Method for payment via the Internet The present invention relates to a method for processing a transaction between a first computer application and a second computer application. More specifically, the invention relates to a method for processing a transaction via a network, such as the Internet. The first computer application is, for example, implemented on a computer of a supplier of services and/or products and the second computer application can be implemented on a computer of a user who can be connected via the network to the supplier's computer, so that the user is able to view and order services and/or products.

A second aspect of the invention relates to the provision of a medium that contains the data needed to carry out the method according to the invention.

A secure and reliable method of paying for the services and/or products purchased is crucial in the case of transactions of this type. A known method of payment via, for example, the Internet is to pass on the card number and the expiry date of a credit card, after which the supplier who supplies the service and/or the product is then paid by the credit card company.

Another known method of payment is to open a customer account for the supply of services or products with a supplier. The customer is then able to order services and/or products from the supplier via, for example, the Internet, provided that he/she has sufficient credit in his/her account. Usually he/she will then have to enter a user name and a password when ordering.

The known methods of payment have a number of significant disadvantages.

Registration of the customer, either directly by the supplier or indirectly via a credit card company, is usually required, which costs time, has the effect of increasing the barrier to be overcome and gives no guarantee of privacy and/or anonymity. It can also be necessary for the user's computer to be equipped with, for example, a smart card reader with special software, which incurs additional costs and ensures that the user is tied to that specific computer. These disadvantages lead to a customer being less readily inclined to make occasional or impulse payments for services and/or products which, for example, can be supplied via the Internet.

Further disadvantages are that the known methods of payment are tied to a person and that there is a security risk. For example, the number and the expiry date of the credit card can be intercepted, after which the credit card can be misused to charge up an appreciable

sum.

The object of the present invention is to provide a method for processing a transaction which does not have the said disadvantages of the known methods.

The object is achieved by means of a method of the type defined in the preamble, characterised in that the method comprises the following steps: (a) transmission of a first message by the first computer application to a third computer application in order to activate a payment program on the third computer application; (b) transmission of a second message by the third computer application to the second computer application in order to activate a payment program on the second computer application; (c) a request by the second computer application for input of a card number, which is specified on a card, by the user, after which the second computer application then transmits a third message containing the card number to the third computer application; (d) checking of the card number and determination of the serial number of one of a plurality of associated security codes by the third computer application, after which the third computer application transmits a fourth message to the second computer application, the fourth message containing the serial number of the security code; (e) a request by the second computer application to the user to enter that security code specified on the card which is associated with the serial number transmitted, after which the second computer application transmits a fifth message containing the security code to the third computer application; (f) checking by the third computer application that the security code associated with the serial number and card number corresponds to the security code received from the second computer application, after which a sixth message is transmitted by the third computer application to the first and second computer applications, the sixth message containing an acceptance or refusal of the transaction.

The third computer application is, for example, implemented on a computer belonging to a body which issues the cards and conducts the transactions.

The codes and numbers associated with a card are known only to the body which implements the third computer application and are specified on a card which is in the possession of the user who uses the second computer application to make payments.

The advantage of the method for processing a transaction between a first computer

application and a second computer application according to the present invention is that there is no requirement for registration of the user with the supplier and the body which issues the cards, which gives a guarantee of privacy and, if desired, anonymity.

Furthermore, as soon as an associated card has been purchased the card can be used to conduct transactions, as a result of which the method is suitable for occasional and impulse purchases.

No additional equipment and/or software is required, which makes the method according to the invention inexpensive and simple. Furthermore, the user is not tied to a special computer provided with additional peripherals and/or software.

The outstanding balance on the card is linked to the card number and not to a person.

Therefore, it is also possible to transfer the card to someone else or to let someone else use the card.

The method is suitable for transactions where payment is made in currency, but also for transactions where other units are used (for example x accesses to a database, y games, z weather reports).

Furthermore, the method according to the invention is suitable for both credit and debit transactions.

Because multiple security codes are used, it is unpredictable which security code will be used. Tapping data traffic is thus virtually pointless because a different security code can be used for a subsequent transaction with the same card.

The level of security can be tailored to the desired requirements. For example, the security codes can be made longer or, on the contrary, shorter and the number of security codes specified on the card can be increased or reduced.

With the method according to the invention, the risk of messages being tapped, misuse or loss is always restricted to the value of the outstanding balance on the card and not, as in the case of a credit card, to the credit limit of the card.

If the outstanding balance on a card is not sufficient to complete a transaction, steps (c) to (f) of the method can be repeated with another card.

In one embodiment of the method according to the invention, the computer applications are implemented on at least two computers which are linked to one another via a network, for example, the Internet.

As a result a user is able to view, order and pay for products and/or services from a supplier remotely. The first and third computer applications are then, for example, both

implemented on a computer located on the supplier's premises, which, for example, can be linked via the Internet to a user's computer on which the second computer application is implemented. In this case the supplier can also be the body which issues the cards and processes the transactions.

Although with known methods a check is made to determine whether the user is authorised to make payments (adequate balance, correct credit card number), these methods do not offer the possibility for the user to check whether the party receiving the payment is authorised.

In one embodiment of the invention the third computer application also includes at least one verification code associated with the card number in the fourth message in step (d) and in step (e) the second computer application also asks for confirmation that the at least one verification code transmitted corresponds to the at least one verification code specified on the card and the latter application includes the result of this in the fifth message.

This embodiment has the advantage that bilateral authorisation takes place. There is not only a check to determine whether the user is authorised to make payments, there is also a check to determine whether the body which is processing the transactions (with the aid of the third computer application) is authorised.

In a further embodiment, the fourth message contains the amount to be paid and/or the balance on the card and the second computer application displays the amount to be paid and/or the balance on the card to the user after receipt of the fourth message. This provides the user with additional ease of use and a further possibility for checking the transaction.

In a further embodiment each message is provided with a transaction identifier. This makes it possible for the third computer application to process multiple transactions simultaneously.

In a further embodiment of the method according to the invention, the contents or part of the contents of one or more of the messages are/is encrypted, so that the contents of the messages cannot be decoded by others. This makes it possible to provide security for the exchange of messages if necessary. The level of security which is considered necessary can be adapted by selecting a specific type of encryption.

A second aspect of the invention relates to a medium which is suitable for performing the method according to the invention, characterised in that the medium contains at least

one card number and at least one security code with associated serial number.

A further embodiment of the medium also contains at least one verification code.

Because all data required to perform the method according to the present invention are contained on the medium according to a second aspect of the invention, it is possible to process transactions without special facilities in the form of equipment, software, registration, etc. being required for this.

In one embodiment the medium according to the present invention is constructed in the form of a printed card, the data being printed on the card. It is also possible to specify the data on a card in such a way that said data can be read with the aid of generally available equipment. In this context consideration can be given to a magnetic card, a smart card or a card provided with barcodes.

In a further embodiment of the present invention, the medium is constructed as a computer-readable medium, such as, for example, a diskette or a CD-ROM.

The present invention will now be explained with reference to a preferred embodiment and the appended drawings, in which: Fig. 1 shows a preferred embodiment of a card containing the data which a user requires in order to be able to perform the method according to the invention; Fig. 2 shows a diagram of the systems involved in a transaction according to the present invention.

Fig. 1 shows a preferred embodiment of a card 1 containing the data which a user requires in order to be able to perform the method according to the invention. The card 1 specifies a card number 2 (which can be a numeral or an alphanumeric sequence) and several, in this case six, arbitrarily chosen security codes 4, which are indicated by a serial number 3. In addition the card 1 specifies a verification code 5. The numbers associated with a card (card number 2, security codes 4 with associated serial number 3 and the verification code 5) are otherwise known only to the body which issues the cards 1 and performs the transactions.

In its simplest embodiment, the card 1 is a small-format card with the data required for performing the method according to the invention printed thereon. It is also possible to specify the data on a card in such a way that said data can be read with the aid of generally obtainable equipment. In this context consideration can be given to a magnetic card, a smart card or a card provided with barcodes. In a further embodiment of the present invention, the data which are needed to perform the method according to the

invention are stored on a computer-readable medium, such as, for example, a diskette or a CD-ROM.

Fig. 2 shows a diagram of the systems involved in a payment in accordance with the method of the present invention. A supplier's computer 11, which runs the first computer application, a user's computer 12, which runs the second computer application, and a transaction computer 13, which runs the third computer application, are shown. The computers 11,12,13 are linked to one another via a network 10, for example the Internet.

The computers are generally known computers which are provided with input means such as a mouse and keyboard and a monitor for displaying information.

It will be obvious to a person skilled in the art that the communication between the transaction computer 13 and the user's computer 12 can also proceed via the supplier's computer 11. It will also be obvious that the supplier himself can be the body which issues the cards 1 and performs the transactions. The first and third computer applications can then be implemented on one computer.

Via the network 10, the user is connected, with the aid of the user's computer 12, to a supplier's computer 11 and is able, for example with the aid of a further computer application, to use the supplier's computer 11 to view what services and/or products are offered by the supplier. As soon as the time at which payment has to be made (in money or other units) has been reached, a payment module on the transaction computer 13 is activated from the further computer application on the supplier's computer 11 by transmitting a first message. By means of this transmission the sum or the number of units to be paid is/are passed on by the first computer application on the supplier's computer 11.

By means of a second message, the payment module on the transaction computer 13 activates a payment module on the user's computer 12 which asks the user to enter the card number 2. This information is transmitted in a third message to the payment module on the transaction computer 13, which checks whether the card number has an active status.

The payment module on the transaction computer 13 then compiles a fourth message for the payment module on the user's computer 12, which message incorporates at least the serial number 3, selected by the payment module on the transaction computer 13, of the security code 4 to be checked and an alphanumeric value of arbitrary composition. On receipt of the fourth message, the payment module on the user's computer 12 will ask the user to enter the security code 4 which has the serial number 3 indicated in the message from the transaction computer 13. The alphanumeric value of arbitrary composition

received in the fourth message from the transaction computer 13 is, if necessary, encrypted by the payment module on the user's computer 12 with the aid of the security code 4 entered. Said encrypted value is sent back by the user's computer 12 in a fifth message to the transaction computer 13, where it is compared with an encrypted value that has been calculated by the payment module on the transaction computer 13. If the received and calculated encrypted values are identical, this confirms that the user has entered the correct security code 4. The payment module on the transaction computer 13 will send a sixth message to the payment module on the user's computer 12 to confirm that payment has been made. Furthermore, the payment module on the transaction computer 13 sends the sixth message to the application on the supplier's computer 11 in which payment is confirmed.

If the outstanding balance on a card 1 is insufficient to process a transaction, steps (c) to (f) of the method can be repeated with another card 1.

In a preferred embodiment the fourth message also contains a verification code 5 associated with the card number. The user's computer 12 displays this verification code 5 to the user and asks the user to confirm that this code corresponds to the verification code 5 specified on the payment card 1. The confirmation or denial of correspondence is then included by the user's computer 12 in the fifth message and transmitted to the transaction computer 13. This provides the user with an opportunity to check whether the transaction computer 13 is authorised to perform transactions. In one embodiment the sum or the number of units to be paid and the current balance on the card are also included in said message. This is then displayed by the user's computer 12 for checking by the user.

In a further embodiment, all messages which are exchanged in the context of the method are provided with a transaction number. This simplifies the identification of a specific payment and makes it possible for the transaction computer 13 to handle multiple transactions simultaneously.

In one embodiment the contents or part of the contents of the messages which are exchanged in the method according to the invention can be encrypted by means of a suitable encryption mechanism. The level of security can be chosen by selecting a specific type of encryption mechanism.