A REMOTE PAYMENT SYSTEM AND METHOD Technical Field

The present invention relates to a remote payment system and method which considerably facilitates user verification transaction without affecting security during payment transaction being carried out over internet connection provided from mobile operator network.

Background of the Invention

Today, internet usage in commerce and shopping becomes widespread at a fast pace upon communication technologies develop and accelerate. For shopping carried out in digital environments, security issue has always been accepted as one of the issues of the highest priority. Customers usually hesitate sharing their credit card information during payment transaction in the course of shopping done in websites. Today, different verification methods are used for payments which are made remotely by credit card in electronic commerce and mobile commerce transactions. Some of these methods verify credit card while the others verify credit card user. It is very important to verify the user and to guarantee that the card is not being used by another person in payment transactions made by credit card. At the present time, the most reliable method accepted all over the world and by all authorities is 3 Dimensional Security (3-D Secure) verification.

In secure payment systems with 3 Dimensional Security System used in the state of the art, the user firstly enters the website or the mobile application of the merchant and then proceeds to the payment step after completing the shopping. In this step, the user selects the payment method and gives payment order by entering his/her information. After the payment order is received, the merchant initiates the payment transaction to be carried out by 3 Dimensional Security System. Card information such as for example credit card -which are entered by the user in order that the payment transaction is carried out over current merchant plug-in (MPI) application- are queried by access management system (ACS Access Control System) of a financial institution such as bank with which the card is connected and if it is determined that the card is available for payment transaction as a result of the query transaction, information of the said 3 Dimensional Security Verification page are received. Thereupon, the merchant plug-in directs the electronic device of the user who makes contact with the merchant such as for example mobile phone, smartphone, tablet computer to the 3 Dimensional Security Verification page of the financial institution. After the electronic device is directed to the 3 Dimensional Security Verification page, the access management system receives the demand for 3 Dimensional Security Verification and fulfils this demand. In order that the demand is fulfilled, the access management system sends a single-use password to the user's phone number included in the records of the financial institution and associated with the related card and it asks the user to enter this password reaching his/her phone to the related part in the 3 Dimensional Security Verification page. The access management system compares the password sent to the user with the password entered to the related part in the 3 Dimensional Security Verification page by the user and completes the verification transaction. In the event that the password entered by the user is verified, the access management system composes return message in an encrypted way, signs it based on the pre-determined protocols and sends the message comprising the 3 dimensional security verification codes in thereof to the merchant plug-in over the messaging connection established with the user ^' s electronic device. Then, the user's electronic device is directed to the merchant plug-in and it receives reply from the merchant plug-in. The merchant plug-in verifies the signed message received from the access management system and sends payment request to the merchant financial institution. And the merchant financial institution receives provision approval by sending it to the financial institution which is associated with the card used in the payment transaction over common network infrastructure together with the 3 dimensional security verification codes. The United States patent document no. US2012231771 discloses a method and system for a remote payment authorization. A customer uses a computer in order to browse a product displayed on the internet. The customer enters a unique number into the computer. This unique number is authorized and an authorization code is sent to the customer's communication device. The customer enters the authorization code into the computer to complete the transaction.

The Turkish patent document no. TR200801801 discloses a method and system for transmitting commercial transaction data over a mobile phone without using a credit card between a member business and a customer. The system operating according to the said method enters the mobile number of the customer and the payment amount to the webpage specific to the business and then transmits the provision demand to the bank server; if the number is registered in the system, the bank server queries whether the credit card status is available for carrying out transaction or not; in the event that the customer approves the transaction, s/he replies by entering the credit card password to the SMS sent to his/her phone; it is controlled by the bank server whether the credit card password is correct or not; if it is correct, provision is given to the business for the transaction.

The South Korea patent document no. KR101550825 discloses a system for user identity authentication during online payment. In the said system, the card information -whereby payment would be made- are received and then the phone number matched with the related card is sent to the network management unit. In the invention, this number sent is compared with the phone number obtained over a wireless network. If the result of the comparison is positive, the user identity authentication is completed.

Summary of the Invention

An objective of the present invention is to realize a remote payment system and method which considerably facilitates user verification transaction without affecting security during payment transaction being carried out over internet connection provided from mobile operator network.

Detailed Description of the Invention

"A Remote Payment System and Method" realized to fulfill the objective of the present invention is shown in the figures attached, in which:

Figure 1 is a schematic view of the inventive system.

Figure 2 is a flow chart of the inventive method.

Figure 3 is a continuation the flow chart included in the Figure 2.

The components illustrated in the figures are individually numbered, where the numbers refer to the following:

1. System

2. Mobile communication network

3. Electronic device

4. Electronic device identity detection unit

5. Merchant's server

6. Payment intermediary financial institution access management system

7. Merchant financial institution

8. Electronic device identity query unit

9. Payment intermediary financial institution's 3 dimensional security verification system

100. Method

Persons or institutions who send a payment order comprising of a payment intermediary such as credit card to a merchant over mobile internet by means of an electronic device such as mobile phone, smart phone, tablet computer by using mobile internet service provided by a mobile network operator are referred as user within the description. Persons or institutions who receive the payment orders sent via the users by using mobile internet service through their electronic devices are referred as merchant within the description.

An institution such as bank with which the payment intermediary stated by the user is associated is referred as payment intermediary financial institution within the description. An institution such as bank wherein the merchant's financial accounts are located are referred as merchant financial institution within the description.

The inventive remote payment system (1) which considerably facilitates user verification transaction without affecting security during remote payment transaction being carried out over mobile internet connection provided by mobile network operator essentially comprises:

at least one mobile network operator (not shown in the figures) which provides a mobile communication service for example such as mobile internet service over a mobile communication network (2) in global system for mobile communications (GSM) for its subscribers;

at least one electronic device (3) which essentially has at least one private number, in other words a phone number, that is assigned by the mobile network operator order to benefit from services such as mobile internet provided by the mobile network operator order; and enables to give payment order that comprises the payment intermediary information determined at least by the user for the payment transaction of a good or service received from e merchant over the said mobile internet service;

at least one electronic device identity detection unit (4) which is located within the mobile network operator and enables to detect the private number of the electronic device (3) that is assigned at least by the mobile network operator based on the IP (Internet Protocol) address of the electronic device (3) using mobile internet during the usage of mobile internet; at least one merchant's server (5) which receives the payment order that is sent over mobile internet through the electronic device (3) by the user; and is in communication with the payment intermediary financial institution in order to control validity and accuracy of the payment intermediary information that are stated in the said payment order;

at least one payment intermediary financial institution access management system (6) which is located within the payment intermediary financial institution; is in communication with the electronic device (3), the electronic device identity detection unit (4) and the merchant's server (5); receives the payment intermediary information inside the payment order that is sent by the user from the merchant's server (5) and controls whether the said payment intermediary is valid or not; if the payment intermediary is not valid, sends message to the merchant's server (5) about the fact that the payment intermediary is not valid in order that the user is informed; if the payment intermediary is valid, sends information -that are necessary for the electronic device (3) to be able to send message to it automatically in order that the security transactions required for realizing the payment are carried out- to the merchant's server (5); when a message reaches it from the electronic device (3), compares the private number of the electronic device (3) detected by the electronic device identity detection unit (4) with the private number of the electronic device (3) that is registered in itself and associated with the related payment intermediary previously; if it detects as a result of the comparison transaction that the two numbers compared are same with each other, gives security approval for making the payment order of which is sent by the user; and sends the information related to this approval to the merchant's server (5);

at least one merchant financial institution (7) which is in communication with the merchant's server (5) and the payment intermediary financial institution; and demands provision from the payment intermediary financial institution for realizing the payment by receiving the information related to the security approval that is sent to the merchant's server (5) by the payment intermediary financial institution access management system (6) and getting in contact with the payment intermediary financial institution.

The inventive remote payment system (1 ) also comprises at least one electronic device identity query unit (8) which is located within the mobile network operator; in communication with the payment intermediary financial institution access management system (6); and enables to determine the identity of the electronic device (3) comprising at least the private number of the electronic device (3) by carrying out query transaction on the payment intermediary financial institution access management system (6) with the IP information of an electronic device (3).

The mobile network operator included in the inventive remote payment system ( 1 ) enables its subscribers to benefit from services such as short message, call and internet in global system for mobile communications over the mobile communication network (2) by means of their electronic devices (3) over a private number assigned for them, in other words phone number, by it.

The electronic device (3) included in the inventive remote payment system (1) is a device such as mobile phone, smart phone, tablet computer which enable a user to benefit from services such as short message, call and internet provided over a mobile network (2) by a mobile network operator over a private number assigned for the user by the mobile network operator. In one preferred embodiment of the invention, the user sends the payment order -which comprises at least the information of a payment intermediary for example such as credit card whereby the payment will be made in thereof for the product or service bought from a merchant's application that can be run on the electronic device (3) or website by means of his/her electronic device (3)- to the merchant's server (5) over the mobile internet provided by the mobile network operator by means of the electronic device (3). The electronic device identity detection unit (4) included in the inventive remote payment system (1) is located within the mobile network operator and when the electronic device (3) utilizes the internet provided by the mobile network operator, it detects the IP (Internet Protocol) address information used by the electronic device (3) and thus accesses the private number of the electronic device (3) -which is assigned at least by the mobile network operator- from this IP address information detected. In one preferred embodiment of the invention, the electronic device identity detection unit (4) detects the private number related to the said electronic device (3) from the IP information of the electronic device (3) sending the message, inserts the said private number detected into the message as well and thereby ensures that the message accesses the payment intermediary financial institution access management system (6) if the message sent by the electronic device (3) is not encrypted by an encryption technique for example such as secure socket layer (SSL) during sending message from the electronic device (3) to the payment intermediary financial institution access management system (6) automatically in order that security verification transaction is carried out by the payment intermediary financial institution access management system (6). In an alternative embodiment of the invention, the payment intermediary financial institution access management system (6) can carry out query transaction in the electronic device identity detection unit (4) in order to determine the private number of the electronic device (3) by connecting to the electronic device identity detection unit (4). The merchant's server (5) included in the inventive remote payment system (1 ) is in communication with the electronic device (3), the payment intermediary financial institution access management system (6) and the electronic device identity query unit (8). The merchant's server (5) receives the payment order that is received over the mobile internet provided by the mobile network operator from the electronic device (3) and comprises at least the information related to a payment intermediary for example such as credit card whereby it is desired to make payment in thereof. The merchant's server (5) gets in contact with the payment intermediary financial institution access management system (6) after it receives the payment order and sends the payment intermediary information included in the payment order to the payment intermediary financial institution access management system (6) so as to be controlled whether the payment intermediary is valid or not. If it is determined by the payment intermediary financial institution access management system (6) that the payment intermediary is not valid, the merchant ^' s server (5) informs the user over the electronic device (3) about the fact that the payment intermediary included in the payment is not valid. The merchant's server (5) receives the information - which are required for the electronic device (3) to send message to the payment intermediary financial institution access management system (6) automatically- from the payment intermediary financial institution access management system (6) and sends the said information to the electronic device (3) if it is determined by the payment intermediary financial institution access management system (6) that the payment intermediary is valid. In one preferred embodiment of the invention, the merchant's server (5) connects to the merchant financial institution (7) by receiving the information related to the said approval from the payment intermediary financial institution access management system (6) and triggers the merchant financial institution (7) on the subject of receiving provision from the payment intermediary financial institution for carrying out the payment transaction if the payment transaction is approved after the security approval transaction carried out by the payment intermediary financial institution access management system (6). The merchant's server (5) gets in contact with the electronic device (3) by receiving the acknowledgement related to the said transaction from the payment intermediary financial institution access management system (6) and informs the user over the electronic device (3) about the fact that the security verification approval cannot be taken related to the payment transaction if the payment transaction is not approved after the security approval transaction carried out by the payment intermediary financial institution access management system (6). In one preferred embodiment of the invention, messagings between the merchant's server (5) and the payment intermediary financial institution access management system (6) are carried out over at least one merchant plug-in (MPI) interface.

The payment intermediary financial institution access management system (6) included in the inventive remote payment system (1) is located within the payment intermediary financial institution and it is in communication with the electronic device (3), the electronic device identity detection unit (4) and the merchant's server (5). The payment intermediary financial institution access management system (6) receives the payment order sent by the merchant's server (5) and comprising at least the payment intermediary information in thereof and it controls whether the said payment intermediary is valid or not by means of the information recorded in thereof. The payment intermediary financial institution access management system (6) sends message to the merchant's server (5) about the fact that the payment intermediary is not valid in order that the user is informed by getting in contact with the merchant's server (5) if it detects that the payment intermediary is not valid as a result of the controlling transaction. The payment intermediary financial institution access management system (6) sends information necessary for the electronic device (3) to send message to itself automatically in order to carry out verification security transactions required for making the payment by getting in contact with the merchant's server (5) if it detects that the payment intermediary is valid as a result of the controlling transaction. In one preferred embodiment of the invention, the payment intermediary financial institution access management system (6) carries out the security verification transaction when message is received from the electronic device (3). The payment intermediary financial institution access management system (6) receives the message -which is sent by the electronic device (3) and wherein the private number of the electronic device (3) is inserted by the electronic device identity detection unit (4)- over the electronic device identity detection unit (4) if the message received from the electronic device (3) is not encrypted by an encryption technique for example such as secure sockets layer (SSL). The payment intermediary financial institution access management system (6) compares the private number of the electronic device (3) included inside the message coming thereupon with the private number of the electronic device (3) registered in thereof and associated with the related payment intermediary previously. The payment intermediary financial institution access management system (6) gives security approval on the subject of making the payment -order of which is sent by the user- and sends the information related to this approval to the merchant's server (5) if it detects that the two numbers compared are same with each other as a result of the comparison transaction. If the message reaching the payment intermediary financial institution access management system (6) from the electronic device (3) is encrypted by an encryption technique for example such as secure socket layer (SSL); the payment intermediary financial institution access management system (6) opens the incoming message, creates a key, associates the created key to the said information inside the message and records them in one embodiment of the invention. Then, the payment intermediary financial institution access management system (6) creates a directing message which comprises the key that is created in order that the electronic device (3) is directed to the page that can be accessed by unencrypted messaging and has another address (URL) belonging to it so that its private number is detected, and the said address information and it sends this directing message created to the electronic device (3). After the electronic device (3) receiving the directing message is automatically directed to the address included inside the message, the electronic device identity detection unit (4) detects the private number of the electronic device (3) from the IP address of the electronic device (3) that is directed to the unencrypted page. The electronic device identity detection unit (4) sends the message comprising the said private number information to the payment intermediary financial institution access management system (6) together with the key information. The payment intermediary financial institution access management system (6) detects the private number of the user who is recorded by it previously by associating it to the keys from the key information inside the message coming from the electronic device identity detection unit (4) and it compares this number with the private number inside the message coming from the electronic device identity detection unit (4). If the payment intermediary financial institution access management system (6) detects that the two numbers compared are same with each other as a result of the comparison transaction, it gives security approval on the subject of making the payment order of which is sent by the user and sends the information related to this approval to the merchant's server (5). In an alternative embodiment of the invention, the payment intermediary financial institution access management system (6) detects the IP information of the electronic device (3) from inside the message coming from the electronic device (3) if the message coming from the electronic device (3) to the payment intermediary financial institution access management system (6) is encrypted by an encryption technique for example such as secure sockets layer (SSL) after it is detected by the payment intermediary financial institution access management system (6) that the payment intermediary is valid. The payment intermediary financial institution access management system (6) queries the private number of the electronic device (3) using the IP information detected on the electronic device identity detection unit (4), by connecting to the electronic device identity detection unit (4) after detecting the IP information of the electronic device (3). The payment intermediary financial institution access management system (6) compares the private number of the electronic device (3) obtained as a result of the query transaction with the private number of the electronic device (3) that is registered in itself and associated with the related payment intermediary previously. The payment intermediary financial institution access management system (6) gives security approval for making the payment order of which is sent by the user and sends the information related to this approval to the merchant's server (5) if it detects as a result of the comparison transaction that the two numbers compared are same with each other. The merchant financial institution (7) included in the inventive remote payment system (1) is in communication with the merchant's server (5) and the payment intermediary financial institution. The merchant financial institution (7) gets in contact with the payment intermediary financial institution by receiving the information related to the security verification approval coming from the merchant ^' s server (5) and it demands provision from the payment intermediary financial institution for realizing the payment.

The inventive remote payment system (1) also comprises at least one payment intermediary financial institution's 3 dimensional security verification system (9) which is included within the intermediary financial institution; in communication with the payment intermediary financial institution access management system (6) and the electronic device (3); and in the event that the two numbers -which are compared as a result of the comparison transaction for the private number of the electronic device (3) that is detected by the electronic device identity detection unit (4) with the private number of the electronic device (3) that is registered in the payment intermediary financial institution access management system (6) and associated with the related payment intermediary previously when a message reaches the payment intermediary financial institution access management system (6) from the electronic device (3) by the payment intermediary financial institution access management system (6)- are different from each other, it gets in contact with the electronic device (3) in accordance with the acknowledgement received from the payment intermediary financial institution access management system (6); and creates a single-use password for the user to approve the payment transaction by entering the display opening on his/her electronic device (3) and sends this created password to the electronic device (3); takes the value entered to the electronic device (3) by the user in a pre-determined period of time and compares the said value with the created password and gives security approval for making the payment order of which is sent by the user if it detects that the value entered to the electronic device (3) by the user and the created password are same with each other as a result of the comparison transaction and sends the information related to this approval to the payment intermediary financial institution access management system (6) so as to be sent to the merchant's server (5); if it detects that the value entered to the electronic device (3) and the created password are different than each other as a result of the comparison transaction, gives information to the payment intermediary financial institution access management system (6) in order that the user is informed about the fact that the transaction cannot be carried out for security reasons by not giving security approval for making the payment order of which is sent by the user.

In the inventive remote payment system ( 1 ), firstly the user sends the payment order -which comprises at least the information of a payment intermediary for example such as credit card whereby the payment will be made in thereof for the product or service bought from a merchant's application that can be run on the electronic device (3) of the user or website by means of his/her electronic device (3)- to the merchant's server (5) over the mobile internet provided by the mobile network operator by means of the electronic device (3). The merchant's server (5) receives the payment order that is received over the mobile internet provided by the mobile network operator from the electronic device (3) and that comprises at least the information related to a payment intermediary for example such as credit card whereby it is desired to make payment in thereof; and it sends the payment intermediary information included in the payment order to the payment intermediary financial institution access management system (6) so as to be controlled whether the payment intermediary is valid or not by getting in contact with the payment intermediary financial institution access management system (6) after it receives the payment order. The payment intermediary financial institution access management system (6) receives the payment order sent by the merchant's server (5) and comprises at least the payment intermediary information in thereof and it controls whether the said payment intermediary is valid or not by means of the information recorded in thereof. If the payment intermediary financial institution access management system (6) detects that the payment intermediary is not valid as a result of the controlling transaction, it sends message to the merchant's server (5) about the fact that the payment intermediary is not valid in order that the user is informed by getting in contact with the merchant's server (5). Thereupon, the merchant ^' s server (5) informs the user about the fact that the payment intermediary included in the payment order is not valid over the electronic device (3). If the payment intermediary financial institution access management system (6) detects that the payment intermediary is valid as a result of the controlling transaction, it sends information -which are necessary for the electronic device (3) to be able to send message to it automatically in order that the verification security transactions required for realizing the payment are carried out- to the merchant's server (5) by getting in contact with the merchant's server (5). And the merchant's server (5) receives the information which are required for the electronic device (3) to be able to send message to the payment intermediary financial institution access management system (6) automatically and sends the said information to the electronic device (3). After sending message to the payment intermediary financial institution access management system (6) automatically in accordance with the information coming from the merchant's server (5), the electronic device (3) carries out the verification security transaction on the basis of the private number assigned to the subscriber by the mobile network operator in order to determine whether the payment can be made or not. In one preferred embodiment of the invention, the electronic device (3) sends at least one POST message to the payment intermediary financial institution access management system (6). If the message received from the electronic device (3) is not encrypted by an encryption technique for example such as secure socket layer (SSL), the payment intermediary financial institution access management system (6) receives the message -which is sent by the electronic device (3) and wherein the private number of the electronic device (3) is inserted by the electronic device identity detection unit (4)- over the electronic device identity detection unit (4). The payment intermediary financial institution access management system (6) compares the private number of the electronic device (3) included inside the message coming thereupon with the private number of the electronic device (3) registered in thereof and associated with the related payment intermediary previously. The payment intermediary financial institution access management system (6) gives security approval on the subject of making the payment -order of which is sent by the user- and sends the information related to this approval to the merchant's server (5) if it detects that the two numbers compared are same with each other as a result of the comparison transaction. If the message reaching the payment intermediary financial institution access management system (6) from the electronic device (3) is encrypted by an encryption technique for example such as secure socket layer (SSL); the payment intermediary financial institution access management system (6) opens the incoming message, creates a key, associates the created key to the said information inside the message and records them. Then, the payment intermediary financial institution access management system (6) creates a directing message which comprises the key that is created in order that the electronic device (3) is directed to the page that can be accessed by unencrypted messaging and has another address (URL) belonging to it so that its private number is detected, and the said address information and it sends this directing message created to the electronic device (3). After the electronic device (3) receiving the directing message is automatically directed to the address included inside the message, the electronic device identity detection unit (4) detects the private number of the electronic device (3) from the IP address of the electronic device (3) that is directed to the unencrypted page. The electronic device identity detection unit (4) sends the message comprising the said private number information to the payment intermediary financial institution access management system (6) together with the key information. The payment intermediary financial institution access management system (6) detects the private number of the user who is recorded by it previously by associating it to the keys from the key information inside the message coming from the electronic device identity detection unit (4) and it compares this number with the private number inside the message coming from the electronic device identity detection unit (4). If the payment intermediary financial institution access management system (6) detects that the two numbers compared are same with each other as a result of the comparison transaction, it gives security approval on the subject of making the payment order of which is sent by the user and sends the information related to this approval to the merchant's server (5). In an alternative embodiment of the invention, the payment intermediary financial institution access management system (6) detects the IP information of the electronic device (3) from inside the message coming from the electronic device (3) if the message coming from the electronic device (3) to the payment intermediary financial institution access management system (6) is encrypted by an encryption technique for example such as secure sockets layer (SSL) after it is detected by the payment intermediary financial institution access management system (6) that the payment intermediary is valid. The payment intermediary financial institution access management system (6) queries the private number of the electronic device (3) using the IP information detected on the electronic device identity query unit (8), by connecting to the electronic device identity query unit (8) after detecting the IP information of the electronic device (3). The payment intermediary financial institution access management system (6) compares the private number of the electronic device (3) obtained as a result of the query transaction with the private number of the electronic device (3) that is registered in itself and associated with the related payment intermediary previously. The payment intermediary financial institution access management system (6) gives security approval for making the payment order of which is sent by the user and sends the information related to this approval to the merchant's server (5) if it detects as a result of the comparison transaction that the two numbers compared are same with each other. If the payment intermediary financial institution access management system (6) detects that the private number of the electronic device (3) detected by means of the electronic device identity detection unit (4) and the private number registered in itself are not same with each other as a result of the security verification transaction on the basis of the private number assigned to the subscriber by the mobile network operator, the payment intermediary financial institution gets in contact with the payment intermediary financial institution's 3 dimensional security verification system (9). The payment intermediary financial institution's 3 dimensional security verification system (9) gets in contact with the electronic device (3) and creates a single-use password for the user to approve the payment transaction by entering the display opening on his/her electronic device (3) and sends this created password to the electronic device (3). The payment intermediary financial institution's 3 dimensional security verification system (9) takes the value entered to the electronic device (3) by the user in a pre-determined period of time and compares the said value with the created password. The payment intermediary financial institution's 3 dimensional security verification system (9) gives security approval for making the payment order of which is sent by the user if it detects that the value entered to the electronic device (3) by the user and the created password are same with each other as a result of the comparison transaction and it sends the information related to this approval to the payment intermediary financial institution access management system (6) so as to be sent to the merchant's server (5). And the payment intermediary financial institution access management system (6) sends the payment approval information received from the payment intermediary financial institution's 3 dimensional security verification system (9), to the merchant's server (5). If the payment intermediary financial institution's 3 dimensional security verification system (9) detects that the value entered to the electronic device (3) and the created password are different than each other as a result of the comparison transaction, it gives information to the payment intermediary financial institution access management system (6) in order that the user is informed about the fact that the transaction cannot be carried out for security reasons by not giving security approval for making the payment order of which is sent by the user. In the event that the merchant's server (5) receives the information from the payment intermediary financial institution access management system (6) that the transaction cannot be carried out for security reasons as a result of the security verification transaction, it sends message to the electronic device (3) in order to ensure that the user is informed about the fact that the transaction cannot be carried out over the electronic device (3) by getting in contact with the electronic device (3). The merchant's server (5) connects to the merchant financial institution (7) by receiving the information related to the said approval from the payment intermediary financial institution access management system (6) and triggers the merchant financial institution (7) on the subject of receiving provision from the payment intermediary financial institution for carrying out the payment transaction if the payment transaction is approved after the security approval transaction carried out by the payment intermediary financial institution access management system (6). The merchant financial institution (7) gets in contact with the payment intermediary financial institution by receiving the information related to the security verification approval coming from the merchant's server (5) and it demands provision from the payment intermediary financial institution for realizing the payment. With the inventive remote payment system (1), it is ensured that a user can carry out payment transactions in a short time and easily without having to enter any password by means of his/her electronic device (3) which uses the phone number defined in the payment intermediary financial institution in the payment transaction required for remote shopping by means of his/her phone number previously associated with the payment intermediary owned by him/her in the payment intermediary financial institution.

The inventive remote payment method (100) which considerably facilitates user verification transaction without affecting security during remote payment transaction being carried out over mobile internet connection provided by mobile network operator, comprises steps of:

the payment order wherein there are at least information of the payment intermediary where the payment will be realized, is being sent to the merchant's server (5) over mobile internet by means of the electronic device (3) (101);

the payment order is being sent to the payment intermediary financial institution access management system (6) by the merchant's server (5) (102); the payment intermediary financial institution access management system (6) controlling whether the payment intermediary included inside the payment order is valid or not (103);

if it is detected that the payment intermediary is not valid as a result of the controlling transaction ( 103), the payment intermediary financial institution access management system (6) getting in contact with the merchant ^' s server (5) and sending message to the merchant's server (5) about the fact that the payment intermediary is not valid for informing the user (104);

the user being informed about the fact that the payment intermediary included inside the payment order is not valid by the merchant's server (5) over the electronic device (3) (105);

if it is detected that the payment intermediary is valid as a result of the controlling transaction (103), the payment intermediary financial institution access management system (6) getting in contact with the merchant ^' s server (5) and sending the information -which are necessary for the electronic device (3) to be able to send message to it automatically in order that the security verification transactions required for realizing the payment are carried out- to the merchant's server (5) (106);

the merchant's server (5) sending the information received from the payment intermediary financial institution access management system (6) to the electronic device (3) ( 107);

the electronic device (3) sending message to the payment intermediary financial institution access management system (6) automatically in accordance with the information received from the merchant's server (5) (108);

the payment intermediary financial institution access management system (6) carrying out the security verification transaction on the basis of the private number assigned to the subscriber by the mobile network operator in order to determine whether the payment can be made or not (109);

if the payment transaction is not approved as a result of the security verification transaction carried out by the payment intermediary financial institution access management system (6) (109), the payment intermediary financial institution access management system (6) informing the merchant ^' s server (5) about the fact that the payment transaction is not approved by getting in contact with the merchant's server (5) (1 10);

the merchant's server (5) informing the user about the fact that the payment transaction cannot be carried out over the electronic device (3) by getting in contact with the electronic device (3) (1 1 1 );

after the security verification transaction carried out by the payment intermediary financial institution access management system (6) (1 09), the payment intermediary financial institution access management system (6) sending the information about the approval to the merchant's server (5)

(1 12);

the merchant's server (5) connecting to the merchant financial institution (7) and triggering the merchant financial institution (7) on the subject of receiving provision from the payment intermediary financial institution for carrying out the payment transaction (1 13); and

the merchant financial institution (7) getting in contact with the payment intermediary financial institution and demanding provision from the payment intermediary financial institution in order that the payment is realized (1 14). In the inventive remote payment method (100), firstly the user sends the payment order -which comprises at least the information of a payment intermediary for example such as credit card whereby the payment will be made in thereof for the product or service bought from a merchant's application that can be run on the electronic device (3) or website by means of his/her electronic device (3)- to the merchant's server (5) over the mobile internet provided by the mobile network operator by means of the electronic device (3) (101 ). The merchant's server (5) receives the payment order that is received over the mobile internet provided by the mobile network operator from the electronic device (3) and that comprises at least the information related to a payment intermediary for example such as credit card whereby it is desired to make payment in thereof and after receiving the payment order, it sends the payment intermediary information included inside the payment order to the payment intermediary financial institution access management system (6) so as to be controlled whether the payment intermediary is valid or not by getting in contact with the payment intermediary financial institution access management system (6) ( 102). The payment intermediary financial institution access management system (6) receives the payment order which is sent by the merchant ^' s server (5) and comprises at least the payment intermediary information in thereof and it controls whether the said payment intermediary is valid or not by means of the information recorded in thereof (103). If the payment intermediary financial institution access management system (6) detects that the payment intermediary is not valid as a result of the controlling transaction ( 103), it sends message to the merchant's server (5) about the fact that the payment intermediary is not valid for informing the user by getting in contact with the merchant's server (5) (104). Thereupon, the merchant's server (5) informs the user about the fact that the payment intermediary included inside the payment order is not valid over the electronic device (3) (105). If the payment intermediary financial institution access management system (6) detects that the payment intermediary is valid as a result of the controlling transaction (103), it sends the information -which are necessary for the electronic device (3) to be able to send message to it automatically in order that the security verification transactions required for realizing the payment are carried out- to the merchant's server (5) by getting in contact with the merchant ^' s server (5) (106). The merchant's server (5) receives the information -which are required for the electronic device (3) to send message to the payment intermediary financial institution access management system (6) automatically- from the payment intermediary financial institution access management system (6) and sends the said information to the electronic device (3) ( 107). After the electronic device (3) sends message to the payment intermediary financial institution access management system (6) automatically in accordance with the information received from the merchant's server (5) (108), the payment intermediary financial institution access management system (6) carries out the security verification transaction on the basis of the private number assigned to the subscriber by the mobile network operator in order to determine whether the payment can be made or not (109). If the payment transaction is not approved as a result of the security verification transaction carried out by the payment intermediary financial institution access management system (6) (109), the payment intermediary financial institution access management system (6) informs the merchant's server (5) about the fact that the payment transaction is not approved by getting in contact with the merchant's server (5) ( 1 10). After receiving the information that the transaction cannot be carried out for security reasons as a result of the security verification transaction (109) from the payment intermediary financial institution access management system (6), the merchant's server (5) sends message to the electronic device (3) in order to ensure that the user is informed about the fact that the payment transaction cannot be carried out by getting in contact with the electronic device (3) (1 1 1). After the security verification transaction carried out by the payment intermediary financial institution access management system (6) (109), the payment intermediary financial institution access management system (6) sends the information about the said approval to the merchant's server (5) if the payment transaction is approved (1 12) and the merchant's server (5) connects to the merchant financial institution (7) by receiving the information related to the said approval and triggers the merchant financial institution (7) on the subject of receiving provision from the payment intermediary financial institution for carrying out the payment transaction (1 13). The merchant financial institution (7) gets in contact with the payment intermediary financial institution by receiving the information related to the security verification approval coming from the merchant's server (5) and demands provision from the payment intermediary financial institution in order that the payment is realized (1 14).

In one preferred embodiment of the inventive method, if the message coming from the electronic device (3) is not encrypted by an encryption technique for example such as secure socket layer (SSL) at the step of the payment intermediary financial institution access management system (6) carrying out the security verification transaction on the basis of the private number assigned to the subscriber by the mobile network operator in order to determine whether the payment can be made or not (109); the payment intermediary financial institution access management sy stem (6) receives the message -which is sent by the electronic device (3) and wherein the private number of the electronic device (3) is inserted by the electronic device identity detection unit (4)- over the electronic device identity detection unit (4). The payment intermediary financial institution access management system (6) compares the private number of the electronic device (3) included inside the message coming thereupon with the private number of the electronic device (3) registered in thereof and associated with the related payment intermediary previously. The payment intermediary financial institution access management system (6) gives security approval on the subject of making the payment -order of which is sent by the user- and sends the information related to this approval to the merchant ^' s server (5) if it detects that the two numbers compared are same with each other as a result of the comparison transaction.

In one embodiment of the inventive method, if the message coming from the electronic device (3) to the payment intermediary financial institution access management system (6) is encrypted by an encryption technique for example such as secure socket layer (SSL) at the step of the payment intermediary financial institution access management system (6) carrying out the security verification transaction on the basis of the private number assigned to the subscriber by the mobile network operator in order to determine whether the payment can be made or not (109); the payment intermediary financial institution access management system (6) opens the incoming message, creates a key, associates the created key to the said information inside the message and records them. Then, the payment intermediary financial institution access management system (6) creates a directing message which comprises the key that is created in order that the electronic device (3) is directed to the page that can be accessed by unencrypted messaging and has another address (URL) belonging to it so that its private number is detected, and the said address information and it sends this directing message created to the electronic device (3). After the electronic device (3) receiving the directing message is automatically directed to the address included inside the message, the electronic device identity detection unit (4) detects the private number of the electronic device (3) from the IP address of the electronic device (3) that is directed to the unencrypted page and the electronic device identity detection unit (4) sends the message comprising the said private number information to the payment intermediary financial institution access management system (6) together with the key information. The payment intermediary financial institution access management system (6) detects the private number of the user who is recorded by it previously by associating it to the keys from the key information inside the message coming from the electronic device identity detection unit (4) and it compares this number with the private number inside the message coming from the electronic device identity detection unit (4). If the payment intermediary financial institution access management system (6) detects that the two numbers compared are same with each other as a result of the comparison transaction, it gives security approval on the subject of making the payment order of which is sent by the user and sends the information related to this approval to the merchant's server (5).

In an alternative embodiment of the inventive method, if the message coming from the electronic device (3) to the payment intermediary financial institution access management system (6) is encrypted by an encryption technique for example such as secure socket layer (SSL) at the step of the payment intermediary financial institution access management system (6) carrying out the security verification transaction on the basis of the private number assigned to the subscriber by the mobile network operator in order to determine whether the payment can be made or not (109); the payment intermediary financial institution access management system (6) detects the IP information of the electronic device (3) from inside the message coming from the electronic device (3). The payment intermediary financial institution access management system (6) queries the private number of the electronic device (3) using the IP information detected on the electronic device identity detection unit (4), by connecting to the electronic device identity detection unit (4) after detecting the IP information of the electronic device (3). The payment intermediary financial institution access management system (6) compares the private number of the electronic device (3) obtained as a result of the query transaction with the private number of the electronic device (3) that is registered in itself and associated with the related payment intermediary previously. The payment intermediary financial institution access management system (6) gives security approval for making the payment order of which is sent by the user and sends the information related to this approval to the merchant's server (5) if it detects as a result of the comparison transaction that the two numbers compared are same with each other.

In one preferred embodiment of the inventive method, if the payment intermediary financial institution access management system (6) detects that the private number of the electronic device (3) detected by means of the electronic device identity detection unit (4) or the electronic device identity query unit (8) and the private number registered in itself are not same with each other as a result of the security verification transaction on the basis of the private number assigned to the subscriber by the mobile network operator at the step of the payment intermediary financial institution access management system (6) carrying out the security verification transaction on the basis of the private number assigned to the subscriber by the mobile network operator in order to determine whether the payment can be made or not (109); it gets in contact with the payment intermediary financial institution ^' s 3 dimensional security verification system (9). The payment intermediary financial institution's 3 dimensional security verification system (9) gets in contact with the electronic device (3) and creates a single-use password for the user to approve the payment transaction by entering the display opening on his/her electronic device (3) and sends this created password to the electronic device (3). The payment intermediary financial institution's 3 dimensional security verification system (9) takes the value entered to the electronic device (3) by the user in a pre-determined period of time and compares the said value with the created password. The payment intermediary financial institution's 3 dimensional security verification system (9) gives security approval for making the payment order of which is sent by the user if it detects that the value entered to the electronic device (3) by the user and the created password are same with each other as a result of the comparison transaction and it sends the information related to this approval to the payment intermediary financial institution access management system (6) so as to be sent to the merchant's server (5). And the payment intermediary financial institution access management system (6) sends the payment approval information received from the payment intermediary financial institution's 3 dimensional security verification system (9), to the merchant's server (5). If the payment intermediary financial institution's 3 dimensional security verification system (9) detects that the value entered to the electronic device (3) and the created password are different than each other as a result of the comparison transaction, it gives information to the payment intermediary financial institution access management system (6) in order that the user is informed about the fact that the transaction cannot be carried out for security reasons by not giving security approval for making the payment order of which is sent by the user.

In one preferred embodiment of the inventive method, the automatic message sent by the electronic device (3) to the payment intermediary financial institution access management system (6) is at least one POST message at the step of the electronic device (3) sending message to the payment intermediary financial institution access management system (6) automatically in accordance with the information received from the merchant's server (5) (108).

With the inventive remote payment method (100), it is ensured that a user can carry out payment transactions in a short time and easily without having to enter any password by means of his/her electronic device (3) which uses the phone number defined in the payment intermediary financial institution in the payment transaction required for remote shopping by means of his/her phone number previously associated with the payment intermediary owned by him/her in the payment intermediary financial institution.

Within these basic concepts; it is possible to develop a wide range of embodiments of the inventive "Remote Payment System (1) and Method (100)", the invention cannot be limited to examples disclosed herein and it is essentially according to claims.