FORM 2
THE PATENTS ACT, 1970
(39 of 1970)
&
THE PATENTS RULES, 2003
PROVISIONAL SPECIFICATION
(See section 10, rule 13)
1. Title of the invention
A METHOD AND SYSTEM OF FINANCIAL INSTRUMENT AUTHENTICATION IN A COMMUNICATION
NETWORK
2. Applicants)
Name Nationality Address
MCHEK INDIA PAYMENT SYSTEM PVT. LTD. INDIA A 102, DELPHI HJRANANDAN) BUSINESS PARK. POWAI, MUMBAI-76
3. Preamble to the description
PROVISIONAL
The following specificat SPECIFICATION

ion particularly describes the invention.

This present disclosure relates to a system for processing financial transactions. More specifically, the disclosure relates to authentication of ownership of a financial instrument over a communication network.
Background
In existing systems employed for the authorisation of financial transactions utilizing credit cards and debit cards, it is difficult to acquire a firm guarantee that the person initiating the financial transaction is authentic and authorised to conclude the financial transaction. Currently the processes employed by financial institutions e.g., banks do little more than guarantee the availability of funds in the account in issue. It is a process that provides no more than authorisation of the financial transaction after ensuring that funds are accessible to complete the financial transaction. However, these processes do not provide any means of authenticating the ownership of the financial instrument being used by the individual making the transaction.
Instances of fraud and charge-backs in mobile-based transactions are a constant concern, and validation of the mobile number in this regard is also useful. Banks and other financial institutions are still exploring the use of mobile commerce to allow their customers to not only access account information, but also make transactions, e.g. purchasing products and services, remitting money via mobile phones and other forms of mobile commerce. However, there exist security concerns of such transactions and particularly issues relating to ownership of the financial instruments used in such transactions.
This invention seeks to address some or all the above mentioned problems by
providing an authentication method and process for the linking of a card or account to
2

a mobile phone and authenticating the identity and ownership of that card or account by the user. In addition, the invention seeks to introduce a mechanism at least partly to automate these processes rather than relying on existing manual verification and authentication processes.
Brief Description of Drawings
Examples of embodiments of the invention are illustrated by way of illustration and not limitation in the figures of the accompanying drawings, in which like references indicate similar element and in which;
Figure 1 is a block diagram illustrating a method for authorization and authentication of a financial transaction according to an embodiment of the invention;
Detailed Description
For the purpose of promoting an understanding of the principles of the invention, reference will now be made to the embodiment illustrated in the drawings and specific language will be used to describe the same. It will nevertheless be understood that no limitation of the scope of the invention is thereby intended, such alterations and further modifications in the illustrated system, and such further applications of the principles of the invention as illustrated therein being contemplated as would normally occur to one skilled in the art to which the invention relates.
It will be understood by those skilled in the art that the foregoing general description and the following detailed description are exemplary and explanatory of the invention and are not intended to be restrictive thereof. Throughout the patent specification, a convention employed is that in the appended drawings, like numerals denote like components.
3

Reference throughout this specification to "one embodiment" "an embodiment" or similar language means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the present invention. Thus, appearances of the phrase "in one embodiment", "in an embodiment" and similar language throughout this specification may, but do not necessarily, all refer to the same embodiment.
In the context of this specification:
an "authorisation code" is a code that is representative of a transaction and is often essential to allow a transaction to be completed;
a "cardholder" is a user which possesses a credit/debit card linked to a financial account with a financial institution; an "account holder" is a user which possesses a financial account with a financial institution;
a "third-party" is an independent institution facilitating financial transactions over a communication network;
an "acquiring bank" is the financial institution that processes payments for the products or services on behalf of a merchant;
an "issuer bank" is a financialinstitution that issues the financial instrument to the "cardholder" and authorizes payments on this financial instrument.
In mobile commerce scenario, a financial instrument, such as credit or debit card or a bank account, is linked to a mobile number which is subsequently used for transactions.
A method of authenticating ownership of a financial instrument over a
communication network is discussed. The method provides for authenticating the
4

ownership of a financial instrument such as a credit or debit card or even a bank account and linking the same to a mobile communication identifier at a third party. On receiving a user request to link a financial instrument with a mobile communication identifier such as a mobile number, the third party carries out a transaction on the financial instrument, details of which are accessible to an authenticated owner of the financial instrument, and the user is required to provide details of such a transaction to the third party in order to authenticate ownership. Once the ownership of the financial instrument is established, the same is linked to the mobile number of the user with a verified status, and the user may carry out subsequent transactions on the mobile number using the authenticated financial instrument linked to it.
In accordance with an embodiment, a method of authenticating and authorising ownership of a cardholder is illustrated in Figure 1. A cardholder (100) registers a financial instrument with a third party (200) and submits the instrument details such as the card number, date of expiry, card verification code and / or card PIN. This financial instrument is to be linked to a mobile communication identifier such as but not limited to a mobile phone number. The details of such a mobile communication device are also provided by the user to the third party. The third party (200) carries out a transaction on the financial instrument and receives a transaction confirmation from the bank. The user is required to access details of this transaction from the bank (300) and submit the same to the third party in order to confirm ownership of the financial instrument.
The transaction carried out by the third party may be for a random or fixed
amount. The transaction may also be a complete transaction where the user is charged
5

or an incomplete transaction where the transaction is held pending. In accordance with an embodiment, the transaction amount could be a small amount of Rs. 1 or Rs. 2 and should be enough to ensure infrastructure recognition and acceptance of the individual authorizations but not so much as to unnecessarily, though temporarily, burden the account. Those skilled in the art will recognize that the total amount of such transactions may be any amount again so long as the account is not unnecessarily burdened. The purpose is to randomize the total amount of transactions so as to preclude a fraudulent cardholder from guessing at the verification information. The randomly selected amount of the transaction, therefore serves as temporary-identification code to permit electronic, near-real-time verification of the card user as an authorized cardholder.
The user may access the transaction details either by logging into the bank's website, calling the bank and authenticating himself or some other means. Alternatively, the bank (300) may send a message to the user with the transaction details.
The transaction details required for confirming ownership at the third party may include the transaction amount, the authorization code or any other transaction identifier. In the event of a fixed amount transaction, the authorization code or other transaction details may be used for verification.
In accordance with an aspect the user is required to submit the transaction details
from the mobile phone number which he has registered with the third party. As the
user has successfully obtained the transaction details after due verification at the bank
and has submitted the detail of the transaction to the third party, the ownership of the
6

financial instrument is confirmed. In addition, if the user submits the transaction details using the registered mobile communication identifier such as the mobile phone number, then the mobile phone number is also validated as belonging to the owner of the financial instrument. The token transaction may be reversed after successful validation, if necessary. However, the token transaction may not need to be revered if it was only for authorization and no settlement information is sent.
After successful validation of ownership of the financial instrument, the third party links the financial instrument to the mobile phone number, with a verified status and the user may now carry out subsequent transactions using the mobile phone number. The third party acts as the financial gateway for a mobile communication network and the user is not required to independently submit his financial instrument details at each vendor.
In accordance with an embodiment, the authorizing bank sends the transaction details to the registered mobile phone number for that user. The user in turn submits or forwards these details to the third party. As the third party does not submit the mobile phone number registered with it to the bank at the time of the transaction, while the bank sends the transaction details to the registered mobile phone number, the submission of the transaction details by a user validates the ownership of the financial instrument as well as the mobile phone number.
In order to authorize a transaction, third party sends an authentication request to
its bank, referred to as the acquiring bank, on behalf of the merchant. The acquiring
bank in turn validates the transaction with the issuing bank, and on receiving a
validation from the issuing bank validates the transaction with the third party. In
7

accordance with an alternate embodiment, a third party on completing a transaction with the bank and on receiving transaction details from the acquiring bank, sends the transaction details to the issuing bank along with the mobile phone number that was registered with it by the user. The issuing bank is requested to confirm both the transaction details and the mobile phone number for that user. On receiving a successful validation for the mobile phone number from the issuing bank the user is validated at the third party, with a verified status.
While specific language has been used to describe the invention, any limitations arising on account of the same are not intended. As would be apparent to a person in the art, various working modifications may be made to the system in order to implement the inventive concept as taught herein.
Dated this 26th Day of September, 2008
Essenese Obhan
Of Obhan and Associates
Agent for the Applicant
8