T 1021/05 () of 17.6.2008

European Case Law Identifier: ECLI:EP:BA:2008:T102105.20080617
Date of decision: 17 June 2008
Case number: T 1021/05
Application number: 00302183.9
IPC class: G07F 7/10
Language of proceedings: EN
Distribution: D
Download and more information:
Decision text in EN (PDF, 30.595K)
Documentation of the appeal procedure can be found in the Register
Bibliographic information is available in: EN
Versions: Unpublished
Title of application: Payment authorisation method and apparatus
Applicant name: Tradesafely.com Limited
Opponent name: -
Board: 3.4.03
Headnote: -
Relevant legal provisions:
European Patent Convention 1973 Art 56
Keywords: Inventive step (no)
Catchwords:

-

Cited decisions:
-
Citing decisions:
-

Summary of Facts and Submissions

I. This is an appeal against the refusal of application 00 302 183 for lack of an inventive step over inter alia

D2: US 5 826 241 A.

II. At oral proceedings before the board the appellant applicant requested that the decision under appeal be set aside and that a patent be granted in the following version: claims according to the main request, or alternatively according to the first or a second auxiliary request, all submitted during the oral proceedings.

III. Claim 1 of the main request reads as follows:

"1. Apparatus for authentication of credit or debit transactions made on-line, wherein goods or services are ordered from a merchant web site via a customer Internet browser and the order sent with credit or debit card details for payment from a credit or debit account to a merchant web site comprising, at the site of the credit or debit card issuer honouring the debit or credit payment:

means adapted to authorise a transaction between customer and merchant notified by the merchant; and

means adapted to seek from the account holder, prior to determining authorisation, verification of the transaction request indicating whether or not the transaction is accepted, wherein the means adapted to seek verification includes means for sending an email to the account holder."

IV. Claim 1 of the first auxiliary request corresponds to claim 1 of the main request with the following addition at the end of the claim:

"...and means for receiving an email response from the account holder."

V. Claim 1 of the second auxiliary request reads:

"1. An on-line system for purchase of goods or services by customer from a merchant via a web site comprising:

at the merchant:

means adapted to receive an order from a customer via an Internet browser including credit or debit card details for payment from a debit or credit card account;

means adapted to request authorisation to fulfil the order from a credit or debit card issuer honouring the debit or credit payment;

at the credit or debit issuer:

means adapted to send an email to the account holder on receipt of an authorisation request from the merchant, the email requesting verification of the debit or credit transaction;

means adapted to receive a reply to the email from the account holder;

means adapted to refuse authorisation of the transaction if the reply received from the account holder does not accept the transaction; and

at the account holder:

means adapted to receive the email from the credit or debit card issuer; and

means adapted to send an electronic response to the email to the credit or debit card issuer."

VI. In addition, each request contains an independent claim directed at a corresponding method of authorising purchases on-line.

VII. Reference is also made to the following prior art document:

D1: WO 99 14711 A.

VIII. The appellant applicant argued as follows:

The subject-matter of claim 1 of the main and the first and second auxiliary requests was new and involved an inventive step over the cited prior art.

Document D1 disclosed a payment procedure in which verification of the transaction was achieved by sending an SMS to the account holder and making the authorisation of the transaction dependent on the SMS received in response from the account holder.

The application used email messages instead of SMS messages for this verification, by which additional security and reduced costs were achieved. The use of SMS messages required the customer to carry his mobile phone with him, with the risk of both his credit card and his mobile phone being stolen together, making it possible for the thief to authorise transactions with the stolen card. Email however could be handled via the same fixed computer used for ordering the goods via the internet and was thus less prone to fraud. Moreover, no mobile phone for receiving SMS messages was needed, thereby reducing the equipment and costs involved.

Document D2, disclosed a payment system in which for security reasons no credit card details were sent with the order.

Reasons for the Decision

1. The appeal is admissible.

2. Main request

2.1 Novelty

2.1.1 Document D1

Document D1 discloses an on-line payment system for the purchase of goods or services by a customer from a merchant. In particular, D1 involves three participants, the first one ("account holder 10") being the person who has the right of disposing of a bank account, which is to be charged by a given transaction (page 10, lines 24 to 31 and figure 1). The payment is to be done by using a bank card, such as a credit card (see also page 1, lines 24, 25). The second participant ("requester of authorization 20") is a person or organization, e.g. a warehouse, a POS terminal, etc., which sells goods or provides services and at which participant payment is possible by using a bank card, and which participant would like to obtain the payment through a remittance to his bank account (page 10, line 31 to page 11, line 8). Finally the third participant is a bank ("bank 30") which keeps, on the one hand, an account of the requester of authorization and, on the other hand, a covering account of the bank card of the account holder, where, among others, the data required for establishing a quick connection to the account holder through a telecommunication network are also stored (page 11, lines 8 to 13).

In the course of purchasing, account holder 10, preferably by establishing a computer linkage, eg through the internet, submits his order (ie via an internet browser) and, at the same time, his bank card including the identification data of his bank card together with other data referring to the mode of payment to the requester of authorization 20. The latter requests an authorization permitting the use of the bank card by issuing, through his appropriate terminal, a request of authorization signal to the bank 30.

Out of the appropriate data of this authorization requesting signal, an authorization override request signal is produced by the bank 30 using electronic data processing, and from this authorization override request signal a message signal is deduced, again by using electronic data processing, which message signal is transmitted, preferably in SMS format, through an appropriate terminal and usually through the centre of a mobile telephone network, to the mobile telephone set of account holder 10.

Depending on the information content of message signal, received by his mobile telephone set, either a permitting or a prohibiting return message signal is produced by the account holder 10, which will then be returned to the bank 30 through the telecommunication network, preferably in SMS or DTFM mode of operation or in the form of a tone signal.

From this return message signal (or from the lack of it within a predetermined period of time) a return signal understandable by a computer is produced at the bank 30, and an authorization override signal signifying permission or prohibition is generated, depending on the information content of the return signal. Besides this, bank 30 checks whether enough funds are available on the backing account of the account holder 10 to cover the particular transaction, and accordingly, produces an authorizing signal with the appropriate meaning. In case of an authorization override signal with an affirmative meaning for the authorization requester 20, the bank 30 authorizes the use of the card by sending an authorizing signal. It also charges the backing account of the account holder 10 with the relevant sum, and credits it to the account of the authorization requester 20. In case a return message signal with a prohibiting meaning has been received by the bank 30, it issues an authorizing signal prohibiting the use of the card to the authorization requester 20 (page 11, line 13 to page 12, line 25).

2.1.2 Accordingly, document D1 discloses, using the terminology of claim 1 of the main request, an

apparatus for authentication of credit or debit transactions made on-line, wherein goods or services are ordered from a merchant web site via a customer Internet browser and the order sent with credit or debit card details for payment from a credit or debit account to a merchant web site,

comprising, at the site of the credit or debit card issuer honouring the debit or credit payment:

means adapted to authorise a transaction between customer ("account holder 10") and merchant ("requester of authorization 20") notified by the merchant; and

means adapted to seek from the account holder, prior to determining authorisation, verification of the transaction request indicating whether or not the transaction is accepted, wherein the means adapted to seek verification includes means for sending a "message" to the account holder.

2.1.3 According to D1 the message is preferably in SMS format, whereas according to claim 1 it is an email. Hence, all features of claim 1 are known from document D1, except for the means for sending an email to the account holder.

The subject-matter of claim 1 of the main request is therefore new with respect to document D1 (Articles 52(1) EPC 2000 and 54(1) and (2) EPC 1973).

2.2 Inventive step

2.2.1 The appellant applicant argued that the use of email rather than SMS provided additional security and reduced costs. The use of SMS messages for the verification of the transaction request required the customer to carry his mobile phone with him, with the risk of both his credit card and his mobile phone being stolen together, offering the thief the possibility of authorising any transaction with the credit card. Email however could be handled via the same fixed computer used for ordering the goods via the internet and thus had a reduced risk of becoming accessible by a credit card thief. Moreover, as email could be accessed by the fixed computer used for ordering the goods, no extra equipment for receiving an SMS such as a mobile phone was required, thereby reducing the equipment and costs involved.

As to the security issue, the board notes that according to the application (see description as originally filed, page 7, lines 24 to 28) "Preferably, the verification request is sent as an e-mail and preferably to an Internet enabled mobile telecommunications device such as a mobile phone. This has the advantage that the verification request can be received by the customer at the point of purchase". Moreover, according to the application (see description as originally filed, page 16, lines 1 to 7) "The manner in which the electronic communication is received in each of the embodiments described is not important. For example, the pre-registered address for electronic communications could be an Internet enabled mobile phone. This would allow a customer to make on-line purchases either from their mobile phone or from an Internet browser on a PC attached to the Internet". The application, thus, in fact explicitly envisages the use of a mobile phone. No mention is made on the other hand of the email being sent to a fixed computer used for placing the order.

Claim 1 is not restricted to the email being sent to a fixed computer and includes eg the email being sent to an internet enabled mobile phone. Accordingly, the alleged security advantages of the use of a fixed computer over the use of mobile phones cannot support inventive step of the subject-matter of claim 1.

Moreover, as far as security is concerned, whereas an SMS bears the risk of eg the mobile phone to which it is sent being stolen, email messages typically have to go through intermediate computers before reaching their destination, so that it is relatively easy for others to intercept and read them. Moreover, whereas SMS messages are sent to a particular mobile phone and can typically only be accessed via this phone, email messages, in particular with internet email, can be accessed from many locations making it more prone to illegal access. Both email accounts and mobile phones are typically protected by passwords and/or PINs (computer lock, phone lock, SIM lock etc...) offering individually adjustable additional security in each case.

As far as the additional cost argument is concerned, it is noted that at the filing date of the application mobile phones were widespread, so that they would hardly represent additional costs for most users. In fact, it should be kept in mind that the application as filed indicates mobile phones as preferred equipment for receiving/sending the email messages. Moreover, if the costs associated with sending/receiving SMS messages were really an issue, this would rather incite the person skilled in the art to look for alternatives.

All in all, in the board's judgement each system, SMS or email, has its pros and cons known to the person skilled in the art.

Accordingly, the objective problem to be solved relative to document D1 may be formulated as finding an alternative to the SMS message of D1 for seeking verification.

2.2.2 In the board's judgement email messages represent to the person skilled in the art, an electronic engineer in the present case, an obvious alternative to the SMS messages of D1. In this respect it is noted that for instance document D2, relating to a similar payment system in which a message is sent to (and received from) the account holder to seek verification of the transaction request, already suggests the use of email messages to this end (see eg column 8, lines 19 to 36). Accordingly, it would be obvious to the person skilled in the art to replace the SMS messages in D1 by email messages, and thus to provide the corresponding sending (and receiving) means, it lying within the competence of the person skilled in the art to balance factors such as security and cost associated with each system against each other.

Accordingly, the subject-matter of claim 1 of the main request lacks an inventive step within the meaning of Article 56 EPC 1973, contrary to the requirements of Article 52(1) EPC 2000.

The appellant's main request is therefore not allowable.

3. First auxiliary request

Claim 1 of the first auxiliary request corresponds to claim 1 of the main request with the following addition at the end of the claim:

"...and means for receiving an email response from the account holder."

As discussed above, in document D1 both the message sent to the account holder and the response thereto are in SMS format. It follows from the considerations above relating to the main request that, by the same token, it would be obvious to the person skilled in the art seeking an alternative to SMS messages of D1, to replace both the message sent to the account holder and the response message by email messages and to provide the corresponding sending/receiving means.

Accordingly, the subject-matter of claim 1 of the first auxiliary request also lacks an inventive step within the meaning of Article 56 EPC 1973, contrary to the requirements of Article 52(1) EPC 2000.

Hence, the appellant's first auxiliary request is not allowable.

4. Second auxiliary request

Claim 1 of the second auxiliary request is directed at an on-line system for purchase of goods or services by customer from a merchant via a web site.

It comprises at the merchant:

means adapted to receive an order from a customer via an Internet browser including credit or debit card details for payment from a debit or credit card account, and means adapted to request authorisation to fulfil the order from a credit or debit card issuer honouring the debit or credit payment.

As discussed above, the system of document D1 includes these means at the merchant ("requester of authorization 20").

The system of claim 1 further comprises at the credit or debit (card) issuer:

means adapted to send an email to the account holder on receipt of an authorisation request from the merchant, the email requesting verification of the debit or credit transaction;

means adapted to receive a reply to the email from the account holder;

means adapted to refuse authorisation of the transaction if the reply received from the account holder does not accept the transaction, and

at the account holder:

means adapted to receive the email from the credit or debit card issuer; and

means adapted to send an electronic response to the email to the credit or debit card issuer.

As discussed above, these means are provided in document D1, albeit for sending/receiving messages in SMS format. For the reasons given above, it would be obvious to the person skilled in the art to replace the SMS means by email sending/receiving means.

Accordingly, the subject-matter of claim 1 of the second auxiliary request also lacks an inventive step within the meaning of Article 56 EPC 1973, contrary to the requirements of Article 52(1) EPC 2000.

The appellant's second auxiliary request is therefore not allowable either.

ORDER

For these reasons it is decided that:

The appeal is dismissed.

Quick Navigation