| CPC G06Q 20/4014 (2013.01) [G06Q 20/38215 (2013.01); G06Q 20/3825 (2013.01)] | 22 Claims |
|
1. A method to be performed at a server, the method comprising:
receiving an authorization request message for a remote commerce transaction between a customer and a merchant, wherein the authorization request message comprises a merchant universal payment identifier (MuPi) and a terminal identifier (ID) associated with the merchant, wherein the MuPi comprises a uniform resource locator (URL)-based merchant identifier and a manifest file deployed at the URL;
extracting the MuPi from the authorization request message;
extracting the manifest file from the URL;
extracting a registration signature for the merchant from the manifest file;
validating an identity of the merchant based on the MuPi by determining validation information for the MuPi, the validation information comprising a security level indicator indicating a measure of confidence that the identity of the merchant is valid and accessing, based on the MuPi, a risk profile received for the merchant for previous transactions, and
deterministically determining whether the terminal ID received belong to the same merchant for which the MuPi was initially created,
wherein the identity of the merchant is validated based at least partially on the extracted registration signature for the merchant and based on the risk profile and on the security level indicator being at or above a threshold confidence level;
binding the MuPi to a cryptogram for the merchant in response to the validating the identity of the merchant; and
transmitting a message to a payment network and authorizing the remote commerce transaction at least partially in response to the validation of the identity of the merchant, the message comprising the cryptogram for the merchant.
|