administratordata processing system140 can authenticate the user based on the entered credentials. In response to a positive authentication (i.e., the user is authenticated), the administratordata processing system140 of the card account administrator, at1700 of the exemplary sequence ofFIG.2, transmits a confirmation request to the account holder's user device (i.e., the identified user device at1400). The confirmation request may include a request that the account holder verify that he/she wishes to send provisioning information to the transaction administrator. In addition or instead, the confirmation request may require that the account holder provide authorization confirmation information. This may be or include any suitable information usable by the card account administrator to confirm that the user of the user device is the account holder and/or is authorized to make the provisioning request. At1800, the user device transmits a confirmation response to the card account administrator, which uses the information in the response to establish that the transaction administrator is to receive provisioning information and/or verify authorization of the user device and user to request provisioning of the transaction administrator. In the exemplary scenario, the user using the credit card at thepayment terminal machine120 may be the account holder having the user device, or a user who is authorized by the account holder but is not having the user device. Alternatively, the user using the credit card at thepayment terminal machine120 may be a user who is authorized by the account holder and also is having the user device. At1900, the card account administrator assembles the provisioning information and transmits it to the transaction administrator. The actual provisioning information may be any information associated with the card holder account that would be usable by the transaction administrator to draw an association between its own account for the card account holder and the card holder account. In many cases, the provisioning information may include a card identifier that can be used to facilitate a transaction and associate it with the card holder account. In addition to the EMV as an unique identifier included in the provisioning information, the provision information may also include a merchant-bound virtual card number (VCN) of the credit card, emails, phone numbers, and so forth.
• After successfully provisioning the bank account information, the transaction data processing system110 of the transaction administrator may associate the provisioning information with the merchant account of the user and store the provisioning information in theaccount database112 of the transaction administrator. At2000, the transaction data processing system110 of the transaction administrator may transmit a success notification to the administratordata processing system140 of the card account administrator to notify card account administrator of the successful provisioning of the bank account information. At2100, the administratordata processing system140 of the card account administrator may send to the user device of the bank account holder a success indicating the successful provisioning of the bank account information.
• It will be understood that whileFIGS.1 and2 illustrate one transaction administrator, the invention is not limited to any particular number of transaction administrators. The methods and systems of the invention may be used with as many transaction administrator entities as are willing to partner with the account administrator. Indeed, the value of the invention increases with the number of partner administrators involved.
• An exemplary variation on the scenario ofFIG.2 is shown in the sequence diagram ofFIG.3. In this variation, the method requires the authentication from the user device associated with the bank account holder prior to provisioning the bank account information. In the illustrated sequence, it is assumed that the card account administrator has already shared user datum hashing information with its partner transaction administrator. As in the previous example inFIG.2, the card account administrator, at2110, securely transmits to its partner transaction administrator unique information that can be used to encrypt a predetermined piece of account holder information that is unique to the account holder. When the card account holder/user scans, swipes or inserts a credit card having an EMV number at a payment terminal machine associated with the transaction administrator, the transaction data processing system110 uses the hash information to encrypt the EMV number at2200, and transmits it to the administratordata processing system140 of the account administrator. In response to consent of the user that the bank account information associated with the credit card will be shared with the transaction administrator, the transaction data processing system110, at2300, sends a provisioning request to the administratordata processing system140. In response, at2400, the administratordata processing system140 determines that they have a matching hashed datum and, thus, have an account for the card account holder. Further, the account administrator may identify a user device (e.g., the user device150) associated with the determined bank account. At2500, the administratordata processing system140 may transmit an authentication request to the user device to authenticate the user/cardholder. The authentication request may include a text message including a one-time code. In response, the user may enter some credentials through the user device, such as the one-time code, a personal identification code or number (PIN) associated with the credit card, and/or biometric data of the user (e.g., finger prints, facial picture, voice, and the like). At2600, the user device transmits an authentication response including the entered credentials to the administratordata processing system140. The entered credentials may be encrypted for security, for example, by the hash information and/or any suitable encryption methods/algorithms. In some embodiments, the bank account holder may set information/data sharing preferences to give the bank account holder control of what gets shared. For example, different merchants may be allowed for sharing different levels of bank account information/data.
• Having received the authentication response including the entered credentials, the administratordata processing system140 can authenticate the user based on the entered credentials. In response to a positive authentication (i.e., the user is authenticated), the administratordata processing system140 of the card account administrator, at2700, transmits a confirmation request to the user device. The confirmation request may include a request that the account holder verify that he/she wishes to send provisioning information to the transaction administrator. In addition or instead, the confirmation request may require that the account holder provide authorization confirmation information. This may be or include any suitable information usable by the card account administrator to confirm that the user of the user device is the account holder and/or is authorized to make the provisioning request. At2800, the user device transmits a confirmation response to the card account administrator, which uses the information in the response to establish that the transaction administrator is to receive provisioning information and/or verify authorization of the user device and user to request provisioning of the transaction administrator. In this exemplary scenario, the user using the credit card at thepayment terminal machine120 may be the account holder having the user device, or a user who is authorized by the account holder and also having the user device. At2900, the card account administrator assembles the provisioning information and transmits it to the transaction administrator. The actual provisioning information may be any information associated with the card holder account that would be usable by the transaction administrator to draw an association between its own account for the card account holder and the card holder account. In many cases, the provisioning information may include a card identifier that can be used to facilitate a transaction and associate it with the card holder account. In addition to the EMV as an unique identifier included in the provisioning information, the provision information may also include a merchant-bound virtual card number (VCN) of the credit card, emails, phone numbers, and so forth.
• After successfully provisioning the bank account information, the transaction data processing system110 of the transaction administrator may associate the provisioning information with the merchant account of the user and store the provisioning information in theaccount database112 of the transaction administrator. At3000, the transaction data processing system110 of the transaction administrator may transmit a success notification to the administratordata processing system140 of the card account administrator to notify card account administrator of the successful provisioning of the bank account information. At3100, the administratordata processing system140 of the card account administrator may send to the user device of the bank account holder a success indicating the successful provisioning of the bank account information.
• Details of system components usable in embodiments of the invention and, in particular, thesystem100 will now be described.
• With reference toFIG.4, theuser device150 may be any computer device or communications device including a server, a network appliance, a personal computer (PC), a workstation, and a mobile interface device such as a smart phone, smart pad, handheld PC, or personal digital assistant (PDA). It should be understood that the description provided herein for theuser device150 is also applicable to thepayment terminal machine120, thus, description of thepayment terminal machine120 is omitted for brevity. In a particular embodiment illustrated inFIG.4, theuser device150 includes an on-board data processor151 in communication with amemory module153, auser interface154, and anetwork communication interface152. Thedata processor151 may include a microprocessor and associated processing circuitry, and can contain additional components, including processors, memories, error and parity/CRC checkers, data encoders, anticollision algorithms, controllers, command decoders, security primitives and tamper-proofing hardware, as necessary to perform the functions described herein. Thememory153 can be a read-only memory, write-once read-multiple memory or read/write memory, e.g., RAM, ROM and EEPROM, and theuser device150 can include one or more of these memories.
• Theuser interface154 of thedevice150 includes a user input mechanism, which can be any device for entering information and instructions into theuser device150, such as a touch-screen, keyboard, mouse, cursor-control device, microphone, stylus, or digital camera. Theuser interface154 may also include a display, which can be any type of device for presenting visual information such as a computer monitor, a flat panel display, and a mobile device screen, including liquid crystal displays, light-emitting diode displays, plasma panels, and cathode ray tube displays.
• Thenetwork communication interface152 is configured to establish and support wired and/or wireless data communication capability for connecting thedevice150 to thenetwork130 or other communication network. Thenetwork communication interface152 can also be configured to support communication with a short-range wireless communication interface, such as Bluetooth.
• In some embodiments, theuser device150 may include anNFC interface159 configured for establishing NFC communication with other NFC-equipped devices. In some of these embodiments, theNFC interface159 may be or include an NFC receiver configured for selectively activating a magnetic field for use in establishing near field communication with an NFC transmitter. TheNFC interface159 is configured for establishing NFC communication when a passive NFC tag or other NFC-enabled device is brought into the magnetic field and within NFC communication range of theuser device150. TheNFC interface159 is configured, in particular, for communication with an NFC-enabledsmart transaction card124 when thecard124 is brought within communication range of theuser device150.
• In embodiments of the invention, thememory153 may have stored therein one or more applications usable by thedata processor151 to conduct and/or monitor transactions between theuser device150 and transaction processing devices or systems over thenetwork130. These applications may include instructions usable by thedata processor151 to identify transaction events, store event data in thememory153, and communicate event data to a transaction information processing system, the administratordata processing system140, and/or the transaction data processing system110.
• In particular embodiments, thememory153 may include a card account application configured for carrying out transactions on a card account associated with an account holder user of theuser device150. The application may, in particular, be configured for carrying out interactive communications/transactions with the administratordata processing system140 and, in some embodiments, the transaction data processing system110. The application instructions may be configured for receiving, from the account holder via theuser interface154, login information for establishing authenticatable communication with the administratordata processing system140. The login information may include an account identifier or other user identification and user authentication information.
• Among other functions, the card account application installed on the user device may include instructions to receive a confirmation request from the administratordata processing system140 over thenetwork130. The confirmation request may include a request that the user confirm that the user wishes to push card account information to the administrator's partner entities. In such embodiments, the application is configured to display the request on the user interface and receive a response from the user. In some embodiments, the request may identify the partner entities that have indicated they have an account for the user. In such embodiments, the request may give the user the opportunity to select a subset of the identified partner entities that the user wishes to receive card account information.
• In some embodiments, the card account application may include instructions for authentication information that can be used by the administratordata processing system140 to verify authorization of the user and/or the user device to make and confirm the provisioning request. Authentication information may include an account identifier or other user identification and user authentication information. The user authentication information may include at least one authentication credential such as a password or a scanned biometric characteristic. In some embodiments, an authentication credential may be or include information encrypted using an encryption key associated with the card account and the account holder or theuser device150.
• In particular embodiments, the card account application may include instructions to require authentication information that is or includes card verification information that must be obtained from asmart card124 associated with the cardholder account. In such embodiments, the card account application may be configured to display an instruction for the user to place thecard124 within NFC communication range of theuser device150. The application may be further configured to cause thedata processor151 to transmit, via theNFC interface159, an authorization query to thecard124 and to receive a query response from thecard124. In some embodiments, the card may be configured to automatically transmit verification information upon being brought within NFC communication range. In such embodiments, an explicit query by theuser device150 to thecard124 may be unnecessary.
• The card account application may be further configured to instruct thedata processor151 to construct a confirmation response including confirmation and/or authentication/verification information and to transmit the response to the administratordata processing system140 via thenetwork communication interface152 and thenetwork130. The application may also be configured to receive and display a provisioning completion message from the administratordata processing system140.
• Thetransaction card124 may be any chip-carrying transaction card (“smart” card) having electrical and/or near field or other short range communication capabilities. Atypical transaction card124 that is usable in various embodiments of the invention is a smart card with amicroprocessor chip126. Themicroprocessor chip126 includes processing circuitry for storing and processing information, including a microprocessor and a memory. It will be understood that the processing circuitry may contain additional components, including processors, memories, error and parity/CRC checkers, data encoders, anticollision algorithms, controllers, command decoders, security primitives and tamper-proofing hardware, as necessary to perform the functions described herein.
• Thetransaction card124 may be configured for communication with transaction terminals and other devices via a communication interface configured for establishing communication with transaction processing devices. The communication interface may be configured for contact-based communication, in which case the interface may have electrical circuitry and contact pads on the surface of thecard124 for establishing direct electrical communication between the microprocessor and the processing circuitry of a transaction terminal. Alternatively or in addition, the communication interface may be configured for contactless communication with a transaction terminal or other wireless device. In such embodiments, the communication interface may be or include an NFC communication interface configured for communication with other NFC communication devices when thecard124 is within a predetermined NFC range. The communication interface and the microprocessor may, in particular, be configured for establishing NFC communication with thepayment terminal machine120 and/or theuser device150. In some embodiments, themicroprocessor chip126 may include a second communication interface configured for establishing short range communication with thepayment terminal machine120 and/or theuser device150 via Bluetooth, or other short range communication methodology. In such embodiments, thetransaction card chip126 may have a short range communication antenna that is included in or connected to the short range communication interface. Themicroprocessor chip126 may also include a power management system for use in managing the distribution of power during an NFC transaction.
• The memory may be a read-only memory, write-once read-multiple memory or read/write memory, e.g., RAM, ROM, and EEPROM, and thechip126 may include one or more of these memories. The memory may have stored therein information associated with a transaction card account. In some embodiments, the memory may have permanently stored therein a unique alphanumeric identifier associated with the account. It may also have stored public and private card encryption keys. In some embodiments, the private and public encryption keys may be permanently hard-wired into the card memory.
• The card memory may be configured to store one or more software applications for execution by the microprocessor. In various embodiments, the memory may have stored therein instructions for generating encrypted information and transmitting it to a receiving device (e.g., thepayment terminal machine120 and/or the user device150). Such encrypted information may be or include an encrypted verification block or signature that may be used to authenticate and verify the presence of thetransaction card124 during transaction processing. In some embodiments, encrypted information be unique to a particular communication (e.g., a particular NFC transmission by the transaction card).
• The transaction data processing system110 of the transaction administrator is a network-enabled data processing system that is configured for management and control of account-related transactions for a plurality of user accounts. The transaction data processing system110 may be configured for communication with a plurality ofuser device150 and thepayment terminal machine120 via thenetwork130 for establishing interactive communication sessions with account holders. The transaction data processing system110 may also be configured for communication with other entities via the network including the account administratordata processing system140. The processing system110 may be configured, in particular, to receive hashing information from the administratordata processing system140 and to use this information to encrypt a standard, formatted account holder datum for each account holder of their respective administrator entities. The hashed datum for each account holder may then be stored with other account holder information in anaccount database112. The transaction data processing system110 may also be configured to receive a subsequent user account query from the administratordata processing system140 via thenetwork130. The transaction data processing system110 may be configured to receive transaction information (e.g., credit card information including EMV, cardholder name, expiration date, PIN, etc.) from thepayment terminal machine120, and/or transmit to thepayment terminal machine120 user authentication request when a user of the credit card interacts with thepayment terminal machine120. The authentication request may be displayed on the payment terminal machine to ask the user to enter credentials, such as, PIN, passcode, answers to security questions, and the like.
• The account information in theaccount database112 may include information on the account holder as well as information on accounts with other administrators. Account holder information may include contact information (mailing address, email address, phone numbers, etc.), reward points, coupons, promotional codes, and user preferences. It may also include information for a primary account (e.g., a bank or other cardholder administrator) for use in certain transactions related to the account with that administrator entity. The transaction data processing system110 may be configured to receive primary account provisioning information for an account holder from the administratordata processing system140 and store it in theaccount information database112.
• In particular embodiments, the transaction administrator may be merchants whose transaction data processing system110 are configured to carry out merchant transactions via the associatedpayment terminal machine120. In some of these embodiments, the user account administered by the account administrator is a contactless transaction card account, and the account provisioning information includes contactless card account information for use in carrying out merchant account holder transactions processed by the transaction data processing system110.
• With reference toFIG.5, the administratordata processing system140 may include acommunication interface147 configured for establishing communication with one or more networks including thenetwork130, and, via the one or more networks, theuser device150 and one or more transaction data processing systems110. The administratordata processing system140 includes atransaction processing system141 configured to communicate with a plurality ofuser device150 and with other transaction processing systems via thenetwork130 and thecommunication interface147. Thetransaction processing system141 may be configured for receiving and processing card account and transaction information. In particular embodiments, this may include, for example, processing financial transactions related to financial transaction card accounts.
• The administratordata processing system140 may further include adatum encryption processor142, a useraccount identification processor143, auser confirmation processor144, and a provisioning information broadcastprocessor145. In some embodiments, thesystem140 may also include a confirmation authentication processor146. Any or all of these processors may be configured to communicate over thenetwork130 via thecommunication interface147.
• Thedatum encryption processor142 may be configured to generate user datum encryption information adapted for encrypting a particular card account holder datum. The card account holder datum may be a typical piece of account holder information that is unique to the card account holder and would typically be known or available to any account administrator with whom the card account holder may have an account. The card account holder datum could be, for example, a telephone number, email address, driver's license number, or employee number. The encryption information may be, for example, a unique algorithm and/or values usable to create a hash of a standardized format version of the card account holder datum. Thedatum encryption processor142 may also be configured to transmit, via thenetwork130, the user datum encryption information to any or all of a plurality of transaction data processing system110 managed by transaction administrator entities that have agreed to partner with the card account administrator. At the time thedatum encryption processor142 transmits the encryption information to the transaction data processing system110, it may also specify the particular account holder datum to be used and the format it should be in prior to encrypting.
• The useraccount identification processor143 may be configured to receive, over a first network (e.g., network130) from apayment terminal machine120, credit card information (e.g., EMV) associated with a card account holder having an account with the card account administrator. The credit card information may include information identifying a merchant, the account holder, an account identifier, and/or a card identifier for a transaction card associated with the account. In some embodiments, the credit card information may identify one or more specific transaction processing entities with which the user is performing transactions. The credit card information may be or include any information associated with the card holder account that would be usable by the transaction administrators to draw an association between their own accounts for the card account holder and the card holder account. In particular embodiments, the credit card information may include a card identifier or card account identifier that can be used to facilitate a transaction and associate it with the card holder account. The user accountidentification data processor143 may be further configured to encrypt a user datum associated with the account holder using the user datum encryption information. The user datum would be drawn from the account holder information stored in the card holder account information database139. It would be selected and formatted so as to match the datum specifications provided to the transaction data processing system110.
• The useraccount identification processor143 may be further configured to transmit, over a second network (which may be the same as the first network) to the transaction data processing system110, a user account query including the encrypted user datum. Theprocessor143 may also be configured to receive, over the second network, responses from the transaction data processing system110. In some embodiments, each response may include an indication that the transaction administrator associated with the transaction data processing system110 has or does not have its own account for the card account holder.
• Theuser confirmation processor144 may be configured to transmit to theuser device150 over the first network, a message including a request for confirmation that the account provisioning information should be shared. The message may include identification of the account administrator data processing system140 (and/or its associated administrator entity) identified by the useraccount identification processor143. Theuser confirmation processor144 may be further configured to receive from theuser device150, a confirmation response. This response may include permission to share account provisioning information. In some embodiments, the response may indicate that the provisioning information should include only a subset of the card account information for the card holder account.
• The provisioning information broadcastprocessor145 may be configured to retrieve card account information for the card holder account from the account information database139 and assemble it for transmission to the transaction data processing system110. Typical account holder information could include name, email address, physical address, phone number, employer, social security number or other unique identifier, etc. In some embodiments, the provisioning information may be assembled into a single standard format for all of the different account administrators. In other embodiments, the format may be tailored to each administrator to meet requirements of that transaction data processing system110 and/oraccount database112. The provisioning information broadcastprocessor145 may also be configured to transmit, over the second network, the account provisioning information to the transaction data processing system110.
• As noted above, the administratordata processing system140 may also include a confirmation authentication processor146. The confirmation authentication processor146 may be a separate processor as illustrated inFIG.5. Alternatively, the functions of the confirmation authentication processor146 may be combined with those of theuser confirmation processor144. The confirmation authentication processor146 may be configured to transmit a confirmation authentication request to theuser device150 over the first network and/or the transaction data processing system110 over the second network. In some embodiments, this request may be combined with the confirmation request. In other embodiments, the confirmation authentication request may be transmitted in response to theuser confirmation processor144 receiving a confirmation response including permission to share account provisioning information.
• The confirmation authentication request may include a request for authentication information that can be used by the confirmation authentication processor146 to verify authorization of the user and/or theuser device150 to make and confirm the provisioning request. Authentication information may include an account identifier or other user identification and user authentication information. The user authentication information may include at least one authentication credential such as a password or a scanned biometric characteristic that may be used as part of a multi-factor authentication methodology. In some embodiments, an authentication credential may be or include information encrypted using an encryption key associated with the card account and the account holder or theuser device150 or the transaction administrator. In particular embodiments, the confirmation request may require an authentication credential that is or includes card verification information that must be obtained from asmart card124 associated with the cardholder account.
• The confirmation authentication processor146 may be configured to receive authentication information from theuser device150 over the first network and/or the transaction data processing system110 over the second network. The confirmation authentication processor146 may then use authentication credentials from the authentication information and information from the card account information database139 to authenticate the confirmation response. This may be accomplished using any of various known authentication processes associated with particular credentials. In embodiments where encrypted card verification information is received, the authentication processor146 may be configured to retrieve encryption information from the card account information database139 and use it to decrypt the card-encrypted information. Successful decryption may be used as a positive indication that the card user at the provisioning requester (e.g., thepayment terminal machine120 of the transaction administrator) is in possession of thetransaction card124 for the card account.
• It will be understood that, in embodiments having a confirmation authentication processor146, the provisioning information broadcastprocessor145 may be configured to transmit account provisioning information only after the confirmation authentication processor has established a positive authentication for the user, user device, and/or confirmation response. It will also be understood that thedatum encryption processor142, the useraccount identification processor143, theuser confirmation processor144, the provisioning information broadcastprocessor145, and the confirmation authentication processor146 may be combined into a single processor to perform all the functions of the above processors, or may be combined into multiple other processors to perform all the functions of the above processors.
• FIG.6 illustrates an exemplary method M100 for provisioning account information of a payment card to a transaction data processing system. The actions of the method M100 may typically be carried out by an account administrator data processing system such as the administratordata processing system140 of thesystem100 depicted inFIG.1. As previously described, the administrator data processing system may be configured for managing a plurality of accounts, which may be transaction card or other primary accounts. Each of these accounts may have one or more unique identifiers, an associated account holder, and stored account holder information. Prior to or as part of the method M100, the account administrator data processing system may generate user datum encryption information adapted for encrypting a particular account holder datum as described above. At S110 of the method M100 the administrator data processing system may transmit the user datum encryption information to a transaction data processing system associated with a partner transaction administrator. At S120, the administrator data processing system receives from a payment terminal machine of the transaction data processing system, a user datum encrypted by the transaction data processing system using the user datum encryption information. The user datum is obtained through reading the payment card by the payment terminal machine, for example, scanning, inserting or swiping the payment card on the payment terminal machine. At S130, when the user of the payment card opts in to set up a merchant account with the transaction administrator, the administrator data processing system receives from the payment terminal machine of the transaction data processing system, a request to share account provisioning information of a user account of the payment card associated with the encrypted user datum and administrated by the account administrator data processing system. At S140, the administrator data processing system determines, based on the encrypted user datum, the user account of the payment card is associated with the encrypted user datum. For example, the administrator data processing system may compare the encrypted user datum with encrypted user data stored in the account information database139 to find a match. The administrator data processing system may also determine a user device associated with the user account of the payment card. At S150, the administrator data processing system authenticates from the transaction data processing system (the payment terminal machine) the user of the payment card who is present at the payment terminal machine of the transaction data processing system. For example, the user of the payment card may be asked to enter a PIN, a passcode, a password, a biometric datum, etc. through the payment terminal machine. At S160, the account administrator data processing system transmits to the account holder's user device a message comprising a request for confirmation that the account provisioning information should be provisioned to the transaction data processing system. In some embodiments, the message may include the transaction data processing system and/or its associated administrators. At S170, the administrator data processing system receives from the user device a confirmation response including permission to provision the transaction data processing system with the account provisioning information of the user account. In some embodiments, this response may include limitations on the provisioning information to be shared. At S180, the administrator data processing system transmits the account provisioning information to the transaction data processing system. At S190, the account administrator data processing system receives from the transaction data processing system, a notification indicating a successful provision result. At S194, the account administrator data processing system transmits to the user device, a message indicating that the account provisioning information has been successfully provisioned on the transaction data processing system of the transaction administrator.
• FIG.7 illustrates another exemplary method M200 for provisioning account information of a payment card to a transaction data processing system. As in the previous example, the actions of the method M200 may be carried out by an account administrator data processing system such as the administratordata processing system140 of thesystem100 depicted inFIG.1. As in the previous method, the account administrator data processing system may generate user datum encryption information adapted for encrypting a particular account holder datum as described above. At S210 of the method M200, the administrator data processing system may transmit the user datum encryption information to a transaction data processing system associated with a partner transaction administrator. At S220, the administrator data processing system receives from a payment terminal machine of the transaction data processing system, a user datum encrypted by the transaction data processing system using the user datum encryption information. The user datum is obtained through reading the payment card by the payment terminal machine, for example, scanning, inserting or swiping the payment card on the payment terminal machine. At S230, when the user of the payment card opts in to set up a merchant account with the transaction administrator, the administrator data processing system receives from the payment terminal machine of the transaction data processing system, a request to share account provisioning information of a user account of the payment card associated with the encrypted user datum and administrated by the account administrator data processing system. At S240, the administrator data processing system determines, based on the encrypted user datum, the user account of the payment card is associated with the encrypted user datum. For example, the administrator data processing system may compare the encrypted user datum with encrypted user data stored in the account information database139 to find a match. The administrator data processing system may also determine a user device associated with the user account of the payment card. At S250, the administrator data processing system authenticates from the user device the user of the payment card who is present at the payment terminal machine of the transaction data processing system. For example, the administrator data processing system may send to the user device a text message including a one-time code and ask the user to enter the one-time code, the administrator data processing system may require the user to call a specific phone number from the user device, the administrator data processing system may require the user to login to the credit card account from the user device, and/or the administrator data processing system may ask the user to enter a PIN, a passcode, a password, a biometric datum, etc. through the user device. At S260, the account administrator data processing system transmits to the user device a message comprising a request for confirmation that the account provisioning information should be provisioned to the transaction data processing system. In some embodiments, the message may include the transaction data processing system and/or its associated administrators. At S270, the administrator data processing system receives from the user device a confirmation response including permission to provision the transaction data processing system with the account provisioning information of the user account. In some embodiments, this response may include limitations on the provisioning information to be shared. At S280, the administrator data processing system transmits the account provisioning information to the transaction data processing system. At S290, the account administrator data processing system receives from the transaction data processing system, a notification indicating a successful provision result. At S294, the account administrator data processing system transmits to the user device, a message indicating that the account provisioning information has been successfully provisioned on the transaction data processing system of the transaction administrator.
• In some embodiments, the step of determining, by the account administrator data processing system, the user account of the payment card is associated with the encrypted user datum, may comprise comparing the encrypted user datum with encrypted user data stored in a datastore of the account administrator data processing system.
• In some embodiments, the step of authenticating, by the account administrator data processing system, a user of the payment card who is present at the payment terminal machine of the transaction data processing system, may comprise: transmitting, by the account administrator data processing system to the payment terminal machine of the transaction data processing system, an authentication request; receiving, by the account administrator data processing system from the payment terminal machine of the transaction data processing system, at least one authentication credential entered by the user; and authenticating the user by the account administrator data processing system using the at least one authentication credential and a predetermined authentication process. The at least one credential includes one or more of a personal identification number, a biometric datum of the user, a security code included in the authentication request wherein the user carries the user device and the authentication request is sent to the user device, or an answer to a security question included in the authentication request. The action of transmitting the account provisioning information is carried out only in response to a positive authentication of the user.
• In some embodiments, the step of authenticating, by the account administrator data processing system, a user of the payment card who is present at the payment terminal machine of the transaction data processing system, may comprise: transmitting, by the account administrator data processing system to the user device, an authentication request; receiving, by the account administrator data processing system from the user device, at least one authentication credential entered by the user; and authenticating the user by the account administrator data processing system using the at least one authentication credential and a predetermined authentication process. The at least one credential includes one or more of a personal identification number, a biometric datum of the user, a security code included in the authentication request, or an answer to a security question included in the authentication request. The action of transmitting the account provisioning information is carried out only in response to a positive authentication of the user.
• In some embodiments, the user datum may include an Europay, Mastercard, and Visa (EMV) number of the payment card. The payment terminal machine can be a point of sale (POS) machine. The step of reading the payment card by the payment terminal machine may include one of inserting by the user the payment card into the payment terminal machine, swiping by the user the payment card into the payment terminal machine, or scanning the payment card by the payment terminal machine. The account provisioning information may include at least one of a home address, a billing address, a mobile phone number, a home phone number, an email address, a 16-digit credit card number, a 16-digit virtual card number, or a credit card expiration date.
• The present invention provides automated methods by which an account administrator can securely push account provisioning information and user data to a transaction administrator entity without the need for the account holder and the transaction administrator entity to manually enter the account information. This is accomplished through the use of a shared encryption/hashing algorithm and/or unique encryption keys, which allows the primary account administrator and partner account processing entities to identify account holders they have in common without sharing account information. This establishes the basis for secure transmission of primary account provisioning information for a particular primary account holder from the primary account administrator to those partner entities also having an account for that primary account holder and/or inviting that primary account holder to set up merchant accounts with the partner entities. This greatly improves the security and efficiency of the sharing operation as well as the convenience to the account holder.
• In the present disclosure, automatically setting up a merchant account with a partner transaction data administrator can allow for customers to perform ecommerce transactions and/or subscription transactions with that transaction data administrator without presenting a payment card. For example, subsequent POS checkouts may just need a phone number, a photo ID, a PIN, a reply to a message pushed to the user device, and/or a biometric datum of the customer. It would allow for that transaction data administrator to market its products and drive customer loyalty afterwards efficiently and effectively and also allow for creating better customer experiences.
• It will be readily understood by those persons skilled in the art that the present invention is susceptible to broad utility and application. Many embodiments and adaptations of the present invention other than those herein described, as well as many variations, modifications and equivalent arrangements, will be apparent from or reasonably suggested by the present invention and foregoing description thereof, without departing from the substance or scope of the invention.
• It is further noted that the systems and methods described herein may be tangibly embodied in one or more physical media, such as, but not limited to, a compact disc (CD), a digital versatile disc (DVD), a floppy disk, a hard drive, read only memory (ROM), random access memory (RAM), as well as other physical media capable of data storage. For example, data storage may include random access memory (RAM) and read only memory (ROM), which may be configured to access and store data and information and computer program instructions. Data storage may also include storage media or other suitable type of memory (e.g., such as, for example, RAM, ROM, programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), magnetic disks, optical disks, floppy disks, hard disks, removable cartridges, flash drives, any type of tangible and non-transitory storage medium), where the files that comprise an operating system, application programs including, for example, web browser application, email application and/or other applications, and data files may be stored. The data storage of the network-enabled computer systems may include electronic information, files, and documents stored in various ways, including, for example, a flat file, indexed file, hierarchical database, relational database, such as a database created and maintained with software from, for example, Oracle® Corporation, Microsoft® Excel file, Microsoft® Access file, a solid state storage device, which may include a flash array, a hybrid array, or a server-side product, enterprise storage, which may include online or cloud storage, or any other storage mechanism. Moreover, the figures illustrate various components (e.g., servers, computers, processors, etc.) separately. The functions described as being performed at various components may be performed at other components, and the various components may be combined or separated. Other modifications also may be made.

Claims (21)

1-20. (canceled)

21. A system for provisioning account information to a transaction data processing system, the method comprising:

an administrator processor, wherein the administrator processor is configured to:

receive one or more account provisioning data associated with one or more account processing systems,

store the one or more account provisioning data in a data storage unit,

receive, from a transaction processor, a request to share at least one of the one or more account provisioning data with the transaction processor,

transmit, to the transaction processor, a user datum request,

receive from the transaction processor, a user datum,

determine whether the user datum is associated with the one or more account provisioning data,

transmit, to a user device associated with the user datum, a request to select the one or more account provisioning data,

receive, from the user device, a confirmation response selecting at least one of the account provisioning data,

retrieve, from the data storage unit, the selected account provisioning data, and

transmit, to the transaction processor, the account provisioning data.

22. The system ofclaim 21, wherein the administrator processor is further configured to:

transmit, over a first network to a payment terminal machine associated with the transaction processor, an authentication request,

receive, over the first network from the payment terminal machine associated with the transaction processor, at least one authentication credential entered by a user associated the user device, and

authenticate the user using the at least one authentication credential and a predetermined authentication process, wherein the action of transmitting the account provisioning information is carried out only in response to a positive authentication of the user.

23. The system ofclaim 21, wherein the administrator processor is further configured to:

Transmit, to the user device, an authentication request, Receive, from the user device, at least one authentication credential entered by the user, and

authenticate the user using the at least one authentication credential and a predetermined authentication process,

wherein transmitting the account provisioning information is carried out only in response to a positive authentication of the user.

24. The system ofclaim 23, wherein the at least one credential includes one or more of a personal identification number, a biometric datum of the user, a security code included in the authentication request, or an answer to a security question included in the authentication request.

25. The system ofclaim 21, wherein the account provisioning information includes at least one of a home address, a billing address, a mobile phone number, a home phone number, an email address, a 16-digit credit card number, a 16-digit virtual card number, or a credit card expiration date.

26. The system ofclaim 21, wherein the administrator processor is further configured to receive from the transaction processor a message indicating that the account provisioning information has been provisioned successfully to the transaction processor.

27. The system ofclaim 21, wherein the transaction processor is further configured to transmit to the user device a message indicating that the account provisioning data has been provisioned successfully to the user device.

28. The system ofclaim 21, wherein the user datum is encrypted.

29. The system ofclaim 28, wherein the encrypted user datum is received by the transaction processor over one or more communication fields.

30. A method for provisioning account information to a transaction processing system, the method comprising:

receiving, by an administrator processor, one or more account provisioning data associated with one or more account processing systems;

storing, by the administrator processor, the one or more account provisioning data in a data storage unit;

receiving, by the administrator processor from a transaction processor, a request to share at least one of the one or more account provisioning data with the transaction processor;

transmitting, by the administrator processor to the transaction processor, a user datum request;

receiving, by the administrator processor from the transaction processor, a user datum;

determining, by the administrator processor, whether the user datum is associated with the one or more account provisioning data;

transmitting, by the administrator processor to a user device associated with the user datum, a request to select the one or more account provisioning data;

receiving, by the administrator processor from the user device, a confirmation response selecting at least one of the account provisioning data;

retrieving, by the administrator processor from the data storage unit, the selected account provisioning data; and

transmitting, by the administrator processor to the transaction processor, the account provisioning data.

31. The method ofclaim 30, wherein the action of determining, by the administrator processor, whether a user account of a payment card is associated with the user datum, comprises comparing the user datum with user data stored in the data storage unit.

32. The method ofclaim 30, wherein the method further comprises:

transmitting, by the administrator processor to a payment terminal machine associated with the transaction processor, an authentication request,

receiving, by the administrator processor to a payment terminal machine associated with the transaction processor, at least one authentication credential entered by a user associated with the user device, and

authenticating the user by the administrator processor using the at least one authentication credential and a predetermined authentication process, wherein the action of transmitting the account provisioning information is carried out only in response to a positive authentication of the user.

33. The method ofclaim 32, wherein the at least one credential includes one or more of a personal identification number, a biometric datum of the user, a security code included in the authentication request wherein the user carries the user device and the authentication request is sent to the user device, or an answer to a security question included in the authentication request.

34. The method ofclaim 30, wherein

transmitting, by the administrator processor to the user device, an authentication request,

receiving, by the administrator processor from the user device, at least one authentication credential entered by the user, and

authenticating the user by the administrator processor using the at least one authentication credential and a predetermined authentication process, wherein the action of transmitting the account provisioning information is carried out only in response to a positive authentication of the user.

35. The method of claim10, wherein the user datum includes an Europay, Mastercard, and Visa (EMV) number of a payment card.

36. The method ofclaim 32, wherein the payment terminal machine is a point of sale (POS) machine.

37. The method ofclaim 32, wherein the credential is provided by a payment card, wherein the reading the payment card by the payment terminal machine includes one of inserting by the user the payment card into the payment terminal machine, swiping by the user the payment card into the payment terminal machine, or scanning the payment card by the payment terminal machine.

38. The method ofclaim 30, wherein the account provisioning information includes at least one of a home address, a billing address, a mobile phone number, a home phone number, an email address, a 16-digit credit card number, a 16-digit virtual card number, or a credit card expiration date.

39. The method ofclaim 30, wherein the method further comprises

receiving, by the administrator processor from the transaction processor, a message indicating that the account provisioning information has been provisioned successfully to the transaction processor.

40. A non-transitory, computer readable medium comprising instructions that, when executed by an administrator processor, cause the administrator processor to perform actions comprising:

receiving one or more account provisioning data associated with one or more account processing systems;

storing the one or more account provisioning data in a data storage unit;

receiving, from a transaction processor, a request to share at least one of the one or more account provisioning data with the transaction processor;

transmitting, to the transaction processor, a user datum request;

receiving, from the transaction processor, a user datum;

determining, whether the user datum is associated with the one or more account provisioning data;

transmitting, to a user device associated with the user datum, a request to select the one or more account provisioning data;

receiving, from the user device, a confirmation response selecting at least one of the account provisioning data;

retrieving, from the data storage unit, the selected account provisioning data; and

transmitting, to the transaction processor, the account provisioning data.

Images