Title

Credit Card Substitute Technical field

The present invention pertains to a system and a method regarding a point of sale system adapted to utilize a bank card substitute, constituted by a cellular phone.

Background art

There is a need for a substitution to a credit card and the like. Currently it is common that a person carries a multiple of such cards in for instance a wallet. Ten to twenty cards is not unusual. Moreover, a huge number of people in all societies are owners to cellular phones, which they most likely carry every where they go and travel. Hence, it would be favorable only carrying a single device, which is well guarded by most persons, necessary in every day business, and thus seldom forgotten when leaving home.

Summary of the invention

The present invention has as an aim out off a plurality of others to present a substitution to cards used for payment such as credit cards, shop cards, debit cards, smart cards, petrol cards, bank cards, and the like. Henceforth, all cards are comprised as bank cards for the simplicity of the description, but not limiting the present invention to one type of card.

One major idea behind the present invention comprises that a cellular telephone number is a unique identifier of the person bearing the phone. Thus, by calling a predetermined number leading to an acquirer node, and storing the cellular number in an acquirer database, and entering the same number at the point of sale connected to the acquirer node, whereby the number called in and the one entered are matched at the acquirer it is secured that the phone owner is identified and granted to make a purchase. To accomplish what is mentioned and other advantages, the present invention sets forth a point of sale system adapted to utilize a bank card substitute, constituted by a cellular phone. The invention thus comprises: a cellular phone bearing a telephone number identifying a subscriber of the subscription connected to the phone; a merchant point of sale for payment of merchandizes or services, equipped with at least one of a scanner and a keypad for scanning of tags and entering numbers, respectively; at least one acquirer node application collecting authentication requests from the point of sale, and providing the merchant with a payment guarantee for sales made; the acquirer node application is connected with a database server (application and server could be one unit or separate units) registering calls from the cellular phone when the subscriber is purchasing at the point of sale, the acquirer node application also providing

at least one of storing bank authorization data in connection with the telephone number as previously has being stored on a bank cards magnetic strip including a personal identification code; the acquirer node application being connected to a clearing house in one specific embodiment of the present invention, clearing payments between the bank of the merchant and the bank of the customer having the subscription when purchasing at the point of sale by utilizing the phone; a purchase at the point of sale being accomplished by the subscriber calling a predetermined telephone number leading to the acquirer database server, the database server, caller identifying the cellular phone number, and registering it in the database, simultaneously the purchased merchandize or services being registered at the point of sale, the point of sale connecting to the acquirer node application through at least one of a network for data and telecommunication; the subscriber entering the cellular phones telephone number through at least one of the scanner and keypad, and also entering the personal identification code, the entered telephone number being connected with the purchase, and dispatched/transmitted with the personal identification code through the network to the acquirer node application; and the acquirer node server checking if the transmitted telephone number over said network equals said caller/A-number identified telephone number stored in said database, and checking authorization data stored in a database post connected to said cellular phones number, and if checking is satisfactory, the acquirer node application notifies said point of sale that a correct purchase has been accomplished and the purchase is granted. One embodiment of the present invention comprises that the subscriber telephone number is entered through the keypad at the point of sale.

Another embodiment comprises that the cellular phone is equipped with a barcode or RFID-tag (Radio Frequency Identification tag) comprising the cellular phones telephone number, and the entering of the subscriber telephone number is accomplished through the scanner scanning the barcode or tag for the telephone number.

A further embodiment comprises that the cellular phone stores in a memory, authorization data corresponding with data conventionally stored on a smart card, the data being transferred to the data acquirer node server when calling the predetermined number.

Yet another embodiment comprises that the cellular phone provides a biometric code to the point of sale as personal identification code.

A yet still further embodiment comprises that a connection to the acquirer node is established by a POS attendant by swiping a special card for the store or POS in question opening up the communication to said acquirer for a purchase check.

Moreover, the present invention comprises further embodiments in accordance with the embodiments of the attached method claims relating to the above system embodiments.

Brief description of the drawings

Henceforth reference is had to the attached figures in the accompanying text of the description for a better understanding of the present invention with its embodiments and given examples, wherein:

Fig. 1 schematically illustrates one embodiment of a cellular phone in accordance with the present invention;

Fig. 2 schematically illustrates one embodiment of a bank card in accordance with the present invention; and Fig. 3 schematically illustrates an embodiment of a system for a point of sale in accordance with the present invention.

Detailed description of preferred embodiments

When the expression cellular phone is used throughout the description of the present invention it should be regarded as a pocket sized handheld device having cellular phone capabilities which also includes a PDA (Personal Digital Assistant) operating in any cellular network or the like such as GSM (Global System for Mobile communication) utilizing TDMA (Time Division Multiple Access), CDMA (Code Division Multiple Access), WCDMA (Wideband Code Division Multiple Access, FDMA (Frequency Division Multiple Access) or any other in the market appropriate mobile or cellular system. Fig. 1 schematically illustrates one embodiment of a cellular phone 10 in accordance with the present invention. The phone 10 has an unique subscriber telephone number attached to it, herein fictively 0123456789, identifying the person and/or company having the subscription. Depicted in Fig. 1 is a tag 12, which can be of any type such as a barcode, RFID tag (those are not shown), but they are comprising the telephone number to the cellular phone 10 as shown at reference numeral 14. The tag is intended to be scanned/read at a point of sale for connecting the telephone number to a purchase. If not a tag 12 is utilized, a point of sale (POS) terminal comprising a keypad could be utilized to enter the telephone number, 0123456789, and the PIN code, or a tag or barcode, 2D code or the like could be stored in the cellular phone 10 memory and be re-called to be displayed on the phone 10 screen (not shown). An alternative is to phone the POS with, 0123456789, to store and connect the phone number to a purchase. This requires that the POS is equipped with a telephone call receiver for this purpose.

The PIN code in one embodiment is of the biometric type such as a fingerprint being transmitted to the phone 10 by radiation to a receiver at the POS, or by being displayed on the phones screen and scanned at the POS.

As the telephone number, 0123456789, is an unique identifier of a person subscribing to it for instance connecting the address of the person through the subscription it can be utilized to connect all the bank data held by that person together with a personal identity code (PIN code). The persons bank data is schematically illustrated as a set of cards 16 such as smart card, petrol card, debit card, credit card bank card, shop card and other like cards. Hence, the persons/companies bank data for authorization of payment transfer according to the data, for instance comprised on the cards 16 is stored in a database at a bank server under the database post 0123456789 in one embodiment of the present invention such as:

Post: 0123456789

Bank(-ing) authorization data PIN code

A major idea behind the present invention comprises that a cellular telephone 10 number, 0123456789, is a unique identifier of the person/company bearing the phone 10. Thus, by calling a predetermined number leading to an acquirer node application (acquire node), and storing the cellular number in an acquirer database at a point of sale, and simultaneously entering the same number at the point of sale, whereby the number called in and the one entered are matched at the acquirer it is secured that the phone owner is identified and granted to make a purchase. This is described more in detail with reference to Fig. 3. The acquire node application acts as a communication device and holds software for accomplishing telephone A-number identification/retrieving it, checking phone numbers, equipment for receiving telephone calls, and other necessary tasks known to a person skilled in the art for acting as an acquirer.

In Fig. 2, schematically illustrated, is one embodiment of a bank card 20 in accordance with the present invention and its identity/authorization data.

The ANSI Standard X4.13-1983 is utilized by many credit card systems. Here are what some of the numbers on the card stand for, wherein the information presented below regarding the card is retrieved from www.howstuffworks.com.

The first digit in on a credit-card number signifies the system, 3 - travel/entertainment cards (such as American Express and Diners Club), 4 -Visa, 5 -

MasterCard, 6 - Discover Card. The structure of the card number, 4 4, as depicted in Fig. 2 on card 20 varies by system. For example, American Express card numbers start with 37; Carte Blanche and Diners Club with 38. American Express - digits

three and four are type and currency, digits five through 11 are the account number, digits 12 through 14 are the card number within the account and digit 15 is a check digit. The Visa - digits two through six are the bank number, digits seven through 12 or seven through 15 are the account number and digit 13 or 16 is a check digit. MasterCard - digits two and three, two through four, two through five or two through six are the bank number (depending on whether digit two is a 1 , 2, 3 or other). The digits after the bank number up through digit 15 are the account number, and digit 16 is a check digit, here a 4.

The stripe on the back of a credit card is a magnetic stripe, often called a magstripe. There are three tracks on the magstripe. Each track is about one-tenth of an inch wide. The ISO/IEC standard 7811 , which is used by banks, specifies that track one is 210 bits per inch (bpi), and holds 79 6-bit plus parity bit read-only characters. The track two is 75 bpi, and holds 40 4-bit plus parity bit characters. Track three is 210 bpi, and holds 107 4-bit plus parity bit characters. A credit card 20 typically uses only tracks one and two. Track three is a read/write track (which includes an encrypted PIN, country code, currency units and amount authorized), but its usage is not standardized among banks.

The information on track one is contained in two formats: A ₁ which is reserved for proprietary use of the card issuer, and B, which includes the following: Start sentinel - one character, format code="B" - one character (alpha only), primary account number - up to 19 characters, separator - one character, country code - three characters, name - two to 26 characters, separator - one character, expiration date or separator - four characters or one character, discretionary data - enough characters to fill out maximum record length (79 characters total), end sentinel - one character, and longitudinal redundancy check (LRC) - one character. LRC is a form of computed check character.

The format for track two, developed by the banking industry, is as follows: Start sentinel - one character, primary account number - up to 19 characters, separator - one character, country code - three characters, expiration date or separator - four characters or one character, discretionary data - enough characters to fill out maximum record length (40 characters total), and LRC - one character.

Information on the track format, see ISO Magnetic Stripe Card Standards. There are three basic methods for determining (authentication) whether the credit card will pay for what is charged: Merchants with few transactions each month do voice authentication using a touch-tone phone, electronic data capture (EDC) magstripe-card swipe terminals are becoming more common ~ so is swiping the card at the checkout, virtual terminals on the Internet. After for instance the cashier or the person purchasing swipes the credit card

20 through a reader, the EDC software at the point-of-sale (POS), see Fig. 3, terminal dials a

stored telephone number, utilizing a modem, broadband connection, wireless or other network and equipment known to a person skilled in the art, to call an acquirer. An acquirer is an organization that collects credit-authentication requests from merchants and provides the merchants with a payment guarantee. When an acquirer company receives the credit-card authentication request, it checks the transaction for validity and the record on the magstripe for: Merchant ID, valid card number, expiration date, credit-card limit, card usage.

The "smart" credit card (smart card) is an innovative application that involves all aspects of cryptography (secret codes), not just the authentication described. A smart card 20 has a microprocessor 22 built into the card itself. Cryptography is essential to the functioning of these cards: A user must corroborate his identity to the card each time a transaction is made, in much the same way that a PIN is used with an ATM (Automated Teller Machine). The card and the card reader executes a sequence of encrypted sign/countersign-like exchanges to verify that each is dealing with a legitimate counterpart. Once this has been established, the transaction itself is carried out in encrypted form to prevent anyone, including the cardholder or the merchant whose card reader is involved, from "eavesdropping" on the exchange and later impersonating either party to defraud the system. This elaborate protocol is conducted in such a way that it is invisible to the user, except for the necessity of entering a PIN to begin the transaction.

The chips in these cards are capable of many kinds of transactions. For example, make purchases from a card holders credit account, debit account or from a stored account value that is reload-able. The enhanced memory and processing capacity of the smart card is many times that of traditional magnetic-stripe cards and can accommodate several different applications on a single card. It can also hold identification information, keep track of participation in an affinity (loyalty) program or provide access to premises. The information described above held by a bank card 20, or smart card 20, 22 described with reference to www, howstuffworks. com is similar to that what is expected to be stored under the database post or telephone number, 0123456789, as bank data/authorization data together with a PIN code, or regarding a smart card 20, 22, this information/data is stored also in a memory, for instance SIM card or internal phone memory, of the cellular phone 10 to be transmitted from a POS to the database holding the post, 0123456789, for comparison of correctness in accordance with the present invention.

Moreover the present invention introduces a further security or authorization feature by calling the database, through its telephone number here fictively 9876543210, holding the database post with telephone numbers by the phone 10, with telephone number, 0123456789, similar to making a card purchase at the POS. It is thus checked that the scanned or otherwise transmitted telephone number at the POS is 0123456789, the same that has called the database, and if so a purchase is granted and the acquirer node sends a

signal to the POS that the purchase is granted. This is described through the system of Fig. 3 depicting one embodiment out of several possible following the teaching of the present invention.

Fig. 3 schematically illustrates an embodiment of a system for a POS 30 in accordance with the present invention, herein including a clearing house which is common. The POS 30 system is equipped with a scanner 32 and a terminal 34 for entering PIN codes and other characters through a keypad 35. It can also be equipped and connected to a swipe card slot for one embodiment of the present invention A customer purchasing at the POS holds his cellular phone 10, with tag 12, to be scanned by the scanner 32, or utilizing a one of the methods described above to connect the telephone number, 01234567890, to the purchase, almost simultaneously, the purchaser calls 36, schematically indicated by a GSM base station 38, with the phone 10 bearing the number, 0123456789, a database server 46, utilizing a predetermined telephone number, her fictively 9876543210, at an acquirer node application 44, where the database server 46 stores the database posts holding telephone numbers that are connected and authorized to make purchases, as for instance 0123456789 pointing at bank data allowing a purchase of merchandizes, goods, services and the like. The call is registered with the telephone number, 0123456789, in the database 46. The call can be stored for a limited time, for example, two to five minutes, so that another purchase in a different store is possible. The POS 30 connects to the acquirer node application through one of the networks 40, 42. The connection to the acquirer node 44 could be established by the POS 30 attendant swiping a special card for the store or POS 30 in question opening up the communication for a purchase as it is actually currently accomplished when purchasing by using a bank card, thus emulating a connection as if the purchase was accomplished through a card. If the phone 10 has stored bank data emulating a smart card, the data has been transmitted for instance when calling the acquirer having telephone number 9876543210.

At the acquirer node 44 it is checked through dedicated software for that purpose that the phone number 0123456789 from the POS is the same as the one stored when the phone 10 was brought to call 9876543210 to register the phone number 0123456789 for a purchase, and if so the database is checked that phone 10 holding number 0123456789 is a registered telephone number allowed to be used for purchases. The PIN code is checked together with bank authorization data. If the purchase is granted by the acquirer a grant message/signal is sent to the POS 30 and the purchase is closed as being correct and granted. This purchase is accomplished more or less as a current purchase with a bank card 20, 22, and very little upgrading of equipment has to be deployed at the POS 30 in order to make a purchase. In fact only the software utilized at the POS 30 has to be upgraded. If

the POS 30 utilizes the feature of receiving a call from the phone 10 to connect the purchase with a phone number, 0123456789, as described above, equipment such as receivers for that purpose are to be installed.

It is appreciated that it is known to a person skilled in the art how to detect the phone number, 0123456789, by A-number identification and CallerlD. It is also recognized that the telephone numbers used in the present description are fictive, and that an almost unlimited number of phones can be registered in databases 46 as database post for utilizing the findings of the present invention.

In order to settle the accounts between the purchaser and the POS 30 merchant, the acquirer 44 connects through a network 40 a clearing house 48, which settles the accounts by debiting the purchaser account at his/her bank and crediting the merchant at his/her bank through their bank server 50.

The present invention is not limited to given examples and embodiments, but to what a person skilled in the art can derive from the attached set of claims.