| CPC G06Q 20/3821 (2013.01) [G06Q 2220/00 (2013.01)] | 7 Claims |
|
1. A method comprising:
receiving, by a payment services computer, a request for payment credentials, the request indicating an account from which payment for a transaction involving a user and a merchant is to be made, the request received from a user device;
looking up, by the payment services computer, a payment token that corresponds to said account;
generating, by the payment services computer, dynamic expiry data and a dynamic token verification code, the dynamic expiry data indicating an expiration date of the payment token and the dynamic expiry data and dynamic token verification code specifically generated for the transaction such that they are changed from prior transactions;
responding, by the payment services computer, to the request by transmitting the looked-up payment token, the generated dynamic expiry data and the generated dynamic token verification code to the user device;
receiving, from a merchant device associated with the merchant, a transaction authorization request message containing the payment token, the dynamic expiry data, and the dynamic token verification code; and
causing a transaction authorization response message to be transmitted to the merchant device after successful verification of the dynamic expiry data and the dynamic token verification code;
wherein the generating step includes:
(a) concatenating the looked up payment token with at least one item of numeric transaction data to form a first numeric string;
(b) digitally signing the first numeric string with a cryptographic key to form a second numeric string;
(c) selecting three leading digits of the second numeric string to be the dynamic token verification code; and
(d) forming the dynamic expiry data by transforming four digits of the second numeric string, said four digits immediately following said three leading digits of the second numeric string.
|