WO2013179271A2

WO2013179271A2 - Method and system for human assisted secure payment by phone to an insecure third-party service provider

Info

Publication number: WO2013179271A2
Application number: PCT/IB2013/054510
Authority: WO
Inventors: Venkatachalam Sthanu Subra MANI
Original assignee: Mani Venkatachalam Sthanu Subra
Priority date: 2012-06-01
Filing date: 2013-05-31
Publication date: 2013-12-05
Also published as: WO2013179271A3

Abstract

A system and method for human assisted secure payment to an insecure third-party service provider, wherein the system comprises: pre-registration mechanism adapted to allow users (or customers) to pre-register in order to avail the use of the system and method of this invention; affiliate registration mechanism adapted to allow payee affiliates to pre-register in order to avail the use of the system and method of this invention; post-registration mechanism adapted to allow a user to register a plurality of identity tags (or nicknames); each identity tag relating to payment information for a particular payment instrument; and phone payment mechanism adapted to allow a user to make payments in a seamlessly secure manner by means of phone.

Description

METHOD AND SYSTEM FOR HUMAN ASSISTED SECURE PAYMENT BY PHONE TO AN INSECURE THIRD-PARTY SERVICE PROVIDER

Field of the invention

The invention relates to the field of information systems, security systems, databases for electronic payments.

More particularly, the invention relates to information systems, security systems, databases for human assisted payments.

Still particularly, the invention relates to information systems, security systems, databases for human assisted secure payments.

Specifically, the invention relates to a method and system for human assisted secure payment to an insecure third-party service provider.

Background of the invention

Modes of payments in the physical world as well as in the virtual world have increased multi-fold in the last couple of decades. From basic paper money such as cash and cheque transactions to incorporation of plastic money such as credit cards and debit cards to internet banking provisions such as virtual payment gateways, Paypal™ or the like have crept into daily lives of human beings. All these resemble the variety of payment instrument.

Payments in both the physical world and the virtual world are a sensitive issue. Thieves, hackers, conmen; are a variety of fraudulent beings from whom security of payments is to be warranted. Hence, combinations of identities and / or passwords are used in order to secure the identity and ownership of payment instrument and the authority to use the payment mechanism. A credit card comes with a credit card number, name, date of expiry, CW number, internet pin number; combinations of which are used to authorise a transaction. Similarly, a net banking payment instrument includes usernames and multiples of passwords or challenge questions in order to securely authorise a transaction.

Use of payment instrument may be in person, through the Internet, or even through a phone / telephone / mobile phone.

Payment through phone call is observed to be one of the most convenient means of making a payment. It also offers a customer the choice of paying through several means without carrying all the instruments.

In some cases, the customer may have additional benefits availed by paying through a specific means. While Internet access limits itself to computers, laptops, or smart phones, accessibility to them may not be possible at all times. In such instances, a secure payment mechanism via a phone would be immensely helpful. For example, the customer intending to procure a limited time sale item from a shop may miss out on the cash-back for using a credit card that he / she has but is not carrying at the moment.

A typical voice based payment service involves a customer calling up the service provider and mentioning the details of payee, payment amount, and the payment instrument he / she intends to use for the purpose. The human operator enters these details on a system interface and submits the payment request to a payment gateway provider. On approval, the transaction details are communicated to both the payee and the customer. Providing such a service as a non-payment-gateway-third-party service provider is fraught with security concerns if it includes a human operator who is privy to the confidential aspects of payment details.

Certain countries do not allow third party service providers to store certain information, viz. credit card related information. Also, communicating instrument information like credit card details on a phone has its own security problems. These points are easily mitigated if the secure phone based payment scheme does not involve explicit communication of the payment instrument details to the service provider; hence the demand for such a service exists.

Objects of the Invention

An object of the invention is to provide a secure system and method for human assisted secure payment to an insecure third-party service provider.

Another object of the invention is to provide a system and method which does not allow a human element during the most sensitive nature of effecting a payment which pertains to payment instrument information.

Summary of the Invention:

The present invention, in a preferred embodiment, provides systems and methods for human assisted secure payment to an insecure third-party service provider, wherein the system comprises:

pre-registration mechanism adapted to allow users (or customers) to pre-register in order to avail the use of the system and method of this invention, said pre-registration mechanism comprising a combination of first and second registration mechanisms; a first registration mechanism selected from a first group consisting of web based registration module of personal details and a phone based registration module of personal details and a second registration mechanism selected from a second group consisting of web based registration module of payment details and a phone based registration module of payment details;

affiliate registration mechanism adapted to allow payee affiliates to pre-register, said affiliate registration mechanism comprising a combination of first and second registration mechanisms; a first registration mechanism selected from a first group consisting of web based registration module of personal details and a phone based registration module of personal details and a second registration mechanism selected from a second group consisting of web based registration module of payment details and a phone based registration module of payment details;

post-registration mechanism adapted to allow a user to register a plurality of identity tags (or nicknames); each identity tag relating to payment information for a particular payment instrument; and

phone payment mechanism adapted to allow a user to make payments in a seamlessly secure manner by means of a phone and its voice channel and a dial-pad.

Typically, said system comprises a SMS (Short Message Service) payment mechanism adapted to allow a user to make payments in a seamlessly secure manner by means of a phone and its text channel and dial-pad.

Typically, said system comprises an additional verification mechanism adapted to provide additional layers of security for enabling a secure payment transaction using the system of this invention.

Typically, said system comprises a payment process and notification mechanism adapted to generate a payment request by a third party service provider to the secure payment gateway service, on behalf of the customer, once the payment mechanism is effectively engaged.

Brief description of the accompanying drawings

The invention will now be described in relation to the accompanying drawings, in which:

Figure 1 illustrates a schematic flow-diagram of the system for human assisted secure payment to an insecure third-party service provider.

Figure 2 illustrates a schematic flow-diagram of the method for pre-registration of a user or a customer using a pre-registration mechanism (PRM)

Figure 3 illustrates a schematic flow-diagram of the method for pre-registration of an affiliate using an affiliate registration mechanism (ARM) Figure 4 illustrates a schematic flow-diagram of the method for human assisted secure payment to an insecure third-party service provider using a phone calling procedure.

Figure 5 illustrates a schematic flow-diagram of the method for human assisted secure payment to an insecure third-party service provider using an SMS.

Detailed description of the preferred embodiments

For the purpose of promoting an understanding of the principles of the invention, reference will now be made to the embodiment illustrated in the drawings and specific language will be used to describe the same. It will nevertheless be understood that no limitation of the scope of the invention is thereby intended, such alterations and further modifications in the illustrated system, and such further applications of the principles of the invention as illustrated therein being contemplated as would normally occur to one skilled in the art to which the invention relates.

It will be understood by those skilled in the art that the foregoing general description and the following detailed description are exemplary and explanatory of the invention and are not intended to be restrictive thereof.

The invention relates to payments. More particularly the invention relates to human assisted payments. More particularly the invention relates to human assisted secure payments. More particularly the invention relates to a method and system for human assisted secure payment to a third-party service provider.

For the purposes of this specification, a 'customer ', as used herein, is a human person intending make a payment using telephone or web-based variant of telephone.

For the purposes of this specification, an 'instrument ', as used herein, is the means of payment, like credit card, debit card and more.

For the purposes of this specification, a 'payment-gateway service provider ', as used herein, is a registered service provider authorized by the law to accept and process a payment made through an instrument. Such a provider is authorized by law to store confidential credit card related details and has a process in-place to store the same securely. Hence this entity is qualified as secure. The terms secure payment-gateway service provider and payment-gateway service provider are equivalent for the purpose of this document.

For the purposes of this specification, a 'third-party service provider ', as used herein, is a business entity who runs the invention as a facility. Hence this entity is qualified as insecure. The terms insecure third-party service provider and third-party service provider are equivalent for the purpose of this document.

For the purposes of this specification, a 'computer system ' with the third party service provider, as used herein, is a computer or a network of computers which are enabled and designed to manage the facility.

For the purposes of this specification, an 'operator ' with the third party service provider, as used herein, is a human being who receives a phone call from the customer and enters the information in the system.

For the purposes of this specification, an 'affiliate ', as used herein, is a service provider enrolled with the third-party service provider who authorizes the aforesaid to collect payments on its behalf.

For the purposes of this specification, the term, 'standardized affiliate name ', refers to a unique name used to identify a registered affiliate.

For the purposes of this specification, the 'payment facility ', as used herein, is the service run by the third-party service provider based on this invention. This service comprises the computer system connected to the payment-gateway service provider and the operator. The payment facility is used by the customer to make a payment to the third party service provider or its affiliates.

For the purposes of this specification, the term, 'confidential payment information ', as used herein, is information relating to identifying and making a financial transaction on behalf of a customer. Disclosure of this information will potentially allow a malicious party to misuse this and make a fraudulent payment for the customer. This comprises items like credit card number and associated verification items like expiry date, CW number, PIN, etc.

For the purposes of this specification, the term, 'standard personal information ', as used herein, is information relating to identifying and providing service to an individual or any organization. Disclosure of this information does not allow a malicious party to misuse this and make a fraudulent payment for the customer. This comprises items like name, address, phone number and email. This does not include confidential payment information.

According to this invention, there is provided a system for human assisted secure payment to an insecure third-party service provider.

Figure 1 illustrates a schematic flow-diagram of the system.

The system and method of this invention allows an insecure third party service provider to mediate a secure payment by a phone.

In accordance with an embodiment of this invention, there is provided a pre-registration mechanism

(PRM) adapted to allow users (or customers) to pre-register in order to avail the use of the system and method of this invention.

Preferably, it may be assumed that the third-party service provider has a prior agreement with the Secure Payment gateway Service. Preferably, a customer may pre-register with the payment facility of the third-party service provider. At the time of registration, the customer may be required to provide both standard personal information as well as confidential payment information. There are, preferably, two cases: the registration can be web-based or by phone call.

The pre-registration mechanism comprises a combination of first and second registration mechanisms selected from a first group and a second group, respectively. Typically, a first registration mechanism is selected from a first group consisting of web based registration module of personal details (WRM-1) and a phone based registration module of personal details (PHM-1) and a second registration mechanism is selected from a second group consisting of web based registration module of payment details (WRM-2) and a phone based registration module of payment details (PHM-2).

In accordance with an aspect of this invention, there is provided a web based registration module of personal details (WRM-1) which is a part of the pre-registration mechanism. This module comprises a web-based input means for allowing a customer to enter standard personal information through a web- based interface. This input means is located at a payment facility website. This payment facility website is communicably coupled to a computer system with the third party service provider which receives the entered standard personal information. A database at the third party service provider stores the transferred standard personal information (said database being maintained by the third party service provider). A phone number is a mandatory item of input at the input means of the payment facility website. This phone number or mobile number is sent and stored at the database of the third party service provider. There is further provided a verification code generation mechanism which generates a verification code upon receipt of a mobile number at the database through the input means. This verification code is generated only the first time or one time at the time of the pre-registration by the user using the pre-registration mechanism (PRM), for a single mobile phone number.

For the purpose of the invention, the terms phone number, telephone number and mobile number can be interchangeably used. In accordance with an aspect of this invention, there is provided a web based registration module of payment details (WRM-2) which is a part of the re-registration mechanism (PRM). This module comprises web based input means adapted to allow a customer to input the verification code received by the verification code generation mechanism of the web based registration module of personal details. There is further provided an authentication means to check authenticity of entered code by means of a comparator. Further, there is provided a channeling means in order to channel the system on to a secure system and GUI which belongs to a secure payment gateway service. This secure system comprises payment information input means adapted to allow a customer to input payment information. This payment information, generally, is confidential payment information. This module still further comprises an identifying token generation means adapted to generate an identifying token upon receipt of payment information, which identifying token is relayed to the third party service provider through a secure communication channel. A database is provided which stores the identifying token in a tagged manner for future reference. The tag relates to payment information and user details.

In accordance with an aspect of this invention, there is provided a phone based registration module of personal details (PHM-1) which is a part of the pre-registration mechanism (PRM). This module comprises a phone based input means adapted to allow a customer to input standard personal information. This may be by means of an IVR (Interactive Voice Response) menu set up for the purpose or by relayed communication to an operator adapted to handle the data entry of the inputs through a data entry interface and mechanism. This data entry interface and mechanism is communicably coupled to a computer system with the third party service provider which receives the entered standard personal information. A database at the third party service provider stores the transferred standard personal information (said database being maintained by the third party service provider). A phone number is a mandatory item of input at the phone based input means. This mobile number is sent and stored at the database of the third party service provider. There is further provided a verification code generation mechanism which generates a verification code upon receipt of a mobile number at the database through the input means. This verification code is generated only the first time, for a single mobile phone number.

In accordance with an aspect of this invention, there is provided a phone based registration module of payment details (PHM-2) which is a part of the pre-registration mechanism (PRM). This module comprises a phone based input means adapted to allow a customer to call a pre-defined number and to input the verification code received by the verification code generation mechanism of the web based registration module of personal details. The verification code may be input by one of the several predefined means of user choice. This may comprise an IVR menu or a combination of non-numerical keys as start code and end code with the verification code in between or the like. There is further provided an authentication means to check authenticity of entered code by means of a comparator. Further, there is provided a channeling means in order to channel the system on to a secure system and rVR mechanism which belongs to a secure payment gateway service. This secure system comprises payment information input means adapted to allow a customer to input payment information. This payment information, generally, is confidential payment information. This module still further comprises an identifying token generation means adapted to generate an identifying token upon receipt of payment information, which identifying token is relayed to the third party service provider through a secure communication channel. A database is provided which stores the identifying token in a tagged manner for future reference. The tag relates to payment information and user details.

In accordance with another embodiment of this invention, there is provided an affiliate registration mechanism (ARM) adapted to allow payee affiliates to pre -register in order to avail the use of the system and method of this invention. Affiliate registration also involves additional paperwork as per laws of the land.

The affiliate registration mechanism comprises a combination of first and second registration mechanisms selected from a first group and a second group, respectively. Typically, a first registration mechanism is selected from a first group consisting of web based registration module of personal details (WRM-3) and a phone based registration module of personal details (PHM-3) and a second registration mechanism is selected from a second group consisting of web based registration module of payment details (WRM-4) and a phone based registration module of payment details (PHM-4). In accordance with an aspect of this invention, there is provided a web based registration module of personal details (WRM-3) which is a part of the pre- registration mechanism. This module comprises a web-based input means for allowing an affiliate to enter standard personal information through a web- based interface. This input means is located at a payment facility website. This payment facility website is communicably coupled to a computer system with the insecure third party service provider which receives the entered standard personal information. A database at the third party service provider stores the transferred standard personal information. A phone number is a mandatory item of input at the input means of the payment facility website. This mobile number is sent and stored at the database of the third party service provider. There is further provided a verification code generation mechanism which generates a verification code upon receipt of a mobile number at the database through the input means. This verification code is generated only the first time, for a single mobile phone number.

In accordance with an aspect of this invention, there is provided a web based registration module of payment details (WRM-4) which is a part of the pre- registration mechanism. This module comprises web based input means adapted to allow an affiliate to input the verification code received by the verification code generation mechanism of the web based registration module of personal details. There is further provided an authentication means to check authenticity of entered code by means of a comparator. Further, there is provided a channeling means in order to channel the system on to a secure system and GUI which belongs to a secure payment gateway service. This secure system comprises payment information input means adapted to allow an affiliate to enter details pertaining to mode of payment receipt information. This payment information, generally, is confidential payment information. This module still further comprises an identifying token generation means adapted to generate an identifying token upon receipt of mode of payment information, which identifying token is relayed to the third party service provider through a secure communication channel. A database is provided which stores the identifying token in a tagged manner for future reference. The tag relates to mode of payment information and user details.

In accordance with an aspect of this invention, there is provided a phone based registration module of personal details (PHM-3) which is a part of the pre-registration mechanism. This module comprises a phone based input means adapted to allow an affiliate to input standard personal information. This may be by means of an IVR menu set up for the purpose or by relayed communication to an operator adapted to handle the data entry of the inputs through a data entry interface and mechanism. This data entry interface and mechanism is communicably coupled to a computer system with the third party service provider which receives the entered standard personal information. A database at the insecure third party service provider stores the transferred standard personal information. A phone number is a mandatory item of input at the phone based input means. This mobile number is sent and stored at the database of the third party service provider. There is further provided a verification code generation mechanism which generates a verification code upon receipt of a mobile number at the database through the input means. This verification code is generated only the first time, for a single mobile phone number.

In accordance with an aspect of this invention, there is provided a phone based registration module of payment details (PHM-4) which is a part of the pre-registration mechanism. This module comprises phone based input means adapted to allow an affiliate to call a pre-defined number and to input the verification code received by the verification code generation mechanism of the web based registration module of personal details. The verification code may be input by one of the several pre-defined means of user choice. This may comprise an IVR menu or a combination of non-numerical keys as start code and end code with the verification code in between or the like. There is further provided an authentication means to check authenticity of entered code by means of a comparator. Further, there is provided a channeling means in order to channel the system on to a secure system and r R mechanism which belongs to a secure payment gateway service. This secure system comprises payment information input means adapted to allow an affiliate to enter details pertaining to mode of payment receipt information. This payment information, generally, is confidential payment information. This module still further comprises an identifying token generation means adapted to generate an identifying token upon receipt of mode of payment information, which identifying token is relayed to the third party service provider through a secure communication channel. A database is provided which stores the identifying token in a tagged manner for future reference. The tag relates to mode of payment information and user details.

In accordance with yet another embodiment of this invention, there is provided a post-registration mechanism (PSM) adapted to allow a user to register a plurality of identity tags (or nicknames); each identity tag relating to payment information for a particular payment instrument. This identity tag enables a user to make payments via a phone. These identity tags can be defined and generated only after successful verification as per information stored during the pre-registration process of the pre- registration mechanism.

In accordance with still another embodiment of this invention, there is provided a phone payment mechanism (PPM) adapted to allow a user to make payments in a seamlessly secure manner by means of phone and its voice channel and dial-pad. This mechanism comprises a pre-defined channel defined with a pre-defined phone number which is input by a customer to start usage of the system of this invention. At a first level of authentication, the mobile number which is used to make the call to the predefined phone number is verified and a transferring means transfers the call to an operator or an input system who takes down or notes down payee details. The payee has to be registered with the third-party service provider as an affiliate. The operator or the input system engages a module which reads out standardized affiliate name to which a customer agrees verbally or by means of the phone input system. A comparator matched the confirmation for further engagement of the system. The identity tags of the customer are fetched by the system in a secure manner. If the customer has multiple identity tags, the customer is prompted to select one of the multiple identity tags using any of the input means including use of phone dial-pad or verbal communication or the like. A comparator identifies the correctness of the input identity tag in relation to the pre-stored identity tag. An automated voice confirmation may read out the affiliate name and may spell out the identity tag alphabets for confirmation. Confirmation may occur by means of voice recognition or key input.

In accordance with an additional embodiment of this invention, there is provided a SMS payment mechanism (SPM) adapted to allow a user to make payments in a seamlessly secure manner by means of a phone and its text channel and dial-pad. This mechanism comprises an SMS input means with a pre-defined template in order to text the SMS to the system of this invention. The template comprises fields pertaining to payment instructions with payment name, amount of payment, and identity tag. It further comprises an authentication means to check authenticity of the identity tag in correlation with the mobile number in order to generate a return SMS to the customer and to generate an approval code by an approval code generating means. The return SMS follows a pre-defined template including fields pertaining to payment instructions with standardized affiliate name, amount, identity tag, and approval code. Still further, there is an approval code input means and an approval code relaying means in order to allow a user to input the received approval code which is relayed for initiation of payment.

In accordance with yet an additional embodiment of this invention, there is provided an additional verification mechanism (AVM) adapted to provide additional layers of security for enabling a secure payment transaction using the system of this invention. This mechanism comprises an automated confirmation mechanism which is engaged by the third part service provider in order to relay a call to the customer initiating the payment using the system and after verification of approval code. The automated confirmation mechanism reads out the affiliate name, the digits of the transaction amount, and spells out the identity tag alpha-numerical(s) to the customer for confirmation which is possible by pressing a pre-defined key on the dial-pad of the phone. The customer name in relation to the identity tag may also be read out. Additional verification mechanism may involve puzzles, part questions, identification questions, challenge questions, selective questions and the like.

In an embodiment of the invention, the additional verification allows a two-way verification where both the customer and the third part service provider can verify each other's authenticity though one or more questions.

In accordance with still an additional embodiment of this invention, there is provided a payment process and notification mechanism (NM) adapted to generate a payment request by the third party service provider to the secure payment gateway service, on behalf of the customer, once the payment mechanism is effectively engaged. An approval identity is generated at the end of the transaction along with a billing reference which is communicated to the customer as well as the affiliate involved per transaction. This may be by means of SMS or any chosen means of communication.

According to this invention, there is also provided a method for human assisted secure payment to an insecure third-party service provider. This method comprises the following, non-limiting, steps:

1. It is assumed that the third-party service provider has a prior agreement with the Secure Payment gateway Service.

2. A customer pre-registers with the payment facility of the third-party service provider.

3. At the time of registration, the customer is required to provide both standard personal information as well as confidential payment information.

4. There are two cases: the registration can be web-based or by phone call.

5. If the registration is web based, the customer enters standard personal information at the payment facility website.

6. The standard personal information travels to the computer system with the third party service provider. This includes the phone number as a mandatory item.

7. These details are stored at the third party database.

8. On providing the mobile number, a SMS message is sent to the same containing verification code for this number if it has not been registered yet. Only one registration is possible with a mobile number.

9. The customer then enters the verification code to seamlessly proceed to a secure page which belongs to the Secure Payment gateway Service where the customer enters the confidential payment information.

10. The Secure Payment gateway Service returns an identifying token to the third party service provider through a secure channel.

11. This token is stored by the third-party service provider for future reference.

12. If the registration is phone based, the customer calls from a mobile phone and enters standard personal information to the operator. The operator acknowledges this and the customer hangs up.

13. The operator enters the standard personal information into the computer system with the third party service provider. This includes the phone number as a mandatory item.

14. On providing the mobile number, a SMS message is sent to the customer containing verification code for this number if it has not been registered yet. Only one registration is possible with a mobile number.

15. The customer now calls the third-party service provider from the same mobile number as provided for registration.

16. In this call the verification code can be submitted by several means.

17. The customer may dial the number followed by a hash and verification code.

18. If not entered at the time of calling the customer will be interfaced to the operator who can facilitate the typing of verification code. Note that the operator never comes to know of this code.

19. On entering the verification code, the customer is seamlessly led to a part of the IVR menu which only interacts with the Secure Payment gateway Service. In effect, this part of the call just relays the typed information to the Secure Payment gateway Service without involving human or storage.

20. Here, the customer enters the confidential payment information, which is automatically relayed to the Secure Payment gateway Service.

21. The Secure Payment gateway Service returns an identifying token to the third party service provider through a secure channel.

22. On receipt of this information, the customer is returned to the operator to conclude the registration process.

23. After registration the customer can pay by phone.

24. Note that the customer can register multiple payment options in this manner. In such a case, the customer has to provide an identity tag for each of these.

25. To pay by phone, a customer calls up the calls the third-party service provider from the same mobile number as provided for registration.

26. The mobile number is verified and the call is transferred to an operator who takes down the payee details.

27. The payee has to be registered with the third-party service provider as an affiliate. 28. Affiliate registration is similar to customer registration, except that the affiliate needs to specify the mode of payment receipt rather than payment options. Affiliate registration will involve additional paperwork as per laws of the land.

29. The operator reads out the standardized affiliate name which the customer verbally verifies.

30. If the customer has multiple registered payment options, the customer is prompted to select his choice by the identity tag.

31. In both cases there is an automated voice confirmation where a recorded voice reads out the affiliate name and spells out the identity tag alphabets to the customer for confirmation.

32. The confirmation happens through IVR by typing a single digit.

33. The customer can also request a payment by SMS to the third-party service provider.

34. The SMS follows a distinct format with reserve words punctuating entry. For example if reserve words are #PAY <payee name> #AMT <amount INR> #NICK <identity tag>.

35. In return the customer gets a SMS that has the format #PAY standardized affiliate name> #AMT <amount INR> #NICK <identity tag> #APRC <approval code>.

36. The customer sends back the approval code to initiate payment.

37. As additional security, the customer gets a call from the third-party service provider where there is an automated voice confirmation where a recorded voice reads out the affiliate name, reads out the digits of the transaction amount and spells out the identity tag alphabets to the customer for confirmation which the customer can do by typing a single digit.

38. As additional security, the affiliate gets a call from the third-party service provider where there is an automated voice confirmation where a recorded voice reads out the customer name and reads out the digits of the transaction amount for confirmation which the customer can do by typing a single digit.

39. On receipt of the request, a payment request is initiated by the third-party service provider to the Secure Payment gateway Service on behalf of the customer.

40. The approval id and billing reference is communicated to both the customer and the affiliate by SMS.

In an embodiment of the invention, there is provided a computer implemented method for human assisted secure payment to an insecure third-party service provider by a system of the present invention, the method comprising the steps of:

a. receiving a call by a customer by the phone payment mechanism with a pre-defined phone number which is input by a customer;

b. authenticating of the phone number or mobile number or customer registered phone number or customer registered mobile number which is used to make the call to the predefined phone number by the phone payment mechanism;

c. transferring of the call to an operator or an input system of the insecure third- party service provider who takes down or notes down payee details and wherein the payee has to be registered with the insecure third-party service provider as an affiliate; d. verification of the user by the operator using an additional verification mechanism (AVM);

e. leading the customer seamlessly to a part of the IVR menu by way of a parallel call which only interacts with the Secure Payment gateway Service, such that this part of the call just relays any inputted information to the Secure Payment gateway Service without involving a human or allowing permanent storage;

f. entering of an input by the user with the Secure Payment gateway Service to initiate a payment;

g. initiating a payment by the Secure Payment gateway Service; and

h. receiving of payment status confirming completion or rejection of payment by the user.

a. receiving a an SMS by a customer by the phone payment mechanism with a pre-defined phone number which is input by a customer, such that the SMS includes the details required for enabling a payment; b. authenticating of the phone number or mobile number or customer registered phone number or customer registered mobile number which is used to make the call to the predefined phone number by the phone payment mechanism;

c. verification of the user by the operator using an additional verification mechanism (AVM);

d. entering of an input by the user with the Secure Payment gateway Service to initiate a payment;

e. initiating a payment by the Secure Payment gateway Service; and

f. receiving of payment status confirming completion or rejection of payment by the user.

In an embodiment of the invention, the method further comprises the step of sending a verification code to the user using and receiving the said verification code from the user by the additional verification mechanism (AVM) whereby the operator is not able to access the said verification code.

In an embodiment of the invention, the entering of an input by the user with the Secure Payment gateway Service to trigger a payment is selected from a set of entering a dynamic one time password, entering a voice password, entering a pre-stored secure password, entering a token, entering a tag, entering credit card details, entering debit card details, entering a personal identification number and a combination thereof.

In an embodiment of the invention, the method further comprises the step of receiving a call or an SMS from the affiliate to the customer registered phone number or customer registered mobile number.

In an embodiment of the invention, the method further comprises the step of receiving a call or an SMS from the Secure Payment gateway Service to the customer registered phone number or customer registered mobile number.

In an embodiment of the invention, the systems and methods of the invention are computer implemented.

In an embodiment of the invention, the systems and methods of the invention are integrated with a search engine.

In an embodiment of the invention, the systems and methods of the invention are integrated with an information listing directory.

In an embodiment of the invention, there is provided a computer program product for human assisted secure payment to an insecure third-party service provider by a system of the present invention, the computer program product embodied in a computer readable medium that, when executing on a computer, performs steps comprising:

a. receiving a call by a customer by the phone payment mechanism with a pre-defined phone number which is input by a c customer;

g. initiating a payment by the Secure Payment gateway Service; and h. receiving of payment status confirming completion or rejection of payment by the user.

In an embodiment of the invention, there is provided a computer implemented method for human assisted secure payment to an insecure third-party service provider, the method comprising the steps of: a. pre-registering by a user or a customer using a pre-registration mechanism (PRM) and by entering a verification code by the user wherein the verification code is generated through a verification code generation mechanism upon user input of a phone number or a mobile number through an input means;

b. pre-registering by an affiliate using an affiliate registration mechanism (ARM) and by entering a verification code by the affiliate wherein the verification code is generated through a verification code generation mechanism upon user input of a phone number or a mobile number through an input means;

c. allowing a user to register a plurality of identity tags (or nicknames); each identity tag relating to payment information for a particular payment instrument using a post- registration mechanism (PSM); and

d. allowing a user to make payments in a seamlessly secure manner by means of a phone and its voice channel and a dial-pad using a phone payment mechanism (PPM).

Figure 2 illustrates a schematic flow-diagram of the method for pre-registration of a user or a customer using a pre-registration mechanism (PRM) comprising the following steps:

a. customer logs in to the payment facility website and enters the personal details where mobile number is mandatory.

b. if data is not successfully submitted, step a is repeated

c. if data is successfully submitted, the payment facility shares the details with the third party service provider.

d. if data is successfully submitted, a verification code is generated and sent to the customer. e. the customer logs in to the payment facility website to enter the verification code.

f. code is verified and the customer is transferred to the secure site of the payment gateway service to enter the payment details.

g. after submitting the details an identifying token is generated which is relayed to the third party service provider.

Figure 3 illustrates a schematic flow-diagram of the method for pre-registration of an affiliate using an affiliate registration mechanism (ARM) comprising the following steps:

a. affiliate calls up the payment facility and through an operator enters the required personal where Mobile Number or phone number is mandatory, logs in to the payment facility website and enters the personal details where mobile number is mandatory.

b. if data is not successfully submitted, step a is repeated

d. if data is successfully submitted, a verification code is generated and sent to the affiliate.

e. the affiliate logs in to the payment facility website to enter the verification code.

Figure 4 illustrates a schematic flow-diagram of the method for human assisted secure payment to an insecure third-party service provider using a phone calling procedure comprising the following steps: a. To pay by phone first the customer calls up the third party service provider.

b. The mobile number is verified and call is transferred to an operator who takes the details of the payee.

c. After confirmation identity tags of the customer are fetched. If there are multiple identity tags, the customer is prompted to select one.

d. Standardized affiliate name is provided to the customer to which he/she agrees. e. After verification is done an automated voice confirmation reads out the affiliate name and identity tag for confirmation. Customer can confirm it by voice or key input.

Figure 5 illustrates a schematic flow-diagram of the method for human assisted secure payment to an insecure third-party service provider using an SMS, comprising the following steps:

a. To pay by SMS the customer send an SMS to the third party service provider. The text message includes details related to the payment instruction.

b. After the identity tag and mobile number is verified an approval code is sent to the customer. c. The customer then sends back the approval in order to initiate payment.

The terms used herein if not defined shall deem to have their conventional meaning as in ordinary practice in industry and commerce.

The data, in each of the means of the system and method of this invention, may be 'encrypted' and suitably 'decrypted' when required.

The systems of the present invention in an embodiment are made accessible through a portal or an interface which is a part of, or may be connected to, the internet or World Wide Web or any similar portal, wherein the portals or interfaces are accessed by one or more of users through an electronic device, whereby the user may send and receive data to the portal or interface which gets stored in at least one memory device or at least one data storage device or at least one server, and utilizes at least one processing unit. The portal or interface in combination with one or more of memory device, data storage device, processing unit and serves, form an embedded computing setup, and may be used by, or used in, one or more of a computer program product. In an embodiment of the invention, the embedded computing setup and optionally one or more of a computer program product, in relation with, and in combination with the said portal or interface forms one of the systems of the invention. Typical examples of a portal or interface may be selected from but is not limited to a website, an executable software program or a software application.

In an embodiment of the invention, the systems and methods of the invention may simultaneously involve more than one user or more than one data storage device or more than one host server or any combination thereof.

In an embodiment of the invention, a user may provide user input through any suitable input device or input mechanism such as but not limited to a keyboard, a mouse, a joystick, a touchpad, a virtual keyboard, a virtual data entry user interface, a virtual dial pad, a software or a program, a scanner, a remote device, a microphone, a webcam, a camera, a fingerprint scanner, a cave, pointing stick

In an embodiment of the invention, the systems and methods can be practised using any electronic device which may be connected to one or more of other electronic device with wires or wirelessly which may use technologies such as but not limited to, Bluetooth, WiFi, Wimax. This will also extend to use of the aforesaid technologies to provide an authentication key or access key or electronic device based unique key or any combination thereof.

In an embodiment of the invention, the systems and methods can be practised using any electronic device which may contain or may be infected by one or more of an undesirable software such as but not limited to a virus, or a Trojan, or a worm, malware, spyware, adware, scareware, crimeware, rootkit or any combination thereof.

In an embodiment of the invention the system may involve software updates or software extensions or additional software applications.

In an embodiment of the invention, any form of internet security such as but not limited to, a firewall or antivirus or antimalware or registry protection can be used by a user in the same or different electronic device either simultaneously or separately, along with the systems or methods of the present invention. In an embodiment of the invention, one or more user can be blocked or denied access to one or more of the aspects of the invention.

The term 'encrypt' or 'encryption' means the process of converting digital information into a new form using a key or a code or a program, wherein the new form is unintelligible or indecipherable to a user or a thief or a hacker or a spammer. The term 'encryption' includes encoding, compressing, or any other translating of the digital content. The encryption of the digital media content is performed in accordance with an encryption/decryption algorithm. The encryption/decryption algorithm utilized is not hardware dependent and may change depending on the digital content. For example, a different algorithm may be utilized for different websites or programs. The term 'encryption' further includes one or more aspects of authentication, entitlement, data integrity, access control, confidentiality, segmentation, information control, and combinations thereof.

The described embodiments may be implemented as a system, method, apparatus or article of manufacture using standard programming and/or engineering techniques related to software, firmware, hardware, or any combination thereof. The described operations may be implemented as code maintained in a "computer readable medium", where a processor may read and execute the code from the computer readable medium. A computer readable medium may comprise media such as magnetic storage medium (e.g., hard disk drives, floppy disks, tape, etc.), optical storage (CD-ROMs, DVDs, optical disks, etc.), volatile and non-volatile memory devices (e.g., EEPROMs, ROMs, PROMs, RAMs, DRAMs, SRAMs, Flash Memory, firmware, programmable logic, etc.), etc. The code implementing the described operations may further be implemented in hardware logic (e.g., an integrated circuit chip, Programmable Gate Array (PGA), Application Specific Integrated Circuit (ASIC), etc.). Still further, the code implementing the described operations may be implemented in "transmission signals", where transmission signals may propagate through space or through a transmission media, such as an optical fibre, copper wire, etc. The transmission signals in which the code or logic is encoded may further comprise a wireless signal, satellite transmission, radio waves, infrared signals, Bluetooth, etc. The transmission signals in which the code or logic is encoded is capable of being transmitted by a transmitting station and received by a receiving station, where the code or logic encoded in the transmission signal may be decoded and stored in hardware or a computer readable medium at the receiving and transmitting stations or devices. An "article of manufacture" comprises computer readable medium, hardware logic, and/or transmission signals in which code may be implemented. A device in which the code implementing the described embodiments of operations is encoded may comprise a computer readable medium or hardware logic. Of course, those skilled in the art will recognize that many modifications may be made to this configuration without departing from the scope of the present invention, and that the article of manufacture may comprise suitable information bearing medium known in the art.

In an embodiment of the invention the term network means a system allowing interaction between two or more electronic devices, and includes any form of inter/intra enterprise environment such as the world wide web, Local Area Network (LAN) , Wide Area Network (WAN) , Storage Area Network (SAN) or any form of Intranet.

The term 'pre-defined' with respect to a component or data or item or program means that a particular component or data or item or program or indica is defined at an instant prior to the instant of using the component or data or item or program, which may be done by a system or a user.

In an embodiment of the invention the term computer deems to include a group of computers or a network of computers.

In an embodiment of the invention, the systems and methods can be practised using any electronic device. An electronic device for the purpose of this invention is selected from any device capable of processing or representing data to a user and providing access to a network or any system similar to the internet, wherein the electronic device may be selected from but not limited to, personal computers, mobile phones, laptops, palmtops, portable media players and personal digital assistants. In an embodiment of the invention computer program code for carrying out operations or functions or logic or algorithms for aspects of the present invention may be written in any combination of one or more programming languages which are either already in use or may be developed in future, such as but not limited to Java, Smalltalk, C++, C, Foxpro, Basic, HTML, PHP, SQL, Javascript, COBOL, Extensible Markup Language (XML), Pascal, Python, Ruby, Visual Basic .NET, Visual C++, Visual C# .Net, Python, Delphi, VBA, Visual C++ .Net, Visual FoxPro, YAFL, XOTcl, XML, Wirth, Water, Visual DialogScript, VHDL, Verilog, UML, Turing, TRAC, TOM, Tempo, Tcl-Tk, T3X, Squeak, Specification, Snobol, Smalltalk, S-Lang, Sisal, Simula, SGML, SETL, Self, Scripting, Scheme, Sather, SAS, Ruby, RPG, Rigal, Rexx, Regular Expressions, Reflective, REBOL, Prototype-based, Proteus, Prolog, Prograph, Procedural, PowerBuilder, Postscript, POP-11, PL-SQL, Pliant, PL, Pike, Perl, Parallel, Oz, Open Source, Occam, Obliq, Object-Oriented, Objective-C, Objective Caml, Obfuscated, Oberon, Mumps, Multiparadigm, Modula-3, Modula-2, ML, Miva, Miranda, Mercury, MATLAB, Markup, m4, Lua, Logo, Logic -based, Lisp (351), Limbo, Leda, Language-OS Hybrids, Lagoona, LabVIEW, Interpreted, Interface, Intercal, Imperative, IDL, Icl, ICI, HyperCard, HTMLScript, Haskell, Hardware Description, Goedel, Garbage Collected, Functional, Frontier, Fortran, Forth, Euphoria, Erlang, Elastic, Eiffel, E, Dylan, DOS Batch, Directories, Declarative, Dataflow, Database, D, Curl, C- Sharp, Constraint, Concurrent, Component Pascal, Compiled, Comparison and Review, Cocoa, CobolScript, CLU, Clipper, Clean, Clarion, CHILL, Cecil, Caml, Blue, Bistro, Bigwig, BETA, Befunge, BASIC, Awk, Assembly, ASP, AppleScript, APL, Algol 88, Algol 60, Aleph, ADL, ABEL, ABC, or similar programming languages.

In an embodiment, the data storage unit or data storage device is selected from a set of but not limited to USB flash drive (pen drive), memory card, optical data storage discs, hard disk drive, magnetic disk, magnetic tape data storage device, data server and molecular memory.

Examples:

Example 1 - Registration:-

As a first step to use this invention a customer has to register with the payment gateway for example HDFC Payment Gateway, his payment details like credit/debit cards etc.

While the payment details will be stored with the payment gateway provider, personal details like DOB, Mobile number etc. can also be stored with the insecure third party service provided, for example, Justdial securely.

Example 2 - Transaction Process: -

In order to use this invention the customer calls the toll free number of Justdial, wherein the customer states that he wants to purchase an Air Conditioner in a store, for example, CROMA (Affiliate). After getting this detail the call is disconnected and again a call back originates from Justdial.

In this call the executive from Justdial first of all tries to locate the exact location of the Croma store by either asking the customer to identify any nearby landmarks or by using the phone's GPS.

Once the exact store is confirmed the customer is then asked for further details of the product he wants to buy which in this case is AC, like brand name, model number, split or window, quantity and tonnage.

Example 3 - by Call:-

As these details are confirmed, a series of random 2 way challenges occur. 2 way challenges means both the customer and the executive (of Justdial) can verify each other's authenticity though a series of question. These challenges are computer generated and personal details of the customer are never shown to the executive. For example the executive may ask the customer the last digit of his year of birth and the customer can ask the executive the last digit of his credit card number.

After the authenticity is verified the customer is then transferred to the payment gateway service wherein he may be asked to choose the payment method and enter the corresponding identity tag which he had registered during Pre- Registration Mechanism.

Example 4 - Payment by SMS:- To make payment the customer sends a text message in a pre-defined template to Justdial. As the location of store is confirmed the payee/affiliate name is told to the customer. The text message includes details related to the payment instruction like the payee name, amount to be paid and the identity tag for example

#PAY CROMA #AMT 15000 #TAG ANAND

Once the identity tag is verified, an approval code is generated and is sent to the customer.

The format can be as below

#PAY CROMARETAIL #AMT 15000 #TAG ANAND #APRC 12345

The customer then sends back the approval code to initiate payment.

To further secure the process of payment an additional verification is done.

After the payment process is initiated, Justdial calls up the customer mentioning the payment/transaction details and asking once more for confirmation to proceed with the payment. The customer confirms by pressing a key.

When the payment is processed successfully Justdial sends the customer through SMS or E-mail the details of the transaction along with the billing reference number.

The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude or rule out the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.

The process steps, method steps, algorithms or the like may be described in a sequential order, such processes, methods and algorithms may be configured to work in alternate orders. In other words, any sequence or order of steps that may be described does not necessarily indicate a requirement that the steps be performed in that order. The steps of processes described herein may be performed in any order practical. Further, some steps may be performed simultaneously, in parallel, or concurrently.

In addition to the embodiments and examples shown, numerous variants are possible, which may be obvious to a person skilled in the art relating to the aspects of the invention.

While this detailed description has disclosed certain specific embodiments of the present invention for illustrative purposes, various modifications will be apparent to those skilled in the art which do not constitute departures from the spirit and scope of the invention as defined in the following claims, and it is to be distinctly understood that the foregoing descriptive matter is to be interpreted merely as illustrative of the invention and not as a limitation.

Claims

I claim,

1. A system for human assisted secure payment to an insecure third-party service provider, wherein the system comprises:

a. a pre-registration mechanism (PRM) adapted to allow a user (or a customer) to pre- register in order to avail the use of the system and method of this invention, said pre- registration mechanism comprising a combination of first and second registration mechanisms wherein a first registration mechanism is selected from a first group consisting of web based registration module of personal details (WRM-1) and a phone based registration module of personal details (PHM-1), and wherein a second registration mechanism is selected from a second group consisting of web based registration module of payment details (WRM-2) and a phone based registration module of payment details (PHM-2);

b. a verification code generation mechanism;

c. an affiliate registration mechanism (ARM) adapted to allow payee affiliates to pre- register, said affiliate registration mechanism comprising a combination of first and second registration mechanisms; a first registration mechanism selected from a first group consisting of web based registration module of personal details (WRM-3) and a phone based registration module of personal details (PHM-3) and a second registration mechanism selected from a second group consisting of web based registration module of payment details (WRM-4) and a phone based registration module of payment details (PHM-4);

d. a post-registration mechanism (PSM) adapted to allow a user to register a plurality of identity tags (or nicknames); each identity tag relating to payment information for a particular payment instrument; and

e. a phone payment mechanism (PPM) adapted to allow a user to make payments in a seamlessly secure manner by means of a phone and its voice channel and a dial-pad; wherein the web based registration module of personal details (WRM-1) comprises a web-based input means for allowing a customer to enter standard personal information through a web-based interface, wherein the input means is located at a payment facility website which is communicably coupled to a computer system with an insecure third party service provider which receives the entered standard personal information; and

wherein phone based registration module of personal details (PHM-1) comprises a phone based input means adapted to allow a customer to input standard personal information by means of an IVR (Interactive Voice Response) menu set up for the purpose or by relayed communication to an operator adapted to handle the data entry of the inputs through a data entry interface and mechanism; and

wherein the data entry interface and mechanism is communicably coupled to a computer system with the third party service provider which receives the entered standard personal information; and

wherein a database maintained at the end of the insecure third party service provider stores the standard personal information entered via web-based input means or phone based input means; and

wherein a phone number is a mandatory item of input at the input means of the payment facility website; and

wherein the verification code generation mechanism generates a verification code upon receipt of a phone number or a mobile number at the database through the input means; and

wherein the web based registration module of payment details (WRM-2) comprises a web based input means adapted to allow a customer to input the verification code received by the verification code generation mechanism; and

wherein the phone based registration module of payment details (PHM-2) comprises a phone based input means adapted to allow a customer to call a pre-defined number and to input the verification code received by the verification code generation mechanism; and wherein the web based registration module of payment details (WRM-2) and the phone based registration module of payment details (PHM-2) further comprise an authentication means to check authenticity of entered code by means of a comparator; and

wherein the web based registration module of payment details (WRM-2) and the phone based registration module of payment details (PHM-2) further comprise a channeling means in order to channel the system on to a secure system and GUI which belongs to a secure payment gateway service, the secure system comprises payment information input means adapted to allow a customer to input payment information which is confidential payment information; and

wherein the web based registration module of payment details (WRM-2) and the phone based registration module of payment details (PHM-2) further comprises an identifying token generation means adapted to generate an identifying token upon receipt of payment information, which identifying token is relayed to the third party service provider through a secure communication channel; and

wherein the web based registration module of personal details (WRM-3) comprises a web-based input means for allowing an affiliate to enter standard personal information through a web-based interface, wherein the input means is located at a payment facility website which is communicably coupled to a computer system with an insecure third party service provider which receives the entered standard personal information; and

wherein phone based registration module of personal details (PHM-3) comprises a phone based input means adapted to allow an affiliate to input standard personal information by means of an IVR (Interactive Voice Response) menu set up for the purpose or by relayed communication to an operator adapted to handle the data entry of the inputs through a data entry interface and mechanism; and

wherein the data entry interface and mechanism is communicably coupled to a computer system with the insecure third party service provider which receives the entered standard personal information; and

wherein the web based registration module of payment details (WRM-4) comprises a web based input means adapted to allow an affiliate to input the verification code received by the verification code generation mechanism; and

wherein the phone based registration module of payment details (PHM-4) comprises a phone based input means adapted to allow an affiliate to call a pre-defined number and to input the verification code received by the verification code generation mechanism; and

wherein the web based registration module of payment details (WRM-4) and the phone based registration module of payment details (PHM-4) further comprise an authentication means to check authenticity of entered code by means of a comparator; and

wherein the web based registration module of payment details (WRM-4) and the phone based registration module of payment details (PHM-4) further comprise a channeling means in order to channel the system on to a secure system and GUI which belongs to a secure payment gateway service, the secure system comprises payment information input means adapted to allow an affiliate to input payment information which is confidential payment information; and

wherein the web based registration module of payment details (WRM-4) and the phone based registration module of payment details (PHM-4) further comprises an identifying token generation means adapted to generate an identifying token upon receipt of payment information, which identifying token is relayed to the third party service provider through a secure communication channel; and

wherein a database is provided which stores the identifying token in a tagged manner for future reference; and

wherein the phone payment mechanism (PPM) comprises a pre-defined channel defined with a pre-defined phone number which is input by a customer to start usage of the system of this invention, and at a first level of authentication, the phone number or mobile number which is used to make the call to the pre-defined phone number is verified and a transferring means transfers the call to an operator or an input system who takes down or notes down payee details and wherein the payee has to be registered with the third-party service provider as an affiliate.

2. A system for human assisted secure payment to an insecure third-party service provider as claimed in claim 1 , wherein if the customer has multiple identity tags, the customer is prompted to select one of the multiple identity tags.

3. A system for human assisted secure payment to an insecure third-party service provider as claimed in claim 1, wherein an automated voice confirmation may read out the affiliate name and may spell out the identity tag alphabets for confirmation.

4. A system for human assisted secure payment to an insecure third-party service provider as claimed in claim 1 , wherein the verification code generation mechanism generates a verification code for a user only one time at the time of the pre-registration by the user using the p re- registration mechanism (PRM).

5. A system for human assisted secure payment to an insecure third-party service provider as claimed in claim 1, wherein the system further comprises a notification mechanism adapted to generate a payment request by a third party service provider to the secure payment gateway service, on behalf of the customer, once the phone payment mechanism (PPM) is effectively engaged.

6. A system for human assisted secure payment to an insecure third-party service provider as claimed in claim 1, wherein the system further comprises an additional verification mechanism (AVM) adapted to provide additional layers of security for enabling a secure payment transaction.

7. A system for human assisted secure payment to an insecure third-party service provider as claimed in claim 1, wherein the system further comprises an SMS payment mechanism (SPM) adapted to allow a user to make payments in a seamlessly secure manner by means of a phone and its text channel and dial-pad, wherein the SMS payment mechanism (SPM) comprises an SMS input means with a pre-defined template in order to text the SMS to the system of this invention.

8. A system for human assisted secure payment to an insecure third-party service provider as claimed in claim 7, wherein the pre-defined template comprises fields pertaining to payment instructions with payment name, amount of payment, and identity tag.

9. A system for human assisted secure payment to an insecure third-party service provider as claimed in claim 7, wherein the SMS payment mechanism (SPM) comprises an authentication means to check authenticity of the identity tag in correlation with the mobile number in order to generate a return SMS to the customer and to generate an approval code by an approval code generating means, the approval code being capable of being inputted via an approval code input means and relayed for initiation of payment via an approval code relaying means.

10. A computer implemented method for human assisted secure payment to an insecure third-party service provider by a system as claimed in claim 1, the method comprising the steps of: a. receiving a call by a customer by the phone payment mechanism with a pre-defined phone number which is input by a customer;

b. authenticating of the phone number or mobile number or customer registered phone number or customer registered mobile number which is used to make the call to the pre-defined phone number by the phone payment mechanism;

c. transferring of the call to an operator or an input system of the insecure third- party service provider who takes down or notes down payee details and wherein the payee has to be registered with the insecure third-party service provider as an affiliate;

d. verification of the user by the operator using an additional verification mechanism (AVM);

g. initiating a payment by the Secure Payment gateway Service; and

11. A computer implemented method for human assisted secure payment to an insecure third-party service provider by a system as claimed in claim 10, the method further comprising the step of sending a verification code to the user using and receiving the said verification code from the user by the additional verification mechanism (AVM) whereby the operator is not able to access the said verification code.

12. A computer implemented method for human assisted secure payment to an insecure third-party service provider by a system as claimed in claim 10, wherein the entering of an input by the user with the Secure Payment gateway Service to trigger a payment is selected from a set of entering a dynamic one time password, entering a voice password, entering a pre-stored secure password, entering a token, entering a tag, entering credit card details, entering debit card details, entering a personal identification number and a combination thereof.

13. A computer implemented method for human assisted secure payment to an insecure third-party service provider by a system as claimed in claim 10, the method further comprising the step of receiving a call or an SMS from the affiliate to the customer registered phone number or customer registered mobile number.

14. A computer implemented method for human assisted secure payment to an insecure third-party service provider by a system as claimed in claim 10, the method further comprising the step of receiving a call or an SMS from the Secure Payment gateway Service to the customer registered phone number or customer registered mobile number.

15. A computer program product for human assisted secure payment to an insecure third-party service provider by a system as claimed in claim 1, the computer program product embodied in a computer readable medium that, when executing on a computer, performs steps comprising: a. receiving a call by a customer by the phone payment mechanism with a pre-defined phone number which is input by a customer;

g. initiating a payment by the Secure Payment gateway Service; and

16. A computer program product for human assisted secure payment to an insecure third-party service provider by a system as claimed in claim 1, the computer program product embodied in a computer readable medium that, when executing on a computer, performs steps comprising: a. receiving an SMS by a customer by the phone payment mechanism with a pre-defined phone number which is input by a customer, such that the SMS includes the details required for enabling a payment;

e. initiating a payment by the Secure Payment gateway Service; and

17. A computer implemented method for human assisted secure payment to an insecure third-party service provider, the method comprising the steps of:

a. pre-registering by a user or a customer using a pre-registration mechanism (PRM) and by entering a verification code by the user wherein the verification code is generated through a verification code generation mechanism upon user input of a phone number or a mobile number through an input means;

18. A system for human assisted secure payment to an insecure third-party service provider as claimed in claim 1, wherein the additional verification allows a two-way verification where both the customer and the third part service provider can verify each other's authenticity though one or more questions.