No assignee for this patent application has been made.
News editors obtained the following quote from the background information supplied by the inventors: "This invention relates generally to systems and methods for multi-merchant tokenization of transaction payments. Such systems and methods enable merchants to increase security for payments and transactions, shifts storage of account information from central payment processor to the merchant, and provides for more seamless transactions across groups of related merchants.
"Payment for a transaction, when done electronically, is subject to security breaches which may compromise sensitive financial data. Further, as point of sales systems become more advanced, more transactions are performed electronically, and as hackers become more sophisticated, security concerns are continually increasing.
"In the early days of electronic transactions, dedicated magnetic card readers would scan a credit card's data and transfer it to a payment service for completion of the transaction. These communications were typically over a dial connection and required basic encryption in the reader device in order to maintain security of the packet.
"Over time, the reader devices have become more advanced, often with internet connections and data input ports that enable malware to infect point of sales terminals. Further, as more and more retailers have moved to transfer of data over the internet, additional security features have been developed.
"Most notably, 'tokenization' is a means for replacing sensitive information with a 'token' of data that is non-decryptable by the merchant (requires a third party decryption). Traditionally, tokenization in transaction payment systems would include storing the sensitive information at the payment processor in a centralized database, and supplying back an ID to the merchant. The ID would relate back to the account data, but if intercepted would not contain any sensitive information. This enables increased security because the sensitive information only needs to be transferred between the merchant and the payment service once. However, such prior systems are not without drawbacks. For example, by centrally locating account information for a wide variety of businesses, a single breach of security into the database could compromise a large number of accounts, in these prior systems. This is a very large risk for payment processors. Additionally, the token returned to the merchant is typically only redeemable by that merchant in further transactions. As such, prior tokenization efforts are limited to a single business line.
"Often a merchant may have multiple locations that work together, and as such current systems may limit these merchants from all relying upon a single token. Thus, account information has to be input by the varied merchants individually in order to perform the transaction for a single customer.
"It is therefore apparent that an urgent need exists for systems and methods for multi merchant tokenization for improved security for transaction payment processing. Such systems will have the added benefit of decentralizing sensitive account data in a manner which increases security of user data, while shifting risks away from the payment service."
As a supplement to the background information on this patent application, VerticalNews correspondents also obtained the inventors' summary information for this patent application: "To achieve the foregoing and in accordance with the present invention, systems and methods for multi-merchant tokenization are provided. Such systems and methods enable improved security for transaction payment processing. Such systems will have the added benefit of decentralizing sensitive account data in a manner which increases security of user data, while shifting risks away from the payment service.
"In some embodiments, multi-merchant tokenization may include receiving a transaction from a point of sale terminal of a merchant, validating the merchant ID against merchant logs, and generating a token for the transaction. The token includes a primary account number, expiration, and a group ID. Additionally, the system provides the primary account number to a payment system and receives a response back. The response is then output back to the merchant along with the token. Validation of the merchant ID ensures the merchant is configured for tokenization. In some embodiments, the transaction is encrypted when it is received. In this case the system also decrypts the transaction. The system may also encrypt the token.
"The group ID enables only particular merchants to redeem the token. The system may associate merchants to the group ID. Thus when a token is received from a merchant, the system may query a database for merchant configuration, and approve or decline the transaction if the merchant configuration does or does not match the transaction, respectively. The database may be updated for changes in merchant configuration.
"In subsequent transactions, the system may receive the token from a one point of sale terminal of the merchant. The system validates the merchant ID against merchant logs and ensures the merchant is configured for tokenization. The token is decrypted and the group ID is compared to the merchant ID in the merchant logs. When they match, the primary account number is provided to the payment system for approval.
"Note that the various features of the present invention described above may be practiced alone or in combination. These and other features of the present invention will be described in more detail below in the detailed description of the invention and in conjunction with the following figures.
BRIEF DESCRIPTION OF THE DRAWINGS
"In order that the present invention may be more clearly ascertained, some embodiments will now be described, by way of example, with reference to the accompanying drawings, in which:
"FIG. 1 is an example schematic block diagram for a system for multi-merchant tokenization, in accordance with some embodiments;
"FIG. 2 is an example schematic block diagram for a more detailed view of components within the tokenization and payment management system, in accordance with some embodiments;
"FIG. 3 is an example schematic block diagram for the tokenizer encryption service, in accordance with some embodiments;
"FIG. 4 is an example process flow diagram for multi-merchant tokenization, in accordance with some embodiments;
"FIGS. 5-7 are example flowcharts for methods for multi-merchant tokenization, in accordance with some embodiments;
"FIGS. 8A and 8B are example schematic block diagrams for mechanisms for secure transactions, in accordance with some embodiments; and
"FIGS. 9A and 9B are example illustrations for computer systems configured to embody the multi-merchant tokenization system, in accordance with some embodiments."
For additional information on this patent application, see: Plomske,
Keywords for this news article include: Patents, Information Technology, Information and Data Encoding and Encryption.
Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC
Most Popular Stories
- Obama Administration Releases Proposal to Regulate For-Profit Colleges
- Apple, HP, Intel May Take a Hit from Slowdown in Smartphone Sales Growth
- Elizabeth Vargas' Husband Marc Cohn Addresses Rumors
- Keurig Adds Peet's coffee, Alters Starbucks deal
- Motley Crue's Nikki Sixx Marries Model Courtney Bingham
- FDIC Files Lawsuit on Behalf of Banks Allegedly Hurt by Libor Scandal
- U.S. to Relinquish Gov't Control Over Internet
- Chinese e-Commerce Giant Alibaba Gears for IPO in U.S.
- Some California Cities Seeking Water Independence
- Will Missing Malaysian Jet Prompt Aviation System Change?