CPC G06Q 20/40 (2013.01) [G06Q 20/382 (2013.01); G06Q 20/38215 (2013.01); G06Q 20/4014 (2013.01); G06Q 20/4016 (2013.01); G06Q 20/4018 (2013.01); G06Q 2220/00 (2013.01); H04L 2209/56 (2013.01)] | 16 Claims |
1. A computer implemented method for providing authentication for secure transactions in a multi-server system, the method comprising:
receiving, at an authentication server from a requestor server, a first request for a cryptogram, the first request being associated with a transaction and including a requestor identifier;
in response to receiving the first request, generating the cryptogram;
sending, from the authentication server, the cryptogram to the requestor server;
receiving, at the authentication server from a merchant server, a message including the cryptogram, a payment token, a unique merchant identifier, and a merchant secret, wherein the unique merchant identifier is included in a first field of the message designated for an expiration date and the merchant secret is included in a second field of the message designated for a card verification code;
validating, by the authentication server, the cryptogram;
comparing, by the authentication server, the unique merchant identifier and the merchant secret with a unique merchant identifier and a merchant secret pair stored in a database; and
authorizing, by the authentication server, the transaction when there is a match.
|