Field of the invention
5 [001] The present invention relates to the domain of payment card transactions, and
more particularly to methods, systems and computer program products for implementing a
chip card based payment transaction at a point-of sale terminal, without presenting the chip
card at the point-of sale terminal.
10 Background of the Invention
[002] With growing acceptance of payment cards (e.g. credit cards and debit cards) as
instruments for effecting electronic payment transactions, there have been corresponding
advances in technologies for enabling payment cards to interface with point-of-sale (POS)
15 terminals during transaction execution.
[003] Initially, the default interface capability for payment cards consisted of a magnetic
stripe that stored payment card information, and which require to be swiped through a
magnetic card reader integrated into or coupled with a POS terminal, to enable the POS
20 terminal to read payment card information. Subsequently, payment cards have additionally
incorporated a microprocessor chip or smartchip that is configured to interact with a POS
terminal when the contacts of the smartchip are physically interfaced with a smartchip
reader that is integrated into or coupled with a POS terminal. The microprocessor chip or
smartchip enables the POS terminal to read payment card information stored within the
25 smartchip or on a memory within the payment card. Recently, payment cards also
incorporate a radio frequency antenna or a contactless communication chip, which, respond
to detection of electromagnetic waves of an appropriate radio frequency (for example,
electromagnetic waves generated by a POS terminal) by contactlessly transmitting payment
card information to the POS terminal.
3
[004] An example of payment cards that incorporate a microchip (henceforth referred
to a “chip card(s)”) are EMV chip cards (Europay-Mastercard-Visa chip cards), which use
cryptograms (encrypted data tokens) to secure cardholder data every time a transaction is
5 carried out. EMV chip cards were designed to address security issues associated with
magnetic stripe cards by utilizing cryptograms. Chip cards such as EMV cards use an
embedded processor chip to store the cardholder’s sensitive data. The chip is configured to
generate a one-time cryptogram for each transaction – the one-time cryptogram containing
encrypted data corresponding to the chip card and / or the corresponding payment account
10 associated with the chip card and / or the transaction amount. The one-time cryptogram is
transmitted from the chip by a point-of-sale terminal which reads the chip card for the
process of implementing a payment transaction. The cryptogram is transmitted to an issuer
network corresponding to the chip card, which decodes the cryptogram and uses the data
extracted from the decoded cryptogram to validate the authenticity of the chip card and to
15 process the payment transaction. If the authenticity of the chip card is successfully validated,
the payment transaction is authenticated and implemented by the issuer.
[005] Figure 1 illustrates a conventional system environment 100 for implementing a
POS terminal based payment transaction – within which a chip card based payment
20 transaction may be implemented. In system environment 100, payment card 102 is a chip
card that interfaces with POS terminal 104, and a payment transaction is initiated based on
payment card information retrieved by POS terminal 104 from payment card 102 over a
communication interface provided within payment card 102.
25 [006] Payment card information associated with the chip card 102, and transaction data
such as the payment amount for a payment transaction, are encoded into a cryptogram
generated by the microprocessor chip within chip card 102. In an embodiment, the data
encoded into the cryptogram may include any one or more of a payment card number or
payment account number, an issuer network identifier, payment card validity information,
30 and the payment amount associated with a payment transaction. POS terminal 104 transmits
a payment instruction through network 106 to an acquirer network 108 (i.e. a data network
4
maintained by an acquirer institution with which the payee account is maintained). The
payment instruction may include the cryptogram and a payee account identifier. Acquirer
network 108 in turn transmits the payment instruction to issuer network 110 (i.e. a data
network maintained by an issuer institution which has issued payment card 102 to the
5 corresponding payor) through payment network 112 (i.e. a data network maintained by an
intermediary between the payee’s acquirer and the payor’s issuer - for example,
Mastercard® or Visa®). Subject to successful authorization of the payment card, the
requested payment is authorized and the payment amount (that is extracted from the
cryptogram) is transferred from a payment account associated with payment card 102 to the
10 payee account. Authorization of the payment card 102 includes validation of authenticity of
the payment card 102 based on data extracted from the cryptogram by the issuer network
110. Confirmation of successful transaction completion may thereafter be transmitted back
to POS terminal 104.

15 [007] Since authentication of a chip card based payment transaction involves
generation of a transaction specific cryptogram, and involves transmission of the transaction
specific cryptogram via the POS terminal to an issuer network, there is no existing solution
that permits for implementing a chip card based payment transaction without physically
presenting the chip card at a POS terminal. This presents difficulties where a cardholder
20 wants to authorize another person to carry out a payment transaction using the cardholder’s
chip card at a POS terminal, but at the same time does not want to give such third person the
chip card itself (for example, for reasons of security). Thus there is a need for a solution to
enable a cardholder to authorize another person to carry out a payment transaction using
the cardholder’s chip card at a POS terminal, without having to allow such person to carry
25 the chip card for executing the payment transaction.

We Claim:
1. A method for implementing a card-not-present payment transaction at a point-ofsale (POS) terminal based on a payment card that includes a processor chip and that is
5 enabled for contactless communication, the method comprising implementing at a cloud
POS platform that comprises at least one processor, the steps of:
receiving from a user device:
10 a pre-authorization token image of an imageable token; and
a cryptogram generated by the processor chip within the payment card, wherein the
cryptogram comprises encrypted data identifying a payment account associated
with the payment card and a pre-authorized payment amount;
15 generating a pre-authorization data record, and storing the pre-authorization token image,
the cryptogram and a pre-authorization transaction identifier within the pre-authorization
data record;
transmitting the pre-authorization transaction identifier to the user device;
20
receiving from a POS terminal, a first payment transaction request comprising a
verification token image, a verification transaction identifier, and payment transaction
parameter data;
25 responsive to identifying a match between data within the received payment transaction
request and the pre-authorization data record:
retrieving the cryptogram from the pre-authorization data record; and
42
initiating an electronic payment transaction by transmitting to an acquirer network,
a second payment transaction request comprising the retrieved cryptogram and the
received payment transaction parameter data.
5 2. The method as claimed in claim 1, wherein the match between data within the
received payment transaction request and the pre-authorization data record is identified in
response to a determination that:
the verification token image within the received payment transaction request
10 matches the pre-authorization token image within the pre-authorization data
record; and
the verification transaction identifier within the received payment transaction
request matches the pre-authorization transaction identifier within the pre15 authorization data record.
3. The method as claimed in claim 1, wherein:
the pre-authorization token image comprises an image of an imageable token acquired by a
20 first image capture device coupled with the user device; and
the verification token image comprises an image of the imageable token acquired by a
second image capture device coupled with the POS terminal.
25 4. The method as claimed in claim 3, wherein the imageable token comprises any of a
handwritten note, a signed note, or note including text content, a typed note, a hand-drawing,
an artistic work, a caricature, a doodle, a scribble, or any two dimensional or three
dimensional object that is capable of being imaged by the first and second image capture
devices.
30 5. The method as claimed in claim 1, wherein:
43
the pre-authorization verification transaction identifier is generated by the cloud POS
platform; and
5 the verification transaction identifier is input through a user interface coupled with the POS
terminal.
6. The method as claimed in claim 1, wherein the payment transaction parameter data
comprises one or both of payee account information, and a transaction payment amount
10 input at the POS terminal.
7. The method as claimed in claim 1, wherein:
the second payment transaction request is transmitted from the acquirer network to an
15 issuer network; and
the issuer network is configured to:
decrypt the cryptogram; and
20 transfer the pre-authorized payment amount from the payment account associated
with the payment account to a payee account that is identified based on the
payment transaction parameter data.
8. A system for implementing a card-not-present payment transaction at a point-of25 sale (POS) terminal based on a payment card that includes a processor chip and that is
enabled for contactless communication, the system comprising a processor implemented
cloud POS platform that comprises at least one processor and a memory, wherein said
cloud POS platform is configured for:
30 receiving from a user device:
44
a pre-authorization token image of an imageable token; and
a cryptogram generated by the processor chip within the payment card, wherein the
5 cryptogram comprises encrypted data identifying a payment account associated
with the payment card and a pre-authorized payment amount;
generating a pre-authorization data record, and storing the pre-authorization token image,
the cryptogram and a pre-authorization transaction identifier within the pre-authorization
10 data record;
transmitting the pre-authorization transaction identifier to the user device;
receiving from a POS terminal, a first payment transaction request comprising a
15 verification token image, a verification transaction identifier, and payment transaction
parameter data;
responsive to identifying a match between data within the received payment transaction
request and the pre-authorization data record:
20 retrieving the cryptogram from the pre-authorization data record; and
initiating an electronic payment transaction by transmitting to an acquirer network,
a second payment transaction request comprising the retrieved cryptogram and the
received payment transaction parameter data.
25 9. The system as claimed in claim 8, wherein the match between data within the
received payment transaction request and the pre-authorization data record is identified in
response to a determination that:
45
the verification token image within the received payment transaction request
matches the pre-authorization token image within the pre-authorization data
record; and
5 the verification transaction identifier within the received payment transaction
request matches the pre-authorization transaction identifier within the preauthorization data record.
10. A computer program product for implementing a card-not-present payment
10 transaction at a point-of-sale (POS) terminal based on a payment card that includes a
processor chip and that is enabled for contactless communication, comprising a nontransitory computer usable medium having a computer readable program code embodied
therein, the computer readable program code comprising instructions for implementing at a
cloud POS platform that comprises at least one processor, the steps of:
15 receiving from a user device:
a pre-authorization token image of an imageable token; and
a cryptogram generated by the processor chip within the payment card, wherein the
20 cryptogram comprises encrypted data identifying a payment account associated
with the payment card and a pre-authorized payment amount;
generating a pre-authorization data record, and storing the pre-authorization token image,
the cryptogram and a pre-authorization transaction identifier within the pre-authorization
25 data record;
transmitting the pre-authorization transaction identifier to the user device;
46
receiving from a POS terminal, a first payment transaction request comprising a
verification token image, a verification transaction identifier, and payment transaction
parameter data;
5 responsive to identifying a match between data within the received payment transaction
request and the pre-authorization data record:
retrieving the cryptogram from the pre-authorization data record; and
10 initiating an electronic payment transaction by transmitting to an acquirer network,
a second payment transaction request comprising the retrieved cryptogram and the
received payment transaction parameter data.