| CPC G06Q 20/38215 (2013.01) [G06Q 20/4014 (2013.01); H04L 9/3228 (2013.01); H04L 63/0421 (2013.01)] | 19 Claims |
|
1. A system comprising a server and a computing device for securing electronic payments, the server comprising:
one or more processors; and
a memory storing computer code instructions, the computer code instructions, when executed by the one or more processors, cause the one or more processors to:
provide a session identifier (ID) and a URL of an iFrame to an electronic commerce (e-commerce) host server for forwarding to a computing device responsive to the computing device initiating an e-commerce transaction on an information resource, the URL specific to a payment session identified by the session ID;
receive, from the computing device, the URL and a first instance of the session ID;
validate the first instance of the session ID, responsive to receiving the URL and the first instance of the session ID;
provide, upon validating the first instance of the session ID, the iFrame to the computing device for embedding within a payment page provided by the commerce host server to the computing device, the iFrame and the payment page hosted by different domains and the iFrame including software instructions:
the computing device comprising a computing device processor and computing device memory, the computing device processor executing the software instructions of the iFrame to cause the computing device processor to:
display a user interface for input of user payment data;
encrypt with an encryption key provided by the software instructions of the iFrame, the user payment data when input via the user interface; and
send the encrypted user payment data to the one or more processors;
the one or more processors to execute the computer code instructions to:
receive the user payment data encrypted by the computing device upon execution of the software instructions included with the iFrame and a second instance of the session ID from the iFrame;
provide, upon validating the second instance of the session ID, a one-time token (OTT) to the computing device for use to initiate payment pre-authorization, the OTT associated with the session ID and indicative of the user payment data;
validate, upon receiving a payment pre-authorization request from the e-commerce host server including an instance of the OTT, the instance of the OTT;
obtain, upon validating the instance of the OTT, payment pre-authorization from a payment provider system using the user payment data; and
provide an indication of the payment pre-authorization to the e-commerce host server for forwarding to the computing device, the payment pre-authorization allowing the computing device to finalize the e-commerce transaction.
|