Method and Apparatus for Performing A Transaction

Background and Field of the Invention

This invention relates to a method and apparatus for performing a transaction, more particularly but not exclusively, for purchasing petrol.

Electronic payment has been growing in popularity and the use of payment cards for payment, such as credit or debit cards, instead of cash, is on the rise and ubiquitous. A payment infrastructure for such electronic or cashless payments usually comprises a card reader located at a merchant and which reads information from a payment card and transmits the information to an acquiring bank of the merchant. The acquiring bank then processes the transaction and obtains authorisation from an issuing bank of the payment card for approval of the transaction.

Figure 1 shows a current infrastructure for performing a payment transaction at petrol stations 100 owned by different petrol companies such as Petronas™, Shell™, Esso™ etc. Each of these petrol companies has an associated acquiring bank 102 which accepts the payment transactions on behalf of the petrol company and transmits the transactions to a central interchange 104 for

switching to the respective issuing banks 106 of payment cards that were used to initiate the transaction.

To elaborate and as an example, to pay for petrol at a Petronas™ petrol station 100a, a consumer provides a VISA™ credit card issued by for example

Citibank™ 106a and a cashier at the petrol station 100a swipes the card through a card reader. The credit card information is transmitted to an associated acquiring bank, in this case Maybank™ 102a, which obtains authorisation from Citibank™ (the issuing bank) for approval of the transaction. If the transaction is approved, this is communicated via the acquiring bank 102 to the card reader and a payment receipt is generated for signing by the consumer. The acquiring bank 102a then bills the issuing bank on behalf of the merchant 100a and the issuing bank 106a, in turn, collects payment from the consumer. With such an arrangement, credit card commissions are borne by the merchants, and in this case the petrol companies, which means that these fees have to be paid by the petrol companies to the acquiring banks 102, issuing banks 106 as well as VISA, resulting in reduced profits.

From the bank or financial institutions' viewpoint, the backbone of the infrastructure is provided for by the banks/financial institutions and thus, if there is a push for more secure technology to prevent fraud, for example changing from magnetic strip credit cards to EMV compliant credit credits, involve

substantial up-front costs to modify the infrastructure, and these costs are borne by the banks/financial institutions.

With competition between banks and financial institutions, it is common for an issuing bank to issue different types of payment cards to target different consumer groups and substantial money can be spent promoting a particular payment card. This adds to the operating cost of the banks and moreover, costs is further increase since each of these cards must similarly be made compatible with the technology employed by the infrastructure for carrying out the transaction.

It is also common to entice people to sign up with a particular payment card by having tie-ups with merchants to give discounts on the merchant's goods or services when using a particular payment card to pay. This also leads to consumers owning multiple payment cards from different issuing banks in order to enjoy the discounts and benefits associated with each of these payment cards, and trying to remember and to keep track which payment card is having promotions by which merchants can be difficult.

It is an object of the present invention to provide a method and apparatus for performing a transaction which addresses at least one of the disadvantages of the prior art and/or to provide the public with a useful choice.

Summary of the Invention

The invention provides a method of performing a transaction over a data network, using a generic identifier which has identification information for uniquely identifying a user, the generic identifier being associated with payment accounts issued by different financial institutions, the method comprising the steps of: at the time of the transaction, receiving the identification information over the data network, displaying each of the associated payment accounts for selection by the user; receiving the selected payment account and obtaining authorisation from the financial institution that issued the selected payment account for approval of the transaction.

The generic identifier may be a physical card having an electronic chip, and the identification information is stored in the electronic chip. It is envisaged that the generic identifier may be a virtual card and the generic identifier is the identification information.

Advantageously, the physical card is a national identification card such as a Malaysian national identification card, or a national identification card issued by a government.

Preferably, the physical card is compliant with international standards like ICAO Doc, 9303, ISO 7501 , EMV, etc., and is optionally protected by dynamic authentication security using advanced cryptographic processes and the identification information apart from just text data may also be a combination of biometrics of the user (such as portrait photograph of the user and a pair of fingerprints).

The displaying step may further include displaying a promotion associated with each payment account so that the user knows what promotion is available at that given time to decide which payment account to use for the transaction. The promotion may be merchant specific, specific to the payment account, or specific to the financial institution.

The method may further comprise . the steps of, prior to the transaction, registering the generic identifier with a service provider, and selecting which payment accounts of different financial institutions to associate with the generic identifier. Further, the method further comprises the step of selecting which loyalty program offered by merchants is to be associated with the generic identifier.

The method may also comprise the step of, at the time of the transaction, identifying the merchant and crediting the user's loyalty account associated with the merchant with loyalty points that corresponds to the transaction amount.

The invention further provides apparatus for performing a transaction over a data network using a generic identifier which has identification information for uniquely identifying a user, the generic identifier being associated with payment accounts issued by different financial institutions, the apparatus comprising: means for receiving the identification information over the data network, means for displaying each of the associated payment accounts for selection by the user; means for receiving the selected payment account and obtaining authorisation from the financial institution that issued the selected payment account for approval of the transaction.

Brief Description of the Drawings

An embodiment of the invention will now be described, by way of example, with reference to the accompanying drawings in which,

Figure 1 is a simplified diagram illustrating a current infrastructure for using credit card payment for petrol;

Figure 2 shows different parties to a payment transaction according to a preferred infrastructure of the present invention which uses a Malaysia national identification card as a payment instrument;

Figure 3 shows a close up view of the Malaysia national identification card of Figure 2;

Figure 4 is a registration and activation device for registration the Malaysia national identification card with a provider of the infrastructure of Figure 2;

Figure 5 is a flow chart showing a registration process using the registration and activation device of Figure 4; Figure 6 is a simplified diagram illustrating the role of the infrastructure provider of Figure 2; and

Figure 7 shows various equipments located at a petrol station of Figure 2 for initiating and processing a payment transaction.

Detailed Description of the Preferred Embodiment

Figure 2 is a block diagram of a preferred embodiment of an infrastructure having a number of devices for performing the transaction of the present invention. As an example, the preferred embodiment is described in relation to the petrol industry.

Instead of having different payment cards, this invention proposes the use of a generic identifier in the form of the Malaysia national identification card or MyKad 100 for short. A close up view of MyKad is shown in Figure 3. The infrastructure is managed by an infrastructure provider (or commonly known as a 'master acquirer' in banking terminology) administering a host system 202 and a central switch 204 connected to the host system 202. A data network 206 links service providers 208 to the central switch 204 and from the central switch 204 to partnering banks 210. In this embodiment, the central switch 204 is a server with high end switching functionalities including cryptographic encryption and message formatting capabilities.

Using a national identification card as an authentication and/or purchasing tool has many advantages. For example, a national identification card provides excellent proof of the integrity and identity of the user. Further, the banks need not create their own database but simply ride on the national records since information (i.e. identity and user information) must be stored at the national level anyway. Further, in the case of Mykad 200, this card has an electronic high security processor with high capacity non-volatile memory chip 201 that not only stores the identity data of the individual (name, unique identification number date of birth.etc.) but also stores biometrics of the user in the form of an electronic impression of the fingerprint (or fingerprints and portrait photograph), and thus, excellent as an authentication and purchasing instrument. In this way,

information stored in the chip 201 is an exact copy of the national register and thus, when information is retrieved from the chip 201, this is equivalent to extracting information from the national register.

Further, the electronic chip is also compliant with security standards associated with chip based identification documents (such as ISO 7816 and EMV) to ensure the security authentication capabilities of the card.

There is also a MyKad registration and activation device 212 and this is located at a petrol station 208a for convenience. The registration and activation device 212 has a card reader for receiving the Mykad, a display for displaying messages to prompt or inform the user and a fingerprint scanner.

Prior to using Mykad 200 as a purchasing instrument, a user first registers his Mykad 200 with the infrastructure provider using a registration and activation device 212, shown in Figure 4. The registration and activation device 212 has a card reader 212a for receiving and reading the identification information on Mykad, a display 212b for displaying messages to prompt or inform the user and a fingerprint scanner 212c.

A flow chart of the registration process is shown in Figure 5. The registration process begins at step 400 with the user inserting his Mykad into the card

reader 212a of the registration and activation device 212, and selecting "registration" option. The registration and activation device 212 then reads identification information stored in the electronic chip 201 of Mykad and communicates with the host system 202 to check whether there is existing record for this user. If an existing record exists, then at step 404, a message is displayed on a display of the registration and activation device 212 to inform the user accordingly.

If no matching record is found, the host system 202 communicates this to the registration and activation device 212 to authenticate the user, at step 406. The registration and activation device 212 then displays a prompt asking for the 'live' capture of the user's fingerprint and this is scanned by the fingerprint scanner 212c. The fingerprint is converted into digital data (template) and transmitted to the electronic chip 201 for identity verification (and optionally to the the host system 202 for similar verification at step 408). If the fingerprint data (template) does not match in the template stored in the chip memory (or in the records of the host system 202 for the user), then the registration is refused and the user is informed accordingly. This is to prevent fraud.

If the fingerprint data matches the host system's records, then the registration continues with the user being provided with a list of partnering banks and the types of payment accounts offered by each bank at step 412 for selection by

the user. Upon selection, the types of payment accounts issued by the respective banks are then associated with the user's Mykad and this information is stored at the host system 202 at step 414. Based on the selected payment accounts, the host system 202 then informs the partnering banks 210 associated with the selected payment accounts at step 416 of the user's selection so that the partnering bank's records is updated with the information. Once this is done, the registration is completed and this is updated on the display of the registration and activation device 212 at step 418.

Of course, at step 416, it is envisaged that the partnering banks may approve or reject the user's request to associate his Mykad with a bank's payment account in case there is an issue with the user's credit history. Such a step is recommended and preferred to ensure that fraud liability is with the banks.

Once the registration is completed, the user can use his Mykad as a purchasing instrument. To initiate payment, the user inserts his MyKad into a payment terminal 400 at the petrol station 208a of Figure 2 and Figure 7 shows two examples, an indoor payment terminal 400a located in the shop over the counter and an outdoor payment terminal (OPT) 400b installed directly to a pump 402 controlled by a pump controller 408 , just like any conventional payment card systems prior to filling up the vehicle at the pump.

The indoor payment terminal 400a will first be described and this includes a system controller in the form of a PC 404 and a card reader 406 which is communicatively coupled wirelessly (although it may also be wired) to the PC 404 and the payment process is initiated with the Mykad being inserted into the card reader 406. The card reader 406 has a fingerprint scanner 407 and identification information from the Mykad is captured as the card is authenticated, similar to the registration process explained earlier. The required data from the Mykad is extracted from the chip memory 201 and transmitted to the PC 404 and then to the host system 202 for bank verification (or other associated host systems) that this is a valid and registered user via the central switch 204. If the verification is successful, the host system 202 then initiates the payment terminal 400a to display a menu on its screen 404a representing each of the payment accounts of different banks 210 that was chosen by the user at time of registration to allow user selection of the bank as well as payment instruments (credit, debit or prepaid) to be used to pay for the goods. In this embodiment, the information displayed also provides information on the promotions or discounts offered by the various banks for this particular petrol company 208 operating the petrol station 208a. For example, choosing a particular card from issuing bank A may give a 3% rebate on the total petrol purchase to the user and choosing another card from issuing bank B may give just 2% rebate. The user can then select which payment account to transact

from and makes his selection accordingly, together with the intended amount of petrol that the user wishes to purchase.

Upon selection of the payment account of a corresponding bank, this information is transmitted to the central switch 204 which switches the information to the issuing bank 210 that offered the selected payment account. If there is no issue with the transaction, the issuing bank 210 then approves the transaction, which then communicates this to the pump controller 408 to release the pump 402 to enable the refuelling of the user's vehicle based on the amount transacted and this completes the transaction. If the issuing bank finds issue with the transaction (for example, the user is behind in his payment), then the issuing bank refuses to accept the transaction and this is communicated to the system controller 404 which the pump 402 is not released.

As an alternative to making payment .over the counter, it is common to pay at the self-service kiosk or pay at the pump 402 using the OPT 400b which has a card reader 410 and a fingerprint scanner 412. Essentially, the same processing steps of reading the identification information on the Mykad and authentication/verification steps are carried out and if the authentication/verification is successful, the same selection of payment account is required by the user and the amount is approved, before the pump 402 is released by the pump controller 408 for the user to carrying out the refuelling.

Upon completion, the exact transacted amount is then charged to the selected payment account of the corresponding bank.

If the user wishes to deactivate his Mykad with the infrastructure provider, the process is similar to what is described in Figure 5 but instead of selecting the registration option, the user selects "deactivation" option. The same authentication is required and if the authentication is successful, the records of the user are removed from the host system and this information is sent to the affected partner banks to update their records. Subsequently, any purchase using the Mykad would not be allowed to proceed since the host system does not have a record of the Mykad.

It should be apparent that the payment transaction described above is independent of the financial institution based card schemes, such as Mastercard™ or VISA™ but may be linked as required by the bank.

It would be appropriate at this stage to elaborate more on the role of the infrastructure provider and this may be better explained with reference to Figure 6. Unlike conventional structures, the infrastructure provider is essentially acting like a centralised interchange 300 (i.e. the host system 202 and the central switch 204) with integrated settlement capabilities, linking the merchants, in this case the petrol companies 100, and the partnering banks 102/106, which may

be acquiring or issuing banks. In other words, the infrastructure is provided by the infrastructure provider 300 and not by the banks/financial institutions, and thus relieves the banks/financial institution with investment cost for maintaining or upgrading the infrastructure. Having a common interchange also means that efficiency in the payment processing and due to the economics of scale, the cost of processing is also reduced.

Further, since the infrastructure is owned and operated by the infrastructure provider, the Merchant Discount Rate (MDR) could be set by this provider on a competitive market basis. Since the function of the acquiring banks is now performed by the centralised interchange (or master acquirer), such an arrangement offers high flexibility of connectivity not only to existing bank transactions but also to any other transactions that requires online host approval and user identity verification/authentication. In effect, this system may use existing infrastructure elements (identification cards and payment terminals) in a manner which facilitates the authentication/verification of electronic transactions in a highly secure and auditable manner. Further, since such a system uses a common front end user identifier (in this case, MyKad), this enables the connection of the user to a spectrum of hosts systems to allow disparate host systems to authorise transactions once the user has been authenticated and his identity verified by the respective host systems.

It would be apparent from the described embodiment that using a generic identifier makes the payment system very much flexible and simpler since the user need only carry one card. The various banks and financial institutions need not spent money on issuing payment cards or investing in marketing programs to promote a particular card since all this is replaced by a generic identifier. In particular, if the generic identifier is a national identification card, once this is recognised as a common access card, there is little justification for deploying other cards that merely add to costs. Another cost element is the transactional switching infrastructure associated with proprietary cards issued by various banks or financial institutions and with the proposed infrastructure, such costs are reduced.

Also, the user does not need to track or remember the different promotions or discount offered by the different issuing banks since such information is provided at time of the transaction and the user has the flexibility of choosing which payment account to transact from that benefits him the most. From the bank's end, if there is any change in the promotions or discounts, they need only inform the infrastructure provider which updates the information stored on the host system 202 to reflect the change and this is much easier than informing each user/customer individually. The user would also be assured that he would not miss out any great deals since the information is presented at time of the transaction. Further, since promotions or discounts are, more often than

not, merchant specific and at the time of the transaction, the host system would be able to identify the merchant that is providing the goods/services (for example, by an ID of the card reader, which is also transmitted together with identification of the user) and the promotion and discounts displayed only pertains to that particular merchant, which allows the user to make an informed decision as to which bank offers the best discounts/rates in relation to that merchant so that he can select a payment account issued by that bank.

The described embodiment should not be construed as limitative. For example, to increase security, the user may be required to input a PIN number in addition to the fingerprint impression. Also, instead of just one fingerprint impression, stored in the chip 201 , impressions from two fingers may be required. Also, an electronic portrait photograph of the user may be included as part of the verification process. Further, the payment accounts may be issued by other financial institutions and not necessary banks, for example VISA™,

Mastercard™.

In the described embodiment, the pump 402 is released only upon the successful verification and approval by the bank corresponding to the selected bank account. However, it is envisaged that it could be "pump first, pay later".

The described embodiment has been explained in relation to the petrol industry but it should be apparent that the invention is similarly applicable for any industry and even on a national level, where all transactions conducted electronically are performed using Mykad and using the infrastructure proposed.

Further, the described embodiment uses a national identification card as an example but it is envisaged that other forms of identifiers may be used, in particular one issued by a particular organisation or association and which is associated with different partner financial institutions to obtain the benefits of using a generic card for performing transactions. Of course, in such a case, there may not be any need for registering the generic card since it is likely that the card is registered with the organisation or association at time of issue. The generic identifier may be a virtual card and not a physical card.

Also, the described embodiment can be expanded to include tracking of loyalty points, which is a common form of rewarding clients and the loyalty points could be offered by the financial institution or by the merchant. In the case of the financial institution, if a user selects a particular payment account to charge the payment to, the amount charged would be recorded by the bank and the corresponding loyalty calculated and credited to the user's account in a conventional matter. In the case of the merchant, the loyalty program that is being offered by a particular merchant can similarly be made available to opt-in

at the time of registration so that at the time of the transaction, since the host system is able to identify the merchant (for example, a particular petrol company), the host system can then credit the associated merchant's loyalty card with the appropriate loyalty points accordingly. This provides great flexibility and convenience to the user, without needing to carry different loyalty cards offered by different merchants.

Another possible application of the described embodiment would be the use of the same for government transactions with members of the public in respect of the identification of the individual as well as payment of government or quasi- govemment or public utilities dues and also the delivery of government services to members of the public.

Also, the data network may be the internet, WAN or private secure network.

Having now fully described the invention, it should be apparent to one of ordinary skill in the art that many modifications can be made hereto without departing from the scope as claimed.