SECURE PAYMENT MADE FROM A MOBILE DEVICE THROUGH A SERVICE PROVIDER

摘要

Methods and systems enable merchants to accept payments through a service provider from a consumer using an app on a mobile device, for example, without redirecting the consumer to the service provider and without collecting the customer's service provider password (a separate PIN may be used). An example of an app on a mobile device is given, but secure payments are also enabled for purchases and other transactions for a website, a merchant, or a service provider who needs to accept payments from customers. A two-key approach allows a merchant, using the two keys—a collection key for merchant apps and general servers and a private, more secure, charge key for merchant “back-end” systems—to collect a user's username and personal identification number (PIN) for acquiring payments through a service provider without compromising the user's service provider username and password (the PIN is distinct from the password).

主权项

1. A service provider system, comprising:
a non-transitory memory storing a user credential for a user, a first key, a second key, and an authorization; and one or more hardware processors coupled to the non-transitory memory and configured to read instructions from the non-transitory memory to cause the system to perform the steps of:
receiving the user credential from a merchant device corresponding to a merchant, wherein the user credential is transmitted using the first key previously provided to the merchant device;verifying that the first key used to transmit the user credential is associated with the merchant;providing the authorization to the merchant device based on the user credential and the first key;receiving the authorization from the merchant device, wherein the authorization is transmitted using the second key previously provided to the merchant device; andprocessing a transaction between the user and the merchant based on the first key and the second key both corresponding to the merchant.