BACKGROUND

Many different types of electronic payment means are available for consumers: credit cards, debit cards, mobile wallets, internet wallets... The choice of payment means is large, but none of them is drastically better than the others in terms of execution speed and security.

• It takes time.

The overall process of using a PIN-code or signing a receipt takes time. It can be somewhere between 20 to 40 seconds. When multiplied with the number of customers paying at the Point of Sales (POS) during the day, it has a significant impact on the overall checkout speed, and experience. Waiting lines can be get long (e.g. at a supermarket, at a fast-food, at a popular cloth shop) and the merchant has to scale the number of POS systems accordingly. As an initial commercial solution, the industry has more or less agreed on the ability to process PIN-less payments below $25 - $50. But it does not go higher; payments above the limit still require the customer to enter a PIN code or sign a receipt. The proposed payment method is a technical solution to change this.

· It exposes a critical piece of personal information: the customer's PIN code or the signature.

PIN-code protection increases the level of security of the payment transaction, but only when the action of entering the PIN code is not exposed to others. It is typically the case in Bank ATMs. They are designed to make it harder for others to see the PIN-code entered by the card user. However, the POS keypad is much more exposed than ATM keypads. At large retail stores, the POS keypad is typically located in front of the cashier, not too far away from the customers waiting in the line or from people right behind the cash register. In a restaurant, the PIN code might be entered in a mobile POS, at the table. Other people can see it as well. Using a mobile wallet or digital wallet instead of a credit or debit card is not more secure. Entered in the mobile device, the PIN code is still exposed to other people.

As a result, the POS exposure is the weak link in a PIN-code protected transaction. It is easier for a thief to get the PIN code during a transaction at a POS than during a transaction at an ATM. With the PIN-code retrieved, it only takes the thief to the steal the customer wallet/bag; from there, ATM cash withdrawals and other thefts can be done.

Clearly the current electronic payment means do impact the payment experience. They are time-consuming, they slow down the check-out process, they increase the waiting time in lines, and they expose the PIN and signature to other people.

The industry has tried to tackle the problem, not so much using technical solutions, but commercial solutions. The commercial solution is that it is possible to process payments without PIN or signature, but only for small amounts (typically below $25-$50). This way, if the customer's card or mobile wallet is stolen, the financial damage, per transaction, will not be higher than the maximum limit of the PIN-less payment (that is $25 to $50 each). But even with this commercial solution, the drawback is that the value of the theft ($25 - $50) can be repeated several times, possibly in different places, until the card is suspended by the owner. In any case, the industry has still not found any good technical solution to allow payments for higher amounts without PIN or signature, while reducing the risk of fraud in case of theft.

The patent application describes a payment method to address this point.

The following definitions are used throughout the description:

· a "seller" (e.g. merchant) is the party (person, business, entity) selling products and/or services to customers. By definition the scope is large, from service businesses (hospitality in general, restaurants, bars, hotels, lodging, parks, transportation, tourism, garage, other services, etc.) to product businesses (shops, retailers, software, games...). This definition also includes parties selling products and/or services "online", over the Internet;

· "Point of Sales" (POS) refers, in a broad definition, to the hardware and software elements used to make a payment transaction between the seller and the customer, when buying a product or a service. The POS can be a physical electronic cash register, a dedicated terminal for checkout (for instance equipped with a bar code scanner), a mobile point of sales (for instance to process a credit card at the customer's table in a restaurant), a smartphone, a tablet, a laptop, a computer, etc. By definition, the POS belongs to the seller. It is the entity the customer interacts with to process a payment;

• "Seller Equipment" (SE) refers, in a broad definition, to the hardware and software elements used by the seller and involved in the interaction with the customer. It includes the seller's POS as just defined, plus any other equipment used by the seller (for instance a mobile device, a tablet, a PC, a camera, a Wi-Fi or Bluetooth hub, a NFC gate) used at some point to interact with the customer;

· a customer's "mobile device" means any type of mobile communication devices carried by the customer and used at some point in the payment transaction and interaction with the seller. This can for instance be a smartphone, a regular mobile phone, a tablet, a computer, etc.

• a customer's "mobile device application" means an application (software) in the "mobile device" used at some point in the payment process and interaction with the seller. This can be an application running on the "mobile device" OS, an application downloaded to the "mobile device", a web application (browser- based), etc.

• the customer's "personal payment means" refers to any payment means the customer can use. These payment means can be for instance: a credit card, a debit card, a mobile wallet, a digital internet wallet, a pre-paid or post-paid customer account at the seller (e.g. the customer receives an invoice to be paid later), etc.

SUMMARY OF THE INVENTION

In accordance with one embodiment a payment method without PIN code or signature between a seller and a user having user's data comprising at least a first and a second personal identification items, at least one payment means, comprising the steps of : • An initialization stage: personal identification items are stored in a database and a payment limit is defined related to the seller.

• A payment stage: the seller obtains a first personal identification item from the user, and a second personal identification item from the user, from a distinct customer physical element. Using the database, the seller identifies the user based on the personal identification items, and in case of successful identification, processes with the payment without PIN code or signature using the payment means if the payment is below the payment limit.

ADVANTAGES

Accordingly several advantages of one of more aspects are as follows: to provide a payment method without PIN and signature, also for large payment amounts, which speeds up the payment transaction time, shortens the check-out waiting lines, does not expose personal PIN code or signature to others, and limits the financial risk in case of theft. Other advantages of one or more aspects will be apparent from a consideration of the drawings and ensuing description.

DRAWINGS-FIGURES

FIG. 1 shows the method with the personal identification items stored in the database

FIG. 2 shows the method with the personal payment means also stored in the database

FIG. 3 shows the method using customer purchase fingerprints

FIG. 3a shows an example of a shopping list, to build the customer purchase fingerprint

FIG. 3b shows an example of a list of purchases matching with the customer purchase fingerprint

FIG. 3c shows an example of a list of purchases that is not matching with the customer purchase fingerprint

FIG. 4 shows a database shared between several distinct sellers

REFERENCE NUMERALS

100 SE - Seller Equipment (including POS) 1 13 Face picture in physical element

101 Cash register 1 14 Vehicle license plate

102 Credit/debit card reader 1 15 Token

103 Scanner 120 Database

110 Mobile device 121 Personal Identification Items

11 1 Credit/debit card 122 Personal Payment Means

112 Loyalty card 123 Customer purchase fingerprint

DETAILED DESCRIPTION - FIG. 1 - FIRST EMBODIMENT

The Fig 1 describes the payment method to allow users to pay fast-track, without PIN and signature, while keeping a very high level of security. At the initialization stage, a database 120 stores at least a first and a second "personal identification item" 121 . These personal identification items are pieces of data from "physical elements" owned, carried or linked to the customer and helping identify the customer. For instance each of a personal identification item can be one of the below examples :

· customer names and card numbers, from credit/ debit cards 1 11 (the physical elements); it is not necessary to have the full card details in the database; in this embodiment the card details are used for an identification purpose, and not a payment purpose; for instance using the last four digits of the card number and the customer names as printed on the card would be sufficient;

• a mobile device unique number (NFC/RFID ID, phone number, IMSI, EMEI, etc.), from a mobile device 1 10 (the physical element);

• customer names and loyalty customer number, from a loyalty card 1 12 (the physical element);

• a customer face picture, fingerprint and other biometric data, from the customer (being the physical element himself);

• a license plate number from a license plate 1 14 (the physical element);

· a token ID from a token 115 (the physical element, e.g. tag, card)

• or any other personal identification data linked to a customer physical element (ID card number, etc.)

All together, the personal identification items available should be linked to at least two distinct physical elements (e.g. the customer mobile number from the mobile device, plus the customer credit card number - partial or not- from the credit card).

The seller defines the "communication channels" allowed to retrieve the personal identification items at the time of payment or before. Below is a non-exhaustive list of possible communication channels:

• contactless (e.g. NFC, RFID); typically used to retrieve personal identification items from the customer's mobile device, the contactless card or the contactless token;

• contact-based (e.g. chip card reader, magnetic stripe reader); typically used to retrieve personal identification items from a contact-based card or token;

• network-based (e.g. Internet, Mobile Internet, Wi-Fi, Bluetooth); typically used to retrieve personal identification items from the user mobile device (e.g. phone number, device mac address) or account (e.g. through a mobile check-in);

• visual (by the seller or its SE 100 equipment, video camera, camera, etc.); typically used to retrieve visible personal identification items (e.g . license plate in a drive-through, customer name from cards, customer face);

A payment limit is also defined, below which the payment can be done using the payment method without PIN code or signature at the seller's place.

OPERATION The customer is now at the seller's site and would like to pay using the current fast-track payment method.

The seller SE has access to the database. The first step is for the seller to retrieve a first personal identification item and at least a second identification item, from at least two distinct physical elements, to identify the customer.

Having at least two physical elements involved ensure a more reliable customer identification. On the opposite, relying only on one single physical element would drastically reduce the level of reliability of the method (higher risk of the single physical element to be stolen -e.g. the mobile device alone). A reliable method is based on a combination of at least two personal identification items from at least two distinct physical elements, as mentioned above, for instance:

• the customer mobile number from the mobile device, plus the customer credit card number -partial or not- from the credit card;

• the customer loyalty number from the loyalty card, plus the customer credit card number -partial or not- from the credit card;

• the customer license plate number from the license plate, plus the customer mobile device number from the mobile device;

• etc.

With the method it is possible to use more personal identification items (3, 4, 5, +). This would improve the reliability of the identification. The right balance has to be found, between the number of personal identification items used and the convenience for the customer. The goal is to make the method simple to use, fast, and as convenient as possible for the customer.

The example below shows how this customer identification step can be done, in a supermarket (as an example).

The first personal identification item comes from the customer mobile device through a first communication channel. This first communbation channel is preferably a short range communication path.

A big display is placed at the entrance of the supermarket: "for fast-track payment, please check in here or with the mobile device application". The first personal identification item (e.g. name or phone number) is retrieved from the customer mobile device. The first communication channel can for instance be:

• a contactless gate (e.g. NFC), part of the SE, available near the display

• a network channel (e.g. QR code available on or near the display, for the customer to check in)

• a check-in through the mobile device application

• an automatic check-in, when the customer mobile device is geo-localized in the supermarket geo-fence (the mobile device application and the mobile network are involved), or when the customer mobile device interacts with the internal supermarket wireless network (Wi-Fi or Bluetooth). This automatic check-in would typically need to be authorized by the customer, at the initialization stage, for data privacy reasons.

The seller can then pre-identify the customer at the time of the reception of the first personal identification item .

A time window can be opened after having retrieved this first personal identification item . It is the time period during which the customer can shop, check out and pay without PIN and signature, using the payment method (it could be for instance 1 hour).

The second identification item comes from the customer credit card. At the time of payment, the customer uses his credit/debit card in the card reader (contact or contactless). In this example, the personal payment means (here the credit card) is used firstly for identification purpose and secondly for payment purpose.

Then the seller can confirm the customer identity based on the retrieved personal identification items and the customer data in the database. This allows the payment without signature or PIN code.

Another example is provided below, with a seller offering a pre-ordering service through mobile devices (e.g. a fast-food restaurant).

The first personal identification item comes from the customer mobile device.

A customer preorders a service or a product from his mobile device. For instance the customer is on the way to the restaurant or is waiting in the fast-food waiting line; he checks the menu on his mobile device and orders it. In the pre-ordering process, the customer is identified and "checked-in". The seller has identified that the customer has pre-ordered something and that he will soon pay.

The second personal identification item comes from the customer credit card. At the time of payment, the customer uses his credit/debit card in the card reader (contact or contactless). The seller confirms the customer identity with the retrieved personal identification items.

Another example is described below, with a seller offering a drive-through service (e.g. a fast-food restaurant, petrol station).

The first personal identification item comes from the customer license plate, captured on video camera by the seller SE when the customer enters the drive-through. The first personal identification item is determined thanks to the acquisition of an image by image acquisition means at the seller location and the comparison of the acquired image with pre-recorded images related to the users. The image comparison is not limited to the number plate but can be the entire car that is acquired and compared with pre-recorded car images. The seller will preferably use an optical recognition program to extract the license number and compare this number with the pre-recorded license plate numbers. If a match if found the customer is pre-identified.

The second personal identification item comes from the customer mobile device. At the time of payment, the customer uses his mobile device, for example via NFC payment. In case that the license number plate and the mobile device number match a record in the database, the seller confirms the customer identity with the retrieved personal identification items and allows the payment without further verification . The second personal identification item can be acquired thanks to an answer to a message sent to the mobile device corresponding to the pre-identified license plate number. The identified license plate number is used to retrieve the mobile device number (or mobile device numbers) attached to this license plate number in the database. A message requesting the authorization of the user is sent to the retrieved number(s) and the user can send an acknowledgment. The reception of the acknowledgment is the second personal identification item.

In case that the personal identification items are not the personal payment means, the database, beside the first and the second personal identification items, comprises the personal payment means, for example in the form of a credit card number. These personal payment means are then used, after successful identification of the customer, to execute the payment transaction.

This is just a few examples of how the different personal identification items can be used by the seller to confirm the customer identity. They are many more combinations possible, based on the list of personal identification items and communication channels, as defined.

At this stage, it is assumed that the customer identity is confirmed, and that the payment amount is below the payment limit set in the method for the seller. The customer uses his payment means and the payment can go fast-track, without PIN and signature.

In case the customer identity cannot be confirmed or the payment is above the payment limit, the customer uses his payment means the regular way, with a PIN or signature.

ADVANTAGE

The advantage of the method is that it allows payment limits to be much higher than the regular PIN-less payment limits (being typically below $25-$50 with current credit cards or mobile wallets). At the same time it provides a much higher level of security compared to regular PIN-less card payments. Why?

First, the risk of theft is mitigated. Compared to the current situation: a thief stealing the payment card alone will allow him to process transactions below the PIN-less payment limit (of $25-$50), multiplied several times. Using the new payment method, the risk of theft is drastically reduced. The thief not only has to steal the payment card, but the customer mobile device as well.

Second, the use of a stolen card or mobile device is limited to the seller or sellers the customer is willing to pay fast-track with. Compared to the current situation: a thief stealing a payment card can process transactions below the PIN-less payment limit (of $25-$50), anywhere where the card is accepted.

Bottom line: the risk of theft is mitigated, the use of stolen cards / mobile devices is drastically limited, the PIN-less payment limit can be increased.

Examples:

For a supermarket:

• PIN-less payment with a regular credit card or mobile wallet (current status): $25-$50

· PIN-less payment with the current method: $200 (after mobile device and credit card identification) • Above $200: regular payment with PIN and signature

For a petrol station or drive-through:

• PIN-less payment with a regular credit card or mobile wallet (current status): $25-$50

• PIN-less payment with the current method: $200 (after license plate and mobile device identification) · Above $200: regular payment with PIN and signature

ADDITIONAL EMBODIMENT - Other limits and restrictions for the use of the personal identification items Other types of limits can be set, to increase the security further:

• a spending limit is authorized for a given time window (e.g. $300 can be spent in total per day);

• a spending limit is authorized for a given time window per seller (e.g. $200 per day per seller) · a territorial limit can be given (e.g. use of the fast-track system allowed in a given region);

• a limit for a territory and a seller (e.g. a given chain of supermarkets in a given region);

• with seller(s) located in the customer's mobile device geo-localization (geo-fence);

• the above mentioned limits can also be mixed together; for instance setting an amount limit per day, for a selected seller chain, in a given region, with sellers close to the mobile device localization.

At the same time, the customer fast-track account can also be suspended by the customer, whenever desired (for instance in case of thefts of personal identification items or personal payment means).

ADDITIONAL EMBODIMENT - loyalty points collected after the customer identification

The customer loyalty account number can also be stored in the database. From there, once the customer has been identified, the payment transaction and the loyalty transaction can be done right in one step. This way the customer no longer has to carry and show his loyalty card (unless it is used for identification purpose of course).

ADDITIONAL EMBODIMENT - account initialization stage done at the POS

The action of storing the personal identification items in the database can be done by the customer himself (for instance on a website). But it can also be done at the time of payment. The seller suggests the customer to store the personal identification items being used for the current purchase (e.g. loyalty card, credit card, mobile wallet). The customer agrees and the SE transmits the personal identification items to the database for storage.

ADDITIONAL EMBODIMENT - customer face picture on customer physical element

The method can also make use of a loyalty card, or credit card, with the customer face picture 113 printed on it. For instance a seller offers a fast-track PIN-less and signature-less payment service to its customers. The participating customers receive a loyalty card with their face picture printed on it. It allows the seller to do an additional visual check. It will increase the reliability of the identification further.

ADDITIONAL EMBODIMENT - use of license plate by a group of people

The use of a license plate as a personal identification items deserves a closer look. With traditional license plate recognition methods (for instance for toll roads), the license plate is linked to a single account, which can be billed right away (the vehicle is using the road and the vehicle owner has to pay).

However this method is not applicable for payments at a drive-through or petrol station, because the customer inside is the one to be billed, not the vehicle owner. The payment method should address the concern that several people might actually be linked to the same license plate (e.g. family members using the same vehicle), and only the right person should be billed.

This embodiment is applicable to any transactions where a vehicle is used and the customer in the vehicle is the one to be charged (as opposed to charging the vehicle owner). This is typically for transactions at a car filing station (gas station, charging station, etc.), at a drive-through, at a drive-in, at a garage, at a car wash, etc.

The example of a fast-food drive-through restaurant will be used in the description.

The vehicle enters the drive-through. A video system reads the vehicle license plate. Such systems are not costly and complex to install, especially in a drive-through, where all vehicles move on the same lane, and rather slowly. With the video system, the seller and/or the SE checks in the database if the license plate is linked to any fast-track customer account. This process can obviously be automated using the SE.

The database reveals a list of customers linked to the license plate. The list of customers might for instance be the family members using the same family vehicle; or several employees using a company vehicle.

Typically, in a toll road payment system, at this stage the process would then go straight to the payment: the vehicle has been identified as using the service (the road) and the vehicle owner has to pay. However, in a drive-through, drive-in or petrol station, the payment cannot be done until the person in the vehicle has been formally identified. The person is the one to be billed. The payment method needs an additional step, described here. The license plate identification has led to a short-list of potential customers (hereafter called "short-listed customers"); the next step is to check whether one of them is in the car.

This is where the second personal identification item comes in. As described earlier, the second personal identification item can for instance be:

· a customer mobile device number. It can be retrieved using a) the mobile device geo-localization

(one of the short-listed customers is geo-localized at the seller's place), b) a contactless communbation (one of the short-listed customers is tapping his NFC device on the seller's SE) or e) a network-based communication (one of the short-listed customers has checked in through the mobile device application, or the mobile device is recognized as being in the seller's Wi-Fi range or Bluetooth range). • a customer credit/debit card number. One of the short-listed customers uses his card in the SE. In a petrol station, a remote SE equipment (e.g. for payment at the pump) can be installed close to the petrol pump;

• a customer loyalty card number;

· a customer token ID (contact or contactless);

• a visual identification. The seller checks the faces of the people in the vehicle with the face pictures of the short-listed customers showed by the database;

An alternative embodiment is for the database to push messages to the short-listed customers' mobile devices (e.g. "Dear John, the vehicle in your fast-track account is now at the drive-through restaurant X, do you confirm the payment of $55?"). The drawback is that, Mary, the wife, also receives a "Dear Mary, the vehicle in your fast-track account is now at the drive-through restaurant X, do you confirm the payment of $55?", while she is actually doing something else. She could simply ignore the message, knowing that one of the other family members is using the vehicle. But getting unnecessary messages can become annoying on the long run. The solution is to send the confirmation message in an unobtrusive way (unlike a regular SMS which is obtrusive), that is, having a message to pop-up and/or beep in the mobile device only under specific conditions:

• the confirmation message (e .g . an in-app message, not SMS) is sent to the mobile device application of all the short-listed customers but it is only visible/audible when the mobile device is located within the geo-fence of the seller's site

· the confirmation message (e.g. an in-app message, not SMS) is only sent to the mobile device of the short-listed customers which are within the geo-fence of the seller's site.

ADDITIONAL EMBODIMENT - FIG. 2 - Payment method with personal payment means stored in the database

In addition to storing the personal identification items, the database can also store the customer personal payment means 122. The customer identification process remains the same as above. The difference is that, when the seller has confirmed the customer identity, it may use the customer personal payment means from the database to process the payment.

In addition to the PIN-less payment limit, applicable to the personal payment means stored in the database, another limit can be set, below which the stored personal payment means can be used with a PIN-code. For instance, the PIN-less payment limit might be set to $200, and the PIN-based payment limit might be set to $500.

ADDITIONAL EMBODIMENT - FIG. 3 - Payment method with customer purchase fingerprints

This embodiment uses the loyalty program data to create a "customer purchase fingerprint" 123 that becomes one of the personal identification items. It targets sellers who typically provide a large palette of products/ services and see very regular visits from their loyal customers. Typically supermarkets and hypermarkets fall in this category. They have thousands of different items available (SKUs -Stock Keeping Units) and have very frequent visits from their loyal customers (e.g. once or twice a week). The example of a supermarket is used for the rest of the description. It is a very relevant case as it concerns pretty much all consumers. However the method can be applied to any type of businesses where the customer's purchase history can be unique enough to give a significant input to confirm the customer's identity.

The first step is to build a "customer purchase fingerprint". This "fingerprint" shows what the customer is used to buy at the store. Typically the fingerprint can be built from the list of items purchased by the customer under a loyalty program. An individual customer purchase fingerprint can be easily defined. The supermarket offers thousands of different items or SKUs. And at the end the day the customer only buys a fraction of them. FIG. 3a shows an extremely simplified case. As opposed to thousands of items, only 20 items are showed, 50% of them being regularly bought by the customer. The different items are listed from PID1 to PID20. The best-selling items have a smaller PID. The items closer to PID20 are purchased by a few customers only. An empty field means that no piece was purchased.

The figure shows already some individual patterns leading to a "purchase fingerprint". Many elements of a customer fingerprint can be derived from this extremely simple example already:

• the customer buys the items PID1 , PID3, PID6, PID14 and PID18 regularly, more than once a week;

• while the items PID1 and PID3 are high-volume items, sold to many customers, the items PID14 and PID18 have much lower volumes and bring more uniqueness to the customer purchase fingerprint;

• the customer buys the items PID5, PID9, PID10, PID1 1 , PID16 less regularly;

• the customer does not buy the high-volume items PID2, PID4, PID7, PID8, which also brings more uniqueness to the customer purchase fingerprint;

• the customer does not buy the less common items PID12, PID13, PID15, PID17, PID19, PID20;

• the customer comes to the store about twice a week;

• the customer spends an average of $94 per visit;

• the customer buys an average of 5 items per visit;

• the customer buys an average of 8.17 pieces per visit;

• the amount ranges from $45 to $148;

• the customer tends to shop on Saturday mornings, but also on Monday evenings and sometimes on Wednesday afternoons;

• etc.

This is a very simple and high-level view, using data from only 6 visits and 20 items to choose from. It can already be used to derive a customer purchase fingerprint. Growing this table to a real case would show even clearer or more unique fingerprint patterns: a customer buying 50 to 100 different items, out of 5000 available items in the store, and doing this twice a week, for several years. The table would have hundreds of lines and thousands of columns.

At this stage it is important to note that the customer purchase fingerprint does not have to identify the customer with 100% reliability. It might, but it is not the point. The point is that the customer purchase fingerprint can be used as a way to "confirm" a customer identity. For instance a customer is at a POS and a first personal identification item is retrieved (e.g. from the credit card or mobile wallet); the payment method confirms then that the goods being currently purchased match with the customer purchase fingerprint. The payment can proceed without PIN and signature. In case the customer identity cannot be confirmed with the customer purchase fingerprint, the payment proceeds the normal way, with a PIN or signature.

Complex mathematical and statistical analysis can be done using this customer purchase data, for instance using data mining techniques. A few hints are provided below, though there are no limits to what can be done. Here the objective is to show that the huge amount of data collected by the supermarket for marketing purposes, initially, can be used for the new purpose of customer identification.

The term "piece" refers to each individual piece, possibly of the same item/SKU/product/PID. For instance 3 bottles of milk of the same item/SKU, means 3 "pieces" of the same item/SKU.

The figures given below in the list are based on the examples of FIG. 3a using all the figures of the table (i.e. the time window looked at is the entire table's). The following analysis shows possible ways to build a customer purchase fingerprint:

• the range of the number of pieces bought per item/SKU per visit, over an unlimited time window or a given time window (the range expresses here the minimum and maximum values);

e.g.: PID2 has never been bought; the range is {0-0};

e.g.: PID14 is frequently bought; the range is {0-3};

e.g.: PID16 is rarely bought; the range is {0-1 };

• the mean value of the number of pieces per item/SKU per visit, over an unlimited time window or a given time window:

e.g.: PID2 has a mean value of 0;

- e.g.: PID14 has a mean value of (3+2+0+1 +2+2)/6=1 .67 (rounded up);

- e.g.: PID16 has a mean value of (0+0+0+1 +0+0)/6=0.17 (rounded up);

• the absolute deviation of the number of pieces per item/SKU per visit, over an unlimited time window or a given time window; the absolute deviation is expressed here as the mean of the equally likely absolute deviations from the mean (it is assumed in this example that the samples are all with the same probability);

e.g.: PID2 has an absolute deviation of 0;

- e.g.: PID14 has an absolute deviation of (|3-1 .67| + |2-1 .67| + |0-1 .67| + |1 -1 .67| + |2-1 .67| + |2-1 .67|)/6 = 0.78 (rounded up); - e.g.: PID16 has an absolute deviation of (|0-0.17| + |0-0.17| + |0-0.17| + |1 -0.17| + |0-0.17| + 10-0.17|)/6 = 0.28 (rounded up);

• the variance of the number of pieces per item/SKU per visit, over an unlimited time window or a given time window; the variance is expressed here as the mean of the equally likely squared deviations (it is assumed in this example that the samples are all with the same probability);

e.g.: PID2 has a variance of 0;

- e.g.: PID14 has a variance of ((3-1 .67) ² + (2-1 .67) ² + (0-1 .67) ² + (1 -1 .67) ² + (2-1 .67) ² + (2- 1 .67) ² )/6=0.88 (rounded up);

- e.g.: PID16 has an absolute deviation of ((0-0.17) ² + (0-0.17) ² + (0-0.17) ² + (1 -0.17) ² + (0- 0.17) ² + (0-0.17) ² )/6=0.14 (rounded up);

• the percentage of item bought, over an unlimited time window or a given time window:

e.g.: PID18 makes 10% of the customer purchase list, in terms of pieces (5 out of 49);

e.g.: PID2 makes 0% of the customer purchase list, in terms of pieces (0 out of 49);

• the average number of pieces taken when they are bought, over an unlimited time window or a given time window:

e.g.: on average, when PID18 is bought, 1 .25 pieces are taken (5/4);

• the purchase frequency, per item, over an unlimited time window or a given time window:

e.g.: PID18 is bought at an average frequency of 1 .67 pieces per week;

Data mining and analysis tools can extract any other relevant data to identify the customer, such as:

· is there any correlation between the product bought and the time (time and day of week, season)?

• is there any correlation between products being purchased together? (e.g. steak with fries)

• is there any frequency or pattern in the purchase amounts over time? (e.g. large amount on Saturdays, smaller amounts on the week days, larger amount at the beginning of each month, etc.)

• after a visit, what is the typical number of days for the customer to come again?

· after a visit with a large payment amount, what is the typical number of days for the customer to come again?

• etc.

It is important to note that many statistical techniques and algorithms can be used to derive a customer purchase fingerprint with unique patterns and correlation (using the covariance, the Bienayme formula, etc.) There is really no limit. For the sake of clarity, in this patent application the customer purchase fingerprint embodiment is described using a few simple techniques, which can definitely be used in a real

implementation. The customer purchase fingerprint is now defined . The next step is to use it as a personal identification item . OPERATIONS - FIG. 3

A customer has been coming regularly to the seller's site (e.g . supermarket) for a while. A unique "customer purchase fingerprint" 123 has been built. It is now stored in the database 120 as a personal identification item . The customer is now at the store POS, ready to pay. The selected products are being scanned at the cash register 101 (selected products hereafter called "list of current purchases"). They form a set of customer physical elements, from which a fingerprint can be derived.

Another personal identification items is retrieved, or has been retrieved, by the seller (e.g. mobile device, credit card, loyalty card). A customer identification confirmation is needed, using the customer purchase fingerprint, to proceed with the payment without PIN and signature. The next step is to compare the fingerprint from the "list of current purchases" and the customer purchase fingerprint stored in the database. Many different statistical techniques can be used to define the level of correlation/matching between different sets of data (e.g. using the variance, deviation, correlation coefficient, for all or each set of data, etc.). The following examples are based on a few simple techniques, which can definitely be used in real case implementations. For instance:

• each item from the list of current purchases is compared to the statistical value of the same item in the customer purchase fingerprint. For instance:

checking whether the item from the list of current purchases has already been bought by the customer;

- checking whether the number of pieces of this item correlates with the statistical values of the item in the customer purchase fingerprint. Is the number in the typical range (as defined earlier)? How close it is to the mean? Etc.;

checking the frequency of purchase, etc.

• each item from the list of current purchases can be compared to its statistical values in the customer purchase fingerprint. However, in the global comparison (with all the items), different weights can be given to the different items: e.g. low-volume items bought are strong markers in the uniqueness of the customer purchase fingerprint; more weight can be given ; high-volume items NOT bought are strong markers in the uniqueness of the customer purchase fingerprint; more weight can be given.

Simple examples are provided in the next figures. If the comparison shows a good "matching level" the customer identity is confirmed. Of course a good matching level does not need to rely on a 100% matching to confirm the customer identity. The method should allow some room. For instance the customer should be able to buy a couple of new items, never bought before. What matters more is to be able to set a matching threshold (for instance, 90%, 95% or 99%). Above the matching threshold the customer identity is confirmed; and below the matching threshold it cannot be confirmed.

FIG. 3b shows an example of good matching level. The first l ine shows the list of current purchases which needs to be compared to the customer purchase fingerprint. In this example: • the items purchased in the list of current purchases have all already been purchased by the customer at least once (PID1 , PID3, PID5, PID9, PID14, PID18);

• the customer has bought his favorite low-volume products (PID14 and PID18);

• the customer has bought his favorite high-volume products (PID1 and PID3);

• the customer has not bought any of the high-volume products he has never bought before (PID2, PID4, PID7, PID8);

• the customer has not bought any low-volume products he has never bought before (PID12, PID13, PID15, PID29, PID20);

• the purchase amount is in the normal range of the customer purchase fingerprint;

• the day and time is in the normal shopping window of the customer purchase fingerprint.

The comparison can be quantified to confirm the identity. For instance the following criteria and threshold can be used. Again, this analysis is made simple for the sake of clarity (but it is usable). Criteria can be:

1 . at least 95% of the items in the list of current purchases are, per item/SKU, within the range of the number of pieces bought, in the customer purchase fingerprint;

2. at least 30% of the items in the list of current purchases are in the category of low volume items (defined here as being the items from PID1 1 to PID20); they are strong "markers" in the uniqueness of the customer purchase fingerprint;

3. the total amount is within the typical customer's range;

4. there is at least 1 day of interval between the date of purchase (of the list of current purchases) and the last purchase in the customer purchase fingerprint;

5. the number of different items in the list of current purchases is within the range of the number of different items in the customer purchase fingerprint;

6. customer identity is confirmed if the 5 criteria above-mentioned are ALL passed.

The result using these matching criteria would then be:

1 . at least 95% of the items in the list of current purchases are, per item/SKU, within the range of the number of pieces bought, in the customer purchase fingerprint: the result is 100%; it is a "PASS";

2. at least 30% of the items in the list of current purchases are in the category of low volume items (defined here as being the items from PID1 1 to PID20): the result is 2/6 = 33%; it is a "PASS";

3. the total amount is within the typical customer's range: the result is $65, within the range of {45;148}; it is a "PASS";

4. there is at least 1 day of interval between the date of purchase (of the list of current purchases) and the last purchase in the customer purchase fingerprint: the result is 1 day; it is a "PASS"; 5. the number of different items in the list of current purchases is within the range of the number of different items in the customer purchase fingerprint: the result is 6 different items, which is within the range of {2;8}; it is a "PASS";

With 5 "PASS", the customer identity is confirmed by the current list of purchases!

In case the comparison shows a weaker correlation between the current list of purchases and the customer purchase fingerprint, the customer identity cannot be confirmed with a good level of reliability. The customer can still proceed and pay, but this will be using his PIN code or signature.

Next step, after a successful payment, the current list of purchases becomes part of the history of purchases of the customer. The customer purchase fingerprint can be adjusted.

FIG. 3c shows an example of a current list of purchases that does not allow the confirmation of the customer identity. In this example:

• many new items have been purchased here, which have never been purchased before (PID3, PID4, PID8, PID12, PID15, PID17, PID20);

• the purchase amount is above the normal range;

Using the same criteria and threshold as in the previous example, the result would be:

1 . at least 95% of the items in the list of current purchases are, per item/SKU, within the range of the number of pieces bought, in the customer purchase fingerprint: the result is 46% (6/13); it is a "FAIL";

2. at least 30% of the items in the list of current purchases are in the category of low volume items (defined here as being the items with PID from PID1 1 to PID20): the result is 6/13 = 46%; it is a "PASS";

3. the total amount is within the typical customer's range: the result is $350, within is not in the range of {45;148}; it is a "FAIL";

4. there is at least 1 day of interval between the date of purchase (of the list of current purchases) and the last purchase in the customer purchase fingerprint: the result is 1 day; it is a "PASS";

5. the number of different items in the list of current purchases is within the range of the number of different items in the customer purchase fingerprint: the result is 13 different items, which is outside the range of {2;8}; it is a "FAIL";

With 2 "PASS" and 3 "FAIL", the customer identity cannot be confirmed using the current list of purchases. The seller can ask the customer to pay the normal way or provide other personal identification items to validate his identity.

The FIG. 3, 3a and 3b show how the customer purchase fingerprint can be used as an additional personal identification item. Typical use cases would be:

• the customer inserts his credit card in the card reader. The customer identity is revealed. The fingerprint of the list of current purchases matches the customer purchase fingerprint. The customer identity is confirmed. The payment can proceed , with no PIN or signature. If the customer identity cannot be confirmed by the customer purchase fingerprint, the customer has to enter his PIN code or sign the receipt.

• On the same principle, the first personal identification item can be the customer's loyalty card , the mobile device, or any other personal identification items listed earlier.

ADD ITIONAL EMBODIMENT - use of license plate by a group of people

It might be that the seller SE does not have enough time to check the customer purchase fingerprint once the credit/device has been swiped or inserted. Time is crucial at this stage. In this case, the fingerprint from the list of current purchases is bu ilt on the fly and compared with the database of customer purchase fingerprints, before the credit/debit card is used . A short list of matching customers is revealed . Finally, when the debit/credit card is used, the identification is confirmed if the identified customer is part of the list of customers matching based on the list of current purchases.

ALTERNATIVE EMBODIMENT - Scanning in aisles

Scanning the products in the aisles is also possible. There is nothing really different in terms of customer purchase fingerprint. The only difference is that the list of current purchases in built on the fly. Other than that, the same methods as with a scanning at the POS, apply.

ALTERNATIVE EMBOD IMENT - customer purchase fingerprints built from other sources than loyalty programs

As opposed to using the loyalty program as the main source of data to build the customer purchase fingerprint, any other database collecting data about the customer purchase habit or shopping history can be used : data from the SE/POS recording the customer purchases, data from online shopping carts (which are linked to the customer), data from customer's digital wallets (mobile or internet), etc.

ADD ITIONAL EMBODIMENT - customer purchase fingerprint uniqueness

The method has to have sufficient customer data to be able to define a reliable customer purchase fingerprint. The method can be made effective only when the customer purchase fingerprint is unique enough. Some criteria of uniqueness (of the customer purchase fingerprint) can be defined, such as:

• The variation with the closest fingerprint should be significant enough:

a (simple) customer purchase fingerprint shows that his favorite products are {PID1 , PID3, PID5, PID6, PID9, PID10, PID1 1 , PID14 and PID18};

- the closest customer has another fingerprint which is {PID1 , PID3, PID5, PID6, PID7, PID8,

PID1 1 and PID 18};

the two fingerprints differ (on PID7, PID9, PID 10 and PID14); the fingerprint is unique enough to be used ; • The customer purchase fingerprint corresponds to less than x% of the customer base (e.g. 1 %). The percentage can for instance be a maximum value or an average value. It means that, when simulating purchases from all customers based on statistical variances of their purchase lists, less than x% of the results will lead to the given customer purchase fingerprint.

ADDITIONAL EMBODIMENT - FIG. 4 - Payment method with several distinct sellers

The database can also be used by several distinct sellers. Some personal identification items might be common to the different sellers (for instance the customer mobile number) and some other items might be unique for each seller (for instance the customer loyalty card number).

Optionally the customer can decide which seller he would like to have the stored personal identification items and personal payment means available for. For instance, the customer might agree to use the database for payments at the participating supermarket nearby, but not at the participating restaurant nearby (he rarely eats there).

By selecting the sellers the customer is willing to use the payment method with, the security risk is reduced. If personal identification items and personal payment means are stolen (e.g. the credit card and mobile device), they can only be used with the few sellers selected by the customer.

Optionally, the customer might store several personal payment means. He might also define an order of preference, possibly per seller.

ADVANTAGES

From the description above, a number of advantages of some embodiments become evident.

The payment experience and checkout process is drastically improved . Payments can be done without PIN code or signature, even for important amounts, while keeping a high level of security:

• the payment experience is improved;

• the time spent for a payment is reduced;

• the checkout waiting lines are shortened;

· the burden on the seller's staff is reduced ;

• no personal PIN or signature is exposed to others.

In addition, if a loyalty program is used, the collection of points is done in the same process. No need to show a loyalty card, plus a payment mean. Once the customer is identified by the seller, the loyalty points are automatically collected on his loyalty account. The customer experience is improved even further.

CONCLUSION , RAMIFICATION AND SCOPE

Accordingly, the reader will see that the various embodiments can be used for small to large payment amounts, speeding up payment transaction times while keeping a high level of security and reducing the financial risk in case of theft. While the above description contains many specific elements, these should not be construed as limitations on the scope, but rather as an exemplification of several embodiments thereof. Many other variations are possible. Notably:

• Any pieces of data from "physical elements" owned, carried or linked to the customer and helping identify the customer can be considered as a personal identification item. It can be unique to the customer (e.g. credit card number) or it can be shared by a small group of users (e.g. license plate). The essence of the method is to make use of the available personal identification items to offer the new function of payment, without PIN or signature, for high amounts.

• Communication channels refer to any ways for the seller to retrieve personal identification items from the customer; the communication channels are not limited to the list provided in the description.

• The database is not bound to any player in the payment process or loyalty program process; for instance it can very well be managed by a seller, by a credit/debit card company, by a mobile wallet company, by a payment processing company, by a loyalty program company, etc.

• The customer purchase fingerprint embodiment makes use of customer purchase data, built for marketing analysis purposes, and makes a new use of it: the customer identification. There are barely no limits on how statistical techniques and data-mining techniques can be used to build the customer purchase fingerprint, and to check the correlation between the fingerprint of the list of current purchases and the customer purchase fingerprint.