Search

US-12626238-B2 - System for secure transaction processing and a method thereof

US12626238B2US 12626238 B2US12626238 B2US 12626238B2US-12626238-B2

Abstract

The present disclosure discloses a system ( 100 ) and method ( 200 ) for secure transaction processing. The system ( 100 ) comprises a payment application ( 102 ), a memory ( 106 ), and a transaction server ( 108 ) hosting the application ( 102 ). The application ( 102 ) facilitates a registered user to generate a request for initiating a payment transaction. The memory ( 106 ) stores a list of identifiers associated with registered users and registration details corresponding to each user. The transaction server ( 108 ) generates a first one-time verification code/PIN based on the transaction request and sends it to the application ( 102 ). The transaction server ( 108 ) receives a second verification code/PIN via a second user interface ( 20 ), compares the two codes/PINs, and sends transaction data to the issuing bank ( 30 ) of the first user, via an acquirer bank ( 40 ), for the completion of the payment transaction when the codes/PINs match. The system ( 100 ) enables users to carry out payment transactions without entering their sensitive financial accounts.

Inventors

  • MANDAR AGASHE

Assignees

  • MANDAR AGASHE

Dates

Publication Date
20260512
Application Date
20221220
Priority Date
20211222

Claims (20)

  1. 1 . A system ( 100 ) for facilitating secure transaction, said system ( 100 ) comprising: 1. a payment application ( 102 ) configured to provide a first user interface ( 104 ), upon execution in an electronic device ( 10 ), to facilitate users to register and add financial accounts for carrying out secure payment transactions, said payment application ( 102 ) further configured to facilitate a registered user to tokenize said financial accounts by means of a tokenization platform; 2. a memory ( 106 ) configured to store a database having a first lookup table in an encrypted form, the first lookup table comprising a list of user identifiers associated with the registered users and registration details corresponding to each of the registered users, the registration details comprising personal details, the financial accounts of the registered users and tokens of said financial accounts; 3. a transaction server ( 108 ) hosting said payment application ( 102 ), said transaction server ( 108 ) comprising: a verification code generation module ( 110 ) configured to: receive a transaction request associated with a first registered user and a second registered user out of the registered users, wherein said transaction request is initiated by the first registered user by selecting a specific payment method via a second user interface ( 20 ) associated with a payment receiving application of said second registered user, wherein said second user interface ( 20 ) subsequently prompts the first registered user to enter a verification code/PIN; in response to the first registered user opening the payment application ( 102 ) and selecting a financial account via the first user interface ( 104 ) of the payment application ( 102 ), generate a unique, temporary, first one-time verification code/PIN for said selected financial account or said selected token and store both the first one-time verification code/PIN and a corresponding user identifier into a second lookup table, wherein the second lookup table is configured to delete the stored verification code/PIN after a predetermined time period or after a single successful use; and transmit said first one-time verification code/PIN to said payment application ( 102 ) to display it via said first user interface ( 104 ); and a verification code checking module ( 112 ) comprising: a comparator ( 112 a ) configured to receive a second verification code/PIN entered by said first registered user via said second user interface ( 20 ) and compare said second verification code/PIN with said first one-time verification code/PIN from said second lookup table; an extractor module ( 112 b ) configured to, only upon a positive comparison result, extract said selected financial account or said selected token stored against the first one-time verification code/PIN and automatically send data related to said selected financial account or said selected token to an acquirer bank ( 40 ) or a payment gateway, bypassing said second user interface ( 20 ) and preventing exposure of the financial account data to said second registered user associated with the second user interface ( 20 ), for approval, further said acquirer bank ( 40 ) or said payment gateway sends transaction details to said payment application ( 102 ) of the first registered user; an authorization module ( 112 c ) configured to cooperate with said extractor module ( 112 b ) to send a transaction request comprising of a transaction details to said payment application ( 102 ) of the first registered user to verify the transaction by swiping left or right or via biometric or application PIN, and further configured to send the status of the transaction verification to said payment gateway or said acquirer bank ( 40 ) and further said payment gateway or said acquirer bank ( 40 ) sends said transaction to the issuing bank ( 30 ) for approval, and/or said acquirer bank ( 40 ) or payment gateway sends transaction details to issuing bank ( 30 ), wherein said issuing bank ( 30 ) sends an OTP for transaction request to the first registered user of the bank to approve the transaction, wherein said first register user approves the transaction by entering the OTP on payment gateway and said payment gateway or acquirer bank ( 40 ) sends the status of the transaction to said authorization module ( 112 c ); and a notification module ( 118 ) configured to cooperate with said authorization module ( 112 c ) to receive said approved transaction status on said payment application ( 102 ) of the first registered user.
  2. 2 . The system ( 100 ) as claimed in claim 1 , wherein said memory ( 106 ) is implemented as a storage area on said transaction server ( 108 ) or an independent storage device communicatively coupled to said transaction server ( 108 ).
  3. 3 . The system ( 100 ) as claimed in claim 1 , wherein said personal details are selected from the group consisting of name, mobile number, email ID, and identity-related information.
  4. 4 . The system ( 100 ) as claimed in claim 1 , wherein said financial accounts are selected from the group consisting of bank details, account details, debit card number, prepaid card number, credit card number, card validity details, card verification value (CVV), internet banking login ID, login credentials associated with a financial service account, Virtual Payment Address (VPA)/Unified Payments Interface (UPI) ID, PayPal ID, Zelle ID, and other transaction IDs, and/or token of financial accounts.
  5. 5 . The system ( 100 ) as claimed in claim 1 , wherein said transaction server ( 108 ) comprises a registration module ( 114 ) configured to receive said registration details from the users via said first user interface ( 104 ), and further configured to register the users by creating unique identifiers associated with the users and storing the registration details with said unique user identifiers in said first lookup table.
  6. 6 . The system ( 100 ) as claimed in claim 5 , wherein said registration module ( 114 ) is configured to store the registration details in an encrypted form by means of an encryption engine.
  7. 7 . The system ( 100 ) as claimed in claim 1 , wherein said transaction server ( 108 ) further comprises a login module ( 116 ) configured to facilitate a user to generate and set login credentials via said first user interface ( 104 ), and further configured to perform authentication of the registered user based on said login credentials before allowing the registered user to use said application ( 102 ) to initiate said payment transaction.
  8. 8 . The system ( 100 ) as claimed in claim 7 , wherein said login credentials are selected from the group consisting of a login ID and password, a pre-set PIN, and a biometric signature of the registered user including at least one of fingerprint, facial biometrics, iris pattern, retina pattern, finger vein pattern, palm vein pattern, and voice sample.
  9. 9 . The system ( 100 ) as claimed in claim 1 , wherein said transaction data comprises a register user identifier, at least one of a transaction identifier, the financial account of the registered user, the transaction amount, details of online/offline merchant or ATM or one or more registration details of said second registered user with whom the payment transaction is being performed.
  10. 10 . The system ( 100 ) as claimed in claim 1 , wherein said notification module ( 118 ) configured to receive a transaction status message from the payment gateway or acquirer bank ( 40 ) of the second registered user and further configured to notify the registered user and the second registered user about the status of transaction via the first user interface ( 104 ) and the second user interface ( 20 ) respectively.
  11. 11 . The system ( 100 ) as claimed in claim 1 , wherein said system facilitates the user to securely perform online, e-commerce, point-of-sale merchant, peer-to-peer (P2P), and automatic teller machine (ATM) transactions.
  12. 12 . A method ( 200 ) for facilitating secure transaction processing, said method ( 200 ) comprising the following steps: 1. facilitating ( 202 ), via a first user interface ( 104 ) of a payment application ( 102 ), users to register and add financial accounts for carrying out secure payment transactions upon execution in an electronic device ( 10 ); 2. facilitating ( 204 ), via said first user interface ( 104 ) of a payment application ( 102 ), the registered user to tokenize said financial accounts by means of a tokenization platform; 3. storing ( 206 ), in a memory ( 106 ), a database having a first lookup table in an encrypted form, the first lookup table comprising a list of identifiers associated with registered users and the registration details corresponding to each of the registered users, the registration details comprising personal details and financial accounts of the registered users and token of said financial accounts; 4. receiving, by a verification code generation module ( 110 ) of a transaction server ( 108 ), a transaction request associated with a first registered user and a second registered user out of the registered users, wherein said transaction request is initiated by the first registered user by selecting a specific payment method via a second user interface ( 20 ) associated with a payment receiving application of said second registered user, wherein said second user interface ( 20 ) subsequently prompts the first registered user to enter a verification code/PIN; 5. generating ( 208 ), by said verification code generation module ( 110 ) in response to the first registered user opening the payment application ( 102 ) and selecting a financial account via the first user interface ( 104 ) of the payment application ( 102 ), a unique, temporary, first one-time verification code/PIN for said selected financial account or said selected token and storing both the first one-time verification code/PIN and a corresponding user identifier into a second lookup table, wherein the second lookup table is configured to delete the stored verification code/PIN after a predetermined time period or after a single successful use; 6. sending ( 210 ), by said verification code generation module ( 110 ), said first one-time verification code/PIN to said payment application ( 102 ) for displaying it on said first user interface ( 104 ), 7. receiving ( 212 ), by a verification code checking module ( 112 ) of said transaction server ( 108 ), a second verification code/PIN entered via said second user interface ( 20 ); 8. comparing ( 214 ), by a comparator ( 112 a ) of said verification code checking module ( 112 ), said second verification code/PIN with said first one-time verification code/PIN from said second lookup table; 9. upon successful comparison, extracting ( 216 ), by an extractor module ( 112 b ) of said verification code checking module ( 112 ), said selected financial account or said selected token stored against the first one-time verification code/PIN; 10. automatically sending ( 218 ), by said extractor module ( 112 b ) of said verification code checking module ( 112 ), data related to said selected financial account or selected token to an acquirer bank ( 40 ) or a payment gateway, bypassing said second user interface ( 20 ) and preventing exposure of the financial account data to said second registered user associated with the second user interface ( 20 ), for approval, said acquirer bank ( 40 ) or said payment gateway sending transaction details to said payment application ( 102 ) of the first registered user; 11. sending ( 220 ), by an authorization module ( 112 c ) of said verification code checking module ( 112 ), a transaction request comprises a transaction details to said payment application ( 102 ) of the first registered user to verify the transaction by swiping left or right or via biometric or application PIN; 12. sending ( 222 ), by an authorization module ( 112 c ) of said verification code checking module ( 112 ), status of the transaction verification to said payment gateway or said acquirer bank ( 40 ), and further said payment gateway or acquirer bank ( 40 ) sending said transaction to said issuing bank ( 30 ) for approval; 13. sending ( 224 ), by said acquirer bank ( 40 ) or payment gateway, transaction details to issuing bank ( 30 ), wherein said issuing bank ( 30 ) sends an OTP for transaction request to the first registered user of the bank to authorize the transaction and the first register user approves the transaction by entering the OTP on payment gateway and said payment gateway or acquirer bank sends the status of the transaction to the authorization module; and 14. receiving ( 226 ) by a notification module ( 118 ) said approved transaction status on said payment application ( 102 ) of the first registered user.
  13. 13 . The method ( 200 ) as claimed in claim 12 , wherein said personal details are selected from a group consisting of name, mobile number, email ID, and identity-related information.
  14. 14 . The method ( 200 ) as claimed in claim 12 , wherein said financial accounts are selected from the group consisting of bank details, account details, debit card number, prepaid card number, credit card number, card validity details, card verification value (CVV), internet banking login ID, login credentials associated with a financial service account, Virtual Payment Address (VPA)/Unified Payments Interface (UPI) ID, PayPal ID, Zelle ID, and other transaction IDs, and/or token of financial accounts.
  15. 15 . The method ( 200 ) as claimed in claim 12 , wherein said step of facilitating ( 202 ), via said first user interface ( 104 ), users to register for carrying out secure payment transactions comprises the following steps: receiving, by a registration module ( 114 ) of said transaction server ( 108 ), the registration details from the users via said first user interface ( 104 ); and registering, by said registration module ( 114 ), the users by creating unique identifiers associated with the users and storing the registration details with said unique user identifiers in said first lookup table.
  16. 16 . The method ( 200 ) as claimed in claim 12 , wherein said storing the registration details in an encrypted form by means of encryption engine.
  17. 17 . The method ( 200 ) as claimed in claim 12 , which further comprises the following steps: facilitating, by a login module ( 116 ) of said transaction server ( 108 ), a user to generate and set login credentials via said first user interface ( 104 ); and performing, by said login module ( 116 ), authentication of the registered user based on said login credentials before allowing the registered user to use said first user interface ( 104 ) to initiate said payment transaction, wherein said login credentials are selected from the group consisting of a login ID and password, a pre-set PIN, and a biometric signature of the registered user including at least one of fingerprint, facial biometrics, iris pattern, retina pattern, finger vein pattern, palm vein pattern, and voice sample.
  18. 18 . The method ( 200 ) as claimed in claim 12 , which further comprises the following steps: receiving, by the issuing bank ( 30 ) of the registered user, said transaction data; verifying, by the issuing bank ( 30 ), the received transaction data based on a pre-stored customer data; generating, by the issuing bank ( 30 ), a first one-time password after verifying the transaction data; sending, by the issuing bank ( 30 ), the generated first one-time password to the electronic device ( 10 ) of the registered user of the bank for user authentication; providing, by the registered user of the bank, to the payment gateway for authentication; sending, by the payment gateway, the received second one-time password to the issuing bank ( 30 ); and comparing, by the issuing bank ( 30 ), the generated first one-time password with the second one-time password received from the payment gateway, to authenticate the transaction.
  19. 19 . The method ( 200 ) as claimed in claim 12 , which further comprises the following steps: 1. receiving, by a notification module ( 118 ) of said transaction server ( 108 ), a transaction status message from the payment gateway/acquirer bank ( 40 ) of the second registered user; and 2. notifying, by said notification module ( 118 ), the first registered user and the second registered user about the status of transaction via the first user interface ( 104 ) and the second user interface ( 20 ) respectively.
  20. 20 . The method ( 200 ) as claimed in claim 12 , wherein said transaction data comprises at least one of a transaction identifier, the financial account of the registered user, the transaction amount, and one or more personal details of the second registered user with whom the payment transaction is being performed.

Description

FIELD The present disclosure generally relates to payment systems. More particularly, the present disclosure relates to a system and method for secure financial transaction processing. BACKGROUND The background information herein below relates to the present disclosure but is not necessarily prior art. Typically, point-of-sale or automatic teller machine (ATM) based payment systems require users to use their credit/debit/pre-paid cards to carry out monetary transactions. Similarly, internet-based payment systems require users to use their financial details such as credit/debit card information, internet banking login credentials, or login ID, and password of a financial service like PayPal to carry out online monetary transactions. Internet-based payment systems provide a person with remote access to his/her financial account and enable the person to carry out a transaction without walking into a bank and without using paper-based transaction methods. However, a user performing a point-of-sale (POS), an ATM-based or an internet-based payment transaction is required to either insert a payment card into the merchant's Point of Sale (POS) machine or ATM or manually enter his/her financial details at a service application interface or a merchant website. Further, these websites/interfaces may save some of the financial details such as card numbers either directly or as a token, even to store the card as a token in card on file service, the customer has to enter complete card details at least once on the website, where the data can be stolen. The other details such as the Card Verification Value (CVV) are required to be entered every time the user wishes to transact. This exposes the user's financial data to merchants or to the third-party service providers which increase the risk of transactional fraud. Further, sensitive information such as the bank details, account details, debit card number, prepaid card number, credit card number, card validity details, card verification value (CVV), internet banking login ID, login credentials associated with a financial service account, Virtual Payment Address (VPA)/Unified Payments Interface (UPI) ID, PayPal ID, Zelle ID, and other transaction IDs are usually transmitted through public internet networks. Such transmissions are often prone to various types of hacking attacks due to which the confidentiality of the financial information is liable to be compromised. Therefore, there is a need for a system and method for secure transaction processing which alleviates the above-mentioned drawbacks. OBJECTS Some of the objects of the present disclosure, which at least one embodiment herein satisfies, are as follows: It is an object of the present disclosure to ameliorate one or more problems of the prior art or to at least provide a useful alternative. An object of the present disclosure is to provide a system for secure transaction processing and a method thereof. Another object of the present disclosure is to provide a system for secure transaction processing that does not require a user to enter financial accounts (e.g., number, credit card number, card validity details, card verification value (CVV), internet banking login ID, login credentials associated with a financial service account, Virtual Payment Address (VPA)/Unified Payments Interface (UPI) ID, PayPal ID, Zelle ID, and other transaction IDs) to carry out payment transactions. Still another object of the present disclosure is to provide a system for secure transaction processing and a method thereof; A system for secure transaction processing and a method thereof that offer the user a safe and convenient way of performing transactions. Yet another object of the present disclosure is to provide a system for secure transaction processing and method thereof that reduce the likelihood of exposure to hacking attacks. Still another object of the present disclosure is to provide a system for transaction processing and method thereof that enable users to perform transactions at a point-of-sale (POS) machine or an automatic teller machine (ATM) without using a financial card. Other objects and advantages of the present disclosure will be more apparent from the following description when read in conjunction with the accompanying figures, which are not intended to limit the scope of the present disclosure. SUMMARY The present disclosure envisages a system for facilitating secure transaction processing. The system comprises a payment application, a memory, and a transaction server hosting the payment application. The application is configured to provide a first user interface, upon execution in an electronic device, to facilitate users to register and add financial accounts for carrying out secure payment transactions. The payment application is further configured to facilitate a registered user to tokenize the financial accounts by means of a tokenization platform. The memory is configured to store a database having a first