EMBEDDED THIRD PARTY SERVER BYPASS SECURITY FEATURE

摘要

A process for managing a payment transaction between a payor and payee is described. A payment processing interface hosted by a transaction server not controlled by the payee is embedded within a user interface of the payee. Information relating to the transaction, which includes an amount of the transaction, is obtained. The payment processing interface is displayed within the user interface and includes the amount of the transaction and prompt(s) for payor payment account information. Encrypted payment account information is sent from the payor to the transaction server in response to the prompt(s) without exposing said information to outside parties. The payment account information is decrypted at the transaction server and used to process the transaction. The transaction server provides an indicator of success or failure of the transaction to the payor and stores a record of the transaction for subsequent review by the payee.

主权项

1. A computer-implemented method of facilitating a secure payment transaction to a first entity from a second entity, the method comprising:
providing a payment processing module to the first entity, wherein the payment processing module is configured to integrate with a user interface provided by the first entity and to cause a payment processing interface to be embedded within the user interface, the payment processing interface being hosted by a transaction server that is not controlled by the first entity; obtaining information relating to the payment transaction, the information comprising at least an amount of the payment transaction; configuring, at the transaction server, the payment processing interface for display within the user interface, wherein the payment processing interface indicates the amount of the payment transaction and comprises one or more prompts for the second entity to enter payment account information, and wherein the payment processing interface, when displayed, causes a remaining portion of the user interface to be displayed at a lesser level of focus than the payment processing interface; receiving, at the transaction server from the second entity, encrypted payment account information in response to the one or more prompts, wherein the encrypted payment account information is encrypted by a client device controlled by the second entity and is sent directly from the client device to the transaction server without providing the encrypted payment account information to the first entity; decrypting, at the transaction server, the encrypted payment account information, thereby obtaining decrypted payment account information; processing, at the transaction server, the payment transaction using the decrypted payment account information; providing, from the transaction server to the second entity, an indicator of success or failure of the payment transaction; and storing a record of the payment transaction at a data store associated with the transaction server for subsequent review by the first entity.