Search

EP-4742131-A1 - METHOD FOR DIRECT ACCOUNT-TO-ACCOUNT PAYMENT

EP4742131A1EP 4742131 A1EP4742131 A1EP 4742131A1EP-4742131-A1

Abstract

The present invention relates to a method for direct account-to-account payment from a first account of a user to a second account of a merchant, characterized it comprises performing steps of: (a) Receiving, from a payment terminal (2b) of the merchant and/or a mobile terminal (2a) of the user, payment data comprising at least at amount and an identification of the second account; (b) Requesting, at the mobile terminal (2a), consent of the user to perform the payment; (c) Receiving in response, from the mobile terminal (2a), a consent token, said consent token being signed by the mobile terminal and containing at least an identification of the first account; (d) Sending to a first server (1a) of the first bank a transfer request comprising the payment data and said consent token

Inventors

  • Rützler, Martin
  • Bergaplass, Magnus
  • KUMAR, VISHAL
  • Hausknotz Christine
  • COLNAGHI, Luca

Assignees

  • Worldline

Dates

Publication Date
20260513
Application Date
20241106

Claims (17)

  1. A method for direct account-to-account payment from a first account of a user to a second account of a merchant, said first account being opened at a first bank operating a first server (1a), characterized it comprises performing, by a data processing unit (31) of a payment server (3) connected through a network (20) to the first server (1a), a mobile terminal (2a) of the user and a payment terminal (2b) of the merchant, steps of: (a) Receiving, from the payment terminal (2b) and/or the mobile terminal (2a), payment data comprising at least at amount and an identification of the second account; (b) Requesting, at the mobile terminal (2a), consent of the user to perform the payment; (c) Receiving in response, from the mobile terminal (2a), a consent token, said consent token being signed by the mobile terminal (2a) and containing at least an identification of the first account; (d) Sending to the first server (1a) a transfer request comprising the payment data and said consent token.
  2. A method according to claim 1, wherein said payment data are received at step (a) from the mobile terminal (2a).
  3. A method according to claim 2, wherein step (a) comprises transferring said payment data from the payment terminal (2b) to the mobile terminal (2a) via a short-range communication, in particular an optical communication.
  4. A method according to claim 3, wherein said payment data is displayed at the payment terminal (2b) encoded in a QR code, which is scanned by the mobile terminal (2a).
  5. Method according to one of claims 2 to 4, wherein step (a) further comprises checking the payment data with the payment terminal (2b).
  6. A method according to any one of claims 1 to 5, wherein step (b) comprises requesting the user to authenticate on the mobile terminal (2a) to prove consent to perform the payment.
  7. Method according to claim 6, wherein said consent token is generated by the mobile terminal (2a) upon strong authentication of the user.
  8. A method according to claim 7, wherein said consent token further comprises a result of said strong authentication.
  9. A method according to any one of claims 1 to 8, comprising a step (e), performed by a data processing unit (11a) of the first server (1a), of verifying said consent token, comprising verifying the signature.
  10. A method according to claim 9, wherein verifying said consent token comprises comparing the identification of the first account contained in the consent token with an expected identification of the first account.
  11. Method according to any one of claims 9 and 10, wherein the consent token is further encrypted with a public key of said first bank, step (e) firstly comprising decrypting said consent token.
  12. Method according to one of any one of claims 9 to 11, comprising a step (f) performed by the data processing unit (11a) of the first server (1a), of performing the transfer from the first account as identified by the consent token to the second account as identified in the payment data.
  13. Method according to claim 12, comprising a step (g) of receiving a transfer confirmation and notifying the payment terminal (2b) and/or the mobile terminal (2a).
  14. Payment server (3), characterized it comprises a data processing unit (31) configured to: - Receive, from a payment terminal (2b) of a merchant and/or a mobile terminal (2a) of a user, payment data for direct account-to-account payment from a first account of the user to a second account of the merchant comprising at least at amount and an identification of the second account, said first account being opened at a first bank operating a first server (1a), the payment server being connected through a network (20) to the first server (1a), the mobile terminal (2a) and the payment terminal (2b); - Request, at the mobile terminal (2a), consent of the user to perform the payment; - Receive in response, from the mobile terminal (2a), a consent token, said consent token being signed by the mobile terminal (2a) and containing at least an identification of the first account; - Send to the first server (1a) a transfer request comprising the payment data and said consent token.
  15. System of a payment server (3) according to claim 14 and the first server (1a) of the bank, wherein the first server (1a) comprises a data processing unit (11a) configured to: - verify said consent token; - perform the transfer from the first account as identified by the consent token to the second account as identified in the payment data.
  16. Computer program product comprising code instructions for executing a method according to one of claims 1 to 13 for direct account-to-account payment from a first account of a user to a second account of a merchant, when said program is executed on a computer.
  17. A storage medium readable by computer equipment on which is recorded a computer program product comprising code instructions for executing a method according to one of claims 1 to 13 for direct account-to-account payment from a first account of a user to a second account of a merchant.

Description

GENERAL TECHNICAL AREA The present invention relates to the field of payment transactions. More specifically, it concerns a method for direct account-to-account payment. STATE OF THE ART Account-to-Account (A2A) payments are a new type of payment wherein money is directly moved from one account to another without the need for additional intermediaries or payment instruments, such as cards. A2A payments fall under two categories: the commonly known bank-to-bank payments and those powered by Open Banking, which allows for financial data to be shared between banks and third-party service providers through the use of application programming interfaces (APIs). Lots of techniques are known, see for instance the document US 11935028. On in-store environment, it has thus been proposed to scan a QR code displayed by a POS of the merchant to automatically initiate a A2A payment to the merchant. However, in Europe, the revised Payment Services Directive (PSD2) for open banking introduced a number of new services, definitions, and obligations for market participants, which put big hurdles for the secure use of A2A on such an in-store environment. In particular: 1. after scanning the QR code, the user has to be redirected to an e-banking page and to log-in by manually entering one's credential (account identifier).2. For doing the strong customer authentication (SCA) as required by PSD2 the user is further redirected to the authentication app of the bank, i.e. the SCA must be done with a different mean/device/app than the login to the e-banking environment. This standard user experience is too complex and too cumbersome to be widely adopted. Therefore, there is a need for a seamless and frictionless user experience while maintaining the highest security and complying with all the existing requirements. The present invention improves the situation. PRESENTATION OF THE INVENTION The present invention therefore relates, according to a first aspect, to a method for direct account-to-account payment from a first account of a user to a second account of a merchant, said first account being opened at a first bank operating a first server, characterized it comprises performing, by a data processing unit of a payment server connected through a network to the first server, a mobile terminal of the user and a payment terminal of the merchant, steps of: (a) Receiving, from the payment terminal and/or the mobile terminal, payment data comprising at least at amount and an identification of the second account;(b) Requesting, at the mobile terminal, consent of the user to perform the payment;(c) Receiving in response, from the mobile terminal, a consent token, said consent token being signed by the mobile terminal and containing at least an identification of the first account;(d) Sending to the first server a transfer request comprising the payment data and said consent token. According to non-limiting features, Said payment data are received at step (a) from the mobile terminal. Step (a) comprises transferring said payment data from the payment terminal to the mobile terminal via a short-range communication, in particular an optical communication. Said payment data is displayed at the payment terminal encoded in a QR code, which is scanned by the mobile terminal. Step (a) further comprises checking the payment data with the payment terminal. Step (b) comprises requesting the user to authenticate on the mobile terminal (2a) to prove consent to perform the payment. Said consent token is generated by the mobile terminal upon strong authentication of the user. Said consent token further comprises a result of said strong authentication. The method comprises a step (e), performed by a data processing unit of the first server, of verifying said consent token, comprising verifying the signature. Verifying said consent token comprises comparing the identification of the first account contained in the consent token with an expected identification of the first account. The consent token is further encrypted with a public key of said first bank, step (e) firstly comprising decrypting said consent token The method comprises a step (f) performed by the data processing unit of the first server, of performing the transfer from the first account as identified by the consent token to the second account as identified in the payment data. The method comprises a step (g) of receiving a transfer confirmation and notifying the payment terminal and/or the mobile terminal. According to a second aspect, the present invention proposes a payment server, characterized it comprises a data processing unit configured to: Receive, from a payment terminal of a merchant and/or a mobile terminal of a user, payment data for direct account-to-account payment from a first account of the user to a second account of the merchant comprising at least at amount and an identification of the second account, said first account being opened at a first bank operating a first server,